CN115296825A - Authentication method based on random number, first terminal, device and storage medium - Google Patents

Authentication method based on random number, first terminal, device and storage medium Download PDF

Info

Publication number
CN115296825A
CN115296825A CN202211229452.8A CN202211229452A CN115296825A CN 115296825 A CN115296825 A CN 115296825A CN 202211229452 A CN202211229452 A CN 202211229452A CN 115296825 A CN115296825 A CN 115296825A
Authority
CN
China
Prior art keywords
data
terminal
random number
authentication
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211229452.8A
Other languages
Chinese (zh)
Inventor
刘加瑞
沈传宝
郝伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Huayun'an Technology Co ltd
Original Assignee
Anhui Huayun'an Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Huayun'an Technology Co ltd filed Critical Anhui Huayun'an Technology Co ltd
Priority to CN202211229452.8A priority Critical patent/CN115296825A/en
Publication of CN115296825A publication Critical patent/CN115296825A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The embodiment of the invention provides an authentication method based on a random number, a first terminal, equipment and a storage medium. The method comprises the steps that a first terminal generates an authentication request and sends the authentication request to a second terminal; the second terminal generates a first random number based on the authentication request; the second terminal encrypts the first random number by using a preset first secret key to obtain first data and sends the first data to the first terminal; the second terminal encrypts the first random number by using the information abstract of the first random number to obtain second data; the first terminal decrypts the first data by using a preset second key to obtain third data; the first terminal encrypts the third data by using the information abstract of the third data to obtain fourth data, and sends the fourth data to the second terminal; the second terminal determines a first authentication result according to the second data and the fourth data. In this way, security in the authentication process can be ensured.

