WO2019166001A1 - Procédé de génération et de vérification de jeton et terminal intelligent - Google Patents

Procédé de génération et de vérification de jeton et terminal intelligent Download PDF

Info

Publication number
WO2019166001A1
WO2019166001A1 PCT/CN2019/076590 CN2019076590W WO2019166001A1 WO 2019166001 A1 WO2019166001 A1 WO 2019166001A1 CN 2019076590 W CN2019076590 W CN 2019076590W WO 2019166001 A1 WO2019166001 A1 WO 2019166001A1
Authority
WO
WIPO (PCT)
Prior art keywords
random number
timestamp
factor
token
encryption
Prior art date
Application number
PCT/CN2019/076590
Other languages
English (en)
Chinese (zh)
Inventor
叶世刚
Original Assignee
捷开通讯(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 捷开通讯(深圳)有限公司 filed Critical 捷开通讯(深圳)有限公司
Publication of WO2019166001A1 publication Critical patent/WO2019166001A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the present application relates to the field of intelligent terminals, and in particular, to a token generation and verification method and an intelligent terminal.
  • Tokens is a concept for the security of smart terminals.
  • the system creates an access token containing the system ID returned by the login process and the security group assigned to the user and user by the local security policy. List of privileges. All processes running as this user have a copy of the token, and the system uses tokens to control which security objects the user can access and control the user's ability to perform related system operations.
  • the traditional token generation and verification method is only for static tokens, which is easy to bring great risks to users and increase the risk of account theft.
  • the embodiment of the present application provides a token generation and verification method and an intelligent terminal, which can ensure that the tokens of each access to the server are different.
  • the embodiment of the present application provides a method for generating and verifying a token, which includes: the smart terminal generates a random number and a timestamp, encrypts the unique identifier by using a random number and a timestamp as parameters, generates a dynamic token, and sends the dynamic token to the server. Static tokens, random numbers, timestamps, and dynamic tokens to cause the server to decrypt static tokens and dynamic tokens to verify unique identifiers.
  • the encrypting the unique identifier by using the random number and the timestamp as parameters including:
  • the unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  • the logic operation is performed on at least one byte of the timestamp to obtain the same time factor as the timestamp digit, including:
  • the timestamp When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
  • a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  • the calculating, by using the random number as a parameter, the first encryption factor and the second encryption factor including:
  • the time factor, the first part of the timestamp, the first part of the random number, and the first encryption factor are used as elements to form an encryption.
  • Key including:
  • the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key
  • the number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections.
  • the time factor, a second partial byte of the timestamp, a second partial byte of the random number, and the second encryption factor are elements.
  • Form the key vector including:
  • the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret
  • the number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  • the encrypting the unique identifier by using the encryption key and the key vector to generate the dynamic token includes:
  • the smart terminal before the smart terminal generates the random number and the timestamp, the smart terminal includes:
  • the embodiment of the present application further provides a method for generating and verifying a token, which includes: receiving a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token is a random number and a timestamp.
  • the parameter is obtained by encrypting the unique identifier of the smart terminal, and decrypting the dynamic token and the static token to verify the unique identifier.
  • the method before receiving the static token, the random number, the timestamp, and the dynamic token sent by the smart terminal, the method includes:
  • the server generates a static token
  • the decrypting the dynamic token and the static token to verify the unique identifier includes:
  • the unique identifier verification is successful; otherwise, the verification fails.
  • the dynamic token is decrypted by using the random number and the timestamp as parameters, so that after the dynamic token is successfully decrypted, the first identifier is obtained.
  • a decryption algorithm is used on the decrypted ciphertext to obtain a first identifier.
  • the method before the decrypting the dynamic token and the static token to verify the unique identifier, the method includes:
  • the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, if the random number is before the smart terminal If the random numbers sent at one time are not equal, the step of decrypting the dynamic token and the static token to verify the unique identifier is continued.
