The content of the invention
In view of the above the shortcomings that prior art, it is an object of the invention to provide a kind of login authentication method and it is
System, for solving the problems, such as to need to manually enter two-pass cipher in limiting time in the prior art using re-authentication.
In order to achieve the above objects and other related objects, the present invention provides a kind of login authentication method, the login authentication
Method includes:When client, which inputs, logs in main password, one near the client mobile end by pre-authentication is placed on
End obtains the relevant information of the client;The mobile terminal produces two-pass cipher according to the relevant information, and by described in
Two-pass cipher is sent to server;Server receives the main password and two-pass cipher, verifies the effective of the two-pass cipher
Property;When the two-pass cipher is effective, it is allowed to log in.
Alternatively, the validity of two-pass cipher described in server authentication includes:The two-pass cipher is by using the shifting
The UID of dynamic terminal carries out signature generation to the relevant information of the client, when the two-pass cipher signing messages with it is described
When the UID checkings of mobile terminal are consistent, the two-pass cipher is effective.
Alternatively, the mobile terminal includes gravity sensor, and the relevant information of the client inputs including client
During main password, vibration signal that the gravity sensor receives.
Alternatively, the mobile terminal includes microphone, and the relevant information of the client is close including client input master
During code, voice signal that the microphone receives.
Alternatively, the mobile terminal includes GPS, and the relevant information of the client includes client and inputs main password
When, timestamp information and/or positional information that the GPS is determined;The validity of two-pass cipher described in server authentication also includes:
When the two-pass cipher includes timestamp information, the timestamp information that is parsed according to two-pass cipher is described with receiving
The temporal information of main password compares, and determines the validity of the two-pass cipher;And/or when the two-pass cipher includes position
When confidence ceases, the positional information that is parsed according to two-pass cipher compared with receiving the positional information of the client, determines institute
State the validity of two-pass cipher.
The present invention provides a kind of accession authorization system, and the accession authorization system includes mobile terminal, client and service
Device, the mobile terminal are being included by pre-authentication equipment, the mobile terminal for the client:Client-side information obtains mould
Block, for when client input log in main password when, the relevant information of client described in the acquisition for mobile terminal;Two-pass cipher
Sending module is produced, it is secondary to carry out signature generation to the relevant information of the client for the UID by using mobile terminal
Password, and the two-pass cipher is sent to server.
Alternatively, the mobile terminal includes gravity sensor, and the relevant information of the client inputs including client
During main password, vibration signal that the gravity sensor receives.
Alternatively, the mobile terminal includes microphone, and the relevant information of the client is close including client input master
During code, voice signal that the microphone receives.
Alternatively, the mobile terminal includes GPS, and the relevant information of the client includes client and inputs main password
When, timestamp information and/or positional information that the GPS is determined.
The present invention provides a kind of accession authorization system, and the accession authorization system includes mobile terminal, client and service
Device, the server include:Password acceptance module, for receiving main password and two-pass cipher;Two-pass cipher authentication module, with institute
Password acceptance module is stated to be connected, for determining the validity of the two-pass cipher, signing messages and institute when the two-pass cipher
State mobile terminal UID checking it is consistent when, the two-pass cipher is effective.
Alternatively, the two-pass cipher authentication module is additionally operable to:When the two-pass cipher includes timestamp information, root
The timestamp information parsed according to two-pass cipher, compared with receiving the temporal information of the main password, determine described secondary close
The validity of code.
Alternatively, the two-pass cipher authentication module is additionally operable to:When the two-pass cipher includes positional information, according to
The positional information that two-pass cipher parses, compared with receiving the positional information of the client, determine the two-pass cipher
Validity.
As described above, a kind of login authentication method and system of the present invention, have the advantages that:With reference to smart mobile phone
Either intelligent watch etc. carries gravity sensor or microphone and GPS equipment, and by designated equipment within a specified time
The percussion data collected by gravity sensor or microphone are used as two-pass cipher, make user only need to be by designated equipment
Side is placed on (as authentication device), and as input password login usually, it is only necessary to input main password, designated equipment (intelligence
Energy equipment) authentication operations of two step certifications can be automatically performed.Make user no longer need to obtain and be manually entered it is cumbersome secondary close
Code, mistake lifting Consumer's Experience is reduced, and accordingly lift certain security.
Embodiment
Illustrate embodiments of the present invention below by way of specific instantiation, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through specific realities different in addition
The mode of applying is embodied or practiced, the various details in this specification can also be based on different viewpoints with application, without departing from
Various modifications or alterations are carried out under the spirit of the present invention.
It should be noted that the diagram provided in the present embodiment only illustrates the basic conception of the present invention in a schematic way,
Then the component relevant with the present invention is only shown in schema rather than is painted according to component count, shape and the size during actual implement
System, kenel, quantity and the ratio of each component can be a kind of random change during its actual implementation, and its assembly layout kenel also may be used
Can be increasingly complex.
The present invention provides a kind of login authentication method.The login authentication method can be used for the user for improving re-authentication
Experience and security.In one embodiment, as shown in figure 1, the login authentication method includes:
Step S1, when client, which inputs, logs in main password, it is placed near the client mobile terminal and obtains
Take the relevant information of the client.Specifically, it is described to be referred to opening corresponding network service by the mobile terminal of pre-authentication
Specially appointed equipment (mobile terminal) when two steps are demonstrate,proved, when client specifies the mobile terminal by pre-authentication, in phase
The webserver answered will bind the re-authentication of the mobile terminal and the client, i.e., by the mobile terminal come
Complete the re-authentication to the client.In one embodiment, the mobile terminal is with gravity sensor or wheat
Gram wind and GPS (Global Positioning System, global positioning system) smart mobile phone or intelligent watch etc. are set
It is standby.In one embodiment, the mobile terminal includes gravity sensor, and the relevant information of the client is defeated including client
When becoming owner of password, vibration signal that the gravity sensor receives.Specifically, the mobile terminal can be placed on and visitor
On the same desktop in family end, the behavior of stroking when inputting main password is received by gravity sensor, the behavior of stroking is produced
Vibration change into corresponding pulse signal.In one embodiment, the mobile terminal includes gravity sensor microphone, institute
When stating the relevant information of client includes client and inputs main password, voice signal that the gravity sensor receives.Specifically
The mobile terminal, can be placed on the additional of client by ground, and the sound of stroking when inputting main password is received by microphone
Sound, sound caused by described stroke is changed into corresponding pulse signal.The pulse either obtained by gravity sensor is believed
Number or the obtained pulse signal of microphone can serve as the relevant information of client.In one embodiment, the movement
Terminal also includes GPS, and when client inputs main password, mobile terminal obtains current geographical location information by GPS in real time
And timestamp information, and the information acquired in GPS is also served as to the relevant information of client.
Step S2, the mobile terminal produces two-pass cipher according to the relevant information, and the two-pass cipher is sent
To server.Specifically, the mobile terminal is according to passing through gravity sensor or microphone and GPS (Global
Positioning System, global positioning system) the relevant information generation two-pass cipher of client that obtains, and by described two
Secondary password is sent to server.
Step S3, server receive the main password and two-pass cipher, verify the validity of the two-pass cipher;Work as institute
State two-pass cipher it is effective when, it is allowed to log in.Server receives the main password of client transmission, while also receives described
The two-pass cipher that mobile terminal is sent.The validity of two-pass cipher described in server authentication includes:The two-pass cipher is by making
Signature generation is carried out to the relevant information of the client with the UID of the mobile terminal, when the A.L.S. of the two-pass cipher
When breath is consistent with the UID checkings of the mobile terminal, the two-pass cipher is effective.The relevant information of the main password can be passed through
Come the UID of mobile terminal corresponding to determining, the validity of the two-pass cipher is verified according to the UID of the mobile terminal.Work as institute
When stating two-pass cipher and being verified as effective, illustrate that the two-pass cipher is recognized, server will allow the client to log in.One
In individual embodiment, whole client-related information is encrypted by device-dependent unique identifier UID for the mobile terminal
Packing signature, generation two-pass cipher are sent to server.User set the mobile terminal in server end, server according to
The password authentification strategy corresponding to the determination of householder's password relevant information, enters according to password authentification strategy to the two-pass cipher
Row decryption and validation verification.In one embodiment, the mobile terminal includes GPS, the relevant information bag of the client
When including the client main password of input, timestamp information and/or positional information that the GPS is determined;It is secondary described in server authentication
The validity of password also includes:When the two-pass cipher includes timestamp information, time for being parsed according to two-pass cipher
Information is stabbed, compared with receiving the temporal information of the main password, determines the validity of the two-pass cipher;And/or work as
When the two-pass cipher includes positional information, the positional information that is parsed according to two-pass cipher, with receiving the client
Positional information compare, determine the validity of the two-pass cipher.
In one embodiment, near user needs mobile terminal being placed on (as specified authentication device).If
It is that reception button operation is carried out by gravity sensor, then needs to place a device on desktop;If received by microphone
Button operation, then only need to simply it be placed on nearby.At the same time can choose whether to need the GPS functions of opening equipment, such as
Fruit opens GPS functions, then can prompt the login place of user after login page inputs password, and need user to confirm;If
GPS functions are not turned on, then ignores and logs in place verification step.When user, which strokes, inputs main password, caught by microphone
Keypad sounds or the weak vibration that desktop is received by gravity sensor, the phase percussion behavior of user being converted into time domain
Answer pulse signal.Obtain current geographical position and atomic time stamp in real time by GPS simultaneously, and by these information superpositions
Onto the pulse signal of each button received.Serial data now is just provided with space-time uniqueness.Finally by equipment phase
The unique identifier UID of pass whole serial data is encrypted packing signature, and (as two-pass cipher), the term of validity is 30 seconds to signature.
For server while user's input password is received, smart machine also actively sends what is obtained by two steps above to server
Encrypted signature bag.Due to setting authentication device in server end before user, server can be automatically using corresponding secret key pair
Encrypted packet is decrypted and validation verification.Simultaneously examine key-press event time point whether with user input keying sequence when one
Cause.If consistent, illustrate authentication device nearby, complete two steps card immediately, it is allowed to which user logs into system.
The present invention provides a kind of accession authorization system.The accession authorization system can use login authentication as described above
Method carries out login authentication.In one embodiment, as shown in Fig. 2 the accession authorization system 1 includes mobile terminal 12, visitor
Family end 11 and server 13.The mobile terminal 12 is the client 11 by pre-authentication equipment, the shifting by pre-authentication
Dynamic terminal 12 refers to when opening corresponding network and servicing two steps card and specially appointed equipment (mobile terminal), works as client
When specifying the mobile terminal by pre-authentication, in the corresponding webserver by the two of the mobile terminal and the client
Secondary certification binding, i.e., complete the re-authentication to the client by the mobile terminal.The mobile terminal 12 includes
Client-side information acquisition module 121 and two-pass cipher produce sending module 122.Wherein:
Client-side information acquisition module 121 is used for when client inputs and logs in main password, the acquisition for mobile terminal institute
State the relevant information of client.In one embodiment, the mobile terminal be with gravity sensor or microphone and
The equipment such as GPS (Global Positioning System, global positioning system) smart mobile phone or intelligent watch.One
In individual embodiment, the mobile terminal 12 includes gravity sensor, and the relevant information of the client inputs including client 11
During main password, vibration signal that the gravity sensor receives.Specifically, the mobile terminal 12 can be placed on and visitor
On 11 same desktop of family end, the behavior of stroking when inputting main password is received by gravity sensor, by the behavior production of stroking
Raw vibration changes into corresponding pulse signal.In one embodiment, the mobile terminal 12 includes gravity sensor Mike
Wind, when the relevant information of the client inputs main password including client 11, the sound that the gravity sensor receives is believed
Number.Specifically, the mobile terminal 12 can be placed on to the additional of client 11, the main password of input is received by microphone
When sound of stroking, by it is described stroke caused by sound change into corresponding pulse signal.Either obtained by gravity sensor
To the obtained pulse signal of pulse signal or microphone can serve as the relevant information of client.In one embodiment
In, the mobile terminal 12 also includes GPS, and in 11 main password of client, mobile terminal 12 is obtained current in real time by GPS
Geographical location information and timestamp information, and the information acquired in GPS is also served as to the relevant information of client.
Two-pass cipher produces sending module 122 and is connected with client-side information acquisition module 121, for by using mobile whole
The UID at end carries out signature to the relevant information of the client and produces two-pass cipher, and the two-pass cipher is sent into service
Device.Specifically, the mobile terminal is according to passing through gravity sensor or microphone and GPS (Global Positioning
System, global positioning system) the relevant information generation two-pass cipher of client that obtains, and the two-pass cipher is sent to
Server 13.In one embodiment, two-pass cipher produces sending module 122 and is additionally operable to encrypt the two-pass cipher to be formed and adds
The server 13 is sent to after Mi Bao.
The present invention provides a kind of accession authorization system.In one embodiment, as shown in Fig. 2 the accession authorization system 1
Include password acceptance module 131 and two-pass cipher including mobile terminal 12, client 11 and server 13, the server 13
Authentication module 132.Wherein:
Password acceptance module 131 is used to receive main password and two-pass cipher.Specifically, password acceptance module 131 is used to connect
Receive the two-pass cipher that the main password and mobile terminal 12 that client 11 is sent are sent.
Two-pass cipher authentication module 132 is connected with password acceptance module 131, for true according to the main password relevant information
Password authentification strategy, the validity of two-pass cipher described in the password authentification policy validation corresponding to fixed.In one embodiment,
The two-pass cipher authentication module 132 is used for:Relevant information to the UID by using the mobile terminal to the client
Two-pass cipher is verified caused by being signed, when the UID of the signing messages and the mobile terminal of the two-pass cipher is tested
When demonstrate,proving consistent, the two-pass cipher is effective.Mobile terminal corresponding to being determined by the relevant information of the main password
UID, the validity of the two-pass cipher is verified according to the UID of the mobile terminal.When the two-pass cipher is verified as effectively
When, illustrate that the two-pass cipher is recognized, server will allow the client to log in.In one embodiment, it is described secondary close
Code authentication module 132 is additionally operable to:When the two-pass cipher includes timestamp information, time for being parsed according to two-pass cipher
Information is stabbed, compared with receiving the temporal information of the main password, determines the validity of the two-pass cipher.In one embodiment
In, the two-pass cipher authentication module 132 is additionally operable to:When the two-pass cipher includes positional information, according to two-pass cipher
The positional information parsed, compared with receiving the positional information of the client 11, determine the validity of the two-pass cipher.
In summary, a kind of login authentication method of the invention and system, have the advantages that:With reference to smart mobile phone
Either intelligent watch etc. carries gravity sensor or microphone and GPS equipment, and by designated equipment within a specified time
The percussion data collected by gravity sensor or microphone are used as two-pass cipher, make user only need to be by designated equipment
Side is placed on (as authentication device), and as input password login usually, it is only necessary to input main password, designated equipment (intelligence
Energy equipment) authentication operations of two step certifications can be automatically performed.Make user no longer need to obtain and be manually entered it is cumbersome secondary close
Code, mistake lifting Consumer's Experience is reduced, and accordingly lift certain security.So the present invention effectively overcomes prior art
In various shortcoming and have high industrial utilization.
The above-described embodiments merely illustrate the principles and effects of the present invention, not for the limitation present invention.It is any ripe
Know the personage of this technology all can carry out modifications and changes under the spirit and scope without prejudice to the present invention to above-described embodiment.Cause
This, those of ordinary skill in the art is complete without departing from disclosed spirit and institute under technological thought such as
Into all equivalent modifications or change, should by the present invention claim be covered.