CN110611598B - Method, device and system for realizing challenge code - Google Patents
Method, device and system for realizing challenge code Download PDFInfo
- Publication number
- CN110611598B CN110611598B CN201910977912.7A CN201910977912A CN110611598B CN 110611598 B CN110611598 B CN 110611598B CN 201910977912 A CN201910977912 A CN 201910977912A CN 110611598 B CN110611598 B CN 110611598B
- Authority
- CN
- China
- Prior art keywords
- code
- random number
- ciphertext
- challenge code
- challenge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012795 verification Methods 0.000 claims abstract description 97
- 230000005540 biological transmission Effects 0.000 abstract description 7
- 230000008569 process Effects 0.000 description 8
- 238000012423 maintenance Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method for realizing a challenge code, which comprises the following steps: when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code; the local terminal receives the challenge code, and if the challenge code is reasonable, the request times of the challenge code in a preset time length, the machine code and the second random number are sent to the remote terminal; the remote terminal determines a first ciphertext according to the first ciphertext; sending the first ciphertext to a local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext; when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to a system background; and the system background carries out verification according to the verification code. In the method, the challenge code is received and the verification code is generated by the local terminal, so that the problem that the system background cannot be logged in due to errors possibly occurring in the transmission process is solved.
Description
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a method, an apparatus, and a system for implementing a challenge code.
Background
Different systems have a background for the operation and maintenance personnel to enter, and if a universal password which can enter the background exists, the background is not safe any more. On one hand, operation and maintenance personnel can freely enter and exit the background and are not controlled, and once a general password is leaked, non-operation and maintenance personnel can log in the background, so that information or core codes are possibly leaked.
To avoid leakage of information or core code, login is achieved through a challenge code, as long as the challenge code is generated by software or a system to be logged into a background, and then a verification code is generated through an additional internal system. If the verification is successful, the user can log in the background. According to different scenes, two terminals which receive the challenge code and are responsible for generating the verification code may be used, errors may occur in the transmission process, and the system background cannot be logged in.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, and a system for implementing a challenge code, which are used to solve the problem that in the prior art, two terminals may be used for receiving the challenge code and generating a verification code, and an error may occur during a transmission process, which may cause that a system background cannot be logged in, and the specific scheme is as follows:
a method for implementing a challenge code includes:
when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code;
the local terminal receives the challenge code and verifies the rationality of the challenge code;
if the challenge code is reasonable, the request times of the challenge code, the machine code and the second random number in a preset time length are sent to a remote terminal;
the remote terminal determines a first ciphertext according to the request times, the machine code and the second random number;
sending the first ciphertext to the local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext;
when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to the system background;
and the system background carries out verification according to the verification code.
Optionally, the method for verifying the rationality of the challenge code includes:
acquiring a machine code in the challenge code;
and comparing the machine code with a preset machine code format.
Optionally, in the method, determining, by the remote terminal, the first ciphertext according to the number of requests, the machine code, and the second random number includes:
determining the total number of requests according to the number of requests and the machine code;
comparing the total number of requests with a preset number threshold;
when the total number of the requests is less than or equal to a preset number threshold, the terminal encrypts the second random number, or;
and when the total number of the requests is greater than a preset number threshold, the terminal encrypts any random number.
In the foregoing method, optionally, the verification code generated according to the preset rule includes:
encrypting the machine code to obtain a second ciphertext;
acquiring current time and a third random number;
connecting the second ciphertext, the current time and the third random number, and then performing exclusive OR on the second ciphertext, the current time and the third random number to obtain an intermediate result;
and encrypting the intermediate result to obtain the verification code.
Optionally, in the method, the verifying by the system background according to the verification code includes:
decrypting the verification code to obtain a second plaintext;
carrying out XOR operation on the second plaintext and the first random number and then segmenting to obtain target time, a machine code ciphertext and a third random number;
judging whether the target time meets a preset duration, and if so, decrypting the machine code ciphertext to obtain a third plaintext;
logging in the system background when the third plain text is consistent with the machine code.
An apparatus for implementing a challenge code, comprising:
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending a challenge code when a system background receives a request login request, and the challenge code consists of a first random number and a machine code;
the receiving and verifying module is used for receiving the challenge code by the local terminal and verifying the rationality of the challenge code;
the second sending module is used for sending the request times of the challenge code, the machine code and the second random number to the remote terminal within a preset time length if the challenge code is reasonable;
the determining module is used for determining a first ciphertext by the remote terminal according to the request times, the machine code and the second random number;
the sending and decrypting module is used for sending the first ciphertext to the local terminal, and the local terminal decrypts the first ciphertext to obtain a first plaintext;
the third sending module is used for sending the verification code generated according to the preset rule to the system background by the local terminal when the first plaintext is the same as the second random number;
and the verification module is used for verifying the system background according to the verification code.
The above apparatus, optionally, the determining module includes:
the determining unit is used for determining the total number of requests according to the number of requests and the machine code;
the comparison unit is used for comparing the total request times with a preset time threshold;
the first encryption unit is used for encrypting the second random number by the terminal when the total number of requests is less than or equal to a preset number threshold value, or;
and the second encryption unit is used for encrypting any random number by the terminal when the total number of the requests is greater than a preset number threshold.
The above apparatus, optionally, the verification module includes:
the decryption unit is used for decrypting the verification code to obtain a second plaintext;
the dividing unit is used for carrying out XOR operation on the second plaintext and the first random number and then dividing the second plaintext into a target time, a machine code ciphertext and a third random number;
the judging and decrypting unit is used for judging whether the target time meets a preset duration, and if so, decrypting the machine code ciphertext to obtain a third plaintext;
and the login unit is used for logging in the system background when the third plain text is consistent with the machine code.
A system for implementing a challenge code, comprising: system backstage, local terminal and remote terminal, wherein:
the system background is used for receiving the login request, returning the challenge code and verifying the verification code;
the local terminal is used for verifying the validity of the challenge code, sending the request times of the challenge code within a preset time length, the machine code and the second random number to a remote terminal if the challenge code is reasonable, receiving a first ciphertext fed back by the remote terminal, decrypting the first ciphertext to obtain a first plaintext, and sending a verification code generated according to a preset rule to the system background by the local terminal when the first plaintext is the same as the second random number;
and the remote terminal is used for determining a first ciphertext according to the request times, the machine code and the second random number and sending the first ciphertext to the local terminal.
The above system, optionally, further includes: and the third-party terminal is used for sending the login request, receiving the challenge code, sending the challenge code to the local terminal, receiving the verification code, sending the verification code to the system background, and receiving a result returned by the system background.
Compared with the prior art, the invention has the following advantages:
the invention discloses a method for realizing a challenge code, which comprises the following steps: when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code; the local terminal receives the challenge code, and if the challenge code is reasonable, the request times of the challenge code in a preset time length, the machine code and the second random number are sent to the remote terminal; the remote terminal determines a first ciphertext according to the first ciphertext; sending the first ciphertext to a local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext; when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to a system background; and the system background carries out verification according to the verification code. In the method, the challenge code is received and the verification code is generated by the local terminal, so that the problem that the system background cannot be logged in due to errors possibly occurring in the transmission process is solved.
Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block diagram of a system for implementing a challenge code according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a method for implementing a challenge code according to an embodiment of the present disclosure;
FIG. 3 is a flowchart illustrating execution of a system background as disclosed in an embodiment of the present application;
fig. 4 is an execution flowchart of a local terminal disclosed in the embodiment of the present application;
fig. 5 is an execution flowchart of a remote terminal disclosed in an embodiment of the present application;
fig. 6 is a block diagram of an apparatus for implementing a challenge code according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention discloses a method, a device and a system for realizing a challenge code, which are applied to the process of logging in a system background by operation and maintenance personnel. If the verification is successful, the user can log in the background. According to different scenes, two persons may be used for transmitting the challenge code and generating the verification code, and errors may occur in the transmission process, so that the system background cannot be logged in. Based on the problems, the invention provides a challenge code implementation system, through a design of separately generating a verification code, the complicated steps of inputting the challenge code in a background of a system each time logging in can be reduced, and only the local terminal and the remote terminal are required to be ensured to keep a smooth link. Meanwhile, homomorphic encryption is utilized, the times of generating the verification code by a certain machine are recorded, the information leakage is avoided, and the frequency of generating the verification code is controlled. The structural block diagram of the implementation system is shown in fig. 1, and the system background 101, the local terminal 102 and the remote terminal 103 are shown, where the local terminal 102 may be a computer used by an operation and maintenance worker on site, and the far-field terminal may be a computer inside a company. Wherein:
the system background 101 is used for receiving a login request, returning a challenge code and verifying the verification code;
the local terminal 102 is configured to verify the validity of the challenge code, send the number of times of request of the challenge code within a preset time duration, the machine code, and the second random number to a remote terminal if the challenge code is reasonable, receive a first ciphertext fed back by the remote terminal, decrypt the first ciphertext to obtain a first plaintext, and send a verification code generated according to a preset rule to the system background when the first plaintext is the same as the second random number;
the remote terminal 103 is configured to determine a first ciphertext according to the request number, the machine code, and the second random number, and send the first ciphertext to the local terminal.
In the embodiment of the present invention, the implementation system further includes: and the third-party terminal 104, wherein the third-party terminal 104 is configured to send the login request, receive the challenge code, send the challenge code to the local terminal, receive the verification code, send the verification code to the system background, and receive a result returned by the system background.
Based on the above system, an embodiment of the present invention provides a method for implementing a challenge code, where an execution flow of the method is shown in fig. 2, and the method includes the steps of:
s201, when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code;
in the embodiment of the present invention, the system background 101 is a background of a system that needs to be logged in currently, where the system includes a machine, and when a login request is detected, the system background 101 sends a challenge code, where the challenge code is composed of a first random number and a machine code, and the machine code refers to a unique code of the machine in the system, and may be the last three bits of a MAC address of a first network card or other character strings with unique identifiers.
S202, the local terminal receives the challenge code and verifies the rationality of the challenge code;
in the embodiment of the present invention, according to the implementation system, the challenge code may be directly sent to the local terminal by the system background 101, or the challenge code may be sent to the third-party terminal 104 first, and then sent to the local terminal 102 by the third-party terminal 104, so that the local terminal 102 may receive the challenge code sent from the system background 101, or may receive the challenge code sent from the third-party terminal 104. And when the local terminal 102 receives the challenge code, acquiring a machine code in the challenge code, and comparing the machine code with a preset machine code format. The length of the machine code is known, the position of the machine code is fixed, the machine code is directly obtained from the fixed position, the machine code is compared with a preset machine code format, whether the two formats are the same or not is judged, and the preset machine code format is preset.
S203, if the challenge code is reasonable, sending the request times of the challenge code, the machine code and the second random number to a remote terminal within a preset time length;
in this embodiment of the present invention, when the format of the machine code is the same as that of the preset machine code, the local terminal 102 generates a second random number, obtains the number of times of requesting the challenge code within a preset time period, and sends the number of times of requesting, the machine code, and the second random number to the remote terminal 103.
S204, the remote terminal determines a first ciphertext according to the request times, the machine code and the second random number;
in this embodiment of the present invention, the remote terminal 103 obtains, according to the machine code, a historical calculation number in a database corresponding to the machine code, adds the historical calculation number to the request number to obtain a total request number, and compares the total request number with the preset number threshold, where the preset number threshold may be set according to experience or specific conditions.
S205, sending the first ciphertext to the local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext;
in this embodiment of the present invention, the remote terminal 103 sends the first ciphertext to the local terminal 102, and the local terminal 102 decrypts the first ciphertext by using an SM2 method to obtain a first plaintext, and compares the first plaintext with the second random number.
S206, when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to the system background;
in this embodiment of the present invention, when the first plaintext is the same as the second random number, the local terminal 102 sends the verification code generated according to the preset rule to the system background 101, where a process of generating the verification code according to the preset rule includes:
s11, encrypting the machine code to obtain a second ciphertext;
in the embodiment of the invention, the SM2 and the corresponding private key are used for encrypting the machine code to obtain a second ciphertext.
S12, acquiring the current time and a third random number;
in the embodiment of the present invention, the current time and a third random number generated by the local terminal 102 are obtained, where the third random number is used to avoid that a generated verification code contains confusable characters.
S13, connecting the second ciphertext, the current time and the third random number, and then performing exclusive OR on the second ciphertext, the current time and the third random number to obtain an intermediate result;
in the embodiment of the invention, the second ciphertext, the current time and the third random number are connected and then subjected to exclusive OR operation with the first random number to obtain an intermediate result.
S14, encrypting the intermediate result to obtain the verification code.
In the embodiment of the invention, the intermediate result is encrypted by adopting a cryptographic symmetric algorithm SM4 to obtain the verification code.
Further, the verification code is checked, whether the verification code contains characters which are easy to confuse is judged, if yes, the third random number is obtained again, and the verification code is generated again according to the new third random number.
And when the first plaintext is different from the second random number, returning an error code for prompting.
And S207, the system background carries out verification according to the verification code.
In the embodiment of the present invention, the system background 101 receives the verification code, verifies the verification code, logs in the system background 101 when the verification passes, and otherwise, refuses to log in the system background 101 when the verification fails. The verification process is as follows:
s21, decrypting the verification code to obtain a second plaintext;
in the embodiment of the invention, the SM4 algorithm is adopted to decrypt the verification code to obtain a second plaintext.
S22, performing XOR operation on the second plaintext and the first random number, and then segmenting to obtain target time, a machine code ciphertext and a third random number;
in the embodiment of the invention, the second plaintext and the first random number are subjected to XOR and then divided, and the positions and the lengths of the time and the random number in the obtained XOR result are known, so that the time and the random number are directly divided according to the corresponding lengths to obtain the target time, the machine code ciphertext and the third random number.
S23, judging whether the target time meets a preset duration, and if so, decrypting the machine code ciphertext to obtain a third plaintext;
in the embodiment of the invention, whether the target plaintext meets the preset duration is judged, if so, the machine code ciphertext is decrypted to obtain a third plaintext, and if not, error information is returned.
And S24, logging in the system background when the third plain text is consistent with the machine code.
The invention discloses a method for realizing a challenge code, which comprises the following steps: when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code; the local terminal receives the challenge code, and if the challenge code is reasonable, the request times of the challenge code in a preset time length, the machine code and the second random number are sent to the remote terminal; the remote terminal determines a first ciphertext according to the first ciphertext; sending the first ciphertext to a local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext; when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to a system background; and the system background carries out verification according to the verification code. In the method, the challenge code is received and the verification code is generated by the local terminal, so that the problem that the system background cannot be logged in due to errors possibly occurring in the transmission process is solved.
In the embodiment of the present invention, the method is described in terms of the system background 101, the local terminal 102 and the remote terminal 103, respectively, and for the system background, as shown in fig. 3,
s31, the system background 101 deploys a program for generating a challenge code and a verification code, a program public key 1 and a challenge code private key. A second random number and machine code can be generated. Upon receipt of the login request, a challenge code is generated.
S32, after receiving the verification code, decrypting to obtain a second plaintext m, and performing XOR operation with the first random number b to obtain t1| Cm | r1, | wherein t1| Cm | r1 represents connecting each binary representation
If t1 is 001 and Cm is 111, then t1| Cm is 001111.
And S33, dividing the data according to the preset digit, and comparing the obtained target time t1 with the current machine time if the target time t1 is less than one hour, wherein the target time t is considered reasonable. Otherwise an error is returned.
And S34, decrypting Cm by using the challenge code private key, judging whether the Cm is consistent with the machine code, logging in a system background if the Cm is consistent with the machine code, and returning an error if the Cm is inconsistent with the machine code.
As shown in fig. 4, the local terminal includes:
s41, the local terminal is provided with a verification challenge code and a program for generating the verification code, a challenge code private key, a program private key 1, a program private key 2 and a remote terminal public key.
And S42, keeping the heartbeat with the corresponding program of the remote terminal when the verification code program runs.
And S43, recording the times of the corresponding machine codes after the challenge codes are received, and verifying the legality of the challenge codes. If not, directly returning an error code.
S44, if legal, encrypting the machine code
S45, obtaining the current time t1, the binary 000000001101111111111111XOR t1| Cm | r1 of the first random number b is V, for example:
101010 0010110100 11001
ciphertext third random number of target time t 1M (for ensuring the result ciphertext has no confusing characters)
And S46, encrypting V to obtain V.
S47, and then communicating with the remote terminal, sending a random number r2, homomorphic encrypted ciphertext c, machine code M.
And S48, waiting for the return result of the remote terminal. If the returned data is equal to the random number r2 sent before after decryption, the verification code is output, and if not, the error code is returned.
For a remote terminal, as shown in fig. 5, the method includes:
and S51, the remote terminal deploys a program for recording the calculation times, a private key of the remote terminal, a private key 2 of the program and a private key of the challenge code.
S52, when the verification code program runs, the heartbeat test is kept with the verification code program.
S53, when the random number r2 is received, the machine code M checks whether the corresponding verification code program and the machine code have bad records, that is, the verification code is frequently generated in the previous period.
And S54, if not, directly adding the calculated times c and the times corresponding to M in the database.
And S55, if yes, taking out the times in the database and the received times for statistics, and if the times exceed a threshold value, returning error data.
And S56, if not, returning the correct r2 ciphertext, and regularly clearing the data.
The embodiment of the invention adds a homomorphic encryption process, so that the times of generating the verification code exist in the database in a ciphertext form, the addition can be directly carried out on the ciphertext, the addition is carried out without decryption under a reliable condition, and then the encryption is carried out for storage. Further, the program for producing the verification code can be deployed on the local terminal, and the operation is reduced, so that an additional remote terminal does not need to be logged in to process the challenge code. And the same person can handle the communication, so that errors in communication are reduced.
Based on the foregoing implementation method, in the embodiment of the present invention, an implementation apparatus for a challenge code is further provided, and a structural block diagram of the implementation apparatus is shown in fig. 6, where the implementation apparatus includes:
a first transmitting module 301, a receiving and verifying module 302, a second transmitting module 303, a determining module 304, a transmitting and decrypting module 305, a third transmitting module 306 and a verifying module 307.
Wherein,
the first sending module 301 is configured to send a challenge code when a system background receives a request for login, where the challenge code is composed of a first random number and a machine code;
the receiving and verifying module 302 is configured to receive the challenge code and verify the rationality of the challenge code by the local terminal;
the second sending module 303 is configured to send the number of times of requesting the challenge code, the machine code, and the second random number to the remote terminal within a preset time period if the challenge code is reasonable;
the determining module 304, configured to determine, by the remote terminal, a first ciphertext according to the number of requests, the machine code, and the second random number;
the sending and decrypting module 305 is configured to send the first ciphertext to the local terminal, and the local terminal decrypts the first ciphertext to obtain a first plaintext;
the third sending module 306 is configured to, when the first plaintext is the same as the second random number, send, by the local terminal, an authentication code generated according to a preset rule to the system background;
the verification module 307 is configured to perform verification by the system background according to the verification code.
The invention discloses a device for realizing challenge code, comprising: when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code; the local terminal receives the challenge code, and if the challenge code is reasonable, the request times of the challenge code in a preset time length, the machine code and the second random number are sent to the remote terminal; the remote terminal determines a first ciphertext according to the first ciphertext; sending the first ciphertext to a local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext; when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to a system background; and the system background carries out verification according to the verification code. In the device, the challenge code is received and the verification code is generated by the local terminal, so that the problem that the system background cannot be logged in due to errors possibly occurring in the transmission process is solved.
In this embodiment of the present invention, the determining module 304 includes:
a determination unit 308, a comparison unit 309, a first encryption unit 310 and a second encryption unit 311.
Wherein,
the determining unit 308 is configured to determine the total number of requests according to the number of requests and the machine code;
the comparing unit 309 is configured to compare the total number of requests with a preset number threshold;
the first encrypting unit 310 is configured to, when the total number of requests is less than or equal to a preset number threshold, encrypt the second random number by the terminal, or;
the second encrypting unit 311 is configured to, when the total number of requests is greater than a preset number threshold, encrypt any random number by the terminal.
In this embodiment of the present invention, the verification module 307 includes:
decryption unit 312, segmentation unit 313, judgment and decryption unit 314, and login unit 315.
