Summary of the invention
For above-mentioned problems of the prior art, the object of this invention is to provide a kind of dynamic password formation method of anti-repudiation.For achieving the above object, technical scheme of the present invention realizes as follows:
A dynamic password formation method for anti-repudiation, is characterized in that, comprising:
S1 client acquisition time information and location information are also sent to server;
S2 client generates the first dynamic password according to temporal information and location information, is sent to server;
S3 server generates the second dynamic password according to temporal information and location information;
S4 server comparison first dynamic password and the second dynamic password, if identical, then comparison success.
Further preferably, client and server stores identical key and identical cryptographic algorithm.Client and server stores identical key, adopts identical symmetric encipherment algorithm to generate the first dynamic password and the second dynamic password respectively.Adopt symmetric encipherment algorithm object to be to release client temporal information this moment and location information by dynamic password is counter in the present invention, thus obtain client current time and position, accomplish to have good grounds, prevent from denying.
Further preferably, temporal information and location information comprise the ID of unique identification client, ID and key unique association.
Client of the present invention is by obtaining temporal information and the location information of client, and using the location information obtained and temporal information as generating the key element of dynamic password, participate in the generation of dynamic password in conjunction with key, make dynamic password have non-repudiation, improve the fail safe of dynamic password.
Further preferably, step S2 specifically comprises client employing cryptographic algorithm binding time information, location information and secret generating first dynamic password.
Further preferably, step S3 also comprises server and obtains the key of unique association according to the ID in instruction, and server adopts cryptographic algorithm dot information, temporal information and secret generating second dynamic password in combination.
Further preferably, the present invention also provides a kind of verifying dynamic password system of anti-repudiation, comprises client, locating module, time service module and server end;
Client comprises:
Data obtaining module, for obtaining location information to locating module, and to time service module acquisition time information;
First communication module, for transmission time information and location information to server end;
First password generation module, for generating the first dynamic password;
Server end comprises:
Second communication module, for communicating with first communication module, receiving time information and location information;
Second password generated module, for generating the second dynamic password according to temporal information and location information;
Comparing module, for comparison first dynamic password and the second dynamic password.
Further preferably, client also comprises the first memory module, and server end also comprises the second memory module, and the first memory module and the second memory module store identical key and cryptographic algorithm.
Further preferably, the first password generation module adopts cryptographic algorithm dot information, temporal information and secret generating first dynamic password in combination;
Second password generated module adopts cryptographic algorithm dot information, temporal information and secret generating second dynamic password in combination.
The present invention obtains location information and the temporal information of client by data obtaining module, by the first password generation module, dot information and temporal information generate the first dynamic password in combination, by first communication module, location information and temporal information are sent to server end simultaneously, server end obtains location information and temporal information by second communication module, and dot information and temporal information generate the second dynamic password in combination by the second password generated module.
First dynamic password is sent to server end by first communication module by client, the second dynamic password of the first dynamic password that server end comparison receives and generation, if identical, then comparison success, completes checking.
Further preferably, the communication mode of first communication module and second communication module comprises manual input, NFC (Near Field Communication, NFC, near-field communication) transmission, sonic transmissions and APP (Application, application program abbreviation) redirect.
The present invention by location information and temporal information are participated in the generation of dynamic password as the key element generating dynamic password simultaneously, and adopts symmetric encipherment algorithm, instead can release client current time and position, have non-repudiation by dynamic password.
Embodiment
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, to those skilled in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Be illustrated in figure 1 the flow chart of steps of the dynamic password formation method of a kind of anti-repudiation of the present invention, as a specific embodiment of the present invention, as shown in Figure 1, a kind of dynamic password formation method of anti-repudiation, comprising:
S1 client acquisition time information and location information are also sent to server;
S2 client generates the first dynamic password according to temporal information and location information, is sent to server;
S3 server generates the second dynamic password according to temporal information and location information;
S4 server comparison first dynamic password and the second dynamic password, if identical, then comparison success.
Location information in the present invention is the current location of client, and temporal information is client current time.
The current location that the present invention is obtained by GPS (Global Positioning System, global positioning system) when client has GPS function and opens GPS function and current time, obtain location information and temporal information.
GPS be one by covering the whole world 24 satellite systems that satellite forms.This system can ensure at any time, and on the earth, any point can observe 4 satellites simultaneously, to ensure that satellite can collect longitude and latitude and the height of this observation station, to realize the functions such as navigation, location, time service.This technology can be used for vector aircraft, boats and ships, vehicle and individual, safety, exactly along selected route, arrives punctually at the destination.In the present invention, client obtains temporal information and the location information of client by GPS navigation system, as the key element generating dynamic password, makes the present invention have non-repudiation.
Above-described embodiment is improved, wherein, when client does not have GPS positioning function or do not open GPS positioning function, the present invention can also obtain current location by network positions, obtain location information, and obtain the current time by the machine, obtain temporal information.
Improve above-described embodiment, wherein, client and server stores identical key, adopts identical symmetric encipherment algorithm to generate the first dynamic password and the second dynamic password respectively.
Symmetric encipherment algorithm applies cryptographic algorithm comparatively early, technology maturation.In a symmetric encryption algorithm, data transmission side will expressly (initial data) and encryption key together after special cryptographic algorithm process, make it become complicated encrypted cipher text and send.After destination receives ciphertext, understand original text if want, then need to use the key of encryption and the algorithm for inversion of identical algorithms to be decrypted ciphertext, it just can be made to revert to readable plaintext.In a symmetric encryption algorithm, the key of use only has one, sends out collection of letters both sides and all uses these double secret key data to encrypt and decrypt.
Symmetric encipherment algorithm generally has DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm, and be characterized in that algorithm is open, amount of calculation is little, enciphering rate is fast, encryption efficiency is high, the present invention is not construed as limiting concrete cryptographic algorithm.
Concrete, client obtains temporal information and location information, and temporal information and location information are sent to server, and the present invention packs the data to the structure of ID+ temporal information+location information, and wherein ID is used for unique identification client.
In the present invention, server and client side stores identical key respectively, the ID unique association of key and client.When server receives the temporal information and the packet of location information that client sends, to be obtained by ID wherein and the identical key that client stores carries out the generation of the second dynamic password.Adopt identical symmetric encipherment algorithm object to be to release client temporal information this moment and location information by dynamic password is counter, thus obtain client current time and position, accomplish to have good grounds, prevent from denying.In the present invention, concrete symmetric encipherment algorithm is not construed as limiting.
Concrete, when client has GPS positioning function or opened GPS positioning function, the dynamic password formation method of anti-repudiation provided by the invention is specially:
S1 client locates the position at active client place according to GPS, and obtains location information and temporal information by GPS, and meanwhile, the temporal information of acquisition and location information are sent to server end by client.
S2 client adopts symmetric encipherment algorithm to generate the first dynamic password in conjunction with key, temporal information and location information.
S3 server obtains the key identical with client according to temporal information with location information, adopts symmetric encipherment algorithm to generate the second dynamic password in conjunction with key, temporal information and location information.
Second dynamic password of the first dynamic password received and generation is compared by S4 server, if identical, then comparison success, completes checking.
Above-described embodiment is improved, when being specifically that in the present invention, client does not have GPS function or do not open GPS function, client obtains location information by network positions, temporal information is obtained by the machine, base area dot information and temporal information are in conjunction with key, adopt symmetric encipherment algorithm to generate the first dynamic password, and be sent to server end.
The present invention also provides a kind of verifying dynamic password system of anti-repudiation, comprises client, locating module, time service module and server end,
Client comprises:
Data obtaining module, for obtaining location information to locating module, and to time service module acquisition time information;
First communication module, for transmission time information and location information to server end;
First password generation module, for generating the first dynamic password;
Server end comprises:
Second communication module, for communicating with first communication module, receiving time information and location information;
Second password generated module, for generating the second dynamic password according to temporal information and location information;
Comparing module, for comparison first dynamic password and the second dynamic password.
The present invention obtains location information and the temporal information of client by data obtaining module, by the first password generation module, dot information and temporal information generate the first dynamic password in combination, by first communication module, location information and temporal information are sent to server end simultaneously, server end obtains location information and temporal information by second communication module, and dot information and temporal information generate the second dynamic password in combination by the second password generated module.
First dynamic password is sent to server end by first communication module by client, the second dynamic password of the first dynamic password that server end comparison receives and generation, if identical, then comparison success, completes checking.
Concrete, the client essence carrier in the present invention comprises the equipment such as mobile phone, panel computer with positioning function.
Locating module in the present invention is used for the current position of positioning client terminal, for client provides location information.Time service module is used for providing current precise time information for client.
Concrete, locating module comprises the location based on the location of GPS and the base station based on mobile operation network.
When mobile phone or panel computer having GPS function and opening GPS function, in the present invention, locating module and time service module are GPS (global positioning system), data obtaining module be in mobile phone with GPS module.The GPS locating module on mobile phone is utilized the position signalling of mobile phone to be sent to backstage, location to realize mobile phone location.Meanwhile, GPS also has time service function, and mobile phone obtains its current temporal information and location information by GPS.
When the equipment such as mobile phone or panel computer does not have GPS function or does not open GPS function, in the present invention, locating module is for providing the base station of network positions, architecture is then utilize base station to the measuring and calculating distance of the distance of mobile phone to determine mobile phone location, and data obtaining module is the chip that can realize network positions that the equipment such as mobile phone or panel computer carries.The equipment such as mobile phone or panel computer obtains current location information by network positions, and obtains temporal information by the equipment such as mobile phone or panel computer the machine.
In the present invention, client also comprises the first memory module, and server end also comprises the second memory module, and the first memory module and the second memory module store identical key and cryptographic algorithm.Cryptographic algorithm in the present invention adopts symmetric encipherment algorithm, identical symmetric encipherment algorithm object is adopted to be to release client temporal information this moment and location information by dynamic password is counter, thus obtain client current time and position, accomplish to have good grounds, prevent from denying.In the present invention, concrete symmetric encipherment algorithm is not construed as limiting.
Concrete, in client, the first password generation module adopts cryptographic algorithm dot information, temporal information and secret generating first dynamic password in combination; Second password generated module of server end adopts cryptographic algorithm dot information, temporal information and secret generating second dynamic password in combination.
First communication module in the present invention and second communication module are used for the communication between client and server, and the communication mode of first communication module and second communication module comprises manual input, NFC transmission, sonic transmissions and APP redirect.
Concrete, when the communication mode of first communication module and second communication module is for manually inputting, the second communication module of server end comprises an input module, it can be keyboard, be sent to server by keyboard information manual input time and location information or the first dynamic password, server is received by second communication module.
Concrete, the communication mode of first communication module and second communication module is NFC when transmitting, and first communication module and second communication module all have NFC function, adopt point-to-point mode to carry out closely exchanges data.
NFC near-field communication is a kind of radiotechnics of short distance high frequency, runs in 20 cm distance in 13.56MHz frequency.Its transmission speed has 106Kbit/ second, 212Kbit/ second or 424Kbit/ second three kinds.NFC technology is developed by non-contact radio-frequency identification (RFID) and the Technology Integration that interconnects, combining induction card reader, induction type card and point-to-point function on one chip, can carry out identifying and exchanges data with compatible equipment in short distance.
Concrete, when the communication mode of first communication module and second communication module is sonic transmissions, first communication module and second communication module all have the function of transmitting-receiving audio signal, temporal information and the digital signal such as location information or the first dynamic password are converted to audio frequency letter and send in the form of sound by first communication module, server by second communication module receiving time information and location information or the first dynamic password, and converts temporal information and location information or the first dynamic password to digital signal and processes.
Concrete, when the essence carrier of client and server end is the equipment such as same mobile phone or panel computer, the communication of first communication module and second communication module realizes by APP redirect, when first communication module in redirect time delivery time information and location information or the first dynamic password to the corresponding APP page of server end, server end is by APP page acquisition time information and location information or the first dynamic password.
Concrete, be client essence carrier below with mobile phone be example, cell-phone customer terminal comprises GPS module, and be manually input with server end communication mode, server end is the server with input equipment, and input equipment specifically comprises button etc.Describe the course of work of the present invention in detail:
1. open GPS function on cell-phone customer terminal, communicated with GPS by the GPS module on mobile phone, positioning client terminal current location, cell-phone customer terminal acquisition time information and location information.
2. cell-phone customer terminal displaying time information and location information, user passes through the button of server to server information input time and location information simultaneously.
3. cell-phone customer terminal adopts cryptographic algorithm that temporal information and location information are combined secret generating first dynamic password stored.
4. server receives temporal information and the location information of input, adopts identical cryptographic algorithm that temporal information and location information are combined secret generating second dynamic password stored.
5. cell-phone customer terminal shows the first dynamic password, and user inputs the first dynamic password by button to server again.
6. server receives the first dynamic password of input, comparison first dynamic password and the second dynamic password, if identical, then comparison success, completes checking, if not identical, then and comparison failure, authentication failed.
Obviously, those skilled in the art can carry out various change and distortion to the present invention, and does not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention belong within the scope of the claims in the present invention and equivalent technology thereof, then the present invention is also intended to comprise these changes and distortion.