WO2019166001A1 - Token generation and verification method and smart terminal - Google Patents

Token generation and verification method and smart terminal Download PDF

Info

Publication number
WO2019166001A1
WO2019166001A1 PCT/CN2019/076590 CN2019076590W WO2019166001A1 WO 2019166001 A1 WO2019166001 A1 WO 2019166001A1 CN 2019076590 W CN2019076590 W CN 2019076590W WO 2019166001 A1 WO2019166001 A1 WO 2019166001A1
Authority
WO
WIPO (PCT)
Prior art keywords
random number
timestamp
factor
token
encryption
Prior art date
Application number
PCT/CN2019/076590
Other languages
French (fr)
Chinese (zh)
Inventor
叶世刚
Original Assignee
捷开通讯(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 捷开通讯(深圳)有限公司 filed Critical 捷开通讯(深圳)有限公司
Publication of WO2019166001A1 publication Critical patent/WO2019166001A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the present application relates to the field of intelligent terminals, and in particular, to a token generation and verification method and an intelligent terminal.
  • Tokens is a concept for the security of smart terminals.
  • the system creates an access token containing the system ID returned by the login process and the security group assigned to the user and user by the local security policy. List of privileges. All processes running as this user have a copy of the token, and the system uses tokens to control which security objects the user can access and control the user's ability to perform related system operations.
  • the traditional token generation and verification method is only for static tokens, which is easy to bring great risks to users and increase the risk of account theft.
  • the embodiment of the present application provides a token generation and verification method and an intelligent terminal, which can ensure that the tokens of each access to the server are different.
  • the embodiment of the present application provides a method for generating and verifying a token, which includes: the smart terminal generates a random number and a timestamp, encrypts the unique identifier by using a random number and a timestamp as parameters, generates a dynamic token, and sends the dynamic token to the server. Static tokens, random numbers, timestamps, and dynamic tokens to cause the server to decrypt static tokens and dynamic tokens to verify unique identifiers.
  • the encrypting the unique identifier by using the random number and the timestamp as parameters including:
  • the unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  • the logic operation is performed on at least one byte of the timestamp to obtain the same time factor as the timestamp digit, including:
  • the timestamp When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
  • a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  • the calculating, by using the random number as a parameter, the first encryption factor and the second encryption factor including:
  • the time factor, the first part of the timestamp, the first part of the random number, and the first encryption factor are used as elements to form an encryption.
  • Key including:
  • the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key
  • the number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections.
  • the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor are elements.
  • Form the key vector including:
  • the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret
  • the number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  • the encrypting the unique identifier by using the encryption key and the key vector to generate the dynamic token includes:
  • the smart terminal before the smart terminal generates the random number and the timestamp, the smart terminal includes:
  • the embodiment of the present application further provides a method for generating and verifying a token, which includes: receiving a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token is a random number and a timestamp.
  • the parameter is obtained by encrypting the unique identifier of the smart terminal, and decrypting the dynamic token and the static token to verify the unique identifier.
  • the method before receiving the static token, the random number, the timestamp, and the dynamic token sent by the smart terminal, the method includes:
  • the server generates a static token
  • the decrypting the dynamic token and the static token to verify the unique identifier includes:
  • the unique identifier verification is successful; otherwise, the verification fails.
  • the dynamic token is decrypted by using the random number and the timestamp as parameters, so that after the dynamic token is successfully decrypted, the first identifier is obtained.
  • a decryption algorithm is used on the decrypted ciphertext to obtain a first identifier.
  • the method before the decrypting the dynamic token and the static token to verify the unique identifier, the method includes:
  • the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, if the random number is before the smart terminal If the random numbers sent at one time are not equal, the step of decrypting the dynamic token and the static token to verify the unique identifier is continued.
  • the embodiment of the present application further provides an intelligent terminal, including: a communication circuit and a processor connected to each other, a communication circuit, configured to acquire a static token and a unique identifier, and the processor obtains a static token and a unique identifier through the communication circuit. And perform the following steps:
  • the intelligent terminal generates a random number and a time stamp
  • the processor performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, including:
  • the unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  • the processor performs the step of performing a logical operation on at least one byte of the timestamp to obtain a time factor identical to the timestamp digit, including :
  • the timestamp When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
  • a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  • the processor performs the step of calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor, including:
  • the processor executes:
  • the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key
  • the number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
  • step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements including:
  • the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret
  • the number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  • the processor performs the step of encrypting the unique identifier by using the encryption key and the key vector to generate the dynamic token, including :
  • the method before the step of the processor executing the random number and the time stamp generated by the smart terminal, the method includes:
  • the embodiment of the present application provides a token generation and verification method and an intelligent terminal.
  • the smart terminal generates a random number and a timestamp, encrypts the unique identifier by using a random number and a timestamp as parameters, and generates a dynamic token to the server.
  • a static token, a random number, a timestamp, and a dynamic token are sent to cause the server to decrypt the static token and the dynamic token to verify the unique identifier.
  • the random number is constantly changing, so the tokens are different for each access to the server. Even if the token is stolen, the token cannot be decrypted in a short time, thus improving the access security of the server.
  • FIG. 1 is a schematic flowchart of a first embodiment of a method for generating and verifying a token according to the present application
  • FIG. 2 is an interaction diagram of a smart terminal and a server of the token generation and verification method of the present application
  • FIG. 3 is a schematic flowchart of a second embodiment of a method for generating and verifying a token according to the present application
  • FIG. 4 is a schematic flowchart of a third embodiment of a method for generating and verifying a token according to the present application
  • FIG. 5 is a schematic flowchart of a fourth embodiment of a method for generating and verifying a token according to the present application
  • FIG. 6 is a schematic flowchart of a server verifying a static token and a dynamic token according to a fourth embodiment of the token generation and verification method of the present application;
  • FIG. 7 is a schematic flowchart of a fifth embodiment of a method for generating and verifying a token according to the present application.
  • FIG. 8 is a schematic structural diagram of an embodiment of a smart terminal according to the present application.
  • FIG. 9 is a schematic structural diagram of an embodiment of a server according to the present application.
  • the first embodiment of the token generation and verification method of the present application includes:
  • S2 The smart terminal generates a random number and a time stamp.
  • S3 The unique identifier is encrypted by using a random number and a timestamp as parameters to generate a dynamic token.
  • S4 Send a static token, a random number, a timestamp, and a dynamic token to the server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier.
  • the unique identifier is generated by the server to identify the smart terminal that interacts with the server.
  • the static token is a fixed combination of characters
  • the dynamic token is a random character combination
  • the timestamp is able to represent a piece of data before a certain time.
  • An existing, complete, verifiable sequence of characters used to uniquely identify a moment in time.
  • the server generates a static token and sends a static token to the smart terminal for authorization.
  • the smart terminal acquires a unique identifier of the smart terminal generated by the server.
  • the smart terminal generates a random number of preset digits. For example, the smart terminal generates an 8-byte random number, and obtains a corresponding timestamp, for example, a time at which the random number is generated, and the parameter is unique according to the obtained random number and timestamp.
  • the identifier is encrypted using an encryption algorithm to generate a dynamic token.
  • the smart terminal After the dynamic token is generated, the smart terminal sends the static token, the random number, the timestamp, and the dynamic token to the server, and the server decrypts the received static token and the dynamic token, and obtains the unique correspondence between the static token and the dynamic token. After the identifier, it is checked whether the static token and the unique identifier corresponding to the dynamic token are consistent. If the verification is successful, the smart terminal can access the server, otherwise the verification fails, and the smart terminal cannot access the server.
  • the encryption algorithm may be symmetric encryption or asymmetric encryption, and may be selected according to actual requirements, and is not specifically limited herein.
  • step S2 the method includes:
  • S1 Receive a static token generated by the server to obtain a unique identifier.
  • the intelligent terminal After receiving the static token sent by the server, the intelligent terminal acquires a unique identifier sent together with the static token.
  • the smart terminal can also obtain a unique identifier by decrypting the static token sent by the server.
  • the application generates a random number and a timestamp through the intelligent terminal, encrypts the unique identifier with the random number and the timestamp as parameters, generates a dynamic token, and sends a static token, a random number, a timestamp, and a dynamic token to the server, Causes the server to decrypt the static token and the dynamic token to verify the unique identifier.
  • the random number is constantly changing, so the tokens are different for each access to the server. Even if the token is stolen, the token cannot be decrypted in a short time, thus improving the access security of the server.
  • step S3 includes:
  • S31 Perform logic operation on at least one byte in the timestamp to obtain the same time factor as the timestamp digit.
  • the number of bytes of the timestamp may be set by the system of the smart terminal, or may be set according to user requirements.
  • one byte may be logically operated, or may be Performing logical operations on multiple bytes, the calculated number of bytes of the time factor is the same as the timestamp.
  • the timestamp has only one byte, some bits in the byte can be logically operated, or All bits are logically operated and the resulting time factor is the same as the number of bits in the timestamp.
  • the timestamp is set to 8 bytes, and the timestamp is divided into eight parts according to the number of bytes, that is, t1, t2, t3, t4, t5, t6, t7, and t8, wherein T1, t2, t3, t4, t5, t6, t7 and t8 each occupy one byte, logically operate on t1 and t2 to obtain the first part of the time factor, and perform logical operations on t3 and t4 to obtain the second part of the time factor. . logical operation of t8 and t1 to get the eighth part of the time factor, the eight parts of the time factor combine to form a complete time factor.
  • the logical operation may be an AND operation, a non-operation, or other logic operation, which is not specifically limited herein.
  • S32 Calculate the first encryption factor and the second encryption factor by using a random number as a parameter.
  • the random number is divided into two parts according to the number of bytes, and the first part of the random number is logically operated to obtain a keyword, and the second part of the random number is logically operated to obtain a reference value, and the conditional operation is performed on the keyword and the reference value.
  • the cryptographic factor that is, the cryptographic factor is obtained by mathematically calculating the reference value according to the preset condition that the keyword satisfies.
  • the first encryption factor is obtained by performing a mathematical operation on the first part of the random number
  • the second encryption factor is obtained by performing a mathematical operation on the second part of the random number.
  • the mathematical operation of the first part of the random number and the mathematical operation of the second part of the random number may be performed. The same, can also be different.
  • the random number is 8 bytes and is divided into two parts of 4 bytes, the first part is a high random number part (high 4 bytes), and the second part is a low random number part. (lower 4 bytes), select the high random number part or select the low random number part, perform the exclusive OR operation on the selected random number part, take the remainder of the four to get the key, and perform the exclusive OR operation on the selected random number part first. After taking the remainder of ten to get the reference value.
  • the encryption factor is a 2-byte number. The encryption factor is divided into four parts in hexadecimal. When the reference value is set to the first part of the encryption factor, when the keyword is equal to 3, the second part of the encryption factor is equal to the reference value.
  • the third part of the encryption factor is equal to the reference value plus 2, the fourth part of the encryption factor is equal to the reference value plus 3; when the keyword is equal to 2, the second part of the encryption factor is equal to the reference value plus 1, the encryption factor The third part is equal to the reference value plus 2, the fourth part of the encryption factor is equal to the reference value; when the key is equal to 1, the second part of the encryption factor is equal to the reference value plus 1, the third part of the encryption factor is equal to the reference value, encryption The fourth part of the factor is equal to the reference value plus one; when the key is equal to 0, the second part, the third part and the fourth part of the encryption factor are equal to the reference value; wherein, the reference value can also be set as the encryption factor
  • the four parts of the cryptographic factor can also be obtained by other mathematical operations (such as subtraction or multiplication) from the reference value and other numbers, and the number is not specifically limited.
  • the encryption factor when the keyword and the reference value are both equal to 0, the encryption factor is 4321 in hexadecimal; when the reference value is 0, and the keyword is 1, the encryption factor is hexadecimal. 0101; when the reference value is 3, the keyword is 3, the encryption factor is 3456 in hexadecimal; when the reference value is 3, the keyword is 0, the encryption factor is 3333 in hexadecimal, the reference value and the key Words can also be other values, which are not exemplified here.
  • the first encryption factor may be obtained by performing the above operation on the high random number portion
  • the second encryption factor may be obtained by performing the above operation on the low random number portion.
  • other partial bytes of the random number may also be selected to perform the above operation to obtain an encryption factor.
  • S33 forming an encryption key by using a time factor, a first partial byte in the timestamp, a first partial byte in the random number, and a first encryption factor as elements.
  • the encryption key is composed of a time factor, a first partial byte in the time stamp, a first partial byte in the random number, and a first encryption factor.
  • the number of bytes of the encryption key is the number of bytes of the time factor, and the first part of the time stamp.
  • the encryption factors may be combined to form an encryption key in a certain order, or may be arranged in combination to form an encryption key.
  • the encryption key is 16 bytes
  • the first part is a time factor
  • the encryption key is 8 bytes
  • the second part is the first part of the timestamp, which occupies the encryption key 2
  • the third part is the first part of the random number, which is 4 bytes of the encryption key
  • the fourth part is the first encryption factor, which is 2 bytes of the encryption key.
  • S34 forming a key vector by using a time factor, a second partial byte in the time stamp, a second partial byte in the random number, and a second encryption factor as elements.
  • the key vector is composed of a time factor, a second partial byte in the time stamp, a second partial byte in the random number, and a second encryption factor.
  • the number of bytes of the key vector is the number of bytes of the time factor, and the time stamp is the first.
  • the partial byte and the second encryption factor may be combined in a certain order to form a key vector, or may be arranged in combination to form a key vector.
  • the key vector is 16 bytes
  • the first part is a time factor, which occupies 8 bytes of the encryption key
  • the second part is the second part of the timestamp, which occupies the encryption key.
  • the third part is the second part of the random number, accounting for 4 bytes of the encryption key
  • the fourth part is the second encryption factor, which is 2 bytes of the encryption key.
  • the positions of the time factor, the time stamp, the random number and the encryption factor may correspond one-to-one.
  • S35 Encrypt the unique identifier by using an encryption key and a key vector to generate a dynamic token.
  • the unique identifier is encrypted by an encryption algorithm by using an encryption key and a key vector to generate a dynamic token, wherein the encryption key and the key vector may be 16 bytes or other bytes, and the encryption algorithm
  • the dynamic encryption token is obtained by first encrypting the encryption key and the key vector using an advanced encryption algorithm, and then encoding it using an encoding algorithm.
  • step S35 includes:
  • S351 encrypt the unique identifier by using an encryption key and a key vector to obtain an encrypted ciphertext.
  • the smart terminal encrypts the unique identifier by using the encryption key and the key vector to generate the encrypted ciphertext.
  • the encryption algorithm may be an AES advanced encryption algorithm, such as AES 128, or other algorithms, which are not specifically limited herein.
  • S352 Encode the encrypted ciphertext to generate a dynamic token.
  • the intelligent terminal After obtaining the encrypted ciphertext, the intelligent terminal encodes the encrypted ciphertext using an encoding algorithm to generate a dynamic token, wherein the encoding algorithm may be a 64-bit encoding algorithm, such as Base64, or an encoding algorithm of other digits. No specific restrictions are made.
  • the fourth embodiment of the token generation and verification method of the present application includes:
  • S7 Receive a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token is obtained by encrypting the unique identifier of the smart terminal by using a random number and a timestamp as parameters.
  • S8 Decrypt the dynamic token and the static token to verify the unique identifier.
  • the server can be a static token and send a static token to the smart terminal for authorization.
  • the smart terminal After the smart terminal generates the dynamic token, the smart terminal will authorize the static token. Random numbers, timestamps, and dynamic tokens are sent to the server.
  • the server decrypts the dynamic token and the static token by using a random number and a timestamp, and respectively obtains two corresponding identifiers. If the two identifiers are consistent, the verification succeeds, otherwise the verification fails.
  • the decryption algorithm may be an AES advanced decryption algorithm or other algorithms, which is not specifically limited herein.
  • the decryption algorithm corresponds to an encryption algorithm used by the intelligent terminal.
  • step S6 the method includes:
  • S5 The server generates a static token.
  • S6 Send a static token to the smart terminal for authorization.
  • Intelligent terminals and servers need to authorize smart terminals in a synchronous manner.
  • the smart terminal uses a list of user characteristics to log in to the computer as a password. Only smart terminals and servers know the meaning of these features. Because the two are synchronized, the smart terminal presents the exact token to the server.
  • Synchronous smart terminals use timestamps and authorization synchronization as a core part of the authorization process. If the synchronization is time based, the smart terminal and server keep their timestamps the same. The token is generated using the timestamp and random number of the smart terminal, the token and the unique identifier are entered into the smart terminal, and then the smart terminal transmits them to the server to run the authorization service. The authorization service decrypts the token and compares it to the expected token. If the two match, the user's authorization operation is completed, allowing the smart terminal and resources to be used.
  • the intelligent terminal and server Based on timestamp-based synchronization, the intelligent terminal and server share the same key and key vector for encryption and decryption.
  • step S8 the method includes:
  • S801 The server determines whether the timestamp is less than or equal to a timestamp sent by the smart terminal.
  • S802 If the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, and if the random number is not equal to the random number sent by the smart terminal, the continuation is continued. Perform the steps of decrypting the dynamic token and the static token to verify the unique identifier.
  • the server determines whether the timestamp sent by the current time is less than or equal to the timestamp sent by the intelligent terminal. If the timestamp sent by the current time is smaller than the time sent by the smart terminal. If the time stamp is equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal the previous time. If the random number is equal to the random number sent by the intelligent terminal the previous time, the error is returned and the decryption is ended. If the random number is not equal to the random number sent by the smart terminal, the decryption algorithm is used to decrypt the dynamic token and the static token. To verify the unique identifier.
  • step S8 includes:
  • S81 Decrypt the dynamic token with the random number and the timestamp as parameters to obtain the first identifier after the dynamic token is successfully decrypted.
  • the server generates a decryption key and a decryption key vector according to the random number and the timestamp, decodes the dynamic token using the decoding algorithm with the decryption key and the decryption key vector, obtains the decrypted ciphertext, and uses the decryption algorithm for decrypting the ciphertext. Get the first identifier. If no decryption succeeds, an error is returned and the decryption is ended.
  • the decryption process and the encryption process are corresponding processes. When the dynamic token is not encoded, the decoding process can also be omitted.
  • S82 Decrypt the static token to obtain a second identifier after the static token is successfully decrypted.
  • the server decrypts the static token by using a decryption algorithm, and after the static token is successfully decrypted, the second identifier is obtained. If the static token is not successfully decrypted, an error is returned and the decryption is ended.
  • the decryption algorithm of the static token may be the same as or different from the decryption algorithm of the dynamic token.
  • the server determines whether the first identifier and the second identifier are the same. If the first identifier and the second identifier are not the same, the unique identifier verification fails, and the school ends. It is verified that if the first identifier and the second identifier are the same, the unique identifier is successfully verified.
  • an embodiment of the smart terminal of the present application includes:
  • Interconnected communication circuit 10 and processor 20 are Interconnected communication circuit 10 and processor 20;
  • the communication circuit 10 is used to acquire a static token and a unique identifier.
  • the processor 20 is configured to acquire a static token and a unique identifier through the communication circuit 10 and execute an instruction to implement any one of the first to fourth embodiments of the token generation and verification method of the present application and any non-conflicting combination. The method provided.
  • the processor 20 is configured to acquire a static token and a unique identifier through the communication circuit 10, and perform the following steps:
  • the intelligent terminal generates a random number and a time stamp
  • the processor 20 performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, including:
  • the unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  • the processor 20 performs the step of performing a logical operation on at least one of the timestamps to obtain the same time factor as the number of timestamps, including:
  • the timestamp When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
  • a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  • the processor 20 performs the step of calculating the first encryption factor and the second encryption factor by using the random number as a parameter, including:
  • the processor 20 executes:
  • the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key
  • the number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
  • step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements including:
  • the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret
  • the number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  • the processor 20 performs the step of encrypting the unique identifier with the encryption key and the key vector to generate the dynamic token, including:
  • the processor 20 before the step of the processor 20 to generate the random number and the timestamp, the processor 20 includes:
  • the processor 20 controls the operation of the smart terminal, and the processor 20 may also be referred to as a CPU (Central). Processing Unit, central processing unit).
  • Processor 20 may be an integrated circuit chip with signal processing capabilities.
  • Processor 20 can also be a general purpose processor, digital signal processor (DSP), application specific integrated circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component .
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the intelligent terminal can further include a memory (not shown) for storing instructions and data necessary for the processor 20 to operate.
  • the smart terminal can also set other components such as a display screen and a keyboard according to specific requirements, which are not specifically limited herein.
  • an embodiment of the server of the present application includes:
  • Interconnected communication circuit 30 and processor 40 the communication circuit 30 is used to acquire static tokens, random numbers, timestamps, and dynamic tokens.
  • the processor 40 is configured to acquire a static token, a random number, a time stamp, and a dynamic token through the communication circuit 30 and execute an instruction to implement any one of the fifth to eighth embodiments of the token generation and verification method of the present application.
  • the method provided by any combination of non-conflicting.
  • the processor 40 controls the operation of the server, and the processor 40 may also be referred to as a CPU (Central). Processing Unit, central processing unit).
  • Processor 40 may be an integrated circuit chip with signal processing capabilities.
  • the processor 40 can also be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the server may further include a memory (not shown) for storing instructions and data necessary for the processor 40 to operate.
  • the server can be a private server or a cloud server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed by the present application are a token generation and verification method and a smart terminal. The method comprises: a smart terminal generating a random number and a time stamp and encrypting a unique identifier using the random number and the time stamp as parameters; generating a dynamic token, and sending a static token, the random number, the time stamp, and the dynamic token to a server so that the server decrypts the static token and the dynamic token to verify the unique identifier.

Description

令牌生成和校验方法及智能终端Token generation and verification method and intelligent terminal
本申请要求于2018年03月01日提交中国专利局、申请号为201810173001.4、发明名称为“令牌生成和校验方法、智能终端及服务器”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201810173001.4, entitled "Token Generation and Verification Method, Intelligent Terminal and Server", filed on March 1, 2018, the entire contents of which are hereby incorporated by reference. Combined in this application.
技术领域Technical field
本申请涉及智能终端领域,特别是涉及一种令牌生成和校验方法及智能终端。The present application relates to the field of intelligent terminals, and in particular, to a token generation and verification method and an intelligent terminal.
背景技术Background technique
令牌(Access Tokens)是针对智能终端安全性的一个概念,当用户登陆时,系统创建一个访问令牌,里面包含登录进程返回的系统识别码和由本地安全策略分配给用户和用户的安全组的特权列表。以该用户身份运行的所有进程都拥有该令牌的一个拷贝,系统使用令牌控制用户可以访问哪些安全对象,并控制用户执行相关系统操作的能力。Tokens (Access Tokens) is a concept for the security of smart terminals. When a user logs in, the system creates an access token containing the system ID returned by the login process and the security group assigned to the user and user by the local security policy. List of privileges. All processes running as this user have a copy of the token, and the system uses tokens to control which security objects the user can access and control the user's ability to perform related system operations.
传统的令牌生成和校验方法只针对静态令牌,容易给用户带来很大的风险,增加账户被盗的风险。The traditional token generation and verification method is only for static tokens, which is easy to bring great risks to users and increase the risk of account theft.
技术问题technical problem
本申请实施例提供一种令牌生成和校验方法及智能终端,可以确保每次访问服务器的令牌都不一样。The embodiment of the present application provides a token generation and verification method and an intelligent terminal, which can ensure that the tokens of each access to the server are different.
技术解决方案Technical solution
本申请实施例提供一种令牌生成和校验方法,其包括:智能终端生成随机数和时间戳,以随机数和时间戳为参数对唯一标识符进行加密,生成动态令牌,向服务器发送静态令牌、随机数、时间戳和动态令牌,以使得服务器解密静态令牌和动态令牌以校验唯一标识符。The embodiment of the present application provides a method for generating and verifying a token, which includes: the smart terminal generates a random number and a timestamp, encrypts the unique identifier by using a random number and a timestamp as parameters, generates a dynamic token, and sends the dynamic token to the server. Static tokens, random numbers, timestamps, and dynamic tokens to cause the server to decrypt static tokens and dynamic tokens to verify unique identifiers.
在本申请实施例所述的方法中,所述以所述随机数和所述时间戳为参数对唯一标识符进行加密,包括:In the method of the embodiment of the present application, the encrypting the unique identifier by using the random number and the timestamp as parameters, including:
对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;Performing a logical operation on at least one byte of the timestamp to obtain the same time factor as the number of timestamps;
以所述随机数为参数计算得到第一加密因子和第二加密因子;Calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor;
以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥;Forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements;
以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量;Forming a key vector by using the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor as elements;
使用所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌。The unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
在本申请实施例所述的方法中,所述对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子,包括:In the method of the embodiment of the present application, the logic operation is performed on at least one byte of the timestamp to obtain the same time factor as the timestamp digit, including:
当所述时间戳具有多个字节时,对所述时间戳中的一个字节或者多个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
当所述时间戳具有单字节时,对所述时间戳的单字节中的部分位数或者所有位数进行逻辑运算,以得到与所述时间戳位数相同的时间因子。When the timestamp has a single byte, a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
在本申请实施例所述的方法中,所述以所述随机数为参数计算得到第一加密因子和第二加密因子,包括:In the method of the embodiment of the present application, the calculating, by using the random number as a parameter, the first encryption factor and the second encryption factor, including:
将所述随机数按字节数分为第一部分和第二部分;Dividing the random number into a first part and a second part according to a number of bytes;
将所述随机数的第一部分进行逻辑运算后得到关键字,将随机数字的第二部分进行逻辑运算后得到引用值;Performing a logical operation on the first part of the random number to obtain a keyword, and performing a logical operation on the second part of the random number to obtain a reference value;
对所述关键字和所述引用值进行条件运算,以得到第一加密因子和第二加密因子。Performing a conditional operation on the keyword and the reference value to obtain a first encryption factor and a second encryption factor.
在本申请实施例所述的方法中,所述以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥,包括:In the method of the embodiment of the present application, the time factor, the first part of the timestamp, the first part of the random number, and the first encryption factor are used as elements to form an encryption. Key, including:
所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子按照第一预设顺序组合构成加密密钥;其中,所述加密密钥的字节数为所述时间因子的字节数、所述时间戳中第一部分字节的字节数、所述随机数中第一部分字节的字节数和所述第一加密因子的字节数之和。The time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key The number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections.
在本申请实施例所述的方法中,所述以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量,包括:In the method of the embodiment of the present application, the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor are elements. Form the key vector, including:
所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子按照第二预设顺序组合构成密钥向量;其中,所述密钥向量的字节数为所述时间因子的字节数、所述时间戳中第二部分字节的字节数、所述随机数中第二部分字节的字节数和所述第二加密因子的字节数之和。The time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret The number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
在本申请实施例所述的方法中,所述以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌,包括:In the method of the embodiment of the present application, the encrypting the unique identifier by using the encryption key and the key vector to generate the dynamic token includes:
以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,得到加密密文;Encrypting the unique identifier with the encryption key and the key vector to obtain an encrypted ciphertext;
对所述加密密文进行编码,生成所述动态令牌。Encoding the encrypted ciphertext to generate the dynamic token.
在本申请实施例所述的方法中,所述智能终端生成随机数和时间戳之前,包括:In the method of the embodiment of the present application, before the smart terminal generates the random number and the timestamp, the smart terminal includes:
接收所述服务器生成的静态令牌,以获取所述唯一标识符。Receiving a static token generated by the server to obtain the unique identifier.
本申请实施例还提供一种令牌生成和校验方法,其包括:接收智能终端发送的静态令牌、随机数、时间戳和动态令牌,其中动态令牌是以随机数和时间戳为参数对智能终端的唯一标识符进行加密得到的,对动态令牌和静态令牌进行解密,以校验唯一标识符。The embodiment of the present application further provides a method for generating and verifying a token, which includes: receiving a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token is a random number and a timestamp. The parameter is obtained by encrypting the unique identifier of the smart terminal, and decrypting the dynamic token and the static token to verify the unique identifier.
在本申请实施例所述的方法中,所述接收智能终端发送的静态令牌、随机数、时间戳和动态令牌之前,包括:In the method of the embodiment of the present application, before receiving the static token, the random number, the timestamp, and the dynamic token sent by the smart terminal, the method includes:
所述服务器生成静态令牌;The server generates a static token;
发送所述静态令牌至智能终端进行授权。Sending the static token to the smart terminal for authorization.
在本申请实施例所述的方法中,所述对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符,包括:In the method of the embodiment of the present application, the decrypting the dynamic token and the static token to verify the unique identifier includes:
以所述随机数和所述时间戳为参数对所述动态令牌进行解密,以在所述动态令牌解密成功后,得到第一标识符;Decrypting the dynamic token with the random number and the timestamp as parameters to obtain a first identifier after the dynamic token is successfully decrypted;
对所述静态令牌进行解密,以在所述静态令牌解密成功后,得到第二标识符;Decrypting the static token to obtain a second identifier after the static token is successfully decrypted;
判断所述第一标识符和所述第二标识符是否相同;Determining whether the first identifier and the second identifier are the same;
若所述第一标识符和所述第二标识符相同,则所述唯一标识符校验成功;否则,校验失败。If the first identifier and the second identifier are the same, the unique identifier verification is successful; otherwise, the verification fails.
在本申请实施例所述的方法中,所述以所述随机数和所述时间戳为参数对所述动态令牌进行解密,以在所述动态令牌解密成功后,得到第一标识符,包括:In the method of the embodiment of the present application, the dynamic token is decrypted by using the random number and the timestamp as parameters, so that after the dynamic token is successfully decrypted, the first identifier is obtained. ,include:
根据所述随机数和所述时间戳来生成解密密钥和解密密钥向量;Generating a decryption key and a decryption key vector according to the random number and the timestamp;
以所述解密密钥和所述解密密钥向量对所述动态令牌使用解码算法进行解码,得到解密密文;Decoding the dynamic token with the decryption key and the decryption key vector using a decoding algorithm to obtain a decrypted ciphertext;
对所述解密密文使用解密算法,得到第一标识符。A decryption algorithm is used on the decrypted ciphertext to obtain a first identifier.
在本申请实施例所述的方法中,所述对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符之前,包括:In the method of the embodiment of the present application, before the decrypting the dynamic token and the static token to verify the unique identifier, the method includes:
所述服务器判断所述时间戳是否小于或等于所述智能终端前一次发送的时间戳;Determining, by the server, whether the timestamp is less than or equal to a timestamp previously sent by the smart terminal;
若所述时间戳小于或等于所述智能终端前一次发送的时间戳,则判断所述随机数是否与所述智能终端前一次发送的随机数相等,若所述随机数与所述智能终端前一次发送的随机数不相等,则继续执行所述对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符的步骤。If the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, if the random number is before the smart terminal If the random numbers sent at one time are not equal, the step of decrypting the dynamic token and the static token to verify the unique identifier is continued.
本申请实施例还提供一种智能终端,其包括:相互连接的通信电路和处理器,通信电路,用于获取静态令牌和唯一标识符,处理器,通过通信电路获取静态令牌和唯一标识符,并执行如下步骤:The embodiment of the present application further provides an intelligent terminal, including: a communication circuit and a processor connected to each other, a communication circuit, configured to acquire a static token and a unique identifier, and the processor obtains a static token and a unique identifier through the communication circuit. And perform the following steps:
智能终端生成随机数和时间戳;The intelligent terminal generates a random number and a time stamp;
以所述随机数和所述时间戳为参数对唯一标识符进行加密,生成动态令牌,其中,所述唯一标识符由服务器生成,用以识别与所述服务器交互的智能终端;Encrypting the unique identifier by using the random number and the timestamp as parameters to generate a dynamic token, where the unique identifier is generated by a server to identify an intelligent terminal that interacts with the server;
向所述服务器发送静态令牌、所述随机数、所述时间戳和所述动态令牌,以使得所述服务器解密所述静态令牌和所述动态令牌以校验所述唯一标识符。Sending a static token, the random number, the timestamp, and the dynamic token to the server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier .
在本申请实施例所述的智能终端中,所述处理器执行所述以所述随机数和所述时间戳为参数对唯一标识符进行加密的步骤,包括:In the smart terminal according to the embodiment of the present application, the processor performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, including:
对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;Performing a logical operation on at least one byte of the timestamp to obtain the same time factor as the number of timestamps;
以所述随机数为参数计算得到第一加密因子和第二加密因子;Calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor;
以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥;Forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements;
以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量;Forming a key vector by using the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor as elements;
使用所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌。The unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
在本申请实施例所述的智能终端中,所述处理器执行所述对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子的步骤,包括:In the intelligent terminal according to the embodiment of the present application, the processor performs the step of performing a logical operation on at least one byte of the timestamp to obtain a time factor identical to the timestamp digit, including :
当所述时间戳具有多个字节时,对所述时间戳中的一个字节或者多个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
当所述时间戳具有单字节时,对所述时间戳的单字节中的部分位数或者所有位数进行逻辑运算,以得到与所述时间戳位数相同的时间因子。When the timestamp has a single byte, a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
在本申请实施例所述的智能终端中,所述处理器执行所述以所述随机数为参数计算得到第一加密因子和第二加密因子的步骤,包括:In the smart terminal according to the embodiment of the present application, the processor performs the step of calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor, including:
将所述随机数按字节数分为第一部分和第二部分;Dividing the random number into a first part and a second part according to a number of bytes;
将所述随机数的第一部分进行逻辑运算后得到关键字,将随机数字的第二部分进行逻辑运算后得到引用值;Performing a logical operation on the first part of the random number to obtain a keyword, and performing a logical operation on the second part of the random number to obtain a reference value;
对所述关键字和所述引用值进行条件运算,以得到第一加密因子和第二加密因子。Performing a conditional operation on the keyword and the reference value to obtain a first encryption factor and a second encryption factor.
在本申请实施例所述的智能终端中,所述处理器执行:In the intelligent terminal according to the embodiment of the present application, the processor executes:
所述以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥的步骤,包括:The step of forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements, including:
所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子按照第一预设顺序组合构成加密密钥;其中,所述加密密钥的字节数为所述时间因子的字节数、所述时间戳中第一部分字节的字节数、所述随机数中第一部分字节的字节数和所述第一加密因子的字节数之和;The time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key The number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
所述以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量的步骤,包括:And the step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements, including:
所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子按照第二预设顺序组合构成密钥向量;其中,所述密钥向量的字节数为所述时间因子的字节数、所述时间戳中第二部分字节的字节数、所述随机数中第二部分字节的字节数和所述第二加密因子的字节数之和。The time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret The number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
在本申请实施例所述的智能终端中,所述处理器执行所述以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌的步骤,包括:In the intelligent terminal according to the embodiment of the present application, the processor performs the step of encrypting the unique identifier by using the encryption key and the key vector to generate the dynamic token, including :
以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,得到加密密文;Encrypting the unique identifier with the encryption key and the key vector to obtain an encrypted ciphertext;
对所述加密密文进行编码,生成所述动态令牌。Encoding the encrypted ciphertext to generate the dynamic token.
在本申请实施例所述的智能终端中,所述处理器执行所述智能终端生成随机数和时间戳的步骤之前,包括:In the smart terminal according to the embodiment of the present application, before the step of the processor executing the random number and the time stamp generated by the smart terminal, the method includes:
接收所述服务器生成的静态令牌,以获取所述唯一标识符。Receiving a static token generated by the server to obtain the unique identifier.
有益效果Beneficial effect
本申请实施例提供一种令牌生成和校验方法及智能终端,通过智能终端生成随机数和时间戳,以随机数和时间戳为参数对唯一标识符进行加密,生成动态令牌,向服务器发送静态令牌、随机数、时间戳和动态令牌,以使得服务器解密静态令牌和动态令牌以校验唯一标识符。随机数不断变化,因此每次访问服务器的令牌都不一样,即使令牌被窃取,也无法短时间内解密令牌,从而提高了服务器的访问安全。The embodiment of the present application provides a token generation and verification method and an intelligent terminal. The smart terminal generates a random number and a timestamp, encrypts the unique identifier by using a random number and a timestamp as parameters, and generates a dynamic token to the server. A static token, a random number, a timestamp, and a dynamic token are sent to cause the server to decrypt the static token and the dynamic token to verify the unique identifier. The random number is constantly changing, so the tokens are different for each access to the server. Even if the token is stolen, the token cannot be decrypted in a short time, thus improving the access security of the server.
附图说明DRAWINGS
图1是本申请令牌生成和校验方法第一实施例的流程示意图;1 is a schematic flowchart of a first embodiment of a method for generating and verifying a token according to the present application;
图2是本申请令牌生成和校验方法智能终端和服务器的交互图;2 is an interaction diagram of a smart terminal and a server of the token generation and verification method of the present application;
图3是本申请令牌生成和校验方法第二实施例的流程示意图;3 is a schematic flowchart of a second embodiment of a method for generating and verifying a token according to the present application;
图4是本申请令牌生成和校验方法第三实施例的流程示意图;4 is a schematic flowchart of a third embodiment of a method for generating and verifying a token according to the present application;
图5是本申请令牌生成和校验方法第四实施例的流程示意图;5 is a schematic flowchart of a fourth embodiment of a method for generating and verifying a token according to the present application;
图6是本申请令牌生成和校验方法第四实施例服务器校验静态令牌和动态令牌的流程示意图;6 is a schematic flowchart of a server verifying a static token and a dynamic token according to a fourth embodiment of the token generation and verification method of the present application;
图7是本申请令牌生成和校验方法第五实施例的流程示意图;7 is a schematic flowchart of a fifth embodiment of a method for generating and verifying a token according to the present application;
图8是本申请智能终端一实施例的结构示意图;8 is a schematic structural diagram of an embodiment of a smart terminal according to the present application;
图9是本申请服务器一实施例的结构示意图。FIG. 9 is a schematic structural diagram of an embodiment of a server according to the present application.
本发明的实施方式Embodiments of the invention
如图1所示,本申请令牌生成和校验方法第一实施例包括:As shown in FIG. 1, the first embodiment of the token generation and verification method of the present application includes:
S2:智能终端生成随机数和时间戳。S2: The smart terminal generates a random number and a time stamp.
S3:以随机数和时间戳为参数对唯一标识符进行加密,生成动态令牌。S3: The unique identifier is encrypted by using a random number and a timestamp as parameters to generate a dynamic token.
S4:向服务器发送静态令牌、随机数、时间戳和动态令牌,以使得服务器解密静态令牌和动态令牌以校验唯一标识符。S4: Send a static token, a random number, a timestamp, and a dynamic token to the server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier.
唯一标识符由服务器生成,用以识别与服务器交互的智能终端,静态令牌为固定的字符组合,动态令牌则为随机字符组合,时间戳为能表示一份数据在某个特定时间之前已经存在的、完整的、可验证的字符序列,用来唯一地标识某一刻的时间。The unique identifier is generated by the server to identify the smart terminal that interacts with the server. The static token is a fixed combination of characters, the dynamic token is a random character combination, and the timestamp is able to represent a piece of data before a certain time. An existing, complete, verifiable sequence of characters used to uniquely identify a moment in time.
参阅图2,服务器生成静态令牌,并发送静态令牌给智能终端进行授权,智能终端接收到服务器发送的静态令牌后,并获取到服务器生成的智能终端的唯一标识符。智能终端生成预设位数的随机数,例如智能终端生成8字节的随机数,同时获取对应的时间戳,例如生成该随机数的时间,根据获取到的随机数及时间戳为参数对唯一标识符使用加密算法进行加密,进而生成动态令牌。动态令牌生成后,智能终端将静态令牌、随机数、时间戳和动态令牌发送给服务器,服务器解密接收到的静态令牌和动态令牌,得到静态令牌和动态令牌对应的唯一标识符后,检验该静态令牌和该动态令牌对应的唯一标识符是否一致,若一致,则校验成功,该智能终端可以访问服务器,否则校验失败,智能终端不能访问服务器。其中,该加密算法可以是对称加密,也可以是非对称加密,具体可以根据实际需求选择,此处不做具体限定。Referring to FIG. 2, the server generates a static token and sends a static token to the smart terminal for authorization. After receiving the static token sent by the server, the smart terminal acquires a unique identifier of the smart terminal generated by the server. The smart terminal generates a random number of preset digits. For example, the smart terminal generates an 8-byte random number, and obtains a corresponding timestamp, for example, a time at which the random number is generated, and the parameter is unique according to the obtained random number and timestamp. The identifier is encrypted using an encryption algorithm to generate a dynamic token. After the dynamic token is generated, the smart terminal sends the static token, the random number, the timestamp, and the dynamic token to the server, and the server decrypts the received static token and the dynamic token, and obtains the unique correspondence between the static token and the dynamic token. After the identifier, it is checked whether the static token and the unique identifier corresponding to the dynamic token are consistent. If the verification is successful, the smart terminal can access the server, otherwise the verification fails, and the smart terminal cannot access the server. The encryption algorithm may be symmetric encryption or asymmetric encryption, and may be selected according to actual requirements, and is not specifically limited herein.
可选地,步骤S2之前包括:Optionally, before step S2, the method includes:
S1:接收服务器生成的静态令牌,以获取唯一标识符。S1: Receive a static token generated by the server to obtain a unique identifier.
智能终端接收到服务器发送的静态令牌后,并获取到和静态令牌一起发送的唯一标识符。在其他实施例中,智能终端也可以通过解密服务器端发送的静态令牌得到唯一标识符。本申请通过智能终端生成随机数和时间戳,以随机数和时间戳为参数对唯一标识符进行加密,生成动态令牌,向服务器发送静态令牌、随机数、时间戳和动态令牌,以使得服务器解密静态令牌和动态令牌以校验唯一标识符。随机数不断变化,因此每次访问服务器的令牌都不一样,即使令牌被窃取,也无法短时间内解密令牌,从而提高了服务器的访问安全。After receiving the static token sent by the server, the intelligent terminal acquires a unique identifier sent together with the static token. In other embodiments, the smart terminal can also obtain a unique identifier by decrypting the static token sent by the server. The application generates a random number and a timestamp through the intelligent terminal, encrypts the unique identifier with the random number and the timestamp as parameters, generates a dynamic token, and sends a static token, a random number, a timestamp, and a dynamic token to the server, Causes the server to decrypt the static token and the dynamic token to verify the unique identifier. The random number is constantly changing, so the tokens are different for each access to the server. Even if the token is stolen, the token cannot be decrypted in a short time, thus improving the access security of the server.
如图3所示,本申请令牌生成和校验方法第二实施例是在第一实施例的基础上,进一步限定步骤S3包括:As shown in FIG. 3, the second embodiment of the token generation and verification method of the present application is based on the first embodiment, and further defining step S3 includes:
S31:对时间戳中至少一个字节进行逻辑运算,以得到与时间戳位数相同的时间因子。S31: Perform logic operation on at least one byte in the timestamp to obtain the same time factor as the timestamp digit.
该时间戳的字节数可以是智能终端的系统设定的,也可以是根据用户需求设置的,当该时间戳具有多个字节时,可以对其中一个字节进行逻辑运算,也可以是对多个字节进行逻辑运算,计算得到的时间因子的字节数和时间戳相同,当该时间戳只有一个字节时,可以对该字节中的某些位数进行逻辑运算,或者对所有位数进行逻辑运算,得到的时间因子与时间戳的位数相同。The number of bytes of the timestamp may be set by the system of the smart terminal, or may be set according to user requirements. When the timestamp has multiple bytes, one byte may be logically operated, or may be Performing logical operations on multiple bytes, the calculated number of bytes of the time factor is the same as the timestamp. When the timestamp has only one byte, some bits in the byte can be logically operated, or All bits are logically operated and the resulting time factor is the same as the number of bits in the timestamp.
具体的,在一个应用例中,设定时间戳为8个字节,将时间戳按字节数分为八个部分,即t1,t2,t3,t4,t5,t6,t7和t8,其中t1,t2,t3,t4,t5,t6,t7和t8各占一个字节,对t1和t2进行逻辑运算得到时间因子的第一部分,对t3和t4进行逻辑运算得到时间因子的第二部分......对t8和t1进行逻辑运算得到时间因子的第八部分,时间因子的八部分组合构成一个完整的时间因子。该逻辑运算可以为与运算,也可以为非运算,或者其他逻辑运算,此处不作具体限定。Specifically, in an application example, the timestamp is set to 8 bytes, and the timestamp is divided into eight parts according to the number of bytes, that is, t1, t2, t3, t4, t5, t6, t7, and t8, wherein T1, t2, t3, t4, t5, t6, t7 and t8 each occupy one byte, logically operate on t1 and t2 to obtain the first part of the time factor, and perform logical operations on t3 and t4 to obtain the second part of the time factor. ..... logical operation of t8 and t1 to get the eighth part of the time factor, the eight parts of the time factor combine to form a complete time factor. The logical operation may be an AND operation, a non-operation, or other logic operation, which is not specifically limited herein.
S32:以随机数为参数计算得到第一加密因子和第二加密因子。S32: Calculate the first encryption factor and the second encryption factor by using a random number as a parameter.
将随机数按字节数分为两个部分,将随机数第一部分进行逻辑运算后得到关键字,随机数字第二部分进行逻辑运算后得到引用值,对关键字和引用值再进行条件运算得到加密因子,即根据关键字所满足的预设条件,对引用值进行数学运算得到加密因子。第一加密因子为对随机数第一部分进行数学运算得到的,第二加密因子为对随机数第二部分进行数学运算得到的,随机数第一部分的数学运算和随机数第二部分的数学运算可以相同,也可以不相同。具体的,在一个应用例中,随机数为8个字节,分为4个字节的两个部分,第一部分为高随机数部分(高4字节),第二部分为低随机数部分(低4字节),选取高随机数部分或者选取低随机数部分,对选取的随机数部分先进行异或运算后取四的余数得到关键字,对选取的随机数部分先进行异或运算后取十的余数得到引用值。加密因子为2字节数字,将加密因子按十六进制分为四部分,设定引用值为加密因子的第一部分时,当关键字等于3的时候,加密因子的第二部分等于引用值加1,加密因子的第三部分等于引用值加2,加密因子的第四部分等于引用值加3;当关键字等于2的时候,加密因子的第二部分等于引用值加1,加密因子的第三部分等于引用值加2,加密因子的第四部分等于引用值;当关键字等于1的时候,加密因子的第二部分等于引用值加1,加密因子的第三部分等于引用值,加密因子的第四部分等于引用值加1;当关键字等于0的时候,加密因子的第二部分、第三部分和第四部分都等于引用值;其中,也可以设定引用值为加密因子的其他部分,加密因子的四个部分也可以由引用值与其他数字进行其他数学运算(如减法或乘法等)得到,该数字不作具体限定。The random number is divided into two parts according to the number of bytes, and the first part of the random number is logically operated to obtain a keyword, and the second part of the random number is logically operated to obtain a reference value, and the conditional operation is performed on the keyword and the reference value. The cryptographic factor, that is, the cryptographic factor is obtained by mathematically calculating the reference value according to the preset condition that the keyword satisfies. The first encryption factor is obtained by performing a mathematical operation on the first part of the random number, and the second encryption factor is obtained by performing a mathematical operation on the second part of the random number. The mathematical operation of the first part of the random number and the mathematical operation of the second part of the random number may be performed. The same, can also be different. Specifically, in an application example, the random number is 8 bytes and is divided into two parts of 4 bytes, the first part is a high random number part (high 4 bytes), and the second part is a low random number part. (lower 4 bytes), select the high random number part or select the low random number part, perform the exclusive OR operation on the selected random number part, take the remainder of the four to get the key, and perform the exclusive OR operation on the selected random number part first. After taking the remainder of ten to get the reference value. The encryption factor is a 2-byte number. The encryption factor is divided into four parts in hexadecimal. When the reference value is set to the first part of the encryption factor, when the keyword is equal to 3, the second part of the encryption factor is equal to the reference value. Add 1, the third part of the encryption factor is equal to the reference value plus 2, the fourth part of the encryption factor is equal to the reference value plus 3; when the keyword is equal to 2, the second part of the encryption factor is equal to the reference value plus 1, the encryption factor The third part is equal to the reference value plus 2, the fourth part of the encryption factor is equal to the reference value; when the key is equal to 1, the second part of the encryption factor is equal to the reference value plus 1, the third part of the encryption factor is equal to the reference value, encryption The fourth part of the factor is equal to the reference value plus one; when the key is equal to 0, the second part, the third part and the fourth part of the encryption factor are equal to the reference value; wherein, the reference value can also be set as the encryption factor In other parts, the four parts of the cryptographic factor can also be obtained by other mathematical operations (such as subtraction or multiplication) from the reference value and other numbers, and the number is not specifically limited.
具体的,在一个应用例中,当关键字和引用值都等于0,则加密因子为十六进制的4321;当引用值为0,关键字为1时,加密因子为十六进制的0101;当引用值为3,关键字为3时,加密因子为十六进制的3456;当引用值为3,关键字为0时,加密因子为十六进制的3333,引用值和关键字还可以是其他数值,此处不再举例。Specifically, in an application example, when the keyword and the reference value are both equal to 0, the encryption factor is 4321 in hexadecimal; when the reference value is 0, and the keyword is 1, the encryption factor is hexadecimal. 0101; when the reference value is 3, the keyword is 3, the encryption factor is 3456 in hexadecimal; when the reference value is 3, the keyword is 0, the encryption factor is 3333 in hexadecimal, the reference value and the key Words can also be other values, which are not exemplified here.
上述应用例中,可以对高随机数部分进行上述运算得到第一加密因子,对低随机数部分进行上述运算得到第二加密因子。当然,在其他实施例中,也可以选择随机数的其他部分字节进行上述运算得到加密因子。In the above application example, the first encryption factor may be obtained by performing the above operation on the high random number portion, and the second encryption factor may be obtained by performing the above operation on the low random number portion. Of course, in other embodiments, other partial bytes of the random number may also be selected to perform the above operation to obtain an encryption factor.
S33:以时间因子、时间戳中第一部分字节、随机数中第一部分字节和第一加密因子为元素,构成加密密钥。S33: forming an encryption key by using a time factor, a first partial byte in the timestamp, a first partial byte in the random number, and a first encryption factor as elements.
加密密钥由时间因子、时间戳中第一部分字节、随机数中第一部分字节和第一加密因子构成,加密密钥的字节数为时间因子的字节数、时间戳中第一部分字节的字节数、随机数中第一部分字节的字节数和第一加密因子的字节数之和,时间因子、时间戳中第一部分字节、随机数中第一部分字节和第一加密因子可以按照一定顺序组合构成加密密钥,也可以排列组合构成加密密钥。The encryption key is composed of a time factor, a first partial byte in the time stamp, a first partial byte in the random number, and a first encryption factor. The number of bytes of the encryption key is the number of bytes of the time factor, and the first part of the time stamp. The number of bytes in the section, the sum of the number of bytes of the first partial byte and the number of bytes of the first encryption factor, the time factor, the first partial byte in the timestamp, the first partial byte in the random number, and the first The encryption factors may be combined to form an encryption key in a certain order, or may be arranged in combination to form an encryption key.
具体的,在一个应用例中,加密密钥为16个字节,第一部分为时间因子,占加密密钥8个字节,第二部分为时间戳中第一部分字节,占加密密钥2个字节,第三部分为随机数中第一部分字节,占加密密钥4个字节,第四部分为第一加密因子,占加密密钥2个字节。Specifically, in an application example, the encryption key is 16 bytes, the first part is a time factor, and the encryption key is 8 bytes, and the second part is the first part of the timestamp, which occupies the encryption key 2 The third part is the first part of the random number, which is 4 bytes of the encryption key, and the fourth part is the first encryption factor, which is 2 bytes of the encryption key.
S34:以时间因子、时间戳中第二部分字节、随机数中第二部分字节和第二加密因子为元素,构成密钥向量。S34: forming a key vector by using a time factor, a second partial byte in the time stamp, a second partial byte in the random number, and a second encryption factor as elements.
密钥向量由时间因子、时间戳中第二部分字节、随机数中第二部分字节和第二加密因子构成,密钥向量的字节数为时间因子的字节数、时间戳中第二部分字节的字节数、随机数中第二部分字节的字节数和第二加密因子的字节数之和,时间因子、时间戳中第二部分字节、随机数中第二部分字节和第二加密因子可以按照一定顺序组合构成密钥向量,也可以排列组合构成密钥向量。The key vector is composed of a time factor, a second partial byte in the time stamp, a second partial byte in the random number, and a second encryption factor. The number of bytes of the key vector is the number of bytes of the time factor, and the time stamp is the first. The number of bytes of the two-part byte, the sum of the number of bytes of the second partial byte and the number of bytes of the second encryption factor, the time factor, the second part of the timestamp, and the second of the random number The partial byte and the second encryption factor may be combined in a certain order to form a key vector, or may be arranged in combination to form a key vector.
具体的,在一个应用例中,密钥向量为16个字节,第一部分为时间因子,占加密密钥8个字节,第二部分为时间戳中第二部分字节,占加密密钥2个字节,第三部分为随机数中第二部分字节,占加密密钥4个字节,第四部分为第二加密因子,占加密密钥2个字节。Specifically, in an application example, the key vector is 16 bytes, the first part is a time factor, which occupies 8 bytes of the encryption key, and the second part is the second part of the timestamp, which occupies the encryption key. 2 bytes, the third part is the second part of the random number, accounting for 4 bytes of the encryption key, and the fourth part is the second encryption factor, which is 2 bytes of the encryption key.
其中,加密密钥和密钥向量中,时间因子、时间戳、随机数和加密因子的位置可以一一对应。Wherein, in the encryption key and the key vector, the positions of the time factor, the time stamp, the random number and the encryption factor may correspond one-to-one.
S35:使用加密密钥和密钥向量对唯一标识符进行加密,生成动态令牌。S35: Encrypt the unique identifier by using an encryption key and a key vector to generate a dynamic token.
通过加密密钥和密钥向量对唯一标识符使用加密算法进行加密,进而生成动态令牌,其中,加密密钥和密钥向量可以为16个字节,也可以为其他字节数,加密算法为对加密密钥和密钥向量先使用高级加密算法进行加密,然后再对其使用编码算法进行编码得到动态令牌。The unique identifier is encrypted by an encryption algorithm by using an encryption key and a key vector to generate a dynamic token, wherein the encryption key and the key vector may be 16 bytes or other bytes, and the encryption algorithm The dynamic encryption token is obtained by first encrypting the encryption key and the key vector using an advanced encryption algorithm, and then encoding it using an encoding algorithm.
如图4所示,本申请令牌生成和校验方法第三实施例是在第二实施例的基础上,进一步限定步骤S35包括:As shown in FIG. 4, the third embodiment of the token generation and verification method of the present application is based on the second embodiment, and further defining step S35 includes:
S351:以加密密钥和密钥向量对唯一标识符进行加密,得到加密密文。S351: encrypt the unique identifier by using an encryption key and a key vector to obtain an encrypted ciphertext.
智能终端通过加密密钥和密钥向量对唯一标识符进行加密,进而生成加密密文,其中,加密算法可以为AES高级加密算法,例如AES128,也可以为其他算法,此处不做具体限定。The smart terminal encrypts the unique identifier by using the encryption key and the key vector to generate the encrypted ciphertext. The encryption algorithm may be an AES advanced encryption algorithm, such as AES 128, or other algorithms, which are not specifically limited herein.
S352:对加密密文进行编码,生成动态令牌。S352: Encode the encrypted ciphertext to generate a dynamic token.
智能终端在得到加密密文后,对加密密文使用编码算法进行编码,进而生成动态令牌,其中,编码算法可以为64位编码算法,例如Base64,也可以为其他位数的编码算法,此处不做具体限定。After obtaining the encrypted ciphertext, the intelligent terminal encodes the encrypted ciphertext using an encoding algorithm to generate a dynamic token, wherein the encoding algorithm may be a 64-bit encoding algorithm, such as Base64, or an encoding algorithm of other digits. No specific restrictions are made.
如图5所示,本申请令牌生成和校验方法第四实施例包括:As shown in FIG. 5, the fourth embodiment of the token generation and verification method of the present application includes:
S7:接收智能终端发送的静态令牌、随机数、时间戳和动态令牌,其中动态令牌是以随机数和时间戳为参数对智能终端的唯一标识符进行加密得到的。S7: Receive a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token is obtained by encrypting the unique identifier of the smart terminal by using a random number and a timestamp as parameters.
S8:对动态令牌和静态令牌进行解密,以校验唯一标识符。S8: Decrypt the dynamic token and the static token to verify the unique identifier.
参阅图2和图6,在一个应用例中,服务器可以先生成静态令牌,并发送静态令牌给智能终端进行授权,智能终端生成动态令牌后,智能终端将授权后的静态令牌、随机数、时间戳和动态令牌发送给服务器。服务器利用随机数和时间戳对动态令牌和静态令牌进行解密,分别得到对应的两个标识符,若两个标识符一致,则校验成功,否则校验失败。Referring to FIG. 2 and FIG. 6, in an application example, the server can be a static token and send a static token to the smart terminal for authorization. After the smart terminal generates the dynamic token, the smart terminal will authorize the static token. Random numbers, timestamps, and dynamic tokens are sent to the server. The server decrypts the dynamic token and the static token by using a random number and a timestamp, and respectively obtains two corresponding identifiers. If the two identifiers are consistent, the verification succeeds, otherwise the verification fails.
该解密算法可以为AES高级解密算法,也可以为其他算法,此处不做具体限定。该解密算法与智能终端采用的加密算法对应。The decryption algorithm may be an AES advanced decryption algorithm or other algorithms, which is not specifically limited herein. The decryption algorithm corresponds to an encryption algorithm used by the intelligent terminal.
可选地,步骤S6之前包括:Optionally, before step S6, the method includes:
S5:服务器生成静态令牌。S5: The server generates a static token.
S6:发送静态令牌至智能终端进行授权。S6: Send a static token to the smart terminal for authorization.
智能终端和服务器需要以某种同步方式对智能终端进行授权。智能终端使用一张用户特性列表,作为密码登录计算机。只有智能终端和服务器知道这些特性的意义。因为两者是同步的,智能终端把准确的令牌呈现给服务器。Intelligent terminals and servers need to authorize smart terminals in a synchronous manner. The smart terminal uses a list of user characteristics to log in to the computer as a password. Only smart terminals and servers know the meaning of these features. Because the two are synchronized, the smart terminal presents the exact token to the server.
同步智能终端使用时间戳与授权同步作为授权过程的核心部分。如果同步是基于时间的,智能终端和服务器使他们的时间戳保持相同。使用智能终端的时间戳和随机数生成令牌,输入该令牌和唯一识别码进入智能终端,然后智能终端把他们传送到服务器运行授权服务。授权服务解密令牌并且与期望的令牌比较。如果两者匹配,用户的授权操作完成,允许使用该智能终端和资源。Synchronous smart terminals use timestamps and authorization synchronization as a core part of the authorization process. If the synchronization is time based, the smart terminal and server keep their timestamps the same. The token is generated using the timestamp and random number of the smart terminal, the token and the unique identifier are entered into the smart terminal, and then the smart terminal transmits them to the server to run the authorization service. The authorization service decrypts the token and compares it to the expected token. If the two match, the user's authorization operation is completed, allowing the smart terminal and resources to be used.
基于时间戳的同步,智能终端和服务器共享相同的密钥和密钥向量,用于加密和解密。Based on timestamp-based synchronization, the intelligent terminal and server share the same key and key vector for encryption and decryption.
可选地,步骤S8之前包括:Optionally, before step S8, the method includes:
S801:服务器判断时间戳是否小于或等于智能终端前一次发送的时间戳。S801: The server determines whether the timestamp is less than or equal to a timestamp sent by the smart terminal.
S802:若时间戳小于或等于智能终端前一次发送的时间戳,则判断随机数是否与智能终端前一次发送的随机数相等,若随机数与智能终端前一次发送的随机数不相等,则继续执行对动态令牌和静态令牌进行解密,以校验唯一标识符的步骤。S802: If the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, and if the random number is not equal to the random number sent by the smart terminal, the continuation is continued. Perform the steps of decrypting the dynamic token and the static token to verify the unique identifier.
在服务器对动态令牌和静态令牌进行解密之前,服务器判断本次发送的时间戳是否小于或者等于智能终端前一次发送的时间戳,若本次发送的时间戳小于智能终端前一次发送的时间戳,则返回错误并结束解密,若本次发送的时间戳等于智能终端前一次发送的时间戳,则判断随机数是否与智能终端前一次发送的随机数相等。如果随机数与智能终端前一次发送的随机数相等,那么返回错误并结束解密,如果随机数与智能终端前一次发送的随机数不相等,则对动态令牌和静态令牌使用解密算法进行解密,来校验唯一标识符。Before the server decrypts the dynamic token and the static token, the server determines whether the timestamp sent by the current time is less than or equal to the timestamp sent by the intelligent terminal. If the timestamp sent by the current time is smaller than the time sent by the smart terminal. If the time stamp is equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal the previous time. If the random number is equal to the random number sent by the intelligent terminal the previous time, the error is returned and the decryption is ended. If the random number is not equal to the random number sent by the smart terminal, the decryption algorithm is used to decrypt the dynamic token and the static token. To verify the unique identifier.
如图7所示,本申请令牌生成和校验方法第五实施例是在第四实施例的基础上,进一步限定步骤S8包括:As shown in FIG. 7, the fifth embodiment of the token generation and verification method of the present application is based on the fourth embodiment, and further defining step S8 includes:
S81:以随机数和时间戳为参数对动态令牌进行解密,以在动态令牌解密成功后,得到第一标识符。S81: Decrypt the dynamic token with the random number and the timestamp as parameters to obtain the first identifier after the dynamic token is successfully decrypted.
服务器根据随机数和时间戳来生成解密密钥和解密密钥向量,以解密密钥和解密密钥向量对动态令牌使用解码算法进行解码,得到解密密文,对解密密文使用解密算法,得到第一标识符。如果没有解密成功,则返回错误并结束解密。该解密过程和加密过程为对应的过程。当该动态令牌没有被编码时,也可以省去该解码过程。The server generates a decryption key and a decryption key vector according to the random number and the timestamp, decodes the dynamic token using the decoding algorithm with the decryption key and the decryption key vector, obtains the decrypted ciphertext, and uses the decryption algorithm for decrypting the ciphertext. Get the first identifier. If no decryption succeeds, an error is returned and the decryption is ended. The decryption process and the encryption process are corresponding processes. When the dynamic token is not encoded, the decoding process can also be omitted.
S82:对静态令牌进行解密,以在静态令牌解密成功后,得到第二标识符。S82: Decrypt the static token to obtain a second identifier after the static token is successfully decrypted.
服务器在动态令牌解密成功得到第一标识符后,使用解密算法对静态令牌进行解密,静态令牌解密成功后得到第二标识符。如果静态令牌没有解密成功,则返回错误并结束解密。其中,该静态令牌的解密算法可以与动态令牌的解密算法相同,也可以不同。After the dynamic token decryption succeeds in obtaining the first identifier, the server decrypts the static token by using a decryption algorithm, and after the static token is successfully decrypted, the second identifier is obtained. If the static token is not successfully decrypted, an error is returned and the decryption is ended. The decryption algorithm of the static token may be the same as or different from the decryption algorithm of the dynamic token.
S83:判断第一标识符和第二标识符是否相同。S83: Determine whether the first identifier and the second identifier are the same.
S84:若第一标识符和第二标识符相同,则唯一标识符校验成功;否则,校验失败。S84: If the first identifier and the second identifier are the same, the unique identifier is successfully verified; otherwise, the verification fails.
在动态令牌和静态令牌都解密成功后,服务器判断第一标识符和第二标识符是否相同,如果第一标识符和第二标识符不相同,则唯一标识符校验失败,结束校验,如果第一标识符和第二标识符相同,则唯一标识符校验成功。After both the dynamic token and the static token are successfully decrypted, the server determines whether the first identifier and the second identifier are the same. If the first identifier and the second identifier are not the same, the unique identifier verification fails, and the school ends. It is verified that if the first identifier and the second identifier are the same, the unique identifier is successfully verified.
如图8所示,本申请智能终端一实施例包括:As shown in FIG. 8, an embodiment of the smart terminal of the present application includes:
相互连接的通信电路10和处理器20;Interconnected communication circuit 10 and processor 20;
该通信电路10用于获取静态令牌和唯一标识符。The communication circuit 10 is used to acquire a static token and a unique identifier.
该处理器20用于通过通信电路10获取静态令牌和唯一标识符并执行指令,以实现本申请令牌生成和校验方法第一至第四实施例中任一个以及任意不冲突的组合所提供的方法。The processor 20 is configured to acquire a static token and a unique identifier through the communication circuit 10 and execute an instruction to implement any one of the first to fourth embodiments of the token generation and verification method of the present application and any non-conflicting combination. The method provided.
具体的,该处理器20用于通过通信电路10获取静态令牌和唯一标识符,并执行如下步骤:Specifically, the processor 20 is configured to acquire a static token and a unique identifier through the communication circuit 10, and perform the following steps:
智能终端生成随机数和时间戳;The intelligent terminal generates a random number and a time stamp;
以所述随机数和所述时间戳为参数对唯一标识符进行加密,生成动态令牌,其中,所述唯一标识符由服务器生成,用以识别与所述服务器交互的智能终端;Encrypting the unique identifier by using the random number and the timestamp as parameters to generate a dynamic token, where the unique identifier is generated by a server to identify an intelligent terminal that interacts with the server;
向所述服务器发送静态令牌、所述随机数、所述时间戳和所述动态令牌,以使得所述服务器解密所述静态令牌和所述动态令牌以校验所述唯一标识符。Sending a static token, the random number, the timestamp, and the dynamic token to the server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier .
在一些实施例中,该处理器20执行所述以所述随机数和所述时间戳为参数对唯一标识符进行加密的步骤,包括:In some embodiments, the processor 20 performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, including:
对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;Performing a logical operation on at least one byte of the timestamp to obtain the same time factor as the number of timestamps;
以所述随机数为参数计算得到第一加密因子和第二加密因子;Calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor;
以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥;Forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements;
以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量;Forming a key vector by using the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor as elements;
使用所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌。The unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
在一些实施例中,该处理器20执行所述对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子的步骤,包括:In some embodiments, the processor 20 performs the step of performing a logical operation on at least one of the timestamps to obtain the same time factor as the number of timestamps, including:
当所述时间戳具有多个字节时,对所述时间戳中的一个字节或者多个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
当所述时间戳具有单字节时,对所述时间戳的单字节中的部分位数或者所有位数进行逻辑运算,以得到与所述时间戳位数相同的时间因子。When the timestamp has a single byte, a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
在一些实施例中,该处理器20执行所述以所述随机数为参数计算得到第一加密因子和第二加密因子的步骤,包括:In some embodiments, the processor 20 performs the step of calculating the first encryption factor and the second encryption factor by using the random number as a parameter, including:
将所述随机数按字节数分为第一部分和第二部分;Dividing the random number into a first part and a second part according to a number of bytes;
将所述随机数的第一部分进行逻辑运算后得到关键字,将随机数字的第二部分进行逻辑运算后得到引用值;Performing a logical operation on the first part of the random number to obtain a keyword, and performing a logical operation on the second part of the random number to obtain a reference value;
对所述关键字和所述引用值进行条件运算,以得到第一加密因子和第二加密因子。Performing a conditional operation on the keyword and the reference value to obtain a first encryption factor and a second encryption factor.
在一些实施例中,该处理器20执行:In some embodiments, the processor 20 executes:
所述以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥的步骤,包括:The step of forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements, including:
所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子按照第一预设顺序组合构成加密密钥;其中,所述加密密钥的字节数为所述时间因子的字节数、所述时间戳中第一部分字节的字节数、所述随机数中第一部分字节的字节数和所述第一加密因子的字节数之和;The time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key The number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
所述以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量的步骤,包括:And the step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements, including:
所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子按照第二预设顺序组合构成密钥向量;其中,所述密钥向量的字节数为所述时间因子的字节数、所述时间戳中第二部分字节的字节数、所述随机数中第二部分字节的字节数和所述第二加密因子的字节数之和。The time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret The number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
在一些实施例中,该处理器20执行所述以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌的步骤,包括:In some embodiments, the processor 20 performs the step of encrypting the unique identifier with the encryption key and the key vector to generate the dynamic token, including:
以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,得到加密密文;Encrypting the unique identifier with the encryption key and the key vector to obtain an encrypted ciphertext;
对所述加密密文进行编码,生成所述动态令牌。Encoding the encrypted ciphertext to generate the dynamic token.
在一些实施例中,该处理器20执行所述智能终端生成随机数和时间戳的步骤之前,包括:In some embodiments, before the step of the processor 20 to generate the random number and the timestamp, the processor 20 includes:
接收所述服务器生成的静态令牌,以获取所述唯一标识符。Receiving a static token generated by the server to obtain the unique identifier.
该处理器20控制智能终端的操作,处理器20还可以称为CPU(Central Processing Unit,中央处理单元)。处理器20可能是一种集成电路芯片,具有信号的处理能力。处理器20还可以是通用处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、现成可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 20 controls the operation of the smart terminal, and the processor 20 may also be referred to as a CPU (Central). Processing Unit, central processing unit). Processor 20 may be an integrated circuit chip with signal processing capabilities. Processor 20 can also be a general purpose processor, digital signal processor (DSP), application specific integrated circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component . The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
智能终端可以进一步包括存储器(图中未画出),存储器用于存储处理器20工作所必需的指令及数据。The intelligent terminal can further include a memory (not shown) for storing instructions and data necessary for the processor 20 to operate.
在其他实施例中,该智能终端还可以视具体需求设置显示屏、键盘等其他部件,此处不做具体限定。In other embodiments, the smart terminal can also set other components such as a display screen and a keyboard according to specific requirements, which are not specifically limited herein.
如图9所示,本申请服务器一实施例包括:As shown in FIG. 9, an embodiment of the server of the present application includes:
相互连接的通信电路30和处理器40;该通信电路30用于获取静态令牌、随机数、时间戳和动态令牌。Interconnected communication circuit 30 and processor 40; the communication circuit 30 is used to acquire static tokens, random numbers, timestamps, and dynamic tokens.
该处理器40用于通过通信电路30获取静态令牌、随机数、时间戳和动态令牌并执行指令,以实现本申请令牌生成和校验方法第五至第八实施例中任一个以及任意不冲突的组合所提供的方法。The processor 40 is configured to acquire a static token, a random number, a time stamp, and a dynamic token through the communication circuit 30 and execute an instruction to implement any one of the fifth to eighth embodiments of the token generation and verification method of the present application. The method provided by any combination of non-conflicting.
该处理器40控制服务器的操作,处理器40还可以称为CPU(Central Processing Unit,中央处理单元)。处理器40可能是一种集成电路芯片,具有信号的处理能力。处理器40还可以是通用处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、现成可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 40 controls the operation of the server, and the processor 40 may also be referred to as a CPU (Central). Processing Unit, central processing unit). Processor 40 may be an integrated circuit chip with signal processing capabilities. The processor 40 can also be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component. . The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
服务器可以进一步包括存储器(图中未画出),存储器用于存储处理器40工作所必需的指令及数据。The server may further include a memory (not shown) for storing instructions and data necessary for the processor 40 to operate.
服务器可以为私人服务器,也可以为云端服务器。The server can be a private server or a cloud server.
以上所述仅为本申请的实施方式,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above description is only the embodiment of the present application, and thus does not limit the scope of the patent application, and the equivalent structure or equivalent process transformation of the specification and the drawings of the present application, or directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of this application.

Claims (20)

  1. 一种令牌生成和校验方法,其包括:A token generation and verification method, comprising:
    智能终端生成随机数和时间戳;The intelligent terminal generates a random number and a time stamp;
    以所述随机数和所述时间戳为参数对唯一标识符进行加密,生成动态令牌;Encrypting the unique identifier by using the random number and the timestamp as parameters to generate a dynamic token;
    向服务器发送静态令牌、所述随机数、所述时间戳和所述动态令牌,以使得所述服务器解密所述静态令牌和所述动态令牌以校验所述唯一标识符。Sending a static token, the random number, the timestamp, and the dynamic token to a server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier.
  2. 根据权利要求1所述的方法,其中,所述以所述随机数和所述时间戳为参数对唯一标识符进行加密,包括:The method of claim 1, wherein the encrypting the unique identifier with the random number and the timestamp as parameters comprises:
    对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;Performing a logical operation on at least one byte of the timestamp to obtain the same time factor as the number of timestamps;
    以所述随机数为参数计算得到第一加密因子和第二加密因子;Calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor;
    以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥;Forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements;
    以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量;Forming a key vector by using the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor as elements;
    使用所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌。The unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  3. 根据权利要求2所述的方法,其中,所述对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子,包括:The method of claim 2, wherein the logical operation of at least one of the timestamps to obtain the same time factor as the number of timestamps comprises:
    当所述时间戳具有多个字节时,对所述时间戳中的一个字节或者多个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
    当所述时间戳具有单字节时,对所述时间戳的单字节中的部分位数或者所有位数进行逻辑运算,以得到与所述时间戳位数相同的时间因子。When the timestamp has a single byte, a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  4. 根据权利要求2所述的方法,其中,所述以所述随机数为参数计算得到第一加密因子和第二加密因子,包括:The method according to claim 2, wherein the calculating the first encryption factor and the second encryption factor by using the random number as a parameter comprises:
    将所述随机数按字节数分为第一部分和第二部分;Dividing the random number into a first part and a second part according to a number of bytes;
    将所述随机数的第一部分进行逻辑运算后得到关键字,将随机数字的第二部分进行逻辑运算后得到引用值;Performing a logical operation on the first part of the random number to obtain a keyword, and performing a logical operation on the second part of the random number to obtain a reference value;
    对所述关键字和所述引用值进行条件运算,以得到第一加密因子和第二加密因子。Performing a conditional operation on the keyword and the reference value to obtain a first encryption factor and a second encryption factor.
  5. 根据权利要求2所述的方法,其中,所述以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥,包括:The method according to claim 2, wherein said encrypting is performed by said time factor, said first partial byte of said time stamp, said first partial byte of said random number and said first encryption factor being elements Key, including:
    所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子按照第一预设顺序组合构成加密密钥;其中,所述加密密钥的字节数为所述时间因子的字节数、所述时间戳中第一部分字节的字节数、所述随机数中第一部分字节的字节数和所述第一加密因子的字节数之和。The time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key The number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections.
  6. 根据权利要求2所述的方法,其中,所述以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量,包括:The method of claim 2, wherein said time factor, a second partial byte of said time stamp, a second partial byte of said random number, and said second encryption factor are elements. Form the key vector, including:
    所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子按照第二预设顺序组合构成密钥向量;其中,所述密钥向量的字节数为所述时间因子的字节数、所述时间戳中第二部分字节的字节数、所述随机数中第二部分字节的字节数和所述第二加密因子的字节数之和。The time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret The number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  7. 根据权利要求2所述的方法,其中,所述以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌,包括:The method of claim 2, wherein the encrypting the unique identifier with the encryption key and the key vector to generate the dynamic token comprises:
    以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,得到加密密文;Encrypting the unique identifier with the encryption key and the key vector to obtain an encrypted ciphertext;
    对所述加密密文进行编码,生成所述动态令牌。Encoding the encrypted ciphertext to generate the dynamic token.
  8. 根据权利要求1所述的方法,其中,所述智能终端生成随机数和时间戳之前,包括:The method according to claim 1, wherein before the smart terminal generates the random number and the time stamp, the method comprises:
    接收所述服务器生成的静态令牌,以获取所述唯一标识符。Receiving a static token generated by the server to obtain the unique identifier.
  9. 一种令牌生成和校验方法,其包括:A token generation and verification method, comprising:
    接收智能终端发送的静态令牌、随机数、时间戳和动态令牌,其中所述动态令牌是以所述随机数和所述时间戳为参数对所述智能终端的唯一标识符进行加密得到的;Receiving a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token encrypts the unique identifier of the smart terminal by using the random number and the timestamp as parameters of;
    对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符。The dynamic token and the static token are decrypted to verify the unique identifier.
  10. 根据权利要求9所述的方法,其中,所述接收智能终端发送的静态令牌、随机数、时间戳和动态令牌之前,包括:The method according to claim 9, wherein the receiving the static token, the random number, the timestamp and the dynamic token sent by the smart terminal comprises:
    所述服务器生成静态令牌;The server generates a static token;
    发送所述静态令牌至智能终端进行授权。Sending the static token to the smart terminal for authorization.
  11. 根据权利要求9所述的方法,其中,所述对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符,包括:The method of claim 9 wherein said decrypting said dynamic token and said static token to verify said unique identifier comprises:
    以所述随机数和所述时间戳为参数对所述动态令牌进行解密,以在所述动态令牌解密成功后,得到第一标识符;Decrypting the dynamic token with the random number and the timestamp as parameters to obtain a first identifier after the dynamic token is successfully decrypted;
    对所述静态令牌进行解密,以在所述静态令牌解密成功后,得到第二标识符;Decrypting the static token to obtain a second identifier after the static token is successfully decrypted;
    判断所述第一标识符和所述第二标识符是否相同;Determining whether the first identifier and the second identifier are the same;
    若所述第一标识符和所述第二标识符相同,则所述唯一标识符校验成功;否则,校验失败。If the first identifier and the second identifier are the same, the unique identifier verification is successful; otherwise, the verification fails.
  12. 根据权利要求11所述的方法,其中,所述以所述随机数和所述时间戳为参数对所述动态令牌进行解密,以在所述动态令牌解密成功后,得到第一标识符,包括:The method of claim 11, wherein the decrypting the dynamic token with the random number and the timestamp as parameters to obtain a first identifier after the dynamic token is successfully decrypted ,include:
    根据所述随机数和所述时间戳来生成解密密钥和解密密钥向量;Generating a decryption key and a decryption key vector according to the random number and the timestamp;
    以所述解密密钥和所述解密密钥向量对所述动态令牌使用解码算法进行解码,得到解密密文;Decoding the dynamic token with the decryption key and the decryption key vector using a decoding algorithm to obtain a decrypted ciphertext;
    对所述解密密文使用解密算法,得到第一标识符。A decryption algorithm is used on the decrypted ciphertext to obtain a first identifier.
  13. 根据权利要求10所述的方法,其中,所述对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符之前,包括:The method of claim 10, wherein the decrypting the dynamic token and the static token to verify the unique identifier comprises:
    所述服务器判断所述时间戳是否小于或等于所述智能终端前一次发送的时间戳;Determining, by the server, whether the timestamp is less than or equal to a timestamp previously sent by the smart terminal;
    若所述时间戳小于或等于所述智能终端前一次发送的时间戳,则判断所述随机数是否与所述智能终端前一次发送的随机数相等,若所述随机数与所述智能终端前一次发送的随机数不相等,则继续执行所述对所述动态令牌和所述静态令牌进行解密,以校验所述唯一标识符的步骤。If the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, if the random number is before the smart terminal If the random numbers sent at one time are not equal, the step of decrypting the dynamic token and the static token to verify the unique identifier is continued.
  14. 一种智能终端,其包括:An intelligent terminal comprising:
    相互连接的通信电路和处理器;Interconnected communication circuits and processors;
    所述通信电路,用于获取所述静态令牌和所述唯一标识符;The communication circuit is configured to acquire the static token and the unique identifier;
    所述处理器,通过所述通信电路获取所述静态令牌和所述唯一标识符,并执行指令以实现如下步骤:The processor acquires the static token and the unique identifier through the communication circuit, and executes an instruction to implement the following steps:
    智能终端生成随机数和时间戳;The intelligent terminal generates a random number and a time stamp;
    以所述随机数和所述时间戳为参数对唯一标识符进行加密,生成动态令牌,其中,所述唯一标识符由服务器生成,用以识别与所述服务器交互的智能终端;Encrypting the unique identifier by using the random number and the timestamp as parameters to generate a dynamic token, where the unique identifier is generated by a server to identify an intelligent terminal that interacts with the server;
    向所述服务器发送静态令牌、所述随机数、所述时间戳和所述动态令牌,以使得所述服务器解密所述静态令牌和所述动态令牌以校验所述唯一标识符。Sending a static token, the random number, the timestamp, and the dynamic token to the server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier .
  15. 根据权利要求14所述的智能终端,其中,所述处理器执行所述以所述随机数和所述时间戳为参数对唯一标识符进行加密的步骤,包括:The intelligent terminal according to claim 14, wherein the processor performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, comprising:
    对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;Performing a logical operation on at least one byte of the timestamp to obtain the same time factor as the number of timestamps;
    以所述随机数为参数计算得到第一加密因子和第二加密因子;Calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor;
    以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥;Forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements;
    以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量;Forming a key vector by using the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor as elements;
    使用所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌。The unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  16. 根据权利要求15所述的智能终端,其中,所述处理器执行所述对所述时间戳中至少一个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子的步骤,包括:The intelligent terminal according to claim 15, wherein said processor performs said step of performing logical operations on at least one of said time stamps to obtain a time factor identical to said time stamp bits, including :
    当所述时间戳具有多个字节时,对所述时间戳中的一个字节或者多个字节进行逻辑运算,以得到与所述时间戳位数相同的时间因子;When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
    当所述时间戳具有单字节时,对所述时间戳的单字节中的部分位数或者所有位数进行逻辑运算,以得到与所述时间戳位数相同的时间因子。When the timestamp has a single byte, a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  17. 根据权利要求15所述的智能终端,其中,所述处理器执行所述以所述随机数为参数计算得到第一加密因子和第二加密因子的步骤,包括:The intelligent terminal according to claim 15, wherein the processor performs the step of calculating the first encryption factor and the second encryption factor by using the random number as a parameter, comprising:
    将所述随机数按字节数分为第一部分和第二部分;Dividing the random number into a first part and a second part according to a number of bytes;
    将所述随机数的第一部分进行逻辑运算后得到关键字,将随机数字的第二部分进行逻辑运算后得到引用值;Performing a logical operation on the first part of the random number to obtain a keyword, and performing a logical operation on the second part of the random number to obtain a reference value;
    对所述关键字和所述引用值进行条件运算,以得到第一加密因子和第二加密因子。Performing a conditional operation on the keyword and the reference value to obtain a first encryption factor and a second encryption factor.
  18. 根据权利要求15所述的智能终端,其中,所述处理器执行:The intelligent terminal of claim 15, wherein the processor executes:
    所述以所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子为元素,构成加密密钥的步骤,包括:The step of forming an encryption key by using the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor as elements, including:
    所述时间因子、所述时间戳中第一部分字节、所述随机数中第一部分字节和所述第一加密因子按照第一预设顺序组合构成加密密钥;其中,所述加密密钥的字节数为所述时间因子的字节数、所述时间戳中第一部分字节的字节数、所述随机数中第一部分字节的字节数和所述第一加密因子的字节数之和;The time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key The number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
    所述以所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子为元素,构成密钥向量的步骤,包括:And the step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements, including:
    所述时间因子、所述时间戳中第二部分字节、所述随机数中第二部分字节和所述第二加密因子按照第二预设顺序组合构成密钥向量;其中,所述密钥向量的字节数为所述时间因子的字节数、所述时间戳中第二部分字节的字节数、所述随机数中第二部分字节的字节数和所述第二加密因子的字节数之和。The time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret The number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  19. 根据权利要求15所述的智能终端,其中,所述处理器执行所述以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,生成所述动态令牌的步骤,包括:The intelligent terminal of claim 15, wherein the processor performs the step of encrypting the unique identifier with the encryption key and the key vector to generate the dynamic token, including :
    以所述加密密钥和所述密钥向量对所述唯一标识符进行加密,得到加密密文;Encrypting the unique identifier with the encryption key and the key vector to obtain an encrypted ciphertext;
    对所述加密密文进行编码,生成所述动态令牌。Encoding the encrypted ciphertext to generate the dynamic token.
  20. 根据权利要求14所述的智能终端,其中,所述处理器执行所述智能终端生成随机数和时间戳的步骤之前,包括:The intelligent terminal according to claim 14, wherein the processor before the step of generating the random number and the time stamp by the smart terminal comprises:
    接收所述服务器生成的静态令牌,以获取所述唯一标识符。Receiving a static token generated by the server to obtain the unique identifier.
PCT/CN2019/076590 2018-03-01 2019-02-28 Token generation and verification method and smart terminal WO2019166001A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810173001.4 2018-03-01
CN201810173001.4A CN108494740B (en) 2018-03-01 2018-03-01 Token generation and verification method, intelligent terminal and server

Publications (1)

Publication Number Publication Date
WO2019166001A1 true WO2019166001A1 (en) 2019-09-06

Family

ID=63341049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/076590 WO2019166001A1 (en) 2018-03-01 2019-02-28 Token generation and verification method and smart terminal

Country Status (2)

Country Link
CN (1) CN108494740B (en)
WO (1) WO2019166001A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463281A (en) * 2020-12-11 2021-03-09 成都知道创宇信息技术有限公司 Remote assistance method, device, system, electronic equipment and storage medium
CN112788036A (en) * 2021-01-13 2021-05-11 中国人民财产保险股份有限公司 Identity verification method and device

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494740B (en) * 2018-03-01 2021-08-24 捷开通讯(深圳)有限公司 Token generation and verification method, intelligent terminal and server
CN109410396B (en) * 2018-10-14 2021-01-01 浙江鸿利锁业有限公司 Intelligent lock data encryption transmission method and leasing equipment applying same
CN112823503B (en) * 2018-11-20 2022-08-16 深圳市欢太科技有限公司 Data access method, data access device and mobile terminal
CN109921894B (en) * 2019-02-13 2022-08-12 平安科技(深圳)有限公司 Data transmission encryption method and device, storage medium and server
CN109831446B (en) * 2019-03-05 2021-08-20 广州虎牙信息科技有限公司 Request checking method, device, equipment and storage medium
CN110493258B (en) * 2019-09-09 2022-09-30 平安普惠企业管理有限公司 Identity verification method based on TOKEN and related equipment
CN110602139B (en) * 2019-09-27 2021-08-13 成都九曲互动科技有限公司 Recharge login access method and system based on Tencent cloud
CN110704855B (en) * 2019-10-08 2021-07-23 深圳市云桥科技服务有限公司 Request identifier generation method, request identifier verification method and computer equipment
CN111431726B (en) * 2020-06-11 2020-09-18 深圳市友杰智新科技有限公司 Algorithm authorization method, device, computer equipment and storage medium
CN112235277A (en) * 2020-10-09 2021-01-15 北京达佳互联信息技术有限公司 Resource request method, resource response method and related equipment
CN113434889A (en) * 2021-07-07 2021-09-24 数字广东网络建设有限公司 Service data access method, device, equipment and storage medium
CN113992401B (en) * 2021-10-27 2023-03-24 同程网络科技股份有限公司 Data processing method and device
CN114047882A (en) * 2021-11-18 2022-02-15 中国科学院计算机网络信息中心 Identity authentication method and system with separated single-bucket read-write permission

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110055391A1 (en) * 2009-08-31 2011-03-03 James Paul Schneider Multifactor validation of requests to thwart cross-site attacks
CN106066958A (en) * 2015-04-21 2016-11-02 国际商业机器公司 The certification of subscriber computer
CN107493286A (en) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 A kind of RPC remote procedure calling (PRC) methods based on secure authentication
CN108494740A (en) * 2018-03-01 2018-09-04 捷开通讯(深圳)有限公司 Token generates and method of calibration, intelligent terminal and server

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621598B2 (en) * 2008-03-12 2013-12-31 Intuit Inc. Method and apparatus for securely invoking a rest API
CN106161032B (en) * 2015-04-24 2019-03-19 华为技术有限公司 A kind of identity authentication method and device
CN106470184B (en) * 2015-08-14 2020-06-26 阿里巴巴集团控股有限公司 Security authentication method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110055391A1 (en) * 2009-08-31 2011-03-03 James Paul Schneider Multifactor validation of requests to thwart cross-site attacks
CN106066958A (en) * 2015-04-21 2016-11-02 国际商业机器公司 The certification of subscriber computer
CN107493286A (en) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 A kind of RPC remote procedure calling (PRC) methods based on secure authentication
CN108494740A (en) * 2018-03-01 2018-09-04 捷开通讯(深圳)有限公司 Token generates and method of calibration, intelligent terminal and server

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463281A (en) * 2020-12-11 2021-03-09 成都知道创宇信息技术有限公司 Remote assistance method, device, system, electronic equipment and storage medium
CN112788036A (en) * 2021-01-13 2021-05-11 中国人民财产保险股份有限公司 Identity verification method and device
CN112788036B (en) * 2021-01-13 2022-12-27 中国人民财产保险股份有限公司 Identity verification method and device

Also Published As

Publication number Publication date
CN108494740B (en) 2021-08-24
CN108494740A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
WO2019166001A1 (en) Token generation and verification method and smart terminal
US20220191021A1 (en) Blockchain-implemented method and system
CN108809646B (en) Secure shared key sharing system
US6292896B1 (en) Method and apparatus for entity authentication and session key generation
US10142107B2 (en) Token binding using trust module protected keys
US5142578A (en) Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors
US5592553A (en) Authentication system using one-time passwords
US5164988A (en) Method to establish and enforce a network cryptographic security policy in a public key cryptosystem
US5265164A (en) Cryptographic facility environment backup/restore and replication in a public key cryptosystem
US9178881B2 (en) Proof of device genuineness
TWI809292B (en) Data encryption and decryption method, device, storage medium and encrypted file
US20120054491A1 (en) Re-authentication in client-server communications
WO2012164487A1 (en) Combining key control information in common cryptographic architecture services
CN108199847B (en) Digital security processing method, computer device, and storage medium
WO2018120938A1 (en) Offline key transmission method, terminal and storage medium
CN115242553B (en) Data exchange method and system supporting safe multi-party calculation
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN115276978A (en) Data processing method and related device
CN111314059B (en) Processing method, device and equipment for account authority proxy and readable storage medium
CN115499118A (en) Message key generation method, message key generation device, file encryption method, message key decryption method, file encryption device, file decryption device and medium
CN114745114A (en) Key agreement method, device, equipment and medium based on password derivation
CN109981264B (en) Application key generation method and cipher machine equipment assembly
JP6165044B2 (en) User authentication apparatus, system, method and program
US11558371B2 (en) Authentication system(s) with multiple authentication modes using one-time passwords of increased security
KR102145679B1 (en) Method for evading mitm attack for https protocol

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19760537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19760537

Country of ref document: EP

Kind code of ref document: A1