CN104468173A - Software system safety design method - Google Patents
Software system safety design method Download PDFInfo
- Publication number
- CN104468173A CN104468173A CN201310444474.0A CN201310444474A CN104468173A CN 104468173 A CN104468173 A CN 104468173A CN 201310444474 A CN201310444474 A CN 201310444474A CN 104468173 A CN104468173 A CN 104468173A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- mobile phone
- phone number
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a software system safety design method. A mobile phone short message sending device is additionally installed on a server side machine for users of an important software system or important users (such as users with special permissions) of a software system, a system administrator binds two mobile phone numbers for each user when maintaining the information of an operator, one mobile phone number is the mobile phone number of the corresponding user, and the other mobile phone number is the mobile phone number of a system supervisor; when one user logs onto the system, the user uses the system message including ip address logging-on information for sending the information to the corresponding two mobile phone numbers through a management procedure on a background server side machine immediately, the information sent to the supervisor is used for monitoring whether the user uses the system legally or not, and the information sent to the user is used for preventing an illegal user from using the system by stealing the identity of the user. According to the system, the supervising mode can be used for supervising whether the legal users use the system legally or not or whether the illegal user uses the system by stealing the identity of the legal user or not, and the system safety is greatly improved.
Description
Technical field
The present invention relates to a kind of method of software systems safe design, the present invention is directed to the user of critical software system or the responsible consumer (user if any special access right) of software systems, server end machine adds a SMS transmitting apparatus, system manager bundlees 2 phone numbers to when attended operation person's information each user, 1 is the phone number of user oneself, another 1 is the phone number of system supervisory personnel, when logging in system by user, this user uses system message (information is included in that ip address registration information) to be sent on corresponding 2 phone numbers by the hypervisor on background server terminal device at once, issuing superintendent's information is whether this user of supervision is in legal use system, issue user oneself to prevent from disabled user from passing through to steal this user identity to use system.This system use supervision method namely can supervise validated user whether legal use system or disabled user by stealing validated user identity in use system, greatly improve security of system.
Background technology
In information system, also substantially these three kinds can be divided into the authentication means of user, prove that the identity of a people is referred to as single-factor certification by means of only meeting of a condition, owing to only using the identity of a kind of condition judgment user easily counterfeit, the identity of a people can be proved by combining two kinds of different conditions, being referred to as double factor authentication.
Whether identity identifying technology, from using hardware can be divided into software authentication and hardware identification, needs the condition of checking, can be divided into single-factor certification and double factor authentication from certification.From authentication information, static certification and dynamic authentication can be divided into.The development of identity identifying technology, experienced by from software authentication to hardware identification, authenticates to double factor authentication from single-factor, authenticates to the process of dynamic authentication from static state.Identification authentication mode conventional in present computer techno-stress system mainly contains following several:
1, usemame/password mode
Usemame/password is the most also the most frequently used identity identifying method, and it is the checking means based on " what you know ".The password of each user is set by this user oneself, and only have himself just to know, as long as therefore correctly can input password, computer just thinks that he is exactly this user.But in fact, because many users forget Password to prevent, by other people, the birthday, telephone number etc. of frequent employing such as oneself or household are easily guessed that the significant character string arrived is as password, or password is copied and oneself thinks safe place at one, this all also exists many potential safety hazards, very easily causes password to reveal.Namely enable guarantee user cipher is not leaked, due to the data that password is static, and need to transmit in calculator memory He in network in proof procedure, and the authorization information that each proof procedure uses is all identical, be easy to reside in the trojan horse program in calculator memory or the intercepting and capturing of the audiomonitor in network.Therefore usemame/password mode is a kind of is the identification authentication mode be absolutely unsafe.There is no that any fail safe can be sayed.
2, IC-card certification
IC-card is a kind of card of built-in integrated circuit, has the data relevant to user identity in card, and IC-card by special device fabrication, can think not reproducible hardware by special manufacturer.IC-card is carried with by validated user, IC-card must be inserted special card reader reading information wherein, with the identity of authentication of users during login.IC-card certification is the means based on " what you have ", ensures that user identity can not be counterfeit by IC-card hardware is not reproducible.But due to each data read from IC-card or static, to be scanned by internal memory or the technology such as network monitoring is still easy to be truncated to the authentication information of user.Therefore, still there is basic potential safety hazard in the mode of static authentication.
3, dynamic password
Dynamic-password technique be a kind of password of user that allows according to time or the continuous dynamic change of access times, each password is expendable technology only.It adopts a kind of specialized hardware being referred to as dynamic token, built-in power, password generating chip and display screen, and password generating chip runs special cryptographic algorithm, generates current password and show on a display screen according to current time or access times.Certificate server adopts identical algorithm to calculate current valid password.Only need when user uses, by the current password input client computer that dynamic token shows, the confirmation of identity can be realized.Because the password used must be produced by dynamic token at every turn, validated user is only had just to hold this hardware, as long as so password authentification is by just thinking that the identity of this user is reliable.And the password that user uses is not identical at every turn, even if hacker has intercepted and captured a password, this password also cannot be utilized to carry out the identity of counterfeit validated user.
Dynamic-password technique adopts the method for one-time pad, effectively ensure that the fail safe of user identity.If but the time of client hardware and server or number of times can not keep good synchronous, and the problem that validated user cannot log in just may occur.And also need by input through keyboard a lot of irregular password when user logs in, will redo once misunderstand or input by mistake, the use of user is very inconvenient at every turn.
4, biological characteristic authentication
Biological characteristic authentication refers to the technology adopting everyone unique biological characteristic to carry out identifying user identity.Common are fingerprint recognition, iris recognition etc.In theory, biological characteristic authentication is the most reliable identification authentication mode, because the physical features of its direct end user represents everyone digital identity, the possibility that different people has identical biological characteristic is negligible, therefore hardly may be counterfeit.
Biological characteristic authentication, based on biometrics identification technology, by the impact of biometrics identification technology maturity till now, adopts biological characteristic authentication also to have larger limitation.First, the Stability and veracity of living things feature recognition need to improve, if particularly user's body is subject to impact that is sick and wounded or spot, often causes normally identifying, causes the situation that validated user cannot log in.Secondly, because Innovation Input is comparatively large and output is less, the cost of biological characteristic authentication system is very high, is suitable only for the very high occasion of some security requirements at present as the use such as bank, army, also cannot accomplishes spread.
5, USB Key certification
Identification authentication mode based on USB Key is a kind of convenience grown up in recent years, safe, economic identity identifying technology, its adopts software and hardware to combine the double strong factor certification mode of one-time pad, solves the contradiction between fail safe and ease for use well.USB Key is a kind of hardware device of USB interface, its built-in single-chip microcomputer or intelligent card chip, can store key or the digital certificate of user, and the cryptographic algorithm utilizing USB Key built-in realizes the certification to user identity.Two kinds of application models are mainly contained: one is that two is the certification modes based on PKI system based on impact/corresponding certification mode based on USB Key identity authorization system.
Above-mentioned several identity identifying method, except the 4th kind of biological characteristic authentication identity, all the other are all likely utilized legal method to use system by disabled user, as password, IC-card and USB Key are stolen, disabled user just becomes validated user, thirdly validated user also may within the illegal time illegal use system, at present these present situations probably system be just found maliciously being employed for a long time.
Summary of the invention
The object of the invention is to: the present invention be directed to the user of critical software system and the responsible consumer (user if any special access right) of software systems, after each login system of user, this user uses system message (information is included in that ip address registration information) to be sent on corresponding 2 phone numbers by the hypervisor on background server terminal device at once, and (1 is superintendent's phone number, 1 is user oneself phone number), issuing superintendent's information is whether this user of supervision is in legal use system, issue user oneself to prevent from disabled user from passing through to steal this user identity to use system.
Claims (2)
1. a method for software systems safe design, is characterized in that:
Timely transmission message---sends message after each user's Successful login---after each user's Successful login in time, this user uses system message (information is included in that ip address registration information) to be sent on corresponding 2 phone numbers (1 is superintendent's phone number, and 1 is user oneself phone number) by the hypervisor on background server terminal device at once.
2. the method for a kind of supervisory systems safe handling design according to claim 1, it is characterized in that: for the user of critical software system and the responsible consumer (user if any special access right) of software systems, after each login system of user, this user uses system message (information is included in that ip address registration information) to be sent on corresponding 2 phone numbers by the hypervisor on background server terminal device at once, and (1 is superintendent's phone number, 1 is user oneself phone number), issuing superintendent's information is whether this user of supervision is in legal use system, issue user oneself to prevent from disabled user from passing through to steal this user identity to use system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310444474.0A CN104468173A (en) | 2013-09-25 | 2013-09-25 | Software system safety design method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310444474.0A CN104468173A (en) | 2013-09-25 | 2013-09-25 | Software system safety design method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104468173A true CN104468173A (en) | 2015-03-25 |
Family
ID=52913592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310444474.0A Pending CN104468173A (en) | 2013-09-25 | 2013-09-25 | Software system safety design method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104468173A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321068A (en) * | 2008-07-23 | 2008-12-10 | 北京握奇数据系统有限公司 | Method and apparatus for implementing dual-identity authentication |
| CN101447872A (en) * | 2007-11-27 | 2009-06-03 | 阿里巴巴集团控股有限公司 | User identity authentication method, system thereof and identifying code generating maintenance subsystem |
| CN102300182A (en) * | 2011-09-07 | 2011-12-28 | 飞天诚信科技股份有限公司 | Short-message-based authentication method, system and device |
| CN102457485A (en) * | 2010-10-26 | 2012-05-16 | 镇江精英软件科技有限公司 | Method for supervising safe use of system |
-
2013
- 2013-09-25 CN CN201310444474.0A patent/CN104468173A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447872A (en) * | 2007-11-27 | 2009-06-03 | 阿里巴巴集团控股有限公司 | User identity authentication method, system thereof and identifying code generating maintenance subsystem |
| CN101321068A (en) * | 2008-07-23 | 2008-12-10 | 北京握奇数据系统有限公司 | Method and apparatus for implementing dual-identity authentication |
| CN102457485A (en) * | 2010-10-26 | 2012-05-16 | 镇江精英软件科技有限公司 | Method for supervising safe use of system |
| CN102300182A (en) * | 2011-09-07 | 2011-12-28 | 飞天诚信科技股份有限公司 | Short-message-based authentication method, system and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| US8595810B1 (en) | Method for automatically updating application access security | |
| EP2809046B1 (en) | Associating distinct security modes with distinct wireless authenticators | |
| CN105960774A (en) | Near field communication authentication mechanism | |
| CN103414562B (en) | User authority control method and device based on URL fingerprint techniques | |
| CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
| CN103581378A (en) | Smart phone high in safety performance | |
| CN104021332A (en) | Method for performing identity authentication and file encryption and decryption based on fingerprint UsbKey | |
| WO2019205389A1 (en) | Electronic device, authentication method based on block chain, and program and computer storage medium | |
| CN105243314A (en) | USB-key based security system and usage method therefor | |
| US9954853B2 (en) | Network security | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
| KR20150026587A (en) | Apparatus, method and computer readable recording medium for providing notification of log-in from new equipments | |
| US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
| Singhal et al. | Software tokens based two factor authentication scheme | |
| CN106295384B (en) | Big data platform access control method and device and authentication server | |
| CN101854357B (en) | Method and system for monitoring network authentication | |
| CN105071993A (en) | Encryption state detection method and system | |
| KR101603988B1 (en) | System for context-aware service | |
| CN102457484A (en) | Method for checking user information by combining user name/password authentication and check code | |
| JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method | |
| CN103049686A (en) | Method for verifying information of database and user through universal serial bus (Usb) key | |
| CN104468173A (en) | Software system safety design method | |
| CN105828323A (en) | Privacy protection method and system for common database of Android mobile phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150325 |