CN116055172A - Equipment authentication method, system, electronic equipment and storage medium - Google Patents

Equipment authentication method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN116055172A
CN116055172A CN202310036933.5A CN202310036933A CN116055172A CN 116055172 A CN116055172 A CN 116055172A CN 202310036933 A CN202310036933 A CN 202310036933A CN 116055172 A CN116055172 A CN 116055172A
Authority
CN
China
Prior art keywords
target
server
dynamic token
timestamp
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310036933.5A
Other languages
Chinese (zh)
Inventor
朱梁
刘宇豪
张志广
喻俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan MgtvCom Interactive Entertainment Media Co Ltd
Original Assignee
Hunan MgtvCom Interactive Entertainment Media Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan MgtvCom Interactive Entertainment Media Co Ltd filed Critical Hunan MgtvCom Interactive Entertainment Media Co Ltd
Priority to CN202310036933.5A priority Critical patent/CN116055172A/en
Publication of CN116055172A publication Critical patent/CN116055172A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a device authentication method, a system, electronic equipment and a storage medium, when a client detects a target APP initialization client sdk, parameter information is sent to a server, the server receives the parameter information, generates a key according to a device identifier and an encryption salt value, and sends the target parameter information generated according to a first timestamp and a time slice to the client; when the client receives the target parameter information, calculating clock deviation according to the first time stamp and the second time stamp, and sending a dynamic token generated according to the second time stamp, the clock deviation, the time slice and a key pre-agreed with the server to the server; when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, and sending corresponding authentication passing information to a server corresponding to the target APP.

Description

Equipment authentication method, system, electronic equipment and storage medium
Technical Field
The present invention relates to the field of cryptography, and in particular, to a device authentication method, system, electronic device, and storage medium.
Background
Application (APP) offered by the e-commerce industry often holds activities such as drawing a new and voting; the client can participate in the activity by installing the APP so as to access the corresponding server, and the server can check the legitimacy of the accessed client in order to ensure that the participating devices are legal.
In the conventional verification method of the validity of the device, generally, after a client encrypts and signs corresponding device information to obtain corresponding encrypted information, a server decrypts and signs the encrypted information to verify whether the client is legal or not, and under the condition of determining that the client is legal, an access request sent by the client is received. Although the validity of a single device (client) is guaranteed, the third party service behavior cannot be guaranteed to occur on the device (client), that is, the device (client) cannot be guaranteed to operate in a real environment, for example, an illegal user simulates the device (client) to send a corresponding access request to a server through virtual software, and thus the phenomenon that the user uses a single legal device to create a large number of accounts for wool-coating easily occurs.
Disclosure of Invention
In view of the above, the invention provides a device authentication method, a system, an electronic device and a storage medium, so as to ensure that the device operates in a real environment on the premise of ensuring the validity of the device, and avoid that a user uses a single legal device to create a large number of accounts to perform weeding.
The first aspect of the invention discloses a device authentication method, which comprises the following steps:
when detecting a target APP initializing client sdk, the client sends parameter information to a server, wherein the parameter information at least comprises a device identifier;
when the server receives the parameter information, generating a key according to the equipment identifier and the encrypted salt value, and sending the generated target parameter information to the client according to a first timestamp and a time slice; the first timestamp is a local timestamp of the server;
when the client receives the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key pre-agreed with the server, and sending the dynamic token to the server; wherein, the preset secret key and the secret key of the server are the same; the second timestamp is a local timestamp of the client;
when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key;
and if the target dynamic token consistent with the dynamic token exists at the server side, determining that the client authentication passes, and sending corresponding authentication passing information to a server side corresponding to the target APP.
Optionally, when the server receives the parameter information, generating a key according to the device identifier and the encrypted salt value, and sending the generated target parameter information to the client according to the first timestamp and the time slice, where the method includes:
when the server receives the parameter information, a first timestamp and a time slice are synchronized Zhong Huoqu from time, and a target equipment identifier is intercepted from the equipment identifier;
the server generates a secret key according to the target equipment identifier and the encrypted salt value;
and the server generates target parameter information according to the first timestamp and the time slice, and sends the target parameter information to the client.
Optionally, when the client receives the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key predetermined in advance with the server, and sending the dynamic token to the server, where the method includes:
when the client receives the target parameter information, synchronizing Zhong Huoqu a second timestamp from the time, and calculating clock deviation according to the first timestamp and the second timestamp; wherein the target parameter information includes the first timestamp and the first time slice;
the client generates a calibration time according to the second timestamp, the first clock deviation and the time slice; wherein the calibration time is the same as the target calibration time;
the client processes the calibration time and a key preset with the server by utilizing a hash algorithm to obtain a corresponding first hash value, processes the first hash value by utilizing an HMAC-sha1 algorithm to generate a corresponding dynamic token, and sends the dynamic token to the server.
Optionally, when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the key, including:
when the server receives the dynamic token, determining target calibration time according to the first timestamp, adding a preset value to the target calibration time to obtain first calibration time, and subtracting the preset data from the target calibration time to obtain second calibration time;
the server side processes the target calibration time and the secret key by using a hash algorithm to obtain a second hash value, and processes the second hash value by using an HMAC-sha1 algorithm to generate a first target dynamic token; processing the first calibration time and the secret key by using a hash algorithm to obtain a third hash value, and processing the third hash value by using an HMAC-sha1 algorithm to generate a second target dynamic token; and processing the second calibration time and the secret key by using a hash algorithm to obtain a fourth hash value, and processing the fourth hash value by using an HMAC-sha1 algorithm to generate a third target dynamic token.
Optionally, the server side judges whether a target dynamic token consistent with the dynamic token exists in the at least one target dynamic token; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, and sending corresponding authentication passing information to a service side corresponding to the target APP, wherein the method comprises the following steps:
the server judges whether the dynamic token is consistent with the first target dynamic token, the second target dynamic token or the third target dynamic token;
and if the dynamic token is consistent with the first target dynamic token, or is consistent with the second target dynamic token, or is consistent with the third target dynamic token, the server determines that the client authentication passes, and sends corresponding authentication passing information to a server corresponding to the target APP.
The second aspect of the invention discloses a device authentication system, which comprises a client and a server;
the client is configured to send parameter information to the server when detecting that the target APP initializes the client sdk, where the parameter information includes at least a device identifier; when the target parameter information is received, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key pre-agreed with the server, and sending the dynamic token to the server; wherein, the preset secret key and the secret key of the server are the same; the second timestamp is a local timestamp of the client;
the server side is used for generating a secret key according to the equipment identifier and the encryption salt value when receiving the parameter information, and sending the generated target parameter information to the client side according to the first timestamp and the time slice; the first timestamp is a local timestamp of the server; generating at least one target dynamic token according to the first timestamp, the time slice and the secret key when the dynamic token is received; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, sending corresponding authentication passing information to a server corresponding to the target APP, and allowing the client to access the server.
Optionally, when the parameter information is received, a key is generated according to the device identifier and the encrypted salt value, and the generated target parameter information is sent to the server of the client according to the key, the first timestamp and the time slice, where the method is specifically used for:
when the parameter information is received, synchronizing Zhong Huoqu a first time stamp and a time slice from time, and intercepting a target equipment identifier from the equipment identifier; generating a key according to the target equipment identifier and the encrypted salt value; and generating target parameter information according to the first timestamp and the time slice, and sending the target parameter information to the client.
Optionally, when the target parameter information is received, calculating a clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key preset with the server, and sending the dynamic token to the client of the server, where the method is specifically used for:
a second time stamp from the time sync Zhong Huoqu when the target parameter information is received, and calculating a clock bias according to the first time stamp and the second time stamp; wherein the target parameter information includes the first timestamp and the first time slice; generating a calibration time according to the second timestamp, the clock bias and the time slice; and processing the calibration time and a key preset with the server by utilizing a hash algorithm to obtain a corresponding first hash value, processing the first hash value by utilizing an HMAC-sha1 algorithm to generate a corresponding dynamic token, and transmitting the dynamic token to the server.
An electronic device disclosed in a third aspect of the present invention includes: the device comprises a processor and a memory, wherein the processor and the memory are connected through a communication bus; the processor is used for calling and executing the program stored in the memory; the memory is configured to store a program for implementing the device authentication method disclosed in the first aspect of the present invention.
The fourth aspect of the present invention discloses a computer-readable storage medium having stored therein computer-executable instructions for performing the device authentication method as disclosed in the first aspect of the present invention described above.
The invention provides a device authentication method, a system, electronic equipment and a storage medium, wherein when a client detects a target APP initialization client sdk, parameter information is sent to a server, and the parameter information at least comprises a device identifier; when the server receives the parameter information, generating a key according to the equipment identifier and the encrypted salt value, and sending the generated target parameter information to the client according to the first time stamp and the time slice; when the client receives the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the first timestamp, the clock deviation, the time slice and a key preset with the server, and sending the dynamic token to the server; when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key; if the target dynamic token consistent with the dynamic token exists at the server side, the client authentication passing is determined, and corresponding authentication passing information is sent to the server side corresponding to the target APP. According to the technical scheme provided by the invention, the dynamic tokens with uniqueness and timeliness are respectively generated through the client and the server, and the dynamic tokens generated by the client and the server are compared, so that illegal users are prevented from accessing the server by simulating the equipment (client) through virtual software, the equipment (client) can be effectively ensured to operate in a real environment, and the situation that the user uses a single legal equipment to create a large number of accounts for weeding is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a device authentication method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an apparatus authentication system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.
It should be noted that the terms "first," "second," and the like in this disclosure are merely used for distinguishing between different devices, modules, or units and not for limiting the order or interdependence of the functions performed by these devices, modules, or units.
It should be noted that references to "one" or "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be interpreted as "one or more" unless the context clearly indicates otherwise.
Referring to fig. 1, a flow chart of an apparatus authentication method provided by an embodiment of the present invention is shown, where the apparatus authentication method is applied to an apparatus authentication system, the apparatus authentication system includes a client and a server, and the apparatus authentication method specifically includes the following steps:
s101: when detecting the target APP initializing client sdk, the client sends parameter information to the server.
In the embodiment of the application, the target APP can be installed in the client in advance, and when the user wants to participate in the marketing activities lifted in the target APP by the server, the user can participate through the target APP installed in the client. Wherein the target APP comprises sdk.
In the specific execution of the process of step S101, the client may detect in real time whether the target APP initializes the client sdk; when the client detects the target APP initialization client sdk, sdk can be called to establish connection with the corresponding server of the target APP; after the client establishes connection with the server, the client acquires the device di and the APP id of the target APP, and transmits parameter information generated according to the device di and the APP id to the server. Wherein, the device did is the device identifier of the client.
It should be noted that, the client may subscribe to a key corresponding to the server, and the pre-subscribed key may be generated by: the client cuts out a part of equipment identifiers from the equipment identifiers to serve as target equipment identifiers, splices the target equipment identifiers and the encrypted salt values, and encrypts the spliced target equipment identifiers and the spliced encrypted salt values to obtain corresponding keys.
S102: and when the server receives the parameter information, generating a key according to the equipment identifier and the encrypted salt value.
In the specific execution of step S102, when the server receives the parameter information sent by the client, the server may synchronize Zhong Huoqu the first timestamp and the time slice, and cut a part of the device identifier from the device identifier received in the parameter information as the target device identifier; and generating a corresponding key according to the target equipment identification and the encrypted salt value.
Wherein the first timestamp is a current timestamp of the server.
It should be noted that, a part of the device identifier intercepted by the server from the device identifier is the same as a part of the device identifier intercepted by the client from the device identifier, that is, the corresponding key generated by the server according to the target device identifier and the encrypted salt value is the same as the key pre-agreed by the client and the server.
In the embodiment of the application, the target equipment identifier and the encrypted salt value can be spliced, and the spliced target equipment identifier and encrypted salt value are encrypted to obtain the corresponding key.
S103: and the server side sends the generated target parameter information to the client side according to the first time stamp and the time slice.
In the specific execution of step S103, the server may generate corresponding target parameter information according to the first timestamp, the time slice and the key, and send the generated target parameter information to the client.
S104: and when the client receives the target parameter information, calculating clock deviation according to the first time stamp and the second time stamp.
In the specific execution of step S104, when the client receives the target parameter information sent by the server, the client synchronizes Zhong Huoqu the second timestamp from time, and calculates the corresponding time deviation according to the first timestamp and the second timestamp in the target parameter information.
It should be noted that the second timestamp is a current local timestamp of the client.
S105: and the client generates a dynamic token according to the second timestamp, the clock deviation, the time slice and the secret key agreed in advance with the server, and sends the dynamic token to the server.
In the embodiment of the application, after calculating the time deviation, the client may generate the calibration time according to the calculated time deviation, the second timestamp and the time slice in the target parameter information; and finally, processing the calibration time and a key pre-agreed with the server by utilizing a hash algorithm to obtain a corresponding first hash value, processing the first hash value by utilizing an HMAC-sha1 algorithm to generate a corresponding dynamic token, and transmitting the dynamic token to the server.
It should be noted that, the method for processing the calibration time and the key preset with the server by using the hash algorithm to obtain the corresponding first hash value, and processing the first hash value by using the HMAC-sha1 algorithm to generate the corresponding dynamic token may be: code=hotp (K, T) =trunk (hash algorithm (K, T)); the code is a dynamic token, K is a key preset by the client and the server, and T is calibration time.
It should also be noted that the dynamic token may be a 6bit dynamic token number.
In some embodiments, the client may subtract the second timestamp from the first timestamp to obtain the time offset; and subtracting the time deviation from the second time stamp to obtain a corresponding difference value, and dividing the difference value by a time slice to obtain the calibration time.
S106: and when the server receives the dynamic token, generating at least one target dynamic token according to the first time stamp, the time slice and the secret key.
In the process of specifically executing step S106, when the server receives the dynamic token sent by the client, the server may determine the target calibration time based on the first timestamp through the clock synchronization clock. The target calibration time is the same as the calibration time of the client side.
After the server side obtains the target calibration time, the target calibration time can be added with a preset value to obtain a first calibration time, and the target calibration time is subtracted with preset data to obtain a second calibration time; finally, the target calibration time and the secret key are processed by utilizing a hash algorithm to obtain a second hash value, and the second hash value is processed by utilizing an HMAC-sha1 algorithm to generate a first target dynamic token; processing the first calibration time and the secret key by using a hash algorithm to obtain a third hash value, and processing the third hash value by using an HMAC-sha1 algorithm to generate a second target dynamic token; and processing the second calibration time and the secret key by using a hash algorithm to obtain a fourth hash value, and processing the fourth hash value by using an HMAC-sha1 algorithm to generate a third target dynamic token.
It should be noted that, the preset value may be 1, and may be set according to practical applications, which is not limited in the embodiments of the present application. The method for generating the corresponding at least one target dynamic token according to the target calibration time and the secret key in the target parameter information can be as follows: code 1=hotp (K, T) =trunk (hash algorithm (K, T1)), where code1 is the second target dynamic token, K is the key, T1 is the target calibration time; code 2=hotp (K, T1-1) =trunk (hash algorithm (K, T1-1)), where code2 is the third target dynamic token, K is the key, and T1-1 is the first calibration time; code 3=hotp (K, t1+1) =trunk (hash algorithm (K, t1+1)), where code3 is the fourth target dynamic token, K is the key, and t1+1 is the second calibration time.
S107: if the target dynamic token consistent with the dynamic token exists at the server side, the client authentication passing is determined, and corresponding authentication passing information is sent to the server side corresponding to the target APP.
In the specific execution process of step S107, after generating at least one target dynamic token according to the first timestamp, the time slice and the secret key, the server may determine whether there is a target dynamic token consistent with the dynamic token in the at least one target dynamic token; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, sending corresponding authentication passing information to a server corresponding to the target APP, and allowing the client to access the server.
If at least one target dynamic token does not exist, the client authentication is considered to be failed, namely the client is considered to be illegal, corresponding authentication failure information is sent to a server corresponding to the target APP, and the client is forbidden to access the server, so that illegal users can be prevented from simulating the equipment (the client) to access the server through virtual software, and the situation that the users use a single legal equipment to create a large number of accounts for performing data-line printing is avoided.
As a preferred mode of the embodiment of the present application, the at least one target dynamic token includes a first target dynamic token, a second target dynamic token, and a third target dynamic token; the server side judges whether the dynamic token is consistent with the first target dynamic token, or is consistent with the second target dynamic token, or is consistent with the third target dynamic token.
If the dynamic token is consistent with the first target dynamic token, or is consistent with the second target dynamic token, or is consistent with the third target dynamic token, the server determines that the client authentication passes, and sends corresponding authentication passing information to the server corresponding to the target APP.
If the dynamic token is inconsistent with the first target dynamic token, inconsistent with the second target dynamic token and inconsistent with the third target dynamic token, and the server determines that the client authentication is not passed, corresponding authentication non-passing information is sent to the server corresponding to the target APP, so that an illegal user can be prevented from accessing the server by simulating the equipment (the client) through virtual software, and the situation that the user uses a single legal equipment to create a large number of accounts for weeding is avoided.
The invention provides a device authentication method, when a client detects a target APP initialization client sdk, parameter information is sent to a server, wherein the parameter information at least comprises a device identifier; when the server receives the parameter information, generating a key according to the equipment identifier and the encrypted salt value, and sending the generated target parameter information to the client according to the first time stamp and the time slice; when the client receives the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the first timestamp, the clock deviation, the time slice and a key preset with the server, and sending the dynamic token to the server; when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key; if the target dynamic token consistent with the dynamic token exists at the server side, the client authentication passing is determined, and corresponding authentication passing information is sent to the server side corresponding to the target APP. According to the technical scheme provided by the invention, the dynamic tokens with uniqueness and timeliness are respectively generated through the client and the server, and the dynamic tokens generated by the client and the server are compared, so that illegal users are prevented from accessing the server by simulating the equipment (client) through virtual software, the equipment (client) can be effectively ensured to operate in a real environment, and the situation that the user uses a single legal equipment to create a large number of accounts for weeding is avoided.
Based on the device authentication method disclosed in the embodiment of the present invention, the embodiment of the present invention also correspondingly discloses a device authentication system, as shown in fig. 2, where the device authentication system includes a client and a server, and the device authentication system includes:
the client is used for sending parameter information to the server when the target APP is detected to initialize the client sdk, wherein the parameter information at least comprises a device identifier; when receiving the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key pre-agreed with the server, and sending the dynamic token to the server; wherein, the key and the key which are preset by the server are the same; the second timestamp is a local timestamp of the client;
the server side is used for generating a secret key according to the equipment identifier and the encryption salt value when the parameter information is received, and sending the generated target parameter information to the client side according to the first time stamp and the time slice; the first timestamp is a local timestamp of the server; when a dynamic token is received, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, and sending corresponding authentication passing information to a server corresponding to the target APP.
The invention provides a device authentication system, wherein when a client detects a target APP initialization client sdk, the client sends parameter information to a server, wherein the parameter information at least comprises a device identifier; when the server receives the parameter information, generating a key according to the equipment identifier and the encrypted salt value, and sending the generated target parameter information to the client according to the first time stamp and the time slice; when the client receives the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the first timestamp, the clock deviation, the time slice and a key preset with the server, and sending the dynamic token to the server; when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key; if the target dynamic token consistent with the dynamic token exists at the server side, the client authentication passing is determined, and corresponding authentication passing information is sent to the server side corresponding to the target APP. According to the technical scheme provided by the invention, the dynamic tokens with uniqueness and timeliness are respectively generated through the client and the server, and the dynamic tokens generated by the client and the server are compared, so that illegal users are prevented from accessing the server by simulating the equipment (client) through virtual software, the equipment (client) can be effectively ensured to operate in a real environment, and the situation that the user uses a single legal equipment to create a large number of accounts for weeding is avoided.
