CN104009858A - Multilevel verification system based on safety management - Google Patents
Multilevel verification system based on safety management Download PDFInfo
- Publication number
- CN104009858A CN104009858A CN201310059386.9A CN201310059386A CN104009858A CN 104009858 A CN104009858 A CN 104009858A CN 201310059386 A CN201310059386 A CN 201310059386A CN 104009858 A CN104009858 A CN 104009858A
- Authority
- CN
- China
- Prior art keywords
- password
- mac address
- safety management
- wireless data
- super code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a multilevel verification system based on safety management. The system comprises a core verification server, a wireless data transceiver device and a resolver. The core verification server is connected with a managed system. The wireless data transceiver device and the wireless data compiling resolver are connected with the core verification server which is used for realizing a verification flow and a rule mechanism. The compiling resolver is used for compiling and resolving of data information. The transceiver device is used for data transceiving between the verification system and a user terminal. By the scheme, multilevel protection mechanisms are integrated, preliminary verification can be supported and realized according to user's commonly-used MAC address and IP address, and multilevel password protection requirements of password protection are carried out by combining various modes of multilevel password setting, mobile phone binding, security question setting and the like.
Description
Technical field
The present invention relates to IT O&M field, relate in particular to a kind of multistage verification system based on safety management.
Background technology
Along with the high speed development of information age, in multiple industries such as finance, information, because its information has necessity of highly confidential property, imperative for the safety management of its password, all unauthorized personnel must not usurp other people password and carry out some unlawful activities.And the most common and the simplest method for managing security is to use password now, by the coupling of password being confirmed to user's legitimacy.Along with the scale of system constantly increases, the system management side including O&M service increases, and password is dangerous is ubiquitous hidden danger in network system.
Summary of the invention
The object of the present invention is to provide a kind of multistage verification system based on safety management; multi-stage protection mechanism is integrated in to one; can support, realize according to the conventional MAC Address of user, IP address and carry out preliminary identification, and in conjunction with multistage password is set, bind mobile phone, the various ways such as password protection problem are set carry out the multistage cryptoguard requirement of cryptoguard.
The present invention is achieved by the following scheme goal of the invention, based on the multistage verification system of safety management, include core authentication server, this system also includes: wireless data transceiving device and resolver, core authentication server is connected with the system of being managed, wireless data transceiving device, wireless data compiling resolver is connected with core authentication server, wherein core authentication server is in order to realize common login password, super code, binding designated mobile phone, the setting of password protection problem, management and storage, and realize and verify flow process and rule mechanism, wireless data compiling resolver is for compiling system command and the data message that meets transmission specification or resolve according to the preset rules of core authentication server, wireless data transceiving device is for the data transmit-receive between verification system and user terminal.
Further, the authentication mechanism of described core authentication server adopts following scheme, and its step comprises:
1) common login password, super code, binding designated mobile phone, password protection problem are set simultaneously;
2) verify common login password, correctly enter 3), otherwise block;
3) whether checking has logined more than seven days, if yes then enter the 6th) step, otherwise enter the 4th) step;
4) checking super code, needs again correctly to input super code, is proved to be successful and logins successfully and send in time note in the middle of default mobile phone, enters the 5th) step; Otherwise block;
5) wait for that user replys action, identification is replied and is moved and trigger default processing, user receives that note determines whether my login voluntarily, reply if not the short-message instruction of need being correlated with in 10 minutes, by force account number is logged off, recovered the illegal operation that account does, the logon rights that freezes account number;
6) whether checking is conventional MAC Address or the login of common IP address, if it is logins successfully, otherwise enters the 4th) step.
The above-mentioned authentication mechanism of core authentication server, in its step 1), each protected data complements each other, and integrating step 3) 4) 5) 6) in mac-address authentication, IP address validation and last mobile phone informing function, strengthen safety management from many aspects.In described step 5), in conjunction with the safe handling mode of note, utilize SMS to notify in time improper login situation, take a decision as to whether password according to actual conditions and reveal and cause, process in time and reveal the information security issue causing because of password.Freeze in time account number, allow information no longer continue to reveal.If need my when operation, only need to send relevant short-message instruction and carry out account number and thaw and reset password.Safe and efficient easy to operate, strengthen the safety management of information.
Further, described step 2) in common login password is verified, if continuous three authentication faileds will carry out freezing for one hour account number processing.In described step 4), super code is verified, if double authentication failed also will carry out freezing for one hour processing.And arrange and thaw in advance defaultly, sends by mobile phone be correlated with short-message instruction the common login password of resetting and thaw.Further strengthen the safety management of information.
Further, in described step 1), can set up following administrative mechanism to the setting of common login password, super code, binding designated mobile phone, password protection problem: super code seven days is without the common login password of can resetting in the situation of amendment record; Phone number without amendment record or seven days without carrying out ordinary password replacement by short-message instruction in the situation of amendment record; The replacement of phone number, super code, password protection problem any one, need to carry out verification of correctness and seven days situations without amendment record to other two, can reset.Can further strictly control amendment its data stolen by others, strengthen the safety management of information.
Adopt the multistage verification system based on safety management of this programme, realize multi-stage protection mechanism has been integrated in to one, the coordinating and unifying between each mechanism, also there is long-range Real-time Alarm function, can login successfully by common login password and super code, but can send on the mobile terminal that related personnel held with the mode very first time of note, and can support all kinds of mobile terminals with data transmit-receive function, I can log off its account number by relevant mobile phone short message instructions by force, recover the illegal operation that account does, freeze the operations such as the logon rights of account number, in improving class of security protection, make full use of the mobile communication technology of existing maturation, realize easily, with low cost.
Brief description of the drawings
Fig. 1 is system configuration schematic diagram of the present invention;
Fig. 2 is the setting procedure figure of common login password, super code, phone number, password protection problem;
Fig. 3 is system login checking flow chart.
Embodiment
As shown in Figure 1, based on the multistage verification system of safety management, include core authentication server 1, wireless data transceiving device 2 and wireless data compiling resolver 3, core authentication server 1 be managed system 6 and be connected, wireless data transceiving device 2, wireless data compiling resolver 3 is connected with core authentication server 1, wherein core authentication server 1 is in order to realize common login password, super code, binding designated mobile phone, the setting of password protection problem, management and storage, and realize and verify flow process and rule mechanism, wireless data compiling resolver 3 is for compiling system command and the data message that meets transmission specification or resolve according to the preset rules of core authentication server, the mobile terminal 7 that wireless data transceiving device 2 only has for verification system and user, it can be mobile phone, PDA, custom instruction transceiver etc., between data transmit-receive, for example, Wireless Data Transmission, can adopt wide band code division multiple access, overloading wavelength division multiplexing band spectrum modulation, the 3G (Third Generation) Moblie technology such as T TD SDMA access realize, correlation technique maturity is high, exploitation easily, wireless data transceiving device 2, wireless data compiling resolver 3 all has mature equipment support.
As shown in Figure 2, for core authentication server 1, the initial stage can arrange four cryptosecurity data such as common login password, super code, phone number, password protection problem.This four item numbers certificate complements each other in whole safety management, restriction, indispensable mutually, reaches the effect of the safety management of reinforcement information.In addition, in the time that account number is used same MAC Address normally to login more than seven days, it is up-to-date conventional MAC Address that system can record this MAC Address automatically, and system can be preserved three conventional MAC Address.In the time that account number is used same IP address normally to login more than seven days, it is up-to-date common IP address that system can record this IP address automatically, and system can be preserved two common IP addresses.
As shown in Figure 3; utilize the multistage password authentication mechanism in core authentication server 1; from common login password, whether login more than seven days, the multistage checking protection such as conventional MAC Address, common IP address, super code, SMS prompting, further reach the effect of the safety management of reinforcement information.Under normal circumstances, continuous three the typing mistakes of common login password, will freeze this account number one hour; The double typing mistake of super code, will freeze this account number one hour; Mobile phone instruction is replied and is logged off by force and freeze this account number.When account number is received while freezing, after user itself can reply the authentication of being correlated with by mobile phone instruction, the common login password of the resetting use of can thawing.In order to ensure the fail safe of password, system also can regularly point out user to revise common login password and super code, more humane, safer.
Multistage cipher processing method, each protected data of native system complement each other; and in conjunction with multiple authentication mechanism: mac-address authentication, IP address validation and last mobile phone informing function; from many aspects strengthen safety management: step 2) common login password is verified; if continuous three authentication faileds, will carry out freezing for one hour account number processing.In step 4), super code is verified, if double authentication failed also will carry out freezing for one hour processing.If think to thaw in advance, need to send relevant short-message instruction and the common login password of resetting thaws by mobile phone.The safety management of reinforcement information.In step 5), in conjunction with the safe handling mode of note, utilize SMS to notify in time improper login situation, take a decision as to whether password according to actual conditions and reveal and cause, process in time and reveal the information security issue causing because of password.Freeze in time account number, allow information no longer continue to reveal.If need my when operation, only need to send relevant short-message instruction and carry out account number and thaw and reset password.Safe and efficient easy to operate, strengthen the safety management of information.
In addition, native system is quite strict with the also control of resetting for the amendment of each data.Each data modification, only need to understand current data value and just can modify.Super code seven days is without the common login password of can resetting in the situation of amendment record; Phone number without amendment record or seven days without carrying out ordinary password replacement by short-message instruction in the situation of amendment record; The replacement of phone number, super code, password protection problem any one, need to carry out verification of correctness and seven days situations without amendment record to other two, can reset.Strict control amendment its data stolen by others, strengthens the safety management of information.
Claims (6)
1. the multistage verification system based on safety management, include core authentication server (1), it is characterized in that: this system also includes: wireless data transceiving device (2) and wireless data compiling resolver (3), core authentication server (1) is connected with the system of being managed, wireless data transceiving device (2), wireless data compiling resolver (3) is connected with core authentication server (1), wherein core authentication server (1) is in order to realize common login password, super code, binding designated mobile phone, the setting of password protection problem, management and storage, and realize and verify flow process and rule mechanism, wireless data compiling resolver (3) is for compiling system command and the data message that meets transmission specification or resolve according to the preset rules of core authentication server, wireless data transceiving device (2) is for the data transmit-receive between verification system and user terminal.
2. the multistage verification system based on safety management according to claim 1, is characterized in that: the authentication mechanism of described core authentication server adopts following scheme, comprises step:
1) common login password, super code, binding designated mobile phone, password protection problem are set simultaneously;
2) verify common login password, correctly enter 3), otherwise block;
3) whether checking has logined more than seven days, if yes then enter the 6th) step, otherwise enter the 4th) step;
4) checking super code, needs again correctly to input super code, is proved to be successful and logins successfully and send in time note in the middle of default mobile phone, enters the 5th) step; Otherwise block;
5) wait for that user replys action, identification is replied and is moved and trigger default processing, user receives that note determines whether my login voluntarily, reply if not the short-message instruction of need being correlated with in 10 minutes, by force account number is logged off, recovered the illegal operation that account does, the logon rights that freezes account number;
6) whether checking is conventional MAC Address or the login of common IP address, if it is logins successfully, otherwise enters the 4th) step.
3. the multistage verification system based on safety management according to claim 2, it is characterized in that: described super code, its effect is to carry out the whether correct note that also sends in time of secondary checking log-on message again to tell truth from falsehood, super code has the common login password authority of direct replacement, replacement super code, binding cell-phone number, password protection problem thrin, need guarantee wherein both correct and these both within seven days without any amendment, stronger cipher fail safe, amendment super code, binding cell-phone number, password protection problem thrin, need self correct beyond, also need one of other both checkings correct and seven days without amendment.
4. the multistage verification system based on safety management according to claim 2, it is characterized in that: described step 2) described in checking whether login seven days, its objective is and guarantee whether current account number is new account or is hijack accounts, if logined more than seven days and without abnormal operation in same MAC Address or same IP, system can be arranged to up-to-date conventional MAC Address or up-to-date common IP address by its MAC Address or IP address automatically.
5. the multistage verification system based on safety management according to claim 2, it is characterized in that: described step 4) and 5) described in short message prompt and message reply function, when oneself common login password and super code while illegally being stolen, user can receive short breath prompting in the very first time, judge whether to be stolen according to short message prompt information, if be stolen, user can send relevant command for stopping note, carries out account number terminating operation.
6. the multistage verification system based on safety management according to claim 2, it is characterized in that: the up-to-date conventional MAC Address described in step 6), in the time that account number is used same MAC Address normally to login more than seven days, it is up-to-date conventional MAC Address that system can record this MAC Address automatically, and system can be preserved three conventional MAC Address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310059386.9A CN104009858A (en) | 2013-02-26 | 2013-02-26 | Multilevel verification system based on safety management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310059386.9A CN104009858A (en) | 2013-02-26 | 2013-02-26 | Multilevel verification system based on safety management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104009858A true CN104009858A (en) | 2014-08-27 |
Family
ID=51370354
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310059386.9A Pending CN104009858A (en) | 2013-02-26 | 2013-02-26 | Multilevel verification system based on safety management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104009858A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161463A (en) * | 2016-08-30 | 2016-11-23 | 江苏名通信息科技有限公司 | A kind of online game account login method |
| WO2017031733A1 (en) * | 2015-08-26 | 2017-03-02 | 张焰焰 | Method and mobile terminal for indicating information after authenticating account login via gesture and fingerprint |
| WO2017031654A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for indicating information after authenticating account login via gesture and number information |
| WO2017031705A1 (en) * | 2015-08-25 | 2017-03-02 | 张焰焰 | Method and mobile terminal for authenticating account login via gesture and fingerprint |
| WO2017031655A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for logging in to account with three-factor authentication |
| WO2017031656A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for pushing information indication upon three-factor authentication of account login |
| WO2017031653A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for authenticating account login via gesture and number information |
| CN108965294A (en) * | 2018-07-16 | 2018-12-07 | 安徽信尔联信息科技有限公司 | A kind of user name and cipher protection system |
| CN112448913A (en) * | 2019-08-28 | 2021-03-05 | 华东师范大学 | Identity authentication and file encryption transmission system and method based on TCPIP |
| CN113448275A (en) * | 2021-07-30 | 2021-09-28 | 重庆市农业科学院 | Embedded control greenhouse control system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1592194A1 (en) * | 2004-04-30 | 2005-11-02 | Research In Motion Limited | Wireless communication device with duress password protection and related method |
| CN1983291A (en) * | 2005-12-16 | 2007-06-20 | 联想(北京)有限公司 | Method and system for centrally managing code to enterprise hard disk |
| CN101064535A (en) * | 2007-04-12 | 2007-10-31 | 复旦大学 | Intelligent authentication method and system based on close range wireless communication handset |
| CN101192927A (en) * | 2006-11-28 | 2008-06-04 | 中兴通讯股份有限公司 | Authorization based on identity confidentiality and multiple authentication method |
| CN102568041A (en) * | 2010-12-10 | 2012-07-11 | 洪煌炳 | Automatic bill output method |
-
2013
- 2013-02-26 CN CN201310059386.9A patent/CN104009858A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1592194A1 (en) * | 2004-04-30 | 2005-11-02 | Research In Motion Limited | Wireless communication device with duress password protection and related method |
| CN1983291A (en) * | 2005-12-16 | 2007-06-20 | 联想(北京)有限公司 | Method and system for centrally managing code to enterprise hard disk |
| CN101192927A (en) * | 2006-11-28 | 2008-06-04 | 中兴通讯股份有限公司 | Authorization based on identity confidentiality and multiple authentication method |
| CN101064535A (en) * | 2007-04-12 | 2007-10-31 | 复旦大学 | Intelligent authentication method and system based on close range wireless communication handset |
| CN102568041A (en) * | 2010-12-10 | 2012-07-11 | 洪煌炳 | Automatic bill output method |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017031654A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for indicating information after authenticating account login via gesture and number information |
| WO2017031655A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for logging in to account with three-factor authentication |
| WO2017031656A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for pushing information indication upon three-factor authentication of account login |
| WO2017031653A1 (en) * | 2015-08-22 | 2017-03-02 | 张焰焰 | Method and mobile terminal for authenticating account login via gesture and number information |
| WO2017031705A1 (en) * | 2015-08-25 | 2017-03-02 | 张焰焰 | Method and mobile terminal for authenticating account login via gesture and fingerprint |
| WO2017031733A1 (en) * | 2015-08-26 | 2017-03-02 | 张焰焰 | Method and mobile terminal for indicating information after authenticating account login via gesture and fingerprint |
| CN106161463A (en) * | 2016-08-30 | 2016-11-23 | 江苏名通信息科技有限公司 | A kind of online game account login method |
| CN108965294A (en) * | 2018-07-16 | 2018-12-07 | 安徽信尔联信息科技有限公司 | A kind of user name and cipher protection system |
| CN112448913A (en) * | 2019-08-28 | 2021-03-05 | 华东师范大学 | Identity authentication and file encryption transmission system and method based on TCPIP |
| CN113448275A (en) * | 2021-07-30 | 2021-09-28 | 重庆市农业科学院 | Embedded control greenhouse control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104009858A (en) | Multilevel verification system based on safety management | |
| CN104009844A (en) | Multilevel password processing method based on safety management | |
| CN101742499B (en) | Account number protection system for mobile communication equipment terminal and application method thereof | |
| US11836743B2 (en) | Systems and methods for securing communication data and property using blockchain | |
| CN109088866B (en) | Multi-cloud platform unified identity authentication method and device based on alliance chain | |
| CN102377756B (en) | Service access method and system, authentication method and system, client and authentication server | |
| EP2887576A1 (en) | Software key updating method and device | |
| CN102124469A (en) | Method for securely communicating information about the location of a compromised computing device | |
| CN102801717B (en) | Login validation method and system | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| CN105577662A (en) | Terminal environmental security control method and server | |
| CN110727938B (en) | Configuration method and device of intelligent equipment, electronic equipment and storage medium | |
| CN103780580A (en) | Method, server and system for providing capability access strategy | |
| CN103686651A (en) | Emergency call based authentication method, device and system | |
| CN102333068B (en) | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method | |
| CN106027467A (en) | Identity card reading response system | |
| CN104112223A (en) | offline billing method based on security key | |
| WO2009071735A1 (en) | Management of mobile station | |
| CN104125223A (en) | Security defending system for private data of mobile device | |
| CN104348804A (en) | Offline automatic service locking method, apparatus and system | |
| CN105635090B (en) | System access method, system access mechanism and terminal | |
| CN108229193B (en) | Wearing device terminal information encryption method, encrypted data early warning device and wearing device terminal | |
| CN103188656B (en) | A kind of information protecting method of mobile communication terminal and system | |
| CN106027477A (en) | Identity card reading response method | |
| CN108574657B (en) | Server access method, device and system, computing equipment and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140827 |