[go: up one dir, main page]

CN111865869B - Registration and authentication method and device based on random mapping, medium and electronic equipment - Google Patents

Registration and authentication method and device based on random mapping, medium and electronic equipment Download PDF

Info

Publication number
CN111865869B
CN111865869B CN201910335403.4A CN201910335403A CN111865869B CN 111865869 B CN111865869 B CN 111865869B CN 201910335403 A CN201910335403 A CN 201910335403A CN 111865869 B CN111865869 B CN 111865869B
Authority
CN
China
Prior art keywords
random
registration data
mapping
key
random salt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910335403.4A
Other languages
Chinese (zh)
Other versions
CN111865869A (en
Inventor
段程浩
李军亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Wodong Tianjun Information Technology Co Ltd
Priority to CN201910335403.4A priority Critical patent/CN111865869B/en
Publication of CN111865869A publication Critical patent/CN111865869A/en
Application granted granted Critical
Publication of CN111865869B publication Critical patent/CN111865869B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure relates to the technical field of encryption authentication, in particular to a registration and authentication method and device based on random mapping, a medium and electronic equipment, wherein the method comprises the following steps: responding to the user to send registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt; encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key; combining the random salt and the registration data primary key into a secondary key according to a first preset rule; the secondary key is encrypted according to the first random mapping to obtain an authentication key and returned. According to the technical scheme, the encryption is carried out according to the random salt and the first random mapping, so that dependence on registration data and the random salt when the authentication key is generated can be reduced, the authentication key is difficult to copy even under the condition that the registration data and the random salt are leaked, and the security of authentication according to the authentication key is further improved.

Description

Registration and authentication method and device based on random mapping, medium and electronic equipment
Technical Field
The disclosure relates to the technical field of encryption authentication, in particular to a registration and authentication method and device based on random mapping, a computer readable storage medium and electronic equipment.
Background
Currently, in some platforms with access to resources, it is often necessary to grant different access rights to different users. For example, in some paid online educational platforms, a user who has registered course 1 is granted access to only the resource of course 1, and a user who has registered course 1 and course 2 is granted access to the corresponding resources of course 1 and course 2.
The current common authentication and authorization method is to compare an authentication key carried in an access request sent by a user with a standard key of a server so as to authenticate whether the access right exists or not. However, existing authentication keys and standard keys are typically generated by several methods: firstly, a simple symmetric encryption algorithm is adopted to generate, for example, symmetric encryption algorithms such as 3DES, AES and the like; the second one is generated by adopting a one-way hash algorithm, such as MD5, SHA1 and other one-way hash algorithms; thirdly, adding fixed salt on the basis of a one-way hash algorithm to generate a secret key.
However, under the condition of a large amount of user information leakage, the first method can restore the original password through decryption, the second encryption method can perform table lookup and cracking according to a rainbow table, the third encryption method excessively depends on fixed salt, and once the fixed salt is leaked, the rainbow table can be established for cracking. In summary, under the condition that a large amount of user information is revealed, decryption of the authentication key and the standard key in the existing authentication method becomes simpler and simpler, and the security of authentication authorization is greatly affected.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The disclosure aims to provide a registration and authentication method and device based on random mapping, a computer readable storage medium and an electronic device, so as to overcome the problem of low authentication security at least to a certain extent.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to a first aspect of the present disclosure, there is provided a random mapping-based registration method, including: responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt; wherein the registration data comprises a user identifier and an authorized object identifier; encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key; the registration data primary key comprises a user primary key and an authorized object primary key; combining the random salt and the registration data primary key into a secondary key according to a first preset rule; and encrypting the secondary key according to the first random mapping to acquire an authentication key and returning the authentication key.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the first random mapping includes: performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number; and mapping the byte array by taking the random salt as a mapping rule.
In an exemplary embodiment of the disclosure, based on the foregoing solution, the obtaining a random salt corresponding to the registration data includes: configuring random salt generated randomly as random salt corresponding to the registration data; or mapping the registration data to a group of random salts in a preset random salt table, and configuring the random salts as random salts corresponding to the registration data; or extracting a time stamp corresponding to the registration data in the system log, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as a random salt corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, after the encrypting the random string according to the second preset hash algorithm, the method further includes: and re-encrypting the encrypted character string according to the second random mapping.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the second random mapping includes: performing character conversion according to a second preset hash algorithm to generate a byte array; and mapping the byte array by taking the encrypted character string as a mapping rule.
In an exemplary embodiment of the present disclosure, based on the foregoing solution, after the obtaining the random salt corresponding to the registration data, the method further includes: storing the registration data in correspondence with random salt information for generating the random salt; wherein the random salt information comprises a random salt or a timestamp corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing aspect, after the storing the registration data corresponding to the random salt information that generates the random salt, the method further includes: comparing the random salt information with historical random salt information for duplicate checking; and if the random salt information is the same as the historical random salt information, re-acquiring the random salt corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the method further includes: acquiring random salt information corresponding to the registration data in response to the user transmitting authentication data; the authentication data comprises registration data and an authentication key, wherein the registration data comprises a user identifier and an authorized object identifier; reproducing random salt based on the random salt information, and generating a first random map from the random salt; encrypting the registration data according to the first random mapping and the first preset rule to acquire a standard key; and if the authentication key is the same as the standard key, the authentication is successful.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the random salt is a string of a predetermined number of bits extracted from digits, characters, and special characters not to be replaced.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the number, the character, and the kind and the proportion of the special character in the random salt are configured according to a third preset rule.
According to a second aspect of the present disclosure, there is provided an authentication method based on random mapping, including: acquiring random salt information corresponding to the registration data in response to the user transmitting authentication data; the authentication data comprises registration data and an authentication key, wherein the registration data comprises a user identifier and an authorized object identifier; reproducing random salt based on the random salt information, and generating a first random map from the random salt; encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key; the registration data primary key comprises a user primary key and an authorized object primary key; combining the random salt and the registration data primary key into a secondary key according to a first preset rule; encrypting the secondary key according to the first random mapping to obtain a standard key; and if the authentication key is the same as the standard key, judging that the authentication is successful.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the random salt information includes a time stamp corresponding to the random salt or the registration data; if the random salt information includes a timestamp corresponding to the registration data, reproducing the random salt based on the random salt information, including: and extracting a time stamp corresponding to the registration data in the random salt information, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as the random salt corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, after the encrypting the random string according to the second preset hash algorithm, the method further includes: and re-encrypting the encrypted character string according to the second random mapping.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the step of according to the second random mapping includes: performing character conversion according to a second preset hash algorithm to generate a byte array; and mapping the byte array by taking the encrypted character string as a mapping rule.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the first random mapping includes: performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number; and mapping the byte array by taking the random salt as a mapping rule.
In an exemplary embodiment of the disclosure, based on the foregoing, the authentication key is generated based on the registration data; the method further comprises the steps of: responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt; wherein the registration data comprises a user identifier and an authorized object identifier; encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key; the registration data primary key comprises a user primary key and an authorized object primary key; combining the random salt and the registration data primary key into a secondary key according to a first preset rule; and encrypting the secondary key according to the first random mapping to acquire an authentication key and returning the authentication key.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the random salt is a string of a predetermined number of bits extracted from digits, characters, and special characters not to be replaced.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the number, the character, and the kind and the proportion of the special character in the random salt are configured according to a third preset rule.
According to a third aspect of the present disclosure, there is provided a random mapping based registration apparatus, comprising: the data generation module is used for responding to the user to send registration data, obtaining random salt corresponding to the registration data and generating a corresponding first random mapping according to the random salt; wherein the registration data comprises a user identifier and an authorized object identifier; the first encryption module is used for encrypting the registration data according to the first random mapping so as to obtain a corresponding registration data preliminary key; the registration data primary key comprises a user primary key and an authorized object primary key; the first combination module is used for combining the random salt and the registration data primary key into a secondary key according to a first preset rule; and the second encryption module is used for encrypting the secondary key according to the first random mapping so as to acquire an authentication key and returning the authentication key.
According to a fourth aspect of the present disclosure, there is provided an authentication apparatus based on random mapping, comprising: the data acquisition module is used for responding to the authentication data sent by the user and acquiring random salt information corresponding to the registration data; the authentication data comprises registration data and an authentication key, wherein the registration data comprises a user identifier and an authorized object identifier; the data reproduction module is used for reproducing the random salt based on the random salt information and generating a first random mapping according to the random salt; the third encryption module is used for encrypting the registration data according to the first random mapping so as to obtain a corresponding registration data preliminary key; the registration data primary key comprises a user primary key and an authorized object primary key; the second combination module is used for combining the random salt and the registration data primary key into a secondary key according to a first preset rule; the fourth encryption module is used for encrypting the secondary key according to the first random mapping so as to acquire a standard key; and the data authentication module is used for judging that the authentication is successful when the authentication key is the same as the standard key.
According to a fifth aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the random mapping based registration method as described in the first aspect of the above embodiments; or the program when executed by a processor implements the random mapping based authentication method as described in the second aspect of the above embodiment.
According to a sixth aspect of embodiments of the present disclosure, there is provided an electronic device, comprising:
a processor; and
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a random mapping based registration method as described in the first aspect of the embodiments above; or when the one or more programs are executed by the one or more processors, cause the one or more processors to implement the random mapping based authentication method as described in the second aspect of the embodiments above.
The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:
in the registration method based on random mapping provided by the embodiment of the disclosure, a corresponding first random mapping is generated through the obtained random salt corresponding to the registration data, the registration data is encrypted according to the random mapping to generate a registration data preliminary key, and finally the combination of the random salt and the registration data preliminary key is further encrypted according to the first random mapping to generate an authentication key and returns. Through the encryption process, the dependence on the registration data and the random salt in the generation of the authentication key can be reduced, so that the authentication key is difficult to copy even if the registration data and the random salt are leaked, and the security of authentication according to the authentication key is further improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort. In the drawings:
fig. 1 schematically illustrates a flowchart of a random mapping-based registration method in an exemplary embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a method in an exemplary embodiment of the present disclosure for encryption according to a first random mapping;
fig. 3 schematically illustrates a flowchart of an authentication method after registration in an exemplary embodiment of the present disclosure;
fig. 4 schematically illustrates a flowchart of an authentication method based on random mapping in an exemplary embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a method in an exemplary embodiment of the present disclosure for encryption according to a first random mapping;
Fig. 6 schematically illustrates a flowchart of a method of registering prior to authentication in an exemplary embodiment of the present disclosure;
fig. 7 schematically illustrates a composition diagram of a registration apparatus based on random mapping in an exemplary embodiment of the present disclosure;
fig. 8 schematically illustrates a composition diagram of an authentication apparatus based on random mapping in an exemplary embodiment of the present disclosure;
FIG. 9 schematically illustrates a structural schematic diagram of a computer system suitable for use in implementing the electronic device of the exemplary embodiments of the present disclosure;
fig. 10 schematically illustrates a schematic diagram of a computer-readable storage medium according to some embodiments of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
In the present exemplary embodiment, a registration method based on random mapping is provided first, which can be applied to the field of encrypted authentication, for example, before authentication, a server needs to generate corresponding authentication keys for a registered user and an authorized object applied by the registered user, so as to perform authentication when access to a resource is required. The above registration method based on random mapping can be applied to an authenticated server. Referring to fig. 1, the above-mentioned registration method based on random mapping includes the following steps:
s11, responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt;
s12, encrypting the registration data according to the first random mapping to obtain a corresponding registration data primary key;
s13, combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
s14, encrypting the secondary key according to the first random mapping so as to acquire an authentication key and returning the authentication key.
According to the random mapping-based registration method provided in the present exemplary embodiment, by encrypting according to the random salt and the first random mapping, the dependence on the registration data and the random salt when the authentication key is generated can be reduced, so that the authentication key is difficult to copy even if the registration data and the random salt are leaked, and the security of authentication according to the authentication key is further improved.
Hereinafter, each step of the random mapping-based registration method in the present exemplary embodiment will be described in more detail with reference to the accompanying drawings and embodiments.
Step S11, responding to the user to send registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt.
In one example embodiment of the present disclosure, the registration data includes a user identification and an authorization object identification. The user identifier corresponds to a unique user and can be a user id, a user name and the like; the authorization object corresponds to a unique accessible resource or group of accessible resources, which may be a resource code, a resource label, or the like.
In an example embodiment of the present disclosure, the random salt is a string of a preset number of bits extracted from numbers, characters, and special characters without being put back, wherein the preset number of bits may be set according to attributes of the user string and the authorization object string. For example, when the user character string and the authorized object character string are 16-system character strings, the preset number of bits of the random salt is 16; for another example, when the user string and the authorization object string are 2-level strings, the preset number of bits of the random salt is 2.
Further, the number, character and kind and proportion of special character in the random salt are configured according to a third preset rule. The third preset rule may be a predefined character type and proportion, for example, a predefined rule may be used to extract random salt from the numbers and characters, and the proportion of the numbers and characters may be set to be 50% and 50%, and the proportion of the special characters may be set to be 0%; the third preset rule may be set according to the characters of the specific digits of the user character string and the authorized object character string, for example, in the user character string and the authorized object character string converted by the MD5 algorithm, when the characters of the 2 nd bit are 5 and e respectively, the ratio of the number, the character and the special character may be set to 5%,14% and 81%.
In an example embodiment of the present disclosure, the obtaining the random salt corresponding to the registration data includes a plurality of ways. The random salt generated randomly can be configured as the random salt corresponding to the registration data, for example, the random extracted 16-bit random salt which is not replaced in the number, the character and the special character is configured as the random salt corresponding to the registration data; the registration data may also be mapped to a set of random salts in a preset random salt table, where the random salts are configured as random salts corresponding to the registration data, for example, a set of random salts mapped to a specific column of a specific row in the random salt table according to numbers in the user representation and the authorization object identifier in the registration data.
The process of obtaining the random salt corresponding to the registration data may also be extracting a time stamp corresponding to the registration data in the system log, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as the random salt corresponding to the registration data.
In an example embodiment of the present disclosure, the second preset rule refers to a rule of registering a combination of data and timestamp generation. The second preset rule may be that any two data are extracted from the user data, the authorized object data and the time stamp to be sequentially combined, for example, the user data and the time stamp are combined into a random character string; the second preset rule may be a combination sequence of the user data, the authorized object data, and the time stamp, for example, the three are combined into a random character string according to the sequence of the time stamp, the user data, and the authorized object data.
Further, after encrypting the random string according to the second preset hash algorithm, the encrypted string may be further encrypted according to the second random mapping, so as to configure the finally obtained encrypted string as a random salt corresponding to the registration data. The second preset hash algorithm can be one or a combination of a plurality of hash algorithms such as MD5 algorithm, SHA1 algorithm and the like; the second random mapping includes: performing character conversion according to a second preset hash algorithm to generate a byte array; and mapping the byte array by taking the encrypted character string as a mapping rule.
For example, after the random string formed by combining the two data according to the timestamp and the user data is "apple121", it is encrypted according to the MD5 algorithm to obtain an encrypted byte array of "428ffcff513b6f78cf0975e080d4041a", at this time, the encrypted byte array may be re-encrypted according to the second random mapping, that is, after it is re-encrypted according to the MD5 algorithm to obtain "5f3cc3424f13f060bf49ea5da38e4d3d", since the byte array obtained by the MD5 algorithm is a byte array of 16 scale, the first 16 bits of the encrypted byte array "428ffcff513b6f78cf0975e080d4041a" obtained in the first step is used as a mapping rule, and the "5f3cc3424f13f060bf49ea5da38 d3d" is obtained according to the second MD5 algorithm.
Optionally, when the encrypted string is re-encrypted according to the second random mapping, the number of re-encryption may be set manually, or may be generated automatically according to the registration data and the timestamp, for example, the number of re-encryption may be the smallest number of digits in the number of digits of the registration data and the timestamp, or the sum of the numbers of digits of the registration data and the timestamp may be the number of re-encryption.
For the protocol for obtaining random salts, embodiments of the present disclosure provide the following 2 specific examples:
Example 1:
the first step, two data construction character strings are selected according to the sequence of the user identifier, the authorized object identifier and the time stamp, wherein the two data construction character strings are the user identifier, the authorized object identifier, the time stamp and the time stamp, respectively.
And secondly, carrying out MD5 encryption on the three groups of character strings to respectively obtain a byte array 1, a byte array 2 and a byte array 3.
Third, 3 byte arrays are combined into 1 byte array according to the sequence of byte array 1, byte array 2 and byte array 3.
And fourthly, carrying out MD5 encryption on the 1-byte array obtained in the third step to obtain random salt.
Example 2:
the resulting random salt was noted as the initial random salt on the basis of example 1.
The method comprises the steps of firstly, calculating the bit number of three groups of data of a user identifier, an authorized object identifier and a timestamp and configuring the bit number as encryption times; or custom encryption times.
And secondly, generating a first random mapping according to the initial random salt, and randomly encrypting a group of character strings formed by the user identifier, the authorized object identifier and the timestamp according to the first random mapping, wherein the encryption times are the encryption times configured in the first step.
And step S12, encrypting the registration data according to the first random mapping to acquire a corresponding registration data preliminary key.
In an example embodiment of the present disclosure, the registration data includes a user identifier and an authorization object identifier, so that encrypting the registration data according to the first random mapping is to encrypt the user identifier and the authorization object identifier separately, and thus, the corresponding obtained registration data primary key includes a user primary key and an authorization object primary key.
In an example embodiment of the present disclosure, referring to fig. 2, the first random mapping includes the steps of:
s121, performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number;
s122, mapping the byte array by taking the random salt as a mapping rule.
In an example embodiment of the present disclosure, the first preset hash algorithm may be a combination of one or more of a MD5 algorithm, a SHA1 algorithm, and the like. For example, if the first preset hash algorithm is the MD5 algorithm, the user identifier "apple" may be converted into the byte array "1f3870be274f6c49b3e31a0c6728957f" according to the MD5 algorithm; for another example, the first preset hash algorithm is MD5 algorithm and SHA1 algorithm, the MD5 algorithm may be used to convert the user identifier "apple" into the byte array "1f3870be274f6c49b3e31a0c6728957f", and then the SHA1 algorithm is used to convert the byte array into the byte array "bd27f490c3b0b1522533339da74ccf9eefc72816" corresponding to the SHA1 algorithm.
Specifically, the registration data is encrypted according to the first random mapping, and then the registration data is converted according to a first preset hash algorithm to generate a byte array with a specific bit number, and then the random salt obtained in step S11 is used as a mapping rule to map the byte array to generate a preliminary key. For example, when the MD5 algorithm is used to convert the user identifier "test" into a 32-bit string "098f6bcd4621d373cade4e832627b4f6" in 16, if the correspondence between the original character and the random salt is shown in table 1, the string "098f6bcd4621d373cade4e832627b4f6" corresponding to the user identifier "test" may be encrypted with the random salt as the mapping to generate the user primary key "correspondingto the random salt")! L+8zo 4 b f4 m o43 o 3 b8bMz +8"; for another example, the original characters 0, 1, 2, and 3 correspond to the random salts t, G, 8, respectively, and then the byte array "2013" converted according to the MD5 algorithm may be mapped to "8 tG.
