CN109391615A - A kind of server exempts from close login method and system - Google Patents
A kind of server exempts from close login method and system Download PDFInfo
- Publication number
- CN109391615A CN109391615A CN201811130837.2A CN201811130837A CN109391615A CN 109391615 A CN109391615 A CN 109391615A CN 201811130837 A CN201811130837 A CN 201811130837A CN 109391615 A CN109391615 A CN 109391615A
- Authority
- CN
- China
- Prior art keywords
- pin code
- usbkey
- user
- fingerprint
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of servers to exempt from close login method and system, user must be inserted into USBKEY, inputting correct PIN code calls the username and password progress login authentication in USBKEY just to can enter server operating system, " double factor " certification is realized, the safety of Server remote login process is improved;Username and password is stored in USBKEY simultaneously, is extracted by method of calling, it is possible to prevente effectively from user forgets that username and password leads to not the case where logging in;Furthermore, server provided by the invention exempts from close login method and system also supports fingerprint authentication, before the PIN code for obtaining user's input, it needs to carry out fingerprint authentication, the login mode combined by fingerprint, PIN code and USBKEY, instead of the login mode of the traditional interface WINDOWS username and password, it realizes and exempts from close login, to avoid being intercepted keyboard operation or password transmission information by Trojan software, to avoid being hit library attack, cryptographic attack by hacker, the safety of Telnet is further improved.
Description
Technical field
The present invention relates to technical field of the computer network, exempt from close login method and system more particularly to a kind of server.
Background technique
21 century is the epoch of computer networking technology large-scale application, and the progress of computer networking technology and improving also is answered
Many fields are used.In computer networking technology application process, telnet server is generally required to server software
Or hardware adjusts, but often will appear the case where forgetting login account or password.And the safety of server with
DELL (Dell) the servers driving such as HP (Hewlett-Packard) encryption and RAID (RedundantArrays ofIndependent
Drives, disk array) unique cipher mode become better and better, the crack possibility very little of server operating system, almost without
Method carries out Telnet in the case where not inputting account number cipher;If by the way of refitting system, although use can be reseted
Name in an account book and password, but the data before destroying.Therefore need that a kind of not only safety avoids forgetting Password again in a hurry long-range steps on
The method for recording server.
Summary of the invention
The object of the present invention is to provide a kind of servers to exempt from close login method and system, to realize that server exempts from close remotely to step on
Record, and improve login process safety.
To achieve the above object, the present invention provides following schemes:
A kind of server exempts from close login method, and the server exempts from close login method and includes:
It obtains USBKEY and is inserted into signal;
The PIN code of signal acquisition user input is inserted into according to the USBKEY;
Judge whether the PIN code and certification PIN code are identical, obtain the first judging result;
If first judging result is that the PIN code and the certification PIN code be not identical, obtain what user re-entered
PIN code;
If first judging result is that the PIN code is identical as the certification PIN code, PIN code is verified, and is generated
USBKEY user name and code extraction order;
The user name and password of USBKEY storage inside are read according to the USBKEY user name and code extraction order;
LSA verifying is carried out according to the user name and password, determines LSA verification result;
If the LSA verification result is LSA, verifying does not pass through, and refuses user's telnet server;
If the LSA verification result is verified for LSA, completes Server remote and log in.
Optionally, after the PIN code that the acquisition user re-enters, further includes:
Judge whether PIN code that the user re-enters and the certification PIN code are identical, obtains the second judging result;
If second judging result is that the PIN code that the user re-enters and the certification PIN code be not identical, obtain
The PIN code of user's third time input;
Judge whether PIN code and the certification PIN code of user's third time input are identical, obtain third judgement knot
Fruit;
If the third judging result is that the PIN code that user's third time inputs and the certification PIN code be not identical, lock
Determine computer, no longer progress PIN code verifying.
Optionally, before the PIN code that signal acquisition user input is inserted into according to the USBKEY, further includes:
Obtain fingerprint of administrator input signal;
Whether the fingerprint for judging that the fingerprint of administrator input signal and fingerprint characteristic library store is consistent, obtains the 4th judgement
As a result;
If the 4th judging result is that the fingerprint that the fingerprint of administrator input signal and fingerprint characteristic library store is different
It causes, refusal activates the USBKEY;
If the 4th judging result is that the fingerprint of administrator input signal is consistent with the fingerprint that fingerprint characteristic library stores,
Activate the USBKEY.
Optionally, after the activation USBKEY, further includes:
The USBKEY is initialized.
To achieve the above object, the present invention also provides following schemes:
A kind of server exempts from close login system, and the server exempts from close login system and includes:
USBKEY is inserted into signal acquisition module, for obtaining USBKEY insertion signal;
PIN code obtains module, for being inserted into the PIN code of signal acquisition user input according to the USBKEY;
PIN code authentication module, for judging whether the PIN code and certification PIN code are identical, obtain the first judging result;
PIN code re-enters module, if for first judging result be the PIN code and the certification PIN code not
It is identical, obtain the PIN code that user re-enters;
USBKEY user name and code extraction order generation module, if being the PIN code for first judging result
Identical as the certification PIN code, PIN code is verified, and generates USBKEY user name and code extraction order;
USBKEY user name and password read module, for being read according to the USBKEY user name and code extraction order
The user name and password of USBKEY storage inside;
LSA authentication module determines LSA verification result for carrying out LSA verifying according to the user name and password;
Refuse login module, if being that LSA verifying does not pass through for the LSA verification result, refuses the user and remotely step on
Record server;
Success login module is completed Server remote and is logged in if being verified for the LSA verification result for LSA.
Optionally, the system also includes:
Second judgment module, for judging that the user is again defeated after the PIN code that the acquisition user re-enters
Whether the PIN code entered and the certification PIN code are identical, obtain the second judging result;
PIN code third time obtains module, if for second judging result be the PIN code that re-enters of the user with
The certification PIN code is not identical, obtains the PIN code of user's third time input;
Third judgment module, for judge the PIN code of user third time input and the certification PIN code whether phase
Together, third judging result is obtained;
Computer locking module, if PIN code and institute for the third judging result for user's third time input
It is not identical to state certification PIN code, locks computer, no longer progress PIN code verifying.
Optionally, the system also includes:
Fingerprint obtain module, for it is described according to the USBKEY be inserted into signal acquisition user input PIN code before,
Obtain fingerprint of administrator input signal;
4th judgment module, for judge the fingerprint of administrator input signal and fingerprint characteristic library storage fingerprint whether
Unanimously, the 4th judging result is obtained;
USBKEY refuses active module, if being the fingerprint of administrator input signal and finger for the 4th judging result
The fingerprint of line feature database storage is inconsistent, and refusal activates the USBKEY;
USBKEY active module, if being that the fingerprint of administrator input signal and fingerprint are special for the 4th judging result
The fingerprint for levying library storage is consistent, activates the USBKEY.
Optionally, the system also includes:
USBKEY initialization module, for being initialized to the USBKEY after the activation USBKEY.
The specific embodiment provided according to the present invention, the invention discloses following technical effects:
The present invention provides a kind of server and exempts from close login method and system, and user must be inserted into USBKEY, and input is correct
PIN code call USBKEY in username and password carry out login authentication just can enter server operating system, realize " it is double because
Son " certification, improves the safety of Server remote login process;Username and password is stored in USBKEY simultaneously, is led to
It crosses method of calling to extract, it is possible to prevente effectively from user forgets that username and password leads to not the case where logging in.
In addition, server provided by the invention exempts from close login method and system also supports fingerprint authentication, obtaining, user is defeated
It before the PIN code entered, needs to carry out fingerprint authentication, the login mode combined by fingerprint, PIN code and USBKEY, instead of tradition
The interface WINDOWS username and password login mode, realize and exempt from close login, to avoid being hit library attack, close by hacker
Code attack, to further improve the safety of Telnet.
Detailed description of the invention
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to institute in embodiment
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without any creative labor, can also mention according to the present invention
The attached drawing of confession obtains other attached drawings.
Fig. 1 is the method flow diagram that server provided by the invention exempts from close login method;
Fig. 2 is the course of work schematic diagram that server provided by the invention exempts from close login method;
Fig. 3 is the system construction drawing that server provided by the invention exempts from close login system.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The object of the present invention is to provide a kind of servers to exempt from close login method and system, to realize that server exempts from close remotely to step on
Record, and improve login process safety.
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
Fig. 1 is the method flow diagram that server provided by the invention exempts from close login method.Fig. 2 is service provided by the invention
Device exempts from the course of work schematic diagram of close login method.Referring to Fig. 1 and Fig. 2, the server exempts from close login method and includes:
Step 101: obtaining USBKEY and be inserted into signal.
USBKEY of the present invention is mainly by CPU (Central Processing Unit, central processing unit), COS
(China Operating System, Chip Operating System) and usb interface module part composition, have at low cost, carrying side
Just the advantages that.On hardware, USBKEY uses internal specific command format, while being able to carry out encryption and decryption operation, Ke Yiyou again
Effect prevents leakage of information, safety with higher.It carries out logging in management being exactly to store username and password using USBKEY
In USBKEY, user must be inserted into USBKEY, inputs correct PIN code and the username and password in USBKEY is called to be stepped on
Record verifying just can enter system, i.e. realization " double factor " certification.
It is below that the nominal definition occurred in the present invention is as follows:
USBKEY: refer to USB interface hardware digital certificate carrier;
COS: Chip Operating System;
PIN code: start the password of USBKEY;
GINA:Graphical Identification and Authentication is that mono- figure of windows is dynamic
State chained library is run in Winlogon process, for providing customized login interface and carrying out authentication to user;
SAS: into the window of windows input password;
The process title that Winlogon:windows system administration logs in;
API: calling interface;
LSA:Local Security Authority;LSA management local security policy, management audit strategy and setting,
It is generated for user comprising SID and organizes the token of authority relation.The process of LSA verifying: LSA passes through access local SAM (Security
Accounts Manager) database, the verifying of local user can be completed.
The present invention is obtained using the HOOK function processing USBKEY plug operation in WlxLoggedOutSAS function
USBKEY is inserted into signal.
USBKEY of the present invention is USB interface hardware digital certificate carrier, needs fingerprint to drive after installation, therefore is needed preparatory
The fingerprint of recording device administrator, the preferably thumbprint of two hands of two administrators of typing, then just can be carried out and are based on
The realization that the Windows booting of USBKEY logs in.Typing fingerprint can enhance the safety of KEY, prevent what PIN value was leaked to ask
Topic.
Therefore, before described according to the PIN code of USBKEY insertion signal acquisition user input, further includes:
Obtain fingerprint of administrator input signal;
Whether the fingerprint for judging that the fingerprint of administrator input signal and fingerprint characteristic library store is consistent, obtains the 4th judgement
As a result;
If the 4th judging result is that the fingerprint that the fingerprint of administrator input signal and fingerprint characteristic library store is different
It causes, refusal activates the USBKEY;
If the 4th judging result is that the fingerprint of administrator input signal is consistent with the fingerprint that fingerprint characteristic library stores,
Activate the USBKEY.
Current most of external equipments require just to be automatically performed its initial chemical industry before server operating system starts
Make, such as crypto module initialization, load key, it is therefore desirable to increase in WlxInitialize function to the first of USBKEY
Beginningization code, to realize that equipment initializes.In present invention, it is desirable to administrator first presses fingerprint activated USBKEY, then carry out
USBKEY initialization.
Therefore after the activation USBKEY, further includes:
The USBKEY is initialized.
Self-built replacement GINA must realize that WlxInitialize function, Winlogon are each current on computer
Windows workbench calls a WlxInitialize function, and system supports each one workbench of work station.
WlxInitialize function is accomplished by
BOOL WlxInitialize(__in LPWSTR lpWinsta,
__in HANDLE hWlx,
__in PVOID pvReserved,
__in PVOID pWinlogonFunctions,
__out PVOID*pWlxContext
);
Wherein, parameter lpWinsta [in] is the pointer for being directed toward the name for the workbench being initialized.HWlx [in] is
The handle of Winlogon, GINA must provide this handle in the function for calling all Winlogon to provide.pvReserved
[in] is retention parameter, it is necessary to be set as NULL.PWinlogonFunctions [in] is the function distribution that Winlogon is provided
The pointer of table (dispatch table), GINA WlxNegotiate feeds back to Winlogon's before its content depends on
Version, function distributing list will not be modified, and GINA can be with reference list without replicating it.If GINA needs to replicate table, that needs
It calls WlxGetOption and provides WLX_OPTION_DISPATCH_TABLE_SIZE for Option parameter.WLX_
The value and meaning of OPTION_DISPATCH_TABLE_SIZE is as shown in table 1 below:
The value and meaning of table 1WLX_OPTION_DISPATCH_TABLE_SIZE
Value | Meaning |
WLX_DISPATCH_VERSION_1_4 | Winlogondispatchtable-version1.4 |
WLX_DISPATCH_VERSION_1_3 | Winlogondispatchtable-version1.3 |
WLX_DISPATCH_VERSION_1_2 | Winlogondispatchtable-version1.2 |
WLX_DISPATCH_VERSION_1_1 | Winlogondispatchtable-version1.1 |
WLX_DISPATCH_VERSION_1_0 | Winlogondispatchtable-version1.0 |
PWlxContext [out] is the pointer of VOID type pointer, contains the GINA context address of this workbench.
Winlogon comes into this context in the calling of all couples of GINA.This context pointers can pass through calling
WlxSetOption function changes return value using WLX_OPTION_CONTEXT_POINTER.
If function is successfully initialized GINA DLL, function returns to TRUE.
If function failure or GINA are not initialised, Winlogon is terminated, and system not will start.
Step 102: the PIN code of signal acquisition user input is inserted into according to the USBKEY.
After user is inserted into USBKEY, after verifying fingerprint, USBKEY activation, GINA (Graphical
Identification and Authentication, figure dynamic link library) issue a USBKEY equipment SAS event give
Winlogon, Winlogon notify USBKEY event monitor and supervisory routine, USBKEY event monitor to pop up with supervisory routine defeated
Enter PIN code dialog box to capture the PIN code of user's input.
After obtaining USBKEY insertion signal, the PIN code of signal acquisition user input is inserted into according to the USBKEY.Using
USBKEY carries out Windows login, and the PIN code authentication information of user is handled by function WlxLoggedOutSAS
's.Concrete processing procedure is as follows:
Int WINAPI WlxLoggedOutSAS () // function parameter summary iPinDlgRet=g_pWlxFuncs- >
WlxDialogBoxParam(
g_hGinaWlx,g_hDllInstance,
(LPTSTR)MAKEINTRESOURCE(IDD_INPUT_PIN),
NULL,
DLGPROC (InputPINDlgProc), the legal USBKEY function PIN_DIALOG_LOGON of // verifying);
If (the iPinDlgRet==1) // authentication information of return is judged, to determine login mode
{
HookWlxDialogBoxParam(g_pWlxFuncs,WLX_VER-SION_1_0);// using at HOOK function
Manage USBKEY plug operation
}
Else//other operations
}
Wherein, the authentication information of the return is input PIN code or does not input PIN code, and the login mode is to exempt from PIN
Password or fingerprint add PIN code double authentication.
The present invention using HOOK function processing USBKEY plug operation, in order to guarantee the safety of system, Windows just
It needs to take out USBKEY lock-screen during being often used, when user leaves, be tested until reinserting USBKEY, and by identity
Card could unlock to screen, and GINA module can preferably solve the problems, such as this in WlxLoggedOnSAS function.When being
When system is in LOGGED_ON state, if user pulls up USBKEY, GINA will send WLX_SAS_KEY_REMOVE message,
Then WWinlogon calls WlxLoggedOnSAS function, passes through return parameters WLX_SAS_ACTION_LOCK_WKSTA realization pair
Windows system lock;After locking desktop, if user reinserts USBKEY, GINA will send WLX_SAS_KEY_
INSERT message, then Winlogon calls WlxWkstaLockedSAS function, then carries out necessary verifying work (such as: verifying
Whether whether the PIN code of Key is correct, judge to store information in Key correct) return parameters WLX_SAS_ACTION_UNLOCK_ afterwards
WKSTA can unlock desktop, and user can re-start Windows normal operating.
Step 103: judging whether the PIN code and certification PIN code are identical, obtain the first judging result.
USBKEY hardware is passed to by USBKEY driver after USBKEY api function interface receives PIN code to set
Standby, received PIN code is compared by USBKEY hardware device with the certification PIN code being stored in USBKEY, and result is returned
Back to Winlogon.If authentication failed, user is requested to input correct PIN code again, if 3 PIN code inputs are all wrong
Accidentally, then computer is locked.It is on the contrary then pass through verifying.
In USBKEY in use, needing to verify the legitimacy of USBKEY, verify legal USBKEY operation be
It is operated, is implemented as follows by function WriteFile in InputPINDlgProc routine:
LRESULT CALLBACK InputPINDlgProc(HWND hDlg,UINT uMessage,WPARAM
wParam,LPARAM lParam)
{
switch(uMessage){
case WM_COMMAND:
WriteFile(hDevice,buf,m,&nWritten,NULL);// transmitting identifying code PIN to USBKEY, is supported
Null password and exempt from PIN
}
}
Step 104: if first judging result is that the PIN code and the certification PIN code be not identical, obtaining user's weight
The PIN code newly inputted.
After the PIN code that the acquisition user re-enters, further includes:
Judge whether PIN code that the user re-enters and the certification PIN code are identical, obtains the second judging result;
If second judging result is that the PIN code that the user re-enters and the certification PIN code be not identical, obtain
The PIN code of user's third time input;
Judge whether PIN code and the certification PIN code of user's third time input are identical, obtain third judgement knot
Fruit;
If the third judging result is that the PIN code that user's third time inputs and the certification PIN code be not identical, lock
Determine computer, no longer progress PIN code verifying.
Step 105: if first judging result is that the PIN code is identical as the certification PIN code, PIN code verifying is logical
It crosses, generates USBKEY user name and code extraction order.
GINA calls authentication process routine to send and takes out the user name and password operation requests, USBKEY from USBKEY
Terminal supervisory program passes the request onto USBKEY api interface.USBKEY api interface is led to USBKEY driver
Letter, passes the requests to USBKEY hardware device.USBKEY reads username and password from inside and returns to GINA, then carries out
LSA verifying, is verified and logins successfully.
Step 106: the user name of USBKEY storage inside is read according to the USBKEY user name and code extraction order
And password.
The user name and password operation is read from USBKEY, and exempts from password, and purpose is exactly to judge whether it is legal login
Server will refuse this user login if not meeting preset fingerprint and PIN code.
Step 107: LSA verifying being carried out according to the user name and password, determines LSA verification result.
Subscriber authentication process is completed with message processing function, and function routine is as follows:
LRESULT CALLBACK GetPINDlgProc(HWND hDlg,UINT
uMessage,WPARAM wParam,LPARAM lParam)
{
switch(uMessage){
case WM_COMMAND:
ReadFile (hDevice, bufInput, n, &nReads, NULL) // from
The user name and password operation is read in USBKEY, and exempts from password
}
return FALSE;}
Step 108: if the LSA verification result is LSA, verifying does not pass through, and refuses user's telnet server.
Step 109: if the LSA verification result is verified for LSA, completing Server remote and log in.
In addition the present invention also needs to handle some other function: WlxLogoff, WlxIsLogoffOk in the process of implementation:
It is run when nullifying operation;WlxShutdown: it is run when power-off operation.
Software realization can be used in the method for the invention and system, and software preferably uses Rohos Logon.Rohos
Logon is supported: fingerprint recognition usb driver Transcend, Apacer, LG, TakeMS;For the client of trust server, peace
After filling the software, in use " Remote desk process " login service device, it may be implemented only to possess USB flash disk key or USBKEY
Just it can be arranged in Rohos software and be forbidden to use using keyboard input the user name and password with the function of login service device
Login mode, i.e., if others inputs Administrator and administrator password, cannot login service device, thus
It makes client server safer, avoids by hack and attack.
It supports fingerprint to log in as it can be seen that server provided by the invention exempts from close login system, is extracted and used by fingerprint or PIN code
Name in an account book and password, easy to operate, stability is good, highly-safe, the close login techniques support of exempting from of use exempts from PIN and exempts from operating system
Password can be avoided hacker and hit library attack, cryptographic attack, and logs in that speed is fast, discrimination is high, have very high application prospect
And practical value.
The present invention also provides a kind of servers to exempt from close login system, and Fig. 3 is that server provided by the invention exempts from close login system
The system construction drawing of system.Referring to Fig. 3, the server exempts from close login system and includes:
USBKEY is inserted into signal acquisition module 301, for obtaining USBKEY insertion signal;
PIN code obtains module 302, for being inserted into the PIN code of signal acquisition user input according to the USBKEY;
PIN code authentication module 303 obtains the first judgement knot for judging whether the PIN code and certification PIN code are identical
Fruit;
PIN code re-enters module 304, if being the PIN code and the certification PIN code for first judging result
It is not identical, obtain the PIN code that user re-enters;
USBKEY user name and code extraction order generation module 305, if being the PIN for first judging result
Code is identical as the certification PIN code, and PIN code is verified, and generates USBKEY user name and code extraction order;
USBKEY user name and password read module 306, for according to the USBKEY user name and code extraction order
Read the user name and password of USBKEY storage inside;
LSA authentication module 307 determines LSA verification result for carrying out LSA verifying according to the user name and password;
Refuse login module 308, if being that LSA verifying does not pass through for the LSA verification result, it is long-range to refuse the user
Login service device;
Success login module 309 is completed Server remote and is stepped on if being verified for the LSA verification result for LSA
Record.
Preferably, the system also includes:
Second judgment module, for judging that the user is again defeated after the PIN code that the acquisition user re-enters
Whether the PIN code entered and the certification PIN code are identical, obtain the second judging result;
PIN code third time obtains module, if for second judging result be the PIN code that re-enters of the user with
The certification PIN code is not identical, obtains the PIN code of user's third time input;
Third judgment module, for judge the PIN code of user third time input and the certification PIN code whether phase
Together, third judging result is obtained;
Computer locking module, if PIN code and institute for the third judging result for user's third time input
It is not identical to state certification PIN code, locks computer, no longer progress PIN code verifying.
Preferably, the system also includes:
Fingerprint obtain module, for it is described according to the USBKEY be inserted into signal acquisition user input PIN code before,
Obtain fingerprint of administrator input signal;
4th judgment module, for judge the fingerprint of administrator input signal and fingerprint characteristic library storage fingerprint whether
Unanimously, the 4th judging result is obtained;
USBKEY refuses active module, if being the fingerprint of administrator input signal and finger for the 4th judging result
The fingerprint of line feature database storage is inconsistent, and refusal activates the USBKEY;
USBKEY active module, if being that the fingerprint of administrator input signal and fingerprint are special for the 4th judging result
The fingerprint for levying library storage is consistent, activates the USBKEY.
Preferably, the system also includes:
USBKEY initialization module, for being initialized to the USBKEY after the activation USBKEY.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other
The difference of embodiment, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodiment
For, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is said referring to method part
It is bright.
Used herein a specific example illustrates the principle and implementation of the invention, and above embodiments are said
It is bright to be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, foundation
Thought of the invention, there will be changes in the specific implementation manner and application range.In conclusion the content of the present specification is not
It is interpreted as limitation of the present invention.
Claims (8)
1. a kind of server exempts from close login method, which is characterized in that the server exempts from close login method and includes:
It obtains USBKEY and is inserted into signal;
The PIN code of signal acquisition user input is inserted into according to the USBKEY;
Judge whether the PIN code and certification PIN code are identical, obtain the first judging result;
If first judging result is that the PIN code and the certification PIN code be not identical, the PIN that user re-enters is obtained
Code;
If first judging result is that the PIN code is identical as the certification PIN code, PIN code is verified, and generates USBKEY
User name and code extraction order;
The user name and password of USBKEY storage inside are read according to the USBKEY user name and code extraction order;
LSA verifying is carried out according to the user name and password, determines LSA verification result;
If the LSA verification result is LSA, verifying does not pass through, and refuses user's telnet server;
If the LSA verification result is verified for LSA, completes Server remote and log in.
2. server according to claim 1 exempts from close login method, which is characterized in that described to obtain what user re-entered
After PIN code, further includes:
Judge whether PIN code that the user re-enters and the certification PIN code are identical, obtains the second judging result;
If second judging result is that the PIN code that the user re-enters and the certification PIN code be not identical, user is obtained
The PIN code of third time input;
Judge whether PIN code and the certification PIN code of user's third time input are identical, obtain third judging result;
If the third judging result is that the PIN code that user's third time inputs and the certification PIN code be not identical, locking meter
Calculation machine, no longer progress PIN code verifying.
3. server according to claim 1 exempts from close login method, which is characterized in that described to be inserted into according to the USBKEY
Before the PIN code of signal acquisition user input, further includes:
Obtain fingerprint of administrator input signal;
Whether the fingerprint for judging that the fingerprint of administrator input signal and fingerprint characteristic library store is consistent, obtains the 4th judgement knot
Fruit;
If the 4th judging result is that the fingerprint that the fingerprint of administrator input signal and fingerprint characteristic library store is inconsistent, refuse
The USBKEY is activated absolutely;
If the 4th judging result is that the fingerprint of administrator input signal is consistent with the fingerprint that fingerprint characteristic library stores, activation
The USBKEY.
4. server according to claim 3 exempts from close login method, which is characterized in that the activation USBKEY it
Afterwards, further includes:
The USBKEY is initialized.
5. a kind of server exempts from close login system, which is characterized in that the server exempts from close login system and includes:
USBKEY is inserted into signal acquisition module, for obtaining USBKEY insertion signal;
PIN code obtains module, for being inserted into the PIN code of signal acquisition user input according to the USBKEY;
PIN code authentication module, for judging whether the PIN code and certification PIN code are identical, obtain the first judging result;
PIN code re-enters module, if being that the PIN code and the certification PIN code be not identical for first judging result,
Obtain the PIN code that user re-enters;
USBKEY user name and code extraction order generation module, if being the PIN code and institute for first judging result
It states that certification PIN code is identical, and PIN code is verified, generates USBKEY user name and code extraction order;
USBKEY user name and password read module, for being read according to the USBKEY user name and code extraction order
The user name and password of USBKEY storage inside;
LSA authentication module determines LSA verification result for carrying out LSA verifying according to the user name and password;
Refuse login module, if being that LSA verifying does not pass through for the LSA verification result, refuses user's Telnet clothes
Business device;
Success login module is completed Server remote and is logged in if being verified for the LSA verification result for LSA.
