CN101051904B - Method for landing by account number cipher for protecting network application sequence - Google Patents

Method for landing by account number cipher for protecting network application sequence Download PDF

Info

Publication number
CN101051904B
CN101051904B CN200710049117A CN200710049117A CN101051904B CN 101051904 B CN101051904 B CN 101051904B CN 200710049117 A CN200710049117 A CN 200710049117A CN 200710049117 A CN200710049117 A CN 200710049117A CN 101051904 B CN101051904 B CN 101051904B
Authority
CN
China
Prior art keywords
client
account
server
cipher
random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200710049117A
Other languages
Chinese (zh)
Other versions
CN101051904A (en
Inventor
周冠强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Kingsoft Interactive Entertainment Co Ltd
Original Assignee
Chengdu Kingsoft Interactive Entertainment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Kingsoft Interactive Entertainment Co Ltd filed Critical Chengdu Kingsoft Interactive Entertainment Co Ltd
Priority to CN200710049117A priority Critical patent/CN101051904B/en
Publication of CN101051904A publication Critical patent/CN101051904A/en
Application granted granted Critical
Publication of CN101051904B publication Critical patent/CN101051904B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

Through client end to input cipher, then the method carries out log on through authentication at server end. Characters are that universal keyboard drive program is setup at client end, encrypted private key and module for encrypting private key are preset inside the keyboard drive program; at same time, being identical to those setup at client end, the encrypted private key and module for encrypting private key are also setup at server end. The invention can prevent wooden horse virus process possessing function of recording keyboard and running at application layer on operation system from stealing account cipher input by user effectively as well as prevent network monitor tool (NMT) from intercepting log on data packet containing information of user account cipher etc, and prevent NMT implements chicaning log on through software method.

Description

The method that a kind of protecting network application program uses account number cipher to login
Technical field
The present invention relates to internet, applications Information Security process field, the method that particularly a kind of protecting network application program uses account number cipher to land.
Background technology
Flourish along with the internet information industry, more and more general based on the application of the Internet, as online game, instant chat software, the Internet bank etc., and account number cipher is the authentication means that present most of web application adopts; In order to seek unlawful interests, the situation that the lawless person utilizes means such as viral wooden horse to steal other people account number cipher takes place again and again; In addition; the lawless person can also utilize network monitor instrument intercept network program login data and implement the swindle of server is logined with software approach; therefore the effectively account number cipher fail safe of protecting network application program is an important topic of development internet, applications.
Prevent keyboard writing function theft account number cipher, conventional method typically uses soft keyboard, promptly change into corresponding keyboard input information by the click graphics field, the main drawback that this method exists is viral and wooden horse can be at specific software, write down the soft keyboard layout that they use, by the information reverting of intercepting and capturing click information, thereby steal the account number cipher of user's login with user's input.In addition, concerning the user, use the operation of soft keyboard more loaded down with trivial details, very not directly perceived.
Implement the problem that swindle is logined for network monitor instrument intercepting login data and with software approach, use main socket layer safe in utilization at the higher Web of some security requirements, be that Security Socket Layer (abbreviation SSL) guarantees the fail safe of communication, as be applied to the HTTPS (HTTP+SSL) of website service.SSL is to use the secure network communications protocol of PKI and private key techniques combination, it is very high to the server hardware performance requirement of Web system to dispose SSL, initialization SSL session is handled complicated Handshake Protocol with the state information process need that is connected between the server and client side, increase extra network burden, the user also has the tangible stand-by period in use.In addition; number of patent application provides a kind of method of utilizing disposable random number to carry out authenticating user identification for 03148856.0 Chinese invention patent application; treat verify data (number of the account, password or both combinations) and the raw information of random number composition is encrypted with the MD5 message digest algorithm; sending to server end then verifies; and the method only can be protected the transmission of account number cipher data, can not prevent the steal-number behavior of virus and wooden horse.
Summary of the invention
The present invention is for the method that provides a kind of protecting network application program to use account number cipher to login is provided; can prevent effectively that processes such as trojan horse from stealing the account number cipher of user input; perhaps the network monitor instrument is intercepted and captured login data and is carried out server swindle login, the fail safe that has improved network application information greatly.
Technical scheme of the present invention is as follows:
The method that a kind of protecting network application program uses account number cipher to login, import by the client password, checking is logined through server end then, it is characterized in that: client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use.
Described concrete use step is as follows:
A, user end to server end are initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server end returns, activate keyboard drive, accept user's account number cipher input;
C, default encryption key and the encrypted private key module of described keyboard driver are encrypted the encrypted message after client obtains encrypting to the account number cipher of step party B-subscriber input;
D, client are respectively to user account information, user cipher after the encryption adds that the data splitting of the random number information that obtains from step B carries out irreversible informative abstract and encrypts, and then the summary info of the summary info of number of the account and password+random number data splitting is packaged into login data and sends to the server end requests verification;
E, after server end receives the login data of client, parse the summary info of number of the account summary info and encryption back password+random number data splitting respectively, the number of the account summary info that obtains by parsing retrieves number of the account summary info that server end deposits and the encrypted message behind the encrypted private key, the Crypted password that retrieval is come out and the data splitting of server end random number are carried out the informative abstract encryption the same with client then, compare generating after the encryption that informative abstract and client send the summary info of password+random number data splitting, can judge the correctness of account number cipher.
Among the described step C, client activates the encryption function of keyboard driver by the interactive interface DeviceIoControl of device driver, keyboard driver receives the keypad code of input at the driving bottom of operating system, by encryption key and encrypted private key module the input keyboard sign indicating number is encrypted, keypad code after encrypting is put into the operating system application layer, and client obtains is that the user inputs information after the encryption of password.The algorithm employing data encryption standard of encrypted private key module (Data Encryptoin Standard, DES).
Among the described step D client to data splitting carry out informative abstract encrypt to adopt irreversible Secure Hash Algorithm (Safe Hash Algorithm, SHA).The data splitting of the random number of the user cipher that client was encrypted user account number and keyboard driver respectively+receive from server is carried out informative abstract and is encrypted, the informative abstract data encapsulation of SHA (Account) and SHA (Password+RandomWord) is become login data, send to server end and verify.
Beneficial effect of the present invention is as follows:
The present invention can effectively prevent to operate in the trojan horse process with keyboard writing function of operating system application layer and steal the account number cipher of user's input, can prevent that also the network monitor instrument from intercepting and capturing the login data that contains information such as user account password and implementing the swindle login with software approach.
Description of drawings
Fig. 1 is a flow chart of the present invention
Embodiment
Embodiment 1
The method that a kind of protecting network application program uses account number cipher to login, import by the client password, checking is logined through server end then, and client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use.
Described concrete use step is as follows:
A, user end to server end are initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server end returns, activate keyboard drive, accept user's account number cipher input;
C, default encryption key and the encrypted private key module of described keyboard driver are encrypted the encrypted message after client obtains encrypting to the account number cipher of step party B-subscriber input;
D, client are respectively to user account information, user cipher after the encryption adds that the data splitting of the random number information that obtains from step B carries out irreversible informative abstract and encrypts, and then the summary info of the summary info of number of the account and password+random number data splitting is packaged into login data and sends to the server end requests verification;
E, after server end receives the login data of client, parse the summary info of number of the account summary info and encryption back password+random number data splitting respectively, the number of the account summary info that obtains by parsing retrieves number of the account summary info that server end deposits and the encrypted message behind the encrypted private key, the Crypted password that retrieval is come out and the data splitting of server end random number are carried out the informative abstract encryption the same with client then, compare generating after the encryption that informative abstract and client send the summary info of password+random number data splitting, can judge the correctness of account number cipher.
Embodiment 2
The method that a kind of protecting network application program uses account number cipher to login; client activates the encryption function of keyboard driver by the interactive interface DeviceIoControl of device driver; keyboard driver receives the account number cipher of input at the driving bottom of operating system; by encryption key and encrypted private key module the input account number cipher is encrypted; account number cipher after encrypting is put into the operating system application layer, and client obtains is that the user inputs information after the encryption of password.The algorithm employing data encryption standard of encrypted private key module (DataEncryptoin Standard, DES).
Embodiment 3
The method that a kind of protecting network application program uses account number cipher to login, client to data splitting carry out informative abstract encrypt adopt irreversible Secure Hash Algorithm (Safe Hash Algorithm, SHA).The data splitting of the random number of the user cipher that client was encrypted user account and keyboard driver respectively+receive from server end is carried out informative abstract and is encrypted, the informative abstract data encapsulation of SHA (Account) and SHA (Password+RandomWord) is become login data, send to server end and verify.
Embodiment 4
The method that a kind of protecting network application program uses account number cipher to login, the client (as network game client, chat tool client etc.) that network application software at first is installed on the subscriber's local computer.This client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use.
Described concrete use step is as follows:
A, user start the client-side program of network application software, and the client-side program initialization procedure loads described keyboard driver; After loading was finished, the user end to server end was initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server returns, enter the interface of user account password input;
C, when the user prepares to input password, the interactive interface DeviceIoControl of client by device driver activates the encryption function of keyboard drive.Keyboard driver receives the account number cipher of user's input at the driving bottom of computer operating system, according to described default encrypting module and key user among the step B being imported account number cipher encrypts, render to the operating system application layer encrypting the back account number cipher, the encrypted message of the user's input after the account number cipher inputting interface of client can obtain to encrypt;
D, client are respectively to user account number, the data splitting of the random number of the encrypted message that keyboard driver was encrypted+receive from server end, carry out irreversible Secure Hash Algorithm (SHA) and carry out the eap-message digest encryption, the eap-message digest data of SHA (Account) and SHA (Password+RandomWord) are packaged into network packet together, send to server end and carry out login authentication;
After E, server end receive the login data of client, parse the SHA summary info of number of the account and password; Because message digest algorithm is irreversible, so what server end was deposited is not original account number cipher, but the user account that SHA encrypts and the user cipher of encrypted private key, the account information of utilizing client to send can retrieve server end and leave number of the account and password in database or the file in.Equally, the password that retrieval is come out and the data splitting of random number carry out the SHA informative abstract, and the cryptographic summary information that summary info and client are sent is just compared, and can verify the accuracy of account number cipher, by after accept user login, otherwise refusal login.

Claims (3)

1. a protecting network application program is used the method that account number cipher is logined, import by the client password, checking is logined through server end then, it is characterized in that: client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use; The algorithm of described encrypted private key module adopts DES Cipher;
The concrete step of using is as follows:
A, user end to server end are initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server end returns, activate keyboard drive, accept user's account number cipher input;
C, default encryption key and the encrypted private key module of described keyboard driver are encrypted the encrypted message after client obtains encrypting to the account number cipher of step party B-subscriber input;
D, client are respectively to user account information, user cipher after the encryption adds that the data splitting of the random number information that obtains from step B carries out irreversible informative abstract and encrypts, and then the summary info of the summary info of number of the account and password+random number data splitting is packaged into login data and sends to the server end requests verification;
E, after server end receives the login data of client, parse the summary info of number of the account summary info and encryption back password+random number data splitting respectively, the number of the account summary info that obtains by parsing retrieves number of the account summary info that server end deposits and the encrypted message behind the encrypted private key, the Crypted password that retrieval is come out and the data splitting of server end random number are carried out the informative abstract encryption the same with client then, compare generating after the encryption that informative abstract and client send the summary info of password+random number data splitting, can judge the correctness of account number cipher.
2. the method for using account number cipher to login according to the described a kind of protecting network application program of claim 1; it is characterized in that: among the described step C; client activates the encryption function of keyboard driver by the interactive interface DeviceIoControl of device driver; keyboard driver receives the keypad code of input at the driving bottom of operating system; by encryption key and encrypted private key module the input keyboard sign indicating number is encrypted; keypad code after encrypting is put into the operating system application layer, and client obtains is that the user inputs information after the encryption of password.
3. the method for using account number cipher to login according to the described a kind of protecting network application program of claim 1 is characterized in that: client is carried out informative abstract to data splitting and is encrypted and adopt irreversible Secure Hash Algorithm among the described step D.
CN200710049117A 2007-05-17 2007-05-17 Method for landing by account number cipher for protecting network application sequence Active CN101051904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200710049117A CN101051904B (en) 2007-05-17 2007-05-17 Method for landing by account number cipher for protecting network application sequence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200710049117A CN101051904B (en) 2007-05-17 2007-05-17 Method for landing by account number cipher for protecting network application sequence

Publications (2)

Publication Number Publication Date
CN101051904A CN101051904A (en) 2007-10-10
CN101051904B true CN101051904B (en) 2010-05-19

Family

ID=38783119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200710049117A Active CN101051904B (en) 2007-05-17 2007-05-17 Method for landing by account number cipher for protecting network application sequence

Country Status (1)

Country Link
CN (1) CN101051904B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478407B (en) * 2008-01-03 2011-05-25 联想(北京)有限公司 Method and apparatus for on-line safe login
CN102387069B (en) * 2011-10-08 2014-05-07 华为技术有限公司 Method and system for connecting clients with server and clients as well as server
CN102780812B (en) * 2011-11-30 2014-02-19 北京数字认证股份有限公司 Method and system for achieving safe input by using mobile terminal
CN103581121B (en) * 2012-07-25 2019-04-16 深圳中兴网信科技有限公司 A kind of login authentication method and system of web application
CN103780379B (en) * 2012-10-19 2017-09-19 阿里巴巴集团控股有限公司 Cipher encrypting method and system and cryptographic check method and system
CN105164969B (en) * 2013-12-06 2018-10-19 北京新媒传信科技有限公司 The recognition methods of instant communication client and identifying system
CN103731258B (en) * 2013-12-20 2017-07-28 三星电子(中国)研发中心 Generate the method and apparatus of key
CN103825910B (en) * 2014-03-19 2018-04-10 北京极科极客科技有限公司 The method and apparatus for obtaining network access authentication information
CN103929743B (en) * 2014-04-28 2018-08-28 深圳市杰瑞特科技有限公司 A kind of encryption method to mobile intelligent terminal transmission data
CN104243484B (en) * 2014-09-25 2016-04-13 小米科技有限责任公司 Information interacting method and device, electronic equipment
CN106302369A (en) * 2015-06-11 2017-01-04 杭州海康威视数字技术股份有限公司 Long-range Activiation method, device and the remote activation system of a kind of network monitoring device
CN105160214A (en) * 2015-06-19 2015-12-16 收付宝科技有限公司 Multi-password electronic signature account protection system and multi-password electronic signature account protection method
CN105069351A (en) * 2015-07-23 2015-11-18 浪潮电子信息产业股份有限公司 Apparatus and method for preventing stealing of login information of application program
CN107317791B (en) * 2016-12-15 2018-07-31 平安科技(深圳)有限公司 Login validation method, logging request method and Security Login System
CN107231346A (en) * 2017-05-03 2017-10-03 北京海顿中科技术有限公司 A kind of method of cloud platform identification
CN110674493B (en) * 2019-09-29 2021-05-14 重庆市筑智建信息技术有限公司 BIM system login verification method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1502185A (en) * 2000-05-01 2004-06-02 国际商业机器公司 Improving DES hardware throughput for short operations
CN1567294A (en) * 2003-06-14 2005-01-19 华为技术有限公司 User certification method
CN1702998A (en) * 2005-06-09 2005-11-30 石国伟 A method for inputting private data in network application

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1502185A (en) * 2000-05-01 2004-06-02 国际商业机器公司 Improving DES hardware throughput for short operations
CN1567294A (en) * 2003-06-14 2005-01-19 华为技术有限公司 User certification method
CN1702998A (en) * 2005-06-09 2005-11-30 石国伟 A method for inputting private data in network application

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
同上.

Also Published As

Publication number Publication date
CN101051904A (en) 2007-10-10

Similar Documents

Publication Publication Date Title
CN101051904B (en) Method for landing by account number cipher for protecting network application sequence
CN106330850B (en) Security verification method based on biological characteristics, client and server
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
KR101130415B1 (en) A method and system for recovering password protected private data via a communication network without exposing the private data
JP2015528149A (en) Start of corporate trigger type 2CHK association
JP2016063533A (en) Network authentication method for electronic transactions
US8904195B1 (en) Methods and systems for secure communications between client applications and secure elements in mobile devices
CN104917741B (en) A kind of plain text document public network secure transmission system based on USBKEY
EP2251810B1 (en) Authentication information generation system, authentication information generation method, and authentication information generation program utilizing a client device and said method
KR20080101333A (en) Secutiry method using virtual keyboard
US20190238334A1 (en) Communication system, communication client, communication server, communication method, and program
CN105072125B (en) A kind of http communication system and method
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN101420302A (en) Safe identification method and device
WO2020237868A1 (en) Data transmission method, electronic device, server and storage medium
CN109740319B (en) Digital identity verification method and server
CN103685239A (en) Real-time encryption and decryption system and real-time encryption and decryption method for mobile products
WO2008053279A1 (en) Logging on a user device to a server
CN107404476B (en) Method and device for protecting data security in big data cloud environment
CN109362074A (en) The method of h5 and server-side safety communication in a kind of mixed mode APP
KR20180029932A (en) Method and apparatus for providing encryption security message
CN109474431A (en) Client certificate method and computer readable storage medium
CN112564887A (en) Key protection processing method, device, equipment and storage medium
CN112865965A (en) Train service data processing method and system based on quantum key
KR101327193B1 (en) A user-access trackable security method for removable storage media

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant