CN107786501A - The method of car networking dynamic password verification based on SASL - Google Patents
The method of car networking dynamic password verification based on SASL Download PDFInfo
- Publication number
- CN107786501A CN107786501A CN201610728852.1A CN201610728852A CN107786501A CN 107786501 A CN107786501 A CN 107786501A CN 201610728852 A CN201610728852 A CN 201610728852A CN 107786501 A CN107786501 A CN 107786501A
- Authority
- CN
- China
- Prior art keywords
- client
- former
- server end
- character string
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The method of car networking dynamic password verification based on SASL, it is characterised in that including:Client process method:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;The generation cryptographic methods shared using client and server end, generate code data bag;According to the USE ID and code data bag of generation, packet is made, is sent to server;Server-side processes method:According to the sharing method II at client and server end, USE ID are decrypted into former ID;According to the sharing method III at client and server end, code data bag is decrypted into former ID, original password, chassis number, timestamp and interim key;The former ID obtained in the first step and second step is compared, judges whether unanimously, if inconsistent, directly to return to authentication failed.The application password can not have in transmission over networks, that is, remove the worry that password is ravesdropping from.
Description
Technical field
The present invention relates to car networking technology field, the side of especially a kind of car networking dynamic password verification based on SASL
Method.
Background technology
SASL be it is a kind of be used for expand C/S model checking ability authentication mechanism, full name Simple Authentication
And Security Layer. are when setting sasl, it is necessary to two pieces thing are determined, first, for exchanging " identification information " or identity
The authentication mechanism of certificate;Second, determine the checking framework of identification information storage method.Sasl authentication mechanism specification client with
The coding method of answering, transferring content between server;Sasl checking frameworks determine how server stores visitor in itself
The letter of identity at family end and the password how client offer is provided.If client can successfully pass checking, server end
The identity of user is then can determine that, and determines what kind of authority user has whereby.During using this mechanism, client and server
Same hidden cipher is shared, and this password does not pass through network transmission.Verification process is first to propose to address inquires to from server
Challenge starts, and client calculates a response response using this challenge and hidden cipher.Different
Challenge, it is impossible to calculate identical response;Any side for possessing secret password, can use phase
Same challenge calculates identical response.Therefore, if server compare client return response whether with
The response oneself calculated is identical, it is possible to knows whether the password that client is possessed is correct.SASL is to provide a kind of use
Whether family ID authentication mechanism, the account/password that can be simply considered for certification user are run into system or use
The service of system.
The content of the invention
The invention provides a kind of method of the car networking dynamic password verification based on SASL, initiate one by client and recognize
Card request, the inside includes information, the server ends such as hidden cipher and verified, and result is informed client, and password can not
Used in transmission over networks, that is, remove the worry that password is ravesdropping from.
On the one hand, the invention provides the method for the verification of the car networking dynamic password based on SASL, including:Client process
Method and server end processing method;
The client process method is:
S1:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;
S2:The generation cryptographic methods shared using client and server end, generate code data bag;
S3:According to the USE ID and code data bag of generation, packet is made, is sent to server;
Server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close
Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent,
Directly return to authentication failed.
Further, server-side processes method, in addition to:
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and with decrypting obtained timestamp
It is compared, if the time difference is more than certain time, authentication failed, otherwise carries out verifying below;
5th step:It is former using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number
Beginning password, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed.
Further, server-side processes method, in addition to:
6th step:If the original password that the 5th step obtains is consistent, judge whether interim key is empty, if sky, then
Generate interim key;
7th step:If user logs in for the first time, and is verified, then the interim key and the result of generation are made
Into packet, client is sent to;
If non-first time logs in, the result is only made packet, is sent to client;
If authentication failed, can failure the reason for, be sent to client.
Further, the sharing method I at the client and server end in the client process method is:
A, provide that former ID is N positions character string, character string is made up of letter and number, not comprising other characters;
B, using former ID each character as the leaf node of a complete binary tree, the group in the way of hierarchal arrangement
Into a complete binary tree;I.e. former ID first node is with node, while is the first node layer;Second node layer is 2
Node, from left to right respectively second character and the 3rd character, the like, form a complete y-bend with N number of character
Tree;
C, again N number of character combination into a new character string in the way of preamble travels through;I.e. according to first with node,
Left sibling afterwards, the most mode of rear right node generate new character string;
D, to newly-generated character string, base64 codings, generation USE ID are carried out.
Further, the method for generation code data bag is in the client process method:
P1. a character string is formed with former ID and H positions random number first, and CRC check, gained is carried out to this character string
CRC check value be clear-text passwords;
P2. the when m- UTC time of client is obtained;
P3. according to former ID, clear-text passwords, interim key, timestamp and chassis number, using CRAM-MD5 encryption method,
Generate original password;
P4. according to the sharing method IV at client and server end, former ID, original password, chassis number, timestamp and face
When key be made code data bag;
P5. newly-generated character string is exactly password.
Further, sharing method IV is:
1) arranged according to following form, form new character string:
Former ID original passwords<Chassis number timestamps>Interim key;
Wherein interim key is generated by server end, is issued to the key of client;
When user's first time game server, interim key is sky;Issued after logging in successfully from server end interim secret
Key, when being logged in after preservation next time, directly use.
2) character string newly formed is generated new character string in the way of base64 is encoded.
Further, the sharing method II at the client and server end in server-side processes method is specially:
A1. it is N positions character string to provide former ID, and character string is made up of letter and number, not comprising other characters;
A2. base64 decodings are carried out to USE ID, generates new character string.
A3. according to the requirement of complete binary tree, one is generated in the way of preamble travels through to new character string and completes two
Fork tree;Because character string only has 17 characters, therefore this complete binary tree is only of five storeys, both first next node, the second layer
2 nodes, 4 nodes of third layer, the 4th layer of 8 node;Layer 5 is only left 2 nodes;
A4. in the way of being layered and traveling through, this complete binary tree of generation is traveled through, finally just reverts to original
ID。
As further, the sharing method III at the client and server end in server-side processes method is specific
For:
11) passwords are to be decrypted into initial data according to following form
Former ID original passwords<Chassis number timestamps>Interim key
22) characters ">" below when there is no data, representative is user's first time game server, and now server needs
Generate interim key;And when to client response, interim key is sent to client.
The present invention can obtain following technique effect due to using above technical method:
1. using sharing method, ID is encrypted, to protect ID;
2. using shared encryption method, encryption data bag is generated, the data encryption in network, it is not easy to be cracked, pacify
Quan Xingyou preferably ensures;
3. adding time element, ensure that ageing.Message is only received within the specific limits to be only effectively, is prevented out
The problem of existing repeat logon;
4. password does not have to, in transmission over networks, avoid the worry that password is ravesdropping yet.
Brief description of the drawings
The shared width of accompanying drawing 1 of the present invention:
Fig. 1 is the method structure chart of the car networking dynamic password verification based on SASL.
Embodiment
To make the purpose, technical scheme and advantage of embodiments of the invention clearer, with reference to the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly completely described:
Embodiment 1
A kind of method of the car networking dynamic password verification based on SASL is present embodiments provided, including:Client process
Method and server end processing method;
The client process method is:
S1:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;
S2:The generation cryptographic methods shared using client and server end, generate code data bag;
S3:According to the USE ID and code data bag of generation, packet is made, is sent to server;
Server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close
Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent,
Directly return to authentication failed.
Embodiment 2
Present embodiments providing a kind of server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close
Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent,
Directly return to authentication failed;
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and with decrypting obtained timestamp
It is compared, if the time difference is more than certain time, such as outside 10 seconds, then authentication failed, otherwise carries out verifying below;
5th step:It is former using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number
Beginning password, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed.
Embodiment 3
Another server-side processes method is present embodiments provided, in addition to:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag is decrypted into former ID, original close
Code, chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent,
Directly return to authentication failed;
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and with decrypting obtained timestamp
It is compared, if the time difference is more than certain time, such as outside 10 seconds, then authentication failed, otherwise carries out verifying below;
5th step:It is former using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number
Beginning password, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed;
6th step:If the original password that the 5th step obtains is consistent, judge whether interim key is empty, if sky, then
Generate interim key;
7th step:If user logs in for the first time, and is verified, then the interim key and the result of generation are made
Into packet, client is sent to;
If non-first time logs in, the result is only made packet, is sent to client;
If authentication failed, can failure the reason for, be sent to client.
Embodiment 4
As the further supplement to embodiment 1, client and server end in the client process method is total to
Enjoying method I is:
A, provide that former ID is 17 character strings, character string is made up of letter and number, not comprising other characters;
B, using former ID each character as the leaf node of a complete binary tree, the group in the way of hierarchal arrangement
Into a complete binary tree;I.e. former ID first node is with node, while is the first node layer;Second node layer is 2
Node, from left to right respectively second character and the 3rd character, the like, form a complete y-bends with 17 characters
Tree;
C, again 17 character combinations into a new character string in the way of preamble travels through;I.e. according to first with section
Point, most rear left sibling, the mode of rear right node generate new character string;
D, to newly-generated character string, base64 codings, generation USE ID are carried out.
Embodiment 5
As the further supplement to embodiment 1 or 4, the method for generation code data bag in the client process method
For:
P1. a character string is formed with former ID and 15 random number first, and CRC check, institute is carried out to this character string
The CRC check value obtained is clear-text passwords;
P2. the when m- UTC time of client is obtained;
P3. according to former ID, clear-text passwords, interim key, timestamp and chassis number, using CRAM-MD5 encryption method,
Generate original password;
P4. according to the sharing method IV at client and server end, former ID, original password, chassis number, timestamp and face
When key be made code data bag;
P5. newly-generated character string is exactly password.
As preferable, sharing method IV is:
1) arranged according to following form, form new character string:
Former ID original passwords<Chassis number timestamps>Interim key;
Wherein interim key is generated by server end, is issued to the key of client;
When user's first time game server, interim key is sky;Issued after logging in successfully from server end interim secret
Key, when being logged in after preservation next time, directly use.
2) character string newly formed is generated new character string in the way of base64 is encoded.
Embodiment 6
As the further supplementary notes to embodiment 1-3, the client and server end in server-side processes method
Sharing method II be specially:
A1. it is 17 character strings to provide former ID, and character string is made up of letter and number, not comprising other characters;
A2. base64 decodings are carried out to USE ID, generates new character string;
A3. according to the requirement of complete binary tree, one is generated in the way of preamble travels through to new character string and completes two
Fork tree;Because character string only has 17 characters, therefore this complete binary tree is only of five storeys, both first next node, the second layer
2 nodes, 4 nodes of third layer, the 4th layer of 8 node;Layer 5 is only left 2 nodes;
A4. in the way of being layered and traveling through, this complete binary tree of generation is traveled through, finally just reverts to original
ID。
As preferable, the sharing method III at the client and server end in server-side processes method is specially:
11) passwords are to be decrypted into initial data according to following form
Former ID original passwords<Chassis number timestamps>Interim key
22) characters ">" below when there is no data, representative is user's first time game server, and now server needs
Generate interim key;And when to client response, interim key is sent to client.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art in the technical scope of present disclosure, technique according to the invention scheme and its
Inventive concept is subject to equivalent substitution or change, should all be included within the scope of the present invention.
Claims (8)
1. the method for the car networking dynamic password verification based on SASL, it is characterised in that including:Client process method and service
Device end processing method;
The client process method is:
S1:According to the sharing method I at client and server end, USE ID are generated as after former ID is encrypted;
S2:The generation cryptographic methods shared using client and server end, generate code data bag;
S3:According to the USE ID and code data bag of generation, packet is made, is sent to server;
Server-side processes method is:
The first step:According to the sharing method II at client and server end, USE ID are decrypted into former ID;
Second step:According to the sharing method III at client and server end, code data bag be decrypted into former ID, original password,
Chassis number, timestamp and interim key;
3rd step:The former ID obtained in the first step and second step is compared, judged whether unanimously, if inconsistent, directly
Return to authentication failed.
2. the method for the car networking dynamic password verification based on SASL according to claim 1, it is characterised in that server end
Processing method, in addition to:
4th step:If the 3rd step Central Plains ID is consistent, the timestamp of server end is obtained, and carry out with decrypting obtained timestamp
Compare, if the time difference is more than certain time, authentication failed, otherwise carry out verifying below;
5th step:It is original close using CRAM-MD5 decryption method, generation according to former ID, clear-text passwords, timestamp and chassis number
Code, and compared with decrypting obtained original password, judge whether unanimously, it is inconsistent, directly return to authentication failed.
3. the method for the car networking dynamic password verification based on SASL according to claim 2, it is characterised in that server end
Processing method, in addition to:
6th step:If the original password that the 5th step obtains is consistent, judge whether interim key is empty, if sky, is then generated
Interim key;
7th step:If user logs in for the first time, and is verified, then the interim key and the result of generation are made number
According to bag, client is sent to;
If non-first time logs in, the result is only made packet, is sent to client;
If authentication failed, failure the reason for, be sent to client.
4. the method for the car networking dynamic password verification based on SASL according to claim 1, it is characterised in that the client
The sharing method I at client and server end in the processing method of end is:
A, provide that former ID is N positions character string, character string is made up of letter and number, not comprising other characters;
B, using former ID each character as the leaf node of a complete binary tree, one is formed in the way of hierarchal arrangement
Complete binary tree;
C, again N number of character combination into a new character string in the way of preamble travels through;
D, to newly-generated character string, base64 codings, generation USE ID are carried out.
5. the method for the car networking dynamic password verification based on SASL according to claim 1 or 4, it is characterised in that described
The method of generation code data bag is in client process method:
P1. a character string is formed with former ID and H positions random number first, and CRC check is carried out to this character string, gained
CRC check value is clear-text passwords;
P2. the when m- UTC time of client is obtained;
P3. according to former ID, clear-text passwords, interim key, timestamp and chassis number, CRAM-MD5 encryption method, generation are used
Original password;
P4. according to the sharing method IV at client and server end, former ID, original password, chassis number, timestamp and interim secret
Key is made code data bag;
P5. newly-generated character string is exactly password.
6. the method for the car networking dynamic password verification based on SASL according to claim 5, it is characterised in that sharing method
IV is:
1) arranged according to following form, form new character string:
Former ID original passwords<Chassis number timestamps>Interim key;
Wherein interim key is generated by server end, is issued to the key of client;
When user's first time game server, interim key is sky;Interim key is issued from server end after logging in successfully, is protected
When being logged in after depositing next time, directly use;
2) character string newly formed is generated new character string in the way of base64 is encoded.
7. the method for the car networking dynamic password verification based on SASL according to claim 1, it is characterised in that server end
The sharing method II at the client and server end in processing method is specially:
A1. it is N positions character string to provide former ID, and character string is made up of letter and number, not comprising other characters;
A2. base64 decodings are carried out to USE ID, generates new character string;
A3. according to the requirement of complete binary tree, a completion binary tree is generated in the way of preamble travels through to new character string;
A4. in the way of being layered and traveling through, this complete binary tree of generation is traveled through, finally just reverts to former ID.
8. the method for the car networking dynamic password verification based on SASL according to claim 1 or 7, it is characterised in that service
The sharing method III at the client and server end in the processing method of device end is specially:
11) passwords are to be decrypted into initial data according to following form
Former ID original passwords<Chassis number timestamps>Interim key
22) characters ">" below when there is no data, representative is user's first time game server, and now server needs to generate
Interim key;And when to client response, interim key is sent to client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610728852.1A CN107786501A (en) | 2016-08-25 | 2016-08-25 | The method of car networking dynamic password verification based on SASL |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610728852.1A CN107786501A (en) | 2016-08-25 | 2016-08-25 | The method of car networking dynamic password verification based on SASL |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107786501A true CN107786501A (en) | 2018-03-09 |
Family
ID=61439136
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610728852.1A Pending CN107786501A (en) | 2016-08-25 | 2016-08-25 | The method of car networking dynamic password verification based on SASL |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107786501A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116382740A (en) * | 2023-04-10 | 2023-07-04 | 广州锦高信息科技有限公司 | Automatic upgrade release system and method for application software |
-
2016
- 2016-08-25 CN CN201610728852.1A patent/CN107786501A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116382740A (en) * | 2023-04-10 | 2023-07-04 | 广州锦高信息科技有限公司 | Automatic upgrade release system and method for application software |
CN116382740B (en) * | 2023-04-10 | 2023-11-14 | 广州锦高信息科技有限公司 | Automatic upgrade release system and method for application software |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2020797B1 (en) | Client-server Opaque token passing apparatus and method | |
US8897450B2 (en) | System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords | |
US11122047B2 (en) | Invitation links with enhanced protection | |
CN103634114B (en) | The verification method and system of intelligent code key | |
US8417949B2 (en) | Total exchange session security | |
CN106453361B (en) | A kind of security protection method and system of the network information | |
CN102868702B (en) | System login device and system login method | |
CN103685282A (en) | Identity authentication method based on single sign on | |
CN107566407A (en) | A kind of two-way authentication Security Data Transmission and storage method based on USBkey | |
CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
WO2009140663A1 (en) | Mobile device assisted secure computer network communications | |
CN107295011A (en) | The safety certifying method and device of webpage | |
CN104184743A (en) | Three-layer authentication system and method oriented to cloud computing platform | |
CN101938473A (en) | Single-point login system and single-point login method | |
CN106685973A (en) | Method and device for remembering log in information, log in control method and device | |
CN104125230B (en) | A kind of short message certification service system and authentication method | |
CN103475477A (en) | Safe authorized access method | |
CN108777673B (en) | Bidirectional identity authentication method in block chain | |
CN108400962A (en) | A kind of Authentication and Key Agreement method under multiserver framework | |
CN106850517A (en) | A kind of method, apparatus and system for solving intranet and extranet repeat logon | |
Feiri et al. | Efficient and secure storage of private keys for pseudonymous vehicular communication | |
CN107786338A (en) | Shared platform in dynamic password verification | |
CA2981202C (en) | Hashed data retrieval method | |
CN107786501A (en) | The method of car networking dynamic password verification based on SASL |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180309 |