TABLE 1
Original character 0 1 2 3 4 5 6 7 8 9 a b c d e f
Random salt F b } ^ 9 8 M * L e z o 4 3 +
And S13, combining the random salt and the registration data primary key into a secondary key according to a first preset rule.
In an example embodiment of the present disclosure, the first preset rule may be a combination order of the random salt, the user preliminary key, the authorized object preliminary key, and the random salt, for example, the three are combined into the secondary key in the order of the random salt, the user preliminary key, and the authorized object preliminary key. For example, the random salt is "+|! Fb }. Times.98M. Lezo43+ ", the user preliminary key is" test "converted in the above example" +|! L+8Z4≡8bF4} M } oe43 ζ3 } b bMz ++8 ", authorization object preliminary key is" 1f3870be274f6c49b3e31a0c6728957f ", three sets of byte arrays are combined into a secondary key" correspondingto the order of random salt, user preliminary key, authorization object preliminary key "++! Fb }. Times.98M. Lezo 43-! L+8zo 4 b f4 m } oe43 x 3 b8bMz +81f3870be274f6c49b3e31a0c6728957 f).
Step S14, encrypting the secondary key according to the first random mapping to acquire an authentication key and returning.
In an example embodiment of the present disclosure, the process of encrypting the secondary key according to the first random mapping is the same as the process of encrypting the registration data described above, that is, the secondary key is converted according to a first preset hash algorithm to generate a byte array with a specific number of bits, and then the byte array is mapped to generate the authentication key by using the random salt obtained in step S11 as a mapping rule. For example, the two-level key generated in the step S13 is converted according to the MD5 algorithm to generate a 32-bit byte array "5e6c4bc354c94f6cecf1ef3795f6126e", and the byte array is mapped by random salt in Table 1 to generate a corresponding authentication key "938o [ zo ] }9 [ o ] L [ o ] +8o [ 3 ] o+ ]! 3+ } ML9+8Fb83%.
Further, when the secondary key is encrypted according to the first random mapping, the number of times of encryption may be set manually, or may be generated automatically according to registration data. For example, the number of times of encryption may be the smallest number of digits of the user identifier and the authorization object identifier in the registration data, or the sum of digits of the user identifier and the authorization object identifier may be the number of times of encryption.
In an example embodiment of the present disclosure, after the obtaining the random salt corresponding to the registration data, the method further includes: storing the registration data in correspondence with random salt information for generating the random salt; wherein the random salt information comprises a random salt or a timestamp corresponding to the registration data. For example, when the random salt is randomly generated in a number, a character, a special character, the random salt may be directly used as the random salt information; for another example, when the random salt information is generated by encrypting the time stamp with the registration information, the time stamp may be stored as the random salt information. By storing the random salt information and the registration data correspondingly, when the key needs to be copied, the key can be copied according to the registration data, the random salt information, the corresponding first random mapping and the first preset rule, and the copying requirement during authentication is ensured.
Further, after storing the random salt information, a deduplication process may also be performed on the random salt information, where the deduplication process includes: comparing the random salt information with historical random salt information for duplicate checking; and if the random salt information is the same as the historical random salt information, re-acquiring the random salt corresponding to the registration data. For example, after the random salt information is stored, the random salt information is compared with the historical random salt information stored in the past, if the same random salt appears, one random salt can be obtained again as the random salt of the registration data, and the step of storing the random salt information is carried out again. By the de-preprocessing, the random salt information corresponding to each registration data can be made unique, and the corresponding random salt is also unique. Under the condition that the random salt is unique, the uniqueness of the authentication key obtained by each registration information can be ensured, and the authentication security is improved to a certain extent.
In an exemplary embodiment of the present disclosure, after the authentication key is registered according to the above method, the authentication key is authenticated at the time of access to verify the right of access, referring to fig. 3, the method includes the steps of:
s15, responding to the user to send authentication data, and acquiring random salt information corresponding to the registration data; the authentication data comprises registration data and an authentication key, wherein the registration data comprises a user identifier and an authorized object identifier;
s16, reproducing random salt based on the random salt information, and generating a first random mapping according to the random salt;
s17, encrypting the registration data according to the first random mapping and the first preset rule to acquire a standard key;
and S18, if the authentication key is the same as the standard key, successful authentication is achieved.
In an example embodiment of the present disclosure, after a user registers for an authorized object, when accessing, random salt information corresponding to registration data may be obtained from stored random salt information according to authentication data, and then random salt may be reproduced according to the random salt information, and a corresponding first random map may be generated. And then, executing the same encryption process on the registration data according to the first random mapping and the first preset rule to generate a standard key, further verifying whether the authentication key carried in the authentication data is the same as the generated standard key, and if so, indicating that the authentication is successful.
In another example embodiment of the present disclosure, there is also provided an authentication method based on random mapping, and the execution subject may be a server for authentication. For example, when a user accesses a resource requiring authorization, authentication can be performed according to the authentication key to determine whether the user has rights to access the resource. Referring to fig. 4, the authentication method based on random mapping includes steps S21 to S26, which are described in detail below:
s21, responding to the user to send authentication data, and acquiring random salt information corresponding to the registration data; wherein the authentication data includes registration data and an authentication key.
In one example embodiment of the present disclosure, the registration data includes a user identification and an authorization object identification. The user identifier corresponds to a unique user and can be a user id, a user name and the like; the authorization object corresponds to a unique accessible resource or group of accessible resources, which may be a resource code, a resource label, or the like.
In an example embodiment of the present disclosure, the random salt information includes a time stamp corresponding to the random salt or the registration data. The random salt information may be used to generate a random salt for registration from the random salt information, and thus the random salt information may be a random salt used for registration directly or may be information used to generate a random salt for registration in addition to registration data. For example, when the random salt is randomly generated in a number, a character, a special character, the random salt may be directly used as the random salt information; for another example, when the random salt information is generated by encrypting the time stamp with the registration information, the time stamp may be used as the random salt information.
S22, reproducing random salt based on the random salt information, and generating a first random mapping according to the random salt.
In one example embodiment of the present disclosure, if the random salt information is a time stamp corresponding to registration data, reproducing the random salt based on the random salt information includes: and extracting a time stamp corresponding to the registration data in the random salt information, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as the random salt corresponding to the registration data.
In an example embodiment of the present disclosure, the second preset rule refers to a rule of registering a combination of data and timestamp generation. The second preset rule may be that any two data are extracted from the user data, the authorized object data and the time stamp to be sequentially combined, for example, the user data and the time stamp are combined into a random character string; the second preset rule may be a combination sequence of the user data, the authorized object data, and the time stamp, for example, the three are combined into a random character string according to the sequence of the time stamp, the user data, and the authorized object data.
Further, after encrypting the random string according to the second preset hash algorithm, the encrypted string may be further encrypted according to the second random mapping, so as to configure the finally obtained encrypted string as a random salt corresponding to the registration data. The second preset hash algorithm can be one or a combination of a plurality of hash algorithms such as MD5 algorithm, SHA1 algorithm and the like; the second random mapping includes: performing character conversion according to a second preset hash algorithm to generate a byte array; and mapping the byte array by taking the encrypted character string as a mapping rule.
For example, after the random string formed by combining the two data according to the time stamp and the user data is "reach 036", it is encrypted according to the MD5 algorithm to obtain an encrypted byte array of "4270076ae5ac7d75ebe957122df8b6de", at this time, the encrypted byte array may be re-encrypted according to the second random mapping, that is, re-encrypted according to the MD5 algorithm to obtain "2b1a0f56b e70605c6d502eca781fadd", and since the byte array obtained by the MD5 algorithm is a byte array of 16 system, the first 16 bits of the encrypted byte array "4270076ae5ac7d75ebe957122df8b6de" obtained in the first step is used as a mapping rule, and the encrypted byte array "2b1a0f56 e70605c6d502eca781fadd" obtained according to the second MD5 algorithm is mapped.
Optionally, when the encrypted string is re-encrypted according to the second random mapping, the number of re-encryption may be set manually, or may be generated automatically according to the registration data and the timestamp, for example, the number of re-encryption may be the smallest number of digits in the number of digits of the registration data and the timestamp, or the sum of the numbers of digits of the registration data and the timestamp may be the number of re-encryption.
For the scheme of reproducing random salts described above, the embodiments of the present disclosure provide the following 2 specific examples:
example 1:
firstly, acquiring random salt information corresponding to registration data, and performing instant stamping;
and secondly, selecting two data construction character strings according to the sequence of the user identifier, the authorized object identifier and the time stamp, wherein the two data construction character strings are the user identifier, the authorized object identifier, the time stamp and the time stamp, respectively.
And secondly, carrying out MD5 encryption on the three groups of character strings to respectively obtain a byte array 1, a byte array 2 and a byte array 3.
Third, 3 byte arrays are combined into 1 byte array according to the sequence of byte array 1, byte array 2 and byte array 3.
And fourthly, carrying out MD5 encryption on the 1-byte array obtained in the third step to obtain random salt.
Example 2:
the resulting random salt was noted as the initial random salt on the basis of example 1.
The method comprises the steps of firstly, calculating the bit number of three groups of data of a user identifier, an authorized object identifier and a timestamp and configuring the bit number as encryption times; or custom encryption times.
And secondly, generating a first random mapping according to the initial random salt, and encrypting the initial random salt according to the first random mapping, wherein the encryption times are the encryption times configured in the first step.
In an example embodiment of the present disclosure, the random salt is a string of a preset number of bits extracted from numbers, characters, and special characters without being put back, wherein the preset number of bits may be set according to attributes of the user string and the authorization object string. For example, when the user character string and the authorized object character string are 16-system character strings, the preset number of bits of the random salt is 16; for another example, when the user string and the authorization object string are 2-level strings, the preset number of bits of the random salt is 2.
Further, the number, character and kind and proportion of special character in the random salt are configured according to a third preset rule. The third preset rule may be a predefined character type and proportion, for example, a predefined rule may be used to extract random salt from the numbers and characters, and the proportion of the numbers and characters may be set to be 50% and 50%, and the proportion of the special characters may be set to be 0%; the third preset rule may be set according to the specific bit characters of the user character string and the authorization object character string, for example, in the user character string and the authorization object character string converted by the MD5 algorithm, when the 2 nd bit characters are 5 and e respectively, the ratio of the number, the character, and the special character may be set to 5%,14%, and 81%.
S23, encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key.
In an example embodiment of the present disclosure, the registration data includes a user identifier and an authorization object identifier, so that encrypting the registration data according to the first random mapping is to encrypt the user identifier and the authorization object identifier separately, and thus, the corresponding obtained registration data primary key includes a user primary key and an authorization object primary key.
In an example embodiment of the present disclosure, referring to fig. 5, the first random mapping includes the steps of:
s231, performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number;
s232, mapping the byte array by taking the random salt as a mapping rule.
In an example embodiment of the present disclosure, the first preset hash algorithm may be a combination of one or more of a MD5 algorithm, a SHA1 algorithm, and the like. For example, if the first preset hash algorithm is the MD5 algorithm, the user identifier "reach" may be converted into the byte array "889560d93572d538078ce1578567b91a" according to the MD5 algorithm; for another example, if the first preset hash algorithm is MD5 and SHA1, the MD5 algorithm may be used to convert the user identifier "reach" into the byte array "889560d93572d538078ce1578567b91a", and then the SHA1 algorithm may be used to convert the byte array into the byte array "37d7c0810167de283d94fb6d5218e8806eeb c85" corresponding to SHA1 algorithm.
Specifically, the registration data is encrypted according to the first random mapping, and then the registration data is converted according to a first preset hash algorithm to generate a byte array with a specific bit number, and then the random salt reproduced in step S22 is used as a mapping rule to map the byte array to generate a preliminary key. For example, when the MD5 algorithm converts the user identifier "reach" into a 32-bit string "889560d93572d538078ce1578567b91a" in 16 system, if the correspondence between the original character and the random salt is shown in table 1, the string "889560d93572d538078ce1578567b91a" corresponding to the user identifier "reach" can generate the user preliminary key "×l98| with the random salt as the mapping rule! 4l 9 mf49! M3F 9M 98MzLFe "; for another example, the original characters 0, 1, 2, and 3 correspond to the random salts t, G, 8, respectively, and then the byte array "2013" converted according to the MD5 algorithm may be mapped to "8 tG.
S24, combining the random salt and the registration data primary key into a secondary key according to a first preset rule.
In an example embodiment of the present disclosure, the first preset rule may be a combination order of the random salt, the user preliminary key, the authorized object preliminary key, and the random salt, for example, the three are combined into the secondary key in the order of the random salt, the user preliminary key, and the authorized object preliminary key. For example, the random salt is "+|! Fb }. Times.98M. Lezo43+ ", the user preliminary key is" peach "converted". Times.L98-! 4l 9 mf49! M.3F9M98 MzLFe ", authorization object preliminary key is" 1F3870be274F6c49b3e31a0c6728957F ", three sets of byte arrays are combined into a secondary key" correspondingto the order of random salt, user preliminary key, authorization object preliminary key "-! Fb }. Times.98M. Lezo 43-! L + & lt 98 & gt-! 4l 9 mf49! M3F 9M 98MzLFe1F3870be274F6c49b3e31a0c 6728957F).
S25, encrypting the secondary key according to the first random mapping so as to acquire a standard key.
In an example embodiment of the present disclosure, the process of encrypting the secondary key according to the first random mapping is the same as the process of encrypting the registration data described above, that is, the secondary key is converted according to a first preset hash algorithm to generate a byte array with a specific number of bits, and then the byte array is mapped to generate a standard key by using the random salt reproduced in step S22 as a mapping rule. For example, the second-level key generated in step S24 is converted according to the MD5 algorithm to generate a 32-bit byte array "3c2baa03f9f81f72999173358a26a91b", and the byte array is mapped with the random salt in table 1 to generate a corresponding standard key "} obzee-! } +l+f+mflllfm } }9 x eb8 etfz).
And S26, if the authentication key is the same as the standard key, judging that the authentication is successful.
In an example embodiment of the present disclosure, if the authentication key in the authentication data is the same as the standard key, it may be determined that the authentication is successful. Because the random salt used for generating the standard key and the encryption rule are consistent with the process of generating the authentication key during registration in the authentication process, when the standard key is identical with the authentication key, the user sending authentication data can be judged to be successfully authenticated at the moment.
In an example embodiment of the present disclosure, before authentication according to the above method, an authentication key is also required to be generated at the time of registration, packaged with registration data into authentication data, and transmitted to a server at the time of authentication. Wherein, the authentication key is generated based on the registration data, referring to fig. 6, the method for generating the authentication key includes:
s31, responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt;
s32, encrypting the registration data according to the first random mapping to obtain a corresponding registration data primary key;
s33, combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
s34, encrypting the secondary key according to the first random mapping so as to acquire an authentication key and returning the authentication key.
In an example embodiment of the present disclosure, before a user performs authentication, registration is required for an authorized object, and a server generates an authentication key corresponding to the registration data according to registration data, the obtained corresponding random salt, the corresponding first random mapping and the first preset rule during registration, so that when the user needs to access the authorized object, a standard key is reproduced according to the registration data in the authentication data, and when the authentication key is identical to the standard key, it can be stated that the used registration data, random salt, first random mapping and first preset rule are identical, and it is proved that the user is really registered for the authorized object, thereby obtaining a successful authentication result.
It is noted that the above-described figures are merely schematic illustrations of processes involved in a method according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
Furthermore, in an exemplary embodiment of the present disclosure, a registration apparatus based on random mapping is also provided. Referring to fig. 7, the random mapping-based registration apparatus 700 includes: a data generation module 710, a first encryption module 720, a first combination module 730, and a second encryption module 740. Wherein:
the data generating module 710 may be configured to obtain a random salt corresponding to registration data in response to the user sending the registration data, and generate a corresponding first random map according to the random salt; wherein the registration data includes a user identification and an authorization object identification.
The first encryption module 720 may be configured to encrypt the registration data according to the first random mapping, so as to obtain a corresponding registration data primary key; wherein the registration data preliminary key includes a user preliminary key and an authorization object preliminary key.
The first combining module 730 may be configured to combine the random salt and the registration data primary key into a secondary key according to a first preset rule.
The second encryption module 740 may be configured to encrypt the secondary key according to the first random mapping to obtain an authentication key and return the authentication key.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the first encryption module 720 may be configured to perform character conversion according to a first preset hash algorithm to generate a byte array with a specific number of bits; and mapping the byte array by taking the random salt as a mapping rule.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data generating module 710 may be configured to configure a random salt generated randomly as a random salt corresponding to the registration data; or mapping the registration data to a group of random salts in a preset random salt table, and configuring the random salts as random salts corresponding to the registration data; or extracting a time stamp corresponding to the registration data in the system log, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as a random salt corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data generation module 710 may be configured to re-encrypt the encrypted string according to the second random mapping.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data generating module 710 may be configured to perform character conversion according to a second preset hash algorithm to generate a byte array; and mapping the byte array by taking the encrypted character string as a mapping rule.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data generating module 710 may be configured to store the registration data corresponding to random salt information for generating the random salt; wherein the random salt information comprises a random salt or a timestamp corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data generation module 710 may be configured to compare the random salt information with historical random salt information; and if the random salt information is the same as the historical random salt information, re-acquiring the random salt corresponding to the registration data.
In one exemplary embodiment of the present disclosure, based on the foregoing scheme, the data generation module 710 may be configured to obtain random salt information corresponding to registration data in response to a user transmitting authentication data; the authentication data comprises registration data and an authentication key, wherein the registration data comprises a user identifier and an authorized object identifier; reproducing random salt based on the random salt information, and generating a first random map from the random salt; encrypting the registration data according to the first random mapping and the first preset rule to acquire a standard key; and if the authentication key is the same as the standard key, the authentication is successful.
In an exemplary embodiment of the present disclosure, an authentication apparatus based on random mapping is also provided. Referring to fig. 8, the authentication apparatus 800 based on random mapping includes: a data acquisition module 810, a data reproduction module 820, a third encryption module 830, and a second combination module 840, a fourth encryption module 850, a data authentication module 860. Wherein:
the data acquisition module 810 may be configured to acquire random salt information corresponding to registration data in response to the user transmitting authentication data; wherein the authentication data comprises registration data and an authentication key, and the registration data comprises a user identifier and an authorization object identifier.
The data reproduction module 820 may be configured to reproduce a random salt based on the random salt information and generate a first random map from the random salt.
The third encryption module 830 may be configured to encrypt the registration data according to the first random mapping to obtain a corresponding registration data primary key; wherein the registration data preliminary key includes a user preliminary key and an authorization object preliminary key.
The second combining module 840 may be configured to combine the random salt and the registration data primary key into a secondary key according to a first preset rule.
The fourth encryption module 850 may be configured to encrypt the secondary key according to the first random mapping to obtain a standard key.
The data authentication module 860 is configured to determine that authentication is successful when the authentication key is the same as the standard key.
In an exemplary embodiment of the disclosure, based on the foregoing scheme, the data reproduction module 820 may be configured to extract a timestamp corresponding to the registration data in the random salt information, combine the registration data and the timestamp into a random string according to a second preset rule, encrypt the random string according to a second preset hash algorithm, and configure the encrypted string as a random salt corresponding to the registration data.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data reproduction module 820 may be configured to re-encrypt the encrypted string according to the second random mapping.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data reproduction module 820 may be configured to perform character conversion according to a second preset hash algorithm to generate a byte array; and mapping the byte array by taking the encrypted character string as a mapping rule.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the third encryption module 830 may be configured to perform character conversion according to a first preset hash algorithm to generate a byte array with a specific number of bits; and mapping the byte array by taking the random salt as a mapping rule.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the data obtaining module 810 may be configured to obtain, in response to a user sending registration data, a random salt corresponding to the registration data, and generate a corresponding first random map according to the random salt; wherein the registration data comprises a user identifier and an authorized object identifier; encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key; the registration data primary key comprises a user primary key and an authorized object primary key; combining the random salt and the registration data primary key into a secondary key according to a first preset rule; and encrypting the secondary key according to the first random mapping to acquire an authentication key and returning the authentication key.
Since the respective functional modules of the random mapping-based registration apparatus and the random mapping-based authentication apparatus of the exemplary embodiments of the present disclosure correspond to the steps of the above-described random mapping-based registration method and the exemplary embodiments of the random mapping-based authentication method, for details not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the random mapping-based registration method and the random mapping-based authentication method described in the present disclosure.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
In addition, in an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above-described random mapping-based registration method or random mapping-based authentication method is also provided.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 900 according to such an embodiment of the present disclosure is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one storage unit 920, a bus 930 connecting the different system components (including the storage unit 920 and the processing unit 910), and a display unit 940.
Wherein the storage unit stores program code that is executable by the processing unit 910 such that the processing unit 910 performs steps according to various exemplary embodiments of the present disclosure described in the above-described "exemplary methods" section of the present specification. For example, the processing unit 910 may perform step S11 as shown in fig. 1: responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt; s12: encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key; s13: combining the random salt and the registration data primary key into a secondary key according to a first preset rule; s14: and encrypting the secondary key according to the first random mapping to acquire an authentication key and returning the authentication key.
The storage unit 920 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 921 and/or cache memory 922, and may further include Read Only Memory (ROM) 923.
The storage unit 920 may also include a program/utility 924 having a set (at least one) of program modules 925, such program modules 925 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
The bus 930 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 900 may also communicate with one or more external devices 970 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 900, and/or any device (e.g., router, modem, etc.) that enables the electronic device 900 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 950. Also, electronic device 900 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 960. As shown, the network adapter 960 communicates with other modules of the electronic device 900 over the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 900, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the present disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.
Referring to fig. 10, a program product 1000 for implementing the above-described method according to an embodiment of the present disclosure is described, which may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
Furthermore, the above-described figures are only schematic illustrations of processes included in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (21)

1. A random mapping-based registration method, comprising:
Responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt; the first random mapping includes: performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number; mapping the byte array by taking the random salt as a mapping rule;
encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key;
combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
and encrypting the secondary key according to the first random mapping to acquire an authentication key and returning the authentication key.
2. The method according to claim 1, wherein the obtaining the random salt corresponding to the registration data includes:
configuring random salt generated randomly as random salt corresponding to the registration data; or alternatively
Mapping the registration data to a group of random salts in a preset random salt table, and configuring the random salts as random salts corresponding to the registration data; or alternatively
And extracting a time stamp corresponding to the registration data in the system log, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as random salt corresponding to the registration data.
3. The method of claim 2, wherein after encrypting the random string according to a second predetermined hash algorithm, the method further comprises:
and re-encrypting the encrypted character string according to the second random mapping.
4. A method according to claim 3, wherein the second random mapping comprises:
performing character conversion according to a second preset hash algorithm to generate a byte array;
and mapping the byte array by taking the encrypted character string as a mapping rule.
5. The method of claim 2, wherein after the obtaining of the random salt corresponding to the registration data, the method further comprises:
storing the registration data in correspondence with random salt information for generating the random salt; wherein the random salt information comprises a random salt or a timestamp corresponding to the registration data.
6. The method of claim 5, wherein after storing the registration data corresponding to the random salt information that generated the random salt, the method further comprises:
comparing the random salt information with historical random salt information for duplicate checking;
and if the random salt information is the same as the historical random salt information, re-acquiring the random salt corresponding to the registration data.
7. The method of claim 5, wherein the method further comprises:
acquiring random salt information corresponding to the registration data in response to the user transmitting authentication data; wherein the authentication data includes registration data and an authentication key;
reproducing random salt based on the random salt information, and generating a first random map from the random salt;
encrypting the registration data according to the first random mapping and the first preset rule to acquire a standard key;
and if the authentication key is the same as the standard key, the authentication is successful.
8. The method of claim 1, wherein the random salt is a string of predetermined number of bits extracted from digits, characters, and special characters not put back.
9. The method of claim 8, wherein the number, character, and type and ratio of special characters in the random salt are configured according to a third preset rule.
10. An authentication method based on random mapping, comprising:
acquiring random salt information corresponding to the registration data in response to the user transmitting authentication data; wherein the authentication data includes registration data and an authentication key;
Reproducing random salt based on the random salt information, and generating a first random map from the random salt; the first random mapping includes: performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number; mapping the byte array by taking the random salt as a mapping rule;
encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key;
combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
encrypting the secondary key according to the first random mapping to obtain a standard key;
and if the authentication key is the same as the standard key, judging that the authentication is successful.
11. The method of claim 10, wherein the random salt information comprises a timestamp corresponding to the random salt or the registration data;
if the random salt information includes a timestamp corresponding to the registration data, reproducing the random salt based on the random salt information, including:
and extracting a time stamp corresponding to the registration data in the random salt information, combining the registration data and the time stamp into a random character string according to a second preset rule, encrypting the random character string according to a second preset hash algorithm, and configuring the encrypted character string as the random salt corresponding to the registration data.
12. The method of claim 11, wherein after encrypting the random string according to the second predetermined hash algorithm, the method further comprises:
and re-encrypting the encrypted character string according to the second random mapping.
13. The method of claim 12, wherein the step of according to the second random mapping comprises:
performing character conversion according to a second preset hash algorithm to generate a byte array;
and mapping the byte array by taking the encrypted character string as a mapping rule.
14. The method of claim 10, wherein the first random mapping comprises:
performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number;
and mapping the byte array by taking the random salt as a mapping rule.
15. The method of claim 10, wherein the authentication key is generated based on the registration data;
the method further comprises the steps of:
responding to user sending registration data, obtaining random salt corresponding to the registration data, and generating a corresponding first random mapping according to the random salt;
encrypting the registration data according to the first random mapping to obtain a corresponding registration data preliminary key;
Combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
and encrypting the secondary key according to the first random mapping to acquire an authentication key and returning the authentication key.
16. The method of claim 10, wherein the random salt is a string of predetermined number of bits extracted from digits, characters, and special characters not put back.
17. The method of claim 16, wherein the number, character, and type and ratio of special characters in the random salt are configured according to a third preset rule.
18. A random mapping-based registration apparatus, comprising:
the data generation module is used for responding to the user to send registration data, obtaining random salt corresponding to the registration data and generating a corresponding first random mapping according to the random salt; the first random mapping includes: performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number; mapping the byte array by taking the random salt as a mapping rule;
the first encryption module is used for encrypting the registration data according to the first random mapping so as to obtain a corresponding registration data preliminary key;
The first combination module is used for combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
and the second encryption module is used for encrypting the secondary key according to the first random mapping so as to acquire an authentication key and returning the authentication key.
19. An authentication apparatus based on random mapping, comprising:
the data acquisition module is used for responding to the authentication data sent by the user and acquiring random salt information corresponding to the registration data; wherein the authentication data includes registration data and an authentication key;
the data reproduction module is used for reproducing the random salt based on the random salt information and generating a first random mapping according to the random salt; the first random mapping includes: performing character conversion according to a first preset hash algorithm to generate a byte array with a specific bit number; mapping the byte array by taking the random salt as a mapping rule;
the third encryption module is used for encrypting the registration data according to the first random mapping so as to obtain a corresponding registration data preliminary key;
the second combination module is used for combining the random salt and the registration data primary key into a secondary key according to a first preset rule;
The fourth encryption module is used for encrypting the secondary key according to the first random mapping so as to acquire a standard key;
and the data authentication module is used for judging that the authentication is successful when the authentication key is the same as the standard key.
20. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 9; or the program when executed by a processor performs the steps of the method according to any one of claims 10 to 17.
21. An electronic device, comprising:
a processor; and
a memory for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the steps of the method of any of claims 1 to 9; or which, when executed by the one or more processors, cause the one or more processors to implement the steps of the method of any of claims 10 to 17.
CN201910335403.4A 2019-04-24 2019-04-24 Registration and authentication method and device based on random mapping, medium and electronic equipment Active CN111865869B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910335403.4A CN111865869B (en) 2019-04-24 2019-04-24 Registration and authentication method and device based on random mapping, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910335403.4A CN111865869B (en) 2019-04-24 2019-04-24 Registration and authentication method and device based on random mapping, medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN111865869A CN111865869A (en) 2020-10-30
CN111865869B true CN111865869B (en) 2023-08-08

Family

ID=72952175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910335403.4A Active CN111865869B (en) 2019-04-24 2019-04-24 Registration and authentication method and device based on random mapping, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN111865869B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113792314B (en) * 2021-09-17 2024-11-22 北京中网易企秀科技有限公司 A secure access method, device and system
CN114615054B (en) * 2022-03-09 2023-12-15 四川中电启明星信息技术有限公司 Dynamic encryption transmission method based on code table
CN115766115B (en) * 2022-10-28 2024-09-13 支付宝(杭州)信息技术有限公司 Identity verification method and device, storage medium and electronic equipment
CN116760546B (en) * 2023-08-18 2023-10-31 湖南省通信建设有限公司 Modularized password service method based on cloud environment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102460404A (en) * 2009-06-01 2012-05-16 起元技术有限责任公司 Generating obfuscated data
CN104468579A (en) * 2014-12-10 2015-03-25 北京众享比特科技有限公司 Authentication system suitable for distributed storage
CN106656476A (en) * 2017-01-18 2017-05-10 腾讯科技(深圳)有限公司 Password protecting method and device
WO2018024056A1 (en) * 2016-08-05 2018-02-08 华为技术有限公司 User password management method and server
CN107733656A (en) * 2017-10-23 2018-02-23 北京深思数盾科技股份有限公司 A kind of cipher authentication method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7841000B2 (en) * 2006-10-16 2010-11-23 Lenovo (Singapore) Pte. Ltd. Authentication password storage method and generation method, user authentication method, and computer
US9253199B2 (en) * 2010-09-09 2016-02-02 Red Hat, Inc. Verifying authenticity of a sender of an electronic message sent to a recipient using message salt
US8997197B2 (en) * 2012-12-12 2015-03-31 Citrix Systems, Inc. Encryption-based data access management

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102460404A (en) * 2009-06-01 2012-05-16 起元技术有限责任公司 Generating obfuscated data
CN104468579A (en) * 2014-12-10 2015-03-25 北京众享比特科技有限公司 Authentication system suitable for distributed storage
WO2018024056A1 (en) * 2016-08-05 2018-02-08 华为技术有限公司 User password management method and server
CN106656476A (en) * 2017-01-18 2017-05-10 腾讯科技(深圳)有限公司 Password protecting method and device
CN107733656A (en) * 2017-10-23 2018-02-23 北京深思数盾科技股份有限公司 A kind of cipher authentication method and device

Also Published As

Publication number Publication date
CN111865869A (en) 2020-10-30

Similar Documents

Publication Publication Date Title
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
CN110061846B (en) Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain
CN110414268B (en) Access control method, device, equipment and storage medium
CN111865869B (en) Registration and authentication method and device based on random mapping, medium and electronic equipment
US8694467B2 (en) Random number based data integrity verification method and system for distributed cloud storage
CN112131316B (en) Data processing method and device applied to block chain system
US9219722B2 (en) Unclonable ID based chip-to-chip communication
US20120254622A1 (en) Secure Access to Electronic Devices
US9769654B2 (en) Method of implementing a right over a content
CN109450633B (en) Information encryption transmission method and device, electronic equipment and storage medium
CN110177099B (en) Data exchange method, transmitting terminal and medium based on asymmetric encryption technology
CN109657492B (en) Database management method, medium, and electronic device
US11943345B2 (en) Key management method and related device
CN111131278A (en) Data processing method and device, computer storage medium and electronic equipment
CN110084599B (en) Key processing method, device, equipment and storage medium
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
WO2018186543A1 (en) Data encryption method and system using device authentication key
CN117220865A (en) Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium
CN111814166B (en) Data encryption method and device and electronic equipment
CN117807567A (en) Software function authorization method and device
KR20200080011A (en) System and method for distributing and storing data
CN115086428B (en) Network request sending method and device and electronic equipment
CN116010909A (en) Encryption device processing method, data processing method, device, equipment and medium
CN111832042B (en) An apartment student data security management method and device
CN113821805B (en) Data encryption method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant