CN103841097A - Safe NAS authentication method based on digital certificate - Google Patents
Safe NAS authentication method based on digital certificate Download PDFInfo
- Publication number
- CN103841097A CN103841097A CN201310529355.5A CN201310529355A CN103841097A CN 103841097 A CN103841097 A CN 103841097A CN 201310529355 A CN201310529355 A CN 201310529355A CN 103841097 A CN103841097 A CN 103841097A
- Authority
- CN
- China
- Prior art keywords
- nas
- digital certificate
- user
- activex
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of NAS electronic file safety management and NAS safety enhancement, and particularly relates to a safe NAS authentication method based on a digital certificate. The method enhances safety of accessing an NAS system, a user can log in the NAS system only by inserting a USBKEY and inputting correct pin codes, accessing of the electronic files of the NAS system of the user is protected effectively, and insecurity factors of user passwords in a traditional access mode are prevented. The safe NAS authentication method based on the digital certificate has the advantages that the USBKEY digital certificate is adopted to carry out user identification and file access control of the safety enhanced NAS system, the method is applied to an authentication process of a safety management system of the NAS electronic files, the NAS system can support USBKEY digital certificate identification under the conditions that a client side does not need to be installed, the safety of the NAS system is enhanced, and the risks of password leakage or compromise under the mode of a user name and the passwords are removed.
Description
Technical field
The invention belongs to the management of a kind of NAS (network attached storage, Network Attached Storage) safety of electronic file and NAS and strengthen safely technical field, be specifically related to a kind of safe NAS authentication method based on digital certificate.
Background technology
NAS is a kind of network file share service device, uses standard C IFS agreement to carry out file transfer, can upload for user provides file, downloads, and the function such as shares, and is widely used in industry-by-industry and enterprise, for user carries out the backup of file and share providing convenience.The authentication mode of nas server is generally to be undertaken by the user name and password mode, even can anonymous login, but can not directly support USBKEY digital certificate to authenticate and log in, and hidden danger has been buried in this fail safe for file-sharing.
Information System Security and the network information system that file security protection is had relatively high expectations, different files is divided into different protection class according to degree of protection, as: non-close, inner, secret, secret etc.In Information System Security, need a large amount of file-sharings, but can only solve by nas server, and the authentication mode of nas server itself dangerous, easily be stolen password or by illegal user assume another's name access, therefore, need to design a kind of authentication method of nas server, provide the safety based on digital certificate to strengthen authentication mode.
ActiveX is a kind of control that IE supports, webpage development personnel can, by writing activeX control and being embedded in webpage, complete some operations that need to authorize to client.
USBKEY authentication is the identification authentication mode of current main flow, because adopt hardware and software combination, more traditional user name+password authentication mode has higher fail safe.
Summary of the invention
The object of this invention is to provide a kind of safe NAS authentication method based on digital certificate; the method has strengthened the fail safe of NAS system access; user could login NAS when only having the USBKEY of insertion and inputting correct pin code; effectively protect the access of user NAS system electronic file, prevented the unsafe factor of user password in traditional access mode.
The present invention is achieved in that a kind of safe NAS authentication method based on based on digital certificate, and it comprises the following steps:
Step 1: when user accesses nas server, USBKEY is inserted client computer by user, and login the web login interface of nas server, input correct pin code, browser calls the digital certificate in the USBKEY that obtains user, and mail to CA and authenticate, after authentication is passed through, can page jump to the web page for connecting NAS;
Step 2: comprise an ActiveX control for connecting the web page of NAS, nas server generates dynamic password at random, and sends to ActiveX control by encryption channel, this dynamic password of ActiveX control buffer memory, ActiveX provides a function button, for connecting NAS;
Step 3: what user clicked ActiveX opens NAS function button, and ActiveX uses the dynamic password of buffer memory to connect NAS, and uses windows explorer to show the file on NAS;
The step 4:web page is provided with timeout value, reaches after the timeout value of setting when web page free time, and the page will cease to be in force automatically, and now uses ActiveX control that the disposal dynamic cipher of nas server is emptied.
Adopt digital certificate mode to login web, and utilize and in the page, embed ActiveX and come to obtain alternately dynamic password with nas server.
Come to connect with nas server by the mode of dynamic password.
In the time that the page is closed, ActiveX can empty dynamic password, and makes the Joint failure of nas server.
Advantage of the present invention is, the user identity that the authentication method that it provides adopts USBKEY digital certificate to carry out safety enhancing NAS system is differentiated and file access control, verification process by the method for NAS safety of electronic file management system, make NAS system in the situation that need not client being installed, support USBKEY digital certificate authentication, strengthen the fail safe of NAS system, eliminate the risk that under user name, password mode, password leaks or is cracked.
Embodiment
Below in conjunction with embodiment, the present invention is described in detail:
Hardware composition comprises: nas server, PC, NAS safety of electronic file management system.
NAS safety of electronic file management system adopts B/S pattern, adopts the mode of digital certificate authentication.
NAS safety of electronic file management system or NAS safety enhancing system are deployed between NAS storage and user PC with the form of middleware, authentication request all user is all undertaken by this system, and user authenticates the access of carrying out again NAS file after logging in WEB mode by browser.
Based on a safe NAS authentication method for digital certificate, comprise the following steps:
Step 1: when user accesses nas server, user first inserts client computer by USBKEY, and input correct pin code at WEB login interface, NAS Verification System based on digital certificate will be called the digital certificate in the USBKEY that obtains user by browser, and mail to CA (authentication center, for being responsible for the server of authentication certificate validity) authenticate, after authentication is passed through, native system generates disposable dynamic NAS login password for this user;
Step 2: comprise the ActiveX that opens nas server for user in the page, the effect of this control is to utilize the random disposal dynamic cipher generating of nas server to initiate NAS this password is cached to this locality, and the user who logins like this nas server just no longer needs to input password while opening nas server.Disposable dynamic password is the secure password with stronger complexity, password figure place and complexity all meet security requirements, send ActiveX by NAS Verification System server by ciphertext, user can not obtain and directly use this password, has guaranteed the fail safe of verification process.
Step 3: the page by page jump to login nas server, this page comprises one for opening the link of nas server, and user puts this link can access nas server.Also can visit nas server by the address of inputting nas server in the explorer of windows.
The step 4:web page is provided with timeout value, reaches the timeout value of setting when web page free time.
Claims (4)
1. the safe NAS authentication method based on based on digital certificate, is characterized in that: it comprises the following steps:
Step 1: when user accesses nas server, USBKEY is inserted client computer by user, and login the web login interface of nas server, input correct pin code, browser calls the digital certificate in the USBKEY that obtains user, and mail to CA and authenticate, after authentication is passed through, can page jump to the web page for connecting NAS:
Step 2: comprise an ActiveX control for connecting the web page of NAS, nas server generates dynamic password at random, and sends to ActiveX control by encryption channel, this dynamic password of ActiveX control buffer memory, ActiveX provides a function button, for connecting NAS;
Step 3: what user clicked ActiveX opens NAS function button, and ActiveX uses the dynamic password of buffer memory to connect NAS, and uses windows explorer to show the file on NAS;
The step 4:web page is provided with timeout value, reaches after the timeout value of setting when web page free time, and the page will cease to be in force automatically, and now uses ActiveX control that the disposal dynamic cipher of nas server is emptied.
2. a kind of safe NAS authentication method based on digital certificate according to claim 1, is characterized by: adopt digital certificate mode to login web, and utilize and in the page, embed ActiveX and come to obtain alternately dynamic password with nas server.
3. a kind of safe NAS authentication method based on digital certificate according to claim 2, is characterized by: come to connect with nas server by the mode of dynamic password.
4. a kind of safe NAS authentication method based on digital certificate according to claim 3, is characterized by: in the time that the page is closed, ActiveX can empty dynamic password, and makes the Joint failure of nas server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310529355.5A CN103841097B (en) | 2013-11-01 | 2013-11-01 | A kind of safe NAS authentication methods based on digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310529355.5A CN103841097B (en) | 2013-11-01 | 2013-11-01 | A kind of safe NAS authentication methods based on digital certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103841097A true CN103841097A (en) | 2014-06-04 |
| CN103841097B CN103841097B (en) | 2017-06-27 |
Family
ID=50804231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310529355.5A Active CN103841097B (en) | 2013-11-01 | 2013-11-01 | A kind of safe NAS authentication methods based on digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103841097B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104268449A (en) * | 2014-09-11 | 2015-01-07 | 武汉铁锚焊接材料股份有限公司 | Welding material powder formula borrowing method and system |
| CN105959286A (en) * | 2016-05-13 | 2016-09-21 | 浪潮集团有限公司 | Rapid identity authentication method based on certificate secret key caching |
| CN107113317A (en) * | 2015-02-05 | 2017-08-29 | 西部数据技术公司 | Safe streambuf on network-attached storage device |
| CN111159684A (en) * | 2019-12-31 | 2020-05-15 | 郑州信大捷安信息技术股份有限公司 | Safety protection system and method based on browser |
| CN114218552A (en) * | 2021-11-16 | 2022-03-22 | 成都智鑫易利科技有限公司 | Method for realizing uniform identity authentication of ultra-large user quantity by adopting service bus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040088985A (en) * | 2003-07-16 | 2004-10-20 | 이도용 | Automatic network connection device with usb key |
| CN101232422A (en) * | 2008-01-18 | 2008-07-30 | 北京交通大学 | Network storage system based on graticule technique |
| CN101459516A (en) * | 2009-02-20 | 2009-06-17 | 浙江工业大学 | Dynamic password safe login method |
-
2013
- 2013-11-01 CN CN201310529355.5A patent/CN103841097B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040088985A (en) * | 2003-07-16 | 2004-10-20 | 이도용 | Automatic network connection device with usb key |
| CN101232422A (en) * | 2008-01-18 | 2008-07-30 | 北京交通大学 | Network storage system based on graticule technique |
| CN101459516A (en) * | 2009-02-20 | 2009-06-17 | 浙江工业大学 | Dynamic password safe login method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104268449A (en) * | 2014-09-11 | 2015-01-07 | 武汉铁锚焊接材料股份有限公司 | Welding material powder formula borrowing method and system |
| CN104268449B (en) * | 2014-09-11 | 2018-03-16 | 武汉铁锚焊接材料股份有限公司 | A kind of welding material powder formulation borrows method and system |
| CN107113317A (en) * | 2015-02-05 | 2017-08-29 | 西部数据技术公司 | Safe streambuf on network-attached storage device |
| CN107113317B (en) * | 2015-02-05 | 2020-07-17 | 西部数据技术公司 | Secure streaming buffers on network attached storage devices |
| CN105959286A (en) * | 2016-05-13 | 2016-09-21 | 浪潮集团有限公司 | Rapid identity authentication method based on certificate secret key caching |
| CN111159684A (en) * | 2019-12-31 | 2020-05-15 | 郑州信大捷安信息技术股份有限公司 | Safety protection system and method based on browser |
| CN114218552A (en) * | 2021-11-16 | 2022-03-22 | 成都智鑫易利科技有限公司 | Method for realizing uniform identity authentication of ultra-large user quantity by adopting service bus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103841097B (en) | 2017-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2718237C2 (en) | Systems and methods for authenticating online user using secure authorization server | |
| CN105917630B (en) | Use single-sign-on bootstrapping to the redirection for checking agency | |
| CN104811455B (en) | A kind of cloud computing identity identifying method | |
| US10778668B2 (en) | HTTP session validation module | |
| CN104580184B (en) | Identity identifying method between mutual trust application system | |
| CN102685110B (en) | Universal method and system for user registration authentication based on fingerprint characteristics | |
| US20140282992A1 (en) | Systems and methods for securing the boot process of a device using credentials stored on an authentication token | |
| CN103595703A (en) | Linux safety file transmission system based on OpenSSL and Linux safety file transmission method based on OpenSSL | |
| CN103414562B (en) | User authority control method and device based on URL fingerprint techniques | |
| US20110320818A1 (en) | System and method for providing security in browser-based access to smart cards | |
| CN102469075A (en) | Integration authentication method based on WEB single sign on | |
| CN101527634B (en) | System and method for binding account information with certificates | |
| CN103841097A (en) | Safe NAS authentication method based on digital certificate | |
| CN102916970B (en) | Network-based PIN cache method | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN103067390A (en) | User registration authentication method and system based on facial features | |
| CN102868702B (en) | System login device and system login method | |
| TW200906131A (en) | System and method of mutual authentication with dynamic password | |
| CN107295024A (en) | It is a kind of to realize the method that web front end is landed safely and accessed | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| Tsai et al. | Trusted M-banking Verification Scheme based on a combination of OTP and Biometrics | |
| CN106411948A (en) | Json verification code-based security authentication interception method | |
| CN103902880A (en) | Windows system two-factor authentication method based on challenge responding type dynamic passwords | |
| CN109347831A (en) | A kind of double authentication safety access system and method based on UKey certification | |
| US20140250499A1 (en) | Password based security method, systems and devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |