Authentication method, device and medium based on dynamic password

文档序号：1965864 发布日期：2021-12-14 浏览：17次中文

阅读说明：本技术 一种基于动态口令的认证方法、装置及介质 (Authentication method, device and medium based on dynamic password ) 是由史书伟于 2021-09-16 设计创作，主要内容包括：本申请公开了一种基于动态口令的认证方法,该方法包括：与应用服务器建立连接后采集生物特征信息；在确认生物特征信息与预设生物特征信息一致后生成动态口令；将动态口令发送至应用服务器,以便应用服务器将动态口令发送至认证服务器进行认证。硬件令牌与应用服务器建立连接后,硬件令牌确认采集的生物特征信息与预设特征信息一致后生成动态口令,即使硬件令牌被他人盗取,在使用时还需通过生物特征信息的验证才能生成动态口令,有效提高了动态口令认证方式的安全性。此外,本申请还公开了一种基于动态口令的认证装置及介质与上述方法相对应,具体效果如上。(The application discloses an authentication method based on a dynamic password, which comprises the following steps: acquiring biological characteristic information after establishing connection with an application server; generating a dynamic password after confirming that the biological characteristic information is consistent with the preset biological characteristic information; and sending the dynamic password to the application server so that the application server sends the dynamic password to the authentication server for authentication. After the hardware token is connected with the application server, the hardware token generates a dynamic password after confirming that the acquired biological characteristic information is consistent with the preset characteristic information, and even if the hardware token is stolen by others, the dynamic password can be generated only by verifying the biological characteristic information during use, so that the safety of a dynamic password authentication mode is effectively improved. In addition, the application also discloses an authentication device and a medium based on the dynamic password, which correspond to the method, and have the specific effects as above.)

1. An authentication apparatus based on a dynamic password, comprising:

the hardware token is provided with a collection window and is used for collecting biological characteristic information;

the hardware token is connected with the application server and used for generating a dynamic password after confirming that the biological characteristic information is consistent with preset biological characteristic information and sending the dynamic password to the application server so that the application server can send the dynamic password to an authentication server for authentication.

2. The dynamic password-based authentication device of claim 1, wherein the hardware token further comprises a USB plug for establishing a connection with the application server.

3. A dynamic password-based authentication method applied to the dynamic password-based authentication apparatus of claim 1 or 2, comprising:

acquiring biological characteristic information after establishing connection with an application server;

judging whether the biological characteristic information is consistent with preset biological characteristic information or not;

if yes, generating a dynamic password; and sending the dynamic password to the application server so that the application server can send the dynamic password to an authentication server for authentication.

4. The dynamic password-based authentication method according to claim 3, wherein said generating a dynamic password comprises:

acquiring an attribute value and current time;

and generating a dynamic password by an SM3 algorithm according to the attribute value and the current time.

5. The dynamic password-based authentication method of claim 4, wherein the generating a dynamic password comprises:

acquiring the attribute value and the current authentication times;

and generating a dynamic password by the SM3 algorithm according to the attribute value and the current authentication times.

6. An authentication method based on dynamic password, which is applied to an application server, comprises the following steps:

establishing a connection with a hardware token; the hardware token is provided with an acquisition window for acquiring biological characteristic information;

after the hardware token confirms that the biological characteristic information is consistent with preset biological characteristic information, acquiring a dynamic password generated by the hardware token;

and sending the dynamic password to an authentication server so that the authentication server can authenticate the dynamic password.

7. An authentication method based on dynamic password, which is applied to an authentication server, comprises the following steps:

acquiring a dynamic password sent by an application server;

authenticating the dynamic password; the dynamic password is generated by the hardware token after confirming that the biological characteristic information is consistent with the preset biological characteristic information; the hardware token is provided with a collection window for collecting the biological characteristic information.

8. An authentication apparatus based on a dynamic password, comprising:

the acquisition module is used for acquiring the biological characteristic information after establishing connection with the application server;

the judging module is used for judging whether the biological characteristic information is consistent with preset biological characteristic information or not;

the sending module is used for generating a dynamic password after the biological characteristic information is consistent with preset biological characteristic information; and sending the dynamic password to an application server so that the application server can send the dynamic password to an authentication server for authentication.

9. An authentication apparatus based on a dynamic password, comprising a memory for storing a computer program; a processor for implementing the steps of the dynamic password based authentication method as claimed in any of claims 3 to 7 when executing said computer program.

10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the dynamic password-based authentication method according to any one of claims 3 to 7.

Technical Field

The present application relates to the field of authentication technologies, and in particular, to an authentication method, an authentication device, and an authentication medium based on a dynamic password.

Background

As one of the identity authentication techniques, dynamic passwords are widely used in the application fields of online banking, online games, telecom operators, e-commerce, enterprises, and the like. Dynamic passwords are unpredictable combinations of random numbers generated according to a particular algorithm, and each dynamic password can only be used once. The dynamic password token is a terminal device used for generating a dynamic password, is also called a dynamic token, and has two forms of a hardware token and a software token.

The feature that each dynamic password can only be used once is very safe, and for hardware generating the dynamic password, such as a hardware token, because the authentication end cannot identify the identity of a user of the hardware token, once the hardware token is stolen, potential safety hazards exist.

Therefore, it is an urgent problem to be solved by those skilled in the art to improve the security of the dynamic password authentication method.

Disclosure of Invention

The application aims to provide an authentication method, an authentication device and a computer readable storage medium based on a dynamic password, which are used for improving the security of dynamic password authentication.

In order to solve the above technical problem, the present application provides an authentication device based on a dynamic password, including:

the hardware token is provided with a collection window and is used for collecting biological characteristic information;

Preferably, the hardware token further comprises a USB plug, and the USB plug is used for establishing a connection with the application server.

The application also provides an authentication method based on the dynamic password, which is applied to the authentication device based on the dynamic password and comprises the following steps:

acquiring biological characteristic information after establishing connection with an application server;

judging whether the biological characteristic information is consistent with preset biological characteristic information or not;

Preferably, the generating the dynamic password includes:

acquiring an attribute value and current time;

and generating a dynamic password by an SM3 algorithm according to the attribute value and the current time.

Preferably, the generating the dynamic password includes:

acquiring the attribute value and the current authentication times;

and generating a dynamic password by the SM3 algorithm according to the attribute value and the current authentication times.

The application also provides an authentication method based on the dynamic password, which is applied to an application server and comprises the following steps:

establishing a connection with a hardware token; the hardware token is provided with an acquisition window for acquiring biological characteristic information;

and sending the dynamic password to an authentication server so that the authentication server can authenticate the dynamic password.

The application also provides an authentication method based on the dynamic password, which is applied to an authentication server and comprises the following steps:

acquiring a dynamic password sent by an application server;

The present application further provides an authentication device based on a dynamic password, comprising:

the acquisition module is used for acquiring the biological characteristic information after establishing connection with the application server;

the judging module is used for judging whether the biological characteristic information is consistent with preset biological characteristic information or not;

The application also provides an authentication device based on the dynamic password, which comprises a memory, a storage unit and a password processing unit, wherein the memory is used for storing a computer program; a processor for implementing the steps of the dynamic password based authentication method when executing the computer program.

The present application further provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the dynamic password based authentication method.

The application provides an authentication method based on a dynamic password, which comprises the following steps: acquiring biological characteristic information after establishing connection with an application server; generating a dynamic password after confirming that the biological characteristic information is consistent with the preset biological characteristic information; and sending the dynamic password to the application server so that the application server sends the dynamic password to the authentication server for authentication. After the hardware token is connected with the application server, the hardware token generates a dynamic password after confirming that the acquired biological characteristic information is consistent with the preset characteristic information, and even if the hardware token is stolen by others, the dynamic password can be generated only by verifying the biological characteristic information during use, so that the safety of a dynamic password authentication mode is effectively improved.

In addition, the authentication device and the authentication medium based on the dynamic password correspond to the method, and the specific effects are as above.

Drawings

In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.

Fig. 1 is a flowchart of an authentication method based on a dynamic password according to an embodiment of the present disclosure;

fig. 2 is a schematic diagram of a hardware token, an application server and an application scenario of an authentication server according to an embodiment of the present disclosure;

fig. 3 is a structural diagram of an authentication apparatus based on a dynamic password according to an embodiment of the present application;

fig. 4 is a structural diagram of another authentication apparatus based on a dynamic password according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.

The core of the application is to provide an authentication method and device based on a dynamic password and a computer readable storage medium.

To facilitate an understanding of the present application, a few concepts of the present application will be described first.

Dynamic password: an unpredictable random number combination is generated according to a special algorithm, each password can be used only once, and the method is widely applied to the application fields of online banking, online games, telecom operators, electronic commerce, enterprises and the like.

And (3) a national secret algorithm: the national cryptographic algorithm is a set of data encryption processing series algorithm independently developed and innovated in China. And the SM1-SM4 respectively realize the algorithm functions of symmetry, asymmetry, abstract and the like. The method is particularly suitable for being applied to related fields such as embedded internet of things and the like to complete functions such as identity authentication, data encryption and decryption and the like.

SM3 algorithm: the SM3 hash algorithm is a cipher hash algorithm independently designed in China, is suitable for generation and verification of digital signature and verification message authentication codes and generation of random numbers in commercial cipher application, and can meet the safety requirements of various cipher applications.

Pluggable Authentication Modules (PAM): is an authentication mechanism. The method separates the service provided by the system and the authentication mode of the service by providing a plurality of dynamic link libraries and a set of uniform Application Programming Interfaces (API), so that a system administrator can flexibly configure different authentication modes for different services according to needs without changing service programs, and simultaneously, a new authentication means is conveniently added into the system.

In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.

The authentication device based on dynamic password that this application embodiment provided, authentication device includes: the system comprises a hardware token, an application server and an authentication server; the hardware token is provided with an acquisition window for acquiring biological characteristic information; the hardware token is connected with the application server, generates a dynamic password after confirming that the biological characteristic information is consistent with the preset biological characteristic information, and sends the dynamic password to the application server, so that the application server sends the dynamic password to the authentication server for authentication.

The hardware token in the embodiment of the present application includes an acquisition window, which is used to acquire biometric information, where the biometric information may be a fingerprint, a human face, a palm print, and the like, and the embodiment of the present application is not limited specifically. The hardware token is connected with the application server, and the connection mode may be a wired connection, a wireless connection, a USB plug connection, and the like. After the hardware token is accessed to the application server, the hardware token needs to verify whether the biological characteristic information is consistent with the preset biological characteristic information, and a dynamic password is generated after the verification is passed, wherein the dynamic password can be generated by combining a unique attribute value (16-bit string) of the hardware token with the current time or authentication times by using a state-secret algorithm, and can be a dynamic password of a 6-bit string. And after the dynamic password is generated, the dynamic password is sent to an application server, the application server sends the dynamic password to an authentication server, and the authentication server authenticates the dynamic password and feeds back an authentication result to the application server.

The authentication device based on the dynamic password provided by the embodiment of the application comprises: the hardware token is provided with an acquisition window and is used for acquiring biological characteristic information; the hardware token is connected with the application server, generates a dynamic password after confirming that the biological characteristic information is consistent with the preset biological characteristic information, and sends the dynamic password to the application server, so that the application server sends the dynamic password to the authentication server for authentication. After the hardware token is connected with the application server, the hardware token generates a dynamic password after confirming that the acquired biological characteristic information is consistent with the preset characteristic information, and even if the hardware token is stolen by others, the dynamic password can be generated only by verifying the biological characteristic information during use, so that the safety of a dynamic password authentication mode is effectively improved.

Considering that the dynamic password can be transmitted remotely through telephone, WeChat and the like, the dynamic password can also be stolen in the transmission process. Based on the above embodiments, the hardware token in the embodiment of the present application further includes a USB plug.

According to the embodiment of the application, the USB plug is connected with the application server, when the application server is logged in, the hardware token, the user of the hardware token and the accessed application server are ensured to be in the same physical position, so that the logging in of other people through remote authorization of communication means such as a telephone and the like is prevented, and the risk of stealing the dynamic password exists. Meanwhile, the dynamic password is transmitted in a USB connection mode, certain convenience is achieved, and the dynamic password can be prevented from being invalid due to the fact that a user manually inputs the wrong dynamic password.

Based on the foregoing embodiments, fig. 1 is a flowchart of an authentication method based on a dynamic password according to an embodiment of the present application. As shown in fig. 1, the authentication method includes:

s10: and acquiring the biological characteristic information after establishing connection with the application server.

S11: and judging whether the biological characteristic information is consistent with the preset biological characteristic information.

S12: if yes, generating a dynamic password; and sending the dynamic password to the application server so that the application server can send the dynamic password to the authentication server for authentication.

It should be noted that the method is applied to a hardware token. After the hardware token is connected with the application server, the acquisition window of the hardware token acquires the biological characteristic information, and judges whether the acquired biological characteristic information is consistent with preset biological characteristic information built in the hardware token, for example, the hardware token acquires a fingerprint, and judges whether the fingerprint is consistent with the preset fingerprint. And verifying the identity of the user through the biological characteristic information, and generating a dynamic password after determining that the user using the hardware token is the user. How to generate the dynamic password can be that the hardware token generates the dynamic password through the SM3 algorithm in the cryptographic algorithm according to the unique attribute value (16-bit string) of the hardware token and the current time; the hardware token can also generate a dynamic password through a cryptographic algorithm according to the attribute value of the hardware token and the current authentication times. The application server sends the obtained dynamic password to an authentication server for authentication, and the application server and the authentication server can be in wired connection.

In the embodiment of the application, the hardware token is connected with the application server and then biological characteristic information is acquired; generating a dynamic password after confirming that the biological characteristic information is consistent with the preset biological characteristic information; and sending the dynamic password to the application server so that the application server sends the dynamic password to the authentication server for authentication. After the hardware token is connected with the application server, the hardware token generates a dynamic password after confirming that the acquired biological characteristic information is consistent with the preset characteristic information, and even if the hardware token is stolen by others, the dynamic password can be generated only by verifying the biological characteristic information during use, so that the safety of a dynamic password authentication mode is improved, and the hardware token is effectively prevented from being illegally used after being stolen by others.

Based on the foregoing embodiment, an authentication method based on a dynamic password is further provided in an embodiment of the present application, and is applied to an application server, and includes: establishing a connection with a hardware token; the hardware token is provided with an acquisition window for acquiring biological characteristic information; after the hardware token confirms that the biological characteristic information is consistent with the preset biological characteristic information, acquiring a dynamic password generated by the hardware token; and sending the dynamic password to an authentication server so that the authentication server authenticates the dynamic password.

In the embodiment of the application, a user logs in an application server, account login information, namely a user name and a password, the application server verifies whether the user name and the password are correct or not, after the user name and the password are successfully verified, the user is prompted to access a hardware token, the hardware token is accessed into the application server through a USB plug, the application server obtains a dynamic password sent by the hardware token, and a pluggable authentication module of the application server forwards the dynamic password and the account login information to an authentication server. The authentication server authenticates the dynamic password and feeds back an authentication result to the application server. If the authentication result passes, the application server allows the account to access, and certainly, after the authentication result passes, the application server may also determine whether to allow the account to access according to other rules, for example, access time and IP address access authority may be set, which are not listed herein.

The authentication method based on the dynamic password provided by the embodiment of the application corresponds to the method of the embodiment, and the effect is as above.

Based on the foregoing embodiment, an authentication method based on a dynamic password is further provided in an embodiment of the present application, and is applied to an authentication server, and includes: acquiring a dynamic password sent by an application server; authenticating the dynamic password; the dynamic password is generated by the hardware token after confirming that the biological characteristic information is consistent with the preset biological characteristic information; the hardware token is provided with a collection window for collecting the biological characteristic information.

The authentication server stores hardware tokens bound to the accounts, and each hardware token has a unique attribute value. The authentication server receives account login information and a dynamic password sent by the application server, determines a hardware token bound to the account according to the account login information, combines an attribute value of the hardware token, generates the dynamic password in a password generation mode the same as that of the hardware token, compares the dynamic password with the dynamic password generated by the hardware token, and if the dynamic password is consistent with the dynamic password generated by the hardware token, the authentication result is passed, and if the dynamic password is inconsistent with the dynamic password generated by the hardware token, the authentication result is not passed. The authentication server further improves the security of accessing the application server by ensuring that the login application server account is consistent with the hardware token account of accessing the application server.

The authentication method based on the dynamic password provided by the embodiment of the application corresponds to the method of the embodiment, and the effect is as above.

In order to make those skilled in the art better understand the technical solutions of the present application, the following embodiments are further described in detail with reference to the accompanying drawings.

Fig. 2 is a schematic diagram of a hardware token, an application server, and an authentication server application scenario provided in an embodiment of the present application. As shown in fig. 2, the application scenario includes:

s20: and the application server acquires the account login information, verifies whether the account login information is correct or not, and prompts to access the hardware token if the account login information is correct.

S21: the hardware token is connected with the application server through the USB plug, and a dynamic password is generated after the fingerprint acquired by the acquisition window is confirmed to be consistent with the preset fingerprint.

S22: the hardware token sends the dynamic password to the application server.

S23: and the application server sends the dynamic password and the account login information to the authentication server.

S24: the authentication server authenticates the dynamic password.

S25: the authentication server feeds back the authentication result to the application server.

S26: if the authentication result is passed, the application server allows the account to access; if the authentication result is no pass, the process returns to step S21.

The embodiment of the application specifically describes the application scenes of the hardware token, the application server and the authentication server, and in the scene with high safety level requirement, the hardware token, the application server and the authentication server are required to be physically connected, so that the risk of logging in the application server through remote authorization of communication means such as telephone and the like is effectively avoided, the hardware token is accessed into the application server through a USB plug, the generated dynamic password is transmitted to the application server through a USB mode, and the problem of manual input error of a user is effectively avoided. The hardware token confirms the user identity of the hardware token through biological characteristic information such as fingerprints and the like, and the hardware token is prevented from being illegally used after being stolen by others.

In the above embodiments, the authentication method based on the dynamic password is described in detail, and the present application also provides embodiments corresponding to the authentication device based on the dynamic password. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.

On the basis, the application also discloses an authentication device based on the dynamic password corresponding to the method. Fig. 3 is a structural diagram of an authentication apparatus based on a dynamic password according to an embodiment of the present application, and as shown in fig. 3, the authentication apparatus includes:

and the acquisition module 10 is used for acquiring the biological characteristic information after establishing connection with the application server.

And the judging module 11 is configured to judge whether the biometric information is consistent with the preset biometric information.

The sending module 12 is used for generating a dynamic password after the biological characteristic information is consistent with the preset biological characteristic information; and sending the dynamic password to the application server so that the application server can send the dynamic password to the authentication server for authentication.

Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.

Fig. 4 is a structural diagram of another dynamic password-based authentication device according to an embodiment of the present application, and as shown in fig. 4, the dynamic password-based authentication device includes: a memory 20 for storing a computer program; a processor 21 for implementing the steps of the dynamic password based authentication method as described in the above embodiments when executing the computer program.

The authentication device provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.

The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.

The memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing the following computer program 201, wherein after being loaded and executed by the processor 21, the computer program can implement the relevant steps of the authentication method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202, data 203, and the like, and the storage manner may be a transient storage manner or a permanent storage manner. Operating system 202 may include, among others, Windows, Unix, Linux, and the like. The data 203 may include, but is not limited to, preset biometric information, attribute values, and the like.

In some embodiments, the authentication device may further include a display 22, an input/output interface 23, a communication interface 24, a power source 25, and a communication bus 26.

Those skilled in the art will appreciate that the configuration shown in FIG. 4 does not constitute a limitation of a dynamic password-based authentication device and may include more or fewer components than those shown.

The authentication device based on the dynamic password provided by the embodiment of the application comprises a memory and a processor, wherein when the processor executes a program stored in the memory, the following method can be realized: acquiring biological characteristic information after establishing connection with an application server; judging whether the biological characteristic information is consistent with preset biological characteristic information or not; if yes, generating a dynamic password; and sending the dynamic password to the application server so that the application server can send the dynamic password to the authentication server for authentication.

Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps as set forth in the above-mentioned method embodiments.

It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The authentication method based on dynamic password provided by the present application is described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

13页详细技术资料下载

上一篇：一种医用注射器针头装配设备

下一篇：一种高性能椭圆曲线数字签名与验签的硬件实现系统和方法

Authentication method, device and medium based on dynamic password

相关技术

网友询问留言