CN108737346B - Password verification method and device, server and communication system - Google Patents

Password verification method and device, server and communication system Download PDF

Info

Publication number
CN108737346B
CN108737346B CN201710265319.0A CN201710265319A CN108737346B CN 108737346 B CN108737346 B CN 108737346B CN 201710265319 A CN201710265319 A CN 201710265319A CN 108737346 B CN108737346 B CN 108737346B
Authority
CN
China
Prior art keywords
password
bit
random
digit
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710265319.0A
Other languages
Chinese (zh)
Other versions
CN108737346A (en
Inventor
司徒铨标
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gree Electric Appliances Inc of Zhuhai
Original Assignee
Gree Electric Appliances Inc of Zhuhai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gree Electric Appliances Inc of Zhuhai filed Critical Gree Electric Appliances Inc of Zhuhai
Priority to CN201710265319.0A priority Critical patent/CN108737346B/en
Publication of CN108737346A publication Critical patent/CN108737346A/en
Application granted granted Critical
Publication of CN108737346B publication Critical patent/CN108737346B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to the field of communications technologies, and in particular, to a password authentication method, a password authentication device, a server, and a communication system. The method comprises the steps of obtaining a password to be verified; determining each random bit of the random number and a calculated bit number of each random bit on a preset number axis, wherein each random bit and the calculated bit number are used for indicating a user to calculate a password to be verified; calculating a standard password according to each random bit and the calculated digit; and determining an authentication result according to the password to be authenticated and the standard password. Because the calculated digit of each random digit on the preset digit axis can be the same or different, and each random digit of the random numbers can be the same or different, the password to be verified or the standard password at each time is dynamically changed, and the calculation process is based on the preset digit axis, however, the preset digit axis comprises a plurality of different preset values, so that the illegal personnel are difficult to decrypt, and the password verification method can improve the safety of information.

Description

Password verification method and device, server and communication system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a password authentication method, a password authentication device, a server, and a communication system.
Background
Information security has been a topic of social advices. At present, an asymmetric encryption algorithm can basically meet the encryption safety of information, but because the safety consciousness of a user is weak, the password is set very simply, or the password is leaked in an accidental mode (such as the password is not blocked in the password input process), and the information safety of the user is greatly influenced.
The conventional technology provides a dynamic password authentication method, wherein a user calculates a code to be verified according to a random number and a preset value, a terminal sends the code to be verified to a server, and the server compares a preset correct verification code with the code to be verified to determine a verification result.
In the process of implementing the invention, the inventor finds that the related traditional technology has at least the following differences: because the preset value is fixed and unchangeable, some illegal persons obtain different random numbers and the verification codes corresponding to the random numbers by other illegal means, and easily dump the encryption logic of the verification codes calculated by the login module, for example, the preset value is 12, the first random number is 6, and the first verification code is 18; the second random number is 51 and the second authentication code is 63. The illegal person can obtain the random number and the verification code twice by other illegal means, and can deduce that the preset value is 12, so that the illegal person can easily calculate the verification code to be 35 when the third random number is 23.
Disclosure of Invention
An object of the embodiments of the present invention is to provide a password authentication method and apparatus, a server, and a communication system, which solve the technical problem of poor security of password authentication in the prior art.
In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:
in a first aspect, an embodiment of the present invention discloses a password authentication method, where the method includes: acquiring a password to be verified; determining each random bit of a random number and a dead reckoning number of each random bit on a preset number axis, wherein each random bit and the dead reckoning number are used for indicating a user to calculate the password to be verified; calculating a standard password according to each random bit and the calculated digit; and determining an authentication result according to the password to be authenticated and the standard password.
Optionally, each random bit and the dead reckoning bit are used to instruct the user to calculate the password to be verified, including: each random bit is used for instructing a user to determine a preset numerical value equal to each random bit on a preset numerical axis; the calculated digit is used for indicating a user to circularly calculate the corresponding password bit of the password to be verified on a preset digit axis by taking the preset numerical value as a starting point, the digit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the digit obtained by subtracting a natural number from the calculated digit.
Optionally, the preset number axis includes a number axis composed of natural numbers N, where the natural number N is any one of 0 to 9, and the natural number N is a preset number.
Optionally, the estimated direction of the estimated digit at least includes a positive estimated direction and a negative estimated direction on the preset digit axis.
Optionally, the determining the dead reckoning number of each random bit on the preset number axis includes: judging the calculation direction of each random bit on a preset number axis; if the calculation direction of each random bit on the preset number axis is a positive calculation direction, determining the calculation digit number of each random bit on the preset number axis as a positive calculation digit number; and if the calculation direction of each random bit on the preset number axis is a negative calculation direction, determining that the calculation bit number of each random bit on the preset number axis is a negative calculation bit number.
Optionally, the calculating a standard password according to each random bit and the dead reckoning number includes: calculating each password bit of the standard password according to the verification formula; combining each password bit into the standard password; wherein the verification formula is:
A(n)={RANDOM(n)+RULE(n)+10}%10
a (n) represents the nth cipher bit of the standard cipher, RANDOM (n) represents the nth random bit of the random number, RULE (n) represents the dead number corresponding to the dead number, the dead number corresponding to the positive dead number comprises 0, 1, 2, 3, 4 and 5, the dead number corresponding to the dead number comprises-5, -4, -3, -2 and-1, and% represents the modulus operation.
Optionally, before determining each random bit of the random number and the number of dead reckoning bits of each random bit on the preset number axis, the method further includes: when the random number is detected to be larger than the preset time, the random number is generated again; and when the random number is detected to be smaller than the preset time, determining that the random number is effective.
Optionally, the determining an authentication result according to the password to be authenticated and the standard password includes: judging whether the password to be verified is the same as the standard password or not; if the verification result is the same, the verification is determined to be successful; and if not, determining that the verification fails.
In a second aspect, an embodiment of the present invention provides a password authentication apparatus, where the apparatus includes: the acquisition module is used for acquiring the password to be verified; the first determining module is used for determining each random bit of a random number and a calculated number of the random bit on a preset number axis, wherein each random bit and the calculated number are used for indicating a user to calculate the password to be verified; the calculation module is used for calculating a standard password according to each random bit and the calculated digit; and the second determining module is used for determining an authentication result according to the password to be authenticated and the standard password.
Optionally, each random bit and the dead reckoning bit are used to instruct the user to calculate the password to be verified, including: each random bit is used for instructing a user to determine a preset numerical value equal to each random bit on a preset numerical axis; the calculated digit is used for indicating a user to circularly calculate the corresponding password bit of the password to be verified on a preset digit axis by taking the preset numerical value as a starting point, the digit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the digit obtained by subtracting a natural number from the calculated digit.
Optionally, the preset number axis includes a number axis composed of natural numbers N, where the natural number N is any one of 0 to 9, and the natural number N is a preset number.
Optionally, the estimated direction of the estimated digit at least includes a positive estimated direction and a negative estimated direction on the preset digit axis.
Optionally, the first determining module includes: the first judging unit is used for judging the calculation direction of each random bit on a preset number axis; the first determining unit is used for determining the estimated digit number of each random bit on the preset digit axis as a positive estimated digit number if the estimated direction of each random bit on the preset digit axis is a positive estimated direction; and the second determining unit is used for determining the estimated digit number of each random bit on the preset digit axis as a negative estimated digit if the estimated direction of each random bit on the preset digit axis is a negative estimated direction.
Optionally, the calculation module includes: the computing unit is used for computing each password bit of the standard password according to the verification formula; a combination unit for combining each cipher bit into the standard cipher;
