CN114448650A - Encryption authentication method, device, equipment and storage medium - Google Patents
Encryption authentication method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114448650A CN114448650A CN202210376463.2A CN202210376463A CN114448650A CN 114448650 A CN114448650 A CN 114448650A CN 202210376463 A CN202210376463 A CN 202210376463A CN 114448650 A CN114448650 A CN 114448650A
- Authority
- CN
- China
- Prior art keywords
- character
- decryption
- matrix
- authentication
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Abstract
The invention relates to the field of data encryption and discloses an encryption authentication method, an encryption authentication device, encryption authentication equipment and a storage medium. The method comprises the following steps: receiving an authentication request sent by equipment to be authenticated, and sending a public key authentication request to the equipment to be authenticated based on the authentication request; receiving an authentication public key sent by equipment to be authenticated; according to a preset coordinate verification algorithm, performing verification processing on the character string to obtain a verification result; judging whether the checking result is a passing result or not; if so, acquiring a preset character check matrix frame, and filling the character string into the character check matrix frame to obtain a character check matrix; decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix; performing matrix removal processing on the character decryption matrix to obtain a decryption character string; judging whether the decryption character string belongs to a preset key character string set or not; if the authentication information belongs to the authentication information, determining the equipment to be authenticated as authentication equipment; if not, the device to be authenticated is determined as a non-authentication device.
Description
Technical Field
The present invention relates to the field of data encryption, and in particular, to an encryption authentication method, apparatus, device, and storage medium.
Background
With the rapid development of portable devices and mobile network technologies, data security is more and more emphasized. Data is a core part of the whole storage, and the encryption and protection of the data are also important points of safe storage, so that the design of safe storage and encryption of the system is more important. The data encryption technology is that a message is converted into meaningless ciphertext through an encryption key and an encryption function, and a receiving party restores the ciphertext into plaintext through a decryption function and a decryption key.
In the competitive information era, a powerful security measure is objectively needed to protect confidential data from being stolen or tampered, so that data encryption technology is in force. However, the encryption mode in the prior art has the condition of brute force cracking and also has the condition of public key leakage and cracking, and a technology is needed to solve the problem that the risk of cracking of the prior encryption method is too high.
Disclosure of Invention
The invention mainly aims to solve the technical problem that the public key is leaked and cracked under the condition that the encryption mode in the prior art is cracked violently.
The first aspect of the present invention provides an encryption authentication method, including the steps of:
receiving an authentication request sent by equipment to be authenticated, and sending a public key authentication request to the equipment to be authenticated based on the authentication request;
receiving an authentication public key sent by the device to be authenticated, wherein the authentication public key comprises: the device to be authenticated inputs a character string based on screen coordinates;
according to a preset coordinate checking algorithm, checking screen coordinates corresponding to characters in the character string to obtain a checking result;
judging whether the check result is a pass result or not;
if the result is a passing result, acquiring a preset character check matrix frame, and filling the character string into the character check matrix frame to obtain a character check matrix;
decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
performing matrix removal processing on the character decryption matrix to obtain a decryption character string;
judging whether the decryption character string belongs to data in a preset key character string set or not;
if the authentication information belongs to the authentication information, determining the equipment to be authenticated as authentication equipment;
and if not, determining the equipment to be authenticated as non-authentication equipment.
Optionally, in a first implementation manner of the first aspect of the present invention, the checking, according to a preset coordinate checking algorithm, the screen coordinates corresponding to the characters in the character string, and obtaining a checking result includes:
acquiring a preset character coordinate mapping table, and reading characters in the character string;
matching the characters in the character coordinate mapping table to obtain matched coordinates;
reading a screen coordinate corresponding to the character, and judging whether the matching coordinate is consistent with the screen coordinate;
if the two are consistent, determining the verification result as a passing result;
and if the two are inconsistent, determining the check result as a fail result.
Optionally, in a second implementation manner of the first aspect of the present invention, the obtaining a preset character coordinate mapping table, and reading characters in the character string includes:
analyzing the input sorting number of the character string, and performing modular processing on the input sorting number according to a preset cutting value to obtain a modular residual value;
and acquiring a character coordinate mapping table corresponding to the modulus residue value, and reading characters in the character string.