Description

Authentication method based on random number, first terminal, device and storage medium
Technical Field
The present invention relates to the field of network authentication, and in particular, to an authentication method based on a random number, a first terminal, a device, and a storage medium.
Background
Since data is transmitted over the network, there is a possibility of leakage in the middle, that is, all data transmitted between the transmitting end and the receiving end may be leaked, and in addition, the data cannot be verified through the MD5 which directly transmits the key or the key, because the data is verified in this way, the data is intercepted by others in an insecure network, and thus the data is faked.
Therefore, in the current authentication mode, potential safety hazards exist.
Disclosure of Invention
The invention provides an authentication method based on random numbers, a first terminal, equipment and a storage medium.
According to a first aspect of the present invention, there is provided a random number-based authentication method, the method comprising:
the first terminal generates an authentication request and sends the authentication request to the second terminal;
the second terminal generates a first random number based on the authentication request;
the second terminal encrypts the first random number by using a preset first secret key to obtain first data and sends the first data to the first terminal;
the second terminal encrypts the first random number by using the information abstract of the first random number to obtain second data;
the first terminal decrypts the first data by using a preset second key to obtain third data;
the first terminal encrypts the third data by using the information abstract of the third data to obtain fourth data, and sends the fourth data to the second terminal;
and the second terminal determines a first authentication result according to the second data and the fourth data.
In some implementations of the first aspect, the determining, by the second terminal, the first authentication result according to the second data and the fourth data includes:
when the second data is the same as the fourth data, the first authentication result is that the authentication is passed;
when the second data is different from the fourth data, the first authentication result is that the authentication is not passed;
the method further comprises the following steps: and the second terminal sends the first authentication result to the first terminal.
In some implementations of the first aspect, the message digest of the first random number is calculated based on a preset message digest algorithm MD 5; the message digest of the third data is calculated based on a preset message digest algorithm MD 5.
In some implementations of the first aspect, the method further comprises:
the first terminal generates a second random number;
the first terminal encrypts the second random number by using a preset second key to obtain fifth data and sends the fifth data to the second terminal;
the first terminal encrypts the second random number by using the information abstract of the second random number to obtain sixth data;
the second terminal decrypts the fifth data by using a preset first key to obtain seventh data;
the second terminal encrypts the seventh data by using the information abstract of the seventh data to obtain eighth data, and sends the eighth data to the first terminal;
and the first terminal determines a second authentication result according to the sixth data and the eighth data.
In some implementations of the first aspect, the determining, by the first terminal, the second authentication result according to the sixth data and the eighth data includes: when the sixth data is the same as the eighth data, the second authentication result is that the authentication is passed; when the sixth data is different from the eighth data, the second authentication result is that the authentication fails;
the method further comprises the following steps: and the first terminal sends the second authentication result to the second terminal.
In some implementations of the first aspect, the information digest of the second random number is calculated based on a preset information digest algorithm MD 5;
the message digest of the seventh data is calculated based on a preset message digest algorithm MD 5.
According to a second aspect of the present invention, there is provided a first terminal comprising:
the authentication request sending module is used for generating an authentication request and sending the authentication request to the second terminal so that the second terminal generates a first random number based on the authentication request, encrypts the first random number by using a preset first key to obtain first data, sends the first data to the first terminal, and encrypts the first random number by using an information abstract of the first random number to obtain second data;
the decryption module is used for decrypting the first data by using a preset second key to obtain third data;
and the encryption module is used for encrypting the third data by using the information abstract of the third data to obtain fourth data, and sending the fourth data to the second terminal so that the second terminal can determine a first authentication result according to the second data and the fourth data.
In some implementations of the second aspect, the first terminal further includes a generation module and an authentication module;
a generating module for generating a second random number;
the encryption module is further configured to encrypt the second random number by using a preset second key to obtain fifth data, send the fifth data to the second terminal, so that the second terminal decrypts the fifth data by using the preset first key to obtain seventh data, encrypts the seventh data by using an information digest of the seventh data to obtain eighth data, and sends the eighth data to the first terminal;
the encryption module is further used for encrypting the second random number by using the information abstract of the second random number to obtain sixth data;
and the authentication module is used for determining a second authentication result according to the sixth data and the eighth data.
According to a third aspect of the invention, an electronic device is provided. The electronic device includes: a memory having stored thereon a computer program and a processor implementing, when executing the program, the random number based authentication method as described above in the first aspect, and in some implementations of the first aspect.
According to a fourth aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the first aspect as described above, and the random number based authentication method in some implementations of the first aspect.
In the authentication method, the first terminal, the equipment and the storage medium based on the random number, keys held by the first terminal and the second terminal are not transmitted on the network in the authentication process, and are stored in the inner parts of each other, and the transmitted content is data obtained by encrypting data of the random number encrypted by using the keys and information digests of the data obtained by decrypting the keys by using the keys, so that the keys and the information digests of the keys are not transmitted, and finally, the compared information digests of the data obtained by decrypting the keys are encrypted again, so that the security in the authentication process can be ensured.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of any embodiment of the invention, nor are they intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present invention will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention:
fig. 1 is an interaction diagram of an authentication method based on random numbers according to an embodiment of the present invention;
fig. 2 is a block diagram of a first terminal according to an embodiment of the present invention;
FIG. 3 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In addition, the term "and/or" herein is only one kind of association relationship describing the association object, and means that there may be three kinds of relationships, for example, a and/or B, and may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Since there is a possibility of leakage in the middle of data transmission on the network, that is, all data transmitted between the transmitting end and the receiving end may be leaked, the data cannot be verified by the MD5 that directly transmits the key or the key, because the data is verified by this way, it is intercepted by others in the insecure network, and thus the data is faked.
Therefore, in the current authentication mode, potential safety hazards exist.
In order to solve the potential safety hazard in the existing authentication process, the invention provides an authentication method based on random numbers, a first terminal, equipment and a storage medium, wherein the first terminal generates an authentication request and sends the authentication request to a second terminal; the second terminal generates a first random number based on the authentication request; the second terminal encrypts the first random number by using a preset first secret key to obtain first data and sends the first data to the first terminal; the second terminal encrypts the first random number by using the information abstract of the first random number to obtain second data; the first terminal decrypts the first data by using a preset second key to obtain third data; the first terminal encrypts the third data by using the information abstract of the third data to obtain fourth data, and sends the fourth data to the second terminal; the second terminal determines a first authentication result according to the second data and the fourth data. In the authentication process, the keys held by the first terminal and the second terminal are not transmitted on the network, but are stored in the inner parts of each other, and the transmitted content is data obtained by encrypting random numbers by using the keys and information digests of the data obtained by decrypting the random numbers by using the keys, so that the keys and the information digests of the keys are not transmitted, and finally, the compared information digests of the data obtained by decrypting the keys are encrypted, so that the security in the authentication process can be ensured.
The technical solutions provided by the embodiments of the present invention are described below with reference to the accompanying drawings.
Fig. 1 is an interaction diagram of an authentication method based on a random number according to an embodiment of the present invention, and as shown in fig. 1, the authentication method based on a random number may include:
s101: the first terminal generates an authentication request and sends it to the second terminal.
The first terminal may be a client, the second terminal may be a server, and for actual needs, the first terminal may also be a server, and the second terminal may be a client, which is not limited herein.
In addition, the authentication request may be specifically generated after the first terminal receives an instruction of the user.
S102: the second terminal generates a first random number based on the authentication request.
S103: the second terminal encrypts the first random number by using a preset first key to obtain first data and sends the first data to the first terminal.
S104: and the second terminal encrypts the first random number by using the information abstract of the first random number to obtain second data.
S105: and the first terminal decrypts the first data by using a preset second key to obtain third data.
S106: and the first terminal encrypts the third data by using the information abstract of the third data to obtain fourth data and sends the fourth data to the second terminal.
S107: and the second terminal determines a first authentication result according to the second data and the fourth data.
In the authentication process shown in fig. 1, the keys held by the first terminal and the second terminal are not transmitted over the network, but are stored inside each other, and the transmitted content is data obtained by encrypting random numbers using the key and the information digest of data obtained by decrypting the random numbers using the key, and then encrypting the random numbers using the information digest of the data obtained by decrypting the random numbers using the key, so that neither the key nor the information digest of the key is transmitted, and finally, the compared information digest of data obtained by decrypting the random numbers using the key is encrypted again, so that the security in the authentication process can be ensured.
It should be further explained that, in the process of determining, by the second terminal according to the second data and the fourth data in S107, the first authentication result specifically includes: when the second data and the fourth data are the same, the first authentication result is that the authentication is passed; when the second data is different from the fourth data, the first authentication result is that the authentication is not passed;
in addition, in order to enable the first terminal to know whether the authentication is successful, the second terminal may further send the first authentication result to the first terminal, so that the first terminal receives the authentication result.
In one embodiment, the message digest of the first random number is calculated based on a preset message digest algorithm MD 5; the message digest of the third data is calculated based on a preset message digest algorithm MD 5.
In a specific example, with reference to fig. 1 and the above-described embodiments, the process in fig. 1 may be:
1. a first terminal generates and initiates an authentication request;
2. the second terminal generates a random number s0, encrypts s1 generated by s0 by using a key, and encrypts s0 by using MD5 of s0 to generate s2, wherein s0 is the first random number, key is the preset first key, s1 is the first data, MD5 of s0 is the information digest of the first random number, and s2 is the second data;
3. the second terminal sends s1 to the first terminal;
4. the first terminal decrypts the s1 by using a key to obtain s0', encrypts the s0' by using the MD5 of the s0' to generate s2', wherein the key is the preset second key, the s0' is the third data, the MD5 of the s0' is the information digest of the third data, and the s2' is the fourth data;
5. the first terminal sends s2' to the second terminal;
6. the second terminal compares the s2 with the s2', if the two are the same, the authentication is passed, otherwise, the authentication is not passed;
7. the second terminal returns the authentication information to the first terminal.
It should be noted that, the first terminal may also implement authentication of the second terminal, that is, after the second terminal implements authentication of the first terminal, the first terminal may also implement reverse authentication of the second terminal, thereby implementing bidirectional authentication.
Specifically, in the process of authenticating the second terminal by the first terminal, the following steps may be specifically performed: the first terminal generates a second random number; the first terminal encrypts the second random number by using a preset second key to obtain fifth data and sends the fifth data to the second terminal; the first terminal encrypts the second random number by using the information abstract of the second random number to obtain sixth data; the second terminal decrypts the fifth data by using a preset first key to obtain seventh data; the second terminal encrypts the seventh data by using the information abstract of the seventh data to obtain eighth data, and sends the eighth data to the first terminal; and the first terminal determines a second authentication result according to the sixth data and the eighth data.
In one embodiment, the first terminal determines the second authentication result according to the sixth data and the eighth data, including: when the sixth data is the same as the eighth data, the second authentication result is that the authentication is passed; when the sixth data is different from the eighth data, the second authentication result is that the authentication fails; the method further comprises the following steps: and the first terminal sends the second authentication result to the second terminal.
In one embodiment, the message digest of the second random number is calculated based on a preset message digest algorithm MD 5; the message digest of the seventh data is calculated based on a preset message digest algorithm MD 5.
It should be noted that, in the present solution, the variable random number is used to implement transmission security based on dynamic data, and in addition, as can be seen from the authentication processes of the first terminal and the second terminal, in the present solution, it is not like the conventional solution that only the returned result is seen, and it is also possible to verify whether the first terminal or the second terminal is unlocked by using the correct key, thereby further improving the security of authentication.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that the acts and modules illustrated are not necessarily required to practice the invention.
Corresponding to the authentication method based on random numbers shown in fig. 1, the present invention further provides a first terminal, wherein, as shown in the structural block diagram of the first terminal 200 shown in fig. 2, the first terminal 200 includes:
the authentication request sending module 201 may be configured to generate an authentication request and send the authentication request to a second terminal, so that the second terminal generates a first random number based on the authentication request, encrypts the first random number using a preset first key to obtain first data, sends the first data to the first terminal, and encrypts the first random number using an information digest of the first random number to obtain second data;
the decryption module 202 may be configured to decrypt the first data using a preset second key to obtain third data;
the encryption module 203 may be configured to encrypt the third data by using the information digest of the third data to obtain fourth data, and send the fourth data to the second terminal, so that the second terminal determines the first authentication result according to the second data and the fourth data.
In one embodiment, the second terminal determines the first authentication result according to the second data and the fourth data, including: when the second data is the same as the fourth data, the first authentication result is that the authentication is passed; when the second data is different from the fourth data, the first authentication result is that the authentication is not passed;
furthermore, after the second terminal determines the first authentication result according to the second data and the fourth data, in one embodiment, the second terminal may further transmit the first authentication result to the first terminal.
In one embodiment, the message digest of the first random number is calculated based on a preset message digest algorithm MD 5; the message digest of the third data is calculated based on a preset message digest algorithm MD 5.
In one embodiment, the first terminal may further include a generation module and an authentication module;
a generating module operable to generate a second random number;
the encryption module 203 may be further configured to encrypt the second random number using a preset second key to obtain fifth data, send the fifth data to the second terminal, so that the second terminal decrypts the fifth data using the preset first key to obtain seventh data, encrypt the seventh data using an information digest of the seventh data to obtain eighth data, and send the eighth data to the first terminal;
the encryption module 203 may be further configured to encrypt the second random number by using the information digest of the second random number to obtain sixth data;
and the authentication module can be used for determining a second authentication result according to the sixth data and the eighth data.
In an embodiment, the authentication module may be further configured to determine that the second authentication result is that the authentication is passed when the sixth data is the same as the eighth data; when the sixth data is different from the eighth data, determining that the second authentication result is that the authentication fails; and sending the second authentication result to the second terminal.
In one embodiment, the message digest of the second random number is calculated based on a preset message digest algorithm MD 5; the message digest of the seventh data is calculated based on a preset message digest algorithm MD 5.
The first terminal provided by the invention can see that the keys held by the first terminal and the second terminal are not transmitted on the network and are stored in the inner parts of each other, and the transmitted content is data obtained by encrypting random numbers by using the keys and information digests of the data obtained by decrypting the keys, so that the keys and the information digests of the keys are not transmitted, and finally, the compared information digests of the data obtained by decrypting the keys are encrypted, thereby ensuring the safety in the authentication process.
It can be understood that each module in the first terminal shown in fig. 2 has a function of implementing each step of the first terminal side in fig. 1, and can achieve the corresponding technical effect, and for brevity, no further description is provided herein.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
The invention also provides an electronic device, a readable storage medium and a computer program product according to the embodiments of the invention.
FIG. 3 shows a schematic block diagram of an electronic device 300 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
The device 300 comprises a computing unit 301 which may perform various suitable actions and processes in accordance with a computer program stored in a Read Only Memory (ROM) 302 or a computer program loaded from a storage unit 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data required for the operation of the device 300 can also be stored. The calculation unit 301, the ROM302, and the RAM303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Various components in device 300 are connected to I/O interface 305, including: an input unit 306 such as a keyboard, a mouse, or the like; an output unit 307 such as various types of displays, speakers, and the like; a storage unit 308 such as a magnetic disk, optical disk, or the like; and a communication unit 309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 309 allows the device 300 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 301 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 301 performs the respective methods and processes described above, such as the random number-based authentication method in fig. 1. For example, in some embodiments, the random number based authentication method of fig. 1 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 300 via ROM302 and/or communication unit 309. When the computer program is loaded into RAM303 and executed by the computing unit 301, one or more steps of the random number based authentication method described above may be performed. Alternatively, in other embodiments, the computing unit 301 may be configured to perform the random number based authentication method of fig. 1 by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present invention may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method of random number based authentication, the method comprising:
the first terminal generates an authentication request and sends the authentication request to the second terminal;
the second terminal generates a first random number based on the authentication request;
the second terminal encrypts the first random number by using a preset first key to obtain first data and sends the first data to the first terminal;
the second terminal encrypts the first random number by using the information abstract of the first random number to obtain second data;
the first terminal decrypts the first data by using a preset second key to obtain third data;
the first terminal encrypts third data by using an information abstract of the third data to obtain fourth data, and sends the fourth data to the second terminal;
and the second terminal determines a first authentication result according to the second data and the fourth data.
2. The method of claim 1, wherein the second terminal determining a first authentication result based on the second data and the fourth data comprises:
when the second data and the fourth data are the same, the first authentication result is authentication passing;
when the second data is different from the fourth data, the first authentication result is that the authentication is not passed;
the method further comprises the following steps: and the second terminal sends the first authentication result to the first terminal.
3. The method according to claim 1, wherein the message digest of the first random number is calculated based on a preset message digest algorithm MD 5; the information abstract of the third data is obtained by calculating the third data based on a preset information abstract algorithm MD 5.
4. The method of claim 1, further comprising:
the first terminal generates a second random number;
the first terminal encrypts the second random number by using a preset second key to obtain fifth data and sends the fifth data to the second terminal;
the first terminal encrypts the second random number by using the information abstract of the second random number to obtain sixth data;
the second terminal decrypts the fifth data by using a preset first key to obtain seventh data;
the second terminal encrypts seventh data by using an information abstract of the seventh data to obtain eighth data, and sends the eighth data to the first terminal;
and the first terminal determines a second authentication result according to the sixth data and the eighth data.
5. The method according to claim 4, wherein the first terminal determines a second authentication result according to the sixth data and the eighth data, comprising: when the sixth data and the eighth data are the same, the second authentication result is authentication pass; when the sixth data is different from the eighth data, the second authentication result is that the authentication fails;
the method further comprises the following steps: and the first terminal sends the second authentication result to the second terminal.
6. The method according to claim 4, wherein the message digest of the second random number is calculated based on a preset message digest algorithm MD 5;
the information abstract of the seventh data is obtained by calculating the seventh data based on a preset information abstract algorithm MD 5.
7. A first terminal, characterized in that the first terminal comprises:
the authentication request sending module is used for generating an authentication request and sending the authentication request to a second terminal so that the second terminal generates a first random number based on the authentication request, encrypts the first random number by using a preset first key to obtain first data, sends the first data to the first terminal, and encrypts the first random number by using an information abstract of the first random number to obtain second data;
the decryption module is used for decrypting the first data by using a preset second key to obtain third data;
and the encryption module is used for encrypting the third data by using the information abstract of the third data to obtain fourth data, and sending the fourth data to the second terminal so that the second terminal can determine a first authentication result according to the second data and the fourth data.
8. The first terminal of claim 7, wherein the first terminal further comprises a generation module and an authentication module;
the generation module is used for generating a second random number;
the encryption module is further configured to encrypt the second random number using a preset second key to obtain fifth data, send the fifth data to the second terminal, so that the second terminal decrypts the fifth data using a preset first key to obtain seventh data, encrypt the seventh data using an information digest of the seventh data to obtain eighth data, and send the eighth data to the first terminal;
the encryption module is further configured to encrypt the second random number by using the information digest of the second random number to obtain sixth data;
and the authentication module is used for determining a second authentication result according to the sixth data and the eighth data.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method according to any one of claims 1-6.
CN202211229452.8A 2022-10-09 2022-10-09 Authentication method based on random number, first terminal, device and storage medium Pending CN115296825A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211229452.8A CN115296825A (en) 2022-10-09 2022-10-09 Authentication method based on random number, first terminal, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211229452.8A CN115296825A (en) 2022-10-09 2022-10-09 Authentication method based on random number, first terminal, device and storage medium

Publications (1)

Publication Number Publication Date
CN115296825A true CN115296825A (en) 2022-11-04

Family

ID=83819257

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211229452.8A Pending CN115296825A (en) 2022-10-09 2022-10-09 Authentication method based on random number, first terminal, device and storage medium

Country Status (1)

Country Link
CN (1) CN115296825A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051904A (en) * 2007-05-17 2007-10-10 成都金山互动娱乐科技有限公司 Method for landing by account number cipher for protecting network application sequence
US20160261414A1 (en) * 2015-03-06 2016-09-08 Comcast Cable Communications, Llc Secure authentication of remote equipment
CN109712278A (en) * 2018-11-27 2019-05-03 深圳市小石安防科技有限公司 Intelligent door lock identity identifying method, system, readable storage medium storing program for executing and mobile terminal
CN111077883A (en) * 2019-12-27 2020-04-28 国家计算机网络与信息安全管理中心 Vehicle-mounted network safety protection method and device based on CAN bus
CN112073421A (en) * 2020-09-14 2020-12-11 深圳市腾讯计算机系统有限公司 Communication processing method, communication processing device, terminal and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051904A (en) * 2007-05-17 2007-10-10 成都金山互动娱乐科技有限公司 Method for landing by account number cipher for protecting network application sequence
US20160261414A1 (en) * 2015-03-06 2016-09-08 Comcast Cable Communications, Llc Secure authentication of remote equipment
CN109712278A (en) * 2018-11-27 2019-05-03 深圳市小石安防科技有限公司 Intelligent door lock identity identifying method, system, readable storage medium storing program for executing and mobile terminal
CN111077883A (en) * 2019-12-27 2020-04-28 国家计算机网络与信息安全管理中心 Vehicle-mounted network safety protection method and device based on CAN bus
CN112073421A (en) * 2020-09-14 2020-12-11 深圳市腾讯计算机系统有限公司 Communication processing method, communication processing device, terminal and storage medium

Similar Documents

Publication Publication Date Title
US11556630B2 (en) Private password constraint validation
CN113674456B (en) Unlocking method, unlocking device, electronic equipment and storage medium
CN104038336A (en) Data encryption method based on 3DES
CN115795513A (en) File encryption method, file decryption method, file encryption device, file decryption device and equipment
CN114139176A (en) Industrial internet core data protection method and system based on state secret
CN114070568A (en) Data processing method and device, electronic equipment and storage medium
CN113630412A (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
CN112261015A (en) Block chain based information sharing method, platform, system and electronic equipment
CN113794706B (en) Data processing method and device, electronic equipment and readable storage medium
CN114793178B (en) Network distribution method, device, equipment and storage medium
CN116823257A (en) Information processing method, device, equipment and storage medium
WO2019242163A1 (en) Data security verification method, apparatus and system, and computer device and storage medium
CN111064577A (en) Security authentication method and device and electronic equipment
CN113422832B (en) File transmission method, device, equipment and storage medium
CN115883199A (en) File transmission method and device, electronic equipment and storage medium
CN115296825A (en) Authentication method based on random number, first terminal, device and storage medium
CN110166226B (en) Method and device for generating secret key
CN114024780B (en) Node information processing method and device based on Internet of things equipment
CN112788061B (en) Authentication method, authentication device, authentication apparatus, authentication storage medium, and authentication program product
CN112565156A (en) Information registration method, device and system
CN112926076B (en) Data processing method, device and system
CN116961906B (en) Network communication method, device, equipment and storage medium
CN113783705A (en) Zero knowledge proof method, verification terminal, equipment and storage medium of key
CN112615712B (en) Data processing method, related device and computer program product
CN115190484A (en) Internet of vehicles security defense method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20221104