CN115801271A - Method, equipment and storage medium for realizing dynamic password - Google Patents

Method, equipment and storage medium for realizing dynamic password Download PDF

Info

Publication number
CN115801271A
CN115801271A CN202211358797.3A CN202211358797A CN115801271A CN 115801271 A CN115801271 A CN 115801271A CN 202211358797 A CN202211358797 A CN 202211358797A CN 115801271 A CN115801271 A CN 115801271A
Authority
CN
China
Prior art keywords
dynamic password
white
key
box
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211358797.3A
Other languages
Chinese (zh)
Inventor
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN ARGUSEC TECHNOLOGY CO LTD
Original Assignee
WUHAN ARGUSEC TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WUHAN ARGUSEC TECHNOLOGY CO LTD filed Critical WUHAN ARGUSEC TECHNOLOGY CO LTD
Priority to CN202211358797.3A priority Critical patent/CN115801271A/en
Publication of CN115801271A publication Critical patent/CN115801271A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a method, equipment and a storage medium for realizing a dynamic password. The server side performs white box processing on the key seeds used for generating the dynamic passwords to generate white box keys corresponding to the key seeds; and generating a dynamic password construction program and a dynamic password interface program, and sending the dynamic password construction program and the dynamic password interface program to the client together with the white-box secret key. Enabling the client to execute a dynamic password construction program based on the white-box key to generate a dynamic password; and displaying the dynamic password on the dynamic password interface according to the dynamic password interface program. Therefore, the server only needs to send the white box key, the dynamic password construction program and the dynamic password interface program to the client, and the client can independently complete the off-line generation work of the dynamic password without depending on the server, so that the dynamic password is realized without depending on special hardware equipment, and any hardware equipment can be used as the client, and the use cost of the dynamic password can be effectively reduced.

Description

Method, equipment and storage medium for realizing dynamic password
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, and a storage medium for implementing a dynamic password.
Background
With the development of information security technology, dynamic tokens are widely used in various enterprises such as banks and security companies to verify the identity of a client. However, the current dynamic token usually needs to be implemented by depending on a dedicated hardware device, and has the problems of easy loss and the like. Moreover, the scheme of implementing the dynamic token based on the dedicated hardware device has a cost problem, and is not suitable for small and medium-sized enterprises with limited budgets.
Disclosure of Invention
Aspects of the present application provide a method, device and storage medium for implementing a dynamic password, so as to reduce the use cost of the dynamic password.
The embodiment of the application provides a method for realizing a dynamic password, which comprises the following steps:
white-box processing is carried out on a key seed used for generating a dynamic password so as to generate a white-box key corresponding to the key seed;
generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on the white-box secret key;
generating a dynamic password interface program, wherein the dynamic password interface program comprises processing logic for displaying a dynamic password interface;
and sending the white box key, the dynamic password construction program and the dynamic password interface program to a client so that the client can realize a dynamic password according to the white box key, the dynamic password construction program and the dynamic password interface program.
The embodiment of the application provides a method for realizing a dynamic password, which comprises the following steps:
responding to a dynamic password triggering event, and acquiring a white-box secret key, wherein the white-box secret key is generated by white-box processing of a secret key seed used for generating the dynamic password;
generating a dynamic password based on the white box key according to a preset dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating the dynamic password based on the white box key;
and displaying the dynamic password in the dynamic password interface according to a preset dynamic password interface program.
An embodiment of the present application provides a computing device comprising a memory, a processor, and a communication component;
the memory is to store one or more computer instructions;
the processor, coupled with the memory and the communication component, to execute the one or more computer instructions to:
white-box processing is carried out on a key seed used for generating a dynamic password so as to generate a white-box key corresponding to the key seed;
generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on the white-box secret key;
generating a dynamic password interface program, wherein the dynamic password interface program comprises processing logic for displaying a dynamic password interface;
and sending the white box key, the dynamic password construction program and the dynamic password interface program to a client so that the client can realize a dynamic password according to the white box key, the dynamic password construction program and the dynamic password interface program.
An embodiment of the present application provides a computing device comprising a memory, a processor, and a communication component;
the memory is to store one or more computer instructions;
the processor, coupled with the memory and the communication component, to execute the one or more computer instructions to:
responding to a dynamic password triggering event, and acquiring a white-box key, wherein the white-box key is generated by performing white-box processing on a key seed used for generating the dynamic password;
generating a dynamic password based on the white box key according to a preset dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating the dynamic password based on the white box key;
and displaying the dynamic password in the dynamic password interface according to a preset dynamic password interface program.
Embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which, when executed by one or more processors, cause the one or more processors to perform the aforementioned implementation method of dynamic passwords.
In the embodiment of the application, a method for implementing a dynamic password is provided, in which a server performs white-box processing on a key seed used for generating the dynamic password to generate a white-box key corresponding to the key seed; and generating a dynamic password construction program and a dynamic password interface program, and sending the dynamic password construction program and the dynamic password interface program to the client together with the white box key. Enabling the client to execute a dynamic password construction program based on the white-box key to generate a dynamic password; and displaying the dynamic password on the dynamic password interface according to the dynamic password interface program. Therefore, the server only needs to send the white box key, the dynamic password construction program and the dynamic password interface program to the client, and the client can independently complete the off-line generation work of the dynamic password without depending on the server, so that the dynamic password is realized without depending on special hardware equipment, and any hardware equipment can be used as the client, thereby effectively reducing the use cost of the dynamic password.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flowchart illustrating a method for implementing a dynamic password according to an exemplary embodiment of the present application;
FIG. 2 is a flowchart illustrating another method for implementing a dynamic password according to an exemplary embodiment of the present application;
FIG. 3 is a flowchart of a method for generating a dynamic password according to an exemplary embodiment of the present application;
FIG. 4 is a schematic diagram of a dynamic password interface provided in an exemplary embodiment of the present application;
FIG. 5 is a schematic block diagram of a computing device according to another exemplary embodiment of the present application;
fig. 6 is a schematic structural diagram of another computing device according to another exemplary embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, the dynamic token is usually realized by depending on a special hardware device, and has the problems of easy loss and the like. Moreover, the scheme of implementing the dynamic token based on the dedicated hardware device has a cost problem, and is not suitable for small and medium-sized enterprises with limited budgets. To this end, in some embodiments of the present application: providing a method for realizing a dynamic password, wherein a server side performs white-box processing on a key seed used for generating the dynamic password to generate a white-box key corresponding to the key seed; and generating a dynamic password construction program and a dynamic password interface program, and sending the dynamic password construction program and the dynamic password interface program to the client together with the white-box secret key. Enabling the client to execute a dynamic password construction program based on the white-box key to generate a dynamic password; and displaying the dynamic password on the dynamic password interface according to the dynamic password interface program. Therefore, the server only needs to send the white box key, the dynamic password construction program and the dynamic password interface program to the client, and the client can independently complete the off-line generation work of the dynamic password without depending on the server, so that the dynamic password is realized without depending on special hardware equipment, and any hardware equipment can be used as the client, thereby effectively reducing the use cost of the dynamic password.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating a method for implementing a dynamic password according to an exemplary embodiment of the present application, where the method may be performed by a data processing apparatus, the data processing apparatus may be implemented as and/or a combination of hardware, and the data processing apparatus may be integrated in a computing device. Referring to fig. 1, the method includes:
step 100, white box processing is carried out on a key seed used for generating a dynamic password to generate a white box key corresponding to the key seed;
step 101, generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on a white box key;
102, generating a dynamic password interface program, wherein the dynamic password interface program comprises a processing logic for displaying a dynamic password interface;
and 103, sending the white box key, the dynamic password construction program and the dynamic password interface program to the client so that the client can realize the dynamic password according to the white box key, the dynamic password construction program and the dynamic password interface program.
The embodiment provides a method for realizing a dynamic password. The method is applicable to electronic equipment with a logical operation function, and for example, the method can be a single server, or a service cluster composed of a plurality of servers. This is not a limitation herein.
Referring to FIG. 1, in step 100, a key seed used to generate a dynamic password may be white-boxed to produce a white-box key to which the key seed corresponds. Wherein the key seed is an initial key for starting a key update process or a key generation process. A dynamic password may be generated by performing an operation based on the key seed. In this embodiment, white-box processing is performed on the key seed to generate a white-box key corresponding to the key seed to participate in the generation of the dynamic password.
Optionally, in this embodiment, an encryption table and a decryption table may be generated according to the key seed; and generating a lookup table as a white-box key corresponding to the key seed based on the encryption table and the decryption table. That is, an encryption table and a decryption table are generated based on the key seed, and the encryption table and the decryption table have the same structure, and the lookup table generated by the encryption table and the decryption table is used as the white-box key. Therefore, the encryption can be independently carried out by searching the encryption table, the decryption can be carried out by searching the decryption table, the key seed can be effectively hidden, and the encryption and the decryption can be completely realized by searching the table, so that the aim of protecting the security of the key seed can be fulfilled.
With continued reference to FIG. 1, in step 101, a dynamic password builder may be generated that includes processing logic for generating a dynamic password based on a white-box key. The processing logic in the dynamic password builder will be described in detail later.
Additionally, in step 102, a dynamic password interface program may be generated, the dynamic password interface program including processing logic to display the dynamic password interface. For example, a trigger condition for displaying the dynamic password and a display position, a display form, and the like of the dynamic password on the dynamic password display interface may be deployed in the dynamic password interface program.
Finally, referring to fig. 1, in step 103, the white-box key, the dynamic password construction program, and the dynamic password interface program may be sent to the client, so that the client may implement the dynamic password according to the white-box key, the dynamic password construction program, and the dynamic password interface program. The white box key and the dynamic password construction program are directly sent to the client, so that the client can be driven to autonomously generate the dynamic password by utilizing the white box key and the dynamic password construction program, and the client can have the capability of displaying the dynamic password by sending the dynamic password interface program to the client.
In an alternative implementation, the white-box key, the dynamic password builder, and the dynamic password interface program may be packaged as executable files; and sending the executable file to the client based on the secure channel specified by the user. For example, the white-box key, the dynamic password builder, and the dynamic password interface may be packaged into an exe file, or may be packaged into an executable file in another format, which is not limited in this embodiment. And, the delivery method of the secure channel includes but is not limited to: copy through an off-network mobile storage device, through a secure mailbox, through a national security SSL channel, etc.
In addition, in this embodiment, an unwrapping program may also be generated, where the unwrapping program may include processing logic for generating an encryption key, and based on this, in sending the white-box key and the dynamic password construction program to the client: the user identity verification code corresponding to the client can be obtained; based on the user identity verification code, an encryption key can be generated; encrypting the white box key and the dynamic password construction program by using the encryption key; and the shell removing program, the encrypted white box key and the encrypted dynamic password construction program are sent to the client. And the shell-removing program also comprises processing logic for decrypting the encrypted white-box key and the dynamic password construction program.
The user identity verification code can be a character string randomly generated by the user in advance, and the user identity verification code can be provided to the client in advance so as to be used by the client in the process of running the shell removing program. The sending mode of the user identity authentication code is not limited, and the user identity authentication code can be sent synchronously with the shell removing program or asynchronously with the shell removing program.
In addition, in this embodiment, the user authentication code corresponds to the user, and there is no binding relationship between the user and the client, and the same client can be used by different users. The user identity verification code can be used for authenticating the user identity, if the user identity authentication is successful, an encryption key can be generated based on the user identity verification code, the encryption key can be used for encrypting the white box key and the dynamic password construction program, and can also be used for decrypting the encrypted white box key and the dynamic password construction program.
Preferably, in the process of generating the encryption key based on the user authentication code, an exemplary implementation manner is as follows: a random code can be obtained, wherein the random code is a randomly generated character string; based on the user identity verification code and the random code, generating shell-opening data of specified bytes by adopting an SM3 algorithm; and selecting the appointed bytes of the unpacking data as an encryption key. And carries the random code in the unpacking procedure. Preferably, 32 bytes of the unwrapped data may be generated using the SM3 algorithm and the first 16 bytes of the unwrapped data are used as the encryption key.
In addition, in the process of encrypting the white box key and the dynamic password construction program, the white box key and the dynamic password construction program can be spliced together firstly, and then the spliced whole is encrypted; the white-box key and the dynamic password construction program can be directly encrypted together; or the white-box key and the dynamic password builder are encrypted separately, which is not limited herein.
Fig. 2 is a flowchart illustrating a method for implementing a dynamic password according to an exemplary embodiment of the present application, where the method may be performed by a data processing apparatus, the data processing apparatus may be implemented as and/or a combination of hardware, and the data processing apparatus may be integrated in a computing device. Referring to fig. 2, the method includes:
step 200, responding to a dynamic password triggering event, and acquiring a white-box key, wherein the white-box key is generated by performing white-box processing on a key seed used for generating a dynamic password;
step 201, according to a preset dynamic password construction program, generating a dynamic password based on a white box key, wherein the dynamic password construction program comprises a processing logic for generating the dynamic password based on the white box key;
step 202, displaying the dynamic password in the dynamic password interface according to a preset dynamic password interface program.