Optionally, in a third implementation manner of the first aspect of the present invention, the decrypting the character check matrix according to a preset matrix decryption algorithm to obtain the character decryption matrix includes:
performing product processing on the character check matrix according to a preset product decryption matrix to obtain a product decryption matrix;
performing convolution processing on the product decryption matrix according to a preset convolution decryption matrix to obtain a convolution decryption matrix;
and determining the convolution decryption matrix as a character decryption matrix.
Optionally, in a fourth implementation manner of the first aspect of the present invention, after performing convolution processing on the product decryption matrix according to a preset convolution decryption matrix to obtain a convolution decryption matrix, before determining the convolution decryption matrix as a character decryption matrix, the method further includes:
and performing row-column deletion processing on the convolution decryption matrix according to a preset pseudo row-column disassembly algorithm to obtain a new convolution decryption matrix.
Optionally, in a fifth implementation manner of the first aspect of the present invention, the matrix removing processing on the character decryption matrix to obtain the decrypted character string includes:
and extracting elements in the character decryption matrix according to the element sequence to generate a decryption character string.
Optionally, in a sixth implementation manner of the first aspect of the present invention, after the determining whether the check result is a pass result, the method further includes:
and if the authentication result is not the pass result, determining the equipment to be authenticated as non-authentication equipment.
A second aspect of the present invention provides an encryption authentication apparatus comprising:
the request receiving module is used for receiving an authentication request sent by equipment to be authenticated and sending a public key authentication request to the equipment to be authenticated based on the authentication request;
a public key receiving module, configured to receive an authentication public key sent by the device to be authenticated, where the authentication public key includes: the device to be authenticated inputs a character string based on screen coordinates;
the checking module is used for checking the screen coordinates corresponding to the characters in the character string according to a preset coordinate checking algorithm to obtain a checking result;
the first judgment module is used for judging whether the check result is a passing result or not;
the frame filling module is used for acquiring a preset character check matrix frame if the result is a pass result, and filling the character string into the character check matrix frame to obtain a character check matrix;
the decryption module is used for decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
the matrix removing module is used for performing matrix removing processing on the character decryption matrix to obtain a decryption character string;
the second judgment module is used for judging whether the decryption character string belongs to data in a preset key character string set or not;
the first determining module is used for determining the equipment to be authenticated as authentication equipment if the equipment to be authenticated belongs to the authentication equipment;
and the second determining module is used for determining the equipment to be authenticated as non-authentication equipment if the equipment to be authenticated does not belong to the non-authentication equipment.
A third aspect of the present invention provides an encryption authentication apparatus, comprising: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line; the at least one processor invokes the instructions in the memory to cause the cryptographic authentication apparatus to perform the cryptographic authentication method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to execute the above-described cryptographic authentication method.
In the embodiment of the invention, the public key and the equipment are highly bound by locking the screen coordinate, and under the locking of the screen coordinate, different equipment generates the equipment authentication method when the screen coordinate is defined differently. After the authentication of the equipment is carried out, the security performance of the authentication process is greatly improved by utilizing two ways of matrix operation for encryption, the risk of brute force cracking is reduced, and the technical problem that the situation that the public key is leaked and cracked exists in the encryption way in the prior art is solved.
Drawings
FIG. 1 is a diagram of an embodiment of a cryptographic authentication method according to an embodiment of the invention;
fig. 2 is a schematic diagram of an embodiment of an encryption authentication apparatus according to an embodiment of the present invention;
fig. 3 is a schematic diagram of another embodiment of the encryption authentication apparatus according to the embodiment of the present invention;
fig. 4 is a schematic diagram of an embodiment of an encryption authentication device in the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an encryption authentication method, an encryption authentication device, encryption authentication equipment and a storage medium.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a specific flow of the embodiment of the present invention is described below, and referring to fig. 1, an embodiment of the encryption authentication method in the embodiment of the present invention includes:
101. receiving an authentication request sent by equipment to be authenticated, and sending a public key authentication request to the equipment to be authenticated based on the authentication request;
in this embodiment, the device to be authenticated sends an authentication request, receives the authentication request to trigger a transmission process of feeding back the public key authentication request, and transmits the public key authentication request to the device to be authenticated.
102. Receiving an authentication public key sent by equipment to be authenticated, wherein the authentication public key comprises: the device to be authenticated inputs a character string based on screen coordinates;
in this embodiment, the authentication public key is input by the user on the screen, and the click of the screen must be triggered, and the input of the authentication public key may be a click on a virtual keyboard, each character of the virtual keyboard may generate fixed screen coordinates based on the position where the character is located, and the virtual keyboard may be in an irregular shape to lock the screen coordinates.
103. According to a preset coordinate checking algorithm, checking screen coordinates corresponding to characters in the character string to obtain a checking result;
in this embodiment, each character of the virtual keyboard occupies a certain area range on the screen, but the top left vertex point of the character area is marked on the click input, and the screen coordinate generated is recorded in the character coordinate mapping table for checking the device. Therefore, the character coordinate mapping table stored when the public key is set is obtained, each character of the character string is verified, whether the coordinates are accurate or not is judged, if the coordinates are accurate, the verification result is qualified, if one coordinate error exists, the verification result is judged to be unqualified, and the verification method can lock the equipment.
Further, at 103, the following steps may be performed:
1031. acquiring a preset character coordinate mapping table, and reading characters in a character string;
1032. matching the characters in a character coordinate mapping table to obtain matched coordinates;
1033. reading screen coordinates corresponding to the characters, and judging whether the matching coordinates are consistent with the screen coordinates;
1034. if the two are consistent, determining the verification result as a passing result;
1035. and if the two are inconsistent, determining the check result as a fail result.
In steps 1031-1035, the matching coordinates are first retrieved from the character coordinate mapping table according to the characters in the character string. And the character coordinate mapping table is generated from the locking device when the public key is set, and is used for locking the device input. And comparing the matched left side with screen coordinates brought in when the characters are input, judging whether the screen coordinates are consistent, if so, passing, and if not, failing.
Further, at 1031, the following steps may be performed:
10311. analyzing the input sequencing number of the character string, and performing modular processing on the input sequencing number according to a preset cutting value to obtain a modular residual value;
10312. and acquiring a character coordinate mapping table corresponding to the modulus residue value, and reading characters in the character string.
In the steps 10311-10312, a plurality of different variable virtual keyboards are prepared by all the devices, the sizes of the virtual keyboards displayed on the screen are different, and the generated screen coordinates are different in corresponding modes. However, the verification that each device is producing a certain virtual keyboard is fixed with respect to itself, in order to lock the screen coordinates.
Assume that there are 10 different virtual keyboards and the ranking of the string input is 941 th input. The division value is 10, which is consistent with the number of the types of the virtual keyboard, and 941mod10 shows that 94 is more than 1, the modulo remainder is 1, and the corresponding character coordinate mapping table of the virtual keyboard with the modulo remainder being 1 is the obtained object.
104. Judging whether the checking result is a passing result or not;
in this embodiment, the verification result adopts a plurality of parallel gate logics, the pass result does not occur as long as one coordinate is not matched, and the pass result occurs only when all coordinates are matched, so that the situation of implantation cracking is prevented in execution, and analysis must be performed from the verification result.
Further, after 104, the following steps may also be performed:
1041. and if the authentication result is not the pass result, determining the equipment to be authenticated as the non-authentication equipment.
In step 1041, if the result of the coordinate verification is failed, it indicates that the device to be authenticated is not the device initially registered, and even if the software logs in to a different device, the software cannot pass the verification with the same public key, and the device to be authenticated is determined to be a non-authenticated device.
105. If the result is a passing result, acquiring a preset character check matrix frame, and filling the character string into the character check matrix frame to obtain a character check matrix;
in this embodiment, the character check matrix frame is 8 × 8, and the character strings are filled into the character check matrix frame 8 × 8 in an interlaced manner to obtain the character check matrix, because the character check matrix is used to interfere with the reverse brute force decryption because the alternate rows and columns of the character check matrix are dummy rows and columns. In another embodiment, the character check matrix frame has no pseudo row-column data, the character check matrix frame is 4 x 4, and the character strings are filled in the character check matrix frame 4 x 4.
106. Decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
in this embodiment, the decryption mode of the character check matrix is decryption by using two modes of decryption convolution and product of decryption matrix, and the generated character decryption matrix is data for comparing the secret key subsequently.
Further, at 106, the following steps may be performed:
1061. performing product processing on the character check matrix according to a preset product decryption matrix to obtain a product decryption matrix;
1062. performing convolution processing on the product decryption matrix according to a preset convolution decryption matrix to obtain a convolution decryption matrix;
1063. and determining the convolution decryption matrix as a character decryption matrix.
In this embodiment, the character check matrix is 8 × 8 with row and column data, the product decryption matrix is 8 × 8 in the format of the product decryption matrix 8 × 8 generated by performing mutual product, and the convolution decryption matrix is 1 × 1 in the format of step 2 and is subjected to convolution processing, so as to obtain the product decryption matrix 8 × 8.
Further, after 106, before 107, the following steps may also be performed:
1064. and performing row-column deletion processing on the convolution decryption matrix according to a preset pseudo row-column disassembly algorithm to obtain a new convolution decryption matrix.
In this embodiment, the convolution decryption matrix is in a form of 8 × 8, every other row of deletion matrix elements is interleaved to obtain a new convolution decryption matrix 4 × 4, and the dummy rows and columns are removed to facilitate subsequent data processing.
107. Matrix removal processing is carried out on the character decryption matrix to obtain a decryption character string;
in this embodiment, the character decryption matrix 4 × 4 extracts the decrypted character strings according to the element sequence of 11, 12, 13, 14, 24, 23, 22, 21, 31, 32, 33, 34, 44, 43, 42, and 41.
Further, at 107, the following steps may be performed:
1071. and extracting elements in the character decryption matrix according to the element sequence to generate a decryption character string.
In the present embodiment, the character decryption matrix 4 × 4 extracts elements in the order of the arrangement of elements 11, 12, 13, 14, 21, 22, 23, 24, 31, 32, 33, 34, 41, 42, 43, 44 to generate a decryption character string.
108. Judging whether the decryption character string belongs to data in a preset key character string set or not;
109. if the authentication information belongs to the authentication information, determining the equipment to be authenticated as authentication equipment;
110. if not, the device to be authenticated is determined as a non-authentication device.
In the step 108 and 110, the key string is stored and placed in the key string set when the public key is authenticated, because the key in the above processing process is difficult to repeat, only the decryption string needs to be matched and determined with the key string set, if the decryption string belongs to the data in the key string set, the device to be authenticated can be determined as the authentication device, and if not, the device to be authenticated can be determined as the non-authentication device.
In order to ensure the security of the key string set, the key string set can be stored in another security server, and when the comparison and judgment are needed, the security server is accessed to take the key string set for comparison and matching.
In the embodiment of the invention, the public key and the equipment are highly bound by locking the screen coordinate, and under the locking of the screen coordinate, different equipment generates the equipment authentication method when the screen coordinate is defined differently. After the authentication of the equipment is carried out, the security performance of the authentication process is greatly improved by utilizing two ways of matrix operation for encryption, the risk of brute force cracking is reduced, and the technical problem that the situation that the public key is leaked and cracked exists in the encryption way in the prior art is solved.
With reference to fig. 2, the encryption authentication method in the embodiment of the present invention is described above, and an encryption authentication apparatus in the embodiment of the present invention is described below, where the encryption authentication apparatus in the embodiment of the present invention includes:
a request receiving module 201, configured to receive an authentication request sent by a device to be authenticated, and send a public key authentication request to the device to be authenticated based on the authentication request;
a public key receiving module 202, configured to receive an authentication public key sent by the device to be authenticated, where the authentication public key includes: the device to be authenticated inputs a character string based on screen coordinates;
the checking module 203 is used for checking the screen coordinates corresponding to the characters in the character string according to a preset coordinate checking algorithm to obtain a checking result;
a first determining module 204, configured to determine whether the check result is a pass result;
a frame filling module 205, configured to obtain a preset character check matrix frame if the result is a pass result, and fill the character string into the character check matrix frame to obtain a character check matrix;
the decryption module 206 is configured to decrypt the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
the matrix removing module 207 is configured to perform matrix removing processing on the character decryption matrix to obtain a decryption character string;
a second judging module 208, configured to judge whether the decryption string belongs to data in a preset key string set;
a first determining module 209, configured to determine, if the device to be authenticated belongs to the authentication device, that the device to be authenticated is an authentication device;
a second determining module 210, configured to determine, if the device to be authenticated does not belong to the authentication group, that the device to be authenticated is a non-authentication device.
In the embodiment of the invention, the public key is highly bound with the equipment through locking the screen coordinate, and under the locking of the screen coordinate, different equipment generates the equipment authentication method when the screen coordinate is defined differently. After the authentication of the equipment is carried out, the security performance of the authentication process is greatly improved by utilizing two ways of matrix operation for encryption, the risk of brute force cracking is reduced, and the technical problem that the situation that the public key is leaked and cracked exists in the encryption way in the prior art is solved.
Referring to fig. 3, another embodiment of the encryption authentication apparatus according to the embodiment of the present invention includes:
a request receiving module 201, configured to receive an authentication request sent by a device to be authenticated, and send a public key authentication request to the device to be authenticated based on the authentication request;
a public key receiving module 202, configured to receive an authentication public key sent by the device to be authenticated, where the authentication public key includes: the device to be authenticated inputs a character string based on screen coordinates;
the checking module 203 is used for checking the screen coordinates corresponding to the characters in the character string according to a preset coordinate checking algorithm to obtain a checking result;
a first determining module 204, configured to determine whether the check result is a pass result;
a frame filling module 205, configured to obtain a preset character check matrix frame if the result is a pass result, and fill the character string into the character check matrix frame to obtain a character check matrix;
the decryption module 206 is configured to decrypt the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
the matrix removing module 207 is configured to perform matrix removing processing on the character decryption matrix to obtain a decryption character string;
a second judging module 208, configured to judge whether the decryption string belongs to data in a preset key string set;
a first determining module 209, configured to determine, if the device to be authenticated belongs to the authentication device, that the device to be authenticated is an authentication device;
a second determining module 210, configured to determine, if the device to be authenticated does not belong to the authentication group, that the device to be authenticated is a non-authentication device.
The verification module 203 is specifically configured to:
an obtaining unit 2031, configured to obtain a preset character coordinate mapping table, and read a character in the character string;
a matching unit 2032, configured to match the character in the character coordinate mapping table to obtain a matching coordinate;
a judging unit 2033, configured to read a screen coordinate corresponding to the character, and judge whether the matching coordinate is consistent with the screen coordinate;
a first determining unit 2034 for determining the check result as a pass result if they are consistent;
a second determining unit 2035 for determining the check result as a fail result if not identical.
The obtaining unit 2031 is specifically configured to:
analyzing the input sorting number of the character string, and performing modular processing on the input sorting number according to a preset cutting value to obtain a modular residual value;
and acquiring a character coordinate mapping table corresponding to the modulus residue value, and reading characters in the character string.
Wherein the decryption module 206 is specifically configured to:
performing product processing on the character check matrix according to a preset product decryption matrix to obtain a product decryption matrix;
performing convolution processing on the product decryption matrix according to a preset convolution decryption matrix to obtain a convolution decryption matrix;
and determining the convolution decryption matrix as a character decryption matrix.
The encryption authentication apparatus may further include a deletion module 211, where the deletion module 211 is specifically configured to:
and performing row-column deletion processing on the convolution decryption matrix according to a preset pseudo row-column disassembly algorithm to obtain a new convolution decryption matrix.
Wherein the matrix removing module 207 is specifically configured to:
and extracting elements in the character decryption matrix according to the element sequence to generate a decryption character string.
The encryption authentication apparatus further includes a third determining module 212, and the third determining module 213 is specifically configured to:
and if the authentication result is not the pass result, determining the equipment to be authenticated as non-authentication equipment.
In the embodiment of the invention, the public key and the equipment are highly bound by locking the screen coordinate, and under the locking of the screen coordinate, different equipment generates the equipment authentication method when the screen coordinate is defined differently. After the authentication of the equipment is carried out, the security performance of the authentication process is greatly improved by utilizing two ways of matrix operation for encryption, the risk of brute force cracking is reduced, and the technical problem that the situation that the public key is leaked and cracked exists in the encryption way in the prior art is solved.
Fig. 2 and fig. 3 describe the encryption authentication apparatus in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the encryption authentication apparatus in the embodiment of the present invention is described in detail from the perspective of the hardware processing.
Fig. 4 is a schematic structural diagram of an encryption authentication apparatus 400 according to an embodiment of the present invention, where the encryption authentication apparatus 400 may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 410 (e.g., one or more processors) and a memory 420, and one or more storage media 430 (e.g., one or more mass storage devices) storing an application 433 or data 432. Memory 420 and storage medium 430 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 430 may include one or more modules (not shown), each of which may include a series of instructions operating on the cryptographic authentication apparatus 400. Further, the processor 410 may be configured to communicate with the storage medium 430 to execute a series of instruction operations in the storage medium 430 on the cryptographic authentication apparatus 400.
The encryption-based authentication apparatus 400 may also include one or more power supplies 440, one or more wired or wireless network interfaces 450, one or more input-output interfaces 460, and/or one or more operating systems 431, such as Windows service, Mac OS X, Unix, Linux, FreeBSD, and the like. Those skilled in the art will appreciate that the configuration of the cryptographic authentication device illustrated in fig. 4 does not constitute a limitation of a cryptographic based authentication device and may include more or fewer components than those illustrated, or some components in combination, or a different arrangement of components.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the cryptographic authentication method.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses, and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a portable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An encryption authentication method, comprising the steps of:
receiving an authentication request sent by equipment to be authenticated, and sending a public key authentication request to the equipment to be authenticated based on the authentication request;
receiving an authentication public key sent by the device to be authenticated, wherein the authentication public key comprises: the device to be authenticated inputs a character string based on screen coordinates;
according to a preset coordinate checking algorithm, checking screen coordinates corresponding to characters in the character string to obtain a checking result;
judging whether the check result is a pass result or not;
if the result is a passing result, acquiring a preset character check matrix frame, and filling the character string into the character check matrix frame to obtain a character check matrix;
decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
performing matrix removal processing on the character decryption matrix to obtain a decryption character string;
judging whether the decryption character string belongs to data in a preset key character string set or not;
if the authentication information belongs to the authentication information, determining the equipment to be authenticated as authentication equipment;
and if not, determining the equipment to be authenticated as non-authentication equipment.
2. The encryption authentication method according to claim 1, wherein the verifying the screen coordinates corresponding to the characters in the character string according to a preset coordinate verification algorithm, and obtaining the verification result comprises:
acquiring a preset character coordinate mapping table, and reading characters in the character string;
matching the characters in the character coordinate mapping table to obtain matched coordinates;
reading a screen coordinate corresponding to the character, and judging whether the matching coordinate is consistent with the screen coordinate;
if the two are consistent, determining the verification result as a passing result;
and if the two are inconsistent, determining the check result as a fail result.
3. The encryption authentication method according to claim 2, wherein the obtaining a preset character coordinate mapping table, and reading characters in the character string comprises:
analyzing the input sorting number of the character string, and performing modular processing on the input sorting number according to a preset cutting value to obtain a modular residual value;
and acquiring a character coordinate mapping table corresponding to the modulus residue value, and reading characters in the character string.
4. The encryption authentication method according to claim 1, wherein the decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix comprises:
according to a preset product decryption matrix, performing product processing on the character check matrix to obtain a product decryption matrix;
performing convolution processing on the product decryption matrix according to a preset convolution decryption matrix to obtain a convolution decryption matrix;
and determining the convolution decryption matrix as a character decryption matrix.
5. The encryption authentication method according to claim 4, wherein after the convolution processing is performed on the product decryption matrix according to a preset convolution decryption matrix to obtain a convolution decryption matrix, before the determining of the convolution decryption matrix as a character decryption matrix, the method further comprises:
and performing row-column deletion processing on the convolution decryption matrix according to a preset pseudo row-column disassembly algorithm to obtain a new convolution decryption matrix.
