Summary of the invention
Main purpose of the present invention is that the behavior of avoiding rubbing net occurs, and reduces the cost of authenticating device.
For achieving the above object, the method for a kind of network access authentication provided by the invention, the method for described network access authentication comprises the following steps:
Password generates equipment and generates authentication password according to cryptographic seed, current sequence number and the current time preset;
Authenticating device receives the described authentication password of user's input, authentication password according to the verification cryptographic check preset;
When described authentication password verification succeeds, network access authentication success, authenticating device is by user access network.
Preferably, described current sequence number is password generation equipment is the queue that user generates; Described current time is the preset range of current point in time.
Preferably, the step that described password generation equipment generates authentication password according to cryptographic seed, current sequence number and the current time preset comprises:
Password generates equipment according to the cryptographic seed preset, the value of current sequence number produced for active user and current time, generation identification sequences;
Password generates equipment and is encrypted the described identification sequences generated, and obtains numerical value corresponding to authentication password number, as authentication password in identification sequences after encryption.
Preferably, receive the described authentication password of user's input at described authenticating device, according to the verification cryptographic check preset authentication password step before, the method for described network access authentication also comprises step:
Authenticating device generates the verification password for verifying described authentication password according to described default cryptographic seed, current sequence number and current time.
Preferably, receive the described authentication password of user's input at described authenticating device, according to the verification cryptographic check preset authentication password step after, the method for described network access authentication also comprises step:
When described authentication password verifies unsuccessfully, described current time is reduced a chronomere by authenticating device, and generates new verification password according to the current time after reducing;
Authenticating device is authentication password according to described verification cryptographic check newly, to the term of validity reaching described authentication password.
In addition, for achieving the above object, the present invention also provides a kind of system of network access authentication, and the system of described network access authentication comprises password and generates equipment and authenticating device, wherein:
Described password generates equipment, for generating authentication password according to cryptographic seed, current sequence number and the current time preset;
Described authenticating device, for receiving the described authentication password of user's input, authentication password according to the verification cryptographic check preset; When described authentication password verification succeeds, network access authentication success, authenticating device is by user access network.
Preferably, described current sequence number is password generation equipment is the queue that user generates; Described current time is the preset range of current point in time.
Preferably, described password generate equipment specifically for:
According to the cryptographic seed preset, the value of current sequence number produced for active user and current time, generate identification sequences;
The described identification sequences generated is encrypted, and obtains numerical value corresponding to authentication password number, as authentication password in identification sequences after encryption.
Preferably, described authenticating device also for:
The verification password for verifying described authentication password is generated according to described default cryptographic seed, current sequence number and current time.
Preferably, described authenticating device also for:
When described authentication password verifies unsuccessfully, described current time is reduced a chronomere, and generate new verification password according to the current time after reducing;
Authentication password according to described verification cryptographic check newly, to the term of validity reaching described authentication password.
The present invention generates equipment by password and generates authentication password according to cryptographic seed, current sequence number and the current time preset, after the authentication password and current sequence number of authenticating device reception user input, according to the verification cryptographic check authentication password preset, when authentication password verification succeeds, network access authentication success, authenticating device is by user access network.Because authentication password and current sequence number produce simultaneously, the user namely only having queuing just can access authentication password, thus the behavior of rubbing net can be avoided to occur; Further, without the need to using the mode of note to carry out certification, can not expense be produced, thus reduce the cost of authenticating device.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The invention provides a kind of method of network access authentication.
In the method for the network access authentication that the present embodiment provides, password generates between equipment and authenticating device without any mutual and communication connection.Wherein, password generate equipment can for queue machine or other can produce the equipment of authentication password, user can obtain its authentication password produced, authenticating device can be network log-in management equipment etc. can carry out certification equipment to authentication password, authentication password is inputed to authenticating device, the verification cryptographic verification authentication password that authenticating device just can generate according to it after getting the authentication password of password generation equipment generation by user, verification succeeds then certification is passed through, and user can be accessed by network.
With reference to the schematic flow sheet that Fig. 1, Fig. 1 are method first embodiment of network access authentication of the present invention.
In one embodiment, the method for this network access authentication comprises:
Step S10, password generates equipment and generates authentication password according to cryptographic seed, current sequence number and the current time preset;
When user asks password to generate equipment formation sequence, password generates equipment and generates authentication password according to cryptographic seed, the current sequence number produced and the current time preset, and this authentication password is used for the request password as access network.Wherein, cryptographic seed is implanted in starting at queue machine; Current sequence number is password generation equipment is the queue that user generates; Current time is the preset range of current point in time, as chronomere is set to 2 minutes, and current point in time is 8 points, then the preset range of current point in time is 8 o'clock to 8: 2, now, any one time point between current time is from 8 o'clock to 8: 2, was next current time from 8: 3.
Step S20, authenticating device receives authentication password and the current sequence number of user's input, according to the verification cryptographic check authentication password preset;
Step S30, when authentication password verification succeeds, network access authentication success, authenticating device is by user access network.
After user gets the authentication password of password generation equipment generation, open any browser is surfed the Net, and authenticating device is redirected to the network access authentication page, and authentication password and current sequence number can input in authenticating device to carry out network access authentication by user.Authenticating device receives the authentication password of user's input, and according to the verification cryptographic check authentication password preset, namely whether Inspection password is consistent with authentication password, as unanimously, then and verification succeeds, namely successfully, authenticating device is by user access network for network access authentication; As verified password and authentication password is inconsistent, then check failure.
The present embodiment generates equipment by password and generates authentication password according to cryptographic seed, current sequence number and the current time preset, after the authentication password and current sequence number of authenticating device reception user input, according to the verification cryptographic check authentication password preset, when authentication password verification succeeds, network access authentication success, authenticating device is by user access network.Because authentication password and current sequence number produce simultaneously, the user namely only having queuing just can access authentication password, thus the behavior of rubbing net can be avoided to occur; Further, without the need to using the mode of note to carry out certification, can not expense be produced, thus reduce the cost of authenticating device.
It is the refinement schematic flow sheet of the step of password generation equipment generation authentication password in Fig. 1 with reference to Fig. 2, Fig. 2.
In the above-described embodiments, step S10 specifically comprises:
Step S11, password generates equipment according to the cryptographic seed preset, the value of current sequence number produced for active user and current time, generation identification sequences;
When user asks password to generate equipment formation sequence, password generates equipment according to default cryptographic seed, the value of current sequence number produced for active user and current time, generate an identification sequences, this identification sequences can be the simple character string of being spliced by the value of cryptographic seed current sequence number and current time, also can generate a particular sequence by additive method.
Step S12, password generates equipment and is encrypted the identification sequences generated, and obtains numerical value corresponding to authentication password number, as authentication password in identification sequences after encryption.
Password generates equipment and is encrypted the identification sequences generated, the present embodiment can adopt the mode of md5 encryption to be encrypted identification sequences, numerical value corresponding to the number of the authentication password then required for access network, the figure place identical with this numerical value is obtained in identification sequences after encryption, as authentication password, number as authentication password is 4 or 6, then obtain 4 or 6 place values in identification sequences after encryption, using the authentication password of the numerical value of got corresponding figure place as active user's access network.In the present embodiment, this authentication password has the term of validity, and namely in this term of validity, authentication password is just effective, when exceeding the term of validity then authentication password inefficacy.
When user asks password to generate equipment formation sequence, password generates equipment according to default cryptographic seed, the value of current sequence number produced for active user and current time, generate identification sequences, the identification sequences generated is encrypted, and obtain numerical value corresponding to authentication password number in identification sequences after encryption, as authentication password, thus provide the foundation for the certification of internet behavior.
With reference to the schematic flow sheet that Fig. 3, Fig. 3 are method second embodiment of network access authentication of the present invention.
On the basis of method first embodiment of above-mentioned network access authentication, before performing step S20, the method also comprises:
Step S40, authenticating device generates the verification password for verifying authentication password according to cryptographic seed, current sequence number and the current time preset.
Before authenticating device verification authentication password, the cryptographic seed the same with cryptographic seed in password generation equipment is have input in advance in authenticating device, authenticating device is according to this cryptographic seed, current sequence number and current time, employing generates equipment with password and generates the same algorithm of authentication password, generate the verification password for verifying authentication password, this verification password, for verifying authentication password, namely for itself and authentication password being compared, determines that whether authentication password is correct.
Before authenticating device verification authentication password, authenticating device generates the verification password for verifying authentication password according to cryptographic seed, current sequence number and the current time preset, to facilitate, authentication password is verified, thus ensure that the cost that can reduce authenticating device.
With reference to the schematic flow sheet that Fig. 4, Fig. 4 are method the 3rd embodiment of network access authentication of the present invention.
On the basis of method first and second embodiment of above-mentioned network access authentication, after performing step S20, the method also comprises:
Step S50, when authentication password verifies unsuccessfully, current time is reduced a chronomere by authenticating device, and generates new verification password according to the current time after reducing;
Step S60, authenticating device according to new verification cryptographic check authentication password, to the term of validity reaching authentication password.
When authenticating device is according to verification cryptographic check authentication password, as authentication password is inconsistent with verification password, when namely verifying unsuccessfully, may authentication password be then that previous current time produced, therefore, current time is reduced a chronomere by authenticating device, and generate new verification password according to the current time after reducing, then new according to this verification password verifies authentication password again, as authentication password still verifies failure, then continue temporally unit and reduce current time, and according to the new verification cryptographic check authentication password generated, be circulated to the term of validity reaching authentication password always, as still unsuccessful in authentication password verification, then this time network access authentication failure.
When authentication password verifies unsuccessfully, current time is reduced a chronomere by authenticating device, and generate new verification password according to the current time after reducing, according to new verification cryptographic check authentication password, to the term of validity reaching authentication password, generate new verification password respectively according to each time before current time, authentication password is verified, thus ensure that the accuracy that authentication password verifies.
The present invention further provides a kind of system of network access authentication.
With reference to the high-level schematic functional block diagram that Fig. 5, Fig. 5 are system first embodiment of network access authentication of the present invention.
In one embodiment, the system of this network access authentication comprises password and generates equipment 10 and authenticating device 20, wherein:
Password generates equipment 10, for generating authentication password according to cryptographic seed, current sequence number and the current time preset;
Authenticating device 20, for receiving the authentication password of user's input, according to the verification cryptographic check authentication password preset; When authentication password verification succeeds, network access authentication success, authenticating device is by user access network.
When user asks password to generate equipment 10 formation sequence, password generates equipment 10 and generates authentication password according to cryptographic seed, the current sequence number produced and the current time preset, and this authentication password is used for the request password as access network.Wherein, cryptographic seed is implanted in starting at queue machine; Current sequence number is password generation equipment is the queue that user generates; Current time is the preset range of current point in time, as chronomere is set to 2 minutes, and current point in time is 8 points, then the preset range of current point in time is 8 o'clock to 8: 2, now, any one time point between current time is from 8 o'clock to 8: 2, was next current time from 8: 3.
After user gets the authentication password of password generation equipment 10 generation, open any browser is surfed the Net, and authenticating device 20 is redirected to the network access authentication page, and authentication password and current sequence number can input in authenticating device 20 to carry out network access authentication by user.Authenticating device 20 receives the authentication password of user's input, and according to the verification cryptographic check authentication password preset, namely whether Inspection password is consistent with authentication password, as unanimously, then and verification succeeds, namely successfully, authenticating device 20 is by user access network for network access authentication; As verified password and authentication password is inconsistent, then check failure.
The present embodiment generates equipment by password and generates authentication password according to cryptographic seed, current sequence number and the current time preset, after the authentication password and current sequence number of authenticating device reception user input, according to the verification cryptographic check authentication password preset, when authentication password verification succeeds, network access authentication success, authenticating device is by user access network.Because authentication password and current sequence number produce simultaneously, the user namely only having queuing just can access authentication password, thus the behavior of rubbing net can be avoided to occur; Further, without the need to using the mode of note to carry out certification, can not expense be produced, thus reduce the cost of authenticating device.
In the above-described embodiments, password generate equipment 10 specifically for:
According to the cryptographic seed preset, the value of current sequence number produced for active user and current time, generate identification sequences;
The identification sequences generated is encrypted, and obtains numerical value corresponding to authentication password number, as authentication password in identification sequences after encryption.
When user asks password to generate equipment 10 formation sequence, password generates equipment 10 according to the cryptographic seed preset, the value of current sequence number produced for active user and current time, generate an identification sequences, this identification sequences can be the simple character string of being spliced by the value of cryptographic seed current sequence number and current time, also can generate a particular sequence by additive method.
Password generates equipment 10 and is encrypted the identification sequences generated, the present embodiment can adopt the mode of md5 encryption to be encrypted identification sequences, numerical value corresponding to the number of the authentication password then required for access network, the figure place identical with this numerical value is obtained in identification sequences after encryption, as authentication password, number as authentication password is 4 or 6, then obtain 4 or 6 place values in identification sequences after encryption, using the authentication password of the numerical value of got corresponding figure place as active user's access network.In the present embodiment, this authentication password has the term of validity, and namely in this term of validity, authentication password is just effective, when exceeding the term of validity then authentication password inefficacy.
When user asks password to generate equipment 10 formation sequence, password generates equipment 10 according to the cryptographic seed preset, the value of current sequence number produced for active user and current time, generate identification sequences, the identification sequences generated is encrypted, and obtain numerical value corresponding to authentication password number in identification sequences after encryption, as authentication password, thus provide the foundation for the certification of internet behavior.
Based on system first embodiment of network access authentication of the present invention, system second embodiment of network access authentication of the present invention is proposed.
In the present embodiment, authenticating device 20 also for:
The verification password for verifying authentication password is generated according to cryptographic seed, current sequence number and the current time preset.
Before authenticating device 20 verifies authentication password, have input in advance in authenticating device 20 and generate with password the cryptographic seed that in equipment 10, cryptographic seed is the same, authenticating device 20 is according to this cryptographic seed, current sequence number and current time, employing generates equipment 10 with password and generates the same algorithm of authentication password, generate the verification password for verifying authentication password, this verification password, for verifying authentication password, namely for itself and authentication password being compared, determines that whether authentication password is correct.
Before authenticating device 20 verifies authentication password, authenticating device 20 generates the verification password for verifying authentication password according to cryptographic seed, current sequence number and the current time preset, to facilitate, authentication password is verified, thus ensure that the cost that can reduce authenticating device 20.
Based on system first embodiment of network access authentication of the present invention, system the 3rd embodiment of network access authentication of the present invention is proposed.
In the present embodiment, authenticating device 20 also for:
When authentication password verifies unsuccessfully, current time is reduced a chronomere, and generate new verification password according to the current time after reducing;
According to new verification cryptographic check authentication password, to the term of validity reaching authentication password.
When authenticating device 20 is according to verification cryptographic check authentication password, as authentication password is inconsistent with verification password, when namely verifying unsuccessfully, may authentication password be then that previous current time produced, therefore, current time is reduced a chronomere by authenticating device 20, and generate new verification password according to the current time after reducing, then new according to this verification password verifies authentication password again, as authentication password still verifies failure, then continue temporally unit and reduce current time, and according to the new verification cryptographic check authentication password generated, be circulated to the term of validity reaching authentication password always, as still unsuccessful in authentication password verification, then this time network access authentication failure.
When authentication password verifies unsuccessfully, current time is reduced a chronomere by authenticating device 20, and generate new verification password according to the current time after reducing, according to new verification cryptographic check authentication password, to the term of validity reaching authentication password, generate new verification password respectively according to each time before current time, authentication password is verified, thus ensure that the accuracy that authentication password verifies.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.