CN109391615A - A kind of server exempts from close login method and system - Google Patents

A kind of server exempts from close login method and system Download PDF

Info

Publication number
CN109391615A
CN109391615A CN201811130837.2A CN201811130837A CN109391615A CN 109391615 A CN109391615 A CN 109391615A CN 201811130837 A CN201811130837 A CN 201811130837A CN 109391615 A CN109391615 A CN 109391615A
Authority
CN
China
Prior art keywords
pin code
usbkey
user
fingerprint
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811130837.2A
Other languages
Chinese (zh)
Inventor
杨海滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Internet Pioneer Technology Co Ltd
Original Assignee
Shenzhen Internet Pioneer Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Internet Pioneer Technology Co Ltd filed Critical Shenzhen Internet Pioneer Technology Co Ltd
Priority to CN201811130837.2A priority Critical patent/CN109391615A/en
Publication of CN109391615A publication Critical patent/CN109391615A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of servers to exempt from close login method and system, user must be inserted into USBKEY, inputting correct PIN code calls the username and password progress login authentication in USBKEY just to can enter server operating system, " double factor " certification is realized, the safety of Server remote login process is improved;Username and password is stored in USBKEY simultaneously, is extracted by method of calling, it is possible to prevente effectively from user forgets that username and password leads to not the case where logging in;Furthermore, server provided by the invention exempts from close login method and system also supports fingerprint authentication, before the PIN code for obtaining user's input, it needs to carry out fingerprint authentication, the login mode combined by fingerprint, PIN code and USBKEY, instead of the login mode of the traditional interface WINDOWS username and password, it realizes and exempts from close login, to avoid being intercepted keyboard operation or password transmission information by Trojan software, to avoid being hit library attack, cryptographic attack by hacker, the safety of Telnet is further improved.

Description

A kind of server exempts from close login method and system
Technical field
The present invention relates to technical field of the computer network, exempt from close login method and system more particularly to a kind of server.
Background technique
21 century is the epoch of computer networking technology large-scale application, and the progress of computer networking technology and improving also is answered Many fields are used.In computer networking technology application process, telnet server is generally required to server software Or hardware adjusts, but often will appear the case where forgetting login account or password.And the safety of server with DELL (Dell) the servers driving such as HP (Hewlett-Packard) encryption and RAID (RedundantArrays ofIndependent Drives, disk array) unique cipher mode become better and better, the crack possibility very little of server operating system, almost without Method carries out Telnet in the case where not inputting account number cipher;If by the way of refitting system, although use can be reseted Name in an account book and password, but the data before destroying.Therefore need that a kind of not only safety avoids forgetting Password again in a hurry long-range steps on The method for recording server.
Summary of the invention
The object of the present invention is to provide a kind of servers to exempt from close login method and system, to realize that server exempts from close remotely to step on Record, and improve login process safety.
To achieve the above object, the present invention provides following schemes:
A kind of server exempts from close login method, and the server exempts from close login method and includes:
It obtains USBKEY and is inserted into signal;
The PIN code of signal acquisition user input is inserted into according to the USBKEY;
Judge whether the PIN code and certification PIN code are identical, obtain the first judging result;
If first judging result is that the PIN code and the certification PIN code be not identical, obtain what user re-entered PIN code;
If first judging result is that the PIN code is identical as the certification PIN code, PIN code is verified, and is generated USBKEY user name and code extraction order;
The user name and password of USBKEY storage inside are read according to the USBKEY user name and code extraction order;
LSA verifying is carried out according to the user name and password, determines LSA verification result;
If the LSA verification result is LSA, verifying does not pass through, and refuses user's telnet server;
If the LSA verification result is verified for LSA, completes Server remote and log in.
Optionally, after the PIN code that the acquisition user re-enters, further includes:
Judge whether PIN code that the user re-enters and the certification PIN code are identical, obtains the second judging result;
If second judging result is that the PIN code that the user re-enters and the certification PIN code be not identical, obtain The PIN code of user's third time input;
Judge whether PIN code and the certification PIN code of user's third time input are identical, obtain third judgement knot Fruit;
If the third judging result is that the PIN code that user's third time inputs and the certification PIN code be not identical, lock Determine computer, no longer progress PIN code verifying.
Optionally, before the PIN code that signal acquisition user input is inserted into according to the USBKEY, further includes:
Obtain fingerprint of administrator input signal;
Whether the fingerprint for judging that the fingerprint of administrator input signal and fingerprint characteristic library store is consistent, obtains the 4th judgement As a result;
If the 4th judging result is that the fingerprint that the fingerprint of administrator input signal and fingerprint characteristic library store is different It causes, refusal activates the USBKEY;
If the 4th judging result is that the fingerprint of administrator input signal is consistent with the fingerprint that fingerprint characteristic library stores, Activate the USBKEY.
Optionally, after the activation USBKEY, further includes:
The USBKEY is initialized.
To achieve the above object, the present invention also provides following schemes:
A kind of server exempts from close login system, and the server exempts from close login system and includes:
USBKEY is inserted into signal acquisition module, for obtaining USBKEY insertion signal;
PIN code obtains module, for being inserted into the PIN code of signal acquisition user input according to the USBKEY;
PIN code authentication module, for judging whether the PIN code and certification PIN code are identical, obtain the first judging result;
PIN code re-enters module, if for first judging result be the PIN code and the certification PIN code not It is identical, obtain the PIN code that user re-enters;
USBKEY user name and code extraction order generation module, if being the PIN code for first judging result Identical as the certification PIN code, PIN code is verified, and generates USBKEY user name and code extraction order;
USBKEY user name and password read module, for being read according to the USBKEY user name and code extraction order The user name and password of USBKEY storage inside;
LSA authentication module determines LSA verification result for carrying out LSA verifying according to the user name and password;
Refuse login module, if being that LSA verifying does not pass through for the LSA verification result, refuses the user and remotely step on Record server;
Success login module is completed Server remote and is logged in if being verified for the LSA verification result for LSA.
Optionally, the system also includes:
Second judgment module, for judging that the user is again defeated after the PIN code that the acquisition user re-enters Whether the PIN code entered and the certification PIN code are identical, obtain the second judging result;
PIN code third time obtains module, if for second judging result be the PIN code that re-enters of the user with The certification PIN code is not identical, obtains the PIN code of user's third time input;
Third judgment module, for judge the PIN code of user third time input and the certification PIN code whether phase Together, third judging result is obtained;
Computer locking module, if PIN code and institute for the third judging result for user's third time input It is not identical to state certification PIN code, locks computer, no longer progress PIN code verifying.
Optionally, the system also includes:
Fingerprint obtain module, for it is described according to the USBKEY be inserted into signal acquisition user input PIN code before, Obtain fingerprint of administrator input signal;
4th judgment module, for judge the fingerprint of administrator input signal and fingerprint characteristic library storage fingerprint whether Unanimously, the 4th judging result is obtained;
USBKEY refuses active module, if being the fingerprint of administrator input signal and finger for the 4th judging result The fingerprint of line feature database storage is inconsistent, and refusal activates the USBKEY;
USBKEY active module, if being that the fingerprint of administrator input signal and fingerprint are special for the 4th judging result The fingerprint for levying library storage is consistent, activates the USBKEY.
Optionally, the system also includes:
USBKEY initialization module, for being initialized to the USBKEY after the activation USBKEY.
The specific embodiment provided according to the present invention, the invention discloses following technical effects:
The present invention provides a kind of server and exempts from close login method and system, and user must be inserted into USBKEY, and input is correct PIN code call USBKEY in username and password carry out login authentication just can enter server operating system, realize " it is double because Son " certification, improves the safety of Server remote login process;Username and password is stored in USBKEY simultaneously, is led to It crosses method of calling to extract, it is possible to prevente effectively from user forgets that username and password leads to not the case where logging in.
In addition, server provided by the invention exempts from close login method and system also supports fingerprint authentication, obtaining, user is defeated It before the PIN code entered, needs to carry out fingerprint authentication, the login mode combined by fingerprint, PIN code and USBKEY, instead of tradition The interface WINDOWS username and password login mode, realize and exempt from close login, to avoid being hit library attack, close by hacker Code attack, to further improve the safety of Telnet.
Detailed description of the invention
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to institute in embodiment Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention Example, for those of ordinary skill in the art, without any creative labor, can also mention according to the present invention The attached drawing of confession obtains other attached drawings.
Fig. 1 is the method flow diagram that server provided by the invention exempts from close login method;
Fig. 2 is the course of work schematic diagram that server provided by the invention exempts from close login method;
Fig. 3 is the system construction drawing that server provided by the invention exempts from close login system.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
The object of the present invention is to provide a kind of servers to exempt from close login method and system, to realize that server exempts from close remotely to step on Record, and improve login process safety.
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real Applying mode, the present invention is described in further detail.
Fig. 1 is the method flow diagram that server provided by the invention exempts from close login method.Fig. 2 is service provided by the invention Device exempts from the course of work schematic diagram of close login method.Referring to Fig. 1 and Fig. 2, the server exempts from close login method and includes:
Step 101: obtaining USBKEY and be inserted into signal.
USBKEY of the present invention is mainly by CPU (Central Processing Unit, central processing unit), COS (China Operating System, Chip Operating System) and usb interface module part composition, have at low cost, carrying side Just the advantages that.On hardware, USBKEY uses internal specific command format, while being able to carry out encryption and decryption operation, Ke Yiyou again Effect prevents leakage of information, safety with higher.It carries out logging in management being exactly to store username and password using USBKEY In USBKEY, user must be inserted into USBKEY, inputs correct PIN code and the username and password in USBKEY is called to be stepped on Record verifying just can enter system, i.e. realization " double factor " certification.
It is below that the nominal definition occurred in the present invention is as follows:
USBKEY: refer to USB interface hardware digital certificate carrier;
COS: Chip Operating System;
PIN code: start the password of USBKEY;
GINA:Graphical Identification and Authentication is that mono- figure of windows is dynamic State chained library is run in Winlogon process, for providing customized login interface and carrying out authentication to user;
SAS: into the window of windows input password;
The process title that Winlogon:windows system administration logs in;
API: calling interface;
LSA:Local Security Authority;LSA management local security policy, management audit strategy and setting, It is generated for user comprising SID and organizes the token of authority relation.The process of LSA verifying: LSA passes through access local SAM (Security Accounts Manager) database, the verifying of local user can be completed.
The present invention is obtained using the HOOK function processing USBKEY plug operation in WlxLoggedOutSAS function USBKEY is inserted into signal.
USBKEY of the present invention is USB interface hardware digital certificate carrier, needs fingerprint to drive after installation, therefore is needed preparatory The fingerprint of recording device administrator, the preferably thumbprint of two hands of two administrators of typing, then just can be carried out and are based on The realization that the Windows booting of USBKEY logs in.Typing fingerprint can enhance the safety of KEY, prevent what PIN value was leaked to ask Topic.
Therefore, before described according to the PIN code of USBKEY insertion signal acquisition user input, further includes:
Obtain fingerprint of administrator input signal;
Whether the fingerprint for judging that the fingerprint of administrator input signal and fingerprint characteristic library store is consistent, obtains the 4th judgement As a result;
If the 4th judging result is that the fingerprint that the fingerprint of administrator input signal and fingerprint characteristic library store is different It causes, refusal activates the USBKEY;
If the 4th judging result is that the fingerprint of administrator input signal is consistent with the fingerprint that fingerprint characteristic library stores, Activate the USBKEY.
Current most of external equipments require just to be automatically performed its initial chemical industry before server operating system starts Make, such as crypto module initialization, load key, it is therefore desirable to increase in WlxInitialize function to the first of USBKEY Beginningization code, to realize that equipment initializes.In present invention, it is desirable to administrator first presses fingerprint activated USBKEY, then carry out USBKEY initialization.
Therefore after the activation USBKEY, further includes:
The USBKEY is initialized.
Self-built replacement GINA must realize that WlxInitialize function, Winlogon are each current on computer Windows workbench calls a WlxInitialize function, and system supports each one workbench of work station.
WlxInitialize function is accomplished by
BOOL WlxInitialize(__in LPWSTR lpWinsta,
__in HANDLE hWlx,
__in PVOID pvReserved,
__in PVOID pWinlogonFunctions,
__out PVOID*pWlxContext
);
Wherein, parameter lpWinsta [in] is the pointer for being directed toward the name for the workbench being initialized.HWlx [in] is The handle of Winlogon, GINA must provide this handle in the function for calling all Winlogon to provide.pvReserved [in] is retention parameter, it is necessary to be set as NULL.PWinlogonFunctions [in] is the function distribution that Winlogon is provided The pointer of table (dispatch table), GINA WlxNegotiate feeds back to Winlogon's before its content depends on Version, function distributing list will not be modified, and GINA can be with reference list without replicating it.If GINA needs to replicate table, that needs It calls WlxGetOption and provides WLX_OPTION_DISPATCH_TABLE_SIZE for Option parameter.WLX_ The value and meaning of OPTION_DISPATCH_TABLE_SIZE is as shown in table 1 below:
The value and meaning of table 1WLX_OPTION_DISPATCH_TABLE_SIZE
Value Meaning
WLX_DISPATCH_VERSION_1_4 Winlogondispatchtable-version1.4
WLX_DISPATCH_VERSION_1_3 Winlogondispatchtable-version1.3
WLX_DISPATCH_VERSION_1_2 Winlogondispatchtable-version1.2
WLX_DISPATCH_VERSION_1_1 Winlogondispatchtable-version1.1
WLX_DISPATCH_VERSION_1_0 Winlogondispatchtable-version1.0
PWlxContext [out] is the pointer of VOID type pointer, contains the GINA context address of this workbench. Winlogon comes into this context in the calling of all couples of GINA.This context pointers can pass through calling WlxSetOption function changes return value using WLX_OPTION_CONTEXT_POINTER.
If function is successfully initialized GINA DLL, function returns to TRUE.
If function failure or GINA are not initialised, Winlogon is terminated, and system not will start.
Step 102: the PIN code of signal acquisition user input is inserted into according to the USBKEY.
After user is inserted into USBKEY, after verifying fingerprint, USBKEY activation, GINA (Graphical Identification and Authentication, figure dynamic link library) issue a USBKEY equipment SAS event give Winlogon, Winlogon notify USBKEY event monitor and supervisory routine, USBKEY event monitor to pop up with supervisory routine defeated Enter PIN code dialog box to capture the PIN code of user's input.
After obtaining USBKEY insertion signal, the PIN code of signal acquisition user input is inserted into according to the USBKEY.Using USBKEY carries out Windows login, and the PIN code authentication information of user is handled by function WlxLoggedOutSAS 's.Concrete processing procedure is as follows:
Int WINAPI WlxLoggedOutSAS () // function parameter summary iPinDlgRet=g_pWlxFuncs- > WlxDialogBoxParam(
g_hGinaWlx,g_hDllInstance,
(LPTSTR)MAKEINTRESOURCE(IDD_INPUT_PIN),
NULL,
DLGPROC (InputPINDlgProc), the legal USBKEY function PIN_DIALOG_LOGON of // verifying);
If (the iPinDlgRet==1) // authentication information of return is judged, to determine login mode
{
HookWlxDialogBoxParam(g_pWlxFuncs,WLX_VER-SION_1_0);// using at HOOK function Manage USBKEY plug operation
}
Else//other operations
}
Wherein, the authentication information of the return is input PIN code or does not input PIN code, and the login mode is to exempt from PIN Password or fingerprint add PIN code double authentication.
The present invention using HOOK function processing USBKEY plug operation, in order to guarantee the safety of system, Windows just It needs to take out USBKEY lock-screen during being often used, when user leaves, be tested until reinserting USBKEY, and by identity Card could unlock to screen, and GINA module can preferably solve the problems, such as this in WlxLoggedOnSAS function.When being When system is in LOGGED_ON state, if user pulls up USBKEY, GINA will send WLX_SAS_KEY_REMOVE message, Then WWinlogon calls WlxLoggedOnSAS function, passes through return parameters WLX_SAS_ACTION_LOCK_WKSTA realization pair Windows system lock;After locking desktop, if user reinserts USBKEY, GINA will send WLX_SAS_KEY_ INSERT message, then Winlogon calls WlxWkstaLockedSAS function, then carries out necessary verifying work (such as: verifying Whether whether the PIN code of Key is correct, judge to store information in Key correct) return parameters WLX_SAS_ACTION_UNLOCK_ afterwards WKSTA can unlock desktop, and user can re-start Windows normal operating.
Step 103: judging whether the PIN code and certification PIN code are identical, obtain the first judging result.
USBKEY hardware is passed to by USBKEY driver after USBKEY api function interface receives PIN code to set Standby, received PIN code is compared by USBKEY hardware device with the certification PIN code being stored in USBKEY, and result is returned Back to Winlogon.If authentication failed, user is requested to input correct PIN code again, if 3 PIN code inputs are all wrong Accidentally, then computer is locked.It is on the contrary then pass through verifying.
In USBKEY in use, needing to verify the legitimacy of USBKEY, verify legal USBKEY operation be It is operated, is implemented as follows by function WriteFile in InputPINDlgProc routine:
LRESULT CALLBACK InputPINDlgProc(HWND hDlg,UINT uMessage,WPARAM wParam,LPARAM lParam)
{
switch(uMessage){
case WM_COMMAND:
WriteFile(hDevice,buf,m,&nWritten,NULL);// transmitting identifying code PIN to USBKEY, is supported Null password and exempt from PIN
}
}
Step 104: if first judging result is that the PIN code and the certification PIN code be not identical, obtaining user's weight The PIN code newly inputted.
After the PIN code that the acquisition user re-enters, further includes:
Judge whether PIN code that the user re-enters and the certification PIN code are identical, obtains the second judging result;
If second judging result is that the PIN code that the user re-enters and the certification PIN code be not identical, obtain The PIN code of user's third time input;
Judge whether PIN code and the certification PIN code of user's third time input are identical, obtain third judgement knot Fruit;
If the third judging result is that the PIN code that user's third time inputs and the certification PIN code be not identical, lock Determine computer, no longer progress PIN code verifying.
Step 105: if first judging result is that the PIN code is identical as the certification PIN code, PIN code verifying is logical It crosses, generates USBKEY user name and code extraction order.
GINA calls authentication process routine to send and takes out the user name and password operation requests, USBKEY from USBKEY Terminal supervisory program passes the request onto USBKEY api interface.USBKEY api interface is led to USBKEY driver Letter, passes the requests to USBKEY hardware device.USBKEY reads username and password from inside and returns to GINA, then carries out LSA verifying, is verified and logins successfully.
Step 106: the user name of USBKEY storage inside is read according to the USBKEY user name and code extraction order And password.
The user name and password operation is read from USBKEY, and exempts from password, and purpose is exactly to judge whether it is legal login Server will refuse this user login if not meeting preset fingerprint and PIN code.
Step 107: LSA verifying being carried out according to the user name and password, determines LSA verification result.
Subscriber authentication process is completed with message processing function, and function routine is as follows:
LRESULT CALLBACK GetPINDlgProc(HWND hDlg,UINT
uMessage,WPARAM wParam,LPARAM lParam)
{
switch(uMessage){
case WM_COMMAND:
ReadFile (hDevice, bufInput, n, &nReads, NULL) // from
The user name and password operation is read in USBKEY, and exempts from password
}
return FALSE;}
Step 108: if the LSA verification result is LSA, verifying does not pass through, and refuses user's telnet server.
Step 109: if the LSA verification result is verified for LSA, completing Server remote and log in.
In addition the present invention also needs to handle some other function: WlxLogoff, WlxIsLogoffOk in the process of implementation: It is run when nullifying operation;WlxShutdown: it is run when power-off operation.
Software realization can be used in the method for the invention and system, and software preferably uses Rohos Logon.Rohos Logon is supported: fingerprint recognition usb driver Transcend, Apacer, LG, TakeMS;For the client of trust server, peace After filling the software, in use " Remote desk process " login service device, it may be implemented only to possess USB flash disk key or USBKEY Just it can be arranged in Rohos software and be forbidden to use using keyboard input the user name and password with the function of login service device Login mode, i.e., if others inputs Administrator and administrator password, cannot login service device, thus It makes client server safer, avoids by hack and attack.
It supports fingerprint to log in as it can be seen that server provided by the invention exempts from close login system, is extracted and used by fingerprint or PIN code Name in an account book and password, easy to operate, stability is good, highly-safe, the close login techniques support of exempting from of use exempts from PIN and exempts from operating system Password can be avoided hacker and hit library attack, cryptographic attack, and logs in that speed is fast, discrimination is high, have very high application prospect And practical value.
The present invention also provides a kind of servers to exempt from close login system, and Fig. 3 is that server provided by the invention exempts from close login system The system construction drawing of system.Referring to Fig. 3, the server exempts from close login system and includes:
USBKEY is inserted into signal acquisition module 301, for obtaining USBKEY insertion signal;
PIN code obtains module 302, for being inserted into the PIN code of signal acquisition user input according to the USBKEY;
PIN code authentication module 303 obtains the first judgement knot for judging whether the PIN code and certification PIN code are identical Fruit;
PIN code re-enters module 304, if being the PIN code and the certification PIN code for first judging result It is not identical, obtain the PIN code that user re-enters;
USBKEY user name and code extraction order generation module 305, if being the PIN for first judging result Code is identical as the certification PIN code, and PIN code is verified, and generates USBKEY user name and code extraction order;
USBKEY user name and password read module 306, for according to the USBKEY user name and code extraction order Read the user name and password of USBKEY storage inside;
LSA authentication module 307 determines LSA verification result for carrying out LSA verifying according to the user name and password;
Refuse login module 308, if being that LSA verifying does not pass through for the LSA verification result, it is long-range to refuse the user Login service device;
Success login module 309 is completed Server remote and is stepped on if being verified for the LSA verification result for LSA Record.
Preferably, the system also includes:
Second judgment module, for judging that the user is again defeated after the PIN code that the acquisition user re-enters Whether the PIN code entered and the certification PIN code are identical, obtain the second judging result;
PIN code third time obtains module, if for second judging result be the PIN code that re-enters of the user with The certification PIN code is not identical, obtains the PIN code of user's third time input;
Third judgment module, for judge the PIN code of user third time input and the certification PIN code whether phase Together, third judging result is obtained;
Computer locking module, if PIN code and institute for the third judging result for user's third time input It is not identical to state certification PIN code, locks computer, no longer progress PIN code verifying.
Preferably, the system also includes:
Fingerprint obtain module, for it is described according to the USBKEY be inserted into signal acquisition user input PIN code before, Obtain fingerprint of administrator input signal;
4th judgment module, for judge the fingerprint of administrator input signal and fingerprint characteristic library storage fingerprint whether Unanimously, the 4th judging result is obtained;
USBKEY refuses active module, if being the fingerprint of administrator input signal and finger for the 4th judging result The fingerprint of line feature database storage is inconsistent, and refusal activates the USBKEY;
USBKEY active module, if being that the fingerprint of administrator input signal and fingerprint are special for the 4th judging result The fingerprint for levying library storage is consistent, activates the USBKEY.
Preferably, the system also includes:
USBKEY initialization module, for being initialized to the USBKEY after the activation USBKEY.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other The difference of embodiment, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodiment For, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is said referring to method part It is bright.
Used herein a specific example illustrates the principle and implementation of the invention, and above embodiments are said It is bright to be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, foundation Thought of the invention, there will be changes in the specific implementation manner and application range.In conclusion the content of the present specification is not It is interpreted as limitation of the present invention.