Optionally, when the parameter information is received, a key is generated according to the device identifier and the encrypted salt value, and the generated target parameter information is sent to the server of the client according to the first timestamp and the time slice, which is specifically used for:
when the parameter information is received, a first time stamp and a time slice are synchronized Zhong Huoqu from time, and a target device identifier is intercepted from the device identifier; generating a key according to the target equipment identification and the encrypted salt value; and generating target parameter information according to the first time stamp and the time slice, and sending the target parameter information to the client.
Optionally, when the target parameter information is received, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key preset with the server, and sending the dynamic token to the client of the server, wherein the method is specifically used for:
when the target parameter information is received, synchronizing Zhong Huoqu the second time stamp from time, and calculating clock deviation according to the first time stamp and the second time stamp; the target parameter information comprises a first timestamp and a first time slice; generating a calibration time according to the second time stamp, the clock bias and the time slice; and processing the calibration time and a key preset with the server by utilizing a hash algorithm to obtain a corresponding first hash value, processing the first hash value by utilizing an HMAC-sha1 algorithm to generate a corresponding dynamic token, and transmitting the dynamic token to the server.
Optionally, when the dynamic token is received, generating at least one server side of the target dynamic token according to the first timestamp, the time slice and the secret key, which is specifically configured to:
when a dynamic token is received, determining target calibration time according to the first timestamp; adding a preset value to the target calibration time to obtain a first calibration time, and subtracting preset data from the target calibration time to obtain a second calibration time; processing the target calibration time and the secret key by using a hash algorithm to obtain a second hash value, and processing the second hash value by using an HMAC-sha1 algorithm to generate a first target dynamic token; processing the first calibration time and the secret key by using a hash algorithm to obtain a third hash value, and processing the third hash value by using an HMAC-sha1 algorithm to generate a second target dynamic token; and processing the second calibration time and the secret key by using a hash algorithm to obtain a fourth hash value, and processing the fourth hash value by using an HMAC-sha1 algorithm to generate a third target dynamic token.
Optionally, if there is a target dynamic token consistent with the dynamic token, determining that the client authentication passes, sending corresponding authentication passing information to a server corresponding to the target APP, and allowing the client to access the server, which is specifically configured to:
judging whether the dynamic token is consistent with the first target dynamic token or the second target dynamic token or the third target dynamic token; if the dynamic token is consistent with the first target dynamic token, or is consistent with the second target dynamic token, or is consistent with the third target dynamic token, determining that the client authentication passes, sending corresponding authentication passing information to a server corresponding to the target APP, and allowing the client to access the server.
An embodiment of the present application provides an electronic device, as shown in fig. 3, where the electronic device includes a processor 301 and a memory 302, where the memory 302 is used for program codes and data for device authentication, and the processor 301 is used to invoke program instructions in the memory to execute steps for implementing the device authentication method in the foregoing embodiment.
The embodiment of the application provides a storage medium, which comprises a storage program, wherein when the program runs, a device where the storage medium is located is controlled to execute the device authentication method shown in the embodiment.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims (10)

1. A method of device authentication, the method comprising:
when detecting a target APP initializing client sdk, the client sends parameter information to a server, wherein the parameter information at least comprises a device identifier;
when the server receives the parameter information, generating a key according to the equipment identifier and the encrypted salt value, and sending the generated target parameter information to the client according to a first timestamp and a time slice; the first timestamp is a local timestamp of the server;
when the client receives the target parameter information, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key pre-agreed with the server, and sending the dynamic token to the server; wherein, the preset secret key and the secret key of the server are the same; the second timestamp is a local timestamp of the client;
when the server receives the dynamic token, generating at least one target dynamic token according to the first timestamp, the time slice and the secret key;
and if the target dynamic token consistent with the dynamic token exists at the server side, determining that the client authentication passes, and sending corresponding authentication passing information to a server side corresponding to the target APP.
2. The method of claim 1, wherein when the server receives the parameter information, generating a key according to the device identifier and the encrypted salt value, and transmitting the generated target parameter information to the client according to the first timestamp and the time slice, comprising:
when the server receives the parameter information, a first timestamp and a time slice are synchronized Zhong Huoqu from time, and a target equipment identifier is intercepted from the equipment identifier;
the server generates a secret key according to the target equipment identifier and the encrypted salt value;
and the server generates target parameter information according to the first timestamp and the time slice, and sends the target parameter information to the client.
3. The method according to claim 2, wherein when the client receives the target parameter information, calculating a clock bias according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock bias, the time slice and a key predetermined in advance with the server, and transmitting the dynamic token to the server, comprising:
when the client receives the target parameter information, synchronizing Zhong Huoqu a second timestamp from the time, and calculating clock deviation according to the first timestamp and the second timestamp; wherein the target parameter information includes the first timestamp and the first time slice;
the client generates a calibration time according to the second timestamp, the first clock deviation and the time slice; wherein the calibration time is the same as the target calibration time;
the client processes the calibration time and a key preset with the server by utilizing a hash algorithm to obtain a corresponding first hash value, processes the first hash value by utilizing an HMAC-sha1 algorithm to generate a corresponding dynamic token, and sends the dynamic token to the server.
4. The method of claim 2, wherein upon receipt of the dynamic token by the server, generating at least one target dynamic token from the first timestamp, the time slice, and the key comprises:
when the server receives the dynamic token, determining target calibration time according to the first timestamp, adding a preset value to the target calibration time to obtain first calibration time, and subtracting the preset data from the target calibration time to obtain second calibration time;
the server side processes the target calibration time and the secret key by using a hash algorithm to obtain a second hash value, and processes the second hash value by using an HMAC-sha1 algorithm to generate a first target dynamic token; processing the first calibration time and the secret key by using a hash algorithm to obtain a third hash value, and processing the third hash value by using an HMAC-sha1 algorithm to generate a second target dynamic token; and processing the second calibration time and the secret key by using a hash algorithm to obtain a fourth hash value, and processing the fourth hash value by using an HMAC-sha1 algorithm to generate a third target dynamic token.
5. The method of claim 4, wherein the server determines whether a target dynamic token consistent with the dynamic token exists in the at least one target dynamic token; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, and sending corresponding authentication passing information to a service side corresponding to the target APP, wherein the method comprises the following steps:
the server judges whether the dynamic token is consistent with the first target dynamic token, the second target dynamic token or the third target dynamic token;
and if the dynamic token is consistent with the first target dynamic token, or is consistent with the second target dynamic token, or is consistent with the third target dynamic token, the server determines that the client authentication passes, and sends corresponding authentication passing information to a server corresponding to the target APP.
6. The equipment authentication system is characterized by comprising a client and a server;
the client is configured to send parameter information to the server when detecting that the target APP initializes the client sdk, where the parameter information includes at least a device identifier; when the target parameter information is received, calculating clock deviation according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock deviation, the time slice and a key pre-agreed with the server, and sending the dynamic token to the server; wherein, the preset secret key and the secret key of the server are the same; the second timestamp is a local timestamp of the client;
the server side is used for generating a secret key according to the equipment identifier and the encryption salt value when receiving the parameter information, and sending the generated target parameter information to the client side according to the first timestamp and the time slice; the first timestamp is a local timestamp of the server; generating at least one target dynamic token according to the first timestamp, the time slice and the secret key when the dynamic token is received; if a target dynamic token consistent with the dynamic token exists, determining that the client authentication passes, sending corresponding authentication passing information to a server corresponding to the target APP, and allowing the client to access the server.
7. The system of claim 6, wherein upon receiving the parameter information, generating a key according to the device identifier and the encrypted salt value, and transmitting the generated target parameter information to the server of the client according to the key, the first timestamp and the time slice, specifically for:
when the parameter information is received, synchronizing Zhong Huoqu a first time stamp and a time slice from time, and intercepting a target equipment identifier from the equipment identifier; generating a key according to the target equipment identifier and the encrypted salt value; and generating target parameter information according to the first timestamp and the time slice, and sending the target parameter information to the client.
8. The system of claim 7, wherein upon receiving the target parameter information, calculating a clock bias according to the first timestamp and the second timestamp, generating a dynamic token according to the second timestamp, the clock bias, the time slice, and a key predetermined in advance with the server, and transmitting the dynamic token to the client of the server, wherein the method is specifically used for:
a second time stamp from the time sync Zhong Huoqu when the target parameter information is received, and calculating a clock bias according to the first time stamp and the second time stamp; wherein the target parameter information includes the first timestamp and the first time slice; generating a calibration time according to the second timestamp, the clock bias and the time slice; and processing the calibration time and a key preset with the server by utilizing a hash algorithm to obtain a corresponding first hash value, processing the first hash value by utilizing an HMAC-sha1 algorithm to generate a corresponding dynamic token, and transmitting the dynamic token to the server.
9. An electronic device, comprising: the device comprises a processor and a memory, wherein the processor and the memory are connected through a communication bus; the processor is used for calling and executing the program stored in the memory; the memory for storing a program for implementing the device authentication method according to any one of claims 1 to 5.
10. A computer-readable storage medium having stored therein computer-executable instructions for performing the device authentication method of any one of claims 1-5.
CN202310036933.5A 2023-01-10 2023-01-10 Equipment authentication method, system, electronic equipment and storage medium Pending CN116055172A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310036933.5A CN116055172A (en) 2023-01-10 2023-01-10 Equipment authentication method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310036933.5A CN116055172A (en) 2023-01-10 2023-01-10 Equipment authentication method, system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116055172A true CN116055172A (en) 2023-05-02

Family

ID=86123398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310036933.5A Pending CN116055172A (en) 2023-01-10 2023-01-10 Equipment authentication method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116055172A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117527238A (en) * 2024-01-03 2024-02-06 成都新希望金融信息有限公司 Key generation method, device, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117527238A (en) * 2024-01-03 2024-02-06 成都新希望金融信息有限公司 Key generation method, device, electronic equipment and storage medium
CN117527238B (en) * 2024-01-03 2024-03-19 成都新希望金融信息有限公司 Key generation method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111212095B (en) Authentication method, server, client and system for identity information
CN107483509B (en) A kind of auth method, server and readable storage medium storing program for executing
US20170161486A1 (en) Apparatus and method for api authentication using two api tokens
CN114900338B (en) Encryption and decryption method, device, equipment and medium
US20050187966A1 (en) Data communicating apparatus, data communicating method, and program
CN109936552B (en) Key authentication method, server and system
CN107360131B (en) Method, server and system for controlling validity of service request
CN104836784B (en) A kind of information processing method, client and server
CN110662091B (en) Third-party live video access method, storage medium, electronic device and system
CN105516135B (en) Method and device for account login
CN108805571B (en) Data protection method, platform, block chain node, system and storage medium
CN113572728B (en) Method, device, equipment and medium for authenticating Internet of things equipment
CN112968910B (en) Replay attack prevention method and device
CN111130798A (en) Request authentication method and related equipment
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN113051539B (en) Method and device for calling digital certificate
CN116055172A (en) Equipment authentication method, system, electronic equipment and storage medium
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
CN114944921A (en) Login authentication method and device, electronic equipment and storage medium
CN114520726A (en) Processing method and device based on block chain data, processor and electronic equipment
CN116415227A (en) Key updating method, server, client and storage medium
CN112242976B (en) Identity authentication method and device
CN112261103A (en) Node access method and related equipment
JP5768543B2 (en) Electronic signature system, signature server, signer client, electronic signature method, and program
TW201516748A (en) Login system based on servers, login authentication server, and authentication method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination