CN104239762A - Method for realizing secure login in Windows system - Google Patents
Method for realizing secure login in Windows system Download PDFInfo
- Publication number
- CN104239762A CN104239762A CN201410470534.0A CN201410470534A CN104239762A CN 104239762 A CN104239762 A CN 104239762A CN 201410470534 A CN201410470534 A CN 201410470534A CN 104239762 A CN104239762 A CN 104239762A
- Authority
- CN
- China
- Prior art keywords
- login
- user
- log
- windows
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012795 verification Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 2
- 230000001066 destructive effect Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 230000035943 smell Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a method for realizing secure login in a Windows system. The method comprises the following specific steps: I, setting an enhanced login program: setting or changing a secure login way by a user according to own situations, finishing user setting, and restarting an operating system, namely, logging in according to the login way newly set by the user; II, logging in an intervention dynamic library: calling through a Windows operating system login progress, performing intervention during logging in, performing login logical judgment in the dynamic library before ejection of a login session of the operating system, and making a choice according to a login judgment result. Compared with the prior art, the method for realizing secure login in the Windows system has the advantages that the login security risk of the operating system can be lowered through software, the system login security risk can be eliminated completely in a way of being in combination with hardware, and high practicability is realized.
Description
Technical field
The present invention relates to the security technique of operating system, specifically the implementation method of secure log under a kind of practical, Windows system.
Background technology
Along with the development of computer techno-stress technology and application, incident computer system security problem more and more causes the concern of people.Computer system, once wreck, will cause heavy economic losses to applying unit, and have a strong impact on carrying out smoothly of normal work.Strengthening computer system security work, is one of important process content of informatization work.
Along with the development of the new techniques such as cloud computing, large data, more and more higher to the security requirement of operating system user, especially carry the server OS of user's significant data and business procedure, and the cryptosecurity of the user most important thing especially.The injecting program that current various password smells spy instrument, input through keyboard oracle listener and operating system critical processes all becomes the favorite of hackers.Hacker can obtain or analyze the operating system login password of user easily by above-mentioned instrument, such as: the mimikatz instrument of flow process on network, the password of logged-in user can be obtained easily, so how effectively to ensure the safety that user logs in, although the password of user is illegally accessed, also be to enter operating system only by login password, thus carry out resource management.
Existing operating system is mainly based on windows operating system, which results in hacker to sign in easily on windows basis in others' computer, in order to reduce the security risks that operating system logs in, the implementation method of secure log under a kind of Windows system is now provided, the method, can the security risks of thorough resolution system login by the mode of software combined with hardware.
Summary of the invention
Technical assignment of the present invention is for above weak point, provides the implementation method of secure log under a kind of practical, Windows system.
An implementation method for secure log under Windows system, its specific implementation process is:
One, enhancement mode logging program is set: started voluntarily by user, after starting, the login mode of display user current setting, if user uses first time, did not also carry out setting, then show standard Windows login mode, and reminding user carries out the setting of secure log mode.User, according to own situation, arranges or changes secure log mode, after user is provided with, again starts the operating system and namely carry out login process according to the most newly-installed login mode of user;
Two, intervention dynamic base is logged in: called by Windows operating system logon process, intervene in login process, in this dynamic base, before the dialog boxes for login ejection of operating system, carry out login Logic judgment, according to login Logic judgment result, make following selection:
This login process failure, user can not enter operating system;
This logins successfully, and user directly enters operating system, carries out various resource management;
Login Logic judgment terminates, and guides user to enter into the Windows login process of standard, and user, by after the user name of Windows or password authentication, normally enters operating system, otherwise cannot enter operating system.
The described enhancement mode logging program that arranges realizes based on the mode of order line or gui interface, makes login intervene dynamic base come into force in an operating system by edit the registry, preserves by configuration file the login mode and correlation parameter that user arranges.
Login mode in described step one comprises
Two-pass cipher logs in, and first the system that enters inputs user-defined password, is verified the rear interface that just can enter operating system user and log in;
UsbKey logs in, and in login process, first the log-on message read in UsbKey carries out automatic Verification, is verified rear automatic log-on;
Smart card logs in, the smart card authentication interface of binding operation system self, and the log-on message read in smart card carries out automatic Verification, is verified rear automatic log-on;
Corresponding, login parameters comprise user arrange self-defined password, UsbKey log in correlation parameter, UsbKey hardware identifier parameter, smart card log in correlation parameter, smart card hardware identification parameter, the equal cryptographic storage of all parameters, the configuration file attribute of storage is set to hiding.
Log in intervention dynamic base in described step 2 to refer to: log in intervention dynamic base ejection dialog box prompting user and input self-defined password, compare with the password preserved in the password of the actual input of user obtained and configuration file, if comparison failure, cannot enter system, Windows standard login interface is entered, by system of being allowed for access after the Standard User of Windows or password authentification after comparison success;
In UsbKey login mode, first login dynamic base detects user and whether inserts UsbKey, if do not inserted, then points out user to insert UsbKey; If insert UsbKey, log-on message then in login intervention dynamic base reading UsbKey and the log-on message in configuration file are compared, directly log in Windows operating system after comparison success, comparison failure then cannot enter system according to arranging user or be directed to standard Windows login interface;
In smart card login mode, first login dynamic base detects user and whether inserts smart card, if do not inserted, then points out user to insert smart card; If insert smart card, log-on message then in login intervention dynamic base reading smart card and the log-on message in configuration file are compared, directly log in Windows operating system after comparison success, comparison failure then cannot enter system according to arranging user or be directed to standard Windows login interface.
The implementation method of secure log under a kind of Windows system of the present invention, has the following advantages:
The authentication interface that under a kind of Windows system of this invention, the implementation method of secure log provides by using Windows operating system, the login process of control Windows operating system, can strengthen the security of Windows operating system process of user login comprehensively; The security of Windows operating system login process is obviously promoted, by using software merely, namely two-pass cipher can strengthen the ability resisting login process risk, thoroughly can to resist various risks in login process by being combined hardware as UsbKey, smart card; Practical, applied widely, security performance is high, is easy to promote.
Accompanying drawing explanation
Accompanying drawing 1 is login mode of the present invention and optimum configurations process flow diagram.
Accompanying drawing 2 is operating system actual log process flow diagram flow chart of the present invention.
Accompanying drawing 3 is secure log function structure chart of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the invention will be further described.
The invention provides the implementation method of secure log under a kind of Windows system, by the open interface of Windows, the login process of interventional operations system, on the basis of simple ease for use of not sacrificing user, strengthens the security of whole login process greatly.In extreme circumstances, both made the password of user by unauthorized theft, the disabled user having obtained password still can not log in Windows operating system, carries out destructive activity.
Based on above-mentioned mentality of designing, as shown in accompanying drawing 1, Fig. 2, its specific implementation process is:
One, enhancement mode logging program is set: started voluntarily by user, after starting, the login mode of display user current setting, if user uses first time, did not also carry out setting, then show standard Windows login mode, and reminding user carries out the setting of secure log mode.User, according to own situation, arranges or changes secure log mode, after user is provided with, again starts the operating system and namely carry out login process according to the most newly-installed login mode of user;
Two, intervention dynamic base is logged in: called by Windows operating system logon process, intervene in login process, in this dynamic base, before the dialog boxes for login ejection of operating system, carry out login Logic judgment, according to login Logic judgment result, make following selection:
This login process failure, user can not enter operating system;
This logins successfully, and user directly enters operating system, carries out various resource management;
Login Logic judgment terminates, and guides user to enter into the Windows login process of standard, and user, by after the user name of Windows or password authentication, normally enters operating system, otherwise cannot enter operating system.
The described enhancement mode logging program that arranges realizes based on the mode of order line or gui interface, makes login intervene dynamic base come into force in an operating system by edit the registry, preserves by configuration file the login mode and correlation parameter that user arranges.
Login mode in described step one comprises
Two-pass cipher logs in, and enters system and first will input user-defined password, is verified the rear interface that just can enter operating system user and log in, by self-defined password and system login password two password reinforcing security.
In login process, first the log-on message read in UsbKey carries out automatic Verification, is verified rear automatic log-on, both strengthens security, and further provided convenience by means of hardware UsbKey.
Smart card logs in, and logs in similar with UsbKey, simultaneously the log-on message in the smart card authentication interface reading smart card of binding operation system self can carry out automatic Verification, be verified rear automatic log-on.
Also extendible fingerprint, login mode that first-class external unit of making a video recording is relevant as required.
Corresponding, login parameters comprise user arrange self-defined password, UsbKey log in correlation parameter, UsbKey hardware identifier parameter, smart card log in correlation parameter, smart card hardware identification parameter, the equal cryptographic storage of all parameters, the configuration file attribute of storage is set to hiding.
After above-mentioned UsbKey hardware identifier parameter refers to that UsbKey loses, the information of storage is copied away, and it is invalid that new UsbKey logs in.
After smart card hardware identification parameter refers to that smart card is lost, the information of storage is copied away, and it is invalid that new smart card logs in.
Log in intervention dynamic base in described step 2 to refer to: log in intervention dynamic base ejection dialog box prompting user and input self-defined password, compare with the password preserved in the password of the actual input of user obtained and configuration file, if comparison failure, cannot enter system, Windows standard login interface is entered, by system of being allowed for access after the Standard User of Windows or password authentification after comparison success;
In UsbKey login mode, first login dynamic base detects user and whether inserts UsbKey, if do not inserted, then points out user to insert UsbKey; If insert UsbKey, log-on message then in login intervention dynamic base reading UsbKey and the log-on message in configuration file are compared, directly log in Windows operating system after comparison success, comparison failure then cannot enter system according to arranging user or be directed to standard Windows login interface;
In smart card login mode, first login dynamic base detects user and whether inserts smart card, if do not inserted, then points out user to insert smart card; If insert smart card, log-on message then in login intervention dynamic base reading smart card and the log-on message in configuration file are compared, directly log in Windows operating system after comparison success, comparison failure then cannot enter system according to arranging user or be directed to standard Windows login interface.
As shown in Figure 3, the pattern identification of the former operating system of Vista and authentication model GINA dynamic base, Vista and the Credential Provider MODEL C redentialProvider interface dynamic base with back operation system.
Above-mentioned embodiment is only concrete case of the present invention; scope of patent protection of the present invention includes but not limited to above-mentioned embodiment; under any a kind of Windows system according to the invention the implementation method of secure log claims and any person of an ordinary skill in the technical field to its suitable change done or replacement, all should fall into scope of patent protection of the present invention.
Claims (4)
1. the implementation method of secure log under Windows system, is characterized in that its specific implementation process is:
One, enhancement mode logging program is set: started voluntarily by user, the login mode of display user current setting after starting, if user uses first time, also do not carry out setting, then show standard Windows login mode, and reminding user carries out the setting of secure log mode, user is according to own situation, arrange or change secure log mode, after user is provided with, again starts the operating system and namely carry out login process according to the most newly-installed login mode of user;
Two, intervention dynamic base is logged in: called by Windows operating system logon process, intervene in login process, in this dynamic base, before the dialog boxes for login ejection of operating system, carry out login Logic judgment, according to login Logic judgment result, make following selection:
This login process failure, user can not enter operating system;
This logins successfully, and user directly enters operating system, carries out various resource management;
Login Logic judgment terminates, and guides user to enter into the Windows login process of standard, and user, by after the user name of Windows or password authentication, normally enters operating system, otherwise cannot enter operating system.
2. the implementation method of secure log under a kind of Windows system according to claim 1, it is characterized in that: the described enhancement mode logging program that arranges realizes based on the mode of order line or gui interface, make login intervene dynamic base by edit the registry to come into force in an operating system, preserved login mode and the correlation parameter of user's setting by configuration file.
3. the implementation method of secure log under a kind of Windows system according to claim 1, is characterized in that: the login mode in described step one comprises
Two-pass cipher logs in, and first the system that enters inputs user-defined password, is verified the rear interface that just can enter operating system user and log in;
UsbKey logs in, and in login process, first the log-on message read in UsbKey carries out automatic Verification, is verified rear automatic log-on;
Smart card logs in, the smart card authentication interface of binding operation system self, and the log-on message read in smart card carries out automatic Verification, is verified rear automatic log-on;
Corresponding, login parameters comprise user arrange self-defined password, UsbKey log in correlation parameter, UsbKey hardware identifier parameter, smart card log in correlation parameter, smart card hardware identification parameter, the equal cryptographic storage of all parameters, the configuration file attribute of storage is set to hiding.
4. the implementation method of secure log under a kind of Windows system according to claim 3, it is characterized in that: log in intervention dynamic base in described step 2 and refer to: log in intervention dynamic base ejection dialog box prompting user and input self-defined password, compare with the password preserved in the password of the actual input of user obtained and configuration file, if comparison failure, cannot enter system, Windows standard login interface is entered, by system of being allowed for access after the Standard User of Windows or password authentification after comparison success;
In UsbKey login mode, first login dynamic base detects user and whether inserts UsbKey, if do not inserted, then points out user to insert UsbKey; If insert UsbKey, log-on message then in login intervention dynamic base reading UsbKey and the log-on message in configuration file are compared, directly log in Windows operating system after comparison success, comparison failure then cannot enter system according to arranging user or be directed to standard Windows login interface;
In smart card login mode, first login dynamic base detects user and whether inserts smart card, if do not inserted, then points out user to insert smart card; If insert smart card, log-on message then in login intervention dynamic base reading smart card and the log-on message in configuration file are compared, directly log in Windows operating system after comparison success, comparison failure then cannot enter system according to arranging user or be directed to standard Windows login interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410470534.0A CN104239762A (en) | 2014-09-16 | 2014-09-16 | Method for realizing secure login in Windows system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410470534.0A CN104239762A (en) | 2014-09-16 | 2014-09-16 | Method for realizing secure login in Windows system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104239762A true CN104239762A (en) | 2014-12-24 |
Family
ID=52227808
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410470534.0A Pending CN104239762A (en) | 2014-09-16 | 2014-09-16 | Method for realizing secure login in Windows system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104239762A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105975841A (en) * | 2016-04-27 | 2016-09-28 | 四川效率源信息安全技术股份有限公司 | Method for locking/ unlocking computer screen on the basis of softdog |
| CN106845253A (en) * | 2016-12-27 | 2017-06-13 | 迈普通信技术股份有限公司 | Historical operation recording of encrypted method and device |
| CN107241192A (en) * | 2017-05-27 | 2017-10-10 | 飞天诚信科技股份有限公司 | The method and device that a kind of use fingerprint key is logged in |
| CN107506624A (en) * | 2017-08-22 | 2017-12-22 | 深圳竹云科技有限公司 | A kind of Windows system safe login methods based on short message verification code |
| CN108052823A (en) * | 2017-12-12 | 2018-05-18 | 广东省信息安全测评中心 | Detection and method, apparatus, computer equipment and the readable storage medium storing program for executing for intercepting Mimikatz |
| CN112367339A (en) * | 2020-11-30 | 2021-02-12 | 北京北信源软件股份有限公司 | System security login management method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154252A (en) * | 2006-09-28 | 2008-04-02 | 知网生物识别科技股份有限公司 | Window login and authentication system and method thereof |
| CN101196968A (en) * | 2007-12-17 | 2008-06-11 | 山东超越数控电子有限公司 | Security protection method for single machine information |
| CN201397508Y (en) * | 2009-05-13 | 2010-02-03 | 北京鼎普科技股份有限公司 | Stand-alone terminal secure login and monitoring device |
| CA2611549C (en) * | 2007-11-27 | 2011-04-19 | Paul Plesman | Method and system for providing a secure login solution using one-time passwords |
| CN102983969A (en) * | 2011-09-05 | 2013-03-20 | 国民技术股份有限公司 | Security login system and security login method for operating system |
-
2014
- 2014-09-16 CN CN201410470534.0A patent/CN104239762A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154252A (en) * | 2006-09-28 | 2008-04-02 | 知网生物识别科技股份有限公司 | Window login and authentication system and method thereof |
| CA2611549C (en) * | 2007-11-27 | 2011-04-19 | Paul Plesman | Method and system for providing a secure login solution using one-time passwords |
| CN101196968A (en) * | 2007-12-17 | 2008-06-11 | 山东超越数控电子有限公司 | Security protection method for single machine information |
| CN201397508Y (en) * | 2009-05-13 | 2010-02-03 | 北京鼎普科技股份有限公司 | Stand-alone terminal secure login and monitoring device |
| CN102983969A (en) * | 2011-09-05 | 2013-03-20 | 国民技术股份有限公司 | Security login system and security login method for operating system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105975841A (en) * | 2016-04-27 | 2016-09-28 | 四川效率源信息安全技术股份有限公司 | Method for locking/ unlocking computer screen on the basis of softdog |
| CN106845253A (en) * | 2016-12-27 | 2017-06-13 | 迈普通信技术股份有限公司 | Historical operation recording of encrypted method and device |
| CN107241192A (en) * | 2017-05-27 | 2017-10-10 | 飞天诚信科技股份有限公司 | The method and device that a kind of use fingerprint key is logged in |
| CN107241192B (en) * | 2017-05-27 | 2019-08-30 | 飞天诚信科技股份有限公司 | A kind of method and device logged in using fingerprint key |
| CN107506624A (en) * | 2017-08-22 | 2017-12-22 | 深圳竹云科技有限公司 | A kind of Windows system safe login methods based on short message verification code |
| CN108052823A (en) * | 2017-12-12 | 2018-05-18 | 广东省信息安全测评中心 | Detection and method, apparatus, computer equipment and the readable storage medium storing program for executing for intercepting Mimikatz |
| CN112367339A (en) * | 2020-11-30 | 2021-02-12 | 北京北信源软件股份有限公司 | System security login management method and device |
| CN112367339B (en) * | 2020-11-30 | 2023-04-18 | 北京北信源软件股份有限公司 | System security login management method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104239762A (en) | Method for realizing secure login in Windows system | |
| US20180054460A1 (en) | Techniques to provide network security through just-in-time provisioned accounts | |
| US20150281225A1 (en) | Techniques to operate a service with machine generated authentication tokens | |
| CN101986325A (en) | Computer security access control system and method | |
| US9680644B2 (en) | User authentication system and methods | |
| US9485255B1 (en) | Authentication using remote device locking | |
| CN109067697B (en) | User account management and control method for hybrid cloud and readable medium | |
| CN109391615A (en) | A kind of server exempts from close login method and system | |
| US10523663B2 (en) | Shared password protection within applications | |
| CN105809007A (en) | Privacy protection method and device | |
| US20120179915A1 (en) | System and method for full disk encryption authentication | |
| CN103975567B (en) | Two-factor authentication method and virtual machine facility | |
| CN109190389A (en) | A kind of solid state hard disk data guard method based on USB flash disk authentication | |
| WO2017114210A1 (en) | Apparatus and method for security control of data processing system | |
| CN104104671B (en) | Establish the unified dynamic authorization code system of business entity's account | |
| CN105279453B (en) | It is a kind of to support the partitions of file for separating storage management to hide system and method | |
| WO2022042745A1 (en) | Key management method and apparatus | |
| CN106610822A (en) | Auxiliary unlocking method and device | |
| CN111090616B (en) | File management method, corresponding device, equipment and storage medium | |
| CN102594815B (en) | Before register system, user right is set and performs method, the device of corresponding operating | |
| CN102426592B (en) | Method for initializing database based on dynamic password | |
| CN103678973A (en) | System capable of realizing access control of host and virtual machine simultaneously and working method thereof | |
| CN106533678A (en) | Multi-signature-based login method and system thereof | |
| CN115967581A (en) | Login verification method and device, electronic equipment and storage medium | |
| KR101763184B1 (en) | File recovery method using backup |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141224 |
|
| WD01 | Invention patent application deemed withdrawn after publication |