The execution body of the implementation method of the dynamic password provided by this embodiment may be any electronic device with a logical operation function, such as a smart phone, a notebook computer, a desktop computer, and the like. This embodiment is not limited to this. Moreover, the dynamic password implementation method in this embodiment may be applied to any scenario that requires a dynamic password, for example, a bank authenticates a client identity according to the dynamic password, logs in a company internal system according to the dynamic password, and the like, which is not limited herein.
Referring to FIG. 2, in step 200, a white-box key may be obtained in response to a dynamic password triggering event, the white-box key resulting from white-box processing a key seed used to generate a dynamic password. The dynamic password triggering event may be an authentication triggering event or a time timing triggering event, which is not limited herein. In response to a triggering event of the dynamic password, a white-box key corresponding to the dynamic password builder may be obtained. The key seeds are processed into the white-box keys in a white-box processing mode, so that the key seeds can be protected from being leaked.
Based on this, in step 201, a dynamic password may be generated based on the white-box key according to a preset dynamic password construction program, and the dynamic password construction program includes processing logic for generating the dynamic password based on the white-box key. The white-box key can be used as the input of a dynamic password construction program, and the output of the dynamic password construction program is a dynamic password.
In an alternative implementation, it is proposed that a white-box transformation can be performed on the basis of the standard SM4 algorithm to generate the white-box SM4 algorithm. The white box SM4 algorithm proposed in this embodiment can resist white box attacks. Based on this, in this implementation, the white-box SM4 algorithm may be employed as the processing logic of the dynamic password builder. Correspondingly, in the process of generating the dynamic password: splitting input data into a plurality of data blocks by using a first group in a dynamic password construction program; based on the white-box key, obtaining corresponding search results of a plurality of data blocks in a search table; carrying out XOR operation on the search results corresponding to the data blocks to generate an output result of the first group; taking the output result of the first packet as the input data of the next packet; continuing to take the output result of the previous grouping as the input data of the next grouping in sequence until the output result of the last grouping is generated; calculating the dynamic password according to the output result of the last grouping and the bit number appointed for the dynamic password; wherein the processing logic within the plurality of packets contained in the dynamic password builder is consistent. In addition, the input data may be plain text data input into the white-box SM4 algorithm, and the data block may be a block of data divided from the input data.
FIG. 3 is a flowchart of a method for generating a dynamic password according to an exemplary embodiment of the present application. Referring to fig. 3, in the above implementation, the white-box key and the plaintext data may be used as inputs of the white-box SM4 algorithm, an output result S of the algorithm is obtained through multiple iterations, the output result S is calculated by using a truncation function, and a preset number of bits of the dynamic password is combined to obtain the dynamic password. Referring to fig. 3, for example, the white-box key and the plaintext ID1 may be used as the input of the first packet in the dynamic password construction program, S1 is obtained by white-box SM4 operation, S1 and ID2 are subjected to arithmetic addition (high-order overflow truncation), the result is used as the input of the next packet together with the white-box key, S2 is generated by white-box SM4 operation, the output result of the previous packet is continuously used as the input data of the next packet in turn until the output result SM of the last packet is generated, and then the output result SM of the last packet may be operated by using the formulas P = OD% (10 ^ n) and OD = Truncate (SM) to obtain the dynamic password P. Where, truncate () is a Truncate function, OD is its output result, and N is the number of bits of the dynamic password. ID represents plaintext data input into a white box SM4 algorithm, and zero padding is carried out to 128 bits at the end of the ID when the ID is less than 128 bits; when the ID is larger than 128 bits, zero is filled to the integral multiple length of 128 bits at the ID end, and the IDs are grouped in the length of 128 bits, wherein the high order is ID1, ID2 and ID3 8230idm respectively.
An exemplary white-box SM4 operation process may be: a128-bit input data may be data partitioned to determine 4 32-bit data partitions (x) 0 ,x 1 ,x 2 ,x 3 ) As input to the first packet, x is looked up in the look-up table of the white-box key, respectively 0 ,x 1 ,x 2 ,x 3 Respectively corresponding search results, and carrying out XOR operation on the 4 search results to obtain x 4 X is to 1 ,x 2 ,x 3 ,x 4 As the input of the next packet, the above operation is continued, i.e., in the process of the r (1 ≦ r ≦ 32) th packet operation, 4 32-bit values x are used r-1 ,x r ,x r+1 ,x r+2 As an input, a 32-bit value x is output r+3 And x is r ,x r+1 ,x r+2 ,x r+3 As input for the next packet. After 32 sets of iterative operations of the white-box SM4 algorithm, 128 bits of data (x) are processed 35 ,x 34, x 33 ,x 32 ) As an output result of the last packet.
