CN101170408A - Method and system for realizing agent certification based on identity authentication mode including random information - Google Patents
Method and system for realizing agent certification based on identity authentication mode including random information Download PDFInfo
- Publication number
- CN101170408A CN101170408A CNA2006100632609A CN200610063260A CN101170408A CN 101170408 A CN101170408 A CN 101170408A CN A2006100632609 A CNA2006100632609 A CN A2006100632609A CN 200610063260 A CN200610063260 A CN 200610063260A CN 101170408 A CN101170408 A CN 101170408A
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- user
- program
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method and a system to realize agent authentication aiming to an identity authentication mode including random information. The identity authentication mode including the random information is to authenticate user's identity information including a changeless part such as the account, the password and other changeable information during each authentication process. The system comprises a program operated in general computing devices. The agent authentication steps comprise that: a user starts an authentication flow, and the program picks up the random information relevant to the authentication and gives prompt to the user; the user inputs the assisted authentication information in accordance with the program prompt; the program submits the pre-stored authentication information and the assisted information of the authentication process to a corresponding authentication scene, and the authentication is then completed. The method and the system can significantly reduce the manual input operation in the authentication process and enhance the security of the authentication process.
Description
Technical field
The present invention relates to information system, relate in particular to the proxy authentication of information system.
Background technology
Because the reason of safety and management, present information system generally all relates to the authentication to the user, haves no right the using system resource to guarantee the nonsystematic user, perhaps allows to possess different rights of using after different user's login systems.Particularly online service system of present most of information systems adopts the mode of account number cipher to come the user is carried out authentication mostly.Its flow process generally is that the user registers in advance, and sets required account and the password of this system of visit; When needs use the service that this system provides, enter its user's login interface, the user imports authentication informations such as account number cipher, finishes authentication, thereby possesses the authority that this information system of visit obtains service.
But the development of Brute Force technology makes above-mentioned flow process face security breaches.For number of the account and the password that obtains other people, the assailant can form the combination of number of the account and password by program (perhaps downloading hack tool) in the dictionary mode, automatically submit authentication information to information system, judge by the return information of analytical information system whether the combination of this number of the account and password is one group of correct accounts information then, thereby reach the purpose of attack.Owing to be to be undertaken by Automatic Program, to add numerous information system users and select for use combinations of words commonly used to constitute username and password usually, its efficient is surprising, and the general short time just can obtain a large amount of correct account and passwords.
For tackling above-mentioned Brute Force flow process, development of information system person has introduced enchancement factor in verification process, its flow process changes thereupon: when authenticating at every turn, system generates and preserves one group of random data, certified side is when providing its account and password, need be according to the prompting of system, import the assistant authentification information relevant with above-mentioned random information, after submitting authentication to, system at first judges according to the random data of preserving in advance whether the assistant authentification information that certified side provides is correct, if correctly just further account and encrypted message are verified.
This flow process has stoped the attack of Brute Force technology effectively.Because the program of operation can't be submitted assistant authentification information to according to screen prompt automatically, thereby can't finish verification process.
This flow process occurs with the form of identifying code usually.Being shown to the user by letter and/or the picture formed of numeral, the user has only by the human eye identification mode alphanumeric of demonstration is offered system as assistant authentification information with random data in system.
But above-mentioned flow process has also stoped existing proxy authentication technology simultaneously.Proxy authentication technology and Brute Force technology belong to same source and course, difference is, for account information is submitted to the form that system to be logined can accept, thereby finish this process of login, the Brute Force technology judges according to the result whether account information is correct, and the proxy authentication system stores user's account information in advance, when the user determines to login, the proxy authentication system submits account information to finish login to, in this process, the user need not to import any information, seems convenient and swift.Still need manual input owing to comprise the authentification of user pattern of random information in login process, cause existing online Password Management service at present, in fact can't operate, thereby all can not support the above-mentioned authentification of user pattern that comprises random information.
For example, online Password Management service (http://www.agatra.com) allows the online storage of user, management account number data, and realizes proxy authentication at the part website, but does not support any website that needs the input validation sign indicating number.
As seen, be confined to the prior art scheme, at the authentification of user pattern that comprises random information, realize proxy authentication, prior art does not provide more complete solution.
Summary of the invention
The present invention will can't realize the problem of proxy authentication at the authentification of user pattern that comprises random information, proposes new rational technic relization scheme, realizes the proxy authentication function at the authentification of user pattern that comprises random information.
The technical scheme that the present invention solves the problems of the technologies described above employing comprises, a kind of method and system of realizing proxy authentication at the authentification of user pattern that comprises random information is proposed, the described authentication pattern that comprises random information refers to a kind of authentication pattern, it is used to differentiate that the information of user identity comprises for example authentication information such as number of the account, password of constant part, and each authentication part that all can change: normally with one group of numeral or relevant assistant authentification information of character at random; Described system comprises the program that runs on the universal computing device, it is characterized in that, the step of proxy authentication comprises:
The authentication scene that a user will need to realize proxy authentication is submitted to program, and process analysis authentication scene and extraction authentication scene characteristic data are stored in database;
B user submits to program with authentication information in advance, and program is stored in database with above-mentioned information after encrypting;
C user starts identifying procedure, and program is extracted the random information relevant with this authentication and is prompted to the user;
D user is according to program prompts input assistant authentification information, and authentication information that program will be stored in advance and this assistant authentification information are committed to the pairing authentication scene of this authentication information, finish authentication;
In the method and system at the authentification of user pattern realization proxy authentication that comprises random information of the present invention:
The described authentication pattern that comprises random information refers to a kind of authentication pattern, it is used to differentiate that the information of user identity comprises for example authentication information such as number of the account, password of constant part, and each authentication part that all can change: normally with one group of numeral or relevant assistant authentification information of character at random;
The described program that runs on universal computing device, can be to operate in the page program that to visit by terminal general browser software with the appearance of online service form, user on the computer server, it can be the individual application program that operates on user's terminal, described terminal can be ordinary individual's computer, can be smart mobile phone or PDA;
Described authentication scene can be the user's login page by certain associated website of a network address (URL), or user's login window of an application program.Described authentication scene characteristic data include but not limited to particular datas such as the size, type, title of the inside agreement name of HTML code, authentication information project of the page or window;
Process analysis authentication scene and extraction authentication scene characteristic data and user authentication information are stored in the process of database, may further comprise the steps:
1., the user imports the network address that needs to realize proxy authentication;
2., this network address of routine access, analyzing web page source code structure is extracted the web page element relevant with authentication, comprises the input element of authentication information and the input element of assistant authentification information;
3., show the pairing login interface of this network address, the user can import the authentication information corresponding with this authentication scene to the user;
4., user's confirmation errorless after, be committed to program;
5., program will authenticate the database of scene characteristic data and user authentication information preservation.
Described user acts on behalf of the process of finishing site certificate by the page program that operates on the server end, may further comprise the steps:
1., the user is in the selected pairing authentication information clauses and subclauses in this website that need of the page,
2., page service routine according to the pairing authentication scene of authentication information, obtains the code of this website log webpage in terminal;
3., page service routine analyzing web page code structure, extract the assistant authentification information pairing input element relevant, and this element be prompted to the user with this login, obtain with this and login relevant assistant authentification information;
4., the assistant authentification information that web page code and user are provided is committed to procedure service device end, program is extracted user authentication information from database, in web page code, find the authentication information project input item corresponding, fill every authentication information or input item is given assignment with assistant authentification information;
5., page program carries out above-mentioned page code on terminal equipment, start the authentication login process, finishes proxy authentication.
Adopt the method and system of realizing proxy authentication at the authentification of user pattern that comprises random information of the present invention, the user can be under the situation of importing account information in advance, each login only needs the input assistant authentification information relevant with random information, can finish login, thereby can significantly reduce the manual input operation of user in verification process, the fail safe in use of enhanced authentication information.
Description of drawings
Fig. 1 is the page service routine basic interface of the inventive method embodiment.
Fig. 2 is the authentication information inputting interface in advance of the inventive method embodiment.
Fig. 3 is the sample of the inventive method embodiment: original login interface and proxy authentication interface.
Fig. 4 is the page program authentication information of the inventive method embodiment flow process that prestores.
Fig. 5 finishes the flow process of proxy authentication for the page program of the inventive method embodiment.
Embodiment
Be described in further detail below in conjunction with the most preferred embodiment shown in the accompanying drawing.
Shown in Fig. 1 to 5, the method and system of realizing proxy authentication at the authentification of user pattern that comprises random information of the present invention, the described authentication pattern that comprises random information refers to a kind of authentication pattern, it is used to differentiate that the information of user identity comprises for example authentication information such as number of the account, password of constant part, and each authentication part that all can change: normally with one group of numeral or relevant assistant authentification information of character at random; Described system comprises the program that runs on the universal computing device, it is characterized in that, realizes that the step of proxy authentication comprises:
The authentication scene that a user will need to realize proxy authentication is submitted to program, and process analysis authentication scene and extraction authentication scene characteristic data are stored in database;
B user submits to program with authentication information in advance, and program is stored in database with above-mentioned information after encrypting;
C user starts identifying procedure, and program is extracted the random information relevant with this authentication and is prompted to the user;
D user is according to program prompts input assistant authentification information, and authentication information that program will be stored in advance and this assistant authentification information are committed to the pairing authentication scene of this authentication information, finish authentication;
In the method and system at the authentification of user pattern realization proxy authentication that comprises random information of the present invention:
The described authentication pattern that comprises random information refers to a kind of authentication pattern, it is used to differentiate that the information of user identity comprises for example authentication information such as number of the account, password of constant part, and each authentication part that all can change: normally with one group of numeral or relevant assistant authentification information of character at random;
The described program that runs on universal computing device, can be to operate in the page program that to visit by terminal general browser software with the appearance of online service form, user on the computer server, it can be the individual application program that operates on user's terminal, described terminal can be ordinary individual's computer, can be smart mobile phone or PDA;
Described authentication scene can be the user's login page by certain associated website of a network address (URL), or user's login window of an application program.Described authentication scene characteristic data include but not limited to particular datas such as the size, type, title of the inside agreement name of HTML code, authentication information project of the page or window;
As shown in Figure 1, for operating in the page program that occurs with the online service form on the computer server, the user can browse and manage the one's own numerous authentication information item lists that are kept at the server end database with cipher mode open website and login with browser after.
The user can utilize the terminal (mobile phone or PDA) that can surf the Net, by logining aforementioned online service website, uses its online service.
As shown in Figure 2, the user can preserve the authentication information relevant with the specific authentication scene in advance.Fig. 2 A shows newly-increased interface that needs the website of proxy authentication, and the user needs the pairing input item of specific authentication sign indicating number, and imports constant authentication informations such as account password.Fig. 2 A display update authentication information the interface.
As shown in Figure 3, the user is after pre-storing authentication information, and after the user selected and lands clauses and subclauses, program realized the interface of proxy authentication.Fig. 3 A shows the original login interface in this website, and Fig. 3 B is the interface of proxy authentication, and the user only need import the identifying code assistant authentification information relevant with random information, need not to import authentication informations such as account password, can finish and land
As shown in Figure 4, process analysis authentication scene and extraction authentication scene characteristic data and user authentication information are stored in the process of database, may further comprise the steps:
1., the user imports the targeted website network address that needs to realize proxy authentication;
2., this network address of routine access, analyzing web page source code structure is extracted the web page element relevant with authentication, comprises the input element of authentication information and the input element of assistant authentification information;
3., show the pairing login interface of this network address, the user can import the authentication information corresponding with this authentication scene to the user;
4., user's confirmation errorless after, be committed to program;
5., program will authenticate the database of scene characteristic data and user authentication information preservation.
As shown in Figure 5, described user acts on behalf of the process of finishing site certificate by the page program that operates on the server end, may further comprise the steps:
1., the user is in the selected pairing authentication information clauses and subclauses in this website that need of the page,
2., page service routine according to the pairing authentication scene of authentication information, obtains the code of this website log webpage in terminal;
3., page service routine analyzing web page code structure, extract the assistant authentification information pairing input element relevant, and this element be prompted to the user with this login, obtain with this and login relevant assistant authentification information;
4., the assistant authentification information that web page code and user are provided is committed to procedure service device end, program is extracted user authentication information from database, in web page code, find the authentication information project input item corresponding, fill every authentication information or input item is given assignment with assistant authentification information;
5., page program carries out above-mentioned page code on terminal equipment, start the authentication login process, finishes proxy authentication.
Sum up the foregoing description, can find, with the method and system of realizing proxy authentication at the authentification of user pattern that comprises random information of the present invention, the user can be in the authentification of user pattern that needs random informations such as input validation sign indicating number, still can all import under the situation of authentication informations such as account password preserving in advance and need not each login, realize proxy authentication, can significantly reduce the manual input operation of user in verification process, the fail safe in use of enhanced authentication information.
Basic ideas of the present invention are: at the authentification of user pattern that comprises random information, the user is at first by running on the proxy authentication service routine on the server, relevant structure of web page is logined with the user in the evaluating objects website, the user preserves account information in advance, when program is implemented proxy authentication, extract page elements relevant in the webpage and be prompted to the user with random information, the authentication informations such as account password that to preserve in advance of program are committed to the target authentication scene with the assistant authentification information of user's input then, thereby finish the proxy authentication process.Enforcement of the present invention is not limited to above-mentioned open embodiment.Any based on above-mentioned basic ideas, and make at the foregoing description need not creative work replacement, improvement, all belong to enforcement of the present invention.
Claims (4)
1. method and system of realizing proxy authentication at the authentication pattern that comprises random information.The described authentication pattern that comprises random information refers to a kind of authentication pattern, it is used to differentiate that the information of user identity comprises for example authentication information such as number of the account, password of constant part, and each authentication part that all can change: normally with one group of numeral or relevant assistant authentification information of character at random, described system comprises the program that runs on the universal computing device, it is characterized in that the step of proxy authentication comprises:
The target authentication scene that a user will need to realize proxy authentication is submitted to program, and process analysis authentication scene and extraction authentication scene characteristic data are stored in database;
B user submits to program with authentication information in advance, and program is stored in database with above-mentioned information after encrypting;
C user starts identifying procedure, and program is extracted the random information relevant with this authentication and is prompted to the user;
D user is according to program prompts input assistant authentification information, and authentication information that program will be stored in advance and this assistant authentification information are committed to the pairing authentication scene of this authentication information, finish proxy authentication;
2. the method and system at the authentication pattern realization proxy authentication that comprises random information as claimed in claim 1 is characterized in that:
The described authentication pattern that comprises random information, refer to a kind of authentication pattern, it is used to differentiate that the information of user identity comprises for example authentication information such as number of the account, password of constant part, and each authentication part that all can change: normally with one group of numeral or relevant assistant authentification information of character at random;
The described program that runs on universal computing device, can be to operate in the page program that to visit by terminal general browser software with the appearance of online service form, user on the computer server, it can be the individual application program that operates on user's terminal, described terminal can be ordinary individual's computer, can be smart mobile phone or PDA;
Described authentication scene can be the user's login page by certain associated website of a network address (URL), or user's login window of an application program.Described authentication scene characteristic data include but not limited to particular datas such as the size, type, title of the inside agreement name of HTML code, authentication information project of the page or window;
3. the method and system at the authentication pattern realization proxy authentication that comprises random information as claimed in claim 1 is characterized in that:
The process that process analysis authentication scene and extraction authentication scene characteristic data and user authentication information are stored in database may further comprise the steps:
1., the user imports the network address that needs to realize proxy authentication;
2., this network address of routine access, analyzing web page source code structure is extracted the web page element relevant with authentication, comprises the input element of authentication information and the input element of assistant authentification information;
3., show the pairing login interface of this network address, the user can import the authentication information corresponding with this authentication scene to the user;
4., user's confirmation errorless after, be committed to program;
5., program will authenticate the database of scene characteristic data and user authentication information preservation.
4. the method and system of the storage of authentication information as claimed in claim 1, management and proxy authentication is characterized in that:
Described user acts on behalf of the process of finishing site certificate by the page program that operates on the server end, may further comprise the steps:
1., the user is in the selected pairing authentication information clauses and subclauses in this website that need of the page,
2., page service routine according to the pairing authentication scene of authentication information, obtains the code of this website log webpage in terminal;
3., page service routine analyzing web page code structure, extract the assistant authentification information pairing input element relevant, and this element be prompted to the user with this login, obtain with this and login relevant assistant authentification information;
4., the assistant authentification information that web page code and user are provided is committed to procedure service device end, program is extracted user authentication information from database, in web page code, find the authentication information project input item corresponding, fill every authentication information or input item is given assignment with assistant authentification information;
5., page program carries out above-mentioned page code on terminal equipment, start the authentication login process, finishes proxy authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100632609A CN101170408A (en) | 2006-10-25 | 2006-10-25 | Method and system for realizing agent certification based on identity authentication mode including random information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100632609A CN101170408A (en) | 2006-10-25 | 2006-10-25 | Method and system for realizing agent certification based on identity authentication mode including random information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101170408A true CN101170408A (en) | 2008-04-30 |
Family
ID=39390889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006100632609A Pending CN101170408A (en) | 2006-10-25 | 2006-10-25 | Method and system for realizing agent certification based on identity authentication mode including random information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101170408A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102663322A (en) * | 2012-02-23 | 2012-09-12 | 深圳市乐讯科技有限公司 | Method and apparatus for preventing user from cheating by hiding game maps |
| CN102724045A (en) * | 2012-07-05 | 2012-10-10 | 甘肃银光聚银化工有限公司 | Network interface adapter |
| CN101415004B (en) * | 2008-11-25 | 2013-05-08 | 江岳 | Authentication method for embedded web page application |
| CN103677794A (en) * | 2012-09-19 | 2014-03-26 | 株式会社东芝 | Multifunctional all-in-one and system and script control method thereof |
| CN107302539A (en) * | 2014-09-01 | 2017-10-27 | 刘文印 | Method and its system that a kind of electronic identity registration and certification are logged in |
| CN110096303A (en) * | 2019-04-22 | 2019-08-06 | 无线生活(杭州)信息科技有限公司 | Code detection method and device |
| CN110769415A (en) * | 2019-10-30 | 2020-02-07 | 维沃移动通信有限公司 | Authentication method and electronic equipment |
-
2006
- 2006-10-25 CN CNA2006100632609A patent/CN101170408A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101415004B (en) * | 2008-11-25 | 2013-05-08 | 江岳 | Authentication method for embedded web page application |
| CN102663322A (en) * | 2012-02-23 | 2012-09-12 | 深圳市乐讯科技有限公司 | Method and apparatus for preventing user from cheating by hiding game maps |
| CN102663322B (en) * | 2012-02-23 | 2015-06-24 | 深圳市乐讯科技有限公司 | Method and apparatus for preventing user from cheating by hiding game maps |
| CN102724045A (en) * | 2012-07-05 | 2012-10-10 | 甘肃银光聚银化工有限公司 | Network interface adapter |
| CN103677794A (en) * | 2012-09-19 | 2014-03-26 | 株式会社东芝 | Multifunctional all-in-one and system and script control method thereof |
| CN107302539A (en) * | 2014-09-01 | 2017-10-27 | 刘文印 | Method and its system that a kind of electronic identity registration and certification are logged in |
| CN107302539B (en) * | 2014-09-01 | 2021-04-13 | 登录易(深圳)科技有限公司 | Electronic identity registration and authentication login method and system |
| CN110096303A (en) * | 2019-04-22 | 2019-08-06 | 无线生活(杭州)信息科技有限公司 | Code detection method and device |
| CN110096303B (en) * | 2019-04-22 | 2023-06-02 | 无线生活(杭州)信息科技有限公司 | Code detection method and device |
| CN110769415A (en) * | 2019-10-30 | 2020-02-07 | 维沃移动通信有限公司 | Authentication method and electronic equipment |
| CN110769415B (en) * | 2019-10-30 | 2023-04-18 | 维沃移动通信有限公司 | Authentication method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110602052B (en) | Micro-service processing method and server | |
| US20070130618A1 (en) | Human-factors authentication | |
| CN101170408A (en) | Method and system for realizing agent certification based on identity authentication mode including random information | |
| US20110023099A1 (en) | User terminal with identity selector and method for identity authentication using identity selector of the same | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN105743905B (en) | A kind of method that realizing secure log, unit and system | |
| JP2011141785A (en) | Member registration system using portable terminal and authentication system | |
| KR101814079B1 (en) | Method, application, computer program and device for providing authentication service using mobile terminal | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| CN106911661A (en) | A kind of short-message verification method, device, client, server and system | |
| CN102801808A (en) | WebLogic-oriented Form identification single sign on integration method | |
| US20180374093A1 (en) | Method for sending digital information | |
| CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
| CN110175439A (en) | User management method, device, equipment and computer readable storage medium | |
| KR20000058580A (en) | Un idb | |
| CN102413146B (en) | Client authorized logon method based on dynamic codes | |
| KR101027228B1 (en) | User-authentication apparatus for internet security, user-authentication method for internet security, and recorded medium recording the same | |
| CN105681350B (en) | One kind is based on the similar zero interaction two-factor authentication system and method for environment | |
| CN106789930A (en) | A kind of single-point logging method of (SuSE) Linux OS | |
| KR101739446B1 (en) | User authentication system and user authentication method therefor | |
| EP2389642B1 (en) | Cybercrime detecting and preventing method and system established by telephone number code, authorization code and source identification code | |
| US11544369B2 (en) | Mobile device as a computer authenticator | |
| CN107679865B (en) | Identity verification method and device based on touch area | |
| EP1293857A1 (en) | Server access control | |
| CN110069910A (en) | A kind of machine behavior determines method, web browser and web page server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080430 |