CN104639562B - A kind of system of pushing certification and the method for work of equipment - Google Patents
A kind of system of pushing certification and the method for work of equipment Download PDFInfo
- Publication number
- CN104639562B CN104639562B CN201510089797.1A CN201510089797A CN104639562B CN 104639562 B CN104639562 B CN 104639562B CN 201510089797 A CN201510089797 A CN 201510089797A CN 104639562 B CN104639562 B CN 104639562B
- Authority
- CN
- China
- Prior art keywords
- token
- server
- mobile terminal
- certificate server
- certification request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 230000004044 response Effects 0.000 claims abstract description 85
- 230000005540 biological transmission Effects 0.000 claims abstract description 6
- 238000013475 authorization Methods 0.000 claims description 62
- 238000004321 preservation Methods 0.000 claims description 22
- 235000013399 edible fruits Nutrition 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention discloses a kind of system of pushing certification and the method for work of equipment, belongs to information security field, methods described includes:Application interface receives user profile and sent to application server, application server sends user profile and application identities to certificate server, certificate server is according to the challenging value of generation, token information, Apply Names generation pushing certification request Concurrency delivers to mobile terminal token corresponding to user profile and application identities, mobile terminal token asks generation log-on message according to pushing certification, when user selects to confirm to log in, first response value is generated according to challenging value and sent to certificate server, certificate server generates the second response value according to challenging value, when the first response value and identical the second response value, to application server return authentication successful result.Using technical scheme, the data transmission bauds of conventional authentication is improved, the input of password is participated in without user, man-in-the-middle attack is prevented, improves the security of certification.
Description
Technical field
The present invention relates to information security field, more particularly to the method for work of a kind of system of pushing certification and equipment.
Background technology
Mobile device token, full name dynamic password mobile device (including mobile phone, pad etc.) token, it is for generating dynamic
The mobile device client software of password, mobile device token are to produce dynamic password by the program run on the mobile apparatus,
Dynamic password carries out authentication with mobile device binding, and the generating process of password does not produce communication and expense, had using letter
It is single, safe, inexpensive, extras need not be carried, easily obtained, without advantages such as logistics, when mobile device token is 3G
For the development trend of dynamic password ID authentication.
Push, the communication connection mode before being a kind of advanced server and client computer, by server data in a steady stream not
Push client computer to disconnectedly, so that the interactive performance between client-server improves significantly, realize that user's is multi-level
Demand so that user oneself can set required info-channel, and the realization side of customized information is directly received in user terminal
Formula.
Prior art is to be sent to server by user's triggering generation password to be verified in verification process, password
Easily leakage, security is relatively low, and certification need user intervention thus influence certification speed and security it is low.
The content of the invention
To solve the problems, such as to provide in the prior art, the invention provides the work of a kind of system of pushing certification and equipment
Method.
The technical solution adopted by the present invention is:A kind of method of work of pushing certification system, applied to including application interface,
In the system of application server, certificate server and mobile terminal token composition, methods described includes:
Step S1:The application interface receives the user profile of user's input, and the user profile is sent to described and answered
Use server;
Step S2:After the application server receives the user profile, according to the user profile and internal preservation
Application identities generation certification request, the certification request is sent to the certificate server;
Step S3:After the certificate server receives the certification request, generate challenging value and preserve, from the certification
User profile and application identities are obtained in request, token information and network data chain according to corresponding to obtaining the user profile
Road, and the Apply Names according to corresponding to obtaining the application identities;
Step S4:The certificate server according to the challenging value, the token information, the user profile and it is described should
Asked with title generation pushing certification, pushing certification request is pushed to by corresponding movement by the network data link
Terminal token;
Step S5:After the mobile terminal token receives the pushing certification request, asked according to the pushing certification
In user profile and Apply Names generation log-on message and show, receive selection of the user to the log-on message, work as reception
When selecting to confirm to log in user, step S6 is performed, is otherwise terminated;
Step S6:The mobile terminal token obtains challenging value from pushing certification request, to the challenging value and
The token seed key that inside preserves is calculated, and generates the first response value;
Step S7:The mobile terminal token generation includes the Authorization result of first response value, passes through the network
Data link sends the Authorization result to the certificate server;
Step S8:After the certificate server receives the Authorization result, obtaining first from the Authorization result should
Value is answered, and obtains the server seed key and challenging value of corresponding preservation, to the challenging value and the server seed key
Calculated, obtain the second response value;
Step S9:The certificate server judges whether first response value and second response value match, and is then
To the successful authentication result of application server return authentication, step S10 is performed, is otherwise terminated;
Step S10:After the application server receives the successful authentication result of the certification, sent out to the application interface
Send authentication success message;
Step S11:After the application interface receives the authentication success message, it is allowed to which user accesses application, terminates.
The method of work of certificate server in a kind of system of pushing certification, including:
Step T1:After the certificate server receives the certification request from application server, generate challenging value and protect
Deposit, and user profile and application identities are obtained from the certification request;
Step T2:The certificate server token information and network data chain according to corresponding to obtaining the user profile
Road, and the Apply Names according to corresponding to obtaining the application identities;
Step T3:The certificate server according to the challenging value, the token information, the user profile and it is described should
Asked with title generation pushing certification, and pushing certification request is pushed to by mobile terminal by the network data link
Token;
Step T4:The certificate server receives the Authorization result that the mobile terminal token returns, and knot is authorized from described
The first response value is obtained in fruit, and obtains the server seed key of preservation and the challenging value, to the challenging value and described
Server seed key is calculated, and obtains the second response value;
Step T5:The certificate server judges whether first response value and second response value match, if
It is, then to the successful authentication result of application server return authentication, to terminate, otherwise to the application server return authentication
The authentication result of failure, terminate.
The method of work of mobile terminal token in a kind of system of pushing certification, including:
Step K1:The mobile terminal token receives the pushing certification request from certificate server;
Step K2:The mobile terminal token obtains user profile and Apply Names, root from pushing certification request
According to the user profile and Apply Names generation log-on message and show;
Step K3:The mobile terminal token receives selection of the user to log-on message, selects to confirm when receiving user
During login, step K4 is performed, is otherwise terminated;
Step K4:The mobile terminal token obtains challenging value from pushing certification request, and obtains the order of preservation
Board seed key, the challenging value and the token seed key are calculated, generate the first response value;
Step K5:The mobile terminal token obtains token information from pushing certification request, according to described first
Response value and token information generation allow the Authorization result logged in, and are sent to the certification and taken by network data link
Business device, token operation terminate.
The beneficial effect that the present invention obtains is:Using technical scheme, realized by the way of push client,
Password authentication between server and mobile device token, the data transmission bauds of conventional authentication is improved, and joined without user
Input and use challenge response mode with password, prevent man-in-the-middle attack, improve the security in verification process.
Brief description of the drawings
, below will be to embodiment or existing for the clearer explanation embodiment of the present invention or technical scheme of the prior art
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of flow chart of work methods for pushing certification system that the embodiment of the present invention 1 provides;
Fig. 2, Fig. 3 and Fig. 4 are a kind of flow chart of work methods for pushing certification system that the embodiment of the present invention 2 provides;
Fig. 5 is the flow chart of work methods of certificate server in a kind of pushing certification system that the embodiment of the present invention 3 provides;
Fig. 6 is the method for work flow of mobile terminal token in a kind of pushing certification system that the embodiment of the present invention 4 provides
Figure.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
In the present invention, pushing certification system includes application interface, application server, certificate server and mobile terminal order
Board, pushing certification equipment include certificate server and mobile terminal token.
In the present invention, during certificate server is to mobile terminal token activation, network data chain between the two is established
Road, and the corresponding relation of user profile and network data link is preserved in certificate server, work as mobile terminal every time afterwards
When token starts, the internal reference address preserved is obtained, according to reference address access registrar server, starts against movement eventually
Hold the network data link (being preferably the network data link of Transmission Control Protocol) between token and certificate server, mobile terminal order
Board is sent token information to certificate server by the network data link, after certificate server receives token information, is obtained
The corresponding token information preserved in server storage area is taken, if the token information received differs with the token information preserved,
The token information for then updating preservation is the token information received;
Wherein, token information includes:Token serial number, token identifications code, mobile terminal operating system;
For example, the reference address preserved inside mobile terminal token is api-dfserv.cloudentify.com:1843;
Mobile terminal token is sent to the token information of certificate server:
{"tokens":["1000000006","1000000003"],"os":"1",udid":"
57987117827971672588""reqtype":"1"}。
Embodiment 1
The embodiment of the present invention 1 provides a kind of method of work of pushing certification system, applied to including application interface, application
In the system of server, certificate server and mobile device token composition, as shown in figure 1, including:
Step 101:Application interface receives the user profile of user's input;
Wherein, user profile can be user name, or username and password, the present embodiment is using user profile as use
Illustrate exemplified by name in an account book.
Step 102:Application interface sends user profile to application server;
Step 103:After application server receives user profile, given birth to according to user profile and the internal application identities preserved
Into certification request;
Step 104:Application server sends certification request to certificate server;
Step 105:After certificate server receives certification request, generate challenging value and preserve, obtained from certification request
User profile and application identities, token information and network data link according to corresponding to obtaining user profile, and marked according to application
Know Apply Names corresponding to obtaining;
Step 106:Certificate server generates pushing certification according to challenging value, token information, user profile and Apply Names
Request;
Step 107:Pushing certification request is pushed to corresponding mobile terminal by certificate server by network data link
Token;
Step 108:After mobile terminal token receives pushing certification request, the user profile in being asked according to pushing certification
Log-on message is generated with Apply Names and is shown, receives selection of the user to the log-on message, and when receiving, user's selection is true
When recognizing login, step 109 is performed, is otherwise terminated;
Step 109:Mobile terminal token obtains challenging value from pushing certification request, to challenging value and the internal institute preserved
State token seed key to be calculated, generate the first response value;
Step 110:Mobile terminal token generates the Authorization result for including the first response value;
Step 111:Mobile terminal token is sent Authorization result to certificate server by network data link;
Step 112:After certificate server receives Authorization result, the first response value is obtained from Authorization result, and obtain
The corresponding server seed key and challenging value preserved, is calculated challenging value and server seed key, and obtaining second should
Answer value;
Step 113:Certificate server judges whether the first response value and the second response value match, and is then to perform step 114,
Otherwise terminate;
Step 114:Certificate server is to the successful authentication result of application server return authentication;
Step 115:After application server receives the successful authentication result of certification, send certification to application interface and successfully believe
Breath;
Step 116:After application interface receives authentication success message, it is allowed to which user accesses application, terminates.
Embodiment 2
The embodiment of the present invention 2 provides a kind of method of work of pushing certification system, applied to including application interface, using clothes
It is engaged in the system of device, certificate server and mobile terminal token composition, as shown in Figure 2, Figure 3 and Figure 4, including:
Step 201:Application interface receives the user profile of user's input, including username and password;
Wherein, user profile can be user name, or username and password, the present embodiment is using user profile as use
Illustrate exemplified by name in an account book and password;
For example, user profile includes:User name:abc@test.com, password:168408afag.
Step 202:Application interface sends username and password to application server.
Step 203:Whether the username and password that application server judgement receives is correct, if it is, performing step
206, otherwise perform step 204;
Specifically include, application server judge from application server for storage area whether the user that can be obtained and receive
User profile corresponding to name, if it is possible to get, then judge whether password in user profile and the password received are identical,
If it is, username and password is correct, otherwise username and password is incorrect, step 204 is performed, if can not obtain
Arrive, then return to username bad response to application interface.
Step 204:Application server returns to the incorrect response of user profile to application interface.
Step 205:After application interface receives the incorrect response of user profile, the incorrect prompting letter of output user profile
Breath, terminate;
In the present embodiment, also include before step 205:Initialization checking number;In this step, when receiving user profile
During incorrect response, in addition to:Renewal checking number, judges whether the checking number after renewal reaches preset times, if it is,
Then report an error, terminate, otherwise return to step 201;Wherein, the initial value for verifying number is 0, and renewal checking number preferably will checking time
For number from adding 1, preset times are preferably 3 times;
Further, in the present embodiment, after the application interface output incorrect prompt message of user profile, can also wrap
Include output prompting and re-enter user profile, wait the user profile of user's input to be received, return to step 201.
Step 206:Application server generates certification request according to user name and the internal application identities preserved;
This step can also include:Application server first presets arranging key and certification request is encrypted, and obtains
To certification request ciphertext;
Wherein, certification request is encrypted using the first default arranging key, is specially:Client application predetermined encryption
Algorithm, certification request is encrypted according to the first default arranging key;Preferably, predetermined encryption algorithm is DES algorithms, except this
Outside can also be RSA Algorithm etc.;
For example, application interface is WEBSDK login interfaces, corresponding application identities are yiwnzh-ajg.
Step 207:Application server sends certification request to certificate server;
This step is specially:Application server sends certification request to authentication proxy, and authentication proxy receives certification please
After asking, certification request is forwarded to certificate server;
Can also be:Application server sends certification request ciphertext to authentication proxy, and authentication proxy receives certification please
After seeking ciphertext, certification request ciphertext is forwarded to certificate server.
Step 208:After certificate server receives certification request, user name and application identities in certification request are obtained;
This step can also be:After certificate server receives certification request ciphertext, according to the first default arranging key pair
Certification request ciphertext is decrypted, and obtains certification request, obtains user name and application identities in certification request;
Wherein, certification request ciphertext is decrypted according to the first default arranging key, is specially:Certificate server application
Default decipherment algorithm, certification request ciphertext is decrypted according to the first default arranging key;Preferably, default decipherment algorithm is
DES algorithms, in addition can also be RSA Algorithm etc..
Step 209:Certificate server obtained according to user name from server storage area corresponding to token information and network
Data link;
In the present embodiment, after certificate server obtains user name from certification request, in addition to:Judge to deposit from server
User record corresponding with user name whether can be found in storage area, if it is, continuing, otherwise returns and uses to application server
The unregistered information in family;
In the present embodiment, the user record preserved in server storage area includes:User name, server seed key, answer
With title and token information, wherein, token information includes token identifications code, token serial number, mobile terminal operating system.
Step 210:Certificate server is according to application identities, the Apply Names corresponding to acquisition from server storage area;
This step also includes:Judge application name corresponding with application identities whether can be found from server storage area
Claim, if it is, continuing, otherwise returned to application server and apply unregistered information;
Step 211:Certificate server generates the challenging value of preset length, is established with user profile and associates and preserve to service
In device memory block;
Preferably, preset length is 6 decimal datas;
In the present embodiment, generation challenging value can be call random number generation function generate random number, using random number as
Challenging value, or:Server seed key corresponding to being obtained according to user name from server storage area, to server kind
Sub-key is calculated, and generates challenging value;
Wherein, server seed key is calculated, generates challenging value, be specially:Using preset algorithm to server
Seed key is calculated, the metric challenging value that generation length is 6, it is preferred that preset algorithm is SM3 algorithms, may be used also
Think OATH algorithms etc.;
For example, the challenging value of generation is 308962;
In the present embodiment, step 209, step 210 and step 211 can perform simultaneously without sequencing.
Step 212:Certificate server obtains server time, according to challenging value, token information, user profile and application name
Claim generation pushing certification request;
This step can also include:Certificate server adds using the second default arranging key to pushing certification request
It is close, obtain pushing certification request ciphertext;
In this step, can also be:Certificate server obtains token identifications code, token mark from server storage area
Know code challenging value is encrypted, challenging value ciphertext is obtained, according to challenging value ciphertext, token information, user profile and application name
Claim generation pushing certification request;
Wherein, pushing certification request is encrypted using the second default arranging key, is specially:Calculated using predetermined encryption
Method, pushing certification request is encrypted according to the second default arranging key;Preferably, predetermined encryption algorithm is DES algorithms, is removed
It can also be RSA Algorithm etc. outside this;
Also include before this step:Certificate server call random number generation function, generate the first random number, by first with
Machine number is established with user profile as certification request ID and associates and preserve into server storage area;
Further, in addition to:Certificate server obtains the current server time, using the current server time as certification
The request ID generation time is preserved into server storage area;
For example, the certification request ID of certificate server generation is:
02c0e8b4-be19-49f6-aab6-273b38522cea;
The certification request ID generation time is 1419325026;
Then, it is described that pushing certification request is generated according to challenging value, token information, user profile and Apply Names, be specially:
Pushing certification request is generated according to challenging value, token information, user profile, Apply Names and certification request ID;
For example, the pushing certification request of generation is:
{"appname":"WEBSDK","challenge":"308962","pushtype":"1","reqid":"
02c0e8b4-be19-49f6-aab6-273b38522cea","time":"1419325027","token":"
1000000003","userid":"abc@test.com"};
Obtained after encryption pushing certification request ciphertext be:
{"data":"a539f8d217b3c05cb5a5340c7b8c8842bcfcace3180c6da9f595015a087c
1612e39110fc2e75debc3e435e974a2d7907fa50df880b26ce9ecf1ed4988c9b1c5ad3d00d494
2efcd06f83df5624b35769c00f770fd2bb4ada37e0b9c1ac74513ef1e83fc519cb88a66651a87
5e7423ed4ff7aa546c07bc96251683d617ec8cf03f007f3287352646ee92edcfd08dced63cd91
6018ea7596a3b2ccd44f958a6e2245a6dc863230d1940333430703a798eef","mac":"
3531e1c344107efd1bee06dac2c15f9f71467a3f"}。
Step 213:Mobile terminal token corresponding to token serial number lookup of the certificate server in token information;
Specifically, certificate server token serial number according to corresponding to obtaining user name, gets according to token serial number
Corresponding network data link, the mobile terminal token according to corresponding to being found network data link.
Step 214:Pushing certification request is pushed to the mobile terminal token by certificate server by network data link;
This step can also be:Pushing certification request ciphertext is pushed to the shifting by certificate server by network data link
Dynamic terminal token.
Step 215:Mobile terminal token receive pushing certification request after, from pushing certification request in obtain user name and
Apply Names, and obtain token current time;
Also include before this step:It is close using the second default negotiation after mobile terminal token receives pushing certification ciphertext
Pushing certification request ciphertext is decrypted key, obtains pushing certification request;
Specifically, pushing certification request ciphertext is decrypted using the second default arranging key, it is specially:Authentication service
The default decipherment algorithm of device application, pushing certification request ciphertext is decrypted according to the second default arranging key;Preferably, preset
Decipherment algorithm is DES algorithms, in addition can also be RSA Algorithm etc..
Step 216:Mobile terminal token is carried out according to user profile, Apply Names and token current time to preset format
Filling, obtains log-on message;
In the present embodiment, preset format is:
Dear XXX (user name)
Your account logs in XXX (Apply Names) in XXX (token current time)
It please ensure it is your operation, otherwise please refuse
Whether
Step 217:Mobile terminal token shows log-on message, and receives selection of the user to log-on message, when user selects
When selecting confirmation login, step 219 is performed, when user, which selects to cancel, to be logged in, execution step 218;
For example, the log-on message that mobile terminal token is shown is:
Dear abc@test.com
Your account was 25 days 10 December in 2014:50:35 log in WEBSDK
It please ensure it is your operation, otherwise please refuse
Whether
This step also includes:When not receiving user's selection, time-out response, certificate server are returned to certificate server
Time-out response is sent to application server, application server and sends time-out response to application interface, application interface shows super
When information, terminate;
Step 218:Mobile device token generates the Authorization result cancelled and logged according to token serial number, performs step 222;
Specifically, the Authorization result logged in is cancelled in generation, specifically include:During mobile terminal token is asked according to pushing certification
Certification request ID generation cancel log in Authorization result;
This step can also include:Authorization result is decrypted using the second default arranging key for mobile terminal token,
Authorized result ciphertext;
For example, the Authorization result that login is cancelled in the generation of mobile device token is:
{"pushtype":"2","result":"0","token":"1000000003"};
Encrypting obtained Authorization result ciphertext is:
{"data":"bbd573bc30068b8bfa51e96adcb76ca827d417655ada441b2e4374cd2cd
8a0ccda83da9abe1978133065b04022464cdbc300d6cafcaccfa513bb9daaff1d3c3d","
mac":"91d8dc0da255e7fcbbc7e6f435078eb6d275f7f2"};
Step 219:Mobile terminal token obtains challenging value and server time from pushing certification request, according to token sequence
Row number obtains token seed key;
In the present embodiment, challenging value is obtained from pushing certification request, can also be:Mobile terminal token is from pushing certification
Challenging value ciphertext is obtained in request, and token identifications code is obtained from token, token identification code is carried out to challenging value ciphertext
Decryption, obtains challenging value;
Step 220:Mobile terminal token application preset password generating algorithm, to challenging value, server time and token kind
Sub-key is calculated, and generates the first response value;
Preferably, in the present embodiment, mobile terminal token generates the first response value of preset length, and preset length is preferably
6 decimal datas;
Specifically, mobile terminal token application preset password generating algorithm, to challenging value, server time, token seed
Key and dynamic factor are calculated, and generate the first response value;
For example, the first response value of mobile terminal token generation is 677165.
Step 221:The Authorization result that mobile terminal token allows to log according to the first response value and token information generation, holds
Row step 222;
This step can also include:Authorization result is decrypted using the second default arranging key for mobile terminal token,
Authorized result ciphertext;
Specifically, the Authorization result for allowing to log according to the first response value and token information generation, is specifically included:According to
One response value, token information and certification request ID generations allow the Authorization result logged in;
For example, the Authorization result for allowing to log in of mobile terminal token generation is:
{"result":"1","time":"1419325027","reqtype":"2","otp":"677165","
token":"1000000003","reqid":"02c0e8b4-be19-49f6-aab6-273b38522cea"};
Encrypting obtained Authorization result ciphertext is:
{"data":"4fbd9ef79abbb78b59b7b4364b93db26527dc3a4c0b5dcadd34428de3649
fc0f4e07a7f4282b5b88c21500f1b4c8bed324ec80f3815264787ea90a4723e024fb3a4e6cb09
b7b44f801c9cc64cd50334fc8f037206d706dfc40727d08a3f67d91174db8396b7574fa1fbc09
da25d861d9b945f3c7dc9654455ef0e168eb826f8b8e56a928e274f033079bdfb336848b78","
app_version":"2.6","mac":"ba7ab1a123c930ca73ad5944d4fd0cf8ee4f0667"};
In the present embodiment, if event mode dynamic factor is included described in step 220 in dynamic factor, in step 221
After being finished, mobile terminal token update event type dynamic factor, event mode dynamic factor is preferably added 1, the time type
Dynamic factor initial value is 0.
Step 222:Mobile terminal token will deliver to certificate server by network data link on Authorization result;
This step can also include:Mobile terminal token will deliver to certification by network data link in Authorization result ciphertext
Server.
Step 223:After certificate server receives Authorization result, Authorization result is judged, if allowing to log in, then perform
Step 225, logged in if cancelling, then perform step 224;
In the present embodiment, if it is determined that when the returning result in Authorization result is 1, then to allow to log in, if it is determined that awarding
When the returning result weighed in result is 0, then logged in cancel;
It can also include before this step:After certificate server receives Authorization result ciphertext, using the second default negotiation
Authorization result ciphertext is decrypted key, authorized result;
Specifically, also include before this step:Certificate server obtains certification request ID from Authorization result, judges certification
Ask ID whether correct and effectively, if it is, performing step 223, otherwise deleting the certification preserved in server storage area please
ID is sought, and failure response is returned to application server, is terminated;
Wherein, judge whether certification request ID is correct and effective, is specially:Certificate server from obtain server it is current when
Between, and the certification request ID and certification request ID of preservation the generation time are obtained from server storage area, judge Authorization result
In the certification request ID and certification request ID that is preserved in server storage area it is whether identical, if it is, certification request ID is just
Really, otherwise ID is not correct for certification request;Judge server current time and the difference of certification request ID generation time whether pre-
If in duration, if it is, certification request ID is effective, otherwise certification request ID is invalid, it is preferred that when certification request ID is incorrect
Or when invalid, in addition to:Delete the certification request ID preserved in server storage area and certification request ID the generation time.
Step 224:Certificate server generation does not allow the authentication result logged in, performs step 231;
This step can also include:Authentication result is encrypted using the first default arranging key for certificate server, obtains
To authentication result ciphertext.
Step 225:Certificate server obtains token information and the first response value from Authorization result;
For example, the token serial number that certificate server is got from Authorization result is the 1000000003, first response value
For 677165.
Step 226:Certificate server obtained according to token information from server storage area corresponding to challenging value and service
Device seed key, and obtain the current server time;
For example, the current server time that certificate server obtains is 1419325029.
Step 227:Certificate server application password generated algorithm, to challenging value, server seed key and current service
The device time is calculated, and obtains the second response value;
Specifically:Certificate server application password generated algorithm, to challenging value, server seed key, current server
Time and dynamic factor are calculated, and obtain the second response value;
For example, the second response value of certificate server generation is 677165.
Step 228:Certificate server judges whether the first response value and the second response value match, if it is, performing step
230, otherwise perform step 229;
Step 229:Certificate server generates the authentication result of authentification failure, performs step 231;
This step can also include:Authentication result is encrypted using the first default arranging key for certificate server, obtains
To authentication result ciphertext.
Step 230:Certificate server generates the successful authentication result of certification, performs step 231;
This step can also include:Authentication result is encrypted using the first default arranging key for certificate server, obtains
To authentication result ciphertext;
In the present embodiment, if event mode dynamic factor is included described in step 227 in dynamic factor, in step 230
After being finished, server update event mode dynamic factor is demonstrate,proved, event mode dynamic factor is preferably added 1, time type dynamic
Factor initial value is 0.
Step 231:Certificate server sends authentication result to application server;
This step can also include:Certificate server sends authentication result ciphertext to certificate server;
This step is specially:Certificate server sends authentication result to authentication proxy, and authentication proxy receives certification knot
After fruit, authentication result is sent to application server.
Step 232:After application server receives authentication result, authentication result is sent to application interface;
This step can also include:Application interface sends authentication result ciphertext to application interface.
Step 233:After application interface receives authentication result, authentication result is judged, if not allowing to log in, then perform
Step 234, if authentification failure, then step 235 is performed, if certification success, then perform step 236;
This step can also include:After application interface receives authentication result ciphertext, using the first default arranging key pair
Authentication result ciphertext is decrypted, and obtains authentication result;
Step 234:Application interface shows the prompt message for not allowing to log in, and terminates using login authentication flow;
Step 235:Application interface shows the prompt message of authentification failure, terminates using login authentication flow;
Step 236:Application interface allows user to access application, and shows using the interface after logining successfully, using login
Identifying procedure terminates;
Wherein, after terminating using debarkation authentication flow and logging in successfully, client can be according to the operation of user's input
Request performs corresponding operating to complete access of the user to application, is logged in until user exits, it is necessary to illustrate, using logging in
Identifying procedure terminate after operation not the present invention limitation in the range of.
In the present embodiment, step 201 also includes:Client opens overtime timer, and detects overtime timer in real time
Whether value reaches preset duration, if it is, the prompt message of prompting certification time-out, terminates using login authentication flow.
In the present embodiment, in addition to the transmission means in embodiment, application interface is with application server, application server with recognizing
Communication data between card agency, authentication proxy and certificate server, certificate server and mobile terminal token is by both sides
What the algorithm and key handling consulted in advance were crossed;Further, the communication data between them can also include length and verification
Position, whether the communication data that recipient is received by the length in communication data and check bit judgement is correct, enters if correct
Row normal operating flow, notifies sender's error in data if incorrect, and sender resends communication data;Further
Ground, the communication data between them can also carry out network encryption or using secret software transmission etc., to ensure application service
The security of communication data between device and interactive interface.
Embodiment 3
The embodiment of the present invention 3 provides a kind of method of work of certificate server in system of pushing certification, such as Fig. 5 institutes
Show, including:
Step 301:After certificate server receives the certification request from application server, generate challenging value and preserve,
And user profile and application identities are obtained from certification request;
The generation challenging value, it is specially:Random number generation function is called, generates random number, using the random number as choosing
War value;
The generation challenging value, can also be:User profile in certification request obtains the corresponding server preserved
Seed key, server seed key is calculated, generate challenging value.
Step 302:Certificate server token information and network data link according to corresponding to obtaining user profile, and according to
Apply Names corresponding to application identities acquisition;
In the present embodiment, token information and the network data link according to corresponding to obtaining the user profile, specifically
Including:Token information and network data link according to corresponding to can getting whether user profile are judged, if it is, obtaining
Token information and network data link corresponding to obtaining, otherwise return to errored response to application server, terminate.
Step 303:Certificate server generates pushing certification according to challenging value, token information, user profile and Apply Names
Request, and pushing certification request is pushed to by mobile terminal token by network data link;
The token information includes token serial number, then pushing certification request is pushed into mobile terminal token, be specially:
The mobile terminal token according to corresponding to obtaining token serial number, pushing certification request is pushed into the mobile terminal token.
The token information includes token identifications code, then is given birth to according to challenging value, token information, user profile and Apply Names
Ask, specifically include into pushing certification:Challenging value is encrypted token identification code, obtains challenging value ciphertext, according to choosing
War value ciphertext, token information, user profile and Apply Names generation pushing certification request.
Step 304:Certificate server receives the Authorization result that mobile terminal token returns, and first is obtained from Authorization result
Response value, and the server seed key and challenging value of preservation are obtained, challenging value and server seed key are calculated, obtained
To the second response value;
In the present embodiment, challenging value and server seed key are calculated, the second response value is obtained, specifically includes:
Server current time is obtained, it is close to server current time, challenging value, server seed using preset password generating algorithm
Key and dynamic factor are calculated, and obtain the second response value.
Step 305:Certificate server judges whether the first response value and the second response value match, if it is, to application
The successful authentication result of server return authentication, terminate, otherwise to the authentication result of application server return authentication failure, knot
Beam;
In the present embodiment, when in step 304, when dynamic factor includes event mode dynamic factor, in this step, when application takes
During the successful authentication result of device return authentication of being engaged in, in addition to:Update event type dynamic factor, i.e., add 1 by event mode dynamic factor.
Embodiment 4
The embodiment of the present invention 4 provides a kind of method of work of mobile terminal token in system of pushing certification, such as Fig. 6 institutes
Show, including:
Step 401:Mobile terminal token receives the pushing certification request from certificate server;
Step 402:Mobile terminal token obtains user profile and Apply Names from pushing certification request, is believed according to user
Breath and Apply Names generation log-on message are simultaneously shown;
The token information includes token identifications code and mobile terminal operating system, then also includes before this step:From pushing away
Send and token identifications code and mobile terminal operating system are obtained in certification request, and obtain the token identifications code and mobile terminal of preservation
Operating system, judge pushing certification request in token identifications code and mobile terminal operating system and preserve token identifications code and
Whether mobile terminal operating system is identical, if it is, performing step 402, otherwise returns to token information not to certificate server
Correct response, terminates;
It is described that log-on message is generated according to the user profile and the Apply Names, specifically include:It is current to obtain token
Time, preset format is filled according to user profile, Apply Names and token current time, obtains log-on message.
Step 403:Mobile terminal token receives selection of the user to log-on message, selects to confirm to log in when receiving user
When, step 404 is performed, is otherwise terminated;
Step 404:Mobile terminal token obtains challenging value from pushing certification request, and the token seed for obtaining preservation is close
Key, challenging value and token seed key are calculated, generate the first response value;
The token information includes token identifications code, then obtains challenging value in the request from pushing certification, specifically include:
Challenging value ciphertext is obtained from pushing certification request, and obtains the token identifications code of preservation, token identification code is to challenging value
Ciphertext is decrypted, and obtains challenging value;
It is described that challenging value and token seed key are calculated, the first response value is generated, is specifically included:From pushing certification
Server time is obtained in request, using preset password generating algorithm, to challenging value, server time, token seed key and
Dynamic factor is calculated, and generates the first response value.
Step 405:Mobile terminal token obtains token information from pushing certification request, is generated and permitted according to the first response value
Perhaps the Authorization result logged in, and sent to certificate server, token operation and terminated by network data link;
When the dynamic factor includes event mode dynamic factor, this step also includes:Update event type dynamic factor, i.e.,
Event mode dynamic factor is added 1.
Methods described also includes:When mobile terminal token starts, the internal reference address preserved is obtained, according to access
Location access registrar server, the network data link established between mobile terminal token and certificate server, passes through network data
Link sends token information to certificate server.
The above embodiment of the present invention illustrates by taking Android mobile phone token as an example, in addition,
If mobile terminal operating system is IOS systems in the token information that certificate server is got, authentication service
Device sends the pushing certification request of generation to icloud (Apple Inc.'s cloud service), and icloud receives pushing certification request
Afterwards, pushing certification request is sent to corresponding iPhone token, after iPhone token is handled pushing certification request,
Obtained authorization message is sent directly to certificate server.
If the token information that certificate server is got includes WeChat ID, the pushing certification request of generation is sent extremely
Wechat server, after wechat server receives pushing certification request, pushing certification request is sent to handset Wechat token, hand
After machine wechat token pushing certification request processing, obtained authorization message is sent to wechat server, wechat server and received
To after authorization message, authorization message is sent to certificate server.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art is in technical scope disclosed by the invention, the change or replacement that can readily occur in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (33)
- A kind of 1. method of work of pushing certification system, applied to including application interface, application server, certificate server and shifting In the system of dynamic terminal token composition, it is characterised in that methods described includes:Step S1:The application interface receives the user profile of user's input, and the user profile is sent to the application and taken Business device;Step S2:After the application server receives the user profile, answered according to what the user profile and inside preserved Certification request is generated with mark, the certification request is sent to the certificate server;Step S3:After the certificate server receives the certification request, generate challenging value and preserve, from the certification request Middle acquisition user profile and application identities, token information and network data link according to corresponding to obtaining the user profile, and The Apply Names according to corresponding to obtaining the application identities;Step S4:The certificate server is according to the challenging value, the token information, the user profile and the application name Claim generation pushing certification request, pushing certification request is pushed to by corresponding mobile terminal by the network data link Token;Step S5:After the mobile terminal token receives the pushing certification request, in being asked according to the pushing certification User profile and Apply Names generation log-on message are simultaneously shown, receive selection of the user to the log-on message, when receiving use When family selection confirms to log in, step S6 is performed, is otherwise terminated;Step S6:The mobile terminal token obtains challenging value from pushing certification request, to the challenging value and inside The token seed key preserved is calculated, and generates the first response value;Step S7:The mobile terminal token generation includes the Authorization result of first response value, passes through the network data Link sends the Authorization result to the certificate server;Step S8:After the certificate server receives the Authorization result, the first response value is obtained from the Authorization result, And the server seed key and challenging value of corresponding preservation are obtained, the challenging value and the server seed key are counted Calculate, obtain the second response value;Step S9:The certificate server judges whether first response value and second response value match, and is then to institute The successful authentication result of application server return authentication is stated, step S10 is performed, otherwise terminates;Step S10:After the application server receives the successful authentication result of the certification, send and recognize to the application interface Demonstrate,prove successful information;Step S11:After the application interface receives the authentication success message, it is allowed to which user accesses application, terminates.
- 2. according to the method for claim 1, it is characterised in that methods described also includes:When mobile terminal token starts, The reference address preserved according to inside, accesses the certificate server, establishes the mobile terminal token and the authentication service Network data link between device, the token information is sent to certificate server by the network data link;After the certificate server receives the token information, the corresponding token information preserved is obtained, if the token received When information differs with the token information preserved, the token information for updating preservation is the token information received.
- 3. according to the method for claim 1, it is characterised in that the token information includes token serial number;It is described that pushing certification request is pushed into corresponding mobile terminal token in the step S4, be specially:It is described to recognize Server is demonstrate,proved according to the token serial number, mobile terminal token corresponding to lookup, pushing certification request is pushed into institute State mobile terminal token.
- 4. according to the method for claim 1, it is characterised in that the token information includes token identifications code;It is described to be given birth to according to the challenging value, the token information, the user profile and the Apply Names in the step S4 Ask, specifically include into pushing certification:The challenging value is encrypted using the token identifications code for the certificate server, Challenging value ciphertext is obtained, is generated according to the challenging value ciphertext, the token information, the user profile and the Apply Names Pushing certification is asked;In the step S6, challenging value is obtained in the request from the pushing certification, is specifically included:The mobile terminal token Challenging value ciphertext is obtained from pushing certification request, the token identifications code preserved using inside enters to the challenging value ciphertext Row decryption, obtains challenging value.
- 5. according to the method for claim 1, it is characterised in that the token information includes token identifications code and mobile terminal Operating system;In the step S5, after the mobile terminal token receives the pushing certification request, in addition to:The mobile terminal token obtains token identifications code and mobile terminal operating system from pushing certification request, judges Token identifications code and mobile terminal operating system and the internal token identifications code preserved and movement in the pushing certification request Whether terminal operating system is identical, if it is, continuing, otherwise returns to the incorrect sound of token information to the certificate server Should, terminate.
- 6. according to the method for claim 1, it is characterised in thatIn the step S5, user profile and Apply Names in the request according to the pushing certification generate log-on message, Specially:The mobile terminal token obtains user profile and Apply Names from pushing certification request, and obtains token Current time, preset format is filled according to the user profile, the token current time and the Apply Names, obtained To log-on message.
- 7. according to the method for claim 1, it is characterised in that in the step S4, it is described according to the challenging value, it is described Token information, the user profile and Apply Names generation pushing certification request, are specifically included:The certificate server obtains Take server time, according to the server time, the challenging value, the token information, the user profile and it is described should Asked with title generation pushing certification.
- 8. according to the method for claim 7, it is characterised in that described to the challenging value and inside in the step S6 The token seed key preserved is calculated, and is generated the first response value, is specifically included:The mobile terminal token is from described The server time is obtained in pushing certification request, using preset password generating algorithm, to the challenging value, the server Time, the internal token seed key preserved and dynamic factor are calculated, and generate the first response value.
- 9. according to the method for claim 1, it is characterised in that described to the challenging value and described in the step S7 Server seed key is calculated, and is obtained the second response value, is specifically included:The certificate server obtain server it is current when Between, using preset password generating algorithm, to the server current time, the challenging value, the server seed key and Dynamic factor is calculated, and obtains the second response value.
- 10. according to the method for claim 1, it is characterised in that in the step S3, the generation challenging value, be specially: The certificate server calls random number generation function, random number is generated, using the random number as challenging value.
- 11. according to the method for claim 1, it is characterised in that in the step S3, the generation challenging value, be specially: User profile of the certificate server in the certification request obtains the corresponding server seed key preserved, to described Server seed key is calculated, and generates challenging value.
- 12. according to the method for claim 1, it is characterised in thatIn the step S1, the user profile is specially username and password.
- 13. according to the method for claim 1, it is characterised in thatIt is described to send the certification request to the certificate server in the step S2, specifically include:The application service Device sends the certification request to authentication proxy, please by the certification after the authentication proxy receives the certification request Transmission is asked to the certificate server;It is described to the successful authentication result of application server return authentication in the step S9, specifically include:The certification Server sends the successful authentication result of certification to the authentication proxy, and it is successful that the authentication proxy receives the certification After authentication result, the successful authentication result of the certification is sent to the application server.
- 14. according to the method for claim 1, it is characterised in that it is described otherwise to terminate in the step S5, specifically include:When receiving user's selection cancellation login, the mobile terminal token, which returns to the certificate server, cancels login Authorization result;After the certificate server receives the Authorization result cancelled and logged in, returned to client and cancel what is logged in Authentication result;After the client receives the authentication result cancelled and logged in, display does not allow the prompt message logged in, knot Beam;When not receiving user's selection operation in preset time, the mobile terminal token returns super to the certificate server When Authorization result;After the certificate server receives the overtime Authorization result, time-out is returned to the client Authentication result, after the client receives the overtime authentication result, the prompt message of time-out is shown, is terminated.
- 15. according to the method for claim 1, it is characterised in that when the step S9 is judged as NO, specifically include:Authentication result of the certificate server to application server return authentication failure;After the application server receives the authentication result of the authentification failure, authentification failure letter is sent to the application interface Breath;After the application interface receives the authentication failure message, the prompt message of authentification failure is shown, is terminated.
- 16. according to the method for claim 1, it is characterised in thatIt is described to be given birth to according to the challenging value, the token information, the user profile and the Apply Names in the step S4 Ask, specifically include into pushing certification:The certificate server generates certification request ID, establishes and is associated simultaneously with the user profile Preserve, pushing certification request is generated according to the challenging value, the user profile and the certification request ID;In the step S7, Authorization result of the generation comprising first response value and the token information, specifically include: Generation includes the Authorization result of first response value, the token information and the certification request ID;Also include before the step S8:The certificate server obtains certification request ID from the Authorization result, and obtains The certification request ID of preservation, judge whether the certification request ID in the Authorization result is identical with the certification request ID of preservation, such as Fruit is then to perform step S8, otherwise deletes the certification request ID of the preservation, terminates.
- 17. according to the method for claim 16, it is characterised in thatThe step S4 also includes:The certificate server obtains the current server time, is generated as certification request ID Time simultaneously preserves;Also include before the step S8:The certificate server obtains the certification request ID generation times preserved and obtains reception To server time during Authorization result, judge the server time and the difference of certification request ID generation times whether pre- If in the time, if it is, the certification request ID is effective, step S8 is performed, otherwise deletes the certification request ID of the preservation Remove, terminate.
- 18. according to the method for claim 1, it is characterised in thatIt is described to generate the Authorization result for including first response value in the step S7, specifically include:The mobile terminal order Authorization result of the board generation comprising the first response value and the token information;It is described that the first response value is obtained from the Authorization result in the step S8, and obtain the server kind of corresponding preservation Sub-key and challenging value, it is specially:The certificate server obtains the first response value and the token from the Authorization result Information, the corresponding server seed key and challenging value preserved is obtained according to the token information.
- A kind of 19. method of work of certificate server in system of pushing certification, it is characterised in that including:Step T1:After the certificate server receives the certification request from application server, generate challenging value and preserve, and User profile and application identities are obtained from the certification request;Step T2:The certificate server token information and network data link according to corresponding to obtaining the user profile, and The Apply Names according to corresponding to obtaining the application identities;Step T3:The certificate server is according to the challenging value, the token information, the user profile and the application name Claim generation pushing certification request, and pushing certification request is pushed to by mobile terminal by the network data link and made Board;Step T4:The certificate server receives the Authorization result that the mobile terminal token returns, from the Authorization result The first response value is obtained, and obtains the server seed key of preservation and the challenging value, to the challenging value and the service Device seed key is calculated, and obtains the second response value;Step T5:The certificate server judges whether first response value and second response value match, if it is, To the successful authentication result of application server return authentication, terminate, otherwise fail to the application server return authentication Authentication result, terminate.
- 20. according to the method for claim 19, it is characterised in that the token information includes token serial number;It is described that pushing certification request is pushed into mobile terminal token, be specially:The certificate server is according to the order Mobile terminal token corresponding to card sequence number acquisition, pushing certification request is pushed into the mobile terminal token.
- 21. according to the method for claim 19, it is characterised in that the token information includes token identifications code;It is described to be asked according to the challenging value, the token information, the user profile and the Apply Names generation pushing certification Ask, specifically include:The challenging value is encrypted using the token identifications code for the certificate server, and it is close to obtain challenging value Text, generating pushing certification according to the challenging value ciphertext, the token information, the user profile and the Apply Names please Ask.
- 22. according to the method for claim 19, it is characterised in that in the step T1, the generation challenging value, specifically For:The certificate server calls random number generation function, random number is generated, using the random number as challenging value.
- 23. according to the method for claim 19, it is characterised in that in the step T1, the generation challenging value, specifically For:It is close that user profile of the certificate server in the certification request obtains the corresponding server seed preserved Key, the server seed key is calculated, generate challenging value.
- 24. according to the method for claim 19, it is characterised in that described to the challenging value and institute in the step T4 State server seed key to be calculated, obtain the second response value, specifically include:It is current that the certificate server obtains server Time, using preset password generating algorithm, to the server current time, the challenging value, the server seed key Calculated with dynamic factor, obtain the second response value.
- 25. according to the method for claim 19, it is characterised in that described according to the user profile in the step T2 Token information corresponding to acquisition and network data link, are specifically included:The certificate server is judged according to the user profile Token information corresponding to whether can getting and network data link, if it is, token information corresponding to acquiring and Network data link, errored response otherwise is returned to the application server, terminated.
- A kind of 26. method of work of mobile terminal token in system of pushing certification, it is characterised in that including:Step K1:The mobile terminal token receives the pushing certification request from certificate server;Step K2:The mobile terminal token obtains user profile and Apply Names from pushing certification request, according to institute State user profile and Apply Names generation log-on message and show;Step K3:The mobile terminal token receives selection of the user to log-on message, selects to confirm to log in when receiving user When, step K4 is performed, is otherwise terminated;Step K4:The mobile terminal token obtains challenging value from pushing certification request, and obtains the token kind of preservation Sub-key, the challenging value and the token seed key are calculated, generate the first response value;Step K5:The Authorization result that the mobile terminal token allows to log according to first response value generation, and pass through net Network data link, which is sent to the certificate server, token operation, to be terminated.
- 27. according to the method for claim 26, it is characterised in that described to allow to log according to first response value generation Authorization result, specifically include:The mobile terminal token obtains token information from pushing certification request, according to described First response value and token information generation allow the Authorization result logged in.
- 28. according to the method for claim 27, it is characterised in that the token information includes token identifications code;In the step K4, challenging value is obtained in the request from the pushing certification, is specifically included:The mobile terminal token Challenging value ciphertext is obtained from pushing certification request, and obtains the token identifications code of preservation, using the token identifications code The challenging value ciphertext is decrypted, obtains challenging value.
- 29. according to the method for claim 27, it is characterised in that the token information includes token identifications code and movement eventually Hold operating system;Also include before the step K2:The mobile terminal token from the pushing certification request in obtain token identifications code and Mobile terminal operating system, and the token identifications code and mobile terminal operating system of preservation are obtained, judge that the pushing certification please The token identifications code and mobile terminal operating system of token identifications code and mobile terminal operating system and the preservation in asking be It is no identical, if it is, performing step K2, the incorrect response of token information otherwise is returned to the certificate server, is terminated.
- 30. according to the method for claim 27, it is characterised in that described according to the user profile in the step K2 Log-on message is generated with the Apply Names, is specifically included:The mobile terminal token obtains token current time, according to the user profile, the Apply Names and the token Current time is filled to preset format, obtains log-on message.
- 31. according to the method for claim 26, it is characterised in that methods described also includes:When the mobile terminal token starts, the internal reference address preserved is obtained, according to accessing the reference address Certificate server, the network data link established between the mobile terminal token and the certificate server, passes through the net Network data link sends token characteristic to the certificate server.
- 32. according to the method for claim 26, it is characterised in that described to the challenging value and institute in the step K4 State token seed key to be calculated, generate the first response value, specifically include:The mobile terminal token is from the pushing certification Server time is obtained in request, using preset password generating algorithm, to the challenging value, the server time, the order Board seed key and dynamic factor are calculated, and generate the first response value.
- 33. according to the method for claim 32, it is characterised in that when the dynamic factor includes event mode dynamic factor When, the step K5 also includes:The mobile terminal token update event type dynamic factor.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510089797.1A CN104639562B (en) | 2015-02-27 | 2015-02-27 | A kind of system of pushing certification and the method for work of equipment |
PCT/CN2016/074468 WO2016134657A1 (en) | 2015-02-27 | 2016-02-24 | Operating method for push authentication system and device |
US15/552,517 US10887103B2 (en) | 2015-02-27 | 2016-02-24 | Operating method for push authentication system and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510089797.1A CN104639562B (en) | 2015-02-27 | 2015-02-27 | A kind of system of pushing certification and the method for work of equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104639562A CN104639562A (en) | 2015-05-20 |
CN104639562B true CN104639562B (en) | 2018-03-13 |
Family
ID=53217875
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510089797.1A Active CN104639562B (en) | 2015-02-27 | 2015-02-27 | A kind of system of pushing certification and the method for work of equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104639562B (en) |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141628B (en) * | 2015-09-18 | 2018-06-29 | 飞天诚信科技股份有限公司 | A kind of method and device for realizing push |
US10887103B2 (en) * | 2015-02-27 | 2021-01-05 | Feitian Technologies Co., Ltd. | Operating method for push authentication system and device |
CN104917766B (en) * | 2015-06-10 | 2018-01-05 | 飞天诚信科技股份有限公司 | A kind of two-dimension code safe authentication method |
CN105162785B (en) | 2015-09-07 | 2019-01-04 | 飞天诚信科技股份有限公司 | A kind of method and apparatus registered based on authenticating device |
CN105187450B (en) * | 2015-10-08 | 2019-05-10 | 飞天诚信科技股份有限公司 | A kind of method and apparatus authenticated based on authenticating device |
JP6682254B2 (en) * | 2015-12-08 | 2020-04-15 | キヤノン株式会社 | Authentication cooperation system, authentication cooperation method, authorization server and program |
JP6677496B2 (en) * | 2015-12-08 | 2020-04-08 | キヤノン株式会社 | Authentication federation system and authentication federation method, authorization server, application server and program |
CN105553674B (en) * | 2016-01-11 | 2019-06-18 | 飞天诚信科技股份有限公司 | A kind of interactive system, intelligent cipher key equipment, server and working method |
CN107124390B (en) * | 2016-02-25 | 2021-05-04 | 阿里巴巴集团控股有限公司 | Security defense and implementation method, device and system of computing equipment |
KR102035312B1 (en) * | 2016-04-25 | 2019-11-08 | (주)이스톰 | User centric authentication mehtod and system |
WO2018010146A1 (en) | 2016-07-14 | 2018-01-18 | 华为技术有限公司 | Response method, apparatus and system in virtual network computing authentication, and proxy server |
CN107645473B (en) * | 2016-07-20 | 2020-09-22 | 平安科技(深圳)有限公司 | Method and device for protecting data security |
CN106921663B (en) * | 2017-03-03 | 2020-04-10 | 浙江智贝信息科技有限公司 | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal |
CN107222460B (en) * | 2017-05-03 | 2019-10-08 | 飞天诚信科技股份有限公司 | A kind of method and device that server data memory space is shared |
CN109756452A (en) * | 2017-11-03 | 2019-05-14 | 中国移动通信有限公司研究院 | A kind of safety certifying method, device and computer readable storage medium |
CN109842594B (en) * | 2017-11-28 | 2021-08-10 | 中国移动通信集团浙江有限公司 | Telephone number verification method, capability open platform and verification platform |
CN108234451A (en) * | 2017-12-11 | 2018-06-29 | 厦门亿力吉奥信息科技有限公司 | Electric power intranet and extranet request forwarding Proxy Method and computer readable storage medium |
CN108123957B (en) * | 2017-12-29 | 2020-10-13 | 飞天诚信科技股份有限公司 | Multi-mode authentication method and device for logging in virtual private network server |
WO2019226115A1 (en) * | 2018-05-23 | 2019-11-28 | Sixscape Communications Pte Ltd | Method and apparatus for user authentication |
CN109005159B (en) * | 2018-07-03 | 2021-02-19 | 中国联合网络通信集团有限公司 | Data processing method for terminal access system server and authentication server |
CN109377679A (en) * | 2018-09-03 | 2019-02-22 | 深圳壹账通智能科技有限公司 | Withdrawal method and terminal device |
CN110430202B (en) * | 2019-08-09 | 2022-09-16 | 百度在线网络技术(北京)有限公司 | Authentication method and device |
CN114553814B (en) * | 2020-10-27 | 2024-02-09 | 花瓣云科技有限公司 | Method and device for processing push message |
CN113781200A (en) * | 2021-08-12 | 2021-12-10 | 南京星云数字技术有限公司 | Automatic credit investigation authorization method, system and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
CN102281142A (en) * | 2011-08-01 | 2011-12-14 | 句容市盛世软件有限公司 | User identity identification system |
CN103902880A (en) * | 2014-03-31 | 2014-07-02 | 上海动联信息技术股份有限公司 | Windows system two-factor authentication method based on challenge responding type dynamic passwords |
CN104348612A (en) * | 2013-07-23 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Third-party website login method based on mobile terminal and mobile terminal |
-
2015
- 2015-02-27 CN CN201510089797.1A patent/CN104639562B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
CN102281142A (en) * | 2011-08-01 | 2011-12-14 | 句容市盛世软件有限公司 | User identity identification system |
CN104348612A (en) * | 2013-07-23 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Third-party website login method based on mobile terminal and mobile terminal |
CN103902880A (en) * | 2014-03-31 | 2014-07-02 | 上海动联信息技术股份有限公司 | Windows system two-factor authentication method based on challenge responding type dynamic passwords |
Also Published As
Publication number | Publication date |
---|---|
CN104639562A (en) | 2015-05-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104639562B (en) | A kind of system of pushing certification and the method for work of equipment | |
CN104539701B (en) | A kind of equipment of activation line mobile terminal token and the method for work of system | |
CN104660416B (en) | A kind of working method of voice authentication system and equipment | |
CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
CN104618120B (en) | A kind of mobile terminal key escrow digital signature method | |
CN104506534B (en) | Secure communication key agreement interaction schemes | |
US10887103B2 (en) | Operating method for push authentication system and device | |
CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
CN104486343B (en) | A kind of method and system of double factor two-way authentication | |
CN107222460B (en) | A kind of method and device that server data memory space is shared | |
CN102299930B (en) | Method for ensuring security of client software | |
US8775794B2 (en) | System and method for end to end encryption | |
CN103974248B (en) | Terminal security guard method in ability open system, apparatus and system | |
CN103875211B (en) | A kind of internet account number management method, manager, server and system | |
CN107612889B (en) | Method for preventing user information leakage | |
CN105681030B (en) | key management system, method and device | |
CN104506321B (en) | A kind of method of seed data in renewal dynamic token | |
CN101873331A (en) | Safety authentication method and system | |
Hallsteinsen et al. | Using the mobile phone as a security token for unified authentication | |
CN108111497A (en) | Video camera and server inter-authentication method and device | |
CN104463584B (en) | The method for realizing mobile terminal App secure payments | |
CN113065115A (en) | Authentication method for realizing security of small program login and without network isolation based on oauth2.0 | |
CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
CN107819766A (en) | Safety certifying method, system and computer-readable recording medium | |
CN114584386B (en) | Global multistage encryption network communication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
OL01 | Intention to license declared | ||
OL01 | Intention to license declared |