Because the preset dynamic password construction program and the white box key are in an encrypted state, before the dynamic password is generated based on the white box key according to the preset dynamic password construction program, a user identity verification code input by a user in a dynamic password interface can be collected, wherein the user identity verification code can be a numeric string consisting of 0-9 randomly, or a random combination of numbers and/or letters, which is not limited herein. Each user has only one user authentication code, and there is no case where a plurality of users share one user authentication code. If the user identity authentication is successful, a random code corresponding to the user identity authentication code can be obtained from a preset shell-removing program; generating an encryption key based on the user identity verification code and the random code according to a predetermined key generation rule; according to the shell-unpacking program, the dynamic password construction program and the white-box key can be decrypted by using the encryption key. The random code, the user identity authentication code and the encryption key have a mutual corresponding relationship. The key generation rule is a generation rule for generating an encryption key based on the user authentication code and the random code. For example, the key generation rule may be agreed in advance as: 32 bytes of unwrapped data may be generated using the SM3 algorithm based on the user authentication code and the random code, with the first 16 bytes of the unwrapped data being used as the encryption key.
On this basis, in step 202, the dynamic password may be presented in the dynamic password interface according to a preset dynamic password interface program. As mentioned previously, upon acquiring the dynamic password builder and the white-box key, the dynamic password builder may be executed based on the white-box key, thereby generating the dynamic password. Based on the preset dynamic password interface program, the dynamic password interface can be displayed, and the generated dynamic password is displayed on the dynamic password interface. The dynamic password may be displayed according to time or in response to a trigger of an authentication event, which is not limited herein.
Fig. 4 is a schematic diagram of a dynamic password interface according to an exemplary embodiment of the present application. Referring to fig. 4, in combination with the aforementioned "user id verification code", the dynamic password interface may be divided into an input area for the user id verification code and a display area for the dynamic password, and the current dynamic password is displayed in the display area on the dynamic password interface by collecting the user id verification code input by the user in the input area on the dynamic password interface.
In addition, as the white-box key, the dynamic password construction program, the dynamic password interface program and the like are all operated in an untrusted modifiable terminal operating environment, the program encryption can only prevent static code analysis, and the user authentication code input by the user and the white-box processing logic still have the risk of being intercepted from the memory and the screen display process. Therefore, a random keyboard technology, a screen capture prevention technology, a debugging prevention technology and/or a memory dump prevention technology can be loaded in the dynamic password interface to solve the problems.
Accordingly, the embodiment provides a method for implementing a dynamic password, in which a server performs white-box processing on a key seed used for generating the dynamic password to generate a white-box key corresponding to the key seed; and generating a dynamic password construction program and a dynamic password interface program, and sending the dynamic password construction program and the dynamic password interface program to the client together with the white box key. Enabling the client to execute a dynamic password construction program based on the white-box key to generate a dynamic password; and displaying the dynamic password on the dynamic password interface according to the dynamic password interface program. Therefore, the server only needs to send the white box key, the dynamic password construction program and the dynamic password interface program to the client, and the client can independently complete the off-line generation work of the dynamic password without depending on the server, so that the dynamic password is realized without depending on special hardware equipment, and any hardware equipment can be used as the client, thereby effectively reducing the use cost of the dynamic password.
It should be noted that the execution subjects of the steps of the methods provided in the above embodiments may be the same device, or different devices may be used as the execution subjects of the methods. For example, the execution subject of steps 101 to 103 may be device a; for another example, the execution subject of steps 101 and 102 may be device a, and the execution subject of step 103 may be device B; and so on.
In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations occurring in a specific order are included, but it should be clearly understood that these operations may be executed out of order or in parallel as they appear herein, and the sequence numbers of the operations, such as 101, 102, etc., are used merely to distinguish various operations, and the sequence numbers themselves do not represent any execution order. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel.
Fig. 5 is a schematic structural diagram of a computing device according to another exemplary embodiment of the present application. As shown in fig. 5, the computing device includes: memory 50, processor 51 and communication component 52.
A processor 51, coupled to the memory 50, for executing the computer program in the memory 50 for:
white box processing is carried out on the key seeds used for generating the dynamic passwords to generate white box keys corresponding to the key seeds;
generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on a white box key;
generating a dynamic password interface program, wherein the dynamic password interface program comprises processing logic for displaying a dynamic password interface;
and sending the white box key, the dynamic password construction program and the dynamic password interface program to the client so that the client can realize the dynamic password according to the white box key, the dynamic password construction program and the dynamic password interface program.
In an alternative embodiment, the processor 51 is further configured to, during the process of sending the white-box key and the dynamic password builder to the client:
acquiring a user identity verification code corresponding to a client;
generating an encryption key based on the user identity verification code;
encrypting the white box key and the dynamic password construction program by using the encryption key;
generating a shell removing program, wherein the shell removing program comprises a processing logic for decrypting the encrypted white shell key and the dynamic password construction program;
and constructing a program by the shell removing program, the encrypted white box key and the encrypted dynamic password, and sending the program to the client. In an alternative embodiment, the processor 51 is further configured to, in the process of generating the encryption key based on the user authentication code:
acquiring a random code, wherein the random code is a randomly generated character string;
based on the user identity verification code and the random code, generating shell-removing data with specified byte number by adopting an SM3 algorithm;
selecting a designated byte of the unpacking data as an encryption key;
the random code is carried in the unpacking program.
In an alternative embodiment, the processor 51 is further configured to, during the process of white-box processing the key seed used for generating the dynamic password to generate the white-box key corresponding to the key seed:
generating an encryption table and a decryption table according to the key seed;
and generating a lookup table as a white-box key corresponding to the key seed based on the encryption table and the decryption table.
In an optional embodiment, the process of sending the white-box key, the dynamic password construction program and the dynamic password interface program to the client by the processor 51 is further configured to:
packing the white box key dynamic password construction program and the dynamic password interface program into an executable file;
and sending the executable file to the client based on the safety channel specified by the user.
Further, as shown in fig. 5, the computing device further includes: display components 53 and power components 54, among other components. Only some of the components are shown schematically in fig. 5, and the computing device is not meant to include only the components shown in fig. 5.
It should be noted that, for the sake of brevity, the technical details of the embodiments of the computing device described above may be referred to the related descriptions of the computing device in the foregoing system embodiments, and are not described herein again, but should not cause a loss of the scope of the present application.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by a computing device in the foregoing method embodiments when executed.
Fig. 6 is a schematic structural diagram of another computing device according to another exemplary embodiment of the present application. As shown in fig. 6, the computing device includes: memory 60, processor 61, and communications component 62. A processor 61, coupled to the memory 60, for executing computer programs in the memory 60 for:
responding to a dynamic password triggering event, and acquiring a white-box key, wherein the white-box key is generated by performing white-box processing on a key seed used for generating the dynamic password;
generating a dynamic password based on a white box key according to a preset dynamic password construction program, wherein the dynamic password construction program comprises a processing logic for generating the dynamic password based on the white box key;
and displaying the dynamic password in the dynamic password interface according to a preset dynamic password interface program.
In an alternative embodiment, the processor 61, in following the preset dynamic password construction program, is further configured to:
splitting input data into a plurality of data blocks by using a first group in a dynamic password construction program;
acquiring corresponding search results of a plurality of data blocks in a search table based on the white box key;
carrying out XOR operation on the search results corresponding to the data blocks to generate an output result of the first group;
taking the output result of the first packet as the input data of the next packet;
continuing to take the output result of the previous packet as the input data of the next packet in sequence until the output result of the last packet is generated; calculating the dynamic password according to the output result of the last grouping and the bit number appointed for the dynamic password;
wherein processing logics within a plurality of packets contained in the dynamic password builder are consistent.
In an alternative embodiment, the dynamic password builder and the white-box key are in an encrypted state, and before generating the dynamic password based on the white-box key according to the preset dynamic password builder, the processor 61 is further configured to:
collecting a user identity authentication code input by a user in a dynamic password interface;
acquiring a random code corresponding to a user verification code from a preset shell removing program;
generating an encryption key based on the user identity verification code and the random code according to a predetermined key generation rule;
and according to the shell removing program, decrypting the dynamic password construction program and the white box key by using the encryption key.
In an optional embodiment, the processor 61 further comprises:
and loading a random keyboard technology, a screen capture prevention technology, a debugging prevention technology and/or a memory dump prevention technology in the dynamic password interface.
Further, as shown in fig. 6, the computing device further includes: display components 63 and power components 64. Only some of the components are schematically shown in fig. 6, and the computing device is not meant to include only the components shown in fig. 6.
It should be noted that, for the sake of brevity, the technical details of the embodiments of the computing device described above may be referred to the related descriptions of the computing device in the foregoing system embodiments, and are not described herein again, but should not cause a loss of the scope of the present application.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by a computing device in the foregoing method embodiments when executed.
In addition, a system for implementing a dynamic password may also be provided in yet another exemplary embodiment of the present application, and the system may include a client and a server.
The server side can be set to perform white-box processing on the key seeds used for generating the dynamic passwords so as to generate white-box keys corresponding to the key seeds; generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on the white-box secret key; generating a dynamic password interface program, wherein the dynamic password interface program comprises processing logic for displaying a dynamic password interface; sending the white box key, the dynamic password construction program and the dynamic password interface program to a client;
a client configurable to obtain a white-box key in response to a dynamic password trigger event; according to a dynamic password construction program provided by a server, generating a dynamic password based on a white box key; and displaying the dynamic password in the dynamic password interface according to a dynamic password interface program provided by the server.
It should be understood that, in the embodiment, reference may be made to the related technical logic of the server and the client in the foregoing method embodiment, and for brevity, detailed description is not repeated here, but this should not cause a loss of the protection scope of the present application.
The memory of fig. 5-6, described above, is used to store computer programs and may be configured to store various other data to support operations on the computing platform. Examples of such data include instructions for any application or method operating on the computing platform, contact data, phonebook data, messages, pictures, videos, and so forth. The memory may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The communication components of fig. 5-6 described above are configured to facilitate wired or wireless communication between the device in which the communication component is located and other devices. The device where the communication component is located can access a wireless network based on a communication standard, such as WiFi, a mobile communication network such as 2G, 3G, 4G/LTE, 5G, or the like, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
The display assembly of fig. 5-6 described above includes a screen, which may include a liquid crystal display assembly (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The power supply components of fig. 5-6 described above provide power to the various components of the device in which the power supply components are located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, or an embodiment combining hardware and software aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises that element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (12)

1. A method for implementing a dynamic password, comprising:
white-box processing is carried out on a key seed used for generating a dynamic password so as to generate a white-box key corresponding to the key seed;
generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on the white-box secret key;
generating a dynamic password interface program, wherein the dynamic password interface program comprises processing logic for displaying a dynamic password interface;
and sending the white box key, the dynamic password construction program and the dynamic password interface program to a client so that the client can realize a dynamic password according to the white box key, the dynamic password construction program and the dynamic password interface program.
2. The method of claim 1, wherein sending the white-box key and the dynamic password builder to a client comprises:
acquiring a user identity verification code corresponding to the client;
generating an encryption key based on the user identity verification code;
encrypting the white-box key and the dynamic password builder using the encryption key;
generating a shell-removing program, wherein the shell-removing program comprises a processing logic for decrypting the encrypted white-box key and the dynamic password construction program;
and sending the shell removing program, the encrypted white box key and the encrypted dynamic password construction program to the client.
3. The method of claim 2, wherein generating an encryption key based on the user authentication code comprises:
acquiring a random code, wherein the random code is a randomly generated character string;
based on the user identity verification code and the random code, generating shell-breaking data with specified byte number by adopting an SM3 algorithm;
selecting a specified byte in the unpacking data as the encryption key;
and carrying the random code in the shell removing program.
4. The method according to claim 1, wherein white-box processing the key seed used for generating the dynamic password to generate the white-box key corresponding to the key seed comprises:
generating an encryption table and a decryption table according to the key seed;
and generating a lookup table as a white-box key corresponding to the key seed based on the encryption table and the decryption table.
5. The method of claim 1, wherein sending the white-box key, the dynamic password builder, and the dynamic password interface to a client comprises:
packing the white box key, the dynamic password construction program and the dynamic password interface program into an executable file;
and sending the executable file to the client based on a safety channel specified by a user.
6. A method for implementing a dynamic password, comprising:
responding to a dynamic password triggering event, and acquiring a white-box secret key, wherein the white-box secret key is generated by white-box processing of a secret key seed used for generating the dynamic password;
generating a dynamic password based on the white box key according to a preset dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating the dynamic password based on the white box key;
and displaying the dynamic password in a dynamic password interface according to a preset dynamic password interface program.
7. The method according to claim 6, wherein the generating a dynamic password based on the white-box key according to a preset dynamic password construction program comprises:
splitting input data into a plurality of data blocks by using a first group in a dynamic password construction program;
based on the white-box key, obtaining corresponding search results of the plurality of data blocks in a search table;
performing XOR operation on the search results corresponding to the plurality of data blocks to generate an output result of the first group;
taking the output result of the first packet as the input data of the next packet;
continuing to take the output result of the previous packet as the input data of the next packet in sequence until the output result of the last packet is generated; calculating the dynamic password according to the output result of the last grouping and the specified digit of the dynamic password;
wherein processing logic within a plurality of packets contained in the dynamic password builder is consistent.
8. The method according to claim 6, wherein the dynamic password builder and the white-box key are in an encrypted state, and further comprising, before generating a dynamic password based on the white-box key according to a preset dynamic password builder:
collecting a user identity authentication code input by a user in the dynamic password interface;
acquiring a random code corresponding to the user verification code from a preset shell removing program;
generating an encryption key based on the user identity verification code and the random code according to a predetermined key generation rule;
and according to the shell removing program, decrypting the dynamic password construction program and the white box key by using the encryption key.
9. The method of claim 8, further comprising:
and loading a random keyboard technology, a screen capture prevention technology, a debugging prevention technology and/or a memory dump prevention technology in the dynamic password interface.
10. A computing device comprising a memory, a processor, and a communications component;
the memory is to store one or more computer instructions;
the processor, coupled with the memory and the communication component, to execute the one or more computer instructions to:
white-box processing is carried out on a key seed used for generating a dynamic password so as to generate a white-box key corresponding to the key seed;
generating a dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating a dynamic password based on the white-box secret key;
generating a dynamic password interface program, wherein the dynamic password interface program comprises processing logic for displaying a dynamic password interface;
and sending the white box key, the dynamic password construction program and the dynamic password interface program to a client so that the client can realize a dynamic password according to the white box key, the dynamic password construction program and the dynamic password interface program.
11. A computing device comprising a memory, a processor, and a communications component;
the memory is to store one or more computer instructions;
the processor, coupled with the memory and the communication component, to execute the one or more computer instructions to:
responding to a dynamic password triggering event, and acquiring a white-box secret key, wherein the white-box secret key is generated by white-box processing of a secret key seed used for generating the dynamic password;
generating a dynamic password based on the white box key according to a preset dynamic password construction program, wherein the dynamic password construction program comprises processing logic for generating the dynamic password based on the white box key;
and displaying the dynamic password in the dynamic password interface according to a preset dynamic password interface program.
12. A computer-readable storage medium storing computer instructions, which when executed by one or more processors, cause the one or more processors to perform a method of implementing a dynamic password as recited in any of claims 1-9.
CN202211358797.3A 2022-11-01 2022-11-01 Method, equipment and storage medium for realizing dynamic password Pending CN115801271A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211358797.3A CN115801271A (en) 2022-11-01 2022-11-01 Method, equipment and storage medium for realizing dynamic password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211358797.3A CN115801271A (en) 2022-11-01 2022-11-01 Method, equipment and storage medium for realizing dynamic password

Publications (1)

Publication Number Publication Date
CN115801271A true CN115801271A (en) 2023-03-14

Family

ID=85434906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211358797.3A Pending CN115801271A (en) 2022-11-01 2022-11-01 Method, equipment and storage medium for realizing dynamic password

Country Status (1)

Country Link
CN (1) CN115801271A (en)

Similar Documents

Publication Publication Date Title
US10904231B2 (en) Encryption using multi-level encryption key derivation
CN100487715C (en) Date safety storing system, device and method
CN110637301B (en) Reducing disclosure of sensitive data in virtual machines
CN105812332A (en) Data protection method
CN105450620A (en) Information processing method and device
CN105577379A (en) Information processing method and apparatus thereof
CN101997834A (en) Device for supporting high-performance safety protocol
CN110661748B (en) Log encryption method, log decryption method and log encryption device
CN110061968A (en) A kind of file encryption-decryption method based on block chain, system and storage medium
CN111385084A (en) Key management method and device for digital assets and computer readable storage medium
CN111191195A (en) Method and device for protecting APK
CN107196907A (en) A kind of guard method of Android SO files and device
CN108111622A (en) A kind of method, apparatus and system for downloading whitepack library file
US10572635B2 (en) Automatic correction of cryptographic application program interfaces
CN102726028A (en) Encryption method, decryption method, and corresponding device and system
CN108134673A (en) A kind of method and device for generating whitepack library file
CN109687966A (en) Encryption method and its system
CN103853943A (en) Program protection method and device
CN109981551A (en) A kind of data transmission system based on block chain, method and relevant device
CN113794706A (en) Data processing method and device, electronic equipment and readable storage medium
CN104182691B (en) data encryption method and device
CN116455572B (en) Data encryption method, device and equipment
CN112199730A (en) Method and device for processing application data on terminal and electronic equipment
CN104504309A (en) Data encryption method and terminal for application program
CN115883078A (en) File encryption method, file decryption method, file encryption device, file decryption equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination