The content of the invention
To overcome above-mentioned the shortcomings of the prior art, the purpose of the present invention is that providing a kind of safe user mutual recognizes
Card method, equipment and system, not need believable third-party involvement, it is ensured that user authentication information is in open network environment
The security of lower transmission.
For the above-mentioned purpose, technical scheme provided by the invention is as follows:
A kind of user mutual authentication method, comprises the following steps:
Step 1, server end obtain the user account of client transmission;
Step 2, server end obtain user cipher according to user account, and produce a certification by credit bill with testing
Password is demonstrate,proved, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, encryption is believed
Breath is sent to the client computer;
Step 3, received server-side client computer transmission include the checking string using the checking password encryption, certification
Pass through credit bill and the user authentication information of interactive information;
Step 4, server end are handled according to certification of the user authentication information received to user.
Further, step 2 includes:
Server end inquires user cipher according to the user account, and according to sender in transmission protocol package in network
Location parses sender IP;
Server end by a string of part or all of composition in client user name, client computer IP, the term of validity, timestamp,
It is encrypted using a server end password, the ciphertext of generation passes through credit bill as the certification;
Server end is made up of a checking password and the certification a string credit bill, close using the user inquired
Code encryption, and the encryption information is transferred to the client computer.
Further, the server end password is the random string generated at random.
Further, the checking password is the password that server end generates at random.
Further, step 4 includes:
Step S1, verify in the user authentication information with the presence or absence of certification by credit bill, if in the presence of into step
S2, otherwise authentification failure;
Step S2, using verifying that the checking string in the user authentication information is decrypted password, verify the user authentication
Whether information legal effectively, if it is legal effectively, into step S3, otherwise authentification failure;
Step S3, the interactive information in the user authentication information is handled.
Further, the user authentication information obtains as follows:
The encryption information is decrypted using user cipher for client computer, is obtained checking password and is passed through credit ticket with certification
According to;
When client computer communicates with server end, produce a checking information and be verified using the checking password encryption
String, by the checking string, certification by authorizing bill and interactive information to be used as the user authentication information and send to server end.
Further, the checking information include client user name, Client IP address, timestamp, based on timestamp
It is part or all of in the term of validity.
To reach above-mentioned purpose, the present invention also provides a kind of user mutual authenticating device, applied to server end, including:
User account acquiring unit, for obtaining the user account of client transmission;
Encryption information generation unit, according to user account obtain user cipher, and produce a certification by credit bill with
Password is verified, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, will be encrypted
Information transmission is to the client computer
User authentication information receiving unit, for receive the client computer transmission include testing using the checking password encryption
Card string, certification pass through credit bill and the user authentication information of interactive information;
Authentication processing unit, handled according to certification of the user authentication information received to user.
To reach above-mentioned purpose, the present invention also provides a kind of user mutual Verification System, including:
Client computer, when user account is obtained, the user account is sent to user mutual authenticating device, receives the user
The encryption information of interactive authentication equipment transmission, the encryption information is decrypted using user cipher, obtains checking password with recognizing
Card passes through credit bill, when client computer communicates with the user mutual authenticating device, produces a checking information and utilizes the checking
Password encryption is verified string, by the checking string, certification by authorizing bill and interactive information to be used as user authentication information hair
Deliver to user mutual authenticating device
User mutual authenticating device, applied to server end, for obtaining the user account of the client transmission, according to
Family account obtains user cipher, and produces a certification by credit bill and checking password, and the checking password and certification are passed through
Credit bill is combined, and it is encrypted using the user cipher of acquisition, and encryption information is sent into client computer, subscribing client transmission
Include using verify password encryption checking string, certification by credit bill and the user authentication information of interactive information, and
Handled according to certification of the user authentication information received to user.
Further, the client computer includes:
User account obtains delivery unit, for obtaining the user account and password of user's input, and user account is passed
Deliver to user mutual authenticating device;
Encryption information obtains and processing unit, for receiving the encryption information of user interaction device transmission, and utilizes user
The encryption information is decrypted password, obtains checking password and passes through credit bill with certification;
User authentication information generation unit, when the client computer communicates with the user mutual authenticating device, produce a checking
Information is simultaneously verified string using the checking password encryption, by the checking string, certification by authorizing bill and interactive information to make
Sent for user authentication information to the user mutual authenticating device.
Compared with prior art, the beneficial effect of a kind of safe user mutual authentication method of the present invention, equipment and system
It is:
The present invention a kind of safe user mutual authentication method, equipment and system obtain client transmission by server end
User account, according to user account obtain user cipher, and produce a certification by credit bill with checking password, this is tested
Card password and certification are combined by credit bill, and it is encrypted using the user cipher of acquisition, encryption information is sent into the visitor
Family machine, pass through credit comprising the checking string using the checking password encryption, certification by received server-side client computer transmission
The user authentication information of bill and interactive information, and according to the user authentication information received to the certification of user at
Reason, to be implemented without believable third-party involvement, it is ensured that the peace that user authentication information transmits under open network environment
The purpose of full property.
Embodiment
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, control is illustrated below
The embodiment of the present invention.It should be evident that drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing, and obtain other embodiments.
To make simplified form, part related to the present invention is only schematically show in each figure, they are not represented
Its practical structures as product.In addition, so that simplified form readily appreciates, there is identical structure or function in some figures
Part, one of those is only symbolically depicted, or only marked one of those.Herein, "one" is not only represented
" only this ", the situation of " more than one " can also be represented.
In one embodiment of the invention, as shown in figure 1, a kind of safe user mutual authentication method of the present invention, bag
Include following steps:
Step 101, server end obtains the user account of client transmission.When user is intended to recognize by client computer progress safety
During card, user inputs user name, password on a client, and client computer can preserve the user of the user temporarily in local memory
Name, password, while client computer by the account of user by being transferred to server end on open network.
Step 102, server end obtains user cipher according to user account, and produces a certification by credit bill with testing
Password is demonstrate,proved, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, encryption is believed
Breath is sent to client computer.
Specifically, step 102 further comprises:
Step S21, server end inquires user cipher according to user account, and is sent out according in transmission protocol package in network
The side's of sending address resolution goes out sender IP;
Step S22, server end generates a random string as server end password, by client user name, client
Machine IP, the term of validity, timestamp form a string, are encrypted using the server end password, the ciphertext of generation passes through as certification
Credit bill;
Step S23, server end generate a random checking password, the checking password and certification are passed through into credit bill
A string of composition, encrypted using the user cipher inquired, and the encryption information is transferred to client computer.
Step 103, received server-side client computer transmission includes using verifying that the checking string of password encryption, certification pass through
The user authentication information of credit bill and interactive information.Specifically, when client computer receives the encryption letter of server end transmission
After breath, then the encryption information is decrypted using the user cipher of its interim storage, obtains checking password with certification by awarding
Believe bill, when client computer communicates with server end, produce checking information and be verified string using the checking password encryption, and
By the checking string, certification by authorizing bill and interactive information to be used as user authentication information and send to server end, in this hair
In bright specific embodiment, the checking information includes client user name, Client IP address, timestamp, having based on timestamp
The effect phase.
Step 104, server end is handled according to certification of the user authentication information received to user.Specifically,
Step 104 further comprises:
Step S41, verify in the user authentication information with the presence or absence of certification by credit bill, if in the presence of into step
Rapid S42, otherwise authentification failure;
Step S42, using verifying that the checking string in user authentication information is decrypted password, verify that the user authentication is believed
Whether breath legal effectively, if it is legal effectively, into step S43, otherwise authentification failure, can in the specific embodiment of the invention
Timestamp in being gone here and there according to checking judges whether the user authentication information is legal effectively with the term of validity based on timestamp, it is assumed that base
It is two minutes in the term of validity of timestamp, then current user is determined according to the time of timestamp and the term of validity of two minutes
Whether authentication information is legal effectively.
Step S43, the interactive information in user authentication information is handled.
In another embodiment of the present invention, as shown in Fig. 2 a kind of safe user mutual authenticating device of the present invention,
Applied to server end, it includes:User account acquiring unit 201, encryption information generation unit 202, user authentication information connect
Receive unit 203 and authentication processing unit 204.
Wherein, user account acquiring unit 201, for obtaining the user account of client transmission.That is, work as user
When being intended to carry out safety certification by client computer, user need to input user name, password on a client, and client computer then can be in local
Preserve user name, the password of the user in depositing temporarily, at the same client computer by the account of user by being transferred to clothes on open network
Business device end.
Encryption information generation unit 202, for obtaining user cipher according to user account, and produce a certification and pass through credit
Bill and checking password, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition,
Encryption information is sent to client computer.
Specifically, as shown in figure 3, encryption information generation unit 202 further comprises:
Protocol analysis unit 2021, for inquiring user cipher according to user account, and according to host-host protocol in network
Sender address parses sender IP in bag;
Credit bill generation unit 2022, for generating a random string as server end password, client computer is used
Name in an account book, client computer IP, the term of validity, timestamp form a string, are encrypted using the server end password, and the ciphertext of generation is made
Pass through credit bill for certification;
Encrypted transmission unit 2023, for generating a random checking password, by the checking password and certification by awarding
Believe that bill forms a string, encrypted using the user cipher inquired, and the encryption information is transferred to client computer.
User authentication information receiving unit 203, for including using verifying testing for password encryption for subscribing client transmission
Card string, certification pass through credit bill and the user authentication information of interactive information.Specifically, when client computer receives server end
After the encryption information of transmission, then the encryption information is decrypted using the user cipher of its interim storage, obtains checking password
With certification by credit bill, when client computer communicates with server end, produce checking information and utilize the checking password encryption
String is verified, and by the checking string, certification by authorizing bill and interactive information to be used as user authentication information and send to clothes
Business device end, in the specific embodiment of the invention, the checking information includes client user name, Client IP address, timestamp, base
In the term of validity of timestamp.
Authentication processing unit 204, for being handled according to certification of the user authentication information received to user.Specifically
Ground, as shown in figure 4, authentication processing unit 204 further comprises:
Credit note validating unit 2041, pass through credit ticket with the presence or absence of certification for verifying in the user authentication information
According to if in the presence of string authentication unit 2042 is verified in startup, otherwise authentification failure;
Checking string authentication unit 2042, for using verifying that the checking string in user authentication information is decrypted password,
Verify whether the user authentication information is legal effectively, if legal effective, into interactive information processing unit 2043, otherwise certification
Failure, in the specific embodiment of the invention, the timestamp in being gone here and there according to checking judges the use with the term of validity based on timestamp
Whether family authentication information legal effectively, it is assumed that the term of validity based on timestamp is two minutes, then according to the time of timestamp and
The term of validity of two minutes come determine current user authentication information it is whether legal effectively.
Interactive information processing unit 2043, for handling the interactive information in user authentication information.
In yet another embodiment of the present invention, as shown in figure 5, a kind of safe user mutual Verification System of the present invention,
Including:Client computer 50 and user mutual authenticating device 51
Client computer 50, when user account is obtained, user account is sent to user mutual authenticating device, receives the user
The encryption information of interactive authentication equipment transmission, the encryption information is decrypted using user cipher, obtains checking password with recognizing
Card pass through credit bill, in client computer communicate with the user mutual authenticating device 51 when, the simultaneously utilization checking of generation checking information
Password encryption is verified string, and by the checking string, certification by authorizing bill and interactive information to be used as user authentication information
Send to user mutual authenticating device 51, in the specific embodiment of the invention, the checking information includes client user name, client
Machine IP address, timestamp, the term of validity based on timestamp.
User mutual authenticating device 51, applied to server end, for obtaining the user account of client transmission, according to
Family account obtains user cipher, and produces a certification by credit bill and checking password, and the checking password and certification are passed through
Credit bill is combined, and it is encrypted using the user cipher of acquisition, and encryption information is sent into client computer, subscribing client transmission
Include using verify password encryption checking string, certification by credit bill and the user authentication information of interactive information, and
Handled according to certification of the user authentication information received to user.
Specifically, as shown in fig. 6, client computer 50 further comprises:User account obtains delivery unit 501, encryption information
Acquisition and processing unit 502 and user authentication information generation unit 503.
User account obtains delivery unit 501, for obtaining the user account and password of user's input, and by user account
It is sent to user mutual authenticating device.That is, when user is intended to carry out safety certification by client computer, user need to be in client
Input user name (user account), password on machine, client computer can then preserve the user name, close of the user temporarily in local memory
Code, at the same client computer by user account by being transferred to user mutual authenticating device (i.e. server end) on open network;
Encryption information obtains and processing unit 502, for receiving the encryption information of user interaction device transmission, and utilizes use
The encryption information is decrypted family password, obtains checking password and passes through credit bill with certification;
User authentication information generation unit 503, when the client computer communicates with the user mutual authenticating device, produce one and test
Card information is simultaneously verified string using the checking password encryption, by the checking string, certification by authorizing bill and interactive information
Sent as user authentication information to the user mutual authenticating device.
The present invention will be further illustrated by a specific embodiment below:
1st, user inputs user name, password on a client, and client computer preserves the use of the user temporarily in local memory
Name in an account book, password.
2nd, the account (user name) of user is transferred to service end by client computer on open network.
3rd, service end is inquired the password of user by the account of user, while according to sender in transmission protocol package in network
Address resolution sender IP.
4th, service end generates a random string and is used as service end password, by client user's name, client ip, effective
Phase, timestamp, form a string, using the service end password encryption, the ciphertext of generation passes through credit bill as certification.
5th, service end regenerates an accidental validation password, and the checking password and certification are formed into one by credit bill
String, encrypted using the user cipher inquired, the encryption information is transmitted to client computer.
6th, after client computer receives the encryption information, decrypted using the user cipher in internal memory, be verified password and certification
Pass through credit bill.
7th, when client computer communicates with service end afterwards, first by user name, IP address, timestamp, two points based on timestamp
The information of clock term of validity composition, using password encryption is verified, string is verified, then checking string, certification are passed through into credit bill, friendship
Mutual information is transmitted to service end together.
8th, after service end receives interactive information, it is necessary first to which authentication verification whether there is by credit bill, if deposited
Checking password is being recycled, decryption verification string, whether legal checking user authentication is, effective, finally just handles interactive information.
In summary, the present invention a kind of safe user mutual authentication method, equipment and system is obtained by server end
The user account of client transmission, user cipher is obtained according to user account, and produce a certification and pass through credit bill and checking
Password, the checking password and certification are combined by credit bill, it encrypted using the user cipher of acquisition, by encryption information
The client computer is sent to, including the checking string using the checking password encryption, recognize by the transmission of the received server-side client computer
Card is recognized user by credit bill and the user authentication information of interactive information according to the user authentication information received
Card is handled, to be implemented without believable third-party involvement, it is ensured that user authentication information is under open network environment
The purpose of the security of transmission.
It should be noted that above-described embodiment can independent assortment as needed.Described above is only the preferred of the present invention
Embodiment, it is noted that for those skilled in the art, do not departing from the premise of the principle of the invention
Under, some improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.