CN102833276A - Webpage login system based on token - Google Patents
Webpage login system based on token Download PDFInfo
- Publication number
- CN102833276A CN102833276A CN2011101588214A CN201110158821A CN102833276A CN 102833276 A CN102833276 A CN 102833276A CN 2011101588214 A CN2011101588214 A CN 2011101588214A CN 201110158821 A CN201110158821 A CN 201110158821A CN 102833276 A CN102833276 A CN 102833276A
- Authority
- CN
- China
- Prior art keywords
- token
- user
- web server
- database
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a webpage login system based on a token. The webpage login system comprises a WEB browser, the token for storing authentication information of a user and various password information, a WEB server, a database and a client tabletop program, wherein a root directory of the WEB server is provided with a script of the database; the WEB server is connected with the database; the client tabletop program reads user information in the token, executes an authentication process of the user and sends an access request of the user to the WEB server; and the WEB server queries the database to implement a webpage authentication login process of the user. By the technical scheme, high identity authentication can be supplied to the user in web application, so that the risks in the user account security, which are caused by low violent cracking resistance, network kidnap and the like of the conventional static command, are reduced; and a relatively good technical effect is achieved.
Description
Technical field
The present invention relates to a kind of network entry system based on token, mainly be in Web uses for the user provides strong identity authentication, reduce the risk of bringing for user account safety because of uprising power a little less than the traditional static password cracks, network abduction etc.
Background technology
Strong identity authentication product based on USB mainly is based on public-key technology (PKI) at present, and the setting of PKI public base is guaranteed the safety of user profile and authentication certificate holder's identity through public key technique and digital certificate.But PKI is also increasing user's Financial cost because of its loaded down with trivial details implementation process and maintenance management when strong identity authentication is provided.
The dynamic password technology is another major technique of strong identity authentication, and dynamic password is because of its uprising power cracks, anti-steal a glance at and series of advantages such as anti-abduction obtains application more and more widely.
At present, comparatively common what be is authentication product and dynamic password dual factors (multifactor) the authentication product based on USB that uses PKI technology simultaneously, and according to these methods and technology, it has technological merit such as anti-ly steals a glance at, anti-abduction and uprising power crack.
But, take this method, among practice, exist shortcoming described below:
The first, implement with maintenance cost very high;
The second, because the certificate of PKI seldom has renewal, therefore, it exists bigger potential safety hazard using above a specified time fail safe meeting reduction;
The 3rd, said method, especially in Web used, its application mode and action effect depended on the particular network browser, and its application platform is also more single;
The 4th, if take the OTP token, it can be restricted useful life from charged pool because of using, and owing to said OTP token is connected with PC, so its information interaction form is single.
Summary of the invention
The present invention is directed to existing technical disadvantages and propose; A kind of webpage login system based on token is provided; Said system can reduce the risk of bringing for user account safety because of uprising power a little less than the traditional static password cracks, network abduction etc. for the user provides strong identity authentication in Web uses.
The present invention solves the problems of the technologies described above the technical scheme taked like following description:
A kind of webpage authentication login system based on token comprises:
The WEB browser;
Token, said token are used to store user's authentication information and various encrypted message;
WEB server and database, and the root of said WEB server is provided with the script of said database, and said WEB server and said database link together; And,
The client desktop program; Said client desktop program reads the user profile in the token and accomplishes user's verification process; Access request with the user sends to the WEB server afterwards, said WEB server lookup database, thus realize user's webpage authentication landfall process.
Further; Preferred construction is, said WEB browser connects said client desktop program, and; ID, Web are used homepage to said client application and replying of challenge is organized into a Web address, and said address is sent among the said WEB browser as parameter.
Further, preferred construction is that HMAC-FNV algorithm or other any hash algorithm encryptions are taked in said token inside.
Further, preferred construction is, also is provided with the authentication module to server access among the said client desktop program, and said authentication module is sent the challenge information to Web server when sending logging request.
Further, preferred construction is, said WEB browser is web browser arbitrarily.
Further, preferred construction is that said database is a SQL database.
The present invention is after having taked technique scheme; Owing to taked HMAC-FNV algorithm (FNV improves algorithm) that data are encrypted; And; Between browser, Web server and token, added the client desktop program as coordination component, the shielding token is to the dependence of particular browser, have the realization scope wide, can in Web uses, strong identity authentication be provided for the user; Reduction because of the traditional static password a little less than uprising power crack, network abduction etc. gives the technological merit of the risk that user account safety brings, and has better technical effect.
Description of drawings
Below in conjunction with accompanying drawing the present invention is carried out detailed description, so that above-mentioned advantage of the present invention is clearer and more definite.
Fig. 1 is the framework sketch map that the present invention is based on the network login system of token.
Fig. 2 is the flow chart of login method that the present invention is based on the network login system of token.
Embodiment
Come the present invention is carried out detailed description below in conjunction with accompanying drawing and specific embodiment.
Fig. 1 is the framework sketch map that the present invention is based on the network login system of token.
As shown in the figure, said webpage login system based on token mainly is made up of following assembly:
The WEB browser;
Token, said token are used to store user's authentication information and various encrypted message;
WEB server and database, and the root of said WEB server is provided with the script of said database, and said WEB server and said database link together; And,
The client desktop program; Said client desktop program reads the user profile in the token and accomplishes user's verification process; Access request with the user sends to the WEB server afterwards, said WEB server lookup database, thus realize user's webpage authentication landfall process.
Wherein, said client desktop program has played the effect of an interactive interface, and; Its set inside has a plurality of functional units; And, be arranged between browser and WEB server and the token, played the effect of an information reconciliation functional layer; And then shielded dependence to particular browser, have reasonable access technique effect.
And; Said WEB browser connects said client desktop program; And ID, Web are used homepage to said client application and replying of challenge is organized into a Web address, and said address is sent among the said WEB browser as parameter.
Simultaneously, HMAC-FNV algorithm or other any hash algorithm encryptions are taked in said token inside, like this, can obtain cipher round results preferably.
Usually; Preserve the distinctive one section confidential information of each user, ID, user's PIN code summary, desire protection Web homepage address in the said token; And, the HMAC-FNV algorithm (FNV improves algorithm) of in said token, having realized being used for the MD5 hash algorithm (Hash) of PIN code comparison use and being used to produce authentication response.
Described HMAC-FNV algorithm specifically describes as follows:
Wherein, the representative implication of each symbol is following:
S1 encrypted result influencing factor
The s2 encrypted content
Ret intermediate object program
The algorithm body part:
The initialization constant (0x811c9dc5) that FNVINIT FNV algorithm uses
Truncate blocks operator
The Skey user key
The challenge information of schallenge server
Algorithm definition: HMAC-FNV=truncate (FNV (s1, FNV (s2, FNVINIT)))
Step1:?ret=FNV(s2,?FNVINIT)
Step2:?ret=FNV(s1,ret)
Step3:?ret=truncate(ret)
Step4: return results ret
In addition, among said client desktop program, also be provided with the authentication module to server access, said authentication module is sent the challenge information to Web server when sending logging request.Realize challenge response mechanism through http protocol and USB device, strong identity authentication protection effect is provided for Web uses.
At first, utilize sql (database manipulation language) script of program release band in the database service of the Web server use of desire protection, to create the database that TokenLite Web Authentication System uses; Then, with service end pin page copy in the program release bag to the Web application directory; Secondly, the database information that uses of configuration service end script (database-name, database server address, be used to connect the user name of database, the password of log database); Then, utilizing token initialization instrument (TokenLite Init Tool) is user's initialization token (ID, user key, Web homepage, user's PIN code in the initialization token); Then, provide token and client desktop application program (TokenLite Daemon Tool) for the user; At last, the user only need just can sign in to Web and use through with the calculating linking input right user PIN code of token through USB and running client multipad, token is removed from computer withdraw from the Web application.
Below we combine Fig. 1 and Fig. 2 that login method of the present invention is carried out detailed description.As shown in the figure, said method comprises following step:
Step 1: the user passes through USB and computer link with token;
Step 2: the client desktop program is imported the interface of user PIN to user's display requirement user;
Step 3: the user imports the right user PIN code; Wherein, be configured to: if the PIN code of user's input error has miscue, the further operation of continuous 3 input error user PIN codes will be rejected;
Step 4: the client desktop program sends to token after user's PIN code is fed back;
Step 5: token is accomplished the checking of user's PIN code in inside, returns user's PIN code checking result to the client desktop program;
Step 6: if user's PIN code verifies that successfully client application is used relevant informations such as homepage, ID to token request Web;
Step 7: token is used homepage, ID information to client application feedback Web;
Step 8: client application sends the user to Web server and logins ID authentication request;
And wherein, we can add the authentication module to server in the client desktop program, and, when sending logging request, send a challenge information to Web server.
Step 9:Web server lookup database, affirmation user's current whether being activated of existence, user;
Step 10: if the user exists and has been in state of activation, Web server produces a random number that is used for this login and sends to the client desktop program as challenge, and the random number challenge information is updated to database; Otherwise, send refusal information and give the client desktop program.
And; If the client desktop program need be carried out authentication to Web server, then Web server need utilize the HMAC-FNV algorithm that challenge information and the corresponding key information encryption generation of ID that the client submits to fed back to the client desktop program to the response result that the client challenges;
Step 11: if Web server returns error message, multipad shows this error message to the user;
Wherein, it should be noted that multipad sends to token with challenge information if Web server returns random number as challenge;
Step 12: the result that token receives user's unique key information of token storage inside, token at inner utilization HMAC-FNV algorithm from client application challenge information is encrypted feeds back to client application;
Step 13: client application with the encrypted result of token feedback as replying to this challenge of Web server; ID, Web application homepage and replying of challenge are organized into a Web address. client application calls browser, and the address that previous groups is woven sends to browser as parameter;
Step 14: the browser access Web server sends to Web server with ID, response message;
Step 15:Web server lookup database obtains corresponding unique key, challenge information and the overtime label information of user of ID that browser is submitted to; If overtime then this authentification failure of challenge information; Web server returns miscue to client application, and the client need restart login process;
Otherwise Web server uses the HMAC-FNV algorithm that user key and challenge information are encrypted, the encrypted result and the response message of user's submission are compared, difference then Web server to client desktop program feedback error information;
If both correspondences are identical, then upgrade this user Session, accomplish authenticating user identification;
Step 16: and, after this, the Update Information challenge information field (make challenge information unavailable) of respective user ID in the storehouse of said Web server.
In general, the present invention the key technology main points that will comprise be following several kinds:
The first, HMAC-FNV algorithm (FNV improves algorithm);
The second, between browser, Web server and token, add information reconciliation functional layer (client desktop program), the shielding token is to the dependence of particular browser;
The 3rd, realize challenge response mechanism through http protocol and USB device, for Web uses the strong identity authentication protection is provided; And we can select other hash algorithms when carrying out calculated response information, can realize similar techniques effect of the present invention equally.
The present invention is after having taked technique scheme; Owing to taked HMAC-FNV algorithm (FNV improves algorithm) that data are encrypted; And; Between browser, Web server and token, added the client desktop program as coordination component, the shielding token is to the dependence of particular browser, have the realization scope wide, can in Web uses, strong identity authentication be provided for the user; Reduction because of the traditional static password a little less than uprising power crack, network abduction etc. gives the technological merit of the risk that user account safety brings, and has better technical effect.
It should be noted that; Above-mentioned specific embodiment only is exemplary; Under above-mentioned instruction of the present invention, those skilled in the art can carry out various improvement and distortion on the basis of the foregoing description, and these improve or distortion drops in protection scope of the present invention.
It will be understood by those skilled in the art that top specific descriptions just in order to explain the object of the invention, are not to be used to limit the present invention.Protection scope of the present invention is limited claim and equivalent thereof.
Claims (6)
1. webpage login system based on token comprises:
The WEB browser;
Token, said token are used to store user's authentication information and various encrypted message;
WEB server and database, and the root of said WEB server is provided with the script of said database, and said WEB server and said database link together; And,
The client desktop program; Said client desktop program reads the user profile in the token and accomplishes user's verification process; Access request with the user sends to the WEB server afterwards, said WEB server lookup database, thus realize user's webpage authentication landfall process.
2. the webpage authentication login system based on token according to claim 1; It is characterized in that; Said WEB browser connects said client desktop program; And ID, Web are used homepage to said client application and replying of challenge is organized into a Web address, and said address is sent among the said WEB browser as parameter.
3. the webpage authentication login system based on token according to claim 1 is characterized in that, HMAC-FNV algorithm or other any hash algorithm encryptions are taked in said token inside.
4. the webpage authentication login system based on token according to claim 1; It is characterized in that; Also be provided with the authentication module to server access among the said client desktop program, said authentication module is sent the challenge information to Web server when sending logging request.
5. the webpage authentication login system based on token according to claim 1 is characterized in that, said WEB browser is web browser arbitrarily.
6. the webpage authentication login system based on token according to claim 1 is characterized in that said database is a SQL database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101588214A CN102833276A (en) | 2011-06-14 | 2011-06-14 | Webpage login system based on token |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101588214A CN102833276A (en) | 2011-06-14 | 2011-06-14 | Webpage login system based on token |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102833276A true CN102833276A (en) | 2012-12-19 |
Family
ID=47336246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101588214A Pending CN102833276A (en) | 2011-06-14 | 2011-06-14 | Webpage login system based on token |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102833276A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833214A (en) * | 2011-06-14 | 2012-12-19 | 赛酷特(北京)信息技术有限公司 | Webpage login system and method based on credential |
| CN103198130A (en) * | 2013-04-11 | 2013-07-10 | 上海心动企业发展有限公司 | Method and device for realizing login unified with webpage on client side |
| CN103905188A (en) * | 2014-04-02 | 2014-07-02 | 天地融科技股份有限公司 | Method for generating dynamic password through intelligent secret key device, and intelligent secret key device |
| CN105187389A (en) * | 2015-08-07 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | Webpage access method and system based on digital mixed encryption |
| CN108418797A (en) * | 2018-01-31 | 2018-08-17 | 金蝶蝶金云计算有限公司 | Web access method, device, computer equipment and storage medium |
| CN108462672A (en) * | 2017-02-20 | 2018-08-28 | 沪江教育科技(上海)股份有限公司 | A kind of authentication protection method and system of reply network attack |
| CN111181977A (en) * | 2019-12-31 | 2020-05-19 | 瑞庭网络技术(上海)有限公司 | Login method, device, electronic equipment and medium |
| CN112383542A (en) * | 2020-11-12 | 2021-02-19 | 建信金融科技有限责任公司 | User login method and system, authentication end and user end |
| US11436668B2 (en) * | 2013-02-21 | 2022-09-06 | Yodlee, Inc. | Financial account authentication |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
| CN101815091A (en) * | 2010-03-12 | 2010-08-25 | 薛明 | Cipher providing equipment, cipher authentication system and cipher authentication method |
-
2011
- 2011-06-14 CN CN2011101588214A patent/CN102833276A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
| CN101815091A (en) * | 2010-03-12 | 2010-08-25 | 薛明 | Cipher providing equipment, cipher authentication system and cipher authentication method |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833214A (en) * | 2011-06-14 | 2012-12-19 | 赛酷特(北京)信息技术有限公司 | Webpage login system and method based on credential |
| US11436668B2 (en) * | 2013-02-21 | 2022-09-06 | Yodlee, Inc. | Financial account authentication |
| CN103198130A (en) * | 2013-04-11 | 2013-07-10 | 上海心动企业发展有限公司 | Method and device for realizing login unified with webpage on client side |
| CN103198130B (en) * | 2013-04-11 | 2016-12-28 | 心动网络股份有限公司 | The method and apparatus realizing the login unified with webpage at client |
| CN103905188A (en) * | 2014-04-02 | 2014-07-02 | 天地融科技股份有限公司 | Method for generating dynamic password through intelligent secret key device, and intelligent secret key device |
| CN103905188B (en) * | 2014-04-02 | 2017-12-19 | 天地融科技股份有限公司 | Utilize the method and intelligent cipher key equipment of intelligent cipher key equipment generation dynamic password |
| CN105187389A (en) * | 2015-08-07 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | Webpage access method and system based on digital mixed encryption |
| CN105187389B (en) * | 2015-08-07 | 2019-01-04 | 北京思特奇信息技术股份有限公司 | A kind of Web access method and system for obscuring encryption based on number |
| CN108462672A (en) * | 2017-02-20 | 2018-08-28 | 沪江教育科技(上海)股份有限公司 | A kind of authentication protection method and system of reply network attack |
| CN108418797A (en) * | 2018-01-31 | 2018-08-17 | 金蝶蝶金云计算有限公司 | Web access method, device, computer equipment and storage medium |
| CN108418797B (en) * | 2018-01-31 | 2020-10-23 | 金蝶蝶金云计算有限公司 | Webpage access method and device, computer equipment and storage medium |
| CN111181977A (en) * | 2019-12-31 | 2020-05-19 | 瑞庭网络技术(上海)有限公司 | Login method, device, electronic equipment and medium |
| CN112383542A (en) * | 2020-11-12 | 2021-02-19 | 建信金融科技有限责任公司 | User login method and system, authentication end and user end |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102833276A (en) | Webpage login system based on token | |
| CN107171794B (en) | A kind of electronic document signature method based on block chain and intelligent contract | |
| CN102710759B (en) | Web server, business logging method and system | |
| US20070250700A1 (en) | Peer-to-peer contact exchange | |
| CN108347428B (en) | Registration system, method and device of application program based on block chain | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| CN111027036A (en) | Identity association method based on block chain | |
| CN105099707B (en) | A kind of offline authentication method, server and system | |
| CN105262588A (en) | Log-in method based on dynamic password, account number management server and mobile terminal | |
| CN103384198B (en) | A kind of authenticating user identification method of servicing based on mailbox and system | |
| CN103532966A (en) | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop | |
| CN103888255A (en) | Identity authentication method, device and system | |
| CN110247884B (en) | Method, device and system for updating certificate and computer readable storage medium | |
| CN102868702B (en) | System login device and system login method | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| CN102143131B (en) | User logout method and authentication server | |
| CN1758586A (en) | Time stamp service system and checking server for time stamp information and computer software | |
| CN102739667A (en) | Verification method, device and system based on verification prompt message and server | |
| CN105354482A (en) | Single sign-on method and device | |
| CN102833214A (en) | Webpage login system and method based on credential | |
| CN107483477B (en) | Account management method and account management system | |
| CN104394166B (en) | The certificate false proof Verification System and method of facing moving terminal under a kind of cloud environment | |
| CN112311779A (en) | Data access control method and device applied to block chain system | |
| CN102833213A (en) | Webpage authentication and login method based on TokenLite | |
| CN110086818B (en) | Cloud file secure storage system and access control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121219 |