6. server according to claim 5 exempts from close login system, which is characterized in that the system also includes:
Second judgment module, for judging what the user re-entered after the PIN code that the acquisition user re-enters
Whether PIN code and the certification PIN code are identical, obtain the second judging result;
PIN code third time obtains module, if for second judging result be the PIN code that re-enters of the user with it is described
Authenticate the PIN code that PIN code is not identical, and acquisition user's third time inputs;
Third judgment module, whether the PIN code and the certification PIN code for judging user's third time input are identical, obtain
Obtain third judging result;
Computer locking module, if the PIN code for the third judging result to be user's third time input is recognized with described
It is not identical to demonstrate,prove PIN code, locks computer, no longer progress PIN code verifying.
7. server according to claim 5 exempts from close login system, the system also includes:
Fingerprint obtains module, for obtaining before the PIN code inputted according to USBKEY insertion signal acquisition user
Fingerprint of administrator input signal;
4th judgment module, for judge the fingerprint of administrator input signal and fingerprint characteristic library storage fingerprint whether one
It causes, obtains the 4th judging result;
USBKEY refuses active module, if being that the fingerprint of administrator input signal and fingerprint are special for the 4th judging result
The fingerprint for levying library storage is inconsistent, and refusal activates the USBKEY;
USBKEY active module, if being the fingerprint of administrator input signal and fingerprint characteristic library for the 4th judging result
The fingerprint of storage is consistent, activates the USBKEY.
8. server according to claim 7 exempts from close login system, which is characterized in that the system also includes:
USBKEY initialization module, for being initialized to the USBKEY after the activation USBKEY.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811130837.2A CN109391615A (en) | 2018-09-27 | 2018-09-27 | A kind of server exempts from close login method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811130837.2A CN109391615A (en) | 2018-09-27 | 2018-09-27 | A kind of server exempts from close login method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109391615A true CN109391615A (en) | 2019-02-26 |
Family
ID=65419086
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811130837.2A Pending CN109391615A (en) | 2018-09-27 | 2018-09-27 | A kind of server exempts from close login method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109391615A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111049671A (en) * | 2019-11-08 | 2020-04-21 | 合肥宜拾惠网络科技有限公司 | System integration method and device |
CN111614832A (en) * | 2020-04-24 | 2020-09-01 | 广州视源电子科技股份有限公司 | Operation mode switching method and device, storage medium and related equipment |
CN111831998A (en) * | 2020-07-28 | 2020-10-27 | 武汉市测绘研究院 | Identity verification method for BS application service binding hardware code in offline state |
CN112367339A (en) * | 2020-11-30 | 2021-02-12 | 北京北信源软件股份有限公司 | System security login management method and device |
CN112835680A (en) * | 2021-01-30 | 2021-05-25 | 浪潮云信息技术股份公司 | Method for automatically setting password of Windows operating system virtual machine |
CN113591056A (en) * | 2021-08-05 | 2021-11-02 | 国民认证科技(北京)有限公司 | Method and system for logging in Windows domain based on fingerprint device |
CN113821785A (en) * | 2021-09-24 | 2021-12-21 | 北京鼎普科技股份有限公司 | System security login method and device based on USBKey |
CN114866253A (en) * | 2022-04-27 | 2022-08-05 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method realized by same |
CN115033297A (en) * | 2022-05-16 | 2022-09-09 | 阿里巴巴(中国)有限公司 | Method and device for realizing startup and logging in cloud desktop based on one-time fingerprint touch |
CN112232815B (en) * | 2020-10-14 | 2023-12-01 | 深圳三角形科技有限公司 | Block chain-based digital currency transaction management method, device, equipment and medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
JP5736689B2 (en) * | 2010-08-19 | 2015-06-17 | 大日本印刷株式会社 | Security management system and security management method |
CN105743853A (en) * | 2014-12-09 | 2016-07-06 | 航天信息股份有限公司 | Fingerprint USB KEY and fingerprint center server for identity authentication, and system and method |
CN107241345A (en) * | 2017-06-30 | 2017-10-10 | 西安电子科技大学 | Cloud computing resources management method based on UKey |
CN107241192A (en) * | 2017-05-27 | 2017-10-10 | 飞天诚信科技股份有限公司 | The method and device that a kind of use fingerprint key is logged in |
CN107563176A (en) * | 2017-08-17 | 2018-01-09 | 广州视源电子科技股份有限公司 | Login authentication method, system, readable storage medium storing program for executing and computer based on USB flash disk |
CN107704749A (en) * | 2017-10-25 | 2018-02-16 | 深圳竹云科技有限公司 | Windows system safe login methods based on U-shield verification algorithm |
-
2018
- 2018-09-27 CN CN201811130837.2A patent/CN109391615A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
JP5736689B2 (en) * | 2010-08-19 | 2015-06-17 | 大日本印刷株式会社 | Security management system and security management method |
CN105743853A (en) * | 2014-12-09 | 2016-07-06 | 航天信息股份有限公司 | Fingerprint USB KEY and fingerprint center server for identity authentication, and system and method |
CN107241192A (en) * | 2017-05-27 | 2017-10-10 | 飞天诚信科技股份有限公司 | The method and device that a kind of use fingerprint key is logged in |
CN107241345A (en) * | 2017-06-30 | 2017-10-10 | 西安电子科技大学 | Cloud computing resources management method based on UKey |
CN107563176A (en) * | 2017-08-17 | 2018-01-09 | 广州视源电子科技股份有限公司 | Login authentication method, system, readable storage medium storing program for executing and computer based on USB flash disk |
CN107704749A (en) * | 2017-10-25 | 2018-02-16 | 深圳竹云科技有限公司 | Windows system safe login methods based on U-shield verification algorithm |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111049671A (en) * | 2019-11-08 | 2020-04-21 | 合肥宜拾惠网络科技有限公司 | System integration method and device |
CN111614832A (en) * | 2020-04-24 | 2020-09-01 | 广州视源电子科技股份有限公司 | Operation mode switching method and device, storage medium and related equipment |
CN111614832B (en) * | 2020-04-24 | 2022-05-31 | 广州视源电子科技股份有限公司 | Operation mode switching method and device, storage medium and related equipment |
CN111831998A (en) * | 2020-07-28 | 2020-10-27 | 武汉市测绘研究院 | Identity verification method for BS application service binding hardware code in offline state |
CN112232815B (en) * | 2020-10-14 | 2023-12-01 | 深圳三角形科技有限公司 | Block chain-based digital currency transaction management method, device, equipment and medium |
CN112367339B (en) * | 2020-11-30 | 2023-04-18 | 北京北信源软件股份有限公司 | System security login management method and device |
CN112367339A (en) * | 2020-11-30 | 2021-02-12 | 北京北信源软件股份有限公司 | System security login management method and device |
CN112835680A (en) * | 2021-01-30 | 2021-05-25 | 浪潮云信息技术股份公司 | Method for automatically setting password of Windows operating system virtual machine |
CN113591056A (en) * | 2021-08-05 | 2021-11-02 | 国民认证科技(北京)有限公司 | Method and system for logging in Windows domain based on fingerprint device |
CN113821785A (en) * | 2021-09-24 | 2021-12-21 | 北京鼎普科技股份有限公司 | System security login method and device based on USBKey |
CN114866253A (en) * | 2022-04-27 | 2022-08-05 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method realized by same |
CN114866253B (en) * | 2022-04-27 | 2024-05-28 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method implemented by same |
CN115033297A (en) * | 2022-05-16 | 2022-09-09 | 阿里巴巴(中国)有限公司 | Method and device for realizing startup and logging in cloud desktop based on one-time fingerprint touch |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109391615A (en) | A kind of server exempts from close login method and system | |
CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
EP1914658B1 (en) | Identity controlled data center | |
CN101459513B (en) | Computer and transmitting method of security information for authentication | |
US5534855A (en) | Method and system for certificate based alias detection | |
CN109257209A (en) | A kind of data center server centralized management system and method | |
KR20160138063A (en) | Techniques to operate a service with machine generated authentication tokens | |
CN107124431A (en) | Method for authenticating, device, computer-readable recording medium and right discriminating system | |
CN106169052B (en) | Processing method, device and the mobile terminal of application program | |
CN108881243B (en) | Linux operating system login authentication method, equipment, terminal and server based on CPK | |
CN110069916B (en) | Password security management system and method | |
WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
CN106936797A (en) | The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud | |
US8176533B1 (en) | Complementary client and user authentication scheme | |
EP1046976B1 (en) | Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information | |
CN113872992B (en) | Method for realizing remote Web access strong security authentication in BMC system | |
CN107645474B (en) | Method and device for logging in open platform | |
US10728243B2 (en) | Automating establishment of initial mutual trust during deployment of a virtual appliance in a managed virtual data center environment | |
CN112347440B (en) | User access authority division system of industrial control equipment and application method thereof | |
CN109474431A (en) | Client certificate method and computer readable storage medium | |
CN115549930B (en) | Verification method for logging in operating system | |
CN113852628B (en) | Decentralizing single sign-on method, device and storage medium | |
CN109639695A (en) | Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework | |
CN114547592A (en) | Data processing method and device and electronic equipment | |
CN113177198A (en) | Method for automatically unlocking Windows through software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190226 |