6. The encryption authentication method according to claim 1, wherein the dematrixing the character decryption matrix to obtain the decryption string comprises:
and extracting elements in the character decryption matrix according to the element sequence to generate a decryption character string.
7. The encryption authentication method according to claim 1, further comprising, after said determining whether the verification result is a pass result:
and if the authentication result is not the pass result, determining the equipment to be authenticated as non-authentication equipment.
8. An encryption authentication apparatus, characterized in that the encryption authentication apparatus comprises:
the request receiving module is used for receiving an authentication request sent by equipment to be authenticated and sending a public key authentication request to the equipment to be authenticated based on the authentication request;
a public key receiving module, configured to receive an authentication public key sent by the device to be authenticated, where the authentication public key includes: the device to be authenticated inputs a character string based on screen coordinates;
the checking module is used for checking the screen coordinates corresponding to the characters in the character string according to a preset coordinate checking algorithm to obtain a checking result;
the first judgment module is used for judging whether the check result is a passing result or not;
the frame filling module is used for acquiring a preset character check matrix frame if the result is a pass result, and filling the character string into the character check matrix frame to obtain a character check matrix;
the decryption module is used for decrypting the character check matrix according to a preset matrix decryption algorithm to obtain a character decryption matrix;
the matrix removing module is used for performing matrix removing processing on the character decryption matrix to obtain a decryption character string;
the second judgment module is used for judging whether the decryption character string belongs to data in a preset key character string set or not;
the first determining module is used for determining the equipment to be authenticated as authentication equipment if the equipment to be authenticated belongs to the authentication equipment;
and the second determining module is used for determining the equipment to be authenticated as non-authentication equipment if the equipment to be authenticated does not belong to the non-authentication equipment.
9. An encryption authentication apparatus characterized by comprising: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line;
the at least one processor invokes the instructions in the memory to cause the cryptographic authentication device to perform the cryptographic authentication method of any one of claims 1-7.
10. A computer-readable storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, implements a cryptographic authentication method as claimed in any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210376463.2A CN114448650B (en) | 2022-04-12 | 2022-04-12 | Encryption authentication method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210376463.2A CN114448650B (en) | 2022-04-12 | 2022-04-12 | Encryption authentication method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114448650A true CN114448650A (en) | 2022-05-06 |
| CN114448650B CN114448650B (en) | 2022-07-01 |
Family
ID=81360540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210376463.2A Active CN114448650B (en) | 2022-04-12 | 2022-04-12 | Encryption authentication method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114448650B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030238A (en) * | 2007-04-11 | 2007-09-05 | 北京飞天诚信科技有限公司 | Method for inputting intelligent key safety information |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
| US20090044282A1 (en) * | 2007-08-09 | 2009-02-12 | Technology Properties Limited | System and Method for Generating and Displaying a Keyboard Comprising a Random Layout of Keys |
| CN103077342A (en) * | 2011-10-25 | 2013-05-01 | 成都谛听科技有限公司 | Method for inputting graphic random passwords |
| CN103679448A (en) * | 2013-11-29 | 2014-03-26 | 天地融科技股份有限公司 | Password inputting method and password inputting system |
| CN103996011A (en) * | 2014-06-05 | 2014-08-20 | 福建天晴数码有限公司 | Method and device for protecting codes to be input safely |
| CN104571878A (en) * | 2013-10-09 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | Method and device for unlocking screen |
| CN105450405A (en) * | 2014-07-18 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Password setting and authentication method and system |
| CN105956857A (en) * | 2016-05-06 | 2016-09-21 | 上海动联信息技术股份有限公司 | System and method for generating security virtual password keyboard |
| CN108256301A (en) * | 2018-01-05 | 2018-07-06 | 京东方科技集团股份有限公司 | A kind of unlocking method and tripper |
-
2022
- 2022-04-12 CN CN202210376463.2A patent/CN114448650B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101030238A (en) * | 2007-04-11 | 2007-09-05 | 北京飞天诚信科技有限公司 | Method for inputting intelligent key safety information |
| US20090044282A1 (en) * | 2007-08-09 | 2009-02-12 | Technology Properties Limited | System and Method for Generating and Displaying a Keyboard Comprising a Random Layout of Keys |
| CN101316166A (en) * | 2008-07-07 | 2008-12-03 | 张寄望 | Dynamic password identity authentication method based on accidental character set |
| CN103077342A (en) * | 2011-10-25 | 2013-05-01 | 成都谛听科技有限公司 | Method for inputting graphic random passwords |
| CN104571878A (en) * | 2013-10-09 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | Method and device for unlocking screen |
| CN103679448A (en) * | 2013-11-29 | 2014-03-26 | 天地融科技股份有限公司 | Password inputting method and password inputting system |
| CN103996011A (en) * | 2014-06-05 | 2014-08-20 | 福建天晴数码有限公司 | Method and device for protecting codes to be input safely |
| CN105450405A (en) * | 2014-07-18 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Password setting and authentication method and system |
| CN105956857A (en) * | 2016-05-06 | 2016-09-21 | 上海动联信息技术股份有限公司 | System and method for generating security virtual password keyboard |
| CN108256301A (en) * | 2018-01-05 | 2018-07-06 | 京东方科技集团股份有限公司 | A kind of unlocking method and tripper |
Non-Patent Citations (4)
| Title |
|---|
| B. B. BALILO, B. D. GERARDO, R. P. MEDINA AND Y. BYUN: "Design of physical authentication based on OTP KeyPad", 《2017 INTERNATIONAL CONFERENCE ON APPLIED COMPUTER AND COMMUNICATION TECHNOLOGIES (COMCOM)》 * |
| B. B. BALILO, B. D. GERARDO, R. P. MEDINA AND Y. BYUN: "Design of physical authentication based on OTP KeyPad", 《2017 INTERNATIONAL CONFERENCE ON APPLIED COMPUTER AND COMMUNICATION TECHNOLOGIES (COMCOM)》, 7 December 2017 (2017-12-07) * |
| 郭学武: "一种新型基于重绘方式的图形口令机制的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 郭学武: "一种新型基于重绘方式的图形口令机制的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》, 15 February 2012 (2012-02-15) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114448650B (en) | 2022-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101939754B (en) | Finger sensing apparatus using hybrid matching and associated methods | |
| CN112000975B (en) | Key management system | |
| US11797296B2 (en) | Hot updating method of script file package and hot updating device of script file package | |
| CN102339370A (en) | Preservation method for electronic file, preservation system and verification system thereof | |
| JP2005012732A (en) | Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium | |
| CN101102574A (en) | Terminal verification method and device | |
| CN108304698B (en) | Product authorized use method and device, computer equipment and storage medium | |
| CN110177134B (en) | Secure password manager based on multi-cloud storage and use method thereof | |
| CN111475824A (en) | Data access method, device, equipment and storage medium | |
| CN107979467A (en) | Verification method and device | |
| CN111191195A (en) | Method and device for protecting APK | |
| CN109254734A (en) | A kind of date storage method, device, equipment and computer readable storage medium | |
| CN112866227A (en) | File authorization protection method and system | |
| CN101924734A (en) | Identity authentication method and authentication device based on Web form | |
| US20200382295A1 (en) | Security credentials | |
| CN110069241B (en) | Pseudo-random number acquisition method and device, client device and server | |
| CN113489710B (en) | File sharing method, device, equipment and storage medium | |
| US11695740B2 (en) | Anonymization method and apparatus, device, and storage medium | |
| CN114499875A (en) | Service data processing method and device, computer equipment and storage medium | |
| CN102289607A (en) | Universal serial bus (USB) device verification system and method | |
| CN114448650B (en) | Encryption authentication method, device, equipment and storage medium | |
| CN103336918B (en) | Electronic hard disk system authorization method and device | |
| CN107330340B (en) | File encryption method, file encryption equipment, file decryption method, file decryption equipment and storage medium | |
| CN105933303A (en) | File tempering detection method and device | |
| CN106650342B (en) | Jar package reinforcement method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |