WO2020155794A1

WO2020155794A1 - Timestamp-based encryption and authentication method, timestamp-based encryption and authentication system, and computer device

Info

Publication number: WO2020155794A1
Application number: PCT/CN2019/119482
Authority: WO
Inventors: 祝伟
Original assignee: 平安科技（深圳）有限公司
Priority date: 2019-01-31
Filing date: 2019-11-19
Publication date: 2020-08-06
Also published as: CN109936447A; CN109936447B

Abstract

The present application relates to the technical field of security authentication, and provides a timestamp-based encryption and authentication method, a timestamp-based encryption and authentication system, a computer device and a storage medium. The method comprises: a front end splicing randKey and timestamp to form encryptKey, splicing the encryptKey to userID and password, respectively, and performing encryption by means of an asymmetric algorithm to obtain encryptUserID and encryptPassword; and a back end performing reverse parsing on the encryptUserID and the encryptPassword, and performing cross-authentication on a hidden random key value and a timestamp to improve the security of authentication, so that an unsecure authentication situation caused by the leakage of a username and encrypted password ciphertext and directly passing back-end authentication by cheating using the username and the password ciphertext is avoided, thereby improving the security of authentication.

Description

Time stamp-based encryption and authentication method, system and computer equipment

This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on January 31, 2019, the application number is 201910100423.3, and the invention title is "Timestamp-based encryption and authentication methods, systems and computer equipment". The reference is incorporated in this application.

Technical field

This application relates to the technical field of security authentication, and in particular to a method, system and computer equipment for encryption and authentication based on timestamp.

Background technique

The existing security authentication method includes the following steps: 1. The user enters the user name and password; 2. The client uses an asymmetric encryption algorithm (such as RSA, SM2) to encrypt the user's password and then transmits it to the back-end server; 3 , The server decrypts the password according to the asymmetric algorithm, and then verifies the user and password.

Security authentication through the above methods has the following risks: if the ciphertext of the user name and encrypted password is leaked, the user can use the ciphertext of the user name and password through the interface to directly defraud the back-end authentication.

technical problem

The main purpose of this application is to provide a timestamp-based encryption and authentication method, system, and computer equipment, which aims to solve the current security authentication method that can use the user name and password to encrypt the ciphertext of the user name and encrypted password. Wen uses the interface to directly deceive the insecure problem of back-end authentication.

Technical solutions

In order to achieve the above objective, this application provides a timestamp-based encryption method, which includes the following steps:

The front-end obtains an encrypted instruction, the encrypted instruction is generated by the operation of the front-end user;

Generate randKey and get timestamp, where randKey is a random key value generated by the front end, and timestamp is the current timestamp;

Splicing the randKey and the timestamp through a first preset separator to form an encryptKey;

Obtain userID and password, join the userID and the encryptKey through a second preset separator to form a contactUserID; join the password and the encryptKey through a third preset separator to form a contactPassword; wherein, userID Is the username;

The contactUserID and the contactPassword are respectively encrypted using a public key of an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword.

This application also provides a timestamp-based authentication method for decrypting ciphertext encrypted according to the timestamp-based encryption method, including the following steps:

The back end receives the encryptUserID and the encryptPassword sent by the front end;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword, respectively, to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

Respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

If the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then authenticate the userID and the Password, and determine whether the authentication is successful;

If yes, it shall be certified;

If not, it will not be certified.

This application also provides a timestamp-based encryption and authentication system, including a front end and a back end;

The front end is used to obtain an encrypted instruction, and the encrypted instruction is generated by the operation of the front end user;

Obtain userID and password, join the userID and the encryptKey through a second preset separator to form a contactUserID; join the password and the encryptKey through a third preset separator to form a contactPassword; wherein, userID Is the username and password is the password;

Encrypt the contactUserID and the contactPassword using an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword;

The back end is configured to receive the encryptUserID and the encryptPassword sent by the front end;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword respectively to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

If yes, it shall be certified;

If not, it will not be certified.

The present application also provides a computer device, including a memory and a processor, and a computer program is stored in the memory, wherein the processor implements the above-mentioned timestamp-based encryption method and/or when the computer program is executed by the processor. Or the steps of any one of the above-mentioned timestamp-based authentication methods.

The present application also provides a computer-readable storage medium on which a computer program is stored. The computer program is characterized in that, when the computer program is executed by a processor, the above-mentioned timestamp-based encryption method and/or the timestamp-based encryption method are implemented. Of the method described in any of the authentication methods.

Beneficial effect

The timestamp-based authentication method, system, computer equipment, and storage medium provided in this application generate a random key value randKey at the front end and obtain the current timestamp timestamp, and use randKey and timestamp to splice into an encryptKey, and use a separator to separate the encryptKey with UserID and password are spliced, and encrypted by asymmetric algorithm to obtain encryptUserID and encryptPassword; the back-end uses asymmetric algorithm to reversely analyze encryptUserID and encryptPassword to obtain timestampA, timestampB, randKeyA and randKeyB, and judge the random key value obtained after analysis And the timestamps respectively correspond to the same, if they correspond to the same, then the user name and password are authenticated; by cross-authenticating the random key value and timestamp hidden by encryptUserID and encryptPassword, the security of authentication is improved, so as to avoid the user name and password. The encrypted password ciphertext is leaked, and the insecure authentication situation of the back-end authentication is directly defrauded through the user name and password ciphertext to improve the security of the authentication.

Description of the drawings

Figure 1 is a schematic diagram of the steps of a timestamp-based encryption method in an embodiment of the present application;

2 is a schematic diagram of the steps of a timestamp-based authentication method in an embodiment of the present application;

Figure 3 is a structural block diagram of a timestamp-based encryption and authentication system in an embodiment of the present application;

FIG. 4 is a schematic block diagram of the structure of a computer device according to an embodiment of the application.

The realization, functional characteristics, and advantages of the purpose of this application will be further described in conjunction with the embodiments and with reference to the drawings.

The best mode of the invention

1, an embodiment of the present application provides a timestamp-based encryption method, which includes the following steps:

Step S1, the front-end obtains an encrypted instruction, the aforementioned encrypted instruction is generated by the operation of the front-end user;

Step S2, generate a randKey, and obtain a timestamp, where randKey is a random key value generated by the front end, and timestamp is the current timestamp;

Step S3, splicing the aforementioned randKey and the aforementioned timestamp through the first preset separator to form an encryptKey;

Step S4: Obtain userID and password, and join the userID and the encryptKey through a second preset separator to form a contactUserID; join the password and the encryptKey through a third preset separator to form a contactPassword; where userID is User name, password is the password;

Step S5: Encrypt the contactUserID and the contactPassword using the public key of an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword.

As mentioned in step S1 above, the front-end user of the system sends an encrypted instruction to the front-end by operating the front-end. The encrypted instruction can be automatically generated after the front-end user enters the account name and password, or it can be generated by clicking a specific button. It is generated after the front-end user enters the account name and password and clicks "Submit". The front end receives the encryption instruction. Among them, the front-end can be the front-end part of the security authentication system or the client.

As described in step S2 above, after receiving the encryption instruction, the front end randomly generates a UUID, that is, a random key value, and the random key value is called randKey. At the same time, the front end also obtains the timestamp (current timestamp). Then, as described in step S3 above, the front end splices the generated randKey and the obtained timestamp through the first preset separator to form an encryptKey. Among them, the first preset separator such as -, @, #, $, %, & and other characters. For example, the randKey (2b162f8e38a045d78ed5606c8bdbea3a) and the current timestamp (1541057401) are spliced through the first preset separator "-" to obtain encryptKey=2b162f8e38a045d78ed5606c8bdbea3a-1541057401.

As described in step S4 above, the userID (user name) and password (password) are obtained. Here, the time of obtaining the userID and password is not the same as the time when the front-end user inputs the user name and password. In fact, after the front-end user enters the user name and password, the first response of the front-end is to generate an encrypted instruction as described in step S1, and the user name and password in step S1 will not be used immediately. In step S4, the previously entered userID and password are specifically used. Specifically, the userID and encryptKey are spliced together through the second preset separator to form a contactUserID; the password and encryptKey are spliced together through the third preset separator to form a contactPassword. Among them, the functions of the second preset separator and the third preset separator are the same as the above-mentioned first preset separator, and there is no necessary difference or connection. The first preset separator and the second preset separator can be Both the preset separator and the third preset separator are set to "-".

For example, if the userID entered by the user is obtained as zhangsan, the encryptKey obtained through the above steps is 2b162f8e38a045d78ed5606c8bdbea3a-1541057401, and the userID and encryptKey are spliced together by the second preset separator "-" to form a contactUserID of zhangsan-2b162f8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8e38a045d78ed5606c8bdbea3a-1541057401 contactUserID=zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401. The password entered by the user is 123456, and the password and encryptKey are spliced by the third preset separator "-" to form a contactPassword of 123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401, which is expressed as contactPassword=123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401.

As described in step S5 above, the contactUserID is encrypted using the public key of the asymmetric encryption algorithm to obtain the encryptUserID. Asymmetric encryption algorithms mainly include RSA, Elgamal, knapsack algorithm, Rabin, DH and ECC (elliptic curve encryption algorithm). Among them, RSA is the most widely used asymmetric encryption algorithm. RSA was developed by Ronald Levist in 1977 ( Ron Rivest), Adi Samer (Adi Shamir) and Leonard Adleman (Leonard Adleman) proposed together that RSA is composed of the initial letters of the three of them.

For example: RSA asymmetric encryption algorithm public key

Public key index pubExp: 10001;

Public Key mode module: A67DF0337FAF559163BCBA89EE597C2DB0F17CEF87F4E0F476216C44831369504876B78FEB848DFD352BB598615B81C26D1027AC8481116BE40DBA6BD34A92524412936EDA2C6D402D81119DB33F180551DB1762B5F367B0AB319290C546A12B6483F65C55B6BFF19337FDCD79DE78A815725E9AE9FDA48C0FDCEBD6AFD8F9BC1BA254F93D8B189A7C8F6D205C5715B9C82F1EAEC1AA4D7BEE8679D58A0DB8AE4ED24B5B1942EE893BF4B2343D50F5CB38D4C38544D56E1C1877B6629A53BCCEB91B994A316BFE408E93359B3DDD3DDA4C96A26433C62A9E4C7332ADABDF148B6593B3F37621E921B21CF9B4D9AE9344D827C286F5671D0F3B582C5FEFCD4467.

Using the RSA public key of an asymmetric encryption algorithm, on contactUserID (zhangsan-2b162f8e38a045d78ed5606c8bdbea3a-1541057401) is encrypted, to obtain encryptUserId 919A237AA02D7383AA01AB9E64FB6664C3FC129C4C94012AA716FE07F9003FCB765AD81DAA56BA37AC4D06E3C0C9FF4DAC352DE288D437FF4BD1B68B4A322FB8456CC7161D6995847FD57FB99735F45E4B90EBECAB1192B988E30D3AC9A584CD673170B59594138A7669F5B68C8AF6A3304A4970519111D94B603986E57CAFE744FE0E7A9AFCEEA9F6D8769E5C0A6AC1CD96B1861A26918D29A2D85C467885816FB69F4169E305B29BAA75073794C3D21878BCEE5A5C3CF0F7E51813E66BE6C5B01D9DF88AC8E93508B8164612CA59DE86856AC9466347D1B687BDC48A358D61933F6623643B4A26868DBB79CAD6DBA000ADC8DAFF9E10A43D0BD5630F5EDE1D, expressed as encryptUserID = 919A237AA02D7383AA01AB9E64FB6664C3FC129C4C94012AA716FE07F9003FCB765AD81DAA56BA37AC4D06E3C0C9FF4DAC352DE288D437FF4BD1B68B4A322FB8456CC7161D6995847FD57FB99735F45E4B90EBECAB1192B988E30D3AC9A584CD673170B59594138A7669F5B68C8AF6A3304A4970519111D94B603986E57CAFE744FE0E7A9AFCEEA9F6D8769E5C0A6AC1CD96B1861A26918D29A2D85C467885816FB69F4169E305B29BAA75073794C3D21878BCEE5A5 C3CF0F7E51813E66BE6C5B01D9DF88AC8E93508B8164612CA59DE86856AC9466347D1B687BDC48A358D61933F6623643B4A26868DBB79CAD6DBA000ADC8DAFF9E10A43D0BD5630F5EDE1D.

Encrypt the contactPassword using the public key of an asymmetric encryption algorithm to obtain encryptPassword. Similarly, using the above-described RSA asymmetric public key encryption algorithm, on contactPassword (123456-2b162f8e38a045d78ed5606c8bdbea3a-1541057401) is encrypted, to obtain EncryptPassword 74CA36C0DC2C1EB0A285726FC2D58F3038B72916B5CEE7255B1AF27F1680A1FFCAFA6E492DBA1B3264AB6E569E47DF81E5B7F82AF10F9F82B0CD5053FEB9EB04BBD5BFD159EDE9383EF39CDB5778D7127E74E6DAF3227653F162E4F13442C6E711D2478B6773D0BF625C3DF327E9F12303F8E487EB42256D73C0CF6616FA74594C988D070E1FBEB5097313F81E9D730B32AC9AFCEAD0D95EA64D497B15BB64AECD61078B341EA54031211D09233893825B48EE57DB7E0FA16A5AD3C32CE8B3A7D359676D88309166FB838C66E8F556DCA751D557C62607D5E318A629A12DF0BF07BF1C5C09FD97A0B3BDEAE9A5308D4080454511B526D77F62FFC7CCEBC6B5E4, expressed as encryptPassword = 74CA36C0DC2C1EB0A285726FC2D58F3038B72916B5CEE7255B1AF27F1680A1FFCAFA6E492DBA1B3264AB6E569E47DF81E5B7F82AF10F9F82B0CD5053FEB9EB04BBD5BFD159EDE9383EF39CDB5778D7127E74E6DAF3227653F162E4F13442C6E711D2478B6773D0BF625C3DF327E9F12303F8E487EB42256D73C0CF6616FA74594C988D070E1FBEB5097313F81E9D730B32AC9AFCEAD0D95EA64D497B15BB64AECD61078B341EA54031211D09233893825B48 EE57DB7E0FA16A5AD3C32CE8B3A7D359676D88309166FB838C66E8F556DCA751D557C62607D5E318A629A12DF0BF07BF1C5C09FD97A0B3BDEAE9A5308D4080454511B526D77F62FFC7CCEBC6B5E4.

The front end transmits the encryptUserID and encryptPassword obtained after encryption by the asymmetric encryption algorithm to the back end of the system for the back end to perform security authentication.

Referring to Figure 2, an embodiment of the present application also provides a timestamp-based authentication method, including the following steps:

Step S6, the backend receives the encryptUserID and the encryptPassword sent by the frontend;

Step S7: Use the private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword, respectively, to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

Step S8, respectively determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

Step S9, if the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then the userID and the Password are authenticated, and it is determined whether the authentication is successful;

Step S10, if yes, the authentication is passed;

Step S11, if not, the authentication is not passed.

As described in step S6, the back-end receives the encryptUserID and encryptPassword transmitted from the front-end, where the back-end may be the back-end server of the system.

As described in step S7 above, use the private key that matches the public key of the above asymmetric encryption algorithm to decrypt the above encryptUserID

Private key index priExp: 245358043478B1E7BDE620A115930AA801723EFB1823D2AD23D519053DC00F7B47C4373ABC7D3869A59F3AC8DB7D16ABB0161541EBCB295CEBEE1EDD85C54075988AA1064FADDFCC5FE14851AB193A097719A159952F5D514B98CE4CADEE421DF0996638312F6563B4E64387006F0CCE4797A3929339171CC41D448B9BE4706042D0B042D5C72D550C89699E745C5B6A3C2BC8D8175A5319D41338C67304593C826F1898BC5C153B831102476F2C7600FBD8222F43614B60CB857B7D912303E33BCCE56F661CADF55AE9F0D905AFB2FA62ECC1D32AF08A79AC9F211D29388083309C9CF23F76594D0F1A5138B1687E57DE7901967AD74FA5C104F1AFB5C0C151;

Private mode module: A67DF0337FAF559163BCBA89EE597C2DB0F17CEF87F4E0F476216C44831369504876B78FEB848DFD352BB598615B81C26D1027AC8481116BE40DBA6BD34A92524412936EDA2C6D402D81119DB33F180551DB1762B5F367B0AB319290C546A12B6483F65C55B6BFF19337FDCD79DE78A815725E9AE9FDA48C0FDCEBD6AFD8F9BC1BA254F93D8B189A7C8F6D205C5715B9C82F1EAEC1AA4D7BEE8679D58A0DB8AE4ED24B5B1942EE893BF4B2343D50F5CB38D4C38544D56E1C1877B6629A53BCCEB91B994A316BFE408E93359B3DDD3DDA4C96A26433C62A9E4C7332ADABDF148B6593B3F37621E921B21CF9B4D9AE9344D827C286F5671D0F3B582C5FEFCD4467;

After decryption, userID=zhangsan; randKeyA=2b162f8e38a045d78ed5606c8bdbea3a; timestampA= 1541057401.

Use the private key that matches the public key of the asymmetric encryption algorithm to decrypt the above encryptPassword, after decryption, we get password=1541057401; randKeyB=2b162f8e38a045d78ed5606c8bdbea3a; timestampB=1541057401.

If encryptUserID and encryptPassword are derived from the random value randKey generated by the same front-end and the obtained timestamp timestamp, then they are decrypted by the private key that matches the public key of the asymmetric encryption algorithm, and the resulting randKeyA and randKeyB It should be the same, and the timestampA and timestampB obtained should also be the same. If any group is not equal, it means that the encryptUserID and encryptPassword are not generated by the same request, and it is likely to be fabricated. Therefore, in the above step S8, it is determined whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same.

As mentioned in step S9 above, if the judgment result obtained after the above judgment is that timestampA is the same as timestampB, and randKeyA is the same as randKeyB, it means that there is no problem with the encryption of UserID and Password, and encryptUserID and encryptPassword are generated by the same request. Then the userID and the Password are further authenticated, and it is judged whether the authentication is successful. As described in step S10 above, if both the userID and Password pass the authentication, the authentication is passed, thereby allowing the front-end user to enter the back-end/back-end service system to perform related operations. As mentioned in step S11 above, if either of the userID and Password fails the authentication, the authentication is not passed, and a prompt of authentication failure is returned to the front end.

This solution generates a random key value randKey on the front end and obtains the current timestamp timestamp, uses randKey and timestamp to splice into an encryptKey, uses a separator to splice the encryptKey with userID and password respectively, and encrypts it through an asymmetric algorithm to obtain encryptUserID and encryptPassword; The back-end uses an asymmetric algorithm to reversely analyze encryptUserID and encryptPassword to obtain timestampA, timestampB, randKeyA, and randKeyB, and judge whether the random key value and timestamp obtained after parsing correspond to the same value. If they correspond to the same value, then the username and password are Perform authentication; cross-authenticate the hidden random key values and timestamps of encryptUserID and encryptPassword to improve the security of authentication, so as to avoid the leakage of the user name and encrypted password ciphertext, and the user name and password ciphertext are directly defrauded The insecure authentication situation of end authentication improves the security of authentication.

In an embodiment, before step S8 of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further includes:

Step S801: Obtain a timestampServer, where the above timestampServer is the current time obtained by the backend;

Step S802: Calculate the absolute value m of the time difference between the aforementioned timestampServer and the aforementioned imestampA or the aforementioned timestampB;

Step S803, judging whether the above-mentioned absolute value m is greater than a set threshold timeThreshold;

Step S804, if yes, the authentication is not passed;

Step S805, if not, generate and execute a command of "respectively judge whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".

In order to further ensure the security of authentication, after analyzing encryptUserID and encryptPassword, it can be judged whether the difference between the front-end timestamp timestamp and the back-end current time timestampServer is within a reasonable range. Here, let’s consider the front-end timestamp timestamp and timestampA obtained by parsing encryptUserID. The timestampB obtained by parsing encryptPassword is the same.

As described in steps S801 and S802, the backend obtains the current time timestampServer, and calculates the absolute value m of the time difference between the timestampServer and the timestampA or timestampB. Because here the default timestampA and timestampB are equal to the timestamp generated during the front-end encryption, so by calculating the absolute value m of the time difference between timestampServer and timestampA or timestampB, it is equivalent to calculating the absolute value of the time difference between timestampServer and timestamp. The formula can be expressed as m=Math.abs(timestampServer-timestamp).

As described in step S803, it is determined whether the absolute value m is greater than the set threshold timeThreshold. The set threshold timeThreshold is based on the front-end generating timestamp timstamp to encrypt the user name userID and password Password to the authentication server to encrypt the encrypted userID and The reasonable computer processing time required for encryptPassword to decrypt, such as timeThreshold=60 seconds.

As mentioned in step S804 above, if the absolute value m of the time difference between timestampServer and timestampA or timestampB is greater than the set threshold timeThreshold, it is considered that the time from encryption to authentication and decryption exceeds a reasonable computer processing time, indicating that the ciphertext is possible If it is generated a long time ago, or it may be leaked, the authentication will not be passed, and a prompt of authentication failure will be directly returned to the front end, and the authentication will be ended, thereby improving the safety and effectiveness of the authentication.

As described in step S805 above, if the absolute value m of the time difference between timestampServer and timestampA or timestampB is not greater than the set threshold timeThreshold, it is considered that the time from encryption to authentication and decryption is within a reasonable computer processing time, indicating the ciphertext If the generation time is not suspicious, generate and execute the command "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same", so as to enter the next step to determine whether the timestampA and the timestampB are the same And step S8 of whether the randKeyA and the randKeyB are the same.

Step S806, obtain the aforementioned randKey;

Step S807: Determine whether the above randKey is the same as the above randKeyA or the above randKeyB;

Step S808, if not, the authentication is not passed;

Step S809, if yes, generate and execute a command of "respectively judging whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".

In order to further ensure that the discrete values used to generate encryptUserID and encryptPassword are those generated by the front-end, so as to ensure the security of authentication, it can be determined whether the randKeyA or randKeyB obtained after decrypting encryptUserID and encryptPassword is the same as the original randKey generated by the front-end. Certification. As described in step S806 above, the back end obtains the randKey transmitted by the front end. When the encryptUserID and encryptPassword are transmitted at the front end, the randKey is also transmitted to the back end, so that the back end can obtain the randKey transmitted by the front end for use in the next judgment.

As described in the foregoing step S807, it is determined whether the foregoing randKey is the same as the foregoing randKeyA or the foregoing randKeyB. After the backend decrypts the encryptUserID and encryptPassword, it obtains userID, randKeyA, timestampA, the above password, randKeyB, and timestampB. Let us assume that randKeyA and randKeyB are the same. Therefore, the randKey obtained above can be compared with either randKeyA or randKeyB to determine whether they are the same.

As mentioned in step S808 above, if the comparison result of randKey and randKeyA or randKeyB is not the same, it means that the discrete value randKeyA used to generate encryptUserID or the discrete value randKeyB used to generate encryptPassword is not the original randKey generated by the front-end. There may be discrete values that are fabricated or faked. In this case, the authentication is not passed, and the prompt of authentication failure is directly returned to the front end, and the authentication is ended, thereby improving the safety and effectiveness of authentication.

As described in step S809 above, if the comparison result of randKey and randKeyA or randKeyB is the same, it means that randKeyA or randKeyB that generates encryptUserID or encryptPassword is the original randKey generated by the front end. In this case, it is considered that there is no problem with the discrete value randKeyA used to generate the encryptUserID or the discrete value randKeyB used to generate the encryptPassword, then the generation and execution "judge whether the timestampA and the timestampB are the same, the randKeyA and the randKeyB Is the same" command to enter the corresponding authentication step.

Step S810, obtain the aforementioned timestamp;

Step S811: Determine whether the timestamp is the same as the timestampA or timestampB;

Step S812, if not, the authentication is not passed;

Step S813, if yes, generate a command to execute "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".

In order to further ensure that the timestamps used to generate encryptUserID and encryptPassword are the timestamps generated by the front-end, so as to ensure the security of authentication, you can determine whether the timestampA or timestampB obtained after decrypting encryptUserID and encryptPassword is the same as the timestamp originally obtained by the front-end. Certification. As described in step S810 above, the backend obtains the timestamp transmitted by the frontend. When encryptUserID and encryptPassword are transmitted at the front end, the timestamp is also transmitted to the back end, so that the back end can obtain the timestamp transmitted by the front end for use in the next judgment.

As described in step S811 above, it is determined whether timestamp is the same as timestampA or timestampB. After the backend decrypts the encryptUserID and encryptPassword, it obtains userID, timestampA, timestampA, the above password, timestampB, and timestampB. Here, let us assume that timestampA is the same as timestampB. Therefore, the timestamp obtained above can be compared with either timestampA or timestampB to determine whether they are the same.

As mentioned in step S812 above, if the comparison result of timestamp and timestampA or timestampB is not the same, it means that the timestamp timestampA used to generate encryptUserID or the timestamp timestampB used to generate encryptPassword is not the timestamp originally generated by the front-end. It may be a fabricated or fake time stamp. In this case, the authentication is not passed, and the prompt of authentication failure is directly returned to the front end, and the authentication is ended, thereby improving the safety and effectiveness of authentication.

As described in step S813 above, if the comparison result of timestamp and timestampA or timestampB is the same, it means that timestampA for generating encryptUserID or timestampB for generating encryptPassword is the timestamp originally generated by the front end. In this case, it is considered that there is no problem with the timestamp timestampA used to generate the encryptUserID or the timestamp timestampB used to generate the encryptPassword, then the generation execution "determines whether the timestampA and timestampB are the same, the timestampA and timestampB are the same. Is the same" command to enter the corresponding authentication step.

In an embodiment, after the above steps S11, S804, S808 or S812 for not being authenticated, the method further includes:

Step S814, record the number of consecutive authentication failures;

Step S815: It is judged whether the number of consecutive authentication failures mentioned above reaches a set number of times;

Step S816, if yes, suspend the subsequent authentication work within the preset time.

As described in step S814 above, if the result of the authentication is that the authentication is not passed, that is, the authentication fails, the number of consecutive authentication failures is recorded. If any authentication succeeds, the subsequent authentication needs to recalculate the number of consecutive authentication failures. As described in step S8015, it is determined whether the number of consecutive authentication failures reaches a set number, such as 3 or 5 times. As described in step S8016 above, when the number of consecutive authentication failures reaches the set number (for example, 5 times), the authentication work in the subsequent predetermined time period (for example, 1 day) is suspended. In the case of multiple consecutive authentication failures, it may be that someone maliciously attempts to enter the system. Through this solution, the subsequent authentication work within a predetermined time period is suspended to avoid malicious attempts to enter the system and cause losses, and to improve the security of authentication.

In an embodiment, after the step S8016 of suspending the subsequent authentication work within the preset time, the method includes:

In step S8017, an early warning is issued to the management personnel.

As described in step S8017 above, if the number of consecutive authentication failures reaches the set number, the subsequent authentication work within the predetermined time period will be suspended, and an early warning reminder will be sent to the manager. The warning reminder can be sent to the manager by means of SMS, etc. A mobile terminal or a fixed monitoring system that you carry with you to remind the management personnel that someone is trying to enter the system (requiring safety certification) illegally, so that the management personnel can know and monitor the relevant situation in time and take measures to avoid losses.

In an embodiment, after the step S8016 of suspending the subsequent authentication work within the preset time, the method further includes:

Step S8018: Send an instruction to control the front end to turn on the front end camera to shoot the front end operator's portrait to the front end.

As described in step S8018, if the number of consecutive authentication failures reaches the set number, then while suspending the subsequent authentication work within the predetermined period of time, send an instruction to control the front-end camera to shoot the front-end operator's portrait to the front-end, open the front-end The camera takes a picture of the front-end operator. Therefore, when someone tries to enter the system illegally, the facial features of the operator are captured, and in case the system is illegally entered, causing losses, it can provide clues for finding the intruder or filing a case for investigation. The front-end operator's avatar captured by shooting can be stored locally or sent to a remote monitoring system for viewing or remote monitoring at any time.

3, an embodiment of the present application also provides a timestamp-based encryption and authentication system, including a front end 10 and a back end 20;

The aforementioned front-end 10 is used to obtain encrypted instructions, and the aforementioned encrypted instructions are generated by operations of front-end users;

Splicing the above randKey and the timestamp through the first preset separator to form an encryptKey;

Obtain userID and password, join the above userID and the above encryptKey through the second preset separator to form contactUserID; join the above password and the above encryptKey through the third preset separator to form contactPassword; where userID is the user name;

Encrypt the above contactUserID and the above contactPassword using an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword;

Transmit the above encryptUserID and the above encryptPassword to the backend;

The back end 20 is configured to receive the encryptUserID and the encryptPassword sent by the front end 10;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword, respectively, to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB, the backend pre-configures the private key;

Determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

If the aforementioned timestampA is the same as the aforementioned timestampB, and the aforementioned randKeyA is the same as the aforementioned randKeyB, then the aforementioned userID and the aforementioned Password are authenticated, and it is determined whether the authentication is successful;

If yes, it shall be certified;

If not, it will not be certified.

Referring to FIG. 4, an embodiment of the present application also provides a computer device. The computer device may be a server, and its internal structure may be as shown in FIG. 4. The computer equipment includes a processor, a memory, a network interface and a database connected by a system bus. Among them, the computer designed processor is used to provide calculation and control capabilities. The memory of the computer device includes a storage medium and an internal memory. The storage medium may be a volatile storage medium or a non-volatile storage medium. The storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the storage medium. The database of the computer equipment is used to store the encryptedUserID, encryptPassword, randKey, timestamp and other data transmitted from the front end. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer program is executed by the processor to implement the above-mentioned timestamp-based encryption method or the timestamp-based authentication method.

Those skilled in the art can understand that the structure shown in FIG. 4 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied.

An embodiment of the present application further provides a computer-readable storage medium. The computer-readable storage medium may be a volatile computer-readable storage medium or a non-volatile computer-readable storage medium. A computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the above-mentioned time-stamp-based encryption method or the above-mentioned time-stamp-based authentication method is implemented.

Persons of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by computer programs instructing relevant hardware. The above-mentioned computer programs can be stored in a storage medium, which can be non-transitory The storage medium may also be a non-volatile storage medium, and when the computer program is executed, it may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media provided in this application and used in the embodiments may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual-rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

It should be noted that, in this article, the terms "including", "including" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, device, article or method including a series of elements not only includes those elements, It also includes other elements that are not explicitly listed, or elements inherent to the process, device, article, or method. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, device, article, or method that includes the element.

The above are only the preferred embodiments of this application, and do not limit the scope of this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of this application, or directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of this application.

Claims

A time stamp-based encryption method, characterized in that it comprises the following steps:

The front-end obtains an encrypted instruction, the encrypted instruction is generated by the operation of the front-end user;

Generate randKey and get timestamp, where randKey is a random key value generated by the front end, and timestamp is the current timestamp;

Splicing the randKey and the timestamp through a first preset separator to form an encryptKey;

Obtain userID and password, join the userID and the encryptKey through a second preset separator to form a contactUserID; join the password and the encryptKey through a third preset separator to form a contactPassword; wherein, userID Is the username and password is the password;

The contactUserID and the contactPassword are respectively encrypted using a public key of an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword.
A timestamp-based authentication method for decrypting ciphertext encrypted according to the timestamp-based encryption method according to claim 1, characterized in that it comprises the following steps:

The back end receives the encryptUserID and the encryptPassword sent by the front end;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword respectively to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

Respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

If the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then authenticate the userID and the Password, and determine whether the authentication is successful;

If yes, it shall be certified;

If not, it will not be certified.
The time-stamp-based authentication method according to claim 2, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain a timestampServer, where the timestampServer is the current time obtained by the backend;

Calculating the absolute value m of the time difference between the timestampServer and the imestampA or the timestampB;

Judging whether the absolute value m is greater than a set threshold timeThreshold;

If it is, it will not be certified;

If not, it generates and executes a command of "respectively judging whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
The time-stamp-based authentication method according to claim 2, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain the randKey;

Determine whether the randKey is the same as the randKeyA or the randKeyB;

If not, it will not be certified;

If so, generate and execute a command to "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
The time-stamp-based authentication method according to claim 2, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain the timestamp;

Determine whether the timestamp is the same as the timestampA or the timestampB;

If not, it will not be certified;

If so, generate and execute a command to "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
The time-stamp-based authentication method according to claim 2, characterized in that, after the step of disabling authentication, the method further comprises:

Record the number of consecutive authentication failures;

Judging whether the number of consecutive authentication failures reaches a set number;

If yes, the subsequent authentication work within the preset time will be suspended.
The time-stamp-based authentication method according to claim 6, characterized in that, after the step of suspending subsequent authentication within a preset time, the method further comprises:

Sending an instruction for controlling the camera of the front end to shoot the portrait of the operator of the front end to the front end.
A timestamp-based encryption and authentication system, characterized in that it includes a front end and a back end;

The front end is used to obtain an encrypted instruction, and the encrypted instruction is generated by the operation of the front end user;

Generate randKey and get timestamp, where randKey is a random key value generated by the front end, and timestamp is the current timestamp;

Splicing the randKey and the timestamp through a first preset separator to form an encryptKey;

Obtain userID and password, join the userID and the encryptKey through a second preset separator to form a contactUserID; join the password and the encryptKey through a third preset separator to form a contactPassword; wherein, userID Is the username;

Encrypt the contactUserID and the contactPassword using an asymmetric encryption algorithm to obtain encryptUserID and encryptPassword;

The back end is configured to receive the encryptUserID and the encryptPassword sent by the front end;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword respectively to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

Respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

If the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then authenticate the userID and the Password, and determine whether the authentication is successful;

If yes, it shall be certified;

If not, it will not be certified.
A computer device comprising a memory and a processor, and a computer program is stored in the memory, wherein the processor executes a timestamp-based authentication method for decryption according to claim 1 The encrypted ciphertext based on the timestamp-based encryption method includes the following steps:

The back end receives the encryptUserID and the encryptPassword sent by the front end;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword respectively to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

Respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

If the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then authenticate the userID and the Password, and determine whether the authentication is successful;

If yes, it shall be certified;

If not, it will not be certified.
9. The computer device of claim 9, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain a timestampServer, where the timestampServer is the current time obtained by the backend;

Calculating the absolute value m of the time difference between the timestampServer and the imestampA or the timestampB;

Judging whether the absolute value m is greater than a set threshold timeThreshold;

If it is, it will not be certified;

If not, it generates and executes a command of "respectively judging whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
9. The computer device of claim 9, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain the randKey;

Determine whether the randKey is the same as the randKeyA or the randKeyB;

If not, it will not be certified;

If so, generate and execute a command to "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
9. The computer device of claim 9, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain the timestamp;

Determine whether the timestamp is the same as the timestampA or the timestampB;

If not, it will not be certified;

If so, generate and execute a command to "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
9. The computer device according to claim 9, characterized in that, after the step of not being authenticated, it further comprises:

Record the number of consecutive authentication failures;

Judging whether the number of consecutive authentication failures reaches a set number;

If yes, the subsequent authentication work within the preset time will be suspended.
The computer device according to claim 13, wherein after the step of suspending the subsequent authentication work within a preset time, the method further comprises:

Sending an instruction for controlling the camera of the front end to shoot the portrait of the operator of the front end to the front end.
A computer-readable storage medium with a computer program stored thereon, wherein the computer program implements a time-stamp-based authentication method when the computer program is executed by a processor, and the method is used for decryption according to claim 1 The encrypted ciphertext based on the timestamp-based encryption method includes the following steps:

The back end receives the encryptUserID and the encryptPassword sent by the front end;

Use a private key that matches the public key of the asymmetric encryption algorithm to decrypt the encryptUserID and the encryptPassword respectively to obtain the userID, randKeyA, timestampA, the password, randKeyB, and timestampB;

Respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same;

If the timestampA is the same as the timestampB, and the randKeyA is the same as the randKeyB, then authenticate the userID and the Password, and determine whether the authentication is successful;

If yes, it shall be certified;

If not, it will not be certified.
15. The computer-readable storage medium according to claim 15, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain a timestampServer, where the timestampServer is the current time obtained by the backend;

Calculating the absolute value m of the time difference between the timestampServer and the imestampA or the timestampB;

Judging whether the absolute value m is greater than a set threshold timeThreshold;

If it is, it will not be certified;

If not, it generates and executes a command of "respectively judging whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
15. The computer-readable storage medium according to claim 15, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain the randKey;

Determine whether the randKey is the same as the randKeyA or the randKeyB;

If not, it will not be certified;

If so, generate and execute a command to "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
15. The computer-readable storage medium according to claim 15, wherein before the step of separately determining whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same, the method further comprises:

Obtain the timestamp;

Determine whether the timestamp is the same as the timestampA or the timestampB;

If not, it will not be certified;

If so, generate and execute a command of "respectively determine whether the timestampA and the timestampB are the same, and whether the randKeyA and the randKeyB are the same".
15. The computer-readable storage medium according to claim 15, wherein after the step of disabling authentication, the method further comprises:

Record the number of consecutive authentication failures;

Judging whether the number of consecutive authentication failures reaches a set number;

If yes, the subsequent authentication work within the preset time will be suspended.
19. The computer-readable storage medium according to claim 19, wherein after the step of suspending subsequent authentication within a preset time, the method further comprises:

Sending an instruction for controlling the camera of the front end to shoot the portrait of the operator of the front end to the front end.