CN111083100B - Method and system for enhancing login security of Linux operating system based on message pushing - Google Patents

Method and system for enhancing login security of Linux operating system based on message pushing Download PDF

Info

Publication number
CN111083100B
CN111083100B CN201910947261.7A CN201910947261A CN111083100B CN 111083100 B CN111083100 B CN 111083100B CN 201910947261 A CN201910947261 A CN 201910947261A CN 111083100 B CN111083100 B CN 111083100B
Authority
CN
China
Prior art keywords
login
operating system
mobile terminal
authentication
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910947261.7A
Other languages
Chinese (zh)
Other versions
CN111083100A (en
Inventor
乔海权
胡进
张庆勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN ARGUSEC TECHNOLOGY CO LTD
Beijing Infosec Technologies Co Ltd
Original Assignee
WUHAN ARGUSEC TECHNOLOGY CO LTD
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WUHAN ARGUSEC TECHNOLOGY CO LTD, Beijing Infosec Technologies Co Ltd filed Critical WUHAN ARGUSEC TECHNOLOGY CO LTD
Priority to CN201910947261.7A priority Critical patent/CN111083100B/en
Publication of CN111083100A publication Critical patent/CN111083100A/en
Application granted granted Critical
Publication of CN111083100B publication Critical patent/CN111083100B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method for enhancing the login security of a Linux operating system based on message pushing, which is applied to the environment of an authentication server, a client and a mobile terminal, and comprises the following steps: the client sends a login authentication request message to the mobile terminal through the authentication server after receiving a login request from an operating system login user, the mobile terminal generates one-time login authentication information by using identity identification information and the login authentication request message, and sends the one-time login authentication information to the authentication server, the authentication server judges whether the one-time login authentication information from the mobile terminal is valid, if so, the authentication server sends a successful authentication result to the client, and the client logs in the operating system by using the operating system login user name according to the successful authentication result. The invention can effectively solve the technical problem that the Linux operating system can not be logged in when the operating system login user forgets the static password in the existing Linux operating system login mode.

Description

Method and system for enhancing login security of Linux operating system based on message pushing
Technical Field
The invention belongs to the technical field of information security and internet communication, and particularly relates to a method and a system for enhancing the login security of a Linux operating system based on message pushing.
Background
The Linux system has gained increasing use in scientific computing environments as a set of Unix-like operating systems that are free to use and freely spread.
The login mode of the existing Linux operating system is mainly that an operating system login user inputs a correct static password, but the login mode has some technical problems which are not negligible: firstly, an operating system login user needs to remember the static password, and once the operating system login user forgets, the operating system login user cannot log in the Linux operating system completely; secondly, the static password is stored in a file of the Linux operating system, and the file is easily stolen, so that the static password is easily cracked by a hacker.
Disclosure of Invention
Aiming at the defects or improvement requirements in the prior art, the invention provides a method and a system for enhancing the login security of a Linux operating system based on message pushing, and aims to effectively solve the technical problems that in the login mode of the existing Linux operating system, when a login user of the operating system forgets a static password, the Linux operating system cannot be logged in, and the static password is easy to crack because files storing the static password are easy to steal.
To achieve the above object, according to one aspect of the present invention, there is provided a method for enhancing login security of Linux operating system based on message pushing, which is applied in an environment of an authentication server, a client, and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the method comprising the steps of:
(1) After receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message, and sends the one-time login verification information to the authentication server;
(3) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (4) is carried out, otherwise, the step (6) is carried out;
(4) The authentication server sends a verification success result to the client;
(5) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
(6) The authentication server informs the client that the verification fails, and the process is finished.
Preferably, the login authentication request message includes one or more of a nonce, a client hardware identification, and a Linux operating system identification of the client.
Preferably, the identification information of the mobile terminal includes one or more of a private key, an encryption certificate, a seed key, and biometric information of the operating system login user of the mobile terminal.
Preferably, when the identification information of the mobile terminal is the private key of the mobile terminal, the process of generating the one-time login verification information by using the identification information of the mobile terminal and the login authentication request message is to perform digital signature operation on the login authentication request message by using the private key of the mobile terminal to generate signature information as the one-time login verification information;
when the identity identification information of the mobile terminal is the encrypted certificate of the mobile terminal, the identity identification information of the mobile terminal and the login authentication request message are used for generating the one-time login authentication information, and the process is that the encrypted certificate of the mobile terminal is used for carrying out encryption operation on the login authentication request message to generate the encrypted information as the one-time login authentication information;
when the identity identification information of the mobile terminal is the seed key of the mobile terminal, the process of generating the one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to use the seed key of the mobile terminal to perform dynamic password operation on the login authentication request message to generate a one-time dynamic password as the one-time login verification information;
when the identification information of the mobile terminal is the biological identification information of the operating system login user of the mobile terminal, the process of generating the one-time login verification information by using the identification information of the mobile terminal and the login authentication request message is to calculate the login authentication request message by using the biological identification information of the operating system login user of the mobile terminal to generate the authentication information as the one-time login verification information.
Preferably, when the one-time login verification information is signature information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server performs validity authentication on the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, otherwise, the one-time login verification information is invalid;
when the one-time login verification information is encrypted information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, searching a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server by using the private key, decrypting the encrypted information by using the private key, if the decryption is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is dynamic password information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, judging whether the dynamic password is valid or not by the authentication server, if so, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, otherwise, the one-time login verification information is indicated to be invalid.
Preferably, the operating system login user name is included in the login authentication request message in step (1), or is built in the mobile terminal in step (2), or is created by the authentication server in step (4) when the mobile terminal registers with it.
Preferably, after the step (4) and before the step (5), the client performs a secondary authentication process according to an authentication method corresponding to an operating system login user name, and determines whether to allow the operating system login user to log in the operating system according to a secondary authentication result.
Preferably, the client executes the secondary authentication process according to the authentication mode corresponding to the login user name of the operating system, specifically, the client starts a PAM application program of the Linux operating system to call a PAM library, the PAM library searches a configuration file of the PAM application program in a directory of the PAM library to obtain the authentication mode of the login user name of the operating system, if the authentication mode is empty, the authentication process is not executed, and the operating system is directly allowed to log in the operating system by a login user; if the authentication mode is static password authentication, the PAM library starts a session function to send a message requesting to input a static password to a login interface of a client, and verifies whether the static password input by a login user of the operating system is correct or not, if so, the login user of the operating system is allowed to login the operating system, otherwise, the login user of the operating system is refused to login the operating system; if the authentication mode is dynamic password authentication, starting a session function by the PAM library to send a message requesting to input a dynamic password to the authentication server, if the message passing the authentication of the authentication server is received, allowing the operating system to log in the operating system by a user, allowing the operating system to log in the operating system by the user, allowing the operating system to log in the user to log in the operating system by a login user corresponding to the user name of the operating system, and if the message passing the authentication of the authentication server is not received, refusing the operating system to log in the operating system by the user; if the authentication mode is short message password authentication, the PAM library starts a session function to send a message requesting to input a short message password to the authentication server, if the message passing the authentication of the authentication server is received, the operating system is allowed to log in the operating system, the operating system is allowed to log in a login user corresponding to the operating system user name, and otherwise, the operating system is refused to log in the operating system.
According to another aspect of the present invention, there is provided a system for enhancing login security of Linux operating system based on message pushing, which is applied in an environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the system comprising:
the system comprises a first module, a second module and a third module, wherein the first module is arranged in a client and used for pushing a login authentication request message to a mobile terminal through an authentication server after receiving a login request from an operating system login user;
a second module, which is arranged in the mobile terminal and is used for generating one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal, sending the one-time login verification information to the authentication server, generating one-time login verification information by using the identity identification information and the login authentication request message of the authentication server, and sending the one-time login verification information to the authentication server
The third module is arranged in the authentication server and used for judging whether the one-time login verification information from the mobile terminal is valid or not, if so, the fourth module is switched to, and if not, the sixth module is switched to;
the fourth module is arranged in the authentication server and used for sending the verification success result to the client;
a fifth module, which is arranged in the client and is used for logging in the operating system by using the operating system to log in the user name according to the successful verification result, and the process is finished;
and the sixth module is arranged in the authentication server and used for notifying the client that the verification fails and finishing the process.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
(1) Because the invention provides a mode of logging in the Linux operating system by using the mobile terminal, the logging user does not need to remember the static password, thereby solving the technical problem that the prior static password logging in the Linux system can not log in when the logging user forgets the static password;
(2) The invention uses the mobile terminal identification information in the processes of generating the one-time login verification information and verifying the validity of the one-time login verification information, and adopts the password technology (namely signature, encryption and authentication processes) to generate the dynamic one-time login verification information, thereby improving the login security level of the operating system and solving the technical problem that the static password is easy to crack by hackers in the existing login mode;
(3) Because the Linux system login is realized based on the mobile terminal, the safety of Linux local account information (namely the login user name and the login password of the operating system) is improved, and the technical problem that the static password is easy to crack because files storing the static password are easy to steal in the existing login mode is solved.
(4) According to the authentication method, the secondary identity authentication is executed according to the authentication mode corresponding to the login user name of the operating system, and the factor used in the identity authentication process is different from the factor used in the process of authenticating the validity of the one-time login verification information, so that the authentication safety can be further improved;
(5) The invention is realized based on the mobile terminal, so the operation of logging in the user is simple and the carrying is convenient.
Drawings
Fig. 1 is a flowchart of a method for enhancing login security of a Linux operating system based on message pushing according to a first embodiment of the present invention.
Fig. 2 is a flowchart of a method for enhancing the login security of the Linux operating system based on message pushing according to a second embodiment of the present invention.
Fig. 3 is a flowchart of a method for enhancing login security of Linux operating system based on message push according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
For the purpose of facilitating understanding of the present invention, the technical terms of the present invention are explained and illustrated below first:
two-dimensional code (Two-dimensional bar code): the data symbol information is recorded by black and white patterns distributed on a plane (two-dimensional direction) according to a certain rule by using a certain specific geometric figure, and the data symbol information is automatically read by an image input device or a photoelectric scanning device so as to realize the automatic information processing. The concept of "0" and "1" bit stream forming the internal logic basis of computer is used ingeniously in coding, several geometric forms correspondent to binary system are used to represent literal numerical information, and can be automatically read by means of image input equipment or photoelectric scanning equipment so as to implement automatic information processing. It has some commonality of barcode technology: each code system has its specific character set; each character occupies a certain width; has certain checking function and the like. Meanwhile, the method also has the function of automatically identifying information of different rows and processing the graph rotation change points.
Authentication server (Authentication server): the authentication server is responsible for receiving a connection request of an operating system login user, authenticating the legality of the operating system login user, and then returning an authentication result to the operating system login user.
As shown in fig. 1, according to a first embodiment of the present invention, there is provided a method for enhancing login security of Linux operating system based on message pushing, which is applied in an environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the method includes the following steps:
(1) After receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
specifically, the authentication server in the present invention has a Message pushing function, and can be implemented by means of google Cloud Message service (C2 DM), message queue Telemetry Transport Protocol (MQTT), extensible communication and presentation Protocol (XMPP), third party push service, and the like.
Specifically, after receiving a login request from an operating system login user, the client sends a login authentication request message to the authentication server, and pushes the login request authentication message to the mobile terminal through the authentication server.
Specifically, the client is installed with a Linux operating system, which may be a Personal Computer (PC), a notebook (Laptop), a Server (Server), or the like.
The mobile terminal may be a terminal with identification information, including but not limited to a mobile phone, IPad, etc.
It should be noted that the above Linux operating systems include Linux international operating systems and Linux domestic operating systems, wherein the Linux international operating systems include, but are not limited to, ubuntu, linux, PCLinuxOS, slakwarelinux, genolinux, freeBSD, centOS, etc.; the Linux domestic operating system is a domestic operating system which is secondarily developed based on Linux, and includes, but is not limited to, the medium-grade eucheuman (NeoKylin), eucheuman (ubuntukkylin), redflag Linux (Redflag Linux), and the like.
The login authentication request message comprises one or more of a one-time random number, a client hardware identifier and a Linux operating system identifier of the client.
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message, and sends the one-time login verification information and an operating system login user name built in the mobile terminal to an authentication server;
the identity information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information (including fingerprints, irises, human faces and the like) of a login user of the operating system of the mobile terminal.
In this step, the process of generating the one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal may be to perform digital signature operation on the login authentication request message by using a private key of the mobile terminal to generate signature information as the one-time login verification information, or to perform encryption operation on the login authentication request message by using an encryption certificate of the mobile terminal to generate encryption information as the one-time login verification information, or to perform dynamic password operation on the login authentication request message by using a seed key of the mobile terminal to generate a one-time dynamic password as the one-time login verification information, or to perform operation on the login authentication request message by using biometric information of an operating system login user of the mobile terminal to generate authentication information as the one-time login verification information.
(3) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (4) is carried out, otherwise, the step (6) is carried out;
specifically, when the one-time login verification information is signature information, the process of determining whether the one-time login verification information from the mobile terminal is valid in this step is specifically that the authentication server performs validity authentication on the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, and if the one-time login verification information is not valid, the one-time login verification information is invalid.
When the one-time login verification information is encrypted information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server searches a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server, then the private key is used for decrypting the encrypted information, if the decryption is successful, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is dynamic password information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server judges whether the dynamic password is valid, if so, the one-time login verification information is valid, and otherwise, the one-time login verification information is invalid.
When the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server carries out inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, otherwise, the one-time login verification information is indicated to be invalid.
(4) The authentication server sends the login user name of the operating system and the successful verification result to the client;
(5) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
optionally, after the step (4) and before the step (5), the method of the present invention may further include the step of performing, by the client, secondary authentication according to an authentication method corresponding to the login user name of the operating system, and determining whether to allow the login user of the operating system to log in the operating system according to a result of the secondary authentication.
It should be noted that the factor used in the secondary authentication process of this step is different from the factor used in the aforementioned process of authenticating the validity of the one-time login verification information.
Specifically, the client executes a secondary authentication process according to an authentication mode corresponding to an operating system login user name, specifically, the client starts a PAM application program of a Linux operating system to call a PAM library, the PAM library searches a configuration file of the PAM application program in a directory of the PAM library to obtain the authentication mode of the operating system login user name, if the authentication mode is empty, the authentication process is not executed, and the operating system is directly allowed to log in the operating system by a user; if the authentication mode is static password authentication, the PAM library starts a session function to send a message requesting to input a static password to a login interface of a client, and verifies whether the static password input by a login user of the operating system is correct or not, if so, the login user of the operating system is allowed to login the operating system, otherwise, the login user of the operating system is refused to login the operating system; if the authentication mode is dynamic password authentication, starting a session function by the PAM library to send a message requesting to input a dynamic password to the authentication server, if the message passing the authentication of the authentication server is received, allowing the operating system to log in the operating system by a user, allowing the operating system to log in the operating system by the user, allowing the operating system to log in the user to log in the operating system by a login user corresponding to the user name of the operating system, and if the message passing the authentication of the authentication server is not received, refusing the operating system to log in the operating system by the user; if the authentication mode is short message password authentication, the PAM library starts a session function to send a message requesting to input a short message password to an authentication server, if the message passing the authentication of the authentication server is received, the operating system is allowed to log in the operating system, the operating system is allowed to log in a login user corresponding to the operating system user name, and the operating system is refused to log in the operating system.
(6) The authentication server informs the client that the verification fails, and the process is finished.
As shown in fig. 2, according to a second embodiment of the present invention, there is provided a method for enhancing the login security of Linux operating system based on message pushing, which is applied in the environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, and the method comprises the following steps:
(1) After receiving a login request from an operating system login user, a client pushes a login authentication request message to a mobile terminal through an authentication server, wherein the login authentication request message comprises an operating system login user name;
specifically, the authentication server in the present invention has a Message pushing function, and can be implemented by google Cloud Messaging (C2 DM), message queue Telemetry Transport Protocol (MQTT), extensible Messaging and presentation Protocol (XMPP), third party push service, and the like.
Specifically, after receiving a login request from an operating system login user, the client sends a login authentication request message to the authentication server, and pushes the login authentication request message to the mobile terminal through the authentication server.
Specifically, the client is installed with a Linux operating system, which may be a Personal Computer (PC), a notebook (Laptop), a Server (Server), or the like.
The mobile terminal may be a terminal with identification information, including but not limited to a mobile phone, IPad, etc.
It should be noted that the above Linux operating systems include Linux international operating systems and Linux domestic operating systems, wherein the Linux international operating systems include, but are not limited to, ubuntu, linux, PCLinuxOS, slakwarelinux, genolinux, freeBSD, centOS, etc.; the Linux domestic operating system is a domestic operating system which is secondarily developed based on Linux, and includes, but is not limited to, eucheuman (neokyrin), eucheuman (UbuntuKylin), redflag Linux (Redflag Linux), and the like.
The login authentication request message further comprises one or more of a one-time random number, a client hardware identifier and a Linux operating system identifier of the client.
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message, and sends the one-time login verification information and the login user name of the operating system to an authentication server;
the identification information of the mobile terminal includes one or more of a private key, an encryption certificate, a seed key of the mobile terminal, and biometric information (including fingerprint, iris, face, etc.) of a user logged in by an operating system.
In this step, the process of generating the one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal may be to perform digital signature operation on the login authentication request message by using a private key of the mobile terminal to generate signature information as the one-time login verification information, or to perform encryption operation on the login authentication request message by using an encryption certificate of the mobile terminal to generate encryption information as the one-time login verification information, or to perform dynamic password operation on the login authentication request message by using a seed key of the mobile terminal to generate a one-time dynamic password as the one-time login verification information, or to perform operation on the login authentication request message by using biometric information of an operating system login user of the mobile terminal to generate authentication information as the one-time login verification information.
(3) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (4) is carried out, and if not, the step (6) is carried out;
specifically, when the one-time login verification information is signature information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server authenticates the validity of the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, and if the one-time login verification information is not valid, the one-time login verification information is invalid.
When the one-time login verification information is encrypted information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server searches a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server, then the private key is used for decrypting the encrypted information, if the decryption is successful, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is dynamic password information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server judges whether the dynamic password is valid, if so, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid or not in the step is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, and otherwise, the one-time login verification information is indicated to be invalid.
(4) The authentication server sends the login user name of the operating system and the successful verification result to the client;
(5) The client logs in the operating system by using the operating system login user name according to the successful verification result, and the process is finished;
optionally, after the step (4) and before the step (5), the method of the present invention may further include a step in which the client performs secondary authentication according to an authentication method corresponding to the login user name of the operating system, and determines whether to allow the login user of the operating system to log in the operating system according to a result of the secondary authentication.
It should be noted that the factor used in the secondary authentication process of this step is different from the factor used in the aforementioned process of authenticating the validity of the one-time login verification information.
Specifically, the client executes a secondary authentication process according to an authentication mode corresponding to the login user name of the operating system, namely, the client starts a PAM application program of the Linux operating system to call a PAM library, the PAM library searches a configuration file of the PAM application program in a directory of the PAM library to obtain the authentication mode of the login user name of the operating system, if the authentication mode is empty, the authentication process is not executed, and the operating system is directly allowed to log in the operating system by a login user; if the authentication mode is static password authentication, starting a session function by the PAM library to send a message requesting to input a static password to a login interface of the client, verifying whether the static password input by a login user of the operating system is correct or not, allowing the login user of the operating system to login the operating system if the static password is correct, and refusing the login user of the operating system to login the operating system if the static password is not correct; if the authentication mode is dynamic password authentication, the PAM library starts a session function to send a message requesting to input a dynamic password to an authentication server, if the message passing the authentication of the authentication server is received, an operating system login user is allowed to log in the operating system, the login user corresponding to the operating system user name is allowed to log in the operating system, and otherwise, the operating system login user is refused to log in the operating system; if the authentication mode is short message password authentication, the PAM library starts a session function to send a message requesting to input a short message password to the authentication server, if the message passing the authentication of the authentication server is received, the operating system is allowed to log in the operating system, the operating system is allowed to log in a login user corresponding to the operating system user name, and otherwise, the operating system is refused to log in the operating system.
(6) The authentication server informs the client that the verification fails, and the process is finished.
As shown in fig. 3, according to a third embodiment of the present invention, a method for enhancing the login security of Linux operating system based on message pushing is provided, which is applied in the environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, and the method comprises the following steps:
(1) After receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
specifically, the authentication server in the present invention has a Message pushing function, and can be implemented by google Cloud Messaging (C2 DM), message queue Telemetry Transport Protocol (MQTT), extensible Messaging and presentation Protocol (XMPP), third party push service, and the like.
Specifically, after receiving a login request from an operating system login user, the client sends a login authentication request message to the authentication server, and pushes the login request authentication message to the mobile terminal through the authentication server.
Specifically, the client is installed with a Linux operating system, which may be a Personal Computer (PC), a notebook (Laptop), a Server (Server), or the like.
The mobile terminal may be a terminal with identification information, including but not limited to a mobile phone, IPad, etc.
It should be noted that the above Linux operating systems include Linux international operating systems and Linux domestic operating systems, wherein the Linux international operating systems include, but are not limited to, ubuntu, linux, PCLinuxOS, slakwarelinux, genolinux, freeBSD, centOS, etc.; the Linux domestic operating system is a domestic operating system which is secondarily developed based on Linux, and includes, but is not limited to, the medium-grade eucheuman (NeoKylin), eucheuman (ubuntukkylin), redflag Linux (Redflag Linux), and the like.
The login authentication request message comprises one or more of a one-time random number, a client hardware identifier and a Linux operating system identifier of the client.
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message, and sends the one-time login verification information to the authentication server;
the identity information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information (including fingerprints, irises, human faces and the like) of a login user of the operating system of the mobile terminal.
In this step, the process of generating the one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal may be to perform digital signature operation on the login authentication request message by using a private key of the mobile terminal to generate signature information as the one-time login verification information, or to perform encryption operation on the login authentication request message by using an encryption certificate of the mobile terminal to generate encryption information as the one-time login verification information, or to perform dynamic password operation on the login authentication request message by using a seed key of the mobile terminal to generate a one-time dynamic password as the one-time login verification information, or to perform operation on the login authentication request message by using biometric information of an operating system login user of the mobile terminal to generate authentication information as the one-time login verification information.
(3) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (4) is carried out, otherwise, the step (6) is carried out;
specifically, when the one-time login verification information is signature information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server authenticates the validity of the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, and if the one-time login verification information is not valid, the one-time login verification information is invalid.
When the one-time login verification information is encrypted information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server searches a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server, then the private key is used for decrypting the encrypted information, if the decryption is successful, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is dynamic password information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server judges whether the dynamic password is valid, if so, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid or not in the step is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, and otherwise, the one-time login verification information is indicated to be invalid.
(4) The authentication server sends the successful verification result and the operating system login user name created when the mobile terminal registers to the authentication server to the client;
(5) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
optionally, after the step (4) and before the step (5), the method of the present invention may further include the step of performing, by the client, secondary authentication according to an authentication method corresponding to the login user name of the operating system, and determining whether to allow the login user of the operating system to log in the operating system according to a result of the secondary authentication.
It should be noted that the factor used in the secondary authentication process of this step is different from the factor used in the aforementioned process of authenticating validity of the one-time login verification information.
Specifically, the client executes a secondary authentication process according to an authentication mode corresponding to the login user name of the operating system, namely, the client starts a PAM application program of the Linux operating system to call a PAM library, the PAM library searches a configuration file of the PAM application program in a directory of the PAM library to obtain the authentication mode of the login user name of the operating system, if the authentication mode is empty, the authentication process is not executed, and the operating system is directly allowed to log in the operating system by a login user; if the authentication mode is static password authentication, starting a session function by the PAM library to send a message requesting to input a static password to a login interface of the client, verifying whether the static password input by a login user of the operating system is correct or not, allowing the login user of the operating system to login the operating system if the static password is correct, and refusing the login user of the operating system to login the operating system if the static password is not correct; if the authentication mode is dynamic password authentication, starting a session function by the PAM library to send a message requesting to input a dynamic password to the authentication server, if the message passing the authentication of the authentication server is received, allowing the operating system to log in the operating system by a user, allowing the operating system to log in the operating system by the user, allowing the operating system to log in the user to log in the operating system by a login user corresponding to the user name of the operating system, and if the message passing the authentication of the authentication server is not received, refusing the operating system to log in the operating system by the user; if the authentication mode is short message password authentication, the PAM library starts a session function to send a message requesting to input a short message password to the authentication server, if the message passing the authentication of the authentication server is received, the operating system is allowed to log in the operating system, the operating system is allowed to log in a login user corresponding to the operating system user name, and otherwise, the operating system is refused to log in the operating system.
(6) The authentication server informs the client that the verification fails, and the process is finished.
It will be understood by those skilled in the art that the foregoing is only an exemplary embodiment of the present invention, and is not intended to limit the invention to the particular forms disclosed, since various modifications, substitutions and improvements within the spirit and scope of the invention are possible and within the scope of the appended claims.

Claims (7)

1. A method for enhancing the login security of a Linux operating system based on message pushing is applied to the environments of an authentication server, a client and a mobile terminal, wherein the authentication server is in communication connection with both the client and the mobile terminal, and the client is provided with the Linux operating system, and is characterized by comprising the following steps:
(1) After receiving a login request from an operating system login user, a client pushes a login authentication request message to a mobile terminal through an authentication server, wherein the login authentication request message comprises one or more of a one-time random number, a client hardware identifier and a client Linux operating system identifier;
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message, and sends the one-time login verification information to the authentication server; the identity identification information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information of a user logged in by an operating system of the mobile terminal;
when the identity identification information of the mobile terminal is an encrypted certificate of the mobile terminal, the process of generating one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to perform encryption operation on the login authentication request message by using the encrypted certificate of the mobile terminal so as to generate encrypted information as the one-time login verification information;
(3) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (4) is carried out, and if not, the step (6) is carried out;
when the one-time login verification information is encrypted information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, searching a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server by using the private key, decrypting the encrypted information by using the private key, if the decryption is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
(4) The authentication server sends a verification success result to the client;
(5) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
(6) The authentication server informs the client that the verification fails, and the process is finished.
2. The method for enhancing login security of Linux operating system based on message pushing according to claim 1, wherein the step of sending the message to the client,
when the identity identification information of the mobile terminal is the private key of the mobile terminal, the process of generating the one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to use the private key of the mobile terminal to perform digital signature operation on the login authentication request message to generate signature information as the one-time login verification information;
when the identity identification information of the mobile terminal is the seed key of the mobile terminal, the process of generating the one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to use the seed key of the mobile terminal to perform dynamic password operation on the login authentication request message so as to generate a one-time dynamic password as the one-time login verification information;
when the identification information of the mobile terminal is the biological identification information of the operating system login user of the mobile terminal, the process of generating the one-time login verification information by using the identification information of the mobile terminal and the login authentication request message is to use the biological identification information of the operating system login user of the mobile terminal to calculate the login authentication request message to generate the authentication information as the one-time login verification information.
3. The method for enhancing the login security of the Linux operating system based on the message push according to claim 2, wherein,
when the one-time login verification information is signature information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, carrying out validity authentication on the signature information by an authentication server, if the one-time login verification information is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is dynamic password information, the encrypted information judges whether the one-time login verification information from the mobile terminal is valid or not, specifically, the authentication server judges whether the dynamic password is valid or not, if so, the one-time login verification information is valid, otherwise, the one-time login verification information is invalid;
when the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, otherwise, the one-time login verification information is indicated to be invalid.
4. The method for enhancing login security of Linux operating system based on message pushing according to claim 1, wherein the login user name of the operating system is included in the login authentication request message in step (1), or is built in the mobile terminal in step (2), or is created by the authentication server in step (4) when the mobile terminal registers with the mobile terminal.
5. The method for enhancing login security of a Linux operating system based on message pushing according to claim 1, further comprising after the step (4) and before the step (5), the client performing a secondary authentication process according to an authentication method corresponding to a login user name of the operating system, and determining whether to allow the operating system to log in the operating system according to a secondary authentication result.
6. The method for enhancing the login security of the Linux operating system based on the message pushing according to claim 5, wherein the secondary authentication process is executed by the client according to the authentication mode corresponding to the login user name of the operating system, specifically, the client starts a PAM application program of the Linux operating system to call a PAM library, the PAM library searches a configuration file of the PAM application program in a directory of the PAM library to obtain the authentication mode of the login user name of the operating system, if the authentication mode is null, the authentication process is not executed, and the login user of the operating system is directly allowed to login the operating system; if the authentication mode is static password authentication, starting a session function by the PAM library to send a message requesting to input a static password to a login interface of the client, verifying whether the static password input by a login user of the operating system is correct or not, allowing the login user of the operating system to login the operating system if the static password is correct, and refusing the login user of the operating system to login the operating system if the static password is not correct; if the authentication mode is dynamic password authentication, the PAM library starts a session function to send a message requesting to input a dynamic password to an authentication server, if the message passing the authentication of the authentication server is received, an operating system login user is allowed to log in the operating system, the login user corresponding to the operating system user name is allowed to log in the operating system, and otherwise, the operating system login user is refused to log in the operating system; if the authentication mode is short message password authentication, the PAM library starts a session function to send a message requesting to input a short message password to an authentication server, if the message passing the authentication of the authentication server is received, the operating system is allowed to log in the operating system, the operating system is allowed to log in a login user corresponding to the operating system user name, and the operating system is refused to log in the operating system.
7. The utility model provides a system for strengthening Linux operating system login security based on message propelling movement, is applied in the environment of authentication server, customer end and mobile terminal, wherein authentication server and both communication connection of customer end and mobile terminal, and Linux operating system is installed to the customer end, and its characterized in that, this system includes:
the system comprises a first module, a second module and a third module, wherein the first module is arranged in a client and used for pushing a login authentication request message to a mobile terminal through an authentication server after receiving a login request from an operating system login user, and the login authentication request message comprises one or more of a one-time random number, a client hardware identifier and a Linux operating system identifier of the client;
the second module is arranged in the mobile terminal and used for generating one-time login verification information by utilizing the identity identification information and the login authentication request message of the mobile terminal, sending the one-time login verification information to the authentication server, generating one-time login verification information by utilizing the identity identification information and the login authentication request message of the authentication server and sending the one-time login verification information to the authentication server; the identity identification information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information of a user logged in by an operating system of the mobile terminal;
when the identity identification information of the mobile terminal is the encrypted certificate of the mobile terminal, the identity identification information of the mobile terminal and the login authentication request message are used for generating the one-time login authentication information, and the process is that the encrypted certificate of the mobile terminal is used for carrying out encryption operation on the login authentication request message to generate the encrypted information as the one-time login authentication information;
the third module is arranged in the authentication server and used for judging whether the one-time login verification information from the mobile terminal is valid or not, if so, switching to the fourth module, and otherwise, switching to the sixth module;
when the one-time login verification information is encrypted information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, searching a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server by using the authentication server, decrypting the encrypted information by using the private key, if the decryption is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
the fourth module is arranged in the authentication server and used for sending the verification success result to the client;
a fifth module, which is arranged in the client and used for logging in the operating system by using the operating system to log in the user name according to the successful verification result, and the process is finished;
and the sixth module is arranged in the authentication server and used for notifying the client that the verification fails and finishing the process.
CN201910947261.7A 2019-09-30 2019-09-30 Method and system for enhancing login security of Linux operating system based on message pushing Active CN111083100B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910947261.7A CN111083100B (en) 2019-09-30 2019-09-30 Method and system for enhancing login security of Linux operating system based on message pushing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910947261.7A CN111083100B (en) 2019-09-30 2019-09-30 Method and system for enhancing login security of Linux operating system based on message pushing

Publications (2)

Publication Number Publication Date
CN111083100A CN111083100A (en) 2020-04-28
CN111083100B true CN111083100B (en) 2022-10-11

Family

ID=70310265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910947261.7A Active CN111083100B (en) 2019-09-30 2019-09-30 Method and system for enhancing login security of Linux operating system based on message pushing

Country Status (1)

Country Link
CN (1) CN111083100B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111953481A (en) * 2020-07-28 2020-11-17 麒麟软件有限公司 PAM-based dynamic password authentication method
CN114139131A (en) * 2021-12-03 2022-03-04 深圳竹云科技有限公司 Operating system login method and device and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195932A (en) * 2010-03-05 2011-09-21 北京路模思科技有限公司 Method and system for realizing network identity authentication based on two pieces of isolation equipment
WO2014027998A1 (en) * 2012-08-14 2014-02-20 Empire Technology Development Llc Updating a currently utilized device
CN104902028A (en) * 2015-06-19 2015-09-09 赛肯(北京)科技有限公司 Onekey registration authentication method, device and system
CN106656952A (en) * 2016-09-21 2017-05-10 北京神州绿盟信息安全科技股份有限公司 Authentication method, device and system for registration equipment
CN108234412A (en) * 2016-12-15 2018-06-29 腾讯科技(深圳)有限公司 Auth method and device
CN108965341A (en) * 2018-09-28 2018-12-07 北京芯盾时代科技有限公司 The method, apparatus and system of login authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10887103B2 (en) * 2015-02-27 2021-01-05 Feitian Technologies Co., Ltd. Operating method for push authentication system and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195932A (en) * 2010-03-05 2011-09-21 北京路模思科技有限公司 Method and system for realizing network identity authentication based on two pieces of isolation equipment
WO2014027998A1 (en) * 2012-08-14 2014-02-20 Empire Technology Development Llc Updating a currently utilized device
CN104902028A (en) * 2015-06-19 2015-09-09 赛肯(北京)科技有限公司 Onekey registration authentication method, device and system
CN106656952A (en) * 2016-09-21 2017-05-10 北京神州绿盟信息安全科技股份有限公司 Authentication method, device and system for registration equipment
CN108234412A (en) * 2016-12-15 2018-06-29 腾讯科技(深圳)有限公司 Auth method and device
CN108965341A (en) * 2018-09-28 2018-12-07 北京芯盾时代科技有限公司 The method, apparatus and system of login authentication

Also Published As

Publication number Publication date
CN111083100A (en) 2020-04-28

Similar Documents

Publication Publication Date Title
JP6882254B2 (en) Safety verification methods based on biological characteristics, client terminals, and servers
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
CN104065652B (en) A kind of auth method, device, system and relevant device
US20200067705A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
CN111431719A (en) Mobile terminal password protection module, mobile terminal and password protection method
CN111031539A (en) Method and system for enhancing login security of Windows operating system based on mobile terminal
US9055061B2 (en) Process of authentication for an access to a web site
TW201545526A (en) Method, apparatus, and system for providing a security check
CN109325342A (en) Identity information management method, apparatus, computer equipment and storage medium
US20140053251A1 (en) User account recovery
CN109474437B (en) Method for applying digital certificate based on biological identification information
CN104767616A (en) Message processing method, system and related device
CN104767617A (en) Message processing method, system and related device
CN111954211A (en) Novel authentication key negotiation system of mobile terminal
CN111083100B (en) Method and system for enhancing login security of Linux operating system based on message pushing
CN110753029B (en) Identity verification method and biological identification platform
CN111125668A (en) Method and system for enhancing login security of Linux operating system based on mobile terminal
CN111131140B (en) Method and system for enhancing login security of Windows operating system based on message pushing
CN112364322A (en) Safety verification system and method for instant communication tool
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN114584324B (en) Identity authorization method and system based on block chain
CN111078649A (en) Block chain-based on-cloud file storage method and device and electronic equipment
CN106533685B (en) Identity authentication method, device and system
KR102561689B1 (en) Apparatus and method for registering biometric information, apparatus and method for biometric authentication
KR20050070381A (en) Authentication system based on one-time password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant