CN1610290A - Key changing type one time one key cipher system - Google Patents
Key changing type one time one key cipher system Download PDFInfo
- Publication number
- CN1610290A CN1610290A CN 200410087681 CN200410087681A CN1610290A CN 1610290 A CN1610290 A CN 1610290A CN 200410087681 CN200410087681 CN 200410087681 CN 200410087681 A CN200410087681 A CN 200410087681A CN 1610290 A CN1610290 A CN 1610290A
- Authority
- CN
- China
- Prior art keywords
- key
- challenge
- random number
- log
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention is dynamic double factor identity certification technology including challenge-response mechanism and interactive change mechanism, and belongs to the field of network safety technology. The present invention features that on the basis of challenge-response log-in mechanism, the process of altering the challenge number and transforming the cipher keys in both the hardware equipment and the server side to change the cipher key with the challenge number after finishing the log-in. During log-in, the cipher key and the random number generated in the last time are used in the hardware equipment and the server to encipher the challenge number to generate return number and verification number for comparison and successful log-in. After successful log-in, the hardware equipment and the server alter the cipher key and the random number for use in next time. The present invention can avoid illegal log-in completely.
Description
Technical field
The invention belongs to the mutual dynamic identity identification technical field of transformation mechanism dual factors of network security technology challenge response mechanism.Relate to the application key changing type one time one key cipher system, can stop the phenomenon that the network number of the account loses and take place once again.
Background technology
According to the up-to-date report statistics of the CNNIC CNNIC7 month, by in by the end of June, 2003, China netizen quantity has reached 6,800 ten thousand, than increasing by 8,900,000 the end of the year 2002.But it is serious day by day to be accompanied by the flourish network security problem of network technology, virus, wooden horse are walked crosswise on the internet, it is stolen that most of netizens once ran into virtual assets, perhaps because user cipher is provided with simply, figure place is too short or do not change for a long time, is guessed or decode.The product of the with good grounds time change password that has come out, password per minute are all changing, because server and equipment are too strong to the dependence of time, may cause a period of time equipment and server time asynchronous like this, and password will lose efficacy.And can not change battery, make troubles to the user.The undue programmed algorithm that relies on is unsuitable for the heavy many and widely distributed field of user, has also limited the popularization of this series products simultaneously.Also have a series products fully based on the challenge response mode, fix although key does not repeat, need the periodic replacement key, bring constant and risk to the user, equally also be unsuitable for the numerous and widely distributed field of user.
Summary of the invention
The purpose of this invention is to provide a kind of key changing type one time one key cipher system, thoroughly solve network security problem effectively, ensure numerous netizens' number of the account, privacy and virtual assets, and other relate to the field of authentication.
Technical scheme of the present invention is on the basis of original challenge response mode authentication, and the process of before add encrypting the challenge number being carried out conversion and is carried out identical conversion process according to the several keys to hardware device and server end of challenge after login is finished.During login, the key that hardware device and server produce with last login back to encrypt to the result of challenge number and random number 1 conversion, and generate respectively and return number and checking number, and compare, if unanimity can be by identification, normal login.After logining successfully, hardware device and server by utilizing challenge number with key and random number 1,2 with reference to the accompanying drawings the flow process in 2 carry out corresponding conversion, and transformation results is preserved, use when logining next time.Key changes after the login, cracks inefficacy thereby make.
Effect of the present invention and benefit are only electricity consumptions when read-write, computing and storing process are namely logined, electricity consumption when not taking.During each login, key and random number 1 are all different; Key and random number 1 randomly changing after the login, therefore the conversion that can't follow the trail of key makes to crack to become very thorny and nonsensical, thereby has really realized one-time pad, can ensure numerous netizens' number of the account, privacy and virtual assets; The enciphering transformation program can openly be extensive use of, and is more conducive to relate to extensive use in the field of authentication at numerous big or small websites and other.The user also can only visit different web sites with a hardware device.
Description of drawings
Accompanying drawing 1 is that several processes is returned in the transposition encryption generation in hardware device of challenge number, and transposition encryption produces the process flow diagram flow chart of verifying number in server end.
Among the figure: the challenge number obtains returning several processes.At first challenge number and random number 1 is carried out conversion, the result who obtains uses secret key encryption again, generates to return number.Server end also utilizes identical flow process to produce the checking number, is used for and returns number and make comparisons.
Accompanying drawing 2 is to login successfully the process flow diagram that key and random number 1,2 carry out conversion in back hardware device and the server.
Among the figure: after hardware device obtains logining successfully information, at first will challenge number, random number 1 and random number 2 and carry out conversion, and obtain new random number 2.Carry out conversion with key, random number 1 respectively by new random number 2 then, obtain new key and new random number 1, its preservation.At last, send to server with preserving successful information.Server end is also preserved new key and new random number 1,2 through same process after obtaining equipment preservation successful information.
Embodiment
Be described in detail the specific embodiment of the present invention below in conjunction with technical scheme and accompanying drawing.
Earlier by log into thr computer to server application login, server produces a random number then---the challenge number, pass to computer, computer will be challenged number and pass to hardware device among the present invention.Comprise application program, key and random number 1,2 in the hardware device, the application program between each hardware is identical, and key is different with random number 1,2.Challenge is after number passes to equipment, equipment read last login finish after key and the random number 1,2 of preservation, will challenge number and random number 1hash and carry out conversion (or other conversion), purpose is concealed encrypted front plaintext.Transformation results is encrypted with key, output is returned number and is logined again.Log into thr computer is returned this number again and is passed to server, and server end utilizes identical process to produce the checking number simultaneously, make comparisons with the number that returns that log into thr computer transmits, and be validated user if the registrant unanimously just is described, can correctly login the system of entering.
If login successfully, application program is carried out conversion according to random challenge number and 1 pair of random number of random number 2 again, produce new random number 2, recycle new random number 2 key and random number 1 are carried out conversion, produce new key and new random number 1, preserve new key, new random number 1,2, be used for when logining, using next time.Successful information is preserved in output at last.Server end key conversion process is consistent with hardware device.Key and random number 1,2 generation are relevant with the challenge number, so their conversion is at random.Key and random number 1,2 are without data transmission port.Even the cracker obtains program, also can not follow the tracks of limited many groups of continuous challenge numbers at finite time and determine key, two groups of at random transformations of variable with returning to count.
Under traditional challenge response mode, key is different in each equipment, can not change, and again Periodic replacement. Key can change in system of the present invention, and it is complete that this kind change occurs in each login After the one-tenth, as long as this kind change is jointly at hardware device and server. Key and random number Mapping mode is indirectly to be determined by the random challenge number that server produces. Although this random challenge number is sharp Produce with the pseudo random number program, but because the behavior of user's login is at random, therefore, each user steps on The challenge number that obtains during record must be random number. Random number is different, and it is also just different to return number, and key reaches The trend of random number therefore also just can be the same by the decision of challenge number. So it is identical not having two equipment , so just reached the purpose of one-time pad dynamic password. The challenge number carries out with random number 1 before encryption Hash conversion (or other conversion), like this in the situation of algorithm known, also can not be according to the challenge number With key and the random numbers 1 returning number and release to determine. Even twice challenge number is the same, returning of obtaining counted also not Can be the same; Perhaps certain key once is the same, but will change next time. Because at server end also Experience same process, can generate same checking number, make comparisons with the number that returns of passing back, so need not decipher Key just can adopt difficult symmetric key encryption algorithm or the unilateral hash function that cracks like this in the program, Increased the deciphering difficulty.
Claims (1)
1. key changing type one time one key cipher system, it is characterized in that on the basis of original challenge response mode authentication, add the process of before encrypting the challenge number being carried out conversion, with according at random challenge number the key of hardware device and server end is carried out identical conversion process after login is finished, will change after making the key login, thereby can't be cracked.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100876816A CN100561915C (en) | 2004-11-25 | 2004-11-25 | Key changing type one time one key cipher system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100876816A CN100561915C (en) | 2004-11-25 | 2004-11-25 | Key changing type one time one key cipher system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1610290A true CN1610290A (en) | 2005-04-27 |
| CN100561915C CN100561915C (en) | 2009-11-18 |
Family
ID=34766065
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100876816A Expired - Fee Related CN100561915C (en) | 2004-11-25 | 2004-11-25 | Key changing type one time one key cipher system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100561915C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009000175A1 (en) * | 2007-06-28 | 2008-12-31 | Tencent Technology (Shenzhen) Company Limited | A certification method, client end, server and system |
| CN103914636A (en) * | 2013-01-05 | 2014-07-09 | 上海云传数字科技有限公司 | Software encryption method and system and computer device |
| CN106657068A (en) * | 2016-12-23 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Login authorization method and device, login method and device |
| CN110505182A (en) * | 2018-05-18 | 2019-11-26 | 惠州众创动力科技有限公司 | A kind of audio frequency control door lock method for unlocking being simple and efficient |
-
2004
- 2004-11-25 CN CNB2004100876816A patent/CN100561915C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009000175A1 (en) * | 2007-06-28 | 2008-12-31 | Tencent Technology (Shenzhen) Company Limited | A certification method, client end, server and system |
| CN101075874B (en) * | 2007-06-28 | 2010-06-02 | 腾讯科技(深圳)有限公司 | Certifying method and system |
| US8239679B2 (en) | 2007-06-28 | 2012-08-07 | Tencent Technology (Shenzhen) Company Limited | Authentication method, client, server and system |
| CN103914636A (en) * | 2013-01-05 | 2014-07-09 | 上海云传数字科技有限公司 | Software encryption method and system and computer device |
| CN106657068A (en) * | 2016-12-23 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Login authorization method and device, login method and device |
| CN110505182A (en) * | 2018-05-18 | 2019-11-26 | 惠州众创动力科技有限公司 | A kind of audio frequency control door lock method for unlocking being simple and efficient |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100561915C (en) | 2009-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104184743B (en) | Towards three layers of Verification System and authentication method of cloud computing platform | |
| CN109040067A (en) | A kind of user authentication device and authentication method based on the unclonable technology PUF of physics | |
| CN102006306B (en) | Security authentication method for WEB service | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN104601593B (en) | The method that anti-tracking in network electronic authentication procedures is realized based on challenge mode | |
| CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
| CN103780393B (en) | Virtual-desktop security certification system and method facing multiple security levels | |
| CN105743638B (en) | Method based on B/S architecture system client authorization certifications | |
| CN1921395B (en) | Method for improving security of network software | |
| CN104468615A (en) | Data sharing based file access and permission change control method | |
| CN102075522A (en) | Secure certification and transaction method with combination of digital certificate and one-time password | |
| CN105656862B (en) | Authentication method and device | |
| CN102750496A (en) | Secure access authentication method for removable storage media | |
| CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
| CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
| CN103220141A (en) | Sensitive data protecting method and system based on group key strategy | |
| CN105207776A (en) | Fingerprint authentication method and system | |
| CN106789029A (en) | A kind of auditing system and auditing method and quantum fort machine system based on quantum fort machine | |
| Kim et al. | A design of one-time password mechanism using public key infrastructure | |
| CN1447269A (en) | Certificate authentication system and method based on hardware characteristics | |
| CN109871668A (en) | Certification, authorization and access control method based on time limit properties secret in smart grid | |
| CN107333263A (en) | A kind of follow-on SIM card and mobile communication personal identification method and system | |
| CN102427459B (en) | Offline authorization method based on Usbkeys | |
| CN108881240A (en) | Member's private data guard method based on block chain | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091118 Termination date: 20121125 |