CN107454063A - A kind of user mutual authentication method, equipment and system - Google Patents
A kind of user mutual authentication method, equipment and system Download PDFInfo
- Publication number
- CN107454063A CN107454063A CN201710558212.5A CN201710558212A CN107454063A CN 107454063 A CN107454063 A CN 107454063A CN 201710558212 A CN201710558212 A CN 201710558212A CN 107454063 A CN107454063 A CN 107454063A
- Authority
- CN
- China
- Prior art keywords
- user
- certification
- checking
- information
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000005540 biological transmission Effects 0.000 claims abstract description 40
- 230000002452 interceptive effect Effects 0.000 claims abstract description 32
- 238000012545 processing Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 7
- 230000003993 interaction Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000385223 Villosa iris Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Abstract
The invention discloses a kind of safe user mutual authentication method, equipment and system, this method comprises the following steps:Server end obtains the user account of client transmission;Server end obtains user cipher according to user account, and produces a certification by credit bill and checking password, and the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, encryption information is sent into the client computer;Received server-side client computer transmission is included using the checking of the checking password encryption is gone here and there, certification passes through credit bill and the user authentication information of interactive information;Server end is handled according to certification of the user authentication information received to user, by the present invention, can be achieved not needing believable third-party involvement, it is ensured that the purpose for the security that user authentication information transmits under open network environment.
Description
Technical field
The present invention relates to technical field of security authentication, more particularly to a kind of user mutual authentication method, equipment and system.
Background technology
In the environment of current open network technology develops rapidly, the business of all trades and professions is almost required for by open net
Network is to submit, feedback user authentication information, but open network is incredible network environment.Also just say, if client computer kimonos
Business device carries out plaintext communication on unreliable network, and anyone can obtain clear content, or even distort, the privacy and power of user
Benefit is by serious threat.
Due to can not directly transmit the sensitive informations such as user cipher under open network environment, user is logging in submission user
When authentication information, therefore usually need to handle to improve security the authentication information that user submits, it is main at present
There is the following two kinds method:
A kind of method is that user cipher first is carried out into one or many message digest algorithms, such as MD5 on a client
(Message Digest Algorithm 5, Message Digest Algorithm 5) or SHA algorithms (Secure Hash
Algorithm, Secure Hash Algorithm) formed password informative abstract, afterwards by the informative abstract of user account and password transmit
To server.Server receives user account, inquires the decodement of the user, afterwards carries out the password inquired same
The message digest algorithm of the same algorithm of sample number calculates, the comparison that the value calculated and user are transmitted through coming.If consistent, recognize
Demonstrate,prove successfully;Otherwise, then fail.
However, this method in the case of having a large amount of MD5 rainbows tables now, becomes to have no secret can to say that attacker can
To obtain the MD5 values of the password of user, the possible plaintext of user is inquired.And this mode, anti-pretend to be can not be accomplished.
The solution of main flow under another method, that is, current open network environment, i.e. HTTPS (Hyper Text
Transfer Protocol over Secure Socket Layer) mode, this mode is that service end is transferred to client computer
Ciphertext with this public key encryption, is transferred to service end by the key to be communicated after both sides by one public key, client computer afterwards, is serviced
End is decrypted with the private key of oneself, obtains the client computer communication key to be used.When both sides carry out user authentication afterwards, client computer is used
Communication key of this agreement encrypts the user profile of submission, and service end decrypts the ciphertext received, just obtain user name with
Password.
However, although this method can accomplish security.But the public key used in HTTPS generally requires trusted third party CA
(Certification Authority, authentication center)) intervention, add cost and complexity.
The content of the invention
To overcome above-mentioned the shortcomings of the prior art, the purpose of the present invention is that providing a kind of safe user mutual recognizes
Card method, equipment and system, not need believable third-party involvement, it is ensured that user authentication information is in open network environment
The security of lower transmission.
For the above-mentioned purpose, technical scheme provided by the invention is as follows:
A kind of user mutual authentication method, comprises the following steps:
Step 1, server end obtain the user account of client transmission;
Step 2, server end obtain user cipher according to user account, and produce a certification by credit bill with testing
Password is demonstrate,proved, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, encryption is believed
Breath is sent to the client computer;
Step 3, received server-side client computer transmission include the checking string using the checking password encryption, certification
Pass through credit bill and the user authentication information of interactive information;
Step 4, server end are handled according to certification of the user authentication information received to user.
Further, step 2 includes:
Server end inquires user cipher according to the user account, and according to sender in transmission protocol package in network
Location parses sender IP;
Server end by a string of part or all of composition in client user name, client computer IP, the term of validity, timestamp,
It is encrypted using a server end password, the ciphertext of generation passes through credit bill as the certification;
Server end is made up of a checking password and the certification a string credit bill, close using the user inquired
Code encryption, and the encryption information is transferred to the client computer.
Further, the server end password is the random string generated at random.
Further, the checking password is the password that server end generates at random.
Further, step 4 includes:
Step S1, verify in the user authentication information with the presence or absence of certification by credit bill, if in the presence of into step
S2, otherwise authentification failure;
Step S2, using verifying that the checking string in the user authentication information is decrypted password, verify the user authentication
Whether information legal effectively, if it is legal effectively, into step S3, otherwise authentification failure;
Step S3, the interactive information in the user authentication information is handled.
Further, the user authentication information obtains as follows:
The encryption information is decrypted using user cipher for client computer, is obtained checking password and is passed through credit ticket with certification
According to;
When client computer communicates with server end, produce a checking information and be verified using the checking password encryption
String, by the checking string, certification by authorizing bill and interactive information to be used as the user authentication information and send to server end.
Further, the checking information include client user name, Client IP address, timestamp, based on timestamp
It is part or all of in the term of validity.
To reach above-mentioned purpose, the present invention also provides a kind of user mutual authenticating device, applied to server end, including:
User account acquiring unit, for obtaining the user account of client transmission;
Encryption information generation unit, according to user account obtain user cipher, and produce a certification by credit bill with
Password is verified, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, will be encrypted
Information transmission is to the client computer
User authentication information receiving unit, for receive the client computer transmission include testing using the checking password encryption
Card string, certification pass through credit bill and the user authentication information of interactive information;
Authentication processing unit, handled according to certification of the user authentication information received to user.
To reach above-mentioned purpose, the present invention also provides a kind of user mutual Verification System, including:
Client computer, when user account is obtained, the user account is sent to user mutual authenticating device, receives the user
The encryption information of interactive authentication equipment transmission, the encryption information is decrypted using user cipher, obtains checking password with recognizing
Card passes through credit bill, when client computer communicates with the user mutual authenticating device, produces a checking information and utilizes the checking
Password encryption is verified string, by the checking string, certification by authorizing bill and interactive information to be used as user authentication information hair
Deliver to user mutual authenticating device
User mutual authenticating device, applied to server end, for obtaining the user account of the client transmission, according to
Family account obtains user cipher, and produces a certification by credit bill and checking password, and the checking password and certification are passed through
Credit bill is combined, and it is encrypted using the user cipher of acquisition, and encryption information is sent into client computer, subscribing client transmission
Include using verify password encryption checking string, certification by credit bill and the user authentication information of interactive information, and
Handled according to certification of the user authentication information received to user.
Further, the client computer includes:
User account obtains delivery unit, for obtaining the user account and password of user's input, and user account is passed
Deliver to user mutual authenticating device;
Encryption information obtains and processing unit, for receiving the encryption information of user interaction device transmission, and utilizes user
The encryption information is decrypted password, obtains checking password and passes through credit bill with certification;
User authentication information generation unit, when the client computer communicates with the user mutual authenticating device, produce a checking
Information is simultaneously verified string using the checking password encryption, by the checking string, certification by authorizing bill and interactive information to make
Sent for user authentication information to the user mutual authenticating device.
Compared with prior art, the beneficial effect of a kind of safe user mutual authentication method of the present invention, equipment and system
It is:
The present invention a kind of safe user mutual authentication method, equipment and system obtain client transmission by server end
User account, according to user account obtain user cipher, and produce a certification by credit bill with checking password, this is tested
Card password and certification are combined by credit bill, and it is encrypted using the user cipher of acquisition, encryption information is sent into the visitor
Family machine, pass through credit comprising the checking string using the checking password encryption, certification by received server-side client computer transmission
The user authentication information of bill and interactive information, and according to the user authentication information received to the certification of user at
Reason, to be implemented without believable third-party involvement, it is ensured that the peace that user authentication information transmits under open network environment
The purpose of full property.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of one embodiment of safe user mutual authentication method of the present invention;
Fig. 2 is a kind of structural representation of one embodiment of safe user mutual authenticating device of the present invention;
Fig. 3 is the detail structure chart of the encryption information generation unit of the specific embodiment of the invention;
Fig. 4 is the detail structure chart of the authentication processing unit of the specific embodiment of the invention;
Fig. 5 is a kind of configuration diagram of one embodiment of safe user mutual Verification System of the present invention
Fig. 6 is the detail structure chart of client computer in the specific embodiment of the invention.
Embodiment
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, control is illustrated below
The embodiment of the present invention.It should be evident that drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing, and obtain other embodiments.
To make simplified form, part related to the present invention is only schematically show in each figure, they are not represented
Its practical structures as product.In addition, so that simplified form readily appreciates, there is identical structure or function in some figures
Part, one of those is only symbolically depicted, or only marked one of those.Herein, "one" is not only represented
" only this ", the situation of " more than one " can also be represented.
In one embodiment of the invention, as shown in figure 1, a kind of safe user mutual authentication method of the present invention, bag
Include following steps:
Step 101, server end obtains the user account of client transmission.When user is intended to recognize by client computer progress safety
During card, user inputs user name, password on a client, and client computer can preserve the user of the user temporarily in local memory
Name, password, while client computer by the account of user by being transferred to server end on open network.
Step 102, server end obtains user cipher according to user account, and produces a certification by credit bill with testing
Password is demonstrate,proved, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, encryption is believed
Breath is sent to client computer.
Specifically, step 102 further comprises:
Step S21, server end inquires user cipher according to user account, and is sent out according in transmission protocol package in network
The side's of sending address resolution goes out sender IP;
Step S22, server end generates a random string as server end password, by client user name, client
Machine IP, the term of validity, timestamp form a string, are encrypted using the server end password, the ciphertext of generation passes through as certification
Credit bill;
Step S23, server end generate a random checking password, the checking password and certification are passed through into credit bill
A string of composition, encrypted using the user cipher inquired, and the encryption information is transferred to client computer.
Step 103, received server-side client computer transmission includes using verifying that the checking string of password encryption, certification pass through
The user authentication information of credit bill and interactive information.Specifically, when client computer receives the encryption letter of server end transmission
After breath, then the encryption information is decrypted using the user cipher of its interim storage, obtains checking password with certification by awarding
Believe bill, when client computer communicates with server end, produce checking information and be verified string using the checking password encryption, and
By the checking string, certification by authorizing bill and interactive information to be used as user authentication information and send to server end, in this hair
In bright specific embodiment, the checking information includes client user name, Client IP address, timestamp, having based on timestamp
The effect phase.
Step 104, server end is handled according to certification of the user authentication information received to user.Specifically,
Step 104 further comprises:
Step S41, verify in the user authentication information with the presence or absence of certification by credit bill, if in the presence of into step
Rapid S42, otherwise authentification failure;
Step S42, using verifying that the checking string in user authentication information is decrypted password, verify that the user authentication is believed
Whether breath legal effectively, if it is legal effectively, into step S43, otherwise authentification failure, can in the specific embodiment of the invention
Timestamp in being gone here and there according to checking judges whether the user authentication information is legal effectively with the term of validity based on timestamp, it is assumed that base
It is two minutes in the term of validity of timestamp, then current user is determined according to the time of timestamp and the term of validity of two minutes
Whether authentication information is legal effectively.
Step S43, the interactive information in user authentication information is handled.
In another embodiment of the present invention, as shown in Fig. 2 a kind of safe user mutual authenticating device of the present invention,
Applied to server end, it includes:User account acquiring unit 201, encryption information generation unit 202, user authentication information connect
Receive unit 203 and authentication processing unit 204.
Wherein, user account acquiring unit 201, for obtaining the user account of client transmission.That is, work as user
When being intended to carry out safety certification by client computer, user need to input user name, password on a client, and client computer then can be in local
Preserve user name, the password of the user in depositing temporarily, at the same client computer by the account of user by being transferred to clothes on open network
Business device end.
Encryption information generation unit 202, for obtaining user cipher according to user account, and produce a certification and pass through credit
Bill and checking password, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition,
Encryption information is sent to client computer.
Specifically, as shown in figure 3, encryption information generation unit 202 further comprises:
Protocol analysis unit 2021, for inquiring user cipher according to user account, and according to host-host protocol in network
Sender address parses sender IP in bag;
Credit bill generation unit 2022, for generating a random string as server end password, client computer is used
Name in an account book, client computer IP, the term of validity, timestamp form a string, are encrypted using the server end password, and the ciphertext of generation is made
Pass through credit bill for certification;
Encrypted transmission unit 2023, for generating a random checking password, by the checking password and certification by awarding
Believe that bill forms a string, encrypted using the user cipher inquired, and the encryption information is transferred to client computer.
User authentication information receiving unit 203, for including using verifying testing for password encryption for subscribing client transmission
Card string, certification pass through credit bill and the user authentication information of interactive information.Specifically, when client computer receives server end
After the encryption information of transmission, then the encryption information is decrypted using the user cipher of its interim storage, obtains checking password
With certification by credit bill, when client computer communicates with server end, produce checking information and utilize the checking password encryption
String is verified, and by the checking string, certification by authorizing bill and interactive information to be used as user authentication information and send to clothes
Business device end, in the specific embodiment of the invention, the checking information includes client user name, Client IP address, timestamp, base
In the term of validity of timestamp.
Authentication processing unit 204, for being handled according to certification of the user authentication information received to user.Specifically
Ground, as shown in figure 4, authentication processing unit 204 further comprises:
Credit note validating unit 2041, pass through credit ticket with the presence or absence of certification for verifying in the user authentication information
According to if in the presence of string authentication unit 2042 is verified in startup, otherwise authentification failure;
Checking string authentication unit 2042, for using verifying that the checking string in user authentication information is decrypted password,
Verify whether the user authentication information is legal effectively, if legal effective, into interactive information processing unit 2043, otherwise certification
Failure, in the specific embodiment of the invention, the timestamp in being gone here and there according to checking judges the use with the term of validity based on timestamp
Whether family authentication information legal effectively, it is assumed that the term of validity based on timestamp is two minutes, then according to the time of timestamp and
The term of validity of two minutes come determine current user authentication information it is whether legal effectively.
Interactive information processing unit 2043, for handling the interactive information in user authentication information.
In yet another embodiment of the present invention, as shown in figure 5, a kind of safe user mutual Verification System of the present invention,
Including:Client computer 50 and user mutual authenticating device 51
Client computer 50, when user account is obtained, user account is sent to user mutual authenticating device, receives the user
The encryption information of interactive authentication equipment transmission, the encryption information is decrypted using user cipher, obtains checking password with recognizing
Card pass through credit bill, in client computer communicate with the user mutual authenticating device 51 when, the simultaneously utilization checking of generation checking information
Password encryption is verified string, and by the checking string, certification by authorizing bill and interactive information to be used as user authentication information
Send to user mutual authenticating device 51, in the specific embodiment of the invention, the checking information includes client user name, client
Machine IP address, timestamp, the term of validity based on timestamp.
User mutual authenticating device 51, applied to server end, for obtaining the user account of client transmission, according to
Family account obtains user cipher, and produces a certification by credit bill and checking password, and the checking password and certification are passed through
Credit bill is combined, and it is encrypted using the user cipher of acquisition, and encryption information is sent into client computer, subscribing client transmission
Include using verify password encryption checking string, certification by credit bill and the user authentication information of interactive information, and
Handled according to certification of the user authentication information received to user.
Specifically, as shown in fig. 6, client computer 50 further comprises:User account obtains delivery unit 501, encryption information
Acquisition and processing unit 502 and user authentication information generation unit 503.
User account obtains delivery unit 501, for obtaining the user account and password of user's input, and by user account
It is sent to user mutual authenticating device.That is, when user is intended to carry out safety certification by client computer, user need to be in client
Input user name (user account), password on machine, client computer can then preserve the user name, close of the user temporarily in local memory
Code, at the same client computer by user account by being transferred to user mutual authenticating device (i.e. server end) on open network;
Encryption information obtains and processing unit 502, for receiving the encryption information of user interaction device transmission, and utilizes use
The encryption information is decrypted family password, obtains checking password and passes through credit bill with certification;
User authentication information generation unit 503, when the client computer communicates with the user mutual authenticating device, produce one and test
Card information is simultaneously verified string using the checking password encryption, by the checking string, certification by authorizing bill and interactive information
Sent as user authentication information to the user mutual authenticating device.
The present invention will be further illustrated by a specific embodiment below:
1st, user inputs user name, password on a client, and client computer preserves the use of the user temporarily in local memory
Name in an account book, password.
2nd, the account (user name) of user is transferred to service end by client computer on open network.
3rd, service end is inquired the password of user by the account of user, while according to sender in transmission protocol package in network
Address resolution sender IP.
4th, service end generates a random string and is used as service end password, by client user's name, client ip, effective
Phase, timestamp, form a string, using the service end password encryption, the ciphertext of generation passes through credit bill as certification.
5th, service end regenerates an accidental validation password, and the checking password and certification are formed into one by credit bill
String, encrypted using the user cipher inquired, the encryption information is transmitted to client computer.
6th, after client computer receives the encryption information, decrypted using the user cipher in internal memory, be verified password and certification
Pass through credit bill.
7th, when client computer communicates with service end afterwards, first by user name, IP address, timestamp, two points based on timestamp
The information of clock term of validity composition, using password encryption is verified, string is verified, then checking string, certification are passed through into credit bill, friendship
Mutual information is transmitted to service end together.
8th, after service end receives interactive information, it is necessary first to which authentication verification whether there is by credit bill, if deposited
Checking password is being recycled, decryption verification string, whether legal checking user authentication is, effective, finally just handles interactive information.
In summary, the present invention a kind of safe user mutual authentication method, equipment and system is obtained by server end
The user account of client transmission, user cipher is obtained according to user account, and produce a certification and pass through credit bill and checking
Password, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, by encryption information
The client computer is sent to, including the checking string using the checking password encryption, recognize by the transmission of the received server-side client computer
Card is recognized user by credit bill and the user authentication information of interactive information according to the user authentication information received
Card is handled, to be implemented without believable third-party involvement, it is ensured that user authentication information is under open network environment
The purpose of the security of transmission.
It should be noted that above-described embodiment can independent assortment as needed.Described above is only the preferred of the present invention
Embodiment, it is noted that for those skilled in the art, do not departing from the premise of the principle of the invention
Under, some improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of user mutual authentication method, comprises the following steps:
Step 1, server end obtain the user account of client transmission;
Step 2, server end obtain user cipher according to user account, and it is close with verifying by credit bill to produce a certification
Code, the checking password and certification are combined by credit bill, it is encrypted using the user cipher of acquisition, encryption information is passed
Deliver to the client computer;
Step 3, received server-side client computer transmission pass through comprising the checking string using the checking password encryption, certification
The user authentication information of credit bill and interactive information;
Step 4, server end are handled according to certification of the user authentication information received to user.
2. a kind of user mutual authentication method as claimed in claim 1, it is characterised in that step 2 further comprises:
Server end inquires user cipher according to the user account, and according to sender address solution in transmission protocol package in network
Separate out sender IP;
Server end utilizes a string of part or all of composition in client user name, client computer IP, the term of validity, timestamp
One server end password is encrypted, and the ciphertext of generation passes through credit bill as the certification;
Server end is made up of a checking password and the certification a string credit bill, is added using the user cipher inquired
It is close, and the encryption information is transferred to the client computer.
A kind of 3. user mutual authentication method as claimed in claim 2, it is characterised in that:The server end password is random raw
Into a random string.
A kind of 4. user mutual authentication method as claimed in claim 2, it is characterised in that:The checking password be server end with
The password of machine generation.
5. a kind of user mutual authentication method as claimed in claim 2, it is characterised in that step 4 further comprises:
Step S1, verify in the user authentication information with the presence or absence of certification by credit bill, if in the presence of, into step S2,
Otherwise authentification failure;
Step S2, using verifying that the checking string in the user authentication information is decrypted password, verify the user authentication information
Whether it is legal effectively, if it is legal effectively, into step S3, otherwise authentification failure;
Step S3, the interactive information in the user authentication information is handled.
A kind of 6. user mutual authentication method as claimed in claim 2, it is characterised in that:The user authentication information passes through step
Generation:
The encryption information is decrypted using user cipher for client computer, is obtained checking password and is passed through credit bill with certification;
When client computer communicates with server end, produce a checking information and be verified string using the checking password encryption, will
The checking string, certification are by authorizing bill and interactive information to be used as the user authentication information and send to server end.
A kind of 7. user mutual authentication method as claimed in claim 6, it is characterised in that:The checking information is used including client computer
It is part or all of in name in an account book, Client IP address, timestamp, the term of validity based on timestamp.
8. a kind of user mutual authenticating device, applied to server end, including:
User account acquiring unit, for obtaining the user account of client transmission;
Encryption information generation unit, user cipher is obtained according to user account, and produce a certification and pass through credit bill and checking
Password, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, by encryption information
It is sent to the client computer
User authentication information receiving unit, for receiving the checking included using the checking password encryption of client computer transmission
String, certification pass through credit bill and the user authentication information of interactive information;
Authentication processing unit, handled according to certification of the user authentication information received to user.
9. a kind of user mutual Verification System, including:
Client computer, when user account is obtained, the user account is sent to user mutual authenticating device, receives the user mutual
The encryption information of authenticating device transmission, the encryption information is decrypted using user cipher, is obtained checking password and is led to certification
Credit bill is crossed, when client computer communicates with the user mutual authenticating device, a checking information is produced and utilizes the checking password
Encryption is verified string, by the checking string, certification by authorize bill and interactive information be used as user authentication information send to
User mutual authenticating device
User mutual authenticating device, applied to server end, for obtaining the user account of the client transmission, according to user's account
Number obtain user cipher, and produce a certification by credit bill with checking password, the checking password and certification are passed through into credit
Bill is combined, and it is encrypted using the user cipher of acquisition, and encryption information is sent into client computer, the bag of subscribing client transmission
Containing using verify password encryption checking string, certification by credit bill and the user authentication information of interactive information, and according to
Certification of the user authentication information received to user is handled.
10. a kind of user mutual Verification System as claimed in claim 9, it is characterised in that the client computer includes:
User account obtains delivery unit, for obtaining the user account and password of user's input, and user account is sent to
User mutual authenticating device;
Encryption information obtains and processing unit, for receiving the encryption information of user interaction device transmission, and utilizes user cipher
The encryption information is decrypted, checking password is obtained and passes through credit bill with certification;
User authentication information generation unit, when the client computer communicates with the user mutual authenticating device, produce a checking information
And string is verified using the checking password encryption, by the checking string, certification by authorizing bill and interactive information to be used as use
Family authentication information is sent to the user mutual authenticating device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710558212.5A CN107454063B (en) | 2017-07-10 | 2017-07-10 | User interaction authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710558212.5A CN107454063B (en) | 2017-07-10 | 2017-07-10 | User interaction authentication method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107454063A true CN107454063A (en) | 2017-12-08 |
| CN107454063B CN107454063B (en) | 2020-09-18 |
Family
ID=60487882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710558212.5A Active CN107454063B (en) | 2017-07-10 | 2017-07-10 | User interaction authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107454063B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
| US20170109742A1 (en) * | 2015-10-20 | 2017-04-20 | Paypal, Inc. | Secure multi-factor user authentication on disconnected mobile devices |
-
2017
- 2017-07-10 CN CN201710558212.5A patent/CN107454063B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
| US20170109742A1 (en) * | 2015-10-20 | 2017-04-20 | Paypal, Inc. | Secure multi-factor user authentication on disconnected mobile devices |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107454063B (en) | 2020-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8583928B2 (en) | Portable security transaction protocol | |
| CN103729941B (en) | A kind of main cipher key T MK method for safely downloading of terminal and system | |
| CN102647461B (en) | Communication means based on HTTP, server, terminal | |
| CN1565117B (en) | Data certification method and apparatus | |
| CN102624740B (en) | A kind of data interactive method and client, server | |
| CN103297403B (en) | A kind of method and system for realizing dynamic cipher verification | |
| CN105656920B (en) | A kind of encryption and decryption method and system for posting number of packages evidence based on express delivery | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
| CN107040513A (en) | A kind of credible access registrar processing method, user terminal and service end | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN105681470A (en) | Communication method, server and terminal based on hypertext transfer protocol | |
| CN103812651B (en) | Method of password authentication, apparatus and system | |
| KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
| CN105072125A (en) | HTTP communication system and method | |
| CN104394172A (en) | Single sign-on device and method | |
| CN103903140A (en) | O2O safety payment method, system and safety payment background | |
| CN104486087A (en) | Digital signature method based on remote hardware security modules | |
| CN106101160A (en) | A kind of system login method and device | |
| CN106712939A (en) | Offline key transmission method and device | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN107566393A (en) | A kind of dynamic rights checking system and method based on trust certificate | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN101437228B (en) | Method, apparatus and system for implementing wireless business based on smart card | |
| CN106453259A (en) | Internet finance safety link realization method based on block chaining encryption technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201119 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201221 Address after: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee after: Bengbu Lichao Information Technology Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210311 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee before: Bengbu Lichao Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221216 Address after: Room 804, 8/F, Building 4 #, Phase II, Modern Service Demonstration Base, Huazhong University of Science and Technology Park, No. 15-1, University Park Road, Guandong Street, Donghu New Technology Development Zone, Wuhan City, 430000 Hubei Province Patentee after: Wuhan Lingyu Information Technology Co.,Ltd. Address before: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee before: Huzhou YingLie Intellectual Property Operation Co.,Ltd. |