Wherein,
the decryption unit 312 is configured to decrypt the verification code to obtain a second plaintext;
the dividing unit 313 is configured to perform an exclusive or operation on the second plaintext and the first random number and then divide the second plaintext and the first random number to obtain a target time, a machine code ciphertext, and a third random number;
the judging and decrypting unit 314 is configured to judge whether the target time meets a preset duration, and if so, decrypt the machine code ciphertext to obtain a third plaintext;
the login unit 315 is configured to log in the system background when the third plaintext is consistent with the machine code.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the units may be implemented in the same software and/or hardware or in a plurality of software and/or hardware when implementing the invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The method, the device and the system for implementing the challenge code provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation mode of the invention, and the description of the above embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A method for implementing a challenge code, comprising:
when a system background receives a request login request, a challenge code is sent, wherein the challenge code consists of a first random number and a machine code;
the local terminal receives the challenge code and verifies the rationality of the challenge code;
if the challenge code is reasonable, the request times of the challenge code, the machine code and the second random number in a preset time length are sent to a remote terminal;
the remote terminal determines a first ciphertext according to the request times, the machine code and the second random number;
sending the first ciphertext to the local terminal, and decrypting the first ciphertext by the local terminal to obtain a first plaintext;
when the first plaintext is the same as the second random number, the local terminal sends a verification code generated according to a preset rule to the system background;
and the system background carries out verification according to the verification code.
2. The method of claim 1, wherein verifying the validity of the challenge code comprises:
acquiring a machine code in the challenge code;
and comparing the machine code with a preset machine code format.
3. The method of claim 1, wherein the remote terminal determining a first ciphertext from the number of requests, the machine code, and the second random number comprises:
determining the total number of requests according to the number of requests and the machine code;
comparing the total number of requests with a preset number threshold;
when the total number of the requests is less than or equal to a preset number threshold, the terminal encrypts the second random number;
and when the total number of the requests is greater than a preset number threshold, the terminal encrypts any random number.
4. The method of claim 1, wherein the verification code generated according to the predetermined rule comprises:
encrypting the machine code to obtain a second ciphertext;
acquiring current time and a third random number;
connecting the second ciphertext, the current time and the third random number, and then performing exclusive OR on the second ciphertext, the current time and the third random number to obtain an intermediate result;
and encrypting the intermediate result to obtain the verification code.
5. The method of claim 1, wherein the system backend performs the verification according to the verification code, comprising:
decrypting the verification code to obtain a second plaintext;
carrying out XOR operation on the second plaintext and the first random number and then segmenting to obtain target time, a machine code ciphertext and a third random number;
judging whether the target time meets a preset duration, and if so, decrypting the machine code ciphertext to obtain a third plaintext;
logging in the system background when the third plain text is consistent with the machine code.
6. An apparatus for implementing a challenge code, comprising:
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending a challenge code when a system background receives a request login request, and the challenge code consists of a first random number and a machine code;
the receiving and verifying module is used for receiving the challenge code by the local terminal and verifying the rationality of the challenge code;
the second sending module is used for sending the request times of the challenge code, the machine code and the second random number to the remote terminal within a preset time length if the challenge code is reasonable;
the determining module is used for determining a first ciphertext by the remote terminal according to the request times, the machine code and the second random number;
the sending and decrypting module is used for sending the first ciphertext to the local terminal, and the local terminal decrypts the first ciphertext to obtain a first plaintext;
the third sending module is used for sending the verification code generated according to the preset rule to the system background by the local terminal when the first plaintext is the same as the second random number;
and the verification module is used for verifying the system background according to the verification code.
7. The apparatus of claim 6, wherein the determining module comprises:
the determining unit is used for determining the total number of requests according to the number of requests and the machine code;
the comparison unit is used for comparing the total request times with a preset time threshold;
the first encryption unit is used for encrypting the second random number by the terminal when the total number of requests is less than or equal to a preset number threshold;
and the second encryption unit is used for encrypting any random number by the terminal when the total number of the requests is greater than a preset number threshold.
8. The apparatus of claim 6, wherein the verification module comprises:
the decryption unit is used for decrypting the verification code to obtain a second plaintext;
the dividing unit is used for carrying out XOR operation on the second plaintext and the first random number and then dividing the second plaintext into a target time, a machine code ciphertext and a third random number;
the judging and decrypting unit is used for judging whether the target time meets a preset duration, and if so, decrypting the machine code ciphertext to obtain a third plaintext;
and the login unit is used for logging in the system background when the third plain text is consistent with the machine code.
9. A system for implementing a challenge code, comprising: system backstage, local terminal and remote terminal, wherein:
the system background is used for receiving a login request, returning a challenge code and verifying a verification code, wherein the challenge code consists of a first random number and a machine code;
the local terminal is used for verifying the validity of the challenge code, sending the request times of the challenge code within a preset time length, the machine code and the second random number to a remote terminal if the challenge code is reasonable, receiving a first ciphertext fed back by the remote terminal, decrypting the first ciphertext to obtain a first plaintext, and sending a verification code generated according to a preset rule to the system background by the local terminal when the first plaintext is the same as the second random number;
and the remote terminal is used for determining a first ciphertext according to the request times, the machine code and the second random number and sending the first ciphertext to the local terminal.
10. The system of claim 9, further comprising: and the third-party terminal is used for sending the login request, receiving the challenge code, sending the challenge code to the local terminal, receiving the verification code, sending the verification code to the system background, and receiving a result returned by the system background.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910977912.7A CN110611598B (en) | 2019-10-15 | 2019-10-15 | Method, device and system for realizing challenge code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910977912.7A CN110611598B (en) | 2019-10-15 | 2019-10-15 | Method, device and system for realizing challenge code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110611598A CN110611598A (en) | 2019-12-24 |
| CN110611598B true CN110611598B (en) | 2022-03-18 |
Family
ID=68894593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910977912.7A Active CN110611598B (en) | 2019-10-15 | 2019-10-15 | Method, device and system for realizing challenge code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110611598B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112101304B (en) * | 2020-11-06 | 2021-03-23 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| WO2014040436A1 (en) * | 2012-09-13 | 2014-03-20 | 天地融科技股份有限公司 | Authorization token, operation token, and method and system for remotely authorizing dynamic password token |
| CN106412862A (en) * | 2016-10-13 | 2017-02-15 | 上海众人网络安全技术有限公司 | Short message reinforcement method, apparatus and system |
| CN109039990A (en) * | 2017-06-08 | 2018-12-18 | 腾讯科技(深圳)有限公司 | The method and device of behavior verifying is carried out based on identifying code |
-
2019
- 2019-10-15 CN CN201910977912.7A patent/CN110611598B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| WO2014040436A1 (en) * | 2012-09-13 | 2014-03-20 | 天地融科技股份有限公司 | Authorization token, operation token, and method and system for remotely authorizing dynamic password token |
| CN106412862A (en) * | 2016-10-13 | 2017-02-15 | 上海众人网络安全技术有限公司 | Short message reinforcement method, apparatus and system |
| CN109039990A (en) * | 2017-06-08 | 2018-12-18 | 腾讯科技(深圳)有限公司 | The method and device of behavior verifying is carried out based on identifying code |
Non-Patent Citations (1)
| Title |
|---|
| 基于加密短信验证码的移动安全支付解决方案;李赛 等;《计算机应用》;20170810;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110611598A (en) | 2019-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111435913B (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
| CN109150541B (en) | Authentication system and working method thereof | |
| US10009343B2 (en) | Method, apparatus, and system for authenticating fully homomorphic message | |
| CN108833361B (en) | Identity authentication method and device based on virtual account | |
| CN104836784B (en) | A kind of information processing method, client and server | |
| CN102026195A (en) | One-time password (OTP) based mobile terminal identity authentication method and system | |
| US8122487B2 (en) | Method and apparatus for checking proximity between devices using hash chain | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| CN109190343B (en) | Identity verification safety authentication system based on fingerprint identification | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN110611598B (en) | Method, device and system for realizing challenge code | |
| CN109302286B (en) | Fido equipment key index generation method | |
| CN112039663B (en) | Data transmission method and system | |
| CN120456013A (en) | Vehicle-mounted network security authentication method and system | |
| CN112927078A (en) | Block chain financial big data analysis processing system and method and transaction platform system | |
| CN116684870B (en) | Access authentication method, device and system of electric power 5G terminal | |
| CN111212050B (en) | Method and system for encrypting and transmitting data based on digital certificate | |
| CN111669380B (en) | Secret-free login method based on operation and maintenance audit system | |
| CN113792314A (en) | A security access method, device and system | |
| US10305898B1 (en) | System and method to improve message security | |
| US20240333478A1 (en) | Quantum-resistant cryptosystem and electronic device included in the same | |
| KR102894549B1 (en) | Remote terminal unit that can encrypt data and transmit it to the central server through linking with an iot communication modem equipped with a true random number generator and the operating method thereof | |
| CN116527369B (en) | Device login verification method, device, and electronic device | |
| CN115276991B (en) | Secure chip dynamic key generation method, secure chip device, equipment and medium | |
| CN120614203A (en) | Identity credential verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |