Two-way identity authentication method and system based on dynamic passwords

A two-way identity authentication and dynamic password technology, applied in the field of information security, can solve the problems of inability to apply unit authentication and low security of the application system, and achieve the effect of improving security

Active Publication Date: 2015-01-14
深圳市奇付通科技有限公司
6 Cites 3 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0004] It can be seen from the above description that in the prior art, only the identity of the user can be aut...
View more

Method used

[0055] In the above-mentioned embodiment, the authentication unit informs the user through the dynamic password that the verification of the application unit has passed, so that the application unit that has not passed the verification is prevented from outputting a false verification message to the user. For example, if th...
View more

Abstract

The invention provides a two-way identity authentication method and system based on dynamic passwords. The method comprises the steps that an application unit receives user identification and the first dynamic password input from the outside, and the user identification, the first dynamic password and verification information which is stored in advance and is used for verifying the application unit are sent to an authentication unit; the authentication unit receives the user identification, the first dynamic password and the verification information, the first dynamic password is verified according to the user identification, after the verification is passed, identity authentication is conducted on the application unit according to the verification information, if the authentication is passed, the second dynamic password is generated according to the user identification, the second dynamic password is sent to the application unit, and otherwise the second dynamic password is not generated; the application unit receives the second dynamic password, and the second dynamic password is output. The two-way identity authentication method and system based on the dynamic passwords can improve the safety of an application system.

Application Domain

User identity/authority verification

Technology Topic

PasswordAuthentication

Image

  • Two-way identity authentication method and system based on dynamic passwords
  • Two-way identity authentication method and system based on dynamic passwords

Examples

  • Experimental program(1)

Example Embodiment

[0040] In order to make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work belong to the protection of the present invention. range.
[0041] The embodiment of the present invention provides a two-way identity authentication method based on a dynamic password, see figure 1 , The method includes:
[0042] Step 101: The application unit receives an externally input user ID and a first dynamic password;
[0043] Step 102: The application unit sends the user ID, the first dynamic password, and pre-stored verification information for verifying the application unit to the authentication unit;
[0044] Step 103: The authentication unit receives the user ID, the first dynamic password and the verification information;
[0045] Step 104: The authentication unit verifies the first dynamic password according to the user ID;
[0046] Step 105: After the first dynamic password is verified, the authentication unit performs identity verification on the application unit according to the verification information. If the verification is passed, steps 106, 107, 108, and 109 are executed in sequence. Pass, go to step 110;
[0047] Step 106: The authentication unit generates a second dynamic password according to the user ID;
[0048] Step 107: The authentication unit sends the second dynamic password to the application unit;
[0049] Step 108: The application unit receives the second dynamic password;
[0050] Step 109: The application unit outputs the second dynamic password;
[0051] Step 110: The authentication unit does not generate a second dynamic password.
[0052] Through the method provided by the above-mentioned embodiment, after the authentication unit passes the identity verification of the application unit, the second dynamic password can be generated, and the generated second dynamic password can be output to the user, so that the user can verify the application unit, which improves The security of the application system.
[0053] The application unit in this embodiment may be a website, application software, application server, etc., and the authentication unit in this embodiment may be an authentication server, authentication software, authentication module, etc.
[0054] In step 109, the application unit may display the second dynamic password, or output it through a voice signal. After the user learns the second dynamic password, he compares it with the verification dynamic password used to verify the second dynamic password on his own dynamic password terminal. If they are the same, it proves that the application unit has passed the verification of the authentication unit and the application unit is safe. , To avoid phishing websites and other network dangers. Wherein, the first dynamic password and the verification dynamic password for verifying the second dynamic password are both in the same dynamic password terminal. The user's dynamic password terminal can be in the form of hardware, APP (Application, application software), and so on.
[0055] In the above embodiment, the authentication unit informs the user of the message that the application unit has passed the verification through a dynamic password, which prevents the application unit that has not passed the verification from outputting a false verification message to the user. For example, if the authentication unit informs the user that the authentication is passed through a text message, the application unit that has not passed the authentication can easily forge a text message to inform the user that the authentication is passed; if a dynamic password is used to inform the user, the authentication is not passed. The application unit is difficult to forge, which improves the security of the application system.
[0056] In a possible implementation manner, the step 104 includes step 1041, step 1042, step 1043 not shown in the figure:
[0057] Step 1041: The authentication unit determines the seed of the first dynamic password verification according to the corresponding relationship between the user ID and the preset user ID and the seed of the first dynamic password verification;
[0058] Step 1042: The authentication unit generates a first verification dynamic password through a hash algorithm according to the seed and time of the first verification dynamic password;
[0059] Step 1043: The authentication unit judges whether the first dynamic password for verification is the same as the first dynamic password. If yes, the verification is passed and step 105 is executed; otherwise, the verification fails, and the authentication unit sends a verification failure message to The application unit to enable the application unit to output the verification failure message.
[0060] In step 106, the authentication unit generates a second dynamic password according to the user ID, including steps 1061 and 1062 not shown in the figure:
[0061] Step 1061: The authentication unit determines the second seed of the second dynamic password according to the user ID and the correspondence between the preset user ID and the seed of the second dynamic password;
[0062] Step 1062: The authentication unit generates the second dynamic password through a hash algorithm according to the second seed and time.
[0063] The S7 includes:
[0064] The application unit outputs the second dynamic password, so that the outside verifies the second dynamic password according to the second verification dynamic password in the dynamic password terminal, wherein the first dynamic password and the second verification dynamic password All are in the dynamic password terminal.
[0065] For example, the external verification of the second dynamic password according to the second verification dynamic password in the dynamic password terminal specifically includes: obtaining the second dynamic password output by the application terminal and the second verification dynamic password in the dynamic password terminal; Comparing the second dynamic password and the second verification dynamic password, if they are the same, the verification is passed, otherwise the verification fails.
[0066] In addition, the step 105 further includes: if the verification is passed, the authentication unit sends the verification additional information to the application unit, so that the application unit outputs the verification additional information, wherein the verification additional information is Including: the identification information of the application unit.
[0067] Wherein, the identification information of the application unit includes: DNS (Domain Name System, domain name system) address, IP (Internet Protocol, network protocol) address, MAC (Media Access Control, media access control) address of the application unit, etc. The second dynamic password can be numbers, letters, symbols, or a combination of numbers, letters and symbols, and the returned second dynamic password and verification additional information can be in the form of text, image, two-dimensional code, etc.
[0068] The verification additional information may also include a verification URL (Uniform Resource Locator), the verification URL points to the verification unit, the user clicks on the verification URL, the user can view the identification information of the application unit in the verification unit, and You can view the number of verification clicks, etc.
[0069] figure 2 A two-way identity authentication system based on dynamic passwords is shown. The system includes: an application unit 201 and an authentication unit 202;
[0070] The application unit 201 is configured to receive an externally input user ID and a first dynamic password, and send the user ID, the first dynamic password, and pre-stored verification information for verifying the application unit to the authentication unit , Receiving the second dynamic password sent by the authentication unit, and outputting the second dynamic password;
[0071] The authentication unit 202 is configured to receive the user ID, the first dynamic password, and the verification information, and verify the first dynamic password according to the user ID. After the first dynamic password is verified, , Performing identity verification on the application unit according to the verification information, and if the identity verification of the application unit is passed, the authentication unit generates a second dynamic password according to the user ID, and sends the second dynamic password To the application unit, otherwise, the authentication unit does not generate a second dynamic password.
[0072] In a possible implementation manner, the authentication unit includes what is not shown in the figure:
[0073] The first determining subunit is configured to determine the seed of the first dynamic password verification according to the corresponding relationship between the user identification and the preset user identification and the seed of the first dynamic verification password;
[0074] The first generation subunit is configured to generate the first dynamic verification password through a hash algorithm according to the seed and time of the first verification dynamic password;
[0075] The judging subunit is used to judge whether the first dynamic password for verification is the same as the first dynamic password, if it is, it is judged that the verification is passed, and the application unit is authenticated according to the verification information; otherwise, it is judged to verify If it fails, send verification failure information to the application unit, so that the application unit outputs the verification failure message.
[0076] In another possible implementation manner, the authentication unit includes what is not shown in the figure:
[0077] The second determining subunit is configured to determine the second seed of the second dynamic password according to the user identification and the correspondence between the preset user identification and the seed of the second dynamic password;
[0078] The second generation subunit is used to generate the second dynamic password through a hash algorithm according to the second seed and time.
[0079] Wherein, the second generating subunit is specifically configured to generate the second dynamic password through a hash algorithm according to the second seed.
[0080] The application unit is specifically configured to output the second dynamic password, so that the outside may verify the second dynamic password according to the second verification dynamic password in the dynamic password terminal, wherein the first dynamic password and the second dynamic password The verified dynamic passwords are all in the dynamic password terminal.
[0081] In addition, the authentication unit is further configured to send verification additional information to the application unit if the identity verification of the application unit is passed, so that the application unit outputs the verification additional information, wherein the The additional verification information includes: the identity information of the application unit.
[0082] The information exchange and execution process among the units and sub-units in the above-mentioned equipment are based on the same concept as the method embodiment of the present invention. For specific content, please refer to the description in the method embodiment of the present invention, and will not be repeated here.
[0083] It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply the relationship between these entities or operations. There is any such actual relationship or sequence. Moreover, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements not only includes those elements, but also includes those that are not explicitly listed Other elements of, or also include elements inherent to this process, method, article or equipment. Without more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other same factors in the process, method, article, or equipment that includes the element.
[0084] A person of ordinary skill in the art can understand that all or part of the steps in the above method embodiments can be implemented by a program instructing relevant hardware. The foregoing program can be stored in a computer readable storage medium. When the program is executed, it is executed. Including the steps of the foregoing method embodiment; and the foregoing storage medium includes: ROM, RAM, magnetic disk, or optical disk and other media that can store program codes.
[0085] Finally, it should be noted that the above descriptions are only preferred embodiments of the present invention, which are only used to illustrate the technical solutions of the present invention, and are not used to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are all included in the protection scope of the present invention.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Malicious website prompt method and router

ActiveCN104125209Aimprove security
Owner:TENCENT TECH (SHENZHEN) CO LTD +1

Credible virtual machine platform

InactiveCN101957900AImprove stability and attack resistanceimprove security
Owner:706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND

Intelligent door lock identity authentication method and system, readable storage medium and mobile terminal

ActiveCN109712278APrevent Identity Leakageimprove security
Owner:深圳市小石安防科技有限公司

Classification and recommendation of technical efficacy words

Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products