  • the embodiment of the present application further provides an intelligent terminal, including: a communication circuit and a processor connected to each other, a communication circuit, configured to acquire a static token and a unique identifier, and the processor obtains a static token and a unique identifier through the communication circuit. And perform the following steps:
  • the intelligent terminal generates a random number and a time stamp
  • the processor performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, including:
  • the unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  • the processor performs the step of performing a logical operation on at least one byte of the timestamp to obtain a time factor identical to the timestamp digit, including :
  • the timestamp When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
  • a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  • the processor performs the step of calculating, by using the random number as a parameter, a first encryption factor and a second encryption factor, including:
  • the processor executes:
  • the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key
  • the number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
  • step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements including:
  • the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret
  • the number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  • the processor performs the step of encrypting the unique identifier by using the encryption key and the key vector to generate the dynamic token, including :
  • the method before the step of the processor executing the random number and the time stamp generated by the smart terminal, the method includes:
  • the embodiment of the present application provides a token generation and verification method and an intelligent terminal.
  • the smart terminal generates a random number and a timestamp, encrypts the unique identifier by using a random number and a timestamp as parameters, and generates a dynamic token to the server.
  • a static token, a random number, a timestamp, and a dynamic token are sent to cause the server to decrypt the static token and the dynamic token to verify the unique identifier.
  • the random number is constantly changing, so the tokens are different for each access to the server. Even if the token is stolen, the token cannot be decrypted in a short time, thus improving the access security of the server.
  • FIG. 1 is a schematic flowchart of a first embodiment of a method for generating and verifying a token according to the present application
  • FIG. 2 is an interaction diagram of a smart terminal and a server of the token generation and verification method of the present application
  • FIG. 3 is a schematic flowchart of a second embodiment of a method for generating and verifying a token according to the present application
  • FIG. 4 is a schematic flowchart of a third embodiment of a method for generating and verifying a token according to the present application
  • FIG. 5 is a schematic flowchart of a fourth embodiment of a method for generating and verifying a token according to the present application
  • FIG. 6 is a schematic flowchart of a server verifying a static token and a dynamic token according to a fourth embodiment of the token generation and verification method of the present application;
  • FIG. 7 is a schematic flowchart of a fifth embodiment of a method for generating and verifying a token according to the present application.
  • FIG. 8 is a schematic structural diagram of an embodiment of a smart terminal according to the present application.
  • FIG. 9 is a schematic structural diagram of an embodiment of a server according to the present application.
  • the first embodiment of the token generation and verification method of the present application includes:
  • S2 The smart terminal generates a random number and a time stamp.
  • S3 The unique identifier is encrypted by using a random number and a timestamp as parameters to generate a dynamic token.
  • S4 Send a static token, a random number, a timestamp, and a dynamic token to the server to cause the server to decrypt the static token and the dynamic token to verify the unique identifier.
  • the unique identifier is generated by the server to identify the smart terminal that interacts with the server.
  • the static token is a fixed combination of characters
  • the dynamic token is a random character combination
  • the timestamp is able to represent a piece of data before a certain time.
  • An existing, complete, verifiable sequence of characters used to uniquely identify a moment in time.
  • the server generates a static token and sends a static token to the smart terminal for authorization.
  • the smart terminal acquires a unique identifier of the smart terminal generated by the server.
  • the smart terminal generates a random number of preset digits. For example, the smart terminal generates an 8-byte random number, and obtains a corresponding timestamp, for example, a time at which the random number is generated, and the parameter is unique according to the obtained random number and timestamp.
  • the identifier is encrypted using an encryption algorithm to generate a dynamic token.
  • the smart terminal After the dynamic token is generated, the smart terminal sends the static token, the random number, the timestamp, and the dynamic token to the server, and the server decrypts the received static token and the dynamic token, and obtains the unique correspondence between the static token and the dynamic token. After the identifier, it is checked whether the static token and the unique identifier corresponding to the dynamic token are consistent. If the verification is successful, the smart terminal can access the server, otherwise the verification fails, and the smart terminal cannot access the server.
  • the encryption algorithm may be symmetric encryption or asymmetric encryption, and may be selected according to actual requirements, and is not specifically limited herein.
  • step S2 the method includes:
  • S1 Receive a static token generated by the server to obtain a unique identifier.
  • the intelligent terminal After receiving the static token sent by the server, the intelligent terminal acquires a unique identifier sent together with the static token.
  • the smart terminal can also obtain a unique identifier by decrypting the static token sent by the server.
  • the application generates a random number and a timestamp through the intelligent terminal, encrypts the unique identifier with the random number and the timestamp as parameters, generates a dynamic token, and sends a static token, a random number, a timestamp, and a dynamic token to the server, Causes the server to decrypt the static token and the dynamic token to verify the unique identifier.
  • the random number is constantly changing, so the tokens are different for each access to the server. Even if the token is stolen, the token cannot be decrypted in a short time, thus improving the access security of the server.
  • step S3 includes:
  • S31 Perform logic operation on at least one byte in the timestamp to obtain the same time factor as the timestamp digit.
  • the number of bytes of the timestamp may be set by the system of the smart terminal, or may be set according to user requirements.
  • one byte may be logically operated, or may be Performing logical operations on multiple bytes, the calculated number of bytes of the time factor is the same as the timestamp.
  • the timestamp has only one byte, some bits in the byte can be logically operated, or All bits are logically operated and the resulting time factor is the same as the number of bits in the timestamp.
  • the timestamp is set to 8 bytes, and the timestamp is divided into eight parts according to the number of bytes, that is, t1, t2, t3, t4, t5, t6, t7, and t8, wherein T1, t2, t3, t4, t5, t6, t7 and t8 each occupy one byte, logically operate on t1 and t2 to obtain the first part of the time factor, and perform logical operations on t3 and t4 to obtain the second part of the time factor. . logical operation of t8 and t1 to get the eighth part of the time factor, the eight parts of the time factor combine to form a complete time factor.
  • the logical operation may be an AND operation, a non-operation, or other logic operation, which is not specifically limited herein.
  • S32 Calculate the first encryption factor and the second encryption factor by using a random number as a parameter.
  • the random number is divided into two parts according to the number of bytes, and the first part of the random number is logically operated to obtain a keyword, and the second part of the random number is logically operated to obtain a reference value, and the conditional operation is performed on the keyword and the reference value.
  • the cryptographic factor that is, the cryptographic factor is obtained by mathematically calculating the reference value according to the preset condition that the keyword satisfies.
  • the first encryption factor is obtained by performing a mathematical operation on the first part of the random number
  • the second encryption factor is obtained by performing a mathematical operation on the second part of the random number.
  • the mathematical operation of the first part of the random number and the mathematical operation of the second part of the random number may be performed. The same, can also be different.
  • the random number is 8 bytes and is divided into two parts of 4 bytes, the first part is a high random number part (high 4 bytes), and the second part is a low random number part. (lower 4 bytes), select the high random number part or select the low random number part, perform the exclusive OR operation on the selected random number part, take the remainder of the four to get the key, and perform the exclusive OR operation on the selected random number part first. After taking the remainder of ten to get the reference value.
  • the encryption factor is a 2-byte number. The encryption factor is divided into four parts in hexadecimal. When the reference value is set to the first part of the encryption factor, when the keyword is equal to 3, the second part of the encryption factor is equal to the reference value.
  • the third part of the encryption factor is equal to the reference value plus 2, the fourth part of the encryption factor is equal to the reference value plus 3; when the keyword is equal to 2, the second part of the encryption factor is equal to the reference value plus 1, the encryption factor The third part is equal to the reference value plus 2, the fourth part of the encryption factor is equal to the reference value; when the key is equal to 1, the second part of the encryption factor is equal to the reference value plus 1, the third part of the encryption factor is equal to the reference value, encryption The fourth part of the factor is equal to the reference value plus one; when the key is equal to 0, the second part, the third part and the fourth part of the encryption factor are equal to the reference value; wherein, the reference value can also be set as the encryption factor
  • the four parts of the cryptographic factor can also be obtained by other mathematical operations (such as subtraction or multiplication) from the reference value and other numbers, and the number is not specifically limited.
  • the encryption factor when the keyword and the reference value are both equal to 0, the encryption factor is 4321 in hexadecimal; when the reference value is 0, and the keyword is 1, the encryption factor is hexadecimal. 0101; when the reference value is 3, the keyword is 3, the encryption factor is 3456 in hexadecimal; when the reference value is 3, the keyword is 0, the encryption factor is 3333 in hexadecimal, the reference value and the key Words can also be other values, which are not exemplified here.
  • the first encryption factor may be obtained by performing the above operation on the high random number portion
  • the second encryption factor may be obtained by performing the above operation on the low random number portion.
  • other partial bytes of the random number may also be selected to perform the above operation to obtain an encryption factor.
  • S33 forming an encryption key by using a time factor, a first partial byte in the timestamp, a first partial byte in the random number, and a first encryption factor as elements.
  • the encryption key is composed of a time factor, a first partial byte in the time stamp, a first partial byte in the random number, and a first encryption factor.
  • the number of bytes of the encryption key is the number of bytes of the time factor, and the first part of the time stamp.
  • the encryption factors may be combined to form an encryption key in a certain order, or may be arranged in combination to form an encryption key.
  • the encryption key is 16 bytes
  • the first part is a time factor
  • the encryption key is 8 bytes
  • the second part is the first part of the timestamp, which occupies the encryption key 2
  • the third part is the first part of the random number, which is 4 bytes of the encryption key
  • the fourth part is the first encryption factor, which is 2 bytes of the encryption key.
  • S34 forming a key vector by using a time factor, a second partial byte in the time stamp, a second partial byte in the random number, and a second encryption factor as elements.
  • the key vector is composed of a time factor, a second partial byte in the time stamp, a second partial byte in the random number, and a second encryption factor.
  • the number of bytes of the key vector is the number of bytes of the time factor, and the time stamp is the first.
  • the partial byte and the second encryption factor may be combined in a certain order to form a key vector, or may be arranged in combination to form a key vector.
  • the key vector is 16 bytes
  • the first part is a time factor, which occupies 8 bytes of the encryption key
  • the second part is the second part of the timestamp, which occupies the encryption key.
  • the third part is the second part of the random number, accounting for 4 bytes of the encryption key
  • the fourth part is the second encryption factor, which is 2 bytes of the encryption key.
  • the positions of the time factor, the time stamp, the random number and the encryption factor may correspond one-to-one.
  • S35 Encrypt the unique identifier by using an encryption key and a key vector to generate a dynamic token.
  • the unique identifier is encrypted by an encryption algorithm by using an encryption key and a key vector to generate a dynamic token, wherein the encryption key and the key vector may be 16 bytes or other bytes, and the encryption algorithm
  • the dynamic encryption token is obtained by first encrypting the encryption key and the key vector using an advanced encryption algorithm, and then encoding it using an encoding algorithm.
  • step S35 includes:
  • S351 encrypt the unique identifier by using an encryption key and a key vector to obtain an encrypted ciphertext.
  • the smart terminal encrypts the unique identifier by using the encryption key and the key vector to generate the encrypted ciphertext.
  • the encryption algorithm may be an AES advanced encryption algorithm, such as AES 128, or other algorithms, which are not specifically limited herein.
  • S352 Encode the encrypted ciphertext to generate a dynamic token.
  • the intelligent terminal After obtaining the encrypted ciphertext, the intelligent terminal encodes the encrypted ciphertext using an encoding algorithm to generate a dynamic token, wherein the encoding algorithm may be a 64-bit encoding algorithm, such as Base64, or an encoding algorithm of other digits. No specific restrictions are made.
  • the fourth embodiment of the token generation and verification method of the present application includes:
  • S7 Receive a static token, a random number, a timestamp, and a dynamic token sent by the smart terminal, where the dynamic token is obtained by encrypting the unique identifier of the smart terminal by using a random number and a timestamp as parameters.
  • S8 Decrypt the dynamic token and the static token to verify the unique identifier.
  • the server can be a static token and send a static token to the smart terminal for authorization.
  • the smart terminal After the smart terminal generates the dynamic token, the smart terminal will authorize the static token. Random numbers, timestamps, and dynamic tokens are sent to the server.
  • the server decrypts the dynamic token and the static token by using a random number and a timestamp, and respectively obtains two corresponding identifiers. If the two identifiers are consistent, the verification succeeds, otherwise the verification fails.
  • the decryption algorithm may be an AES advanced decryption algorithm or other algorithms, which is not specifically limited herein.
  • the decryption algorithm corresponds to an encryption algorithm used by the intelligent terminal.
  • step S6 the method includes:
  • S5 The server generates a static token.
  • S6 Send a static token to the smart terminal for authorization.
  • Intelligent terminals and servers need to authorize smart terminals in a synchronous manner.
  • the smart terminal uses a list of user characteristics to log in to the computer as a password. Only smart terminals and servers know the meaning of these features. Because the two are synchronized, the smart terminal presents the exact token to the server.
  • Synchronous smart terminals use timestamps and authorization synchronization as a core part of the authorization process. If the synchronization is time based, the smart terminal and server keep their timestamps the same. The token is generated using the timestamp and random number of the smart terminal, the token and the unique identifier are entered into the smart terminal, and then the smart terminal transmits them to the server to run the authorization service. The authorization service decrypts the token and compares it to the expected token. If the two match, the user's authorization operation is completed, allowing the smart terminal and resources to be used.
  • the intelligent terminal and server Based on timestamp-based synchronization, the intelligent terminal and server share the same key and key vector for encryption and decryption.
  • step S8 the method includes:
  • S801 The server determines whether the timestamp is less than or equal to a timestamp sent by the smart terminal.
  • S802 If the timestamp is less than or equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal before, and if the random number is not equal to the random number sent by the smart terminal, the continuation is continued. Perform the steps of decrypting the dynamic token and the static token to verify the unique identifier.
  • the server determines whether the timestamp sent by the current time is less than or equal to the timestamp sent by the intelligent terminal. If the timestamp sent by the current time is smaller than the time sent by the smart terminal. If the time stamp is equal to the timestamp sent by the smart terminal, it is determined whether the random number is equal to the random number sent by the smart terminal the previous time. If the random number is equal to the random number sent by the intelligent terminal the previous time, the error is returned and the decryption is ended. If the random number is not equal to the random number sent by the smart terminal, the decryption algorithm is used to decrypt the dynamic token and the static token. To verify the unique identifier.
  • step S8 includes:
  • S81 Decrypt the dynamic token with the random number and the timestamp as parameters to obtain the first identifier after the dynamic token is successfully decrypted.
  • the server generates a decryption key and a decryption key vector according to the random number and the timestamp, decodes the dynamic token using the decoding algorithm with the decryption key and the decryption key vector, obtains the decrypted ciphertext, and uses the decryption algorithm for decrypting the ciphertext. Get the first identifier. If no decryption succeeds, an error is returned and the decryption is ended.
  • the decryption process and the encryption process are corresponding processes. When the dynamic token is not encoded, the decoding process can also be omitted.
  • S82 Decrypt the static token to obtain a second identifier after the static token is successfully decrypted.
  • the server decrypts the static token by using a decryption algorithm, and after the static token is successfully decrypted, the second identifier is obtained. If the static token is not successfully decrypted, an error is returned and the decryption is ended.
  • the decryption algorithm of the static token may be the same as or different from the decryption algorithm of the dynamic token.
  • the server determines whether the first identifier and the second identifier are the same. If the first identifier and the second identifier are not the same, the unique identifier verification fails, and the school ends. It is verified that if the first identifier and the second identifier are the same, the unique identifier is successfully verified.
  • an embodiment of the smart terminal of the present application includes:
  • Interconnected communication circuit 10 and processor 20 are Interconnected communication circuit 10 and processor 20;
  • the communication circuit 10 is used to acquire a static token and a unique identifier.
  • the processor 20 is configured to acquire a static token and a unique identifier through the communication circuit 10 and execute an instruction to implement any one of the first to fourth embodiments of the token generation and verification method of the present application and any non-conflicting combination. The method provided.
  • the processor 20 is configured to acquire a static token and a unique identifier through the communication circuit 10, and perform the following steps:
  • the intelligent terminal generates a random number and a time stamp
  • the processor 20 performs the step of encrypting the unique identifier by using the random number and the timestamp as parameters, including:
  • the unique identifier is encrypted using the encryption key and the key vector to generate the dynamic token.
  • the processor 20 performs the step of performing a logical operation on at least one of the timestamps to obtain the same time factor as the number of timestamps, including:
  • the timestamp When the timestamp has a plurality of bytes, logically operate one byte or more bytes in the timestamp to obtain the same time factor as the number of timestamps;
  • a logical operation is performed on a partial digit or all digits in a single byte of the timestamp to obtain the same time factor as the number of digits of the timestamp.
  • the processor 20 performs the step of calculating the first encryption factor and the second encryption factor by using the random number as a parameter, including:
  • the processor 20 executes:
  • the time factor, the first partial byte of the timestamp, the first partial byte of the random number, and the first encryption factor are combined in a first predetermined order to form an encryption key; wherein the encryption key
  • the number of bytes is the number of bytes of the time factor, the number of bytes of the first partial byte in the timestamp, the number of bytes of the first partial byte of the random number, and the word of the first encryption factor The sum of the number of sections;
  • step of forming a key vector by using the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor as elements including:
  • the time factor, the second partial byte of the timestamp, the second partial byte of the random number, and the second encryption factor are combined in a second predetermined order to form a key vector; wherein the secret
  • the number of bytes of the key vector is the number of bytes of the time factor, the number of bytes of the second partial byte in the timestamp, the number of bytes of the second partial byte of the random number, and the second The sum of the number of bytes of the encryption factor.
  • the processor 20 performs the step of encrypting the unique identifier with the encryption key and the key vector to generate the dynamic token, including:
  • the processor 20 before the step of the processor 20 to generate the random number and the timestamp, the processor 20 includes:
  • the processor 20 controls the operation of the smart terminal, and the processor 20 may also be referred to as a CPU (Central). Processing Unit, central processing unit).
  • Processor 20 may be an integrated circuit chip with signal processing capabilities.
  • Processor 20 can also be a general purpose processor, digital signal processor (DSP), application specific integrated circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component .
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the intelligent terminal can further include a memory (not shown) for storing instructions and data necessary for the processor 20 to operate.
  • the smart terminal can also set other components such as a display screen and a keyboard according to specific requirements, which are not specifically limited herein.
  • an embodiment of the server of the present application includes:
  • Interconnected communication circuit 30 and processor 40 the communication circuit 30 is used to acquire static tokens, random numbers, timestamps, and dynamic tokens.
  • the processor 40 is configured to acquire a static token, a random number, a time stamp, and a dynamic token through the communication circuit 30 and execute an instruction to implement any one of the fifth to eighth embodiments of the token generation and verification method of the present application.
  • the method provided by any combination of non-conflicting.
  • the processor 40 controls the operation of the server, and the processor 40 may also be referred to as a CPU (Central). Processing Unit, central processing unit).
  • Processor 40 may be an integrated circuit chip with signal processing capabilities.
  • the processor 40 can also be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the server may further include a memory (not shown) for storing instructions and data necessary for the processor 40 to operate.
  • the server can be a private server or a cloud server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé de génération et de vérification de jeton et un terminal intelligent. Le procédé comprend les étapes suivantes : la génération, par un terminal intelligent, d'un nombre aléatoire et d'un horodatage et le chiffrage d'un identifiant unique à l'aide du nombre aléatoire et de l'horodatage en tant que paramètres; la génération d'un jeton dynamique, et l'envoi d'un jeton statique, du nombre aléatoire, de l'horodatage et du jeton dynamique à un serveur de sorte que le serveur décrypte le jeton statique et le jeton dynamique pour vérifier l'identifiant unique.
PCT/CN2019/076590 2018-03-01 2019-02-28 Procédé de génération et de vérification de jeton et terminal intelligent WO2019166001A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810173001.4 2018-03-01
CN201810173001.4A CN108494740B (zh) 2018-03-01 2018-03-01 令牌生成和校验方法、智能终端及服务器

Publications (1)

Publication Number Publication Date
WO2019166001A1 true WO2019166001A1 (fr) 2019-09-06

Family

ID=63341049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/076590 WO2019166001A1 (fr) 2018-03-01 2019-02-28 Procédé de génération et de vérification de jeton et terminal intelligent

Country Status (2)

Country Link
CN (1) CN108494740B (fr)
WO (1) WO2019166001A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463281A (zh) * 2020-12-11 2021-03-09 成都知道创宇信息技术有限公司 远程协助方法、装置、系统、电子设备及存储介质
CN112788036A (zh) * 2021-01-13 2021-05-11 中国人民财产保险股份有限公司 身份验证方法及装置

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494740B (zh) * 2018-03-01 2021-08-24 捷开通讯(深圳)有限公司 令牌生成和校验方法、智能终端及服务器
CN109410396B (zh) * 2018-10-14 2021-01-01 浙江鸿利锁业有限公司 一种智能锁数据加密传输方法以及应用其的租赁设备
CN112823503B (zh) * 2018-11-20 2022-08-16 深圳市欢太科技有限公司 一种数据访问方法、数据访问装置及移动终端
CN109921894B (zh) * 2019-02-13 2022-08-12 平安科技(深圳)有限公司 数据传输加密方法、装置及存储介质、服务器
CN109831446B (zh) * 2019-03-05 2021-08-20 广州虎牙信息科技有限公司 一种请求校验方法、装置、设备和存储介质
CN110493258B (zh) * 2019-09-09 2022-09-30 平安普惠企业管理有限公司 基于token令牌的身份校验方法及相关设备
CN110602139B (zh) * 2019-09-27 2021-08-13 成都九曲互动科技有限公司 基于腾讯云的充值登录接入方法及其系统
CN110704855B (zh) * 2019-10-08 2021-07-23 深圳市云桥科技服务有限公司 请求标识生成方法、请求标识验证方法和计算机设备
CN111431726B (zh) * 2020-06-11 2020-09-18 深圳市友杰智新科技有限公司 算法授权方法、装置、计算机设备和存储介质
CN112235277A (zh) * 2020-10-09 2021-01-15 北京达佳互联信息技术有限公司 资源请求方法、资源响应方法及相关设备
CN113434889A (zh) * 2021-07-07 2021-09-24 数字广东网络建设有限公司 业务数据的访问方法、装置、设备和存储介质
CN113992401B (zh) * 2021-10-27 2023-03-24 同程网络科技股份有限公司 数据处理方法和装置
CN114047882A (zh) * 2021-11-18 2022-02-15 中国科学院计算机网络信息中心 一种单桶读写权限分离的身份认证方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110055391A1 (en) * 2009-08-31 2011-03-03 James Paul Schneider Multifactor validation of requests to thwart cross-site attacks
CN106066958A (zh) * 2015-04-21 2016-11-02 国际商业机器公司 用户计算机的认证
CN107493286A (zh) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 一种基于安全鉴权的rpc远程过程调用方法
CN108494740A (zh) * 2018-03-01 2018-09-04 捷开通讯(深圳)有限公司 令牌生成和校验方法、智能终端及服务器

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621598B2 (en) * 2008-03-12 2013-12-31 Intuit Inc. Method and apparatus for securely invoking a rest API
CN106161032B (zh) * 2015-04-24 2019-03-19 华为技术有限公司 一种身份认证的方法及装置
CN106470184B (zh) * 2015-08-14 2020-06-26 阿里巴巴集团控股有限公司 安全认证方法、装置及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110055391A1 (en) * 2009-08-31 2011-03-03 James Paul Schneider Multifactor validation of requests to thwart cross-site attacks
CN106066958A (zh) * 2015-04-21 2016-11-02 国际商业机器公司 用户计算机的认证
CN107493286A (zh) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 一种基于安全鉴权的rpc远程过程调用方法
CN108494740A (zh) * 2018-03-01 2018-09-04 捷开通讯(深圳)有限公司 令牌生成和校验方法、智能终端及服务器

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463281A (zh) * 2020-12-11 2021-03-09 成都知道创宇信息技术有限公司 远程协助方法、装置、系统、电子设备及存储介质
CN112788036A (zh) * 2021-01-13 2021-05-11 中国人民财产保险股份有限公司 身份验证方法及装置
CN112788036B (zh) * 2021-01-13 2022-12-27 中国人民财产保险股份有限公司 身份验证方法及装置

Also Published As

Publication number Publication date
CN108494740B (zh) 2021-08-24
CN108494740A (zh) 2018-09-04

Similar Documents

Publication Publication Date Title
WO2019166001A1 (fr) Procédé de génération et de vérification de jeton et terminal intelligent
US20220191021A1 (en) Blockchain-implemented method and system
CN108809646B (zh) 安全共享密钥共享系统
US6292896B1 (en) Method and apparatus for entity authentication and session key generation
US10142107B2 (en) Token binding using trust module protected keys
US5142578A (en) Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors
US5592553A (en) Authentication system using one-time passwords
US5164988A (en) Method to establish and enforce a network cryptographic security policy in a public key cryptosystem
US5265164A (en) Cryptographic facility environment backup/restore and replication in a public key cryptosystem
US9178881B2 (en) Proof of device genuineness
TWI809292B (zh) 資料的加解密方法、裝置、存儲介質及加密文件
US20120054491A1 (en) Re-authentication in client-server communications
WO2012164487A1 (fr) Combinaison d'informations de commande de clé dans des services d'architecture cryptographiques communs
CN108199847B (zh) 数字安全处理方法、计算机设备及存储介质
WO2018120938A1 (fr) Procédé de transmission de clé hors ligne, terminal et support de stockage
CN115242553B (zh) 一种支持安全多方计算的数据交换方法及系统
CN111241492A (zh) 一种产品多租户安全授信方法、系统及电子设备
CN115276978A (zh) 一种数据处理方法以及相关装置
CN111314059B (zh) 账户权限代理的处理方法、装置、设备及可读存储介质
CN115499118A (zh) 报文密钥生成、文件加密、解密方法、装置、设备和介质
CN114745114A (zh) 基于口令派生的密钥协商方法、装置、设备及介质
CN109981264B (zh) 一种应用密钥生成方法及密码机设备组件
JP6165044B2 (ja) 利用者認証装置、システム、方法及びプログラム
US11558371B2 (en) Authentication system(s) with multiple authentication modes using one-time passwords of increased security
KR102145679B1 (ko) Https 프로토콜에서 mitm 공격을 회피하는 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19760537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19760537

Country of ref document: EP

Kind code of ref document: A1