CN115085929A - Identity authentication method, server side and client side - Google Patents
Identity authentication method, server side and client side Download PDFInfo
- Publication number
- CN115085929A CN115085929A CN202210585950.XA CN202210585950A CN115085929A CN 115085929 A CN115085929 A CN 115085929A CN 202210585950 A CN202210585950 A CN 202210585950A CN 115085929 A CN115085929 A CN 115085929A
- Authority
- CN
- China
- Prior art keywords
- authentication
- client
- message
- identity
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the field of computers, in particular to an identity authentication method, a server side and a client side, wherein the identity authentication method comprises the following steps: receiving a first authentication message sent by the client; wherein the first authentication message is generated based on a first encryption message, an identification ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm; and determining whether the identity of the client passes the authentication based on the first authentication information. The invention adopts double authentication factors of the timestamp and the random challenge number, effectively improves the security of client authentication, and avoids illegal use and loss of security and protection videos. In addition, the encryption algorithm is adopted for encryption, and the safety in the data transmission process is also ensured.
Description
Technical Field
The present application relates to the field of computers, and in particular, to an identity authentication method, a server, and a client.
Background
In the existing security video security management system, the validity of the identity of a user is mostly judged by adopting a static authentication mode of 'user name + password' from login to security video acquisition and other links. The identity management mode can not ensure the legality and uniqueness of the user, and is easy to cause the illegal use and loss of the security video.
Disclosure of Invention
In view of the foregoing, it is necessary to provide an identity authentication method, a server, and a client.
In a first aspect, an embodiment of the present invention provides an identity authentication method, which is applied to a server side, where the server side communicates with a client side, and the method includes:
receiving a first authentication message sent by the client; wherein the first authentication message is generated based on a first encryption message, an identification ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm;
and determining whether the identity of the client passes the authentication based on the first authentication information.
In an embodiment, the determining whether the identity of the client is authenticated based on the first authentication information includes:
if the time interval between the time when the server end receives the first authentication information and the first timestamp is less than the set time and the identity identifier ID exists in a user list of a database of the server end, decrypting the first authentication information based on the first secret key to obtain the decrypted identity identifier ID, the first random challenge number and the first timestamp;
and if the decrypted identification ID and the first timestamp are respectively the same as the identification ID and the first timestamp before encryption, determining that the identification authentication of the client passes.
In an embodiment, the method further comprises:
under the condition that the identity authentication of the client is determined to pass, generating a second authentication message for determining whether the server is legal or not based on a current second timestamp of the server and a second encryption message, and sending the second authentication message to the client; wherein the second encrypted message is generated by encrypting the second timestamp, the second random challenge number, and a decryption result of the second random challenge number using an encryption algorithm based on a second key generated from the decryption results of the first key, the second random challenge number, and the second random challenge number.
In an embodiment, the method further comprises:
receiving a feedback message sent by the client under the condition that the server is legal, wherein the feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated by encrypting a decryption result of the third timestamp and a decryption result of the second random challenge number by using an encryption algorithm based on a third secret key generated by a decryption result of the first secret key and the second random challenge number;
and determining to generate an identity authentication result based on the feedback message, and sending the identity authentication result to the client.
In a second aspect, an embodiment of the present invention provides an identity authentication method, which is applied to a client, where the client communicates with a server, and the method includes:
generating a first authentication message based on a first encryption message, an identity ID input by a user and a current first time stamp of a client, wherein the first encryption message is generated by encrypting the identity ID, the first time stamp and a first random challenge number by using an encryption algorithm based on a first secret key generated by a password input by the user;
and sending the first authentication message to a server side so as to determine whether the identity of the client side passes the authentication or not based on the first authentication message.
In an embodiment, the method further comprises:
determining whether the server side is legal or not based on a second authentication message sent by the server side, wherein,
the second authentication message is generated based on a current second timestamp of the server and a second encryption message under the condition that the identity authentication of the client is determined to pass, and the second encryption message is generated based on a second key generated by a decryption result of the first key and a second random challenge number and generated by encrypting the decryption result of the second timestamp, the second random challenge number and the second random challenge number by using an encryption algorithm;
and sending a feedback message to the server side under the condition that the server side is legal.
In an embodiment, the determining whether the server side is legal based on the second authentication message sent by the server side includes:
if the time interval between the time when the client receives the second authentication information and the second time stamp is less than the set time, decrypting the second authentication information based on the second secret key to obtain a decrypted second random challenge number, a second time stamp and a decrypted first random challenge number;
and if the decrypted second timestamp and the decrypted first random challenge number are respectively the same as the second timestamp and the first random challenge number before encryption, determining that the server side is legal.
In an embodiment, the method further comprises:
and receiving an identity authentication result of the server, wherein the identity authentication result is determined based on the feedback message, the feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated by encrypting the decryption results of the third timestamp and the second random challenge number by using an encryption algorithm based on a third secret key generated by the decryption results of the first secret key and the second random challenge number.
In a third aspect, an embodiment of the present invention provides a server, including:
the first data transmission module is used for receiving a first authentication message sent by the client; the first authentication message is generated based on a first encryption message, an identification ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm;
and the first authentication module is used for determining whether the identity of the client passes the authentication or not based on the first authentication information.
In a fourth aspect, an embodiment of the present invention provides a client, including:
the client side comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a first authentication message based on a first encryption message, an identification ID input by a user and a current first time stamp of the client side, and the first encryption message is generated by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm based on a first secret key generated by a password input by the user;
and the second data transmission module is used for sending the first authentication message to the server so as to determine whether the identity of the client passes the authentication or not based on the first authentication message.
According to the embodiment, the double authentication factors of the timestamp and the random challenge number are adopted, the security of client authentication is effectively improved, and the illegal use and loss of the security video are avoided. In addition, the encryption algorithm is adopted for encryption, and the safety in the data transmission process is also ensured.
Drawings
FIG. 1 is a diagram of an application environment of an identity authentication method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method of identity authentication in an embodiment of the present invention;
FIG. 3 is a flowchart of a method for determining whether the identity of the client is authenticated according to an embodiment of the present invention;
FIG. 4 is a flow chart of a method of identity authentication in another embodiment of the present invention;
FIG. 5 is a flowchart of a method of identity authentication according to another embodiment of the present invention;
FIG. 6 is a flow chart of a method of identity authentication in an embodiment of the present invention;
FIG. 7 is a flowchart of an identity authentication method according to another embodiment of the present invention;
FIG. 8 is a flowchart of a mutual authentication method according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a client according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Fig. 1 is a schematic structural diagram of an identity authentication system, as shown in fig. 1, the identity authentication system includes a server side 101 and at least one client side 102, and the server side 101 communicates with the client side 102. The server 101 and the client 102 may communicate through a local area network, or may also communicate by using other communication methods.
In an embodiment, as shown in fig. 2, an identity authentication method is proposed, which can be applied to the server side shown in fig. 1, and includes the following steps:
s201: and receiving a first authentication message sent by the client.
The first authentication message is generated based on a first encryption message, an identification ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and the identification ID, the first time stamp and a first random challenge number are encrypted by an encryption algorithm.
It should be noted that the password may be a static password or a dynamic password. Considering that the static password is easily forgotten, guessed or even brute-force cracked by people, the dynamic password is preferably used in the embodiment.
S202: and determining whether the identity of the client passes the authentication based on the first authentication information.
In the embodiment, the double authentication factors of the timestamp and the random challenge number are adopted, so that the security of client authentication is effectively improved, and the illegal use and loss of security videos are avoided. In addition, the encryption algorithm is adopted for encryption, and the safety in the data transmission process is also ensured.
The user inputs an identity ID and a password pw, and the generation method of the first authentication information comprises the following steps: extracting the first time stamp T1 of the current client, and calculating the discrete column value K for the password pw 1 H (pw) and generates a first random challenge Rc, using K1 as the first symmetric key using the encryption algorithm ID Rc T 1 Obtain first authentication information { ID, K 1 (ID||Rc||T 1 ),T 1 And sending the first authentication information to a server side.
In one embodiment, as shown in fig. 3, determining whether the identity of the client is authenticated based on the first authentication information includes the following steps:
s301: if the time interval between the time when the server end receives the first authentication information and the first timestamp is less than the set time and the user list of the database of the server end has the identity ID, decrypting the first authentication information based on the first secret key to obtain the decrypted identity ID, the first random challenge number and the first timestamp;
s302: and if the decrypted identification ID and the first timestamp are respectively the same as the identification ID and the first timestamp before encryption, determining that the identification authentication of the client passes.
In step S301, the time interval between the time when the server receives the first authentication information and the first timestamp, and the time interval between the time when the server receives the first authentication information and the time when the identity ID enters or exits the preliminary authentication, if the preliminary authentication fails, step S302 is not executed, and if the preliminary authentication passes, step S302 is executed to perform the re-authentication by using the decrypted identity ID, the first random challenge number, and the first timestamp, thereby ensuring the security and the accuracy of the client identity authentication.
The client identity authentication method specifically comprises the following steps:
step 1: checking the time interval if T 1 *-T 1 Δ T ≦ T, T1 ≦ indicating receipt of the first authentication information { ID, K) by the server side 1 (ID||Rc||T 1 ),T 1 Executing the step 2 when the time is longer than the preset time, otherwise, failing to authenticate;
step 2: searching a database of the server side, inquiring whether the identity identification ID exists in a user list of the authentication data, if not, failing the authentication, if more than three times, locking the user, otherwise, executing the step 3;
and 3, step 3: if the ID exists, the password hashed value h (pw) corresponding to the ID is taken out to be used as the secret key of the encryption algorithm, and the K is decrypted 1 (ID||Rc||T 1 ) ID ', Rc' and T are obtained 1 ′;
And 4, step 4: verifying whether the unencrypted ID and the decrypted ID' are the same or not, and if not, failing to authenticate; if the two are the same, executing the step 5;
and 5: verifying unencrypted time stamp T 1 And a decrypted timestamp T 1 If the two are the same, the authentication fails; and if the identity authentication is the same, the identity authentication of the client passes.
In another embodiment, the server sends a second authentication message for determining whether the server is legal or not to the client, so as to realize the mutual authentication between the client and the server.
In this embodiment, as shown in fig. 4, the identity authentication method further includes the following steps:
s303: and under the condition that the identity authentication of the client is determined to pass, generating a second authentication message for determining whether the server is legal or not based on the current second timestamp of the server and the second encryption message, and sending the second authentication message to the client.
Wherein the second encrypted message is generated by encrypting the second timestamp, the second random challenge number, and the decryption result of the second random challenge number using an encryption algorithm based on a second key generated from the first key, the decryption result of the second random challenge number, and the second key.
Specifically, the server side extracts the current second timestamp T 2 Generating a second random challenge Rs, calculating a second key K 2 H (h) (pw) | | Rc'), with K 2 Encrypting Rc' | Rs | | T using a symmetric encryption algorithm for symmetric keys 2 (ii) a The server side authenticates the second authentication message { K 2 (Rc′||Rs||T 2 ),T 2 And sending the data to the client.
In another embodiment, as shown in fig. 5, the method further comprises:
s304: and receiving the feedback message sent by the client under the condition that the server is legal.
The feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated based on a third secret key generated by the decryption result of the first secret key and the second random challenge number and by encrypting the decryption result of the third timestamp and the second random challenge number by using an encryption algorithm;
specifically, the client extracts the current third timestamp T 3 Calculating the third key K 3 H (pw) Rs') in K 3 Encrypting Rs' T with symmetric encryption algorithm for symmetric key 3 . The client will feed back message K 3 (Rs′||T 3 ),T 3 And sending the data to the server side.
S305: and determining to generate an identity authentication result based on the feedback message, and sending the identity authentication result to the client.
When the server side is at T 3 * Feedback message { K) replied by client is received all the time 3 (Rs′||T 3 ),T 3 H, the following steps are performed:
step 1: checking the validity of the time interval if T 3 *-T 3 If the value is less than or equal to the delta T, the server receives the feedback message replied by the client, otherwise, the server refuses to reply the message;
step 2: calculating a third key K by using h (pw) and Rs of a second random challenge number 3 H (pw) Rs), with K 3 Decrypting message K 3 (Rs′||T 3 ) Obtaining a second decrypted random challenge number Rs 'and a third decrypted timestamp T' 3 ;
And step 3: verifying the unencrypted third timestamp T 3 And the decrypted third timestamp T' 3 Whether they are the same; if it isIf not, the authentication fails; if the two are the same, continuing to step 4;
and 4, step 4: verifying whether the re-decrypted second random challenge number Rs "is the same as the second random challenge number Rs; if the authentication is the same, the server passes the authentication;
and 5: the server calculates the fourth key K 4 H (pw) | | Rc | | | Rs), as the callback key of the client and the server, and sends the current authentication result { K | 4 (Rc | | Rs | | | result) } to the client;
wherein result is the authentication result, result is 1, and result is 0.
In an embodiment, as shown in fig. 6, an identity authentication method is provided, which can be applied in the client shown in fig. 1, and includes the following steps:
s601: a first authentication message is generated based on the first encrypted message, the user-entered identification ID, and the client's current first timestamp.
Wherein the first encrypted message is generated by encrypting the identity ID, the first timestamp and the first random challenge number with an encryption algorithm based on a first key generated by a password input by the user.
The method for generating the first authentication message has been described in the above embodiments, and therefore is not described in detail.
S602: and sending the first authentication message to the server side so as to determine whether the identity of the client side passes the authentication based on the first authentication message.
The identity authentication method of the client is already described in the above embodiments, and therefore, the description is omitted.
In the embodiment, the double authentication factors of the timestamp and the random challenge number are adopted, so that the security of client authentication is effectively improved, and the illegal use and loss of security videos are avoided. In addition, the encryption algorithm is adopted for encryption, and the safety in the data transmission process is also ensured.
In another embodiment, as shown in fig. 7, the method further comprises:
s603: and determining whether the server side is legal or not based on the second authentication message sent by the server side.
And the second authentication message is generated based on the current second timestamp of the server and a second encryption message under the condition that the identity authentication of the client is determined to pass, and the second encryption message is generated based on a second secret key generated by a decryption result of the first secret key and the second random challenge number and by encrypting the decryption result of the second timestamp, the second random challenge number and the second random challenge number by using an encryption algorithm.
S604: and sending a feedback message to the server side under the condition that the server side is legal.
And determining whether the server side is legal or not based on a second authentication message sent by the server side: if the time interval between the time when the client receives the second authentication information and the second time stamp is less than the set time, decrypting the second authentication information based on the second secret key to obtain a decrypted second random challenge number, a second time stamp and a decrypted first random challenge number; and if the decrypted second timestamp and the decrypted first random challenge number are respectively the same as the second timestamp and the first random challenge number before encryption, determining that the server side is legal.
Specifically, the method for determining whether the server side is legal specifically includes the following steps:
when the client is at T 2 * The server side replies second authentication information { K after receiving the information all the time 2 (Rc′||Rs||T 2 ),T 2 When the method is used, the following steps are carried out:
step 1: checking the validity of the time interval if T 2 *-T 2 If the value is less than or equal to the delta T, the client receives second authentication information replied by the server, and otherwise, the client refuses to reply the message;
and 2, step: the client calculates K by using the login password pw and the second random challenge Rc 2 H (pw) Rc, using a second key K 2 Decrypt the second authentication information { K 2 (Rc′||Rs||T 2 ),T 2 Get the first random challenge Rc ' decrypted again, the second random challenge Rs ' decrypted and the second timestamp T ' 2 ;
And step 3: time stamp T verified as encrypted 2 And a decrypted timestamp T' 2 Whether they are the same; if the server identity is different, the server identity is illegal; if the two are the same, executing the step 4;
and 4, step 4: verifying whether the first random challenge Rc' decrypted again is matched with the first random challenge Rc; if the server identity is matched with the server identity, the server identity is legal, otherwise, the server identity is illegal.
The method for generating the feedback message is described in the above embodiments, and therefore is not described in detail.
In an embodiment, the method further comprises: and receiving the identity authentication result of the server side.
The identity authentication result is determined based on the feedback message, the feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated based on a third secret key generated by the decryption result of the first secret key and the second random challenge number and the decryption result of the third timestamp and the second random challenge number is encrypted by an encryption algorithm.
And under the condition that the identity authentication result is passed, the client can log in the security video security management system to obtain the security video and the like.
As shown in fig. 8, the overall steps of the mutual authentication method between the client and the server are as follows:
s801: the client generates a first authentication message based on the first encryption message, the identity ID input by the user and the current first timestamp of the client;
s802: the server receives a first authentication message sent by the client, and determines whether the identity of the client passes the authentication or not based on the first authentication message;
s803: under the condition that the identity authentication of the client is determined to pass, generating a second authentication message for determining whether the server is legal or not based on the current second timestamp of the server and the second encryption message, and sending the second authentication message to the client;
s804: the client determines whether the server side is legal or not based on the second authentication message sent by the server side, and sends a feedback message to the server side under the condition that the server side is legal;
s805: the server side determines to generate an identity authentication result based on the feedback message and sends the identity authentication result to the client side;
s806: and the client receives the identity authentication result of the server and logs in the security video security management system under the condition that the identity authentication result is passed.
In an embodiment, as shown in fig. 9, a server is provided, including:
a first data transmission module 901, configured to receive a first authentication message sent by a client; the first authentication message is generated based on a first encryption message, an identity ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and generated by encrypting the identity ID, the first time stamp and a first random challenge number by using an encryption algorithm;
a first authentication module 902, configured to determine whether the identity of the client passes authentication based on the first authentication information.
In an embodiment, the method for the first authentication module to determine whether the identity of the client passes authentication based on the first authentication information is as follows:
if the time interval between the time when the server end receives the first authentication information and the first timestamp is less than the set time and the user list of the database of the server end has the identity ID, decrypting the first authentication information based on the first secret key to obtain the decrypted identity ID, the first random challenge number and the first timestamp;
and if the decrypted identity ID and the first timestamp are respectively the same as the identity ID and the first timestamp before encryption, determining that the identity authentication of the client passes.
In an embodiment, the first generating module is further configured to, when it is determined that the identity authentication of the client passes, generate a second authentication message for determining whether the server is legal based on a current second timestamp of the server and the second encrypted message, and send the second authentication message to the client; wherein the second encrypted message is generated by encrypting the second timestamp, the second random challenge number, and the decryption result of the second random challenge number using an encryption algorithm based on a second key generated from the first key, the decryption result of the second random challenge number, and the second key.
In an embodiment, the first data transmission module is further configured to receive a feedback message sent by the client when the server is legal, where the feedback message is generated based on a third encrypted message and a current third timestamp of the client, and the third encrypted message is generated based on a third secret key generated by the first secret key and a decryption result of the second random challenge and is generated by encrypting, with an encryption algorithm, a decryption result of the third timestamp and a decryption result of the second random challenge;
the first authentication module is further used for determining and generating an identity authentication result based on the feedback message and sending the identity authentication result to the client.
For the specific definition of the server side, reference may be made to the above definition of the identity authentication method, which is not described herein again. The modules in the server side can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In an embodiment, as shown in fig. 10, there is provided a client, including:
a first generating module 1001, configured to generate a first authentication message based on a first encrypted message, an ID input by a user, and a current first timestamp of a client, where the first encrypted message is generated by encrypting the ID, the first timestamp, and a first random challenge number with an encryption algorithm based on a first key generated by a password input by the user;
the second data transmission module 1002 is configured to send the first authentication message to the server, so as to determine whether the identity of the client passes authentication based on the first authentication message.
In one embodiment, the method further comprises:
the second authentication module is used for determining whether the server side is legal or not based on a second authentication message sent by the server side, wherein the second authentication message is generated based on a current second timestamp of the server side and a second encryption message under the condition that the identity authentication of the client side is determined to be passed, and the second encryption message is generated based on a second secret key generated by a decryption result of the first secret key and the second random challenge number and by encrypting the decryption result of the second timestamp, the second random challenge number and the second random challenge number by using an encryption algorithm;
and the second data transmission module sends a feedback message to the server side under the condition that the server side is legal.
In an embodiment, the determining, by the second authentication module, whether the server side is legal based on the second authentication message sent by the server side includes:
if the time interval between the time when the client receives the second authentication information and the second time stamp is less than the set time, decrypting the second authentication information based on the second secret key to obtain a decrypted second random challenge number, a second time stamp and a decrypted first random challenge number;
and if the decrypted second timestamp and the decrypted first random challenge number are respectively the same as the second timestamp and the first random challenge number before encryption, determining that the server side is legal.
In an embodiment, the second data transmission module is further configured to receive an identity authentication result of the server, where the identity authentication result is determined based on a feedback message, the feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated based on a third secret key generated by the decryption results of the first secret key and the second random challenge number, and the decryption results of the third timestamp and the second random challenge number are encrypted by using an encryption algorithm.
For the specific definition of the client, reference may be made to the above definition of the identity authentication method, which is not described herein again. The modules in the client can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile memory may include Read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical storage, or the like. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. An identity authentication method is applied to a server side, the server side is communicated with a client side, and the method is characterized by comprising the following steps:
receiving a first authentication message sent by the client; wherein the first authentication message is generated based on a first encryption message, an identification ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm;
and determining whether the identity of the client passes the authentication based on the first authentication information.
2. The method of claim 1, wherein the determining whether the identity of the client is authenticated based on the first authentication information comprises:
if the time interval between the time when the server end receives the first authentication information and the first timestamp is less than the set time and the identity identifier ID exists in a user list of a database of the server end, decrypting the first authentication information based on the first secret key to obtain the decrypted identity identifier ID, the first random challenge number and the first timestamp;
and if the decrypted identification ID and the first timestamp are respectively the same as the identification ID and the first timestamp before encryption, determining that the identification authentication of the client passes.
3. The method of claim 1, further comprising:
under the condition that the identity authentication of the client is determined to pass, generating a second authentication message for determining whether the server is legal or not based on a current second timestamp of the server and a second encryption message, and sending the second authentication message to the client; wherein the second encrypted message is generated by encrypting the second timestamp, the second random challenge number, and the decryption result of the second random challenge number using an encryption algorithm based on a second key generated from the decryption results of the first key, the second random challenge number, and the second random challenge number.
4. The method of claim 3, further comprising:
receiving a feedback message sent by the client under the condition that the server is legal, wherein the feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated by encrypting a decryption result of the third timestamp and a decryption result of the second random challenge number by using an encryption algorithm based on a third secret key generated by a decryption result of the first secret key and the second random challenge number;
and determining to generate an identity authentication result based on the feedback message, and sending the identity authentication result to the client.
5. An identity authentication method is applied to a client, the client communicates with a server, and the method comprises the following steps:
generating a first authentication message based on a first encryption message, an identity ID input by a user and a current first time stamp of a client, wherein the first encryption message is generated by encrypting the identity ID, the first time stamp and a first random challenge number by using an encryption algorithm based on a first secret key generated by a password input by the user;
and sending the first authentication message to a server side so as to determine whether the identity of the client side passes the authentication based on the first authentication information.
6. The method of claim 5, further comprising:
determining whether the server side is legal or not based on a second authentication message sent by the server side, wherein,
the second authentication message is generated based on a current second timestamp of the server and a second encryption message under the condition that the identity authentication of the client is determined to pass, and the second encryption message is generated based on a second key generated by a decryption result of the first key and a second random challenge number and generated by encrypting the decryption result of the second timestamp, the second random challenge number and the second random challenge number by using an encryption algorithm;
and sending a feedback message to the server side under the condition that the server side is legal.
7. The method according to claim 6, wherein the determining whether the server side is legal based on the second authentication message sent by the server side comprises:
if the time interval between the time when the client receives the second authentication information and the second time stamp is less than the set time, decrypting the second authentication information based on the second secret key to obtain a decrypted second random challenge number, a second time stamp and a decrypted first random challenge number;
and if the decrypted second timestamp and the decrypted first random challenge number are respectively the same as the second timestamp and the first random challenge number before encryption, determining that the server side is legal.
8. The method of claim 6, further comprising:
and receiving an identity authentication result of the server, wherein the identity authentication result is determined based on the feedback message, the feedback message is generated based on a third encryption message and a current third timestamp of the client, and the third encryption message is generated by encrypting the decryption results of the third timestamp and the second random challenge number by using an encryption algorithm based on a third secret key generated by the decryption results of the first secret key and the second random challenge number.
9. A server side, comprising:
the first data transmission module is used for receiving a first authentication message sent by the client; the first authentication message is generated based on a first encryption message, an identification ID input by a user and a current first time stamp of the client, and the first encryption message is generated based on a first secret key generated by a password input by the user and by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm;
and the first authentication module is used for determining whether the identity of the client passes the authentication or not based on the first authentication information.
10. A client, comprising:
the client side comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a first authentication message based on a first encryption message, an identification ID input by a user and a current first time stamp of the client side, and the first encryption message is generated by encrypting the identification ID, the first time stamp and a first random challenge number by using an encryption algorithm based on a first secret key generated by a password input by the user;
and the second data transmission module is used for sending the first authentication message to the server so as to determine whether the identity of the client passes the authentication or not based on the first authentication message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210585950.XA CN115085929A (en) | 2022-05-27 | 2022-05-27 | Identity authentication method, server side and client side |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210585950.XA CN115085929A (en) | 2022-05-27 | 2022-05-27 | Identity authentication method, server side and client side |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115085929A true CN115085929A (en) | 2022-09-20 |
Family
ID=83249866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210585950.XA Pending CN115085929A (en) | 2022-05-27 | 2022-05-27 | Identity authentication method, server side and client side |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115085929A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116318899A (en) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
-
2022
- 2022-05-27 CN CN202210585950.XA patent/CN115085929A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116318899A (en) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
| CN116318899B (en) * | 2023-02-17 | 2023-10-17 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3435591B1 (en) | 1:n biometric authentication, encryption, signature system | |
| US6959394B1 (en) | Splitting knowledge of a password | |
| CN110493258B (en) | Identity verification method based on TOKEN and related equipment | |
| US11063941B2 (en) | Authentication system, authentication method, and program | |
| US8627424B1 (en) | Device bound OTP generation | |
| US8775794B2 (en) | System and method for end to end encryption | |
| KR101367621B1 (en) | System and method for authentication based on one-time password | |
| CN110659467A (en) | Remote user identity authentication method, device, system, terminal and server | |
| CN111327629B (en) | Identity verification method, client and server | |
| CN111193743A (en) | Identity authentication method, system and related device of storage system | |
| CN110493177B (en) | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number | |
| CN111639357A (en) | Encryption network disk system and authentication method and device thereof | |
| US9455973B1 (en) | Secure storage and retrieval of data in a database with multiple data classes and multiple data identifiers | |
| CN115085929A (en) | Identity authentication method, server side and client side | |
| CN107786338B (en) | Shared platform in dynamic password verification | |
| US11849019B2 (en) | Encryption system, key generation apparatus, key generation method, key generation program, and homomorphic operation apparatus | |
| CN110912857B (en) | Method and storage medium for sharing login between mobile applications | |
| CN116707961A (en) | User authentication method, computer device, and computer storage medium | |
| ul Haq et al. | An efficient authenticated key agreement scheme for consumer USB MSDs resilient to unauthorized file decryption | |
| CN115242471B (en) | Information transmission method, information transmission device, electronic equipment and computer readable storage medium | |
| CN115604034A (en) | Encryption and decryption method and system for communication connection and electronic equipment | |
| CN112822175B (en) | Information access method and device and electronic equipment | |
| CN110535632B (en) | Quantum communication service station AKA key negotiation method and system based on asymmetric key pool pair and DH protocol | |
| KR20190048422A (en) | System and method for authentication | |
| Mishra et al. | Authenticated content distribution framework for digital rights management systems with smart card revocation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |