CN102025497A - Multiple website login system and method thereof by verifying client key - Google Patents
Multiple website login system and method thereof by verifying client key Download PDFInfo
- Publication number
- CN102025497A CN102025497A CN2009101783120A CN200910178312A CN102025497A CN 102025497 A CN102025497 A CN 102025497A CN 2009101783120 A CN2009101783120 A CN 2009101783120A CN 200910178312 A CN200910178312 A CN 200910178312A CN 102025497 A CN102025497 A CN 102025497A
- Authority
- CN
- China
- Prior art keywords
- client
- key
- server
- information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000013475 authorization Methods 0.000 claims description 45
- 235000012364 Peperomia pellucida Nutrition 0.000 claims description 3
- 240000007711 Peperomia pellucida Species 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 6
- 235000015895 biscuits Nutrition 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000007812 deficiency Effects 0.000 description 3
- 235000014510 cooky Nutrition 0.000 description 2
- 230000010354 integration Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
A system and a method for logging in multiple websites by verifying a client secret key are disclosed, wherein the client secret key is given to a client when the client logs in a first server, and when the client logs in a second server by using the secret key, the second server verifies the client secret key to log in, thereby achieving the technical effects of simplifying the logging operation of the multiple websites and having the logging security.
Description
Technical field
The present invention relates to a kind of multiple website accessing system and method thereof, especially refer to that a kind of client is when first server-side is logined, give client key, and when client used key to login second server-side, the second server-side checking client key carried out multiple website accessing system and method thereof.
Background technology
When the user browses a website, often when the Premium Features of wanting to use the website to provide, the action that the website can need the user to login could allow the user use Premium Features, and the user login the website before need the website registered after, again by logining the program of website, the Premium Features that the user could use the website to provide.
Yet, this also produces corresponding problem, promptly the information of logining of each website is all set when different as the user, be that user's title of setting up on their own of user and user's password are all set when different, the user might forget the information of logining that set originally, can't login the website and cause, and when logining different websites, information is logined in the input that needs the user to repeat, and causes the unhandy problem of user.
In addition, the website has the mode that provides with network biscuit (cookie) that user's the information of logining that sets is carried out record, problem with the information of logining avoiding the user to forget setting originally, but because the network biscuit provides and logins function easily, therefore for just seeming not enough on the internet security, when the network biscuit is stolen, the information of logining that the user sets will be stolen in the lump, the network biscuit that is stolen promptly comprises user's the information of logining, and then causes the leak of safety in utilization.
In sum, prior art has existed multiple website to login the problem that the fail safe deficiency is logined in operation inconvenience and website always since the midium or long term as can be known, therefore is necessary to propose improved technological means, solves this problem.
Summary of the invention
Because prior art exists multiple website to login the problem that the fail safe deficiency is logined in operation inconvenience and website, the present invention provides a kind of then and carries out multiple website accessing system and method thereof by the checking client key, wherein:
Provided by the present inventionly carry out multiple website accessing system by the checking client key, it comprises: client, first server-side and second server-side; Client more comprises: receiver module and delivery module; First server-side more comprises: first receiver module, generation module and first delivery module; Second server-side more comprises: second receiver module, deciphering module, authentication module, read module and second delivery module.
The receiver module of client is logined information and key in order to reception; The delivery module of client is logined information and key in order to transmission; First receiver module of first server-side receives the information of logining from the delivery module of client; The generation module of first server-side generates key and authorization information according to logining information; First delivery module of first server-side transmits the delivery module of key to client, and transmits authorization information; Second receiver module of second server-side receives key from the delivery module of client, and from the first delivery module Receipt Validation information of first server-side; The deciphering module of second server-side is decrypted to logining information key; The authentication module of second server-side is verified logining information according to authorization information; When the read module of second server-side confirms that key is not modified, obtain the corresponding client client information according to logining information; Second delivery module of second server-side transmits the delivery module of client-side information to client.
Provided by the present inventionly carry out multiple website accessing method by the checking client key, it comprises the following step:
At first, client receives the information of logining; Then, client transmits and logins information to the first server-side; Then, first server-side generates key and authorization information according to logining information; Then, first server-side transmits key to client; Then, first server-side transmits authorization information to the second server-side; Then, client transmits key to the second server-side; Then, second server-side is decrypted to logining information key; Then, second server-side is verified logining information according to authorization information; Then, when confirming that key is not modified, obtain the corresponding client client information according to logining information; At last, second server-side returns client-side information to client.
System and method for provided by the present invention as above, and the difference between the prior art is that client of the present invention is when logining first server-side for the first time, first server-side generates and corresponding key of client and authorization information, first server-side returns key to client, and first server-side authorization information is sent to second server-side, when client uses key to login second server-side, second server-side is verified the key of client according to authorization information, when checking is errorless, then client can be logined in second server-side, second server-side also returns client-side information to client, can reach the multiple server-side of logining whereby, and have the effect of logining fail safe concurrently.
By above-mentioned technological means, the present invention can reach the multiple website of simplification and login operation and have the technology effect of logining fail safe concurrently.
Description of drawings
Figure 1 shows that the present invention carries out multiple website accessing system calcspar by the checking client key.
Figure 2 shows that the present invention carries out multiple website by the checking client key and logins server-side apparatus system configuration diagram.
Figure 3 shows that the present invention carries out multiple website accessing method flow chart by the checking client key.
Figure 4 shows that the present invention carries out multiple website by the checking client key and logins the data transmission architecture schematic diagram.
[main element symbol description]
10 clients
11 receiver modules
12 delivery modules
20 first server-sides
21 first receiver modules
22 generation modules
23 first delivery modules
30 second server-sides
31 second receiver modules
32 deciphering modules
33 authentication modules
34 read modules
35 second delivery modules
40 server-sides
41 servo receiver modules
42 generation modules
43 deciphering modules
44 authentication modules
45 read modules
46 servo delivery modules
51 login information
52 keys
53 authorization informations
54 client-side informations
55 Internet Protocol addresss
Embodiment
Below will cooperate graphic and embodiment describes embodiments of the present invention in detail, whereby to the present invention how the application technology means implementation procedure that solves technical problem and reach the technology effect can fully understand and implement according to this.
Below at first to illustrate and provided by the present inventionly carry out multiple website accessing system, and please refer to shown in Figure 1ly, Figure 1 shows that the present invention carries out multiple website accessing system calcspar by the checking client key by the checking client key.
Provided by the present inventionly carry out multiple website accessing system by the checking client key, it comprises: client 10, first server-side 20 and second server-side 30; Client 10 more comprises: receiver module 11 and delivery module 12; First server-side 20 more comprises: first receiver module 21, generation module 22 and first delivery module 23; Second server-side 30 more comprises: second receiver module 31, deciphering module 32, authentication module 33, read module 34 and second delivery module 35.
When the user carried out logining the first time in first server-side 20, at first input and first server-side, 20 corresponding user's title and user's passwords in user's interface of client 10 of user was to carry out the program of logining of first server-side 20.
Then, client 10 can be again delivery module 12 by client 10 the receiver module 11 received information of logining of client 10 are sent to first server-side 20, promptly client 10 can be sent to first server-side 20 with user's title, user's password, Internet Protocol address (IP address) and system time.
20 information of logining that can be transmitted of first server-side by the delivery module 12 that first receiver module 21 receives client 10, and carry out the program of logining of first server-side 20, since this part to login program same as the prior art, no longer give unnecessary details at this, client 10 promptly can be logined in first server-side 20.
Then, first server-side 20 can generate key and authorization information by generation module 22 according to logining information again, promptly can generate and client 10 corresponding key and authorization informations by user's title, user's password, Internet Protocol address (IP address) and the system time of logining information, at this only for illustrating it, do not limit to application category of the present invention, in fact can generate key and authorization information according to the different information of logining with this.
Key that the generation module 22 of first server-side 20 is generated and authorization information more can be set a valid expiration date (for example: one month or a week), and when the valid expiration date of key and authorization information arrived, key and authorization information can be deleted automatically.
Above-mentioned key is one group 32 or 64 s' a character set, 32 of this groups or 64 s' character set credit union determines according to the encryption technology that adopts, and, the Internet Protocol address (IP address) of the information of logining generated because key comprises, therefore, the generation module 22 of first server-side 20 generate each client 10 key for to encrypt and unique data, and key is man-to-man relation with client 10 also.
Then, can be again first delivery module 23 by first server-side 20 key and the authorization information that respectively the generation module 22 of first server-side 20 are generated be sent to the client 10 and second server-side 30, promptly first delivery module 23 of first server-side 20 key that the generation module 22 of first server-side 20 can be generated is sent to client 10, and the authorization information that first delivery module 23 of first server-side 20 can be generated the generation module 22 of first server-side 20 is sent to second server-side 30.
It should be noted that in client 10 and can't user's the information of logining be carried out record, so as to avoiding using the leak of the fail safe that the network biscuit caused by the mode of network biscuit (cookie).
When client 10 need be logined second server-side 30, because client 10 receives key from first delivery module 23 of first server-side 20, therefore, client 10 can preferentially be carried out logining of second server-side 30 with key, promptly the delivery module 12 by client 10 is sent to 30 of second server-side, 30, the second server-sides with key and can receives the key that clients 10 are transmitted by second receiver module 31.
After second receiver module 31 of second server-side 30 receives the key that the delivery module 12 of client 10 transmitted, then can key be decrypted by the deciphering module 32 of second server-side 30 and be reduced to restore information, restore information includes information such as user's title, user's password, Internet Protocol address and system time.
Then, the authorization information that received according to second receiver module 31 of second server-side 30 of authentication module by second server-side 30 33 again, the restore information that the deciphering module 32 of second server-side 30 is reduced is verified, whether the information such as user's title, user's password, Internet Protocol address and system time that are restore information are identical with the information such as user's title, user's password, Internet Protocol address and system time of authorization information, and whether the key that delivery module 12 that promptly can checking client 10 is transmitted was modified.
When the authentication module 33 of second server-side 30 confirms that key is not modified, promptly can confirm the identity of client 10 this moment, client 10 is promptly logined in second server-side 30, and can obtain the corresponding client client information by the read module 34 of second server-side 30 according to restore information again, and second delivery module 35 by second server-side 30 is back to client 10 with the read module 34 obtained client-side informations of second server-side 30.
By above-mentioned technological means, client 10 can use key to carry out the program of logining of second server-side 30, promptly can reach client 10 and carry out the purpose that multiple website is logined.
In addition, second receiver module 31 of second server-side 30 more can receive the Internet Protocol address of client 10 from client 10, and carry out authorization information when restore information is verified at the authentication module 33 of second server-side 30, more can verify restore information, promptly can limit key and client 10 one to one and unique characteristic according to the Internet Protocol address of client 10.
In fact, first server-side 20 and second server-side 30 can exchange mutually, and be integrated in the same device and operate, and please also refer to Fig. 1 and shown in Figure 2, Figure 2 shows that the present invention carries out multiple website by the checking client key and logins server-side apparatus system configuration diagram.
Device after first server- side 20 and 30 integration of second server-side is being illustrated that as shown in Figure 2, promptly server-side 40 includes servo receiver module 41, generation module 42, deciphering module 43, authentication module 44, read module 45 and servo delivery module 46.