wherein the verification formula is:
A(n)={RANDOM(n)+RULE(n)+10}%10
a (n) represents the nth password bit of the standard password, RANDOM (n) represents the random bit corresponding to the nth password bit, RULE (n) represents the dead reckoning number corresponding to the dead reckoning direction of the nth password bit, the dead reckoning range corresponding to the positive dead reckoning number comprises 0, 1, 2, 3, 4 and 5, the dead reckoning range corresponding to the negative dead reckoning number comprises-5, -4, -3, -2 and-1, and the percentage represents the modulus operation.
Optionally, the apparatus further comprises: the generation module is used for regenerating the random number when the random number is detected to be larger than the preset time; and the third determining module is used for determining that the random number is effective when the random number is detected to be smaller than the preset time.
Optionally, the second determining module includes: the second judging unit is used for judging whether the password to be verified is the same as the standard password or not; the third determining unit is used for determining that the verification is successful if the verification is the same; and the fourth determining unit is used for determining that the verification fails if the verification is different from the verification.
In a third aspect, an embodiment of the present invention provides a server, where the server includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the above password authentication methods.
In a fourth aspect, an embodiment of the present invention provides a communication system, where the communication system includes a terminal and at least one server, where the at least one server communicates with the terminal; the server includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the above password authentication methods.
In each embodiment of the invention, when password authentication is carried out, each random bit of a random number and the calculated bit number of each random bit on a preset number axis are determined by obtaining a password to be authenticated, wherein each random bit and the calculated bit number are used for indicating a user to calculate the password to be authenticated, a standard password is calculated according to each random bit and the calculated bit number, and an authentication result is determined according to the password to be authenticated and the standard password. Because the calculated digit of each random digit on the preset digit axis can be the same or different, and each random digit of the random numbers can be the same or different, when the password or the standard password to be verified is calculated, the password or the standard password to be verified is dynamically changed each time, and the calculation process is based on the preset digit axis, but the preset digit axis comprises a plurality of different preset values, so that illegal persons are difficult to decrypt, even if the illegal persons obtain different random numbers and passwords to be verified by other illegal means, the encryption logic can not be easily deduced, and therefore, the password verification method can improve the safety of information.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
Fig. 1 is a schematic diagram of an application scenario of a dynamic password provided in an embodiment of the present invention;
FIG. 2 is a schematic diagram of an application scenario of providing another dynamic password according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a communication system according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a server according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a password verification apparatus according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of the structure of the first determination module of FIG. 5;
FIG. 7 is a schematic diagram of the structure of the computing module of FIG. 5;
FIG. 8 is a schematic diagram of the structure of the second determination module of FIG. 5;
FIG. 9 is a schematic diagram of a password verification apparatus according to another embodiment of the present invention;
FIG. 10 is a flowchart illustrating a method for password authentication according to an embodiment of the present invention;
FIG. 11 is a schematic flow chart of step 62 of FIG. 10;
fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
When a user logs in an application program or performs some important services, the password needs to be verified. The embodiment of the invention provides an application scene of a dynamic password. As shown in fig. 1, the application scenario 100 includes the following elements: the automatic teller machine 12 is connected with the server 13 through a wireless or wired mode.
In some embodiments, the atm 12 may also be various electronic devices with logic operation functions, such as mobile communication devices, ultra-mobile personal computer devices, portable entertainment devices, other electronic devices with video playing and internet access functions, and so on.
Mobile communication devices are equipped with mobile communication functions and are primarily aimed at providing voice, data communications. Such terminals include smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
The ultra-mobile personal computer equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
Portable entertainment devices can display and play video content, and generally also have mobile internet access features. This type of device comprises: video players, handheld game consoles, and intelligent toys and portable car navigation devices.
The server 13 may be a physical server or a logical server virtualized from a plurality of physical servers. The server 13 may be a server cluster composed of a plurality of servers capable of communicating with each other, and each functional module providing the dynamic password authentication apparatus may be distributed on each server in the server cluster.
As shown in fig. 1, a user a 11 inserts a bank card into an atm 12, the atm 12 applies to a server 13 for generating a random number with N-bit random bits, so that the server 13 sends the random number to the atm 12 of the corresponding port, and the random number is presented to the user a 11 by a display interface of the atm 12, and the user can calculate a password to be authenticated by combining the random number according to a preset calculation rule, and input the password to be authenticated in a user interface of the atm 12. The automatic teller machine 12 sends the password to be verified to the server 13, and the server 13 calculates the standard password again according to the calculation rule, and the standard password is correct. The server 13 compares the standard password with the password to be verified, and if the comparison result meets the preset expected value, the server 13 considers that the user A is a legal user, and the related operation authority can be opened to the user A. If the comparison result does not meet the preset expected value, the server 13 considers the user A as an illegal user and forbids opening the related authority to the user A. In some embodiments, the expected value may be various, for example, it may be "the password to be verified is the same as the standard password", or it may be "the difference between the password to be verified and the standard password is a fixed value, for example, 5", or even "the password to be verified and the standard password conform to a certain functional relationship", and so on.
In some application scenarios, the atm 12 and the server 13 may be integrated into a single module implementing the function related to the password authentication function, that is: the server 13 may be integrated with the atm 12, and therefore, in some application scenarios, as shown in fig. 2, the server 13 may be omitted, and only the atm 12 may be reserved.
To further illustrate the password authentication method provided in the embodiment of the present invention, as shown in fig. 3, the embodiment of the present invention provides a communication system, where the communication system 300 includes a terminal 31 and a plurality of servers 32, and the terminal 31 communicates with the plurality of servers 32 in a wireless manner respectively.
The user performs an operation at the terminal 31, for example, an operation of activating a password is performed at the terminal 31. The terminal 31 applies to the server 32 for generation of a random number having N-bit random bits (e.g., the random number is 12, so the random number 12 has two random bits 1 and 2). In some embodiments, the random number may be dynamically generated by the server 32, and may also be a number of days, hours, and so on, with reference to the time. E.g., 2017-03-2811: 03:01, the first digit of the month and the first digit of the hour may be extracted as cardinalities, e.g., "3" in 3 months, "1" in 11 hours.
The server 32 issues the random number to the terminal 31 of the corresponding port. The user calculates the password to be verified according to the random number and the calculation rule, inputs the password to be verified through the user interface of the terminal 31, and the terminal 31 sends the password to be verified to the server 32.
The rule corresponding to each bit of cipher value (also called cipher bit value) in the standard cipher determined by the calculation rule needs to be preset by a user. For example, the first bit cipher value of the standard cipher is set as a value determined by forward-calculating two bits from a corresponding preset value in a preset number axis of a third bit random value of the random number, wherein the preset number axis includes a number axis composed of natural numbers N, where the natural numbers N are any one of 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9, and the natural numbers N are preset values, for example, the random number is 4582, then the calculation process of the first bit cipher value of the standard cipher is as follows: the third bit of the random number has a random value of 8, and the corresponding predetermined value of the random bit "8" in the predetermined number axis 0-9 is "8" (if the random bit is "6", the corresponding predetermined value is "6"), so that the predetermined value "8" estimates 2 bits (the estimated number is 2) on the predetermined number axis, and the estimated value falls on "6", and thus, the first code value of the standard code is "6". Thus, each random bit is used to instruct the user to determine a predetermined number on the predetermined number axis that is equal to each random bit. The calculated digit is used for indicating a user to circularly calculate the corresponding password bit of the password to be verified on the preset digit axis by taking the preset numerical value as a starting point, the digit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the calculated digit minus one of the natural number. (As in the above example, the first bit of the cipher bit "6" is spaced 1 bit from the predetermined value "8", the 1 bit being equal to the number of dead reckoning bits 2 minus the natural number 1).
In this embodiment, the calculation rule is as follows:
1) setting the password digit of a standard password by a user; for example, an embodiment of the present invention selects a standard 4-digit password.
2) Setting a first digit of a standard password; for example, the digit of the random number is selected to be forward-predicted or backward-predicted, wherein forward prediction is negative (-) and backward prediction is positive (+). In some embodiments, the user may also customize the fixed number as the first digit of the annotated password.
3) Setting a second digit of the standard password; for example, the digit of the random number is selected to be forward-predicted or backward-predicted, wherein forward prediction is negative (-) and backward prediction is positive (+).
4) Setting a third bit of the standard password; for example, the digit of the random number is selected to be forward-predicted or backward-predicted, wherein forward prediction is negative (-) and backward prediction is positive (+).
……
……
5) Setting the Nth bit of the standard password; for example, the digit of the random number is selected to be forward-predicted or backward-predicted, wherein forward prediction is negative (-) and backward prediction is positive (+).
6) The setup is complete.
When the user sets each password bit, various options are available. The setting of the random digit of the random number is limited by the system built-in or the random digit of the random number set by the user. Also, it is noteworthy that: the number of random bits of the random number is not necessarily equal to the number of secret bits of the standard password.
In some embodiments, when the user sets the above calculation rule at the terminal 31, the user needs a certain authority, and only the authority for setting the calculation rule is opened, so that the user can customize the calculation rule. For example, in a banking system, the calculation rule set on the terminal side should be grasped by a bank leader or other bank staff member having the highest authority. Each time the calculation rule at the terminal side is set, the terminal 31 needs to detect whether the user has the corresponding authority.
Based on the above calculation rule, an example is provided here again to assist understanding of the calculation rule.
The server 32 issues a random number 1369 to the terminal 31, where the first bit of the standard password is set as: forward dead reckoning the 2 nd bit of the random number by 5 bits (the dead reckoning number is 5); the second bit cipher bit of the standard cipher is set as: backward calculating the 1 st bit of the random number by 3 bits; the third bit of the standard password is set as: bit 3 of the random number is forward calculated by bit 3; the fourth password bit of the standard password is set as: bit 4 of the random number back-estimates 8.
Then, based on the above calculation rule, the calculated standard password is: the first bit is 8; the second bit is: 4; the third position is: 3; the fourth bit is: 7. thus, the standard code is 8437.
After the terminal 31 receives the password to be authenticated input by the user at the user interface, the server 32 responds to the request of the terminal 31 and acquires the password to be authenticated from the terminal 31. The server 32 then retrieves the random number corresponding to the password to be authenticated and determines each random bit of the random number and the estimated number of each random bit on the predetermined number axis. In some embodiments, the dead reckoning direction of the dead reckoning includes at least a positive dead reckoning direction and a negative dead reckoning direction on the predetermined number axis, and therefore, the server 32 determines the dead reckoning direction of each random bit on the predetermined number axis when determining the dead reckoning direction of each random bit on the predetermined number axis; if the calculation direction of each random bit on the preset number axis is a positive calculation direction, determining the calculation bit number of each random bit on the preset number axis as a positive calculation bit number; and if the calculation direction of each random bit on the preset number axis is a negative calculation direction, determining the calculation bit number of each random bit on the preset number axis as a negative calculation bit number. For example, as described above for the example of the standard password bits 8437, the first bit of the standard password is set to: the 2 nd bit of the random number is predicted 5 bits forward, and the predicted bit number of the second random bit on the predetermined number axis is determined to be a negative predicted bit, i.e., -2 ". For another example, the second bit cipher bits of the standard cipher are set to: the 1 st bit of the random number is backward predicted to be 3 bits, and the forward predicted bit number of the first random bit on the predetermined number axis can be determined to be a positive predicted bit number, i.e., "+ 3".
For another example, as described above with reference to the standard password bits 8437, after the server 32 receives the password to be verified, the server 32 may lock the random number "1369", and further, the server 32 may lock the calculated numbers "+ 3" (because the backward calculation is positive and the forward calculation is negative) corresponding to the first random bit "1" and the first random bit "1" in the random number "1369", and the calculated numbers "-5 (because the backward calculation is positive and the forward calculation is negative) corresponding to the second random bit" 3 "and the like, so that the calculated numbers and the random bits corresponding to the random bits can be obtained.
Next, the terminal 31 calculates each code bit of the standard code according to the authentication formula, and combines each code bit into the standard code. Wherein, the verification formula is as follows:
A(n)={RANDOM(n)+RULE(n)+10}%10
a (n) represents the nth password bit of the standard password, RANDOM (n) represents the random bit corresponding to the nth password bit, RULE (n) represents the dead reckoning number corresponding to the dead reckoning direction of the nth password bit, the dead reckoning range corresponding to the positive dead reckoning number comprises 0, 1, 2, 3, 4 and 5, the dead reckoning range corresponding to the negative dead reckoning number comprises-5, -4, -3, -2 and-1, and the percentage represents the modulus operation.
As described above for the example of standard password bits 8437, server 32 calculates the standard password as follows:
first digit cipher bit of standard cipher:
A(1)={RANDOM(1)+RULE(1)+10}%10
wherein, the first password bit of the standard password is set as: bit 2 of the RANDOM number advances 5 bits (forward is negative), however, the second bit of the RANDOM number "1369" is "3", hence RANDOM (1) is "3", RULE (1) is "-5", hence:
A(1)=(3-5+10)%10;
by modulo operation, a (1) ═ 8;
similarly, a (2) is 4, a (3) is 3, and a (4) is 7.
Finally, the server 32 determines an authentication result according to the password to be authenticated and the standard password, and if the password to be authenticated is the same as the standard password, it determines that the authentication is successful; and if the password to be verified is different from the standard password, determining that the verification fails.
In the verification process, if the random number is detected to be greater than the preset time, the server 32 regenerates the random number; and if the random number is detected to be smaller than the preset time, determining that the random number is effective. The valid random number can be used to verify the password, thus ensuring the password security of the verification process.
In some embodiments, as shown in fig. 4, the server 32 includes at least one processor 321; and a memory 322 communicatively coupled to the at least one processor 321; wherein the memory 322 stores instructions executable by the at least one processor 321, the instructions being executable by the at least one processor 321 to enable the at least one processor 321 to perform the password authentication method as described above.
Because the calculated digit of each random digit on the preset digit axis can be the same or different, and each random digit of the random numbers can be the same or different, when the password or the standard password to be verified is calculated, the password or the standard password to be verified is dynamically changed each time, and the calculation process is based on the preset digit axis, but the preset digit axis comprises a plurality of different preset values, so that illegal persons are difficult to decrypt, even if the illegal persons obtain different random numbers and passwords to be verified by other illegal means, the encryption logic can not be easily deduced, and therefore, the password verification method can improve the safety of information.
As another aspect of the embodiment of the present invention, the embodiment of the present invention provides a password authentication apparatus, as shown in fig. 5, the password authentication apparatus 500 includes an obtaining module 51, a first determining module 52, a calculating module 53, and a second determining module 54.
The obtaining module 51 obtains the password to be verified and sends a request to the first determining module 52, and the first determining module 52 determines each random bit of the random number and a dead reckoning number of each random bit on a preset number axis in response to the request of the obtaining module 51, where each random bit and the dead reckoning number are used to instruct the user to calculate the password to be verified. Specifically, each random bit and the dead reckoning bit are used for indicating the user to calculate the password to be verified, and the method includes: each random bit is used for instructing a user to determine a preset numerical value equal to each random bit on a preset numerical axis; the calculated digit is used for indicating a user to circularly calculate the corresponding password bit of the password to be verified on a preset digit axis by taking the preset numerical value as a starting point, the bit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the calculated digit minus a natural number.
In some embodiments, the predetermined number axis includes a number axis composed of a natural number N, where the natural number N is any one of 0 to 9, and the natural number N is a predetermined number.
In some embodiments, the estimated direction of the estimated number of bits includes at least a positive estimated direction and a negative estimated direction on a preset number axis. Further, as shown in fig. 6, the first determining module 52 includes a first determining unit 521, a first determining unit 522 and a second determining unit 523, where the first determining unit 521 is configured to determine an estimated direction of each random bit on a preset number axis; the first determining unit 522 is configured to determine the estimated position number of each random bit on the predetermined number axis as a positive estimated position number if the estimated position of each random bit on the predetermined number axis is a positive estimated direction; the second determining unit 523 is configured to determine that the estimated position number of each random bit on the preset number axis is a negative estimated position number if the estimated position of each random bit on the preset number axis is a negative estimated position number. For example, as described above for the example of the standard password bits 8437, the first bit of the standard password is set to: the 2 nd bit of the random number is predicted 5 bits forward, and the predicted bit number of the second random bit on the predetermined number axis is determined to be a negative predicted bit, i.e., -2 ". For another example, the second bit cipher bits of the standard cipher are set to: the 1 st bit of the random number is backward predicted to be 3 bits, and the forward predicted bit number of the first random bit on the predetermined number axis can be determined to be a positive predicted bit number, i.e., "+ 3".
The calculation module 53 calculates a standard password according to each random bit and the dead reckoning bit. Specifically, as shown in fig. 7, the calculating module 53 includes a calculating unit 531 and a combining unit 532, the calculating unit 531 calculates each code bit of the standard code according to the verification formula, and the combining unit 532 combines each code bit into the standard code. Wherein, the verification formula is as follows:
A(n)={RANDOM(n)+RULE(n)+10}%10
a (n) represents the nth password bit of the standard password, RANDOM (n) represents the random bit corresponding to the nth password bit, RULE (n) represents the dead reckoning number corresponding to the dead reckoning direction of the nth password bit, the dead reckoning range corresponding to the positive dead reckoning number comprises 0, 1, 2, 3, 4 and 5, the dead reckoning range corresponding to the negative dead reckoning number comprises-5, -4, -3, -2 and-1, and the percentage represents the modulus operation.
As with the example of standard password bits 8437 described above, the calculation module 53 calculates the standard password as follows:
first digit cipher bit of standard cipher:
A(1)={RANDOM(1)+RULE(1)+10}%10
wherein, the first password bit of the standard password is set as: bit 2 of the RANDOM number advances 5 bits (forward is negative), however, the second bit of the RANDOM number "1369" is "3", hence RANDOM (1) is "3", RULE (1) is "-5", hence:
A(1)=(3-5+10)%10;
by modulo operation, a (1) ═ 8;
similarly, a (2) is 4, a (3) is 3, and a (4) is 7.
The second determining module 54 determines the verification result according to the password to be verified and the standard password. Specifically, as shown in fig. 8, the second determining module 54 includes a second determining unit 541, a third determining unit 542 and a fourth determining unit 543. The second judging unit 541 is configured to judge whether the password to be verified is the same as the standard password; the third determining unit 542 is configured to determine that the verification is successful if the two are the same; the fourth determining unit 543 is configured to determine that the verification fails if the two are different.
In some embodiments, as shown in fig. 9, the password verification apparatus 500 further includes a generation module 55 and a third determination module 56, where the generation module 55 is configured to regenerate the random number when detecting that the random number is greater than the preset time. The third determining module 56 is configured to determine that the random number is valid when the random number is detected to be less than the preset time. The valid random number can be used to verify the password, thus ensuring the password security of the verification process.
Because the calculated digit of each random digit on the preset digit axis can be the same or different, and each random digit of the random numbers can be the same or different, when the password or the standard password to be verified is calculated, the password or the standard password to be verified is dynamically changed each time, and the calculation process is based on the preset digit axis, but the preset digit axis comprises a plurality of different preset values, so that illegal persons are difficult to decrypt, even if the illegal persons obtain different random numbers and passwords to be verified by other illegal means, the encryption logic can not be easily deduced, and therefore, the password verification method can improve the safety of information.
Through the above description of the embodiments, it is clear to those skilled in the art that the password authentication apparatus 500 may be implemented by software plus a general hardware platform, and may also be implemented by hardware. Moreover, since the concept of the password verification apparatus 500 is the same as that of the server implementing password verification described in the above embodiments, the contents of the above embodiments may be referred to by the embodiments of the password verification apparatus 500 without conflicting with each other, and are not described herein again.
As yet another aspect of the embodiment of the present invention, an embodiment of the present invention provides a password authentication method, as shown in fig. 10, where the password authentication method 600 includes:
step 61, obtaining a password to be verified;
step 62, determining each random bit of the random number and a dead reckoning number of each random bit on a preset number axis;
each random bit and the calculated digit are used for indicating a user to calculate a password to be verified; specifically, each random bit and the dead reckoning bit are used for indicating the user to calculate the password to be verified, and the method includes: each random bit is used for instructing a user to determine a preset numerical value equal to each random bit on a preset numerical axis; the calculated digit is used for indicating a user to circularly calculate the corresponding password bit of the password to be verified on a preset digit axis by taking the preset numerical value as a starting point, the bit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the calculated digit minus a natural number.
In some embodiments, the predetermined number axis includes a number axis composed of a natural number N, where the natural number N is any one of 0 to 9, and the natural number N is a predetermined number.
In some embodiments, the estimated direction of the estimated number of bits includes at least a positive estimated direction and a negative estimated direction on a preset number axis. Thus, as shown in FIG. 11, step 62 comprises:
step 621, judging the calculation direction of each random bit on the preset number axis;
step 622, if the dead reckoning direction of each random bit on the preset number axis is a positive dead reckoning direction, determining that the dead reckoning number of each random bit on the preset number axis is a positive dead reckoning number;
step 623, if the dead reckoning direction of each random bit on the preset number axis is a negative dead reckoning direction, determining that the dead reckoning number of each random bit on the preset number axis is a negative dead reckoning number.
As in the example above where the standard password bits 8437 correspond, the first password bit of the standard password is set to: the 2 nd bit of the random number is predicted 5 bits forward, and the predicted bit number of the second random bit on the predetermined number axis is determined to be a negative predicted bit, i.e., -2 ". For another example, the second bit cipher bits of the standard cipher are set to: the 1 st bit of the random number is backward predicted to be 3 bits, and the forward predicted bit number of the first random bit on the predetermined number axis can be determined to be a positive predicted bit number, i.e., "+ 3".
Step 63, calculating a standard password according to each random bit and the dead reckoning bit;
specifically, each password bit of the standard password is calculated according to the verification formula, and each password bit is combined into the standard password;
wherein the verification formula is:
A(n)={RANDOM(n)+RULE(n)+10}%10
a (n) represents the nth password bit of the standard password, RANDOM (n) represents the random bit corresponding to the nth password bit, RULE (n) represents the dead reckoning number corresponding to the dead reckoning direction of the nth password bit, the dead reckoning range corresponding to the positive dead reckoning number comprises 0, 1, 2, 3, 4 and 5, the dead reckoning range corresponding to the negative dead reckoning number comprises-5, -4, -3, -2 and-1, and the percentage represents the modulus operation.
As with the example of standard password bits 8437 described above, the calculation module 53 calculates the standard password as follows:
first digit cipher bit of standard cipher:
A(1)={RANDOM(1)+RULE(1)+10}%10
wherein, the first password bit of the standard password is set as: bit 2 of the RANDOM number advances 5 bits (forward is negative), however, the second bit of the RANDOM number "1369" is "3", hence RANDOM (1) is "3", RULE (1) is "-5", hence:
A(1)=(3-5+10)%10;
by modulo operation, a (1) ═ 8;
similarly, a (2) is 4, a (3) is 3, and a (4) is 7.
And step 64, determining an authentication result according to the password to be authenticated and the standard password.
Specifically, whether the password to be verified is the same as the standard password or not is judged, and if yes, verification is determined to be successful; and if not, determining that the verification fails.
Because the calculated digit of each random digit on the preset digit axis can be the same or different, and each random digit of the random numbers can be the same or different, when the password or the standard password to be verified is calculated, the password or the standard password to be verified is dynamically changed each time, and the calculation process is based on the preset digit axis, but the preset digit axis comprises a plurality of different preset values, so that illegal persons are difficult to decrypt, even if the illegal persons obtain different random numbers and passwords to be verified by other illegal means, the encryption logic can not be easily deduced, and therefore, the password verification method can improve the safety of information.
Through the above description of the embodiments, it is clear to those skilled in the art that the password authentication method can be implemented by software plus a general hardware platform, and of course, can also be implemented by hardware. Moreover, since the concept of the password authentication method is the same as that of the server or the password authentication apparatus described in the above embodiments to implement password authentication, the embodiments of the password authentication method may refer to the contents of the above embodiments without mutual conflict, and details are not described here.
In some embodiments, prior to performing step 62, the password authentication method 600 further comprises: when the random number is detected to be larger than the preset time, the random number is generated again; and when the random number is detected to be smaller than the preset time, determining the random number to be effective. The valid random number can be used to verify the password, thus ensuring the password security of the verification process.
As another aspect of the embodiment of the present invention, an electronic device is provided in the embodiment of the present invention, as shown in fig. 12, the electronic device 700 includes a storage medium 71 and a processor 72, and the processor 72 and the storage medium 71 may be connected by a bus or in another manner, and fig. 12 illustrates an example of connection by a bus. The storage medium, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the password authentication method in the embodiments of the present invention. The processor 72 executes various functional applications and data processing of the password authentication method, i.e., functions of the respective modules of the password authentication method of the above-described method embodiments, by executing nonvolatile software programs, instructions, and modules stored in the memory 71.
The storage medium 71 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the storage medium 71 optionally includes memory located remotely from the processor 72, and such remote memory may be connected to the processor 72 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 71 and, when executed by the one or more processors 72, perform the cryptographic authentication method in any of the method embodiments described above, e.g., perform the functions of the various steps described above.
Embodiments of the present invention also provide a non-transitory computer storage medium storing computer-executable instructions, which are executed by one or more processors, such as one of the processors 72 in fig. 12, to enable the one or more processors to perform the password authentication method in any of the above method embodiments, for example, to perform the password authentication method in any of the above method embodiments.
The above-described embodiments of the apparatus or device are merely illustrative, wherein the unit modules described as separate parts may or may not be physically separate, and the parts displayed as module units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network module units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the above technical solutions substantially or contributing to the related art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; within the idea of the invention, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A method of password authentication, comprising:
acquiring a password to be verified; determining each random bit of a random number and a calculated number of each random bit on a preset number axis, wherein each random bit and the calculated number are used for indicating a user to calculate the password to be verified;
calculating a standard password according to each random bit and the calculated digit;
determining an authentication result according to the password to be authenticated and the standard password;
each random bit and the dead reckoning bit are used for indicating a user to calculate the password to be verified, and the method comprises the following steps:
each random bit is used for instructing a user to determine a preset numerical value equal to each random bit on a preset numerical axis;
the calculated digit is used for indicating a user to circularly calculate the corresponding password bit of the password to be verified on a preset digit axis by taking the preset numerical value as a starting point, the digit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the digit obtained by subtracting a natural number from the calculated digit.
2. The method according to claim 1, wherein the preset number axis comprises a number axis consisting of a natural number N, wherein the natural number N is any one of 0 to 9, and the natural number N is a preset number.
3. The method according to claim 2, wherein the estimated direction of the estimated number includes a positive estimated direction and a negative estimated direction on the preset number axis.
4. The method of claim 3, wherein said determining a dead reckoning number of said each random bit on a predetermined number axis comprises:
judging the calculation direction of each random bit on a preset number axis;
if the calculation direction of each random bit on the preset number axis is a positive calculation direction, determining the calculation digit number of each random bit on the preset number axis as a positive calculation digit number;
and if the calculation direction of each random bit on the preset number axis is a negative calculation direction, determining that the calculation bit number of each random bit on the preset number axis is a negative calculation bit number.
5. The method of claim 4, wherein said calculating a standard password from each of said random bits and said dead reckoning bits comprises:
calculating each password bit of the standard password according to the verification formula;
combining each password bit into the standard password;
wherein the verification formula is:
A(n)={RANDOM(n)+RULE(n)+10}%10
a (n) represents the nth password bit of the standard password, RANDOM (n) represents the random bit corresponding to the nth password bit, RULE (n) represents the dead reckoning number corresponding to the dead reckoning direction of the nth password bit, the dead reckoning range corresponding to the positive dead reckoning number comprises 0, 1, 2, 3, 4 and 5, the dead reckoning range corresponding to the negative dead reckoning number comprises-5, -4, -3, -2 and-1, and the percentage represents the modulus operation.
6. The method of any of claims 1 to 5, wherein prior to determining the number of each random bit of the random number and the number of dead reckoning each random bit on the predetermined number axis, the method further comprises:
when the random number is detected to be larger than the preset time, the random number is generated again;
and when the random number is detected to be smaller than the preset time, determining that the random number is effective.
7. The method according to any one of claims 1 to 5, wherein the determining the authentication result according to the password to be authenticated and a standard password comprises:
judging whether the password to be verified is the same as the standard password or not;
if the verification result is the same, the verification is determined to be successful;
and if not, determining that the verification fails.
8. A password authentication apparatus, comprising:
the acquisition module is used for acquiring the password to be verified;
the first determining module is configured to determine each random bit of a random number and a dead reckoning number of the random bit on a preset number axis, where each random bit and the dead reckoning number are used to instruct a user to calculate the password to be verified, and the determining module specifically includes:
each random bit is used for instructing a user to determine a preset numerical value equal to each random bit on a preset numerical axis;
the calculated digit is used for indicating a user to circularly calculate a corresponding password bit of the password to be verified on a preset digit axis by taking the preset numerical value as a starting point, the digit value of the corresponding password bit on the preset digit axis extends along the calculation direction of the calculated digit, and the calculated digit is separated from the preset numerical value by the digit obtained by subtracting a natural number from the calculated digit;
the calculation module is used for calculating a standard password according to each random bit and the calculated digit;
and the second determining module is used for determining an authentication result according to the password to be authenticated and the standard password.
9. A server, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of password authentication of any of claims 1 to 7.
10. A communication system comprising a terminal and at least one server, said at least one server being in communication with the terminal;
the server includes:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of password authentication of any of claims 1 to 7.
CN201710265319.0A 2017-04-21 2017-04-21 Password verification method and device, server and communication system Active CN108737346B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710265319.0A CN108737346B (en) 2017-04-21 2017-04-21 Password verification method and device, server and communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710265319.0A CN108737346B (en) 2017-04-21 2017-04-21 Password verification method and device, server and communication system

Publications (2)

Publication Number Publication Date
CN108737346A CN108737346A (en) 2018-11-02
CN108737346B true CN108737346B (en) 2020-06-19

Family

ID=63933881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710265319.0A Active CN108737346B (en) 2017-04-21 2017-04-21 Password verification method and device, server and communication system

Country Status (1)

Country Link
CN (1) CN108737346B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030819A (en) * 2020-02-18 2020-04-17 深圳新融典科技有限公司 Authentication method, system, terminal and storage medium based on encryption and decryption algorithm

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11225140A (en) * 1998-02-05 1999-08-17 Nippon Telegr & Teleph Corp <Ntt> Data encryption device, decoder and its program recoding medium
CN1585936A (en) * 2002-09-12 2005-02-23 三菱电机株式会社 Authentication system, authentication device, terminal device, and authentication method
CN102202067A (en) * 2011-07-15 2011-09-28 席勇良 Dynamic random cipher registration method
CN104158665A (en) * 2014-08-25 2014-11-19 小米科技有限责任公司 Method and device of verification
CN106060027A (en) * 2016-05-25 2016-10-26 北京小米移动软件有限公司 Methods, devices, equipment and systems for verification based on verification codes

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11225140A (en) * 1998-02-05 1999-08-17 Nippon Telegr & Teleph Corp <Ntt> Data encryption device, decoder and its program recoding medium
CN1585936A (en) * 2002-09-12 2005-02-23 三菱电机株式会社 Authentication system, authentication device, terminal device, and authentication method
CN102202067A (en) * 2011-07-15 2011-09-28 席勇良 Dynamic random cipher registration method
CN104158665A (en) * 2014-08-25 2014-11-19 小米科技有限责任公司 Method and device of verification
CN106060027A (en) * 2016-05-25 2016-10-26 北京小米移动软件有限公司 Methods, devices, equipment and systems for verification based on verification codes

Also Published As

Publication number Publication date
CN108737346A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
US11637824B2 (en) Multi-factor authentication devices
US10447694B2 (en) Identity verification method and device
US9350728B2 (en) Method and system for generating and authorizing dynamic password
JP5613855B1 (en) User authentication system
CN106453205B (en) identity verification method and device
US11811777B2 (en) Multi-factor authentication using confidant verification of user identity
US10841315B2 (en) Enhanced security using wearable device with authentication system
US9600671B2 (en) Systems and methods for account recovery using a platform attestation credential
CN105045597B (en) A kind of JAVA card object reference method and device
CN110875819A (en) Password operation processing method, device and system
CN106973054A (en) A kind of operating system login authentication method and system based on credible platform
CN107391987B (en) Application protection method and device based on biological feature recognition and electronic equipment
CN108737346B (en) Password verification method and device, server and communication system
CN105095743B (en) Method and device for setting locking strategy and electronic equipment
CN110620781A (en) User registration login management system based on game platform
CN106850505A (en) A kind of verification method and device of cross-border business
US9659177B1 (en) Authentication token with controlled release of authentication information based on client attestation
CN106779717B (en) Payment authentication method and device
CN112580009A (en) Method and device for authenticating user identity in big data system and related products
WO2016112792A1 (en) Identity authentication method and device
CN112838927A (en) Big data network transmission protection method and device
CN111741115A (en) Service processing method, device and system and electronic equipment
CN109779411B (en) Block chain-based coded lock unlocking method, device and equipment
CN112714111B (en) Method, device and related product for multi-mode authentication of user identity in big data system
CN110912704A (en) Certificate loading method and related product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant