CN104639562B - A kind of system of pushing certification and the method for work of equipment - Google Patents

A kind of system of pushing certification and the method for work of equipment Download PDF

Info

Publication number
CN104639562B
CN104639562B CN201510089797.1A CN201510089797A CN104639562B CN 104639562 B CN104639562 B CN 104639562B CN 201510089797 A CN201510089797 A CN 201510089797A CN 104639562 B CN104639562 B CN 104639562B
Authority
CN
China
Prior art keywords
token
server
mobile terminal
certificate server
certification request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510089797.1A
Other languages
Chinese (zh)
Other versions
CN104639562A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201510089797.1A priority Critical patent/CN104639562B/en
Publication of CN104639562A publication Critical patent/CN104639562A/en
Priority to PCT/CN2016/074468 priority patent/WO2016134657A1/en
Priority to US15/552,517 priority patent/US10887103B2/en
Application granted granted Critical
Publication of CN104639562B publication Critical patent/CN104639562B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

The present invention discloses a kind of system of pushing certification and the method for work of equipment, belongs to information security field, methods described includes:Application interface receives user profile and sent to application server, application server sends user profile and application identities to certificate server, certificate server is according to the challenging value of generation, token information, Apply Names generation pushing certification request Concurrency delivers to mobile terminal token corresponding to user profile and application identities, mobile terminal token asks generation log-on message according to pushing certification, when user selects to confirm to log in, first response value is generated according to challenging value and sent to certificate server, certificate server generates the second response value according to challenging value, when the first response value and identical the second response value, to application server return authentication successful result.Using technical scheme, the data transmission bauds of conventional authentication is improved, the input of password is participated in without user, man-in-the-middle attack is prevented, improves the security of certification.

Description

A kind of system of pushing certification and the method for work of equipment
Technical field
The present invention relates to information security field, more particularly to the method for work of a kind of system of pushing certification and equipment.
Background technology
Mobile device token, full name dynamic password mobile device (including mobile phone, pad etc.) token, it is for generating dynamic The mobile device client software of password, mobile device token are to produce dynamic password by the program run on the mobile apparatus, Dynamic password carries out authentication with mobile device binding, and the generating process of password does not produce communication and expense, had using letter It is single, safe, inexpensive, extras need not be carried, easily obtained, without advantages such as logistics, when mobile device token is 3G For the development trend of dynamic password ID authentication.
Push, the communication connection mode before being a kind of advanced server and client computer, by server data in a steady stream not Push client computer to disconnectedly, so that the interactive performance between client-server improves significantly, realize that user's is multi-level Demand so that user oneself can set required info-channel, and the realization side of customized information is directly received in user terminal Formula.
Prior art is to be sent to server by user's triggering generation password to be verified in verification process, password Easily leakage, security is relatively low, and certification need user intervention thus influence certification speed and security it is low.
The content of the invention
To solve the problems, such as to provide in the prior art, the invention provides the work of a kind of system of pushing certification and equipment Method.
The technical solution adopted by the present invention is:A kind of method of work of pushing certification system, applied to including application interface, In the system of application server, certificate server and mobile terminal token composition, methods described includes:
Step S1:The application interface receives the user profile of user's input, and the user profile is sent to described and answered Use server;
Step S2:After the application server receives the user profile, according to the user profile and internal preservation Application identities generation certification request, the certification request is sent to the certificate server;
Step S3:After the certificate server receives the certification request, generate challenging value and preserve, from the certification User profile and application identities are obtained in request, token information and network data chain according to corresponding to obtaining the user profile Road, and the Apply Names according to corresponding to obtaining the application identities;
Step S4:The certificate server according to the challenging value, the token information, the user profile and it is described should Asked with title generation pushing certification, pushing certification request is pushed to by corresponding movement by the network data link Terminal token;
Step S5:After the mobile terminal token receives the pushing certification request, asked according to the pushing certification In user profile and Apply Names generation log-on message and show, receive selection of the user to the log-on message, work as reception When selecting to confirm to log in user, step S6 is performed, is otherwise terminated;
Step S6:The mobile terminal token obtains challenging value from pushing certification request, to the challenging value and The token seed key that inside preserves is calculated, and generates the first response value;
Step S7:The mobile terminal token generation includes the Authorization result of first response value, passes through the network Data link sends the Authorization result to the certificate server;
Step S8:After the certificate server receives the Authorization result, obtaining first from the Authorization result should Value is answered, and obtains the server seed key and challenging value of corresponding preservation, to the challenging value and the server seed key Calculated, obtain the second response value;
Step S9:The certificate server judges whether first response value and second response value match, and is then To the successful authentication result of application server return authentication, step S10 is performed, is otherwise terminated;
Step S10:After the application server receives the successful authentication result of the certification, sent out to the application interface Send authentication success message;
Step S11:After the application interface receives the authentication success message, it is allowed to which user accesses application, terminates.
The method of work of certificate server in a kind of system of pushing certification, including:
Step T1:After the certificate server receives the certification request from application server, generate challenging value and protect Deposit, and user profile and application identities are obtained from the certification request;
Step T2:The certificate server token information and network data chain according to corresponding to obtaining the user profile Road, and the Apply Names according to corresponding to obtaining the application identities;
Step T3:The certificate server according to the challenging value, the token information, the user profile and it is described should Asked with title generation pushing certification, and pushing certification request is pushed to by mobile terminal by the network data link Token;
Step T4:The certificate server receives the Authorization result that the mobile terminal token returns, and knot is authorized from described The first response value is obtained in fruit, and obtains the server seed key of preservation and the challenging value, to the challenging value and described Server seed key is calculated, and obtains the second response value;
Step T5:The certificate server judges whether first response value and second response value match, if It is, then to the successful authentication result of application server return authentication, to terminate, otherwise to the application server return authentication The authentication result of failure, terminate.
The method of work of mobile terminal token in a kind of system of pushing certification, including:
Step K1:The mobile terminal token receives the pushing certification request from certificate server;
Step K2:The mobile terminal token obtains user profile and Apply Names, root from pushing certification request According to the user profile and Apply Names generation log-on message and show;
Step K3:The mobile terminal token receives selection of the user to log-on message, selects to confirm when receiving user During login, step K4 is performed, is otherwise terminated;
Step K4:The mobile terminal token obtains challenging value from pushing certification request, and obtains the order of preservation Board seed key, the challenging value and the token seed key are calculated, generate the first response value;
Step K5:The mobile terminal token obtains token information from pushing certification request, according to described first Response value and token information generation allow the Authorization result logged in, and are sent to the certification and taken by network data link Business device, token operation terminate.
The beneficial effect that the present invention obtains is:Using technical scheme, realized by the way of push client, Password authentication between server and mobile device token, the data transmission bauds of conventional authentication is improved, and joined without user Input and use challenge response mode with password, prevent man-in-the-middle attack, improve the security in verification process.
Brief description of the drawings
, below will be to embodiment or existing for the clearer explanation embodiment of the present invention or technical scheme of the prior art There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of flow chart of work methods for pushing certification system that the embodiment of the present invention 1 provides;
Fig. 2, Fig. 3 and Fig. 4 are a kind of flow chart of work methods for pushing certification system that the embodiment of the present invention 2 provides;
Fig. 5 is the flow chart of work methods of certificate server in a kind of pushing certification system that the embodiment of the present invention 3 provides;
Fig. 6 is the method for work flow of mobile terminal token in a kind of pushing certification system that the embodiment of the present invention 4 provides Figure.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
In the present invention, pushing certification system includes application interface, application server, certificate server and mobile terminal order Board, pushing certification equipment include certificate server and mobile terminal token.
In the present invention, during certificate server is to mobile terminal token activation, network data chain between the two is established Road, and the corresponding relation of user profile and network data link is preserved in certificate server, work as mobile terminal every time afterwards When token starts, the internal reference address preserved is obtained, according to reference address access registrar server, starts against movement eventually Hold the network data link (being preferably the network data link of Transmission Control Protocol) between token and certificate server, mobile terminal order Board is sent token information to certificate server by the network data link, after certificate server receives token information, is obtained The corresponding token information preserved in server storage area is taken, if the token information received differs with the token information preserved, The token information for then updating preservation is the token information received;
Wherein, token information includes:Token serial number, token identifications code, mobile terminal operating system;
For example, the reference address preserved inside mobile terminal token is api-dfserv.cloudentify.com:1843;
Mobile terminal token is sent to the token information of certificate server:
{"tokens":["1000000006","1000000003"],"os":"1",udid":" 57987117827971672588""reqtype":"1"}。
Embodiment 1
The embodiment of the present invention 1 provides a kind of method of work of pushing certification system, applied to including application interface, application In the system of server, certificate server and mobile device token composition, as shown in figure 1, including:
Step 101:Application interface receives the user profile of user's input;
Wherein, user profile can be user name, or username and password, the present embodiment is using user profile as use Illustrate exemplified by name in an account book.
Step 102:Application interface sends user profile to application server;
Step 103:After application server receives user profile, given birth to according to user profile and the internal application identities preserved Into certification request;
Step 104:Application server sends certification request to certificate server;
Step 105:After certificate server receives certification request, generate challenging value and preserve, obtained from certification request User profile and application identities, token information and network data link according to corresponding to obtaining user profile, and marked according to application Know Apply Names corresponding to obtaining;
Step 106:Certificate server generates pushing certification according to challenging value, token information, user profile and Apply Names Request;
Step 107:Pushing certification request is pushed to corresponding mobile terminal by certificate server by network data link Token;
Step 108:After mobile terminal token receives pushing certification request, the user profile in being asked according to pushing certification Log-on message is generated with Apply Names and is shown, receives selection of the user to the log-on message, and when receiving, user's selection is true When recognizing login, step 109 is performed, is otherwise terminated;
Step 109:Mobile terminal token obtains challenging value from pushing certification request, to challenging value and the internal institute preserved State token seed key to be calculated, generate the first response value;
Step 110:Mobile terminal token generates the Authorization result for including the first response value;
Step 111:Mobile terminal token is sent Authorization result to certificate server by network data link;
Step 112:After certificate server receives Authorization result, the first response value is obtained from Authorization result, and obtain The corresponding server seed key and challenging value preserved, is calculated challenging value and server seed key, and obtaining second should Answer value;
Step 113:Certificate server judges whether the first response value and the second response value match, and is then to perform step 114, Otherwise terminate;
Step 114:Certificate server is to the successful authentication result of application server return authentication;
Step 115:After application server receives the successful authentication result of certification, send certification to application interface and successfully believe Breath;
Step 116:After application interface receives authentication success message, it is allowed to which user accesses application, terminates.
Embodiment 2
The embodiment of the present invention 2 provides a kind of method of work of pushing certification system, applied to including application interface, using clothes It is engaged in the system of device, certificate server and mobile terminal token composition, as shown in Figure 2, Figure 3 and Figure 4, including:
Step 201:Application interface receives the user profile of user's input, including username and password;
Wherein, user profile can be user name, or username and password, the present embodiment is using user profile as use Illustrate exemplified by name in an account book and password;
For example, user profile includes:User name:abc@test.com, password:168408afag.
Step 202:Application interface sends username and password to application server.
Step 203:Whether the username and password that application server judgement receives is correct, if it is, performing step 206, otherwise perform step 204;
Specifically include, application server judge from application server for storage area whether the user that can be obtained and receive User profile corresponding to name, if it is possible to get, then judge whether password in user profile and the password received are identical, If it is, username and password is correct, otherwise username and password is incorrect, step 204 is performed, if can not obtain Arrive, then return to username bad response to application interface.
Step 204:Application server returns to the incorrect response of user profile to application interface.
Step 205:After application interface receives the incorrect response of user profile, the incorrect prompting letter of output user profile Breath, terminate;
In the present embodiment, also include before step 205:Initialization checking number;In this step, when receiving user profile During incorrect response, in addition to:Renewal checking number, judges whether the checking number after renewal reaches preset times, if it is, Then report an error, terminate, otherwise return to step 201;Wherein, the initial value for verifying number is 0, and renewal checking number preferably will checking time For number from adding 1, preset times are preferably 3 times;
Further, in the present embodiment, after the application interface output incorrect prompt message of user profile, can also wrap Include output prompting and re-enter user profile, wait the user profile of user's input to be received, return to step 201.
Step 206:Application server generates certification request according to user name and the internal application identities preserved;
This step can also include:Application server first presets arranging key and certification request is encrypted, and obtains To certification request ciphertext;
Wherein, certification request is encrypted using the first default arranging key, is specially:Client application predetermined encryption Algorithm, certification request is encrypted according to the first default arranging key;Preferably, predetermined encryption algorithm is DES algorithms, except this Outside can also be RSA Algorithm etc.;
For example, application interface is WEBSDK login interfaces, corresponding application identities are yiwnzh-ajg.
Step 207:Application server sends certification request to certificate server;
This step is specially:Application server sends certification request to authentication proxy, and authentication proxy receives certification please After asking, certification request is forwarded to certificate server;
Can also be:Application server sends certification request ciphertext to authentication proxy, and authentication proxy receives certification please After seeking ciphertext, certification request ciphertext is forwarded to certificate server.
Step 208:After certificate server receives certification request, user name and application identities in certification request are obtained;
This step can also be:After certificate server receives certification request ciphertext, according to the first default arranging key pair Certification request ciphertext is decrypted, and obtains certification request, obtains user name and application identities in certification request;
Wherein, certification request ciphertext is decrypted according to the first default arranging key, is specially:Certificate server application Default decipherment algorithm, certification request ciphertext is decrypted according to the first default arranging key;Preferably, default decipherment algorithm is DES algorithms, in addition can also be RSA Algorithm etc..
Step 209:Certificate server obtained according to user name from server storage area corresponding to token information and network Data link;
In the present embodiment, after certificate server obtains user name from certification request, in addition to:Judge to deposit from server User record corresponding with user name whether can be found in storage area, if it is, continuing, otherwise returns and uses to application server The unregistered information in family;
In the present embodiment, the user record preserved in server storage area includes:User name, server seed key, answer With title and token information, wherein, token information includes token identifications code, token serial number, mobile terminal operating system.
Step 210:Certificate server is according to application identities, the Apply Names corresponding to acquisition from server storage area;
This step also includes:Judge application name corresponding with application identities whether can be found from server storage area Claim, if it is, continuing, otherwise returned to application server and apply unregistered information;
Step 211:Certificate server generates the challenging value of preset length, is established with user profile and associates and preserve to service In device memory block;
Preferably, preset length is 6 decimal datas;
In the present embodiment, generation challenging value can be call random number generation function generate random number, using random number as Challenging value, or:Server seed key corresponding to being obtained according to user name from server storage area, to server kind Sub-key is calculated, and generates challenging value;
Wherein, server seed key is calculated, generates challenging value, be specially:Using preset algorithm to server Seed key is calculated, the metric challenging value that generation length is 6, it is preferred that preset algorithm is SM3 algorithms, may be used also Think OATH algorithms etc.;
For example, the challenging value of generation is 308962;
In the present embodiment, step 209, step 210 and step 211 can perform simultaneously without sequencing.
Step 212:Certificate server obtains server time, according to challenging value, token information, user profile and application name Claim generation pushing certification request;
This step can also include:Certificate server adds using the second default arranging key to pushing certification request It is close, obtain pushing certification request ciphertext;
In this step, can also be:Certificate server obtains token identifications code, token mark from server storage area Know code challenging value is encrypted, challenging value ciphertext is obtained, according to challenging value ciphertext, token information, user profile and application name Claim generation pushing certification request;
Wherein, pushing certification request is encrypted using the second default arranging key, is specially:Calculated using predetermined encryption Method, pushing certification request is encrypted according to the second default arranging key;Preferably, predetermined encryption algorithm is DES algorithms, is removed It can also be RSA Algorithm etc. outside this;
Also include before this step:Certificate server call random number generation function, generate the first random number, by first with Machine number is established with user profile as certification request ID and associates and preserve into server storage area;
Further, in addition to:Certificate server obtains the current server time, using the current server time as certification The request ID generation time is preserved into server storage area;
For example, the certification request ID of certificate server generation is:
02c0e8b4-be19-49f6-aab6-273b38522cea;
The certification request ID generation time is 1419325026;
Then, it is described that pushing certification request is generated according to challenging value, token information, user profile and Apply Names, be specially: Pushing certification request is generated according to challenging value, token information, user profile, Apply Names and certification request ID;
For example, the pushing certification request of generation is:
{"appname":"WEBSDK","challenge":"308962","pushtype":"1","reqid":" 02c0e8b4-be19-49f6-aab6-273b38522cea","time":"1419325027","token":" 1000000003","userid":"abc@test.com"};
Obtained after encryption pushing certification request ciphertext be:
{"data":"a539f8d217b3c05cb5a5340c7b8c8842bcfcace3180c6da9f595015a087c 1612e39110fc2e75debc3e435e974a2d7907fa50df880b26ce9ecf1ed4988c9b1c5ad3d00d494 2efcd06f83df5624b35769c00f770fd2bb4ada37e0b9c1ac74513ef1e83fc519cb88a66651a87 5e7423ed4ff7aa546c07bc96251683d617ec8cf03f007f3287352646ee92edcfd08dced63cd91 6018ea7596a3b2ccd44f958a6e2245a6dc863230d1940333430703a798eef","mac":" 3531e1c344107efd1bee06dac2c15f9f71467a3f"}。
Step 213:Mobile terminal token corresponding to token serial number lookup of the certificate server in token information;
Specifically, certificate server token serial number according to corresponding to obtaining user name, gets according to token serial number Corresponding network data link, the mobile terminal token according to corresponding to being found network data link.
Step 214:Pushing certification request is pushed to the mobile terminal token by certificate server by network data link;
This step can also be:Pushing certification request ciphertext is pushed to the shifting by certificate server by network data link Dynamic terminal token.
Step 215:Mobile terminal token receive pushing certification request after, from pushing certification request in obtain user name and Apply Names, and obtain token current time;
Also include before this step:It is close using the second default negotiation after mobile terminal token receives pushing certification ciphertext Pushing certification request ciphertext is decrypted key, obtains pushing certification request;
Specifically, pushing certification request ciphertext is decrypted using the second default arranging key, it is specially:Authentication service The default decipherment algorithm of device application, pushing certification request ciphertext is decrypted according to the second default arranging key;Preferably, preset Decipherment algorithm is DES algorithms, in addition can also be RSA Algorithm etc..
Step 216:Mobile terminal token is carried out according to user profile, Apply Names and token current time to preset format Filling, obtains log-on message;
In the present embodiment, preset format is:
Dear XXX (user name)
Your account logs in XXX (Apply Names) in XXX (token current time)
It please ensure it is your operation, otherwise please refuse
Whether
Step 217:Mobile terminal token shows log-on message, and receives selection of the user to log-on message, when user selects When selecting confirmation login, step 219 is performed, when user, which selects to cancel, to be logged in, execution step 218;
For example, the log-on message that mobile terminal token is shown is:
Dear abc@test.com
Your account was 25 days 10 December in 2014:50:35 log in WEBSDK
It please ensure it is your operation, otherwise please refuse
Whether
This step also includes:When not receiving user's selection, time-out response, certificate server are returned to certificate server Time-out response is sent to application server, application server and sends time-out response to application interface, application interface shows super When information, terminate;
Step 218:Mobile device token generates the Authorization result cancelled and logged according to token serial number, performs step 222;
Specifically, the Authorization result logged in is cancelled in generation, specifically include:During mobile terminal token is asked according to pushing certification Certification request ID generation cancel log in Authorization result;
This step can also include:Authorization result is decrypted using the second default arranging key for mobile terminal token, Authorized result ciphertext;
For example, the Authorization result that login is cancelled in the generation of mobile device token is:
{"pushtype":"2","result":"0","token":"1000000003"};
Encrypting obtained Authorization result ciphertext is:
{"data":"bbd573bc30068b8bfa51e96adcb76ca827d417655ada441b2e4374cd2cd 8a0ccda83da9abe1978133065b04022464cdbc300d6cafcaccfa513bb9daaff1d3c3d"," mac":"91d8dc0da255e7fcbbc7e6f435078eb6d275f7f2"};
Step 219:Mobile terminal token obtains challenging value and server time from pushing certification request, according to token sequence Row number obtains token seed key;
In the present embodiment, challenging value is obtained from pushing certification request, can also be:Mobile terminal token is from pushing certification Challenging value ciphertext is obtained in request, and token identifications code is obtained from token, token identification code is carried out to challenging value ciphertext Decryption, obtains challenging value;
Step 220:Mobile terminal token application preset password generating algorithm, to challenging value, server time and token kind Sub-key is calculated, and generates the first response value;
Preferably, in the present embodiment, mobile terminal token generates the first response value of preset length, and preset length is preferably 6 decimal datas;
Specifically, mobile terminal token application preset password generating algorithm, to challenging value, server time, token seed Key and dynamic factor are calculated, and generate the first response value;
For example, the first response value of mobile terminal token generation is 677165.
Step 221:The Authorization result that mobile terminal token allows to log according to the first response value and token information generation, holds Row step 222;
This step can also include:Authorization result is decrypted using the second default arranging key for mobile terminal token, Authorized result ciphertext;
Specifically, the Authorization result for allowing to log according to the first response value and token information generation, is specifically included:According to One response value, token information and certification request ID generations allow the Authorization result logged in;
For example, the Authorization result for allowing to log in of mobile terminal token generation is:
{"result":"1","time":"1419325027","reqtype":"2","otp":"677165"," token":"1000000003","reqid":"02c0e8b4-be19-49f6-aab6-273b38522cea"};
Encrypting obtained Authorization result ciphertext is:
{"data":"4fbd9ef79abbb78b59b7b4364b93db26527dc3a4c0b5dcadd34428de3649 fc0f4e07a7f4282b5b88c21500f1b4c8bed324ec80f3815264787ea90a4723e024fb3a4e6cb09 b7b44f801c9cc64cd50334fc8f037206d706dfc40727d08a3f67d91174db8396b7574fa1fbc09 da25d861d9b945f3c7dc9654455ef0e168eb826f8b8e56a928e274f033079bdfb336848b78"," app_version":"2.6","mac":"ba7ab1a123c930ca73ad5944d4fd0cf8ee4f0667"};
In the present embodiment, if event mode dynamic factor is included described in step 220 in dynamic factor, in step 221 After being finished, mobile terminal token update event type dynamic factor, event mode dynamic factor is preferably added 1, the time type Dynamic factor initial value is 0.
Step 222:Mobile terminal token will deliver to certificate server by network data link on Authorization result;
This step can also include:Mobile terminal token will deliver to certification by network data link in Authorization result ciphertext Server.
Step 223:After certificate server receives Authorization result, Authorization result is judged, if allowing to log in, then perform Step 225, logged in if cancelling, then perform step 224;
In the present embodiment, if it is determined that when the returning result in Authorization result is 1, then to allow to log in, if it is determined that awarding When the returning result weighed in result is 0, then logged in cancel;
It can also include before this step:After certificate server receives Authorization result ciphertext, using the second default negotiation Authorization result ciphertext is decrypted key, authorized result;
Specifically, also include before this step:Certificate server obtains certification request ID from Authorization result, judges certification Ask ID whether correct and effectively, if it is, performing step 223, otherwise deleting the certification preserved in server storage area please ID is sought, and failure response is returned to application server, is terminated;
Wherein, judge whether certification request ID is correct and effective, is specially:Certificate server from obtain server it is current when Between, and the certification request ID and certification request ID of preservation the generation time are obtained from server storage area, judge Authorization result In the certification request ID and certification request ID that is preserved in server storage area it is whether identical, if it is, certification request ID is just Really, otherwise ID is not correct for certification request;Judge server current time and the difference of certification request ID generation time whether pre- If in duration, if it is, certification request ID is effective, otherwise certification request ID is invalid, it is preferred that when certification request ID is incorrect Or when invalid, in addition to:Delete the certification request ID preserved in server storage area and certification request ID the generation time.
Step 224:Certificate server generation does not allow the authentication result logged in, performs step 231;
This step can also include:Authentication result is encrypted using the first default arranging key for certificate server, obtains To authentication result ciphertext.
Step 225:Certificate server obtains token information and the first response value from Authorization result;
For example, the token serial number that certificate server is got from Authorization result is the 1000000003, first response value For 677165.
Step 226:Certificate server obtained according to token information from server storage area corresponding to challenging value and service Device seed key, and obtain the current server time;
For example, the current server time that certificate server obtains is 1419325029.
Step 227:Certificate server application password generated algorithm, to challenging value, server seed key and current service The device time is calculated, and obtains the second response value;
Specifically:Certificate server application password generated algorithm, to challenging value, server seed key, current server Time and dynamic factor are calculated, and obtain the second response value;
For example, the second response value of certificate server generation is 677165.
Step 228:Certificate server judges whether the first response value and the second response value match, if it is, performing step 230, otherwise perform step 229;
Step 229:Certificate server generates the authentication result of authentification failure, performs step 231;
This step can also include:Authentication result is encrypted using the first default arranging key for certificate server, obtains To authentication result ciphertext.
Step 230:Certificate server generates the successful authentication result of certification, performs step 231;
This step can also include:Authentication result is encrypted using the first default arranging key for certificate server, obtains To authentication result ciphertext;
In the present embodiment, if event mode dynamic factor is included described in step 227 in dynamic factor, in step 230 After being finished, server update event mode dynamic factor is demonstrate,proved, event mode dynamic factor is preferably added 1, time type dynamic Factor initial value is 0.
Step 231:Certificate server sends authentication result to application server;
This step can also include:Certificate server sends authentication result ciphertext to certificate server;
This step is specially:Certificate server sends authentication result to authentication proxy, and authentication proxy receives certification knot After fruit, authentication result is sent to application server.
Step 232:After application server receives authentication result, authentication result is sent to application interface;
This step can also include:Application interface sends authentication result ciphertext to application interface.
Step 233:After application interface receives authentication result, authentication result is judged, if not allowing to log in, then perform Step 234, if authentification failure, then step 235 is performed, if certification success, then perform step 236;
This step can also include:After application interface receives authentication result ciphertext, using the first default arranging key pair Authentication result ciphertext is decrypted, and obtains authentication result;
Step 234:Application interface shows the prompt message for not allowing to log in, and terminates using login authentication flow;
Step 235:Application interface shows the prompt message of authentification failure, terminates using login authentication flow;
Step 236:Application interface allows user to access application, and shows using the interface after logining successfully, using login Identifying procedure terminates;
Wherein, after terminating using debarkation authentication flow and logging in successfully, client can be according to the operation of user's input Request performs corresponding operating to complete access of the user to application, is logged in until user exits, it is necessary to illustrate, using logging in Identifying procedure terminate after operation not the present invention limitation in the range of.
In the present embodiment, step 201 also includes:Client opens overtime timer, and detects overtime timer in real time Whether value reaches preset duration, if it is, the prompt message of prompting certification time-out, terminates using login authentication flow.
In the present embodiment, in addition to the transmission means in embodiment, application interface is with application server, application server with recognizing Communication data between card agency, authentication proxy and certificate server, certificate server and mobile terminal token is by both sides What the algorithm and key handling consulted in advance were crossed;Further, the communication data between them can also include length and verification Position, whether the communication data that recipient is received by the length in communication data and check bit judgement is correct, enters if correct Row normal operating flow, notifies sender's error in data if incorrect, and sender resends communication data;Further Ground, the communication data between them can also carry out network encryption or using secret software transmission etc., to ensure application service The security of communication data between device and interactive interface.
Embodiment 3
The embodiment of the present invention 3 provides a kind of method of work of certificate server in system of pushing certification, such as Fig. 5 institutes Show, including:
Step 301:After certificate server receives the certification request from application server, generate challenging value and preserve, And user profile and application identities are obtained from certification request;
The generation challenging value, it is specially:Random number generation function is called, generates random number, using the random number as choosing War value;
The generation challenging value, can also be:User profile in certification request obtains the corresponding server preserved Seed key, server seed key is calculated, generate challenging value.
Step 302:Certificate server token information and network data link according to corresponding to obtaining user profile, and according to Apply Names corresponding to application identities acquisition;
In the present embodiment, token information and the network data link according to corresponding to obtaining the user profile, specifically Including:Token information and network data link according to corresponding to can getting whether user profile are judged, if it is, obtaining Token information and network data link corresponding to obtaining, otherwise return to errored response to application server, terminate.
Step 303:Certificate server generates pushing certification according to challenging value, token information, user profile and Apply Names Request, and pushing certification request is pushed to by mobile terminal token by network data link;
The token information includes token serial number, then pushing certification request is pushed into mobile terminal token, be specially: The mobile terminal token according to corresponding to obtaining token serial number, pushing certification request is pushed into the mobile terminal token.
The token information includes token identifications code, then is given birth to according to challenging value, token information, user profile and Apply Names Ask, specifically include into pushing certification:Challenging value is encrypted token identification code, obtains challenging value ciphertext, according to choosing War value ciphertext, token information, user profile and Apply Names generation pushing certification request.
Step 304:Certificate server receives the Authorization result that mobile terminal token returns, and first is obtained from Authorization result Response value, and the server seed key and challenging value of preservation are obtained, challenging value and server seed key are calculated, obtained To the second response value;
In the present embodiment, challenging value and server seed key are calculated, the second response value is obtained, specifically includes: Server current time is obtained, it is close to server current time, challenging value, server seed using preset password generating algorithm Key and dynamic factor are calculated, and obtain the second response value.
Step 305:Certificate server judges whether the first response value and the second response value match, if it is, to application The successful authentication result of server return authentication, terminate, otherwise to the authentication result of application server return authentication failure, knot Beam;
In the present embodiment, when in step 304, when dynamic factor includes event mode dynamic factor, in this step, when application takes During the successful authentication result of device return authentication of being engaged in, in addition to:Update event type dynamic factor, i.e., add 1 by event mode dynamic factor.
Embodiment 4
The embodiment of the present invention 4 provides a kind of method of work of mobile terminal token in system of pushing certification, such as Fig. 6 institutes Show, including:
Step 401:Mobile terminal token receives the pushing certification request from certificate server;
Step 402:Mobile terminal token obtains user profile and Apply Names from pushing certification request, is believed according to user Breath and Apply Names generation log-on message are simultaneously shown;
The token information includes token identifications code and mobile terminal operating system, then also includes before this step:From pushing away Send and token identifications code and mobile terminal operating system are obtained in certification request, and obtain the token identifications code and mobile terminal of preservation Operating system, judge pushing certification request in token identifications code and mobile terminal operating system and preserve token identifications code and Whether mobile terminal operating system is identical, if it is, performing step 402, otherwise returns to token information not to certificate server Correct response, terminates;
It is described that log-on message is generated according to the user profile and the Apply Names, specifically include:It is current to obtain token Time, preset format is filled according to user profile, Apply Names and token current time, obtains log-on message.
Step 403:Mobile terminal token receives selection of the user to log-on message, selects to confirm to log in when receiving user When, step 404 is performed, is otherwise terminated;
Step 404:Mobile terminal token obtains challenging value from pushing certification request, and the token seed for obtaining preservation is close Key, challenging value and token seed key are calculated, generate the first response value;
The token information includes token identifications code, then obtains challenging value in the request from pushing certification, specifically include: Challenging value ciphertext is obtained from pushing certification request, and obtains the token identifications code of preservation, token identification code is to challenging value Ciphertext is decrypted, and obtains challenging value;
It is described that challenging value and token seed key are calculated, the first response value is generated, is specifically included:From pushing certification Server time is obtained in request, using preset password generating algorithm, to challenging value, server time, token seed key and Dynamic factor is calculated, and generates the first response value.
Step 405:Mobile terminal token obtains token information from pushing certification request, is generated and permitted according to the first response value Perhaps the Authorization result logged in, and sent to certificate server, token operation and terminated by network data link;
When the dynamic factor includes event mode dynamic factor, this step also includes:Update event type dynamic factor, i.e., Event mode dynamic factor is added 1.
Methods described also includes:When mobile terminal token starts, the internal reference address preserved is obtained, according to access Location access registrar server, the network data link established between mobile terminal token and certificate server, passes through network data Link sends token information to certificate server.
The above embodiment of the present invention illustrates by taking Android mobile phone token as an example, in addition,
If mobile terminal operating system is IOS systems in the token information that certificate server is got, authentication service Device sends the pushing certification request of generation to icloud (Apple Inc.'s cloud service), and icloud receives pushing certification request Afterwards, pushing certification request is sent to corresponding iPhone token, after iPhone token is handled pushing certification request, Obtained authorization message is sent directly to certificate server.
If the token information that certificate server is got includes WeChat ID, the pushing certification request of generation is sent extremely Wechat server, after wechat server receives pushing certification request, pushing certification request is sent to handset Wechat token, hand After machine wechat token pushing certification request processing, obtained authorization message is sent to wechat server, wechat server and received To after authorization message, authorization message is sent to certificate server.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto, Any one skilled in the art is in technical scope disclosed by the invention, the change or replacement that can readily occur in, It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (33)

  1. A kind of 1. method of work of pushing certification system, applied to including application interface, application server, certificate server and shifting In the system of dynamic terminal token composition, it is characterised in that methods described includes:
    Step S1:The application interface receives the user profile of user's input, and the user profile is sent to the application and taken Business device;
    Step S2:After the application server receives the user profile, answered according to what the user profile and inside preserved Certification request is generated with mark, the certification request is sent to the certificate server;
    Step S3:After the certificate server receives the certification request, generate challenging value and preserve, from the certification request Middle acquisition user profile and application identities, token information and network data link according to corresponding to obtaining the user profile, and The Apply Names according to corresponding to obtaining the application identities;
    Step S4:The certificate server is according to the challenging value, the token information, the user profile and the application name Claim generation pushing certification request, pushing certification request is pushed to by corresponding mobile terminal by the network data link Token;
    Step S5:After the mobile terminal token receives the pushing certification request, in being asked according to the pushing certification User profile and Apply Names generation log-on message are simultaneously shown, receive selection of the user to the log-on message, when receiving use When family selection confirms to log in, step S6 is performed, is otherwise terminated;
    Step S6:The mobile terminal token obtains challenging value from pushing certification request, to the challenging value and inside The token seed key preserved is calculated, and generates the first response value;
    Step S7:The mobile terminal token generation includes the Authorization result of first response value, passes through the network data Link sends the Authorization result to the certificate server;
    Step S8:After the certificate server receives the Authorization result, the first response value is obtained from the Authorization result, And the server seed key and challenging value of corresponding preservation are obtained, the challenging value and the server seed key are counted Calculate, obtain the second response value;
    Step S9:The certificate server judges whether first response value and second response value match, and is then to institute The successful authentication result of application server return authentication is stated, step S10 is performed, otherwise terminates;
    Step S10:After the application server receives the successful authentication result of the certification, send and recognize to the application interface Demonstrate,prove successful information;
    Step S11:After the application interface receives the authentication success message, it is allowed to which user accesses application, terminates.
  2. 2. according to the method for claim 1, it is characterised in that methods described also includes:When mobile terminal token starts, The reference address preserved according to inside, accesses the certificate server, establishes the mobile terminal token and the authentication service Network data link between device, the token information is sent to certificate server by the network data link;
    After the certificate server receives the token information, the corresponding token information preserved is obtained, if the token received When information differs with the token information preserved, the token information for updating preservation is the token information received.
  3. 3. according to the method for claim 1, it is characterised in that the token information includes token serial number;
    It is described that pushing certification request is pushed into corresponding mobile terminal token in the step S4, be specially:It is described to recognize Server is demonstrate,proved according to the token serial number, mobile terminal token corresponding to lookup, pushing certification request is pushed into institute State mobile terminal token.
  4. 4. according to the method for claim 1, it is characterised in that the token information includes token identifications code;
    It is described to be given birth to according to the challenging value, the token information, the user profile and the Apply Names in the step S4 Ask, specifically include into pushing certification:The challenging value is encrypted using the token identifications code for the certificate server, Challenging value ciphertext is obtained, is generated according to the challenging value ciphertext, the token information, the user profile and the Apply Names Pushing certification is asked;
    In the step S6, challenging value is obtained in the request from the pushing certification, is specifically included:The mobile terminal token Challenging value ciphertext is obtained from pushing certification request, the token identifications code preserved using inside enters to the challenging value ciphertext Row decryption, obtains challenging value.
  5. 5. according to the method for claim 1, it is characterised in that the token information includes token identifications code and mobile terminal Operating system;
    In the step S5, after the mobile terminal token receives the pushing certification request, in addition to:
    The mobile terminal token obtains token identifications code and mobile terminal operating system from pushing certification request, judges Token identifications code and mobile terminal operating system and the internal token identifications code preserved and movement in the pushing certification request Whether terminal operating system is identical, if it is, continuing, otherwise returns to the incorrect sound of token information to the certificate server Should, terminate.
  6. 6. according to the method for claim 1, it is characterised in that
    In the step S5, user profile and Apply Names in the request according to the pushing certification generate log-on message, Specially:The mobile terminal token obtains user profile and Apply Names from pushing certification request, and obtains token Current time, preset format is filled according to the user profile, the token current time and the Apply Names, obtained To log-on message.
  7. 7. according to the method for claim 1, it is characterised in that in the step S4, it is described according to the challenging value, it is described Token information, the user profile and Apply Names generation pushing certification request, are specifically included:The certificate server obtains Take server time, according to the server time, the challenging value, the token information, the user profile and it is described should Asked with title generation pushing certification.
  8. 8. according to the method for claim 7, it is characterised in that described to the challenging value and inside in the step S6 The token seed key preserved is calculated, and is generated the first response value, is specifically included:The mobile terminal token is from described The server time is obtained in pushing certification request, using preset password generating algorithm, to the challenging value, the server Time, the internal token seed key preserved and dynamic factor are calculated, and generate the first response value.
  9. 9. according to the method for claim 1, it is characterised in that described to the challenging value and described in the step S7 Server seed key is calculated, and is obtained the second response value, is specifically included:The certificate server obtain server it is current when Between, using preset password generating algorithm, to the server current time, the challenging value, the server seed key and Dynamic factor is calculated, and obtains the second response value.
  10. 10. according to the method for claim 1, it is characterised in that in the step S3, the generation challenging value, be specially: The certificate server calls random number generation function, random number is generated, using the random number as challenging value.
  11. 11. according to the method for claim 1, it is characterised in that in the step S3, the generation challenging value, be specially: User profile of the certificate server in the certification request obtains the corresponding server seed key preserved, to described Server seed key is calculated, and generates challenging value.
  12. 12. according to the method for claim 1, it is characterised in that
    In the step S1, the user profile is specially username and password.
  13. 13. according to the method for claim 1, it is characterised in that
    It is described to send the certification request to the certificate server in the step S2, specifically include:The application service Device sends the certification request to authentication proxy, please by the certification after the authentication proxy receives the certification request Transmission is asked to the certificate server;
    It is described to the successful authentication result of application server return authentication in the step S9, specifically include:The certification Server sends the successful authentication result of certification to the authentication proxy, and it is successful that the authentication proxy receives the certification After authentication result, the successful authentication result of the certification is sent to the application server.
  14. 14. according to the method for claim 1, it is characterised in that it is described otherwise to terminate in the step S5, specifically include:
    When receiving user's selection cancellation login, the mobile terminal token, which returns to the certificate server, cancels login Authorization result;After the certificate server receives the Authorization result cancelled and logged in, returned to client and cancel what is logged in Authentication result;After the client receives the authentication result cancelled and logged in, display does not allow the prompt message logged in, knot Beam;
    When not receiving user's selection operation in preset time, the mobile terminal token returns super to the certificate server When Authorization result;After the certificate server receives the overtime Authorization result, time-out is returned to the client Authentication result, after the client receives the overtime authentication result, the prompt message of time-out is shown, is terminated.
  15. 15. according to the method for claim 1, it is characterised in that when the step S9 is judged as NO, specifically include:
    Authentication result of the certificate server to application server return authentication failure;
    After the application server receives the authentication result of the authentification failure, authentification failure letter is sent to the application interface Breath;
    After the application interface receives the authentication failure message, the prompt message of authentification failure is shown, is terminated.
  16. 16. according to the method for claim 1, it is characterised in that
    It is described to be given birth to according to the challenging value, the token information, the user profile and the Apply Names in the step S4 Ask, specifically include into pushing certification:The certificate server generates certification request ID, establishes and is associated simultaneously with the user profile Preserve, pushing certification request is generated according to the challenging value, the user profile and the certification request ID;
    In the step S7, Authorization result of the generation comprising first response value and the token information, specifically include: Generation includes the Authorization result of first response value, the token information and the certification request ID;
    Also include before the step S8:The certificate server obtains certification request ID from the Authorization result, and obtains The certification request ID of preservation, judge whether the certification request ID in the Authorization result is identical with the certification request ID of preservation, such as Fruit is then to perform step S8, otherwise deletes the certification request ID of the preservation, terminates.
  17. 17. according to the method for claim 16, it is characterised in that
    The step S4 also includes:The certificate server obtains the current server time, is generated as certification request ID Time simultaneously preserves;
    Also include before the step S8:The certificate server obtains the certification request ID generation times preserved and obtains reception To server time during Authorization result, judge the server time and the difference of certification request ID generation times whether pre- If in the time, if it is, the certification request ID is effective, step S8 is performed, otherwise deletes the certification request ID of the preservation Remove, terminate.
  18. 18. according to the method for claim 1, it is characterised in that
    It is described to generate the Authorization result for including first response value in the step S7, specifically include:The mobile terminal order Authorization result of the board generation comprising the first response value and the token information;
    It is described that the first response value is obtained from the Authorization result in the step S8, and obtain the server kind of corresponding preservation Sub-key and challenging value, it is specially:The certificate server obtains the first response value and the token from the Authorization result Information, the corresponding server seed key and challenging value preserved is obtained according to the token information.
  19. A kind of 19. method of work of certificate server in system of pushing certification, it is characterised in that including:
    Step T1:After the certificate server receives the certification request from application server, generate challenging value and preserve, and User profile and application identities are obtained from the certification request;
    Step T2:The certificate server token information and network data link according to corresponding to obtaining the user profile, and The Apply Names according to corresponding to obtaining the application identities;
    Step T3:The certificate server is according to the challenging value, the token information, the user profile and the application name Claim generation pushing certification request, and pushing certification request is pushed to by mobile terminal by the network data link and made Board;
    Step T4:The certificate server receives the Authorization result that the mobile terminal token returns, from the Authorization result The first response value is obtained, and obtains the server seed key of preservation and the challenging value, to the challenging value and the service Device seed key is calculated, and obtains the second response value;
    Step T5:The certificate server judges whether first response value and second response value match, if it is, To the successful authentication result of application server return authentication, terminate, otherwise fail to the application server return authentication Authentication result, terminate.
  20. 20. according to the method for claim 19, it is characterised in that the token information includes token serial number;
    It is described that pushing certification request is pushed into mobile terminal token, be specially:The certificate server is according to the order Mobile terminal token corresponding to card sequence number acquisition, pushing certification request is pushed into the mobile terminal token.
  21. 21. according to the method for claim 19, it is characterised in that the token information includes token identifications code;
    It is described to be asked according to the challenging value, the token information, the user profile and the Apply Names generation pushing certification Ask, specifically include:The challenging value is encrypted using the token identifications code for the certificate server, and it is close to obtain challenging value Text, generating pushing certification according to the challenging value ciphertext, the token information, the user profile and the Apply Names please Ask.
  22. 22. according to the method for claim 19, it is characterised in that in the step T1, the generation challenging value, specifically For:The certificate server calls random number generation function, random number is generated, using the random number as challenging value.
  23. 23. according to the method for claim 19, it is characterised in that in the step T1, the generation challenging value, specifically For:It is close that user profile of the certificate server in the certification request obtains the corresponding server seed preserved Key, the server seed key is calculated, generate challenging value.
  24. 24. according to the method for claim 19, it is characterised in that described to the challenging value and institute in the step T4 State server seed key to be calculated, obtain the second response value, specifically include:It is current that the certificate server obtains server Time, using preset password generating algorithm, to the server current time, the challenging value, the server seed key Calculated with dynamic factor, obtain the second response value.
  25. 25. according to the method for claim 19, it is characterised in that described according to the user profile in the step T2 Token information corresponding to acquisition and network data link, are specifically included:The certificate server is judged according to the user profile Token information corresponding to whether can getting and network data link, if it is, token information corresponding to acquiring and Network data link, errored response otherwise is returned to the application server, terminated.
  26. A kind of 26. method of work of mobile terminal token in system of pushing certification, it is characterised in that including:
    Step K1:The mobile terminal token receives the pushing certification request from certificate server;
    Step K2:The mobile terminal token obtains user profile and Apply Names from pushing certification request, according to institute State user profile and Apply Names generation log-on message and show;
    Step K3:The mobile terminal token receives selection of the user to log-on message, selects to confirm to log in when receiving user When, step K4 is performed, is otherwise terminated;
    Step K4:The mobile terminal token obtains challenging value from pushing certification request, and obtains the token kind of preservation Sub-key, the challenging value and the token seed key are calculated, generate the first response value;
    Step K5:The Authorization result that the mobile terminal token allows to log according to first response value generation, and pass through net Network data link, which is sent to the certificate server, token operation, to be terminated.
  27. 27. according to the method for claim 26, it is characterised in that described to allow to log according to first response value generation Authorization result, specifically include:The mobile terminal token obtains token information from pushing certification request, according to described First response value and token information generation allow the Authorization result logged in.
  28. 28. according to the method for claim 27, it is characterised in that the token information includes token identifications code;
    In the step K4, challenging value is obtained in the request from the pushing certification, is specifically included:The mobile terminal token Challenging value ciphertext is obtained from pushing certification request, and obtains the token identifications code of preservation, using the token identifications code The challenging value ciphertext is decrypted, obtains challenging value.
  29. 29. according to the method for claim 27, it is characterised in that the token information includes token identifications code and movement eventually Hold operating system;
    Also include before the step K2:The mobile terminal token from the pushing certification request in obtain token identifications code and Mobile terminal operating system, and the token identifications code and mobile terminal operating system of preservation are obtained, judge that the pushing certification please The token identifications code and mobile terminal operating system of token identifications code and mobile terminal operating system and the preservation in asking be It is no identical, if it is, performing step K2, the incorrect response of token information otherwise is returned to the certificate server, is terminated.
  30. 30. according to the method for claim 27, it is characterised in that described according to the user profile in the step K2 Log-on message is generated with the Apply Names, is specifically included:
    The mobile terminal token obtains token current time, according to the user profile, the Apply Names and the token Current time is filled to preset format, obtains log-on message.
  31. 31. according to the method for claim 26, it is characterised in that methods described also includes:
    When the mobile terminal token starts, the internal reference address preserved is obtained, according to accessing the reference address Certificate server, the network data link established between the mobile terminal token and the certificate server, passes through the net Network data link sends token characteristic to the certificate server.
  32. 32. according to the method for claim 26, it is characterised in that described to the challenging value and institute in the step K4 State token seed key to be calculated, generate the first response value, specifically include:The mobile terminal token is from the pushing certification Server time is obtained in request, using preset password generating algorithm, to the challenging value, the server time, the order Board seed key and dynamic factor are calculated, and generate the first response value.
  33. 33. according to the method for claim 32, it is characterised in that when the dynamic factor includes event mode dynamic factor When, the step K5 also includes:The mobile terminal token update event type dynamic factor.
CN201510089797.1A 2015-02-27 2015-02-27 A kind of system of pushing certification and the method for work of equipment Active CN104639562B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201510089797.1A CN104639562B (en) 2015-02-27 2015-02-27 A kind of system of pushing certification and the method for work of equipment
PCT/CN2016/074468 WO2016134657A1 (en) 2015-02-27 2016-02-24 Operating method for push authentication system and device
US15/552,517 US10887103B2 (en) 2015-02-27 2016-02-24 Operating method for push authentication system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510089797.1A CN104639562B (en) 2015-02-27 2015-02-27 A kind of system of pushing certification and the method for work of equipment

Publications (2)

Publication Number Publication Date
CN104639562A CN104639562A (en) 2015-05-20
CN104639562B true CN104639562B (en) 2018-03-13

Family

ID=53217875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510089797.1A Active CN104639562B (en) 2015-02-27 2015-02-27 A kind of system of pushing certification and the method for work of equipment

Country Status (1)

Country Link
CN (1) CN104639562B (en)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016134657A1 (en) * 2015-02-27 2016-09-01 飞天诚信科技股份有限公司 Operating method for push authentication system and device
CN105141628B (en) * 2015-09-18 2018-06-29 飞天诚信科技股份有限公司 A kind of method and device for realizing push
CN104917766B (en) * 2015-06-10 2018-01-05 飞天诚信科技股份有限公司 A kind of two-dimension code safe authentication method
CN105162785B (en) 2015-09-07 2019-01-04 飞天诚信科技股份有限公司 A kind of method and apparatus registered based on authenticating device
CN105187450B (en) 2015-10-08 2019-05-10 飞天诚信科技股份有限公司 A kind of method and apparatus authenticated based on authenticating device
JP6682254B2 (en) * 2015-12-08 2020-04-15 キヤノン株式会社 Authentication cooperation system, authentication cooperation method, authorization server and program
JP6677496B2 (en) * 2015-12-08 2020-04-08 キヤノン株式会社 Authentication federation system and authentication federation method, authorization server, application server and program
CN105553674B (en) * 2016-01-11 2019-06-18 飞天诚信科技股份有限公司 A kind of interactive system, intelligent cipher key equipment, server and working method
CN107124390B (en) * 2016-02-25 2021-05-04 阿里巴巴集团控股有限公司 Security defense and implementation method, device and system of computing equipment
KR102035312B1 (en) * 2016-04-25 2019-11-08 (주)이스톰 User centric authentication mehtod and system
WO2018010146A1 (en) 2016-07-14 2018-01-18 华为技术有限公司 Response method, apparatus and system in virtual network computing authentication, and proxy server
CN107645473B (en) * 2016-07-20 2020-09-22 平安科技(深圳)有限公司 Method and device for protecting data security
CN106921663B (en) * 2017-03-03 2020-04-10 浙江智贝信息科技有限公司 Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN107222460B (en) * 2017-05-03 2019-10-08 飞天诚信科技股份有限公司 A kind of method and device that server data memory space is shared
CN109756452A (en) * 2017-11-03 2019-05-14 中国移动通信有限公司研究院 A kind of safety certifying method, device and computer readable storage medium
CN109842594B (en) * 2017-11-28 2021-08-10 中国移动通信集团浙江有限公司 Telephone number verification method, capability open platform and verification platform
CN108234451A (en) * 2017-12-11 2018-06-29 厦门亿力吉奥信息科技有限公司 Electric power intranet and extranet request forwarding Proxy Method and computer readable storage medium
CN108123957B (en) * 2017-12-29 2020-10-13 飞天诚信科技股份有限公司 Multi-mode authentication method and device for logging in virtual private network server
WO2019226115A1 (en) * 2018-05-23 2019-11-28 Sixscape Communications Pte Ltd Method and apparatus for user authentication
CN109005159B (en) * 2018-07-03 2021-02-19 中国联合网络通信集团有限公司 Data processing method for terminal access system server and authentication server
CN109377679A (en) * 2018-09-03 2019-02-22 深圳壹账通智能科技有限公司 Withdrawal method and terminal device
CN110430202B (en) * 2019-08-09 2022-09-16 百度在线网络技术(北京)有限公司 Authentication method and device
CN114553814B (en) * 2020-10-27 2024-02-09 花瓣云科技有限公司 Method and device for processing push message
CN113781200A (en) * 2021-08-12 2021-12-10 南京星云数字技术有限公司 Automatic credit investigation authorization method, system and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674304A (en) * 2009-10-15 2010-03-17 浙江师范大学 Network identity authentication system and method
CN102281142A (en) * 2011-08-01 2011-12-14 句容市盛世软件有限公司 User identity identification system
CN103902880A (en) * 2014-03-31 2014-07-02 上海动联信息技术股份有限公司 Windows system two-factor authentication method based on challenge responding type dynamic passwords
CN104348612A (en) * 2013-07-23 2015-02-11 腾讯科技(深圳)有限公司 Third-party website login method based on mobile terminal and mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674304A (en) * 2009-10-15 2010-03-17 浙江师范大学 Network identity authentication system and method
CN102281142A (en) * 2011-08-01 2011-12-14 句容市盛世软件有限公司 User identity identification system
CN104348612A (en) * 2013-07-23 2015-02-11 腾讯科技(深圳)有限公司 Third-party website login method based on mobile terminal and mobile terminal
CN103902880A (en) * 2014-03-31 2014-07-02 上海动联信息技术股份有限公司 Windows system two-factor authentication method based on challenge responding type dynamic passwords

Also Published As

Publication number Publication date
CN104639562A (en) 2015-05-20

Similar Documents

Publication Publication Date Title
CN104639562B (en) A kind of system of pushing certification and the method for work of equipment
CN104539701B (en) A kind of equipment of activation line mobile terminal token and the method for work of system
CN104660416B (en) A kind of working method of voice authentication system and equipment
CN107733852B (en) A kind of auth method and device, electronic equipment
CN105024819B (en) A kind of multiple-factor authentication method and system based on mobile terminal
US10887103B2 (en) Operating method for push authentication system and device
CN104486343B (en) A kind of method and system of double factor two-way authentication
CN107040513B (en) Trusted access authentication processing method, user terminal and server
CN105516195B (en) A kind of security certification system and its authentication method based on application platform login
CN107222460B (en) A kind of method and device that server data memory space is shared
CN103974248B (en) Terminal security guard method in ability open system, apparatus and system
CN103875211B (en) A kind of internet account number management method, manager, server and system
US20120131331A1 (en) System And Method For End To End Encryption
CN107612889B (en) Method for preventing user information leakage
JP2009537893A (en) Wireless transaction authentication method
CN104506321B (en) A kind of method of seed data in renewal dynamic token
CN105681030B (en) key management system, method and device
CN101873331A (en) Safety authentication method and system
Hallsteinsen et al. Using the mobile phone as a security token for unified authentication
CN108111497A (en) Video camera and server inter-authentication method and device
CN105142139B (en) The acquisition methods and device of verification information
CN113065115A (en) Authentication method for realizing security of small program login and without network isolation based on oauth2.0
CN106453321A (en) Authentication server, system and method, and to-be-authenticated terminal
CN104463584B (en) The method for realizing mobile terminal App secure payments
CN114584386B (en) Global multistage encryption network communication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant