CN107786501A - The method of car networking dynamic password verification based on SASL - Google Patents

The method of car networking dynamic password verification based on SASL Download PDF

Info

Publication number
CN107786501A
CN107786501A CN201610728852.1A CN201610728852A CN107786501A CN 107786501 A CN107786501 A CN 107786501A CN 201610728852 A CN201610728852 A CN 201610728852A CN 107786501 A CN107786501 A CN 107786501A
Authority
CN
China
Prior art keywords
client
former
server end
character string
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610728852.1A
Other languages
Chinese (zh)
Inventor
田雨农
宋涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian Roiland Technology Co Ltd
Original Assignee
Dalian Roiland Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian Roiland Technology Co Ltd filed Critical Dalian Roiland Technology Co Ltd
Priority to CN201610728852.1A priority Critical patent/CN107786501A/en
Publication of CN107786501A publication Critical patent/CN107786501A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The method of car networking dynamic password verification based on SASL, it is characterised in that including:Client process method:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;The generation cryptographic methods shared using client and server end, generate code data bag;According to the USE ID and code data bag of generation, packet is made, is sent to server;Server-side processes method:According to the sharing method II at client and server end, USE ID are decrypted into former ID;According to the sharing method III at client and server end, code data bag is decrypted into former ID, original password, chassis number, timestamp and interim key;The former ID obtained in the first step and second step is compared, judges whether unanimously, if inconsistent, directly to return to authentication failed.The application password can not have in transmission over networks, that is, remove the worry that password is ravesdropping from.

Description

The method of car networking dynamic password verification based on SASL
Technical field
The present invention relates to car networking technology field, the side of especially a kind of car networking dynamic password verification based on SASL Method.
Background technology
SASL be it is a kind of be used for expand C/S model checking ability authentication mechanism, full name Simple Authentication And Security Layer. are when setting sasl, it is necessary to two pieces thing are determined, first, for exchanging " identification information " or identity The authentication mechanism of certificate;Second, determine the checking framework of identification information storage method.Sasl authentication mechanism specification client with The coding method of answering, transferring content between server;Sasl checking frameworks determine how server stores visitor in itself The letter of identity at family end and the password how client offer is provided.If client can successfully pass checking, server end The identity of user is then can determine that, and determines what kind of authority user has whereby.During using this mechanism, client and server Same hidden cipher is shared, and this password does not pass through network transmission.Verification process is first to propose to address inquires to from server Challenge starts, and client calculates a response response using this challenge and hidden cipher.Different Challenge, it is impossible to calculate identical response;Any side for possessing secret password, can use phase Same challenge calculates identical response.Therefore, if server compare client return response whether with The response oneself calculated is identical, it is possible to knows whether the password that client is possessed is correct.SASL is to provide a kind of use Whether family ID authentication mechanism, the account/password that can be simply considered for certification user are run into system or use The service of system.
The content of the invention
The invention provides a kind of method of the car networking dynamic password verification based on SASL, initiate one by client and recognize Card request, the inside includes information, the server ends such as hidden cipher and verified, and result is informed client, and password can not Used in transmission over networks, that is, remove the worry that password is ravesdropping from.
On the one hand, the invention provides the method for the verification of the car networking dynamic password based on SASL, including:Client process Method and server end processing method;
The client process method is:
S1:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;
S2:The generation cryptographic methods shared using client and server end, generate code data bag;
S3:According to the USE ID and code data bag of generation, packet is made, is sent to server;
Server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent, Directly return to authentication failed.
Further, server-side processes method, in addition to:
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and with decrypting obtained timestamp It is compared, if the time difference is more than certain time, authentication failed, otherwise carries out verifying below;
5th step:It is former using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number Beginning password, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed.
Further, server-side processes method, in addition to:
6th step:If the original password that the 5th step obtains is consistent, judge whether interim key is empty, if sky, then Generate interim key;
7th step:If user logs in for the first time, and is verified, then the interim key and the result of generation are made Into packet, client is sent to;
If non-first time logs in, the result is only made packet, is sent to client;
If authentication failed, can failure the reason for, be sent to client.
Further, the sharing method I at the client and server end in the client process method is:
A, provide that former ID is N positions character string, character string is made up of letter and number, not comprising other characters;
B, using former ID each character as the leaf node of a complete binary tree, the group in the way of hierarchal arrangement Into a complete binary tree;I.e. former ID first node is with node, while is the first node layer;Second node layer is 2 Node, from left to right respectively second character and the 3rd character, the like, form a complete y-bend with N number of character Tree;
C, again N number of character combination into a new character string in the way of preamble travels through;I.e. according to first with node, Left sibling afterwards, the most mode of rear right node generate new character string;
D, to newly-generated character string, base64 codings, generation USE ID are carried out.
Further, the method for generation code data bag is in the client process method:
P1. a character string is formed with former ID and H positions random number first, and CRC check, gained is carried out to this character string CRC check value be clear-text passwords;
P2. the when m- UTC time of client is obtained;
P3. according to former ID, clear-text passwords, interim key, timestamp and chassis number, using CRAM-MD5 encryption method, Generate original password;
P4. according to the sharing method IV at client and server end, former ID, original password, chassis number, timestamp and face When key be made code data bag;
P5. newly-generated character string is exactly password.
Further, sharing method IV is:
1) arranged according to following form, form new character string:
Former ID original passwords<Chassis number timestamps>Interim key;
Wherein interim key is generated by server end, is issued to the key of client;
When user's first time game server, interim key is sky;Issued after logging in successfully from server end interim secret Key, when being logged in after preservation next time, directly use.
2) character string newly formed is generated new character string in the way of base64 is encoded.
Further, the sharing method II at the client and server end in server-side processes method is specially:
A1. it is N positions character string to provide former ID, and character string is made up of letter and number, not comprising other characters;
A2. base64 decodings are carried out to USE ID, generates new character string.
A3. according to the requirement of complete binary tree, one is generated in the way of preamble travels through to new character string and completes two Fork tree;Because character string only has 17 characters, therefore this complete binary tree is only of five storeys, both first next node, the second layer 2 nodes, 4 nodes of third layer, the 4th layer of 8 node;Layer 5 is only left 2 nodes;
A4. in the way of being layered and traveling through, this complete binary tree of generation is traveled through, finally just reverts to original ID。
As further, the sharing method III at the client and server end in server-side processes method is specific For:
11) passwords are to be decrypted into initial data according to following form
Former ID original passwords<Chassis number timestamps>Interim key
22) characters ">" below when there is no data, representative is user's first time game server, and now server needs Generate interim key;And when to client response, interim key is sent to client.
The present invention can obtain following technique effect due to using above technical method:
1. using sharing method, ID is encrypted, to protect ID;
2. using shared encryption method, encryption data bag is generated, the data encryption in network, it is not easy to be cracked, pacify Quan Xingyou preferably ensures;
3. adding time element, ensure that ageing.Message is only received within the specific limits to be only effectively, is prevented out The problem of existing repeat logon;
4. password does not have to, in transmission over networks, avoid the worry that password is ravesdropping yet.
Brief description of the drawings
The shared width of accompanying drawing 1 of the present invention:
Fig. 1 is the method structure chart of the car networking dynamic password verification based on SASL.
Embodiment
To make the purpose, technical scheme and advantage of embodiments of the invention clearer, with reference to the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly completely described:
Embodiment 1
A kind of method of the car networking dynamic password verification based on SASL is present embodiments provided, including:Client process Method and server end processing method;
The client process method is:
S1:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;
S2:The generation cryptographic methods shared using client and server end, generate code data bag;
S3:According to the USE ID and code data bag of generation, packet is made, is sent to server;
Server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent, Directly return to authentication failed.
Embodiment 2
Present embodiments providing a kind of server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent, Directly return to authentication failed;
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and with decrypting obtained timestamp It is compared, if the time difference is more than certain time, such as outside 10 seconds, then authentication failed, otherwise carries out verifying below;
5th step:It is former using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number Beginning password, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed.
Embodiment 3
Another server-side processes method is present embodiments provided, in addition to:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent, Directly return to authentication failed;
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and with decrypting obtained timestamp It is compared, if the time difference is more than certain time, such as outside 10 seconds, then authentication failed, otherwise carries out verifying below;
5th step:It is former using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number Beginning password, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed;
6th step:If the original password that the 5th step obtains is consistent, judge whether interim key is empty, if sky, then Generate interim key;
7th step:If user logs in for the first time, and is verified, then the interim key and the result of generation are made Into packet, client is sent to;
If non-first time logs in, the result is only made packet, is sent to client;
If authentication failed, can failure the reason for, be sent to client.
Embodiment 4
As the further supplement to embodiment 1, client and server end in the client process method is total to Enjoying method I is:
A, provide that former ID is 17 character strings, character string is made up of letter and number, not comprising other characters;
B, using former ID each character as the leaf node of a complete binary tree, the group in the way of hierarchal arrangement Into a complete binary tree;I.e. former ID first node is with node, while is the first node layer;Second node layer is 2 Node, from left to right respectively second character and the 3rd character, the like, form a complete y-bends with 17 characters Tree;
C, again 17 character combinations into a new character string in the way of preamble travels through;I.e. according to first with section Point, most rear left sibling, the mode of rear right node generate new character string;
D, to newly-generated character string, base64 codings, generation USE ID are carried out.
Embodiment 5
As the further supplement to embodiment 1 or 4, the method for generation code data bag in the client process method For:
P1. a character string is formed with former ID and 15 random number first, and CRC check, institute is carried out to this character string The CRC check value obtained is clear-text passwords;
P2. the when m- UTC time of client is obtained;
P3. according to former ID, clear-text passwords, interim key, timestamp and chassis number, using CRAM-MD5 encryption method, Generate original password;
P4. according to the sharing method IV at client and server end, former ID, original password, chassis number, timestamp and face When key be made code data bag;
P5. newly-generated character string is exactly password.
As preferable, sharing method IV is:
1) arranged according to following form, form new character string:
Former ID original passwords<Chassis number timestamps>Interim key;
Wherein interim key is generated by server end, is issued to the key of client;
When user's first time game server, interim key is sky;Issued after logging in successfully from server end interim secret Key, when being logged in after preservation next time, directly use.
2) character string newly formed is generated new character string in the way of base64 is encoded.
Embodiment 6
As the further supplementary notes to embodiment 1-3, the client and server end in server-side processes method Sharing method II be specially:
A1. it is 17 character strings to provide former ID, and character string is made up of letter and number, not comprising other characters;
A2. base64 decodings are carried out to USE ID, generates new character string;
A3. according to the requirement of complete binary tree, one is generated in the way of preamble travels through to new character string and completes two Fork tree;Because character string only has 17 characters, therefore this complete binary tree is only of five storeys, both first next node, the second layer 2 nodes, 4 nodes of third layer, the 4th layer of 8 node;Layer 5 is only left 2 nodes;
A4. in the way of being layered and traveling through, this complete binary tree of generation is traveled through, finally just reverts to original ID。
As preferable, the sharing method III at the client and server end in server-side processes method is specially:
11) passwords are to be decrypted into initial data according to following form
Former ID original passwords<Chassis number timestamps>Interim key
22) characters ">" below when there is no data, representative is user's first time game server, and now server needs Generate interim key;And when to client response, interim key is sent to client.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto, Any one skilled in the art in the technical scope of present disclosure, technique according to the invention scheme and its Inventive concept is subject to equivalent substitution or change, should all be included within the scope of the present invention.

Claims (8)

1. the method for the car networking dynamic password verification based on SASL, it is characterised in that including:Client process method and service Device end processing method;
The client process method is:
S1:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;
S2:The generation cryptographic methods shared using client and server end, generate code data bag;
S3:According to the USE ID and code data bag of generation, packet is made, is sent to server;
Server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag be decrypted into former ID, original password, Chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent, directly Return to authentication failed.
2. the method for the car networking dynamic password verification based on SASL according to claim 1, it is characterised in that server end Processing method, in addition to:
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and carry out with decrypting obtained timestamp Compare, if the time difference is more than certain time, authentication failed, otherwise carry out verifying below;
5th step:It is original close using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number Code, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed.
3. the method for the car networking dynamic password verification based on SASL according to claim 2, it is characterised in that server end Processing method, in addition to:
6th step:If the original password that the 5th step obtains is consistent, judge whether interim key is empty, if sky, is then generated Interim key;
7th step:If user logs in for the first time, and is verified, then the interim key and the result of generation are made number According to bag, client is sent to;
If non-first time logs in, the result is only made packet, is sent to client;
If authentication failed, failure the reason for, be sent to client.
4. the method for the car networking dynamic password verification based on SASL according to claim 1, it is characterised in that the client The sharing method I at client and server end in the processing method of end is:
A, provide that former ID is N positions character string, character string is made up of letter and number, not comprising other characters;
B, using former ID each character as the leaf node of a complete binary tree, one is formed in the way of hierarchal arrangement Complete binary tree;
C, again N number of character combination into a new character string in the way of preamble travels through;
D, to newly-generated character string, base64 codings, generation USE ID are carried out.
5. the method for the car networking dynamic password verification based on SASL according to claim 1 or 4, it is characterised in that described The method of generation code data bag is in client process method:
P1. a character string is formed with former ID and H positions random number first, and CRC check is carried out to this character string, gained CRC check value is clear-text passwords;
P2. the when m- UTC time of client is obtained;
P3. according to former ID, clear-text passwords, interim key, timestamp and chassis number, CRAM-MD5 encryption method, generation are used Original password;
P4. according to the sharing method IV at client and server end, former ID, original password, chassis number, timestamp and interim secret Key is made code data bag;
P5. newly-generated character string is exactly password.
6. the method for the car networking dynamic password verification based on SASL according to claim 5, it is characterised in that sharing method IV is:
1) arranged according to following form, form new character string:
Former ID original passwords<Chassis number timestamps>Interim key;
Wherein interim key is generated by server end, is issued to the key of client;
When user's first time game server, interim key is sky;Interim key is issued from server end after logging in successfully, is protected When being logged in after depositing next time, directly use;
2) character string newly formed is generated new character string in the way of base64 is encoded.
7. the method for the car networking dynamic password verification based on SASL according to claim 1, it is characterised in that server end The sharing method II at the client and server end in processing method is specially:
A1. it is N positions character string to provide former ID, and character string is made up of letter and number, not comprising other characters;
A2. base64 decodings are carried out to USE ID, generates new character string;
A3. according to the requirement of complete binary tree, a completion binary tree is generated in the way of preamble travels through to new character string;
A4. in the way of being layered and traveling through, this complete binary tree of generation is traveled through, finally just reverts to former ID.
8. the method for the car networking dynamic password verification based on SASL according to claim 1 or 7, it is characterised in that service The sharing method III at the client and server end in the processing method of device end is specially:
11) passwords are to be decrypted into initial data according to following form
Former ID original passwords<Chassis number timestamps>Interim key
22) characters ">" below when there is no data, representative is user's first time game server, and now server needs to generate Interim key;And when to client response, interim key is sent to client.
CN201610728852.1A 2016-08-25 2016-08-25 The method of car networking dynamic password verification based on SASL Pending CN107786501A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610728852.1A CN107786501A (en) 2016-08-25 2016-08-25 The method of car networking dynamic password verification based on SASL

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610728852.1A CN107786501A (en) 2016-08-25 2016-08-25 The method of car networking dynamic password verification based on SASL

Publications (1)

Publication Number Publication Date
CN107786501A true CN107786501A (en) 2018-03-09

Family

ID=61439136

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610728852.1A Pending CN107786501A (en) 2016-08-25 2016-08-25 The method of car networking dynamic password verification based on SASL

Country Status (1)

Country Link
CN (1) CN107786501A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116382740A (en) * 2023-04-10 2023-07-04 广州锦高信息科技有限公司 Automatic upgrade release system and method for application software

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116382740A (en) * 2023-04-10 2023-07-04 广州锦高信息科技有限公司 Automatic upgrade release system and method for application software
CN116382740B (en) * 2023-04-10 2023-11-14 广州锦高信息科技有限公司 Automatic upgrade release system and method for application software

Similar Documents

Publication Publication Date Title
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
US8897450B2 (en) System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords
US11122047B2 (en) Invitation links with enhanced protection
CN103634114B (en) The verification method and system of intelligent code key
US8417949B2 (en) Total exchange session security
CN106453361B (en) A kind of security protection method and system of the network information
CN102868702B (en) System login device and system login method
CN103685282A (en) Identity authentication method based on single sign on
CN107566407A (en) A kind of two-way authentication Security Data Transmission and storage method based on USBkey
CN106060078B (en) User information encryption method, register method and verification method applied to cloud platform
CN103179134A (en) Single sign on method and system based on Cookie and application server thereof
WO2009140663A1 (en) Mobile device assisted secure computer network communications
CN107295011A (en) The safety certifying method and device of webpage
CN104184743A (en) Three-layer authentication system and method oriented to cloud computing platform
CN101938473A (en) Single-point login system and single-point login method
CN106685973A (en) Method and device for remembering log in information, log in control method and device
CN104125230B (en) A kind of short message certification service system and authentication method
CN103475477A (en) Safe authorized access method
CN108777673B (en) Bidirectional identity authentication method in block chain
CN108400962A (en) A kind of Authentication and Key Agreement method under multiserver framework
CN106850517A (en) A kind of method, apparatus and system for solving intranet and extranet repeat logon
Feiri et al. Efficient and secure storage of private keys for pseudonymous vehicular communication
CN107786338A (en) Shared platform in dynamic password verification
CA2981202C (en) Hashed data retrieval method
CN107786501A (en) The method of car networking dynamic password verification based on SASL

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180309