CN101527706A - Digital authentication method for improving network security - Google Patents
Digital authentication method for improving network security Download PDFInfo
- Publication number
- CN101527706A CN101527706A CN200810028768A CN200810028768A CN101527706A CN 101527706 A CN101527706 A CN 101527706A CN 200810028768 A CN200810028768 A CN 200810028768A CN 200810028768 A CN200810028768 A CN 200810028768A CN 101527706 A CN101527706 A CN 101527706A
- Authority
- CN
- China
- Prior art keywords
- client
- sign indicating
- indicating number
- safety device
- usb interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a digital authentication method for improving network security. The digital authentication method is realized by the following devices: a server-side authentication device (4), a client retrieving device (5), a variable code safety device (3) plugged in a computer USB interface at a client (2), an encryption and decryption program (6) corresponding to the variable code safety device (3), a server end (1) and the client (2). By using variable code technology, while a computer user uses the account ID-password for login authentication, the variable code safety device (3) plugged in the computer USB interface at the client (2) adds the variable code digital authentication system; therefore, although the usual account password is stolen, the digital authentication method can also prevent the illegal entrants from entering the network system. By using the single digital certificate transfer, the digital authentication method avoids the risk of being detected caused by frequent handshakes, and adapts to general population based on the USB interface.
Description
Technical field
The present invention relates to a kind of digital authentication method based on the raising network security that becomes the sign indicating number technology.
Background technology
Along with the progress and the high speed development of internet, the fail safe that makes the computer user land network account seems more important.The main at present encryption measures that adopts mainly contains " automatic random disposable password " and " time synchronized becomes sign indicating number ".So-called " automatic random disposable password " is by repeatedly the shaking hands of user and server, and confirms the method that access to your password next time at last.The advantage of doing like this is the randomness and the uncertainty of password, but owing to need repeatedly shake hands and communicate by letter, causes password repeatedly frequently to transmit on network, has increased the risk of being detected, and greatly reduces fail safe.So-called " time synchronized becomes the sign indicating number technology " is to make the server end algorithm identical with the client terminal device use produce every 1 minute at natural time to become sign indicating number synchronously, import and be sent to the method for server to sign indicating number in client when landing.Owing to need the user to input password, check the time, and do a large amount of initialized work, than the nonsynchronous problem that is easier to occur, and complicated operation brings inconvenience to the user, and the server data operand is huger in addition, in case can bring bigger burden when the user is many.
Summary of the invention
Technical problem to be solved by this invention is to overcome the deficiencies in the prior art, provides a kind of the employing to become the digital authentication method that the sign indicating number technology improves network security.
The technical solution adopted in the present invention is: the system environments of the present invention operation comprises server end, the client of internet and is plugged on change sign indicating number safety device on the client computer USB interface; The realization of described digital authentication method by server-side certificate device, client transfer device, be plugged on change sign indicating number safety device on the client computer USB interface, the encrypting and decrypting program, server end and the client that become sign indicating number safety device correspondence be responsible for finishing; The user uses the mode of account ID-password to authenticate simultaneously the following authenticating step of the automated system operation that utilizes digital authentication method of the present invention to develop:
Server end uses the account ID that account ID-requirement of password landing approach is imported according to the user, sends correspondence to client in the intrinsic manufacturing ID of the permanent USB of server end registered in advance, account ID, the order of transferring cipher authentication;
Client and client are transferred device and are carried out communication, obtain encrypted code in the change sign indicating number safety device that is plugged on the client computer USB interface by the encrypting and decrypting program that becomes sign indicating number safety device correspondence;
Downloading to client transfers this encrypted code of device and is sent to the server-side certificate device by client and server end;
The server-side certificate device is decrypted, authenticates the encrypted code of receiving, if legal, will send out legal information and give server end; Otherwise, notice client certificate work failure;
Be plugged on the change sign indicating number safety device on the client computer USB interface, read the back and automatically produce new authentication code being transferred device by client;
The server-side certificate device after the authentication legal information, by be plugged on the client computer USB interface on the verify data storage device bound mutually of change sign indicating number safety device produce new authentication code;
The new authentication code that is plugged on the change sign indicating number safety device generation on the client computer USB interface is identical with the new authentication code that the server-side certificate device produces after the authentication legal information, can normally land network;
Comprise single-chip microcomputer, USB driving arrangement hardware in the wherein said change sign indicating number safety device that is plugged on the client computer USB interface.
Described server-side certificate device is the application program that is independent of in the server end Web system.
Described client is transferred device for being embedded in the client.
The described driver that is plugged on the change sign indicating number safety device correspondence on the client computer USB interface is suitable for the program of moving in windows2000, windowsXP, the windowsME operating system into using the C language compilation.
Cryptographic algorithm in the described change sign indicating number safety device that is plugged on the client computer USB interface adopts the cryptographic algorithm of solidifying in the hardware chip.
The described change sign indicating number safety device independent operating that is plugged on the client computer USB interface is not stored any external information.
Adopt technique scheme, when using account ID-password debarkation authentication by the computer user exactly, increased this cover rolling code Verification System again.The authentication code after 64 bit encryptions is adopted in this authentication, each authentication back server authentication device and the change sign indicating number safety device that is plugged on the client computer USB interface become sign indicating number synchronously, the user in use needs to remove to use this change sign indicating number safety device as key, could normally land network.Without it, can't enter the user on the network at all, therefore, even common account password is stolen, this cover Verification System of the present invention can prevent that still illegal person from entering system, that is to say the present invention after common account-password debarkation authentication, add last layer again and be difficult to the Verification System that cracks more.
The invention has the beneficial effects as follows:
(1) the present invention adopts to roll and becomes the sign indicating number technology, has reduced the property detected;
(2) the present invention adopts full automatic software trigger mode, need not the user and do any operation on device;
(3) the present invention adopts the transmission of single digital certificate, has avoided frequently shaking hands and by the risk detected;
(4) the present invention adopts USB interface, need not install driver during use.
Description of drawings
Fig. 1 is the technical solution of the present invention structural representation;
Fig. 2 is the electrical block diagram that is plugged on the change sign indicating number safety device on the client computer USB interface described in the present invention;
Fig. 3 is the outline flowchart that client described in the present invention is transferred device;
Fig. 4 is the outline flowchart of the device of server-side certificate described in the present invention.
Embodiment
As shown in Figure 1, running environment of the present invention comprises server end 1, the client 2 of internet and is plugged on change sign indicating number safety device 3 (abbreviating secret key as) on the client 2 computer USB interface; The realization of digital authentication method of the present invention by server-side certificate device 4 (Sever API), client transfer device 5 (Client API), be plugged on change sign indicating number safety device 3 on the client 2 computer USB interface, the encrypting and decrypting program 6, server end 1 and the client 2 that become sign indicating number safety device 3 correspondences be responsible for finishing; The user uses the mode of account ID-password to authenticate simultaneously the following authenticating step of the automated system operation that utilizes described digital authentication method to develop:
Downloading to client transfers this encrypted code of device 5 and is sent to server-side certificate device 4 by client 2 and server end 1;
4 pairs of encrypted codes of receiving of server-side certificate device are decrypted, authenticate, if legal, will send out legal information and give server end 1; Otherwise, the failure of notice client 2 certification works;
Be plugged on the change sign indicating number safety device 3 on the client 2 computer USB interface, be automatically scrolling to new authentication code after device 5 reads being transferred by client;
Server-side certificate device 4 after the authentication legal information, by be plugged on client 2 computer USB interface on the verify data storage device bind mutually of the change sign indicating number safety device 37 new authentication code of generations that rolls;
The new authentication code that is plugged on change sign indicating number safety device 3 generations on the client 2 computer USB interface is identical with the new authentication code that server-side certificate device 4 produces after the authentication legal information, can normally land network;
Comprise single-chip microcomputer, USB driving arrangement hardware (as shown in Figure 2) in the wherein said change sign indicating number safety device 3 that is plugged on the client 2 computer USB interface, its hardware designs is that a single-chip microcomputer that has USB interface is main, all read-writes and cryptographic calculation are all finished at chip internal, have very high degree of safety.When secret key is inserted on the client PC, receives that the authentication code that can encrypt after the authentication request that client-side program sends send to client-side program, and upgrade it and have synchronization value among the EEPROM in the single-chip microcomputer.
As shown in Figure 3, client is transferred a kind of system level program that device is a subscriber computer, starts work simultaneously at the grid client terminal start-up, stops when closing.Under the Windows system, it is a server program, visits the change sign indicating number safety device that is plugged on the client computer USB interface as requested and reads the purpose that becomes the sign indicating number safety device with realization.
As shown in Figure 4, the authenticate device of server end is the intrasystem general application program of embedded network server end, its effect is client to be passed the encrypted code of coming be read as authentication code, legitimacy and synchronism to authentication code are confirmed, and will confirm that the result is sent to server end, if confirm successfully also will upgrade the corresponding synchronous value in the storage server database.
In actual use secret key is inserted the computer USB interface, operating system detects a new external hardware device, logs on the related web site binding page, and client is transferred device and started, and confirms by the server-side certificate device; Make the intrinsic ID of account ID-password and secret key set up the user and land table.
Claims (6)
1, a kind of digital authentication method that improves network security is characterized in that: the system environments of described digital authentication method operation comprises server end (1), the client (2) of internet and is plugged on change sign indicating number safety device (3) on client (2) the computer USB interface; The realization of described digital authentication method is transferred device (5), is plugged on change sign indicating number safety device (3) on client (2) the computer USB interface, is become sign indicating number safety device (3) corresponding encrypting and decrypting program (6), server end (1) and a client (2) and be responsible for finishing by server-side certificate device (4), client; The user uses the mode of account ID-password to authenticate simultaneously the following authenticating step of the automated system operation that utilizes described digital authentication method to develop:
Server end (1) uses the account ID that account ID-requirement of password landing approach is imported according to the user, sends correspondence to client (2) in the intrinsic manufacturing ID of the permanent USB of server end registered in advance, account ID, the order of transferring cipher authentication;
Client (2) is transferred device (5) with client and is carried out communication, obtains the interior encrypted code of change sign indicating number safety device (3) that is plugged on client (2) the computer USB interface by becoming the corresponding encrypting and decrypting program (6) of sign indicating number safety device (3);
Downloading to client transfers this encrypted code of device (5) and is sent to server-side certificate device (4) by client (2) and server end (1);
Server-side certificate device (4) is decrypted, authenticates the encrypted code of receiving, if legal, will send out legal information and give server end (1); Otherwise, the failure of notice client (2) certification work;
Be plugged on the change sign indicating number safety device (3) on client (2) the computer USB interface, read the back and automatically produce new authentication code being transferred device (5) by client;
Server-side certificate device (4) after the authentication legal information, by be plugged on client (2) computer USB interface on the new authentication code of verify data storage device (7) generation bind mutually of change sign indicating number safety device (3);
The new authentication code that is plugged on change sign indicating number safety device (3) generation on client (2) the computer USB interface is identical with the new authentication code that server-side certificate device (4) produces after the authentication legal information, can normally land network;
Comprise single-chip microcomputer, USB driving arrangement hardware in the described change sign indicating number safety device (3) that is plugged on client (2) the computer USB interface.
2, the digital authentication method of raising network security according to claim 1 is characterized in that: described server-side certificate device (4) is for being independent of the application program in server end (1) the Web system.
3, the digital authentication method of raising network security according to claim 1 is characterized in that: described client is transferred device (5) for being embedded in the client (2).
4, the digital authentication method of raising network security according to claim 1 is characterized in that: the described corresponding driver of change sign indicating number safety device (3) that is plugged on client (2) the computer USB interface is suitable for the program of moving in windows2000, windowsXP, the windowsME operating system into using the C language compilation.
5, the digital authentication method of raising network security according to claim 1 is characterized in that: the cryptographic algorithm in the described change sign indicating number safety device (3) that is plugged on client (2) the computer USB interface adopts the cryptographic algorithm of solidifying in the hardware chip.
6, the digital authentication method of raising network security according to claim 1 is characterized in that: described change sign indicating number safety device (3) independent operating that is plugged on client (2) the computer USB interface is not stored any external information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100287684A CN101527706B (en) | 2008-06-13 | 2008-06-13 | Digital authentication method for improving network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100287684A CN101527706B (en) | 2008-06-13 | 2008-06-13 | Digital authentication method for improving network security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101527706A true CN101527706A (en) | 2009-09-09 |
| CN101527706B CN101527706B (en) | 2012-02-15 |
Family
ID=41095407
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100287684A Expired - Fee Related CN101527706B (en) | 2008-06-13 | 2008-06-13 | Digital authentication method for improving network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101527706B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
| CN104283674A (en) * | 2014-10-27 | 2015-01-14 | 北海市蕴芯电子科技有限公司 | TTF RFID with both rolling code and secret key encrypted |
| CN104751539A (en) * | 2013-12-27 | 2015-07-01 | 中国移动通信集团公司 | Keyless entry system certification method, device and keyless entry certification system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064595B (en) * | 2006-04-27 | 2011-07-27 | 联想(北京)有限公司 | Computer network safe input authentication system and method |
| CN100561916C (en) * | 2006-12-28 | 2009-11-18 | 北京飞天诚信科技有限公司 | A kind of method and system that upgrades authenticate key |
| CN101075874B (en) * | 2007-06-28 | 2010-06-02 | 腾讯科技(深圳)有限公司 | Certifying method and system |
-
2008
- 2008-06-13 CN CN2008100287684A patent/CN101527706B/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291391A (en) * | 2011-07-21 | 2011-12-21 | 西安百盛信息技术有限公司 | Safe transmission method for data in cloud service platform |
| CN104751539A (en) * | 2013-12-27 | 2015-07-01 | 中国移动通信集团公司 | Keyless entry system certification method, device and keyless entry certification system |
| CN104283674A (en) * | 2014-10-27 | 2015-01-14 | 北海市蕴芯电子科技有限公司 | TTF RFID with both rolling code and secret key encrypted |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101527706B (en) | 2012-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040067B (en) | Physical unclonable technology PUF-based user authentication device and authentication method | |
| CN107302539B (en) | Electronic identity registration and authentication login method and system | |
| CN101005361B (en) | Server and software protection method and system | |
| EP2442204B1 (en) | System and method for privilege delegation and control | |
| US7281128B2 (en) | One pass security | |
| CN108259437B (en) | HTTP access method, HTTP server and system | |
| CN101212293B (en) | Identity authentication method and system | |
| CN101741860B (en) | Computer remote security control method | |
| US20090158033A1 (en) | Method and apparatus for performing secure communication using one time password | |
| CN102223364A (en) | Method and system for accessing e-book data | |
| CN110808991B (en) | Method, system, electronic device and storage medium for secure communication connection | |
| CN1268157C (en) | A handset used for dynamic identity authentication | |
| CN102013982A (en) | Long-distance encryption method and device, management method and device, as well as encryption management method and device | |
| CN109936552A (en) | A kind of cipher key authentication method, server and system | |
| CN102025503A (en) | Data security implementation method in cluster environment and high-security cluster | |
| CN101908964B (en) | Method for authenticating remote virtual cryptographic equipment | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN111884811A (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN103428172A (en) | Method for safely storing information and method for safely reading information | |
| CN101527706B (en) | Digital authentication method for improving network security | |
| US20090319778A1 (en) | User authentication system and method without password | |
| CN114697113B (en) | Multiparty privacy calculation method, device and system based on hardware accelerator card | |
| WO2011029719A1 (en) | Method for ciphering messages exchanged between two entities | |
| EP2051469A1 (en) | Delegation of authentication | |
| CN112422289B (en) | Method and system for offline security distribution of digital certificate of NB-IoT (NB-IoT) terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120215 Termination date: 20150613 |
|
| EXPY | Termination of patent right or utility model |