Claims (8)

1. a kind of server exempts from close login method, which is characterized in that the server exempts from close login method and includes:
It obtains USBKEY and is inserted into signal;
The PIN code of signal acquisition user input is inserted into according to the USBKEY;
Judge whether the PIN code and certification PIN code are identical, obtain the first judging result;
If first judging result is that the PIN code and the certification PIN code be not identical, the PIN that user re-enters is obtained Code;
If first judging result is that the PIN code is identical as the certification PIN code, PIN code is verified, and generates USBKEY User name and code extraction order;
The user name and password of USBKEY storage inside are read according to the USBKEY user name and code extraction order;
LSA verifying is carried out according to the user name and password, determines LSA verification result;
If the LSA verification result is LSA, verifying does not pass through, and refuses user's telnet server;
If the LSA verification result is verified for LSA, completes Server remote and log in.
2. server according to claim 1 exempts from close login method, which is characterized in that described to obtain what user re-entered After PIN code, further includes:
Judge whether PIN code that the user re-enters and the certification PIN code are identical, obtains the second judging result;
If second judging result is that the PIN code that the user re-enters and the certification PIN code be not identical, user is obtained The PIN code of third time input;
Judge whether PIN code and the certification PIN code of user's third time input are identical, obtain third judging result;
If the third judging result is that the PIN code that user's third time inputs and the certification PIN code be not identical, locking meter Calculation machine, no longer progress PIN code verifying.
3. server according to claim 1 exempts from close login method, which is characterized in that described to be inserted into according to the USBKEY Before the PIN code of signal acquisition user input, further includes:
Obtain fingerprint of administrator input signal;
Whether the fingerprint for judging that the fingerprint of administrator input signal and fingerprint characteristic library store is consistent, obtains the 4th judgement knot Fruit;
If the 4th judging result is that the fingerprint that the fingerprint of administrator input signal and fingerprint characteristic library store is inconsistent, refuse The USBKEY is activated absolutely;
If the 4th judging result is that the fingerprint of administrator input signal is consistent with the fingerprint that fingerprint characteristic library stores, activation The USBKEY.
4. server according to claim 3 exempts from close login method, which is characterized in that the activation USBKEY it Afterwards, further includes:
The USBKEY is initialized.
5. a kind of server exempts from close login system, which is characterized in that the server exempts from close login system and includes:
USBKEY is inserted into signal acquisition module, for obtaining USBKEY insertion signal;
PIN code obtains module, for being inserted into the PIN code of signal acquisition user input according to the USBKEY;
PIN code authentication module, for judging whether the PIN code and certification PIN code are identical, obtain the first judging result;
PIN code re-enters module, if being that the PIN code and the certification PIN code be not identical for first judging result, Obtain the PIN code that user re-enters;
USBKEY user name and code extraction order generation module, if being the PIN code and institute for first judging result It states that certification PIN code is identical, and PIN code is verified, generates USBKEY user name and code extraction order;
USBKEY user name and password read module, for being read according to the USBKEY user name and code extraction order The user name and password of USBKEY storage inside;
LSA authentication module determines LSA verification result for carrying out LSA verifying according to the user name and password;
Refuse login module, if being that LSA verifying does not pass through for the LSA verification result, refuses user's Telnet clothes Business device;
Success login module is completed Server remote and is logged in if being verified for the LSA verification result for LSA.
6. server according to claim 5 exempts from close login system, which is characterized in that the system also includes:
Second judgment module, for judging what the user re-entered after the PIN code that the acquisition user re-enters Whether PIN code and the certification PIN code are identical, obtain the second judging result;
PIN code third time obtains module, if for second judging result be the PIN code that re-enters of the user with it is described Authenticate the PIN code that PIN code is not identical, and acquisition user's third time inputs;
Third judgment module, whether the PIN code and the certification PIN code for judging user's third time input are identical, obtain Obtain third judging result;
Computer locking module, if the PIN code for the third judging result to be user's third time input is recognized with described It is not identical to demonstrate,prove PIN code, locks computer, no longer progress PIN code verifying.
7. server according to claim 5 exempts from close login system, the system also includes:
Fingerprint obtains module, for obtaining before the PIN code inputted according to USBKEY insertion signal acquisition user Fingerprint of administrator input signal;
4th judgment module, for judge the fingerprint of administrator input signal and fingerprint characteristic library storage fingerprint whether one It causes, obtains the 4th judging result;
USBKEY refuses active module, if being that the fingerprint of administrator input signal and fingerprint are special for the 4th judging result The fingerprint for levying library storage is inconsistent, and refusal activates the USBKEY;
USBKEY active module, if being the fingerprint of administrator input signal and fingerprint characteristic library for the 4th judging result The fingerprint of storage is consistent, activates the USBKEY.
8. server according to claim 7 exempts from close login system, which is characterized in that the system also includes:
USBKEY initialization module, for being initialized to the USBKEY after the activation USBKEY.
CN201811130837.2A 2018-09-27 2018-09-27 A kind of server exempts from close login method and system Pending CN109391615A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811130837.2A CN109391615A (en) 2018-09-27 2018-09-27 A kind of server exempts from close login method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811130837.2A CN109391615A (en) 2018-09-27 2018-09-27 A kind of server exempts from close login method and system

Publications (1)

Publication Number Publication Date
CN109391615A true CN109391615A (en) 2019-02-26

Family

ID=65419086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811130837.2A Pending CN109391615A (en) 2018-09-27 2018-09-27 A kind of server exempts from close login method and system

Country Status (1)

Country Link
CN (1) CN109391615A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111049671A (en) * 2019-11-08 2020-04-21 合肥宜拾惠网络科技有限公司 System integration method and device
CN111614832A (en) * 2020-04-24 2020-09-01 广州视源电子科技股份有限公司 Operation mode switching method and device, storage medium and related equipment
CN111831998A (en) * 2020-07-28 2020-10-27 武汉市测绘研究院 Identity verification method for BS application service binding hardware code in offline state
CN112367339A (en) * 2020-11-30 2021-02-12 北京北信源软件股份有限公司 System security login management method and device
CN112835680A (en) * 2021-01-30 2021-05-25 浪潮云信息技术股份公司 Method for automatically setting password of Windows operating system virtual machine
CN113591056A (en) * 2021-08-05 2021-11-02 国民认证科技(北京)有限公司 Method and system for logging in Windows domain based on fingerprint device
CN113821785A (en) * 2021-09-24 2021-12-21 北京鼎普科技股份有限公司 System security login method and device based on USBKey
CN114866253A (en) * 2022-04-27 2022-08-05 北京计算机技术及应用研究所 Reliable cloud host login system and cloud host login method realized by same
CN115033297A (en) * 2022-05-16 2022-09-09 阿里巴巴(中国)有限公司 Method and device for realizing startup and logging in cloud desktop based on one-time fingerprint touch
CN112232815B (en) * 2020-10-14 2023-12-01 深圳三角形科技有限公司 Block chain-based digital currency transaction management method, device, equipment and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447010A (en) * 2008-12-30 2009-06-03 北京飞天诚信科技有限公司 Login system and method for logging in
JP5736689B2 (en) * 2010-08-19 2015-06-17 大日本印刷株式会社 Security management system and security management method
CN105743853A (en) * 2014-12-09 2016-07-06 航天信息股份有限公司 Fingerprint USB KEY and fingerprint center server for identity authentication, and system and method
CN107241345A (en) * 2017-06-30 2017-10-10 西安电子科技大学 Cloud computing resources management method based on UKey
CN107241192A (en) * 2017-05-27 2017-10-10 飞天诚信科技股份有限公司 The method and device that a kind of use fingerprint key is logged in
CN107563176A (en) * 2017-08-17 2018-01-09 广州视源电子科技股份有限公司 Login authentication method, system, readable storage medium storing program for executing and computer based on USB flash disk
CN107704749A (en) * 2017-10-25 2018-02-16 深圳竹云科技有限公司 Windows system safe login methods based on U-shield verification algorithm

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447010A (en) * 2008-12-30 2009-06-03 北京飞天诚信科技有限公司 Login system and method for logging in
JP5736689B2 (en) * 2010-08-19 2015-06-17 大日本印刷株式会社 Security management system and security management method
CN105743853A (en) * 2014-12-09 2016-07-06 航天信息股份有限公司 Fingerprint USB KEY and fingerprint center server for identity authentication, and system and method
CN107241192A (en) * 2017-05-27 2017-10-10 飞天诚信科技股份有限公司 The method and device that a kind of use fingerprint key is logged in
CN107241345A (en) * 2017-06-30 2017-10-10 西安电子科技大学 Cloud computing resources management method based on UKey
CN107563176A (en) * 2017-08-17 2018-01-09 广州视源电子科技股份有限公司 Login authentication method, system, readable storage medium storing program for executing and computer based on USB flash disk
CN107704749A (en) * 2017-10-25 2018-02-16 深圳竹云科技有限公司 Windows system safe login methods based on U-shield verification algorithm

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111049671A (en) * 2019-11-08 2020-04-21 合肥宜拾惠网络科技有限公司 System integration method and device
CN111614832A (en) * 2020-04-24 2020-09-01 广州视源电子科技股份有限公司 Operation mode switching method and device, storage medium and related equipment
CN111614832B (en) * 2020-04-24 2022-05-31 广州视源电子科技股份有限公司 Operation mode switching method and device, storage medium and related equipment
CN111831998A (en) * 2020-07-28 2020-10-27 武汉市测绘研究院 Identity verification method for BS application service binding hardware code in offline state
CN112232815B (en) * 2020-10-14 2023-12-01 深圳三角形科技有限公司 Block chain-based digital currency transaction management method, device, equipment and medium
CN112367339B (en) * 2020-11-30 2023-04-18 北京北信源软件股份有限公司 System security login management method and device
CN112367339A (en) * 2020-11-30 2021-02-12 北京北信源软件股份有限公司 System security login management method and device
CN112835680A (en) * 2021-01-30 2021-05-25 浪潮云信息技术股份公司 Method for automatically setting password of Windows operating system virtual machine
CN113591056A (en) * 2021-08-05 2021-11-02 国民认证科技(北京)有限公司 Method and system for logging in Windows domain based on fingerprint device
CN113821785A (en) * 2021-09-24 2021-12-21 北京鼎普科技股份有限公司 System security login method and device based on USBKey
CN114866253A (en) * 2022-04-27 2022-08-05 北京计算机技术及应用研究所 Reliable cloud host login system and cloud host login method realized by same
CN114866253B (en) * 2022-04-27 2024-05-28 北京计算机技术及应用研究所 Reliable cloud host login system and cloud host login method implemented by same
CN115033297A (en) * 2022-05-16 2022-09-09 阿里巴巴(中国)有限公司 Method and device for realizing startup and logging in cloud desktop based on one-time fingerprint touch

Similar Documents

Publication Publication Date Title
CN109391615A (en) A kind of server exempts from close login method and system
CN106330850B (en) Security verification method based on biological characteristics, client and server
EP1914658B1 (en) Identity controlled data center
CN101459513B (en) Computer and transmitting method of security information for authentication
US5534855A (en) Method and system for certificate based alias detection
CN109257209A (en) A kind of data center server centralized management system and method
KR20160138063A (en) Techniques to operate a service with machine generated authentication tokens
CN107124431A (en) Method for authenticating, device, computer-readable recording medium and right discriminating system
CN106169052B (en) Processing method, device and the mobile terminal of application program
CN108881243B (en) Linux operating system login authentication method, equipment, terminal and server based on CPK
CN110069916B (en) Password security management system and method
WO2017084569A1 (en) Method for acquiring login credential in smart terminal, smart terminal, and operating systems
CN106936797A (en) The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud
US8176533B1 (en) Complementary client and user authentication scheme
EP1046976B1 (en) Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information
CN113872992B (en) Method for realizing remote Web access strong security authentication in BMC system
CN107645474B (en) Method and device for logging in open platform
US10728243B2 (en) Automating establishment of initial mutual trust during deployment of a virtual appliance in a managed virtual data center environment
CN112347440B (en) User access authority division system of industrial control equipment and application method thereof
CN109474431A (en) Client certificate method and computer readable storage medium
CN115549930B (en) Verification method for logging in operating system
CN113852628B (en) Decentralizing single sign-on method, device and storage medium
CN109639695A (en) Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework
CN114547592A (en) Data processing method and device and electronic equipment
CN113177198A (en) Method for automatically unlocking Windows through software

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190226