The function of the servo receiver module 41 of server-side 40 can comprise the function of second receiver module 31 of first receiver module 21 of first server-side 20 and second server-side 30 simultaneously; And the function of the generation module 42 of server-side 40 can be thought the function of the generation module 22 of first server-side 20; And the function of the deciphering module 43 of server-side 40 can be thought the function of the deciphering module 32 of second server-side 30; And the function of the authentication module 44 of server-side 40 can be thought the function of the authentication module 33 of second server-side 30; And the read module 45 of server-side 40 can be thought the read module 34 of second server-side 30; And the function of the servo delivery module 46 of server-side 40 can comprise the function of second delivery module 35 of first delivery module 23 of first server-side 20 and second server-side 30 simultaneously.
Function for server-side 40 each functional modules please refer to corresponding first server-side 20 and second server-side, 30 functional modules, no longer gives unnecessary details at this.
Then, below will explain orally function mode of the present invention and flow process with an embodiment, following embodiment explanation will cooperate Fig. 3 and shown in Figure 4 describing, and Figure 3 shows that the present invention carries out multiple website accessing method flow chart by the checking client key; Figure 4 shows that the present invention carries out multiple website by the checking client key and logins the data transmission architecture schematic diagram.
When the user carries out logining the first time in first server-side 20, at first input and first server-side, the 20 registration corresponding user's title of message and user's passwords in user's interface of client 10 of user, receiver module 11 by client 10 receives user's title and user's password (step 110), and receive the Internet Protocol address (IP address) of client 10 and the system time of client 10 simultaneously, user's title, user's password, Internet Protocol address (IP address) and system time are the information of logining 51.
Then, client 10 will be logined information 51 by the delivery module 12 of client 10 and be sent to first server-side 20 (step 120), and carry out the program of logining of first server-side 20, and client 10 promptly can be logined in first server-side 20.
Then, first server-side 20 generates key 52 and authorization information 53 (step 130) by generation module 22 according to the information of logining, and promptly generates and client 10 corresponding key 52 and authorization informations 53 by user's title, user's password, Internet Protocol address (IP address) and the system time of logining information.
Then, the key 52 and the authorization information 53 that respectively the generation module 22 of first server-side 20 are generated of first delivery module 23 by first server-side 20 is sent to the client 10 and second server-side 30 again, promptly first delivery module 23 of first server-side 20 key 52 that the generation module 22 of first server-side 20 can be generated is sent to client 10 (step 140), and the authorization information 53 that first delivery module 23 of first server-side 20 can be generated the generation module 22 of first server-side 20 is sent to second server-side 30 (step 150).
When client 10 need be logined second server-side 30, because client 10 has obtained the key 52 that first server-side 20 is generated, therefore, client 10 can preferentially be carried out logining of second server-side 30 with key 52, promptly the delivery module 12 by client 10 is sent to second server-side 30 (step 160) with key 52, and, second receiver module 31 of second server-side 30 also can receive the authorization information (step 150) that first delivery module 23 of first server-side 20 is transmitted except the key that the delivery module 12 that receives client 10 is transmitted.
Then, at deciphering module 32 key 52 is decrypted and is reduced to restore information (step 170) by second server-side 30, restore information includes user's title, user's password, information such as Internet Protocol address and system time, and carry out the checking (step 180) of restore information according to authorization information 53 by the authentication module 33 of second server-side 30, it is user's title of restore information, user's password, information such as Internet Protocol address and system time whether with user's title of authorization information 53, user's password, information such as Internet Protocol address and system time is identical, and whether the key 52 that delivery module 12 that promptly can checking client 10 is transmitted was modified.
In addition, second receiver module 31 of second server-side 30 more can receive the Internet Protocol address 55 (step 210) of client 10 from client 10, and when the authentication module 33 of second server-side 30 carries out 53 pairs of restore information checkings of authorization information, more can be according to 55 pairs of restore informations checkings of the Internet Protocol address of client 10 (step 220), promptly can limit key 52 and client 10 one to one and unique characteristic.
When the authentication module 33 of second server-side 30 confirms that key is not modified, promptly can confirm the identity of client 10 this moment, client 10 is promptly logined in second server-side 30, and can obtain corresponding client client information 54 (step 190) by the read module 34 of second server-side 30 according to restore information again, and second delivery module 35 by second server-side 30 is back to client 10 (step 200) with the read module 34 obtained client-side informations 54 of second server-side 30.
By above-mentioned technological means, client 10 can use key 52 to carry out the program of logining of second server-side 30, promptly can reach client 10 and carry out the purpose that multiple website is logined.
In sum, difference between the present invention and the prior art is that client of the present invention is when logining first server-side for the first time as can be known, first server-side generates and corresponding key of client and authorization information, first server-side returns key to client, and first server-side authorization information is sent to second server-side, when client uses key to login second server-side, second server-side is verified the key of client according to authorization information, when checking is errorless, then client can be logined in second server-side, second server-side also returns client-side information to client, can reach the multiple server-side of logining whereby, and have the effect of logining fail safe concurrently.
Can solve the existing multiple website of prior art by this technological means and login operation inconvenience and website and login the problem of fail safe deficiency, and then reach and simplify multiple website and login operation and have the technology effect of logining fail safe concurrently.
Though execution mode provided by the present invention as above, yet described content is not in order to direct qualification scope of patent protection of the present invention.Any the technical staff in the technical field of the invention under the prerequisite that does not break away from spirit and scope provided by the present invention, can do a little change what implement in form and on the details.Scope of patent protection of the present invention still must be as the criterion with the appended scope that claim was defined.
Claims (10)
1. one kind is carried out multiple website accessing system by the checking client key, and it comprises:
One client more comprises:
One receiver module is logined an information and a key in order to receive one; And
One delivery module is logined information and this key in order to transmit this;
One first server-side more comprises:
One first receiver module, this delivery module receives this and logins information certainly;
One generates module, logins information according to this and generates this key and an authorization information; And
One first delivery module transmits this key to this delivery module, and transmits this authorization information; And
One second server-side more comprises:
One second receiver module, this delivery module receives this key certainly, and this first delivery module receives this authorization information certainly;
One deciphering module, it is a restore information that this key is decrypted;
One authentication module is verified this restore information according to this authorization information;
One read module when confirming that this key is not modified, is obtained a corresponding client-side information according to this restore information; And
One second delivery module transmits this client-side information to this delivery module.
2. as claimed in claim 1ly carry out multiple website accessing system by the checking client key, wherein this is logined packets of information and contains user's title, user's password, an Internet Protocol address and a system time, and this generation module generates this key and this authorization information according to this user's title, this user's password, this Internet Protocol address and this system time.
3. as claimed in claim 1ly carry out the system that multiple website is logined by the checking client key, wherein this key and this client are man-to-man relation.
4. as claimed in claim 1ly carry out the system that multiple website is logined by the checking client key, wherein this client-side information only can carry out access by this key.
5. as claimed in claim 1ly carry out the system that multiple website is logined by the checking client key, wherein this second receiver module more comprises the Internet Protocol address that receives this client, and this authentication module more comprises to be logined information according to the Internet Protocol address of this authorization information and this client to this and verify.
6. one kind is carried out the method that multiple website is logined by the checking client key, and it comprises the following step:
One client receives one and logins information;
This client transmits this and logins information to one first server-side;
This first server-side is logined information according to this and is generated a key and an authorization information;
This first server-side transmits this key to this client;
This first server-side transmits this authorization information to one second server-side;
This client transmits this key to this second server-side;
It is a restore information that this second server-side is decrypted this key;
This second server-side is verified this restore information according to this authorization information;
When confirming that this key is not modified, login information according to this and obtain a corresponding client-side information; And
This second server-side returns this client-side information to this client.
7. as claimed in claim 6ly carry out the method that multiple website is logined by the checking client key, wherein this client receive that this step of logining information receives this this login packets of information and contain user's title, user's password, an Internet Protocol address and a system time, and this first server-side is logined the step system that information generates a key and an authorization information according to this and is generated this key and this authorization information according to this user's title, this user's password, this Internet Protocol address and this system time.
8. as claimed in claim 6ly carry out the method that multiple website is logined by the checking client key, wherein to login this key that step generated and this client that information generates this according to this be man-to-man relation to this first server-side.
9. as claimed in claim 6ly carry out the method that multiple website is logined by the checking client key, wherein this client-side information of obtaining the step of this client-side information that should key according to this authentication information of this second server-side only can carry out access by this key.
10. as claimed in claim 6ly carry out the method that multiple website is logined by the checking client key, wherein this method more comprises the following step:
This second server-side receives the Internet Protocol address of this client; And
This second server-side is logined information according to the Internet Protocol address of this authorization information and this client to this and is verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101783120A CN102025497A (en) | 2009-09-22 | 2009-09-22 | Multiple website login system and method thereof by verifying client key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101783120A CN102025497A (en) | 2009-09-22 | 2009-09-22 | Multiple website login system and method thereof by verifying client key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102025497A true CN102025497A (en) | 2011-04-20 |
Family
ID=43866397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101783120A Pending CN102025497A (en) | 2009-09-22 | 2009-09-22 | Multiple website login system and method thereof by verifying client key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102025497A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868732A (en) * | 2012-08-27 | 2013-01-09 | 北京小米科技有限责任公司 | Account password-based login implementation method, system and device |
| CN104980332A (en) * | 2014-04-14 | 2015-10-14 | 深圳市亚汇讯实业有限公司 | System and method for remote data management |
-
2009
- 2009-09-22 CN CN2009101783120A patent/CN102025497A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868732A (en) * | 2012-08-27 | 2013-01-09 | 北京小米科技有限责任公司 | Account password-based login implementation method, system and device |
| CN104980332A (en) * | 2014-04-14 | 2015-10-14 | 深圳市亚汇讯实业有限公司 | System and method for remote data management |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6105721B2 (en) | Start of corporate trigger type 2CHK association | |
| JP6012125B2 (en) | Enhanced 2CHK authentication security through inquiry-type transactions | |
| US9871791B2 (en) | Multi factor user authentication on multiple devices | |
| US10136315B2 (en) | Password-less authentication system, method and device | |
| US8532620B2 (en) | Trusted mobile device based security | |
| US9537861B2 (en) | Method of mutual verification between a client and a server | |
| US8607045B2 (en) | Tokencode exchanges for peripheral authentication | |
| US9444809B2 (en) | Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones™ | |
| EP2834729B1 (en) | Secure authentication in a multi-party system | |
| US8984295B2 (en) | Secure access to electronic devices | |
| CN101414909B (en) | Network application user authentication system, method and mobile communication terminal | |
| US8433914B1 (en) | Multi-channel transaction signing | |
| WO2016177052A1 (en) | User authentication method and apparatus | |
| EP2052485A2 (en) | Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords | |
| CN101651666A (en) | Method and device for identity authentication and single sign-on based on virtual private network | |
| WO2016068916A1 (en) | Active authentication session transfer | |
| CN102209046A (en) | Network resource integration system and method | |
| CN106230594B (en) | Method for user authentication based on dynamic password | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN103428077A (en) | Method and system for safely receiving and sending mails | |
| CN114208113B (en) | Method for accessing private key, first device, first server, second server and system | |
| WO2010090252A1 (en) | Account issuance system, account server, service server, and account issuance method | |
| CN102377731A (en) | Virtual private network system and network device thereof | |
| CN114697113B (en) | Multiparty privacy calculation method, device and system based on hardware accelerator card | |
| TW201328280A (en) | Instant communication identity authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110420 |