CN104580150A - Special identity authentication method for private network - Google Patents

Special identity authentication method for private network Download PDF

Info

Publication number
CN104580150A
CN104580150A CN201410721957.5A CN201410721957A CN104580150A CN 104580150 A CN104580150 A CN 104580150A CN 201410721957 A CN201410721957 A CN 201410721957A CN 104580150 A CN104580150 A CN 104580150A
Authority
CN
China
Prior art keywords
server
mobile terminal
dynamic password
terminal app
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410721957.5A
Other languages
Chinese (zh)
Inventor
汤亿则
黄红兵
陈银龙
徐志强
夏翔
陈建
王红凯
杨鸿珍
马平
翟佳
李军
彭瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority to CN201410721957.5A priority Critical patent/CN104580150A/en
Publication of CN104580150A publication Critical patent/CN104580150A/en
Pending legal-status Critical Current

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an identity authentication security system for accessing a private network from a mobile device, and particularly discloses a special identity authentication method for the private network. According to the method, a server, a dynamic password generating device and a mobile terminal APP are adopted, and the method is characterized in that the communication between the mobile terminal APP and the dynamic password generating device is transmitted through an audio port of the mobile device; the server is connected with the mobile terminal APP through a network; the mobile terminal APP is required to pass a gatekeeper when accessing the server, and the security is guaranteed through an encryption algorithm. By adopting the special identity authentication method for the private network for identity authentication, the benefits that the system not only guarantees the validity of the user's identification when private network data is accessed by outside network users, but also guarantees the convenience when the users at the outside network access the private network data are achieved.

Description

The identity identifying method that private network is special
Technical field
The present invention relates to a kind of for authentication safety system when logining private network from mobile device, the identity identifying method that particularly a kind of private network is special.
Background technology
The special identity authorization system of existing private network mainly adopts following three kinds of modes:
Username and password mode, usemame/password is the most also the most frequently used identity identifying method, and the password of each user is set by this user oneself, as long as therefore correctly can input password, computer just thinks that he is exactly this user.In fact, because many users forget Password to prevent, often adopting and easily being guessed that the significant character string arrived is as password by other people, or password is copied oneself think safe place at one, this all also exists many potential safety hazards, very easily causes password to reveal.Namely enable guarantee user cipher is not leaked, due to the data that password is static, and need to transmit in calculator memory He in network in proof procedure, and the authorization information that each proof procedure uses is all identical, be easy to reside in the trojan horse program in calculator memory or the intercepting and capturing of the audiomonitor in network.Therefore usemame/password mode is a kind of is the identification authentication mode be absolutely unsafe.
Dynamic password mode, dynamic-password technique adopts the method for one-time pad, effectively ensure that the fail safe of user identity.If but the time of mobile terminal APP hardware and server or number of times can not keep good synchronous, and the problem that validated user cannot log in just may occur.And also need by input through keyboard a lot of irregular password when user logs in, will redo once misunderstand or input by mistake, the use of user is very inconvenient at every turn.
Biological characteristic authentication mode, biological characteristic authentication, based on biometrics identification technology, by the impact of biometrics identification technology maturity till now, adopts biological characteristic authentication also to have larger limitation.First, the Stability and veracity of living things feature recognition need to improve, if particularly user's body is subject to impact that is sick and wounded or spot, often causes normally identifying, causes the situation that validated user cannot log in.Secondly, because Innovation Input is comparatively large and output is less, the cost of biological characteristic authentication system is very high, is suitable only for the very high occasion of some security requirements at present as the use such as bank, army, also cannot accomplishes spread.
Summary of the invention
The object of the invention is the identity identifying method providing a kind of fail safe private network that is high, that be easy to use and promote special to solve above-mentioned the deficiencies in the prior art.
The identity identifying method that private network is special, it is comprised the communication adopting server, dynamic password generation equipment and mobile terminal APP, mobile terminal APP to produce equipment with dynamic password and is transmitted by the audio port of mobile device, be connected by network between server with mobile terminal APP, to gateway be passed through during mobile terminal APP access services device, ensure fail safe through cryptographic algorithm, dynamic password produces equipment and first carries out initialization when producing, first time that dynamic password produces equipment and server is realized when shaking hands in production process, first matching unit coding, then server will produce and the following data corresponding to dynamic password generation equipment: foundation key key, creation-time Systrm_t1, communication data, communication mark, order mark, order time command_time and order number of times command_time, when dynamic password produces equipment first time insertion mobile device, the mobile terminal APP in mobile device can be activated, device coding in equipment RAM and foundation key key can be dealt into the mobile terminal APP in mobile device by dynamic password generation equipment, now mobile terminal APP generates a Customs Assigned Number according to the information of logining of operator, finally, device coding, foundation key key are sent to server by mobile terminal APP together with Customs Assigned Number, after server receives the information of mobile terminal APP transmission, whether first judgment device coding is effective, whether judgement basis key key is send first time simultaneously, if first time sends, server produces binding instruction and sends to mobile terminal APP, mobile terminal APP sends dynamic password again to and produces equipment, dynamic password produces equipment and receives laggard Customs Assigned Number and the device coding of being about to of instruction and bind, and the information that binding receives is sent to mobile terminal APP, mobile terminal APP is transmitted to server after receiving information, binding information is recorded after server receiving this information,
During binding success, dynamic password produces equipment and produces first dynamic password; Server also records time System_t2 now simultaneously, and the time System_t1 recorded when producing shake hands with server first time with Production development password draws difference T;
T= System_t2- System_t1
Then the time difference T obtained is clicked formula and is divided into K section:
Server produces the time deviation amount Δ T of equipment according to following formulae discovery server and dynamic password:
Wherein K 1be the section of current matching, what n represented is current access times; The maximum of n is 10, namely at most can only be accessed 10 times in same section;
Then server record Δ T, order time command_time and order creation-time command_create_num;
It is be transmitted to server after mobile terminal APP receives information that described dynamic password generation equipment produces first dynamic password, and concurrent order of losing one's life is to server, and order comprises device coding and Customs Assigned Number; After server receives orders, produce the instruction obtaining dynamic password, send to dynamic password to produce equipment by mobile terminal APP; After receiving the instruction obtaining dynamic password, whether first decision instruction is legal, legal, produces password and issues mobile terminal APP, and sends dynamic password acquisition successfully mark; Not conforming to rule notice mobile terminal APP obtains unsuccessfully; After equipment transmission dynamic password is to mobile terminal APP, mobile terminal APP sends to server dynamic password; In the server, server produces the deviation range of a dynamic password according to the time deviation that above-mentioned formulae discovery obtains; Complete the coupling of password in server, if in deviation range, then notify that mobile terminal APP can successfully login, and by current record match time; Otherwise notice mobile terminal APP directly exits; So far, whole system completes the process of authentication.
The major function of server of the present invention is mated instruction, password; Dynamic password produces equipment and mainly produces dynamic password; Mobile terminal mobile terminal APP is the bridge that connection server and dynamic password produce equipment, dynamic password is produced equipment and is connected by audio port with between mobile device, at this, described dynamic password produces that equipment is clock chip, self-powered, the dynamic password that carries internal memory produce equipment.
The identity identifying method adopting private network of the present invention special carries out authentication; its beneficial effect is: its dynamic password produces equipment self and has clock chip; self-powered; it is a kind of strong dynamic protection; both having ensure that the legitimacy of private network data user identity when being accessed by external user, in turn ensure that the convenience of user in extranet access private network data.
Accompanying drawing explanation
Fig. 1 is System's composition figure.
Fig. 2 produces initialization procedure figure.
Fig. 3 is binding procedure figure.
Fig. 4 is dynamic password matching process figure.
Embodiment
Below by embodiment, the invention will be further described.
Embodiment 1.
As Figure 1-4, the identity identifying method that a kind of private network that the present embodiment provides is special, it comprises employing server, dynamic password produces equipment and mobile terminal APP, as shown in Figure 1.The communication that mobile terminal APP produces equipment with dynamic password is transmitted by the audio port of mobile device; Be connected by network between server with mobile terminal APP; To gateway be passed through during mobile terminal APP access services device, ensure fail safe through cryptographic algorithm; Dynamic password produces equipment and first carries out initialization when producing, as shown in Figure 2, production process realizes first time that dynamic password produces equipment and server when shaking hands, first matching unit coding (server_no): now server will produce foundation key (basic_key), creation-time (System_t1), communication data (com_data), communication mark (com_ver), order indicate (command_ver), order time (command_time) and order number of times (command_num); When dynamic password produces equipment first time insertion mobile device, the mobile terminal APP in mobile device can be activated; Device coding in this equipment RAM and Binding key key can be dealt into the mobile terminal APP in mobile device by dynamic password generation equipment, now mobile terminal APP generates a Customs Assigned Number (user_no) according to the information of logining of operator, finally, dynamic password is produced the device coding of equipment by mobile terminal APP, Binding key key sends to server together with Customs Assigned Number (user_no); After server receives the information of mobile terminal APP transmission, first judge that whether the device coding of dynamic password generation equipment is effective, judge whether key is send first time simultaneously, judge that successfully, server generation binding instruction sends to mobile terminal APP, mobile terminal APP sends dynamic password again to and produces equipment, dynamic password produces after equipment receives instruction and binds, and the information that binding receives is sent to mobile terminal APP, and mobile terminal APP is transmitted to server after receiving information.
The present embodiment is when binding success, and dynamic password produces equipment and produces first dynamic password; Server also records time System_t2 now simultaneously.A difference is done with the time System_t1 of production process server record; Calculate the time interval:
T= System_t2- System_t1
As follows being divided into K section the interval time calculated:
In the process of the generation of dynamic password, server produces the time deviation amount Δ T of equipment according to following formulae discovery server and dynamic password:
Wherein K 1be the section of current matching, what n represented is current access times; The maximum of n is 10, namely at most can only be accessed 10 times in same section, this avoid and repeats dynamic code when accessing same section;
After have recorded time deviation, server will preserve Δ T, order time (command_time) and order creation-time (command_create_num);
It is be transmitted to server after mobile terminal APP receives information that described dynamic password generation equipment produces first dynamic password, concurrent order of losing one's life is to server, and order comprises device coding (server_no) and the Customs Assigned Number (user_no) that dynamic password produces equipment; After server receives orders, produce the instruction obtaining dynamic password, send to dynamic password to produce equipment by mobile terminal APP; After dynamic password generation equipment receives the instruction obtaining dynamic password, whether first decision instruction is legal, legal, and generation password is issued mobile terminal APP and sent dynamic password and obtains successful mark; Not conforming to rule notice mobile terminal APP obtains unsuccessfully; After dynamic password generation equipment transmission dynamic password is to mobile terminal APP, mobile terminal APP sends to server dynamic password; In the server, server produces the deviation range of a dynamic password according to the time deviation that above-mentioned formulae discovery obtains; Complete the coupling of password in server, if in deviation range, then notify that mobile terminal APP can successfully login, and by current record match time; Otherwise notice mobile terminal APP directly exits; So far, whole system completes the process of authentication.

Claims (1)

1. the identity identifying method that private network is special, it comprises employing server, dynamic password produces equipment and mobile terminal APP, it is characterized in that the communication that mobile terminal APP produces equipment with dynamic password is transmitted by the audio port of mobile device, be connected by network between server with mobile terminal APP, to gateway be passed through during mobile terminal APP access services device, ensure fail safe through cryptographic algorithm, dynamic password produces equipment and first carries out initialization when producing, first time that dynamic password produces equipment and server is realized when shaking hands in production process, first matching unit coding, then server will produce and the following data corresponding to dynamic password generation equipment: foundation key key, creation-time Systrm_t1, communication data, communication mark, order mark, order time command_time and order number of times command_time, when dynamic password produces equipment first time insertion mobile device, the mobile terminal APP in mobile device can be activated, device coding in equipment RAM and foundation key key can be dealt into the mobile terminal APP in mobile device by dynamic password generation equipment, now mobile terminal APP generates a Customs Assigned Number according to the information of logining of operator, finally, device coding, foundation key key are sent to server by mobile terminal APP together with Customs Assigned Number, after server receives the information of mobile terminal APP transmission, whether first judgment device coding is effective, whether judgement basis key key is send first time simultaneously, if first time sends, server produces binding instruction and sends to mobile terminal APP, mobile terminal APP sends dynamic password again to and produces equipment, dynamic password produces equipment and receives laggard Customs Assigned Number and the device coding of being about to of instruction and bind, and the information that binding receives is sent to mobile terminal APP, mobile terminal APP is transmitted to server after receiving information, binding information is recorded after server receiving this information,
During binding success, dynamic password produces equipment and produces first dynamic password; Server also records time System_t2 now simultaneously, and the time System_t1 recorded when producing shake hands with server first time with Production development password draws difference T;
T= System_t2- System_t1
Then the time difference T obtained is clicked formula and is divided into K section:
Server produces the time deviation amount Δ T of equipment according to following formulae discovery server and dynamic password:
Wherein K 1be the section of current matching, what n represented is current access times; The maximum of n is 10, namely at most can only be accessed 10 times in same section;
Then server record Δ T, order time command_time and order creation-time command_create_num;
It is be transmitted to server after mobile terminal APP receives information that described dynamic password generation equipment produces first dynamic password, and concurrent order of losing one's life is to server, and order comprises device coding and Customs Assigned Number; After server receives orders, produce the instruction obtaining dynamic password, send to dynamic password to produce equipment by mobile terminal APP; After receiving the instruction obtaining dynamic password, whether first decision instruction is legal, legal, produces password and issues mobile terminal APP, and sends dynamic password acquisition successfully mark; Not conforming to rule notice APP obtains unsuccessfully; After equipment transmission dynamic password is to mobile terminal APP, mobile terminal APP sends to server dynamic password; In the server, server produces the deviation range of a dynamic password according to the time deviation that above-mentioned formulae discovery obtains; Complete the coupling of password in server, if in deviation range, then notify that APP can successfully login, and by current record match time; Otherwise notice APP directly exits; So far, whole system completes the process of authentication.
CN201410721957.5A 2014-12-03 2014-12-03 Special identity authentication method for private network Pending CN104580150A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410721957.5A CN104580150A (en) 2014-12-03 2014-12-03 Special identity authentication method for private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410721957.5A CN104580150A (en) 2014-12-03 2014-12-03 Special identity authentication method for private network

Publications (1)

Publication Number Publication Date
CN104580150A true CN104580150A (en) 2015-04-29

Family

ID=53095331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410721957.5A Pending CN104580150A (en) 2014-12-03 2014-12-03 Special identity authentication method for private network

Country Status (1)

Country Link
CN (1) CN104580150A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1840814A1 (en) * 2006-03-17 2007-10-03 Hitachi Software Engineering Co., Ltd. Verification system
CN101783731A (en) * 2009-12-28 2010-07-21 北京飞天诚信科技有限公司 Display method of dynamic password and dynamic token
CN101800643A (en) * 2009-12-29 2010-08-11 北京飞天诚信科技有限公司 Method for processing time information and dynamic token
US20140109211A1 (en) * 2011-06-15 2014-04-17 Information Services International-Dentsu, Ltd. Authentication System and Authentication Method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1840814A1 (en) * 2006-03-17 2007-10-03 Hitachi Software Engineering Co., Ltd. Verification system
CN101783731A (en) * 2009-12-28 2010-07-21 北京飞天诚信科技有限公司 Display method of dynamic password and dynamic token
CN101800643A (en) * 2009-12-29 2010-08-11 北京飞天诚信科技有限公司 Method for processing time information and dynamic token
US20140109211A1 (en) * 2011-06-15 2014-04-17 Information Services International-Dentsu, Ltd. Authentication System and Authentication Method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
汤亿则等: "企业专用身份认证设备的研究", 《电子世界》 *

Similar Documents

Publication Publication Date Title
ES2741513T3 (en) Software based multi-channel polymorphic data obfuscation
US20140282992A1 (en) Systems and methods for securing the boot process of a device using credentials stored on an authentication token
CN106060078B (en) User information encryption method, register method and verification method applied to cloud platform
RU2013140418A (en) SAFE ACCESS TO PERSONAL HEALTH RECORDS IN EMERGENCIES
CN102638568A (en) Cloud storage system and data management method thereof
CN105099690A (en) OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN204904392U (en) Intelligent lock system is encrypted in high in clouds
KR20160081255A (en) A mobile terminal for providing one time password and methed thereof
US20150281211A1 (en) Network security
CN106161710A (en) A kind of user account safety management system based on smart mobile phone
CN103841097B (en) A kind of safe NAS authentication methods based on digital certificate
CN109740319B (en) Digital identity verification method and server
CN106549759A (en) Identity identifying method and device
Kim et al. Puf-based iot device authentication scheme on iot open platform
US10341110B2 (en) Securing user credentials
CN102868705B (en) Device for achieving network login certification by using dynamic passwords and using method of device
JP2016116203A (en) Authentication device, information terminal device, program, and authentication method
Tauber et al. Approaching the challenge of eID interoperability: An Austrian perspective
Angelogianni et al. How many FIDO protocols are needed? Surveying the design, security and market perspectives
CN203206256U (en) A mobile storage device
KR20140043836A (en) Communication system utilizing fingerprint information and use of the system
CN102647415A (en) Audio-interface-based method and system for providing identity authentication
CN104580150A (en) Special identity authentication method for private network
CN103929743B (en) A kind of encryption method to mobile intelligent terminal transmission data
Li Context-aware attribute-based techniques for data security and access control in mobile cloud environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20181204