CN105516195A - Security authentication system and security authentication method based on application platform login - Google Patents
Security authentication system and security authentication method based on application platform login Download PDFInfo
- Publication number
- CN105516195A CN105516195A CN201610032441.9A CN201610032441A CN105516195A CN 105516195 A CN105516195 A CN 105516195A CN 201610032441 A CN201610032441 A CN 201610032441A CN 105516195 A CN105516195 A CN 105516195A
- Authority
- CN
- China
- Prior art keywords
- authentication
- application platform
- module
- client
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a security authentication system and a security authentication method based on application platform login. The security authentication system comprises a client, an application platform and an authentication platform, wherein the client comprises an information acquisition module and a first storage module; a security plug-in for generating a first authentication code is stored in the first storage module; an operation algorithm is set in the security plug-in. The application platform comprises a first random number generation module used for generating a random parameter and storing the random parameter into a second storage module, and a first authentication module used for authenticating user information and the random parameter. The authentication platform comprises a third authentication module with the security plug-in, a second authentication module used for realizing authentication of the first authentication code based on a second authentication code, and a feedback module used for feeding an authentication result in the second authentication module back to the application platform and the client respectively. The security plug-in has uniqueness so that the security performance in a security authentication process is greatly improved.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of security certification system based on application platform login and authentication method thereof.
Background technology
Along with the development of Information technology, the application of information security technology in each field is more extensive.At information security field, safety certification often information system use first key, its fail safe is subject to increasing attention.Correspondingly, in order to the dynamic-password technique strengthening the fail safe in safety certification process is applied to each different field, more and more especially in applications such as Net silver, network game, telecom operators, E-Government, enterprise servers.
Dynamic password generates a uncertain random digit combination according to special algorithm, and a password uses once effective, and it is a kind of account anti-theft technology of safe and convenient, can available protecting transaction and the authentication security that logs in.And in verification process, adopt dynamic password authentication without the need to periodic modification password, safety is saved worry, thus the fail safe of system is ensure that in this link of the most basic cipher authentication, solve the heavy losses caused because of password swindle, prevent malice invader or artificial destruction, solve and to be divulged a secret the invasion problem caused by password.
But, in existing Verification System, no matter be entity hardware dynamic token or software dynamic token, have the weakness that is common, namely its all token algorithm be all identical and disclosed in, realize the authentication procedures of different user by means of only key.Such as, log in banking system in the terminal user, as long as input user name and login password at login page, send after dynamic short message verification code is verified after verifying in server afterwards and can log in.Can find out, its login mechanism for each mobile terminal is identical, once the key generating short message verification code is obtained illegally, lawless person can obtain dynamic password arbitrarily, and dynamic token will be no longer safe.
Summary of the invention
For the problems referred to above, the invention provides a kind of security certification system based on application platform login and authentication method thereof, it is in the process logging in application platform, input while user name and login password submit to application platform to carry out certification, the authentication code generating enhancement mode in client local security plug-in unit carries out safety certification to client, to ensure the safety of user.
Technical scheme provided by the invention is as follows:
Based on the security certification system that application platform logs in, comprising: client, application platform and authentication platform, wherein,
Described client comprises: for obtaining data obtaining module and first memory module of user profile, the safety insert for generating the first authentication code is had in described first memory module, and the built-in mathematical algorithm with user's unique association in described safety insert;
The described application platform be connected with described client communication comprises: the first authentication module, the first random number generation module and the second memory module be connected with described first authentication module and described first random number generation module respectively, described first random number generation module is for generating a random parameter and being stored in by described random parameter in described second memory module, and described first authentication module is used for user profile and described random parameter described in certification;
Comprise with the described authentication platform that described application platform communicates to connect: the 3rd memory module, the second authentication module be connected with described 3rd memory module and the feedback module be connected with described second authentication module; The described safety insert for generating the second authentication code is had in described 3rd memory module; Described second authentication module realizes the certification of described first authentication code based on described second authentication code; Described feedback module is used for the authentication result in the second authentication module being turned back in described application platform and described client respectively.
In the technical program, all comprised built-in in client and in authentication platform uniquely with the safety insert of the mathematical algorithm of user-association, user is in the process logging in application platform, except similar with existing login step, need outside authentication of users name and login password, also need the unique authentication code (the first authentication code generated in client) generated in authenticating security plug-in unit.Due to the uniqueness of mathematical algorithm, namely the mathematical algorithm of each user's correspondence oneself, is difficult to decode, naturally substantially increases the fail safe in verification process.
Further preferably, in described client:
Described user profile comprises: user name, login password and the identification information for unique identification user; Described identification information is International Mobile Station Equipment Identification or general unique identifier;
The described random parameter that described application platform sends by described safety insert as calculated factor, use described mathematical algorithm generate described first authentication code.
In the technical program, in the process of generation first authentication code, the random parameter generated in application platform is calculated as factor of safety, due to randomness and the Unpredictability of random parameter, improve the security performance of Verification System equally.
Further preferably, described second memory module is also for storing registered user's list;
Described first authentication module based on described registered user's list, Authentication Client send user profile in user name and login password;
Described first authentication module, based on described the client random parameter sent and the random parameter stored in a storage module, completes the certification of described random parameter.
Further preferably, in described authentication platform:
The random parameter that described application platform sends by described safety insert as calculated factor, use described mathematical algorithm to generate the second authentication code.
In the technical program, equally the random parameter generated in application platform is calculated as factor of safety in the process of generation second authentication code.
Further preferably, in described 3rd memory module also in have a preset algorithm;
And also comprise in described authentication platform: the second random number generation module, algorithm generation module and collector; Wherein,
Described second random number generation module generates random key based on described identification information;
Described algorithm generation module, is connected with described second memory module and described second random number generation module respectively, and described algorithm generation module generates described mathematical algorithm based on described random key and described preset algorithm;
Described collector, be connected with described algorithm generation module, the described mathematical algorithm that described algorithm generation module generates is compiled as described safety insert by described collector, and is back in client via described application platform by described safety insert by feedback module.
In the technical program, user carries out in the process registered in this application platform, namely safety insert is generated by authentication platform, and safety insert is turned back in client store, such user will call the authentication code that this safety insert generates enhancement mode when logging in application platform, to ensure the security performance of user profile.
Further preferably, described algorithm generation module comprises:
For determining the priority determining unit of the priority of operations of described mathematical algorithm according to described random key;
And/or,
For determining the structure determination unit of the packet configuration of described mathematical algorithm and the priority of operations of described packet configuration according to described random key;
And/or,
For determining the parameter determination unit of the operational parameter of described mathematical algorithm according to described random key.
In the technical program, obtain mathematical algorithm by above three kinds of modes.
Present invention also offers a kind of safety certifying method logged in based on application platform, be applied to above-mentioned security certification system, described safety certifying method comprises the following steps:
S1 client obtains user name and login password, and described user name and login password are sent to application platform;
Application platform described in S2 completes the certification of described user name and login password, and stochastic generation one random parameter after the authentication has been successful, and be sent to described client after being stored by described random parameter;
Client described in S3 using described random parameter as calculated factor, use built-in mathematical algorithm to generate the first authentication code, and described first authentication code and described random parameter are sent to described application platform;
The random parameter of the random parameter received and self storage is compared by application platform described in S4, completes the certification of described random parameter, and after the authentication has been successful described first authentication code and described random parameter is sent to described authentication platform;
Authentication platform described in S5 using the random parameter received as calculated factor, use described mathematical algorithm to generate the second authentication code, and the second authentication code generated and the first authentication code of receiving to be compared;
Described authentication result turns back in described application platform and described client by authentication platform described in S6.
Further preferably, before step S1, further comprising the steps of:
S01 client obtains described user name and login password, and described user name and login password and registration request are sent to described application platform;
Application platform described in S02 receives described registration request, verifies the user name received simultaneously;
After described in S03, user name is verified, described user name and described login password association store are formed new registered user's list by described application platform in current registered user's list, and the result is back to described client;
Client described in S04 receives described the result, and then obtains the identification information of unique identification user; And described identification information and identifying code request are sent to described application platform;
After application platform described in S05 receives described identifying code request, stochastic generation identifying code is sent to described client;
Client described in S06 receives and shows described identifying code, sends identifying code authentication request to described application platform based on the described identifying code received simultaneously;
Application platform described in S07 receives described identifying code authentication request, and carries out certification to described identifying code; If authentication success, transmission identification information and safety insert generate request to authentication platform;
S08 authentication platform receives described safety insert and generates request, generates mathematical algorithm based on described identification information and built-in preset algorithm;
Described mathematical algorithm is programmed to safety insert by authentication platform described in S09, and is back in client via described application platform by described safety insert.
Further preferably, in step s 2, described application platform completes the certification of described user name and login password based on new registered user's list, and random parameter described in stochastic generation storing after authentication success;
And/or,
In step s 4 which, described identification information is International Mobile Station Equipment Identification or general unique identifier;
And/or,
In step S02, described application platform is searched in current registered user's list based on the user name received, if do not find identical user name, is then proved to be successful.
Further preferably, specifically comprise in step S08:
Random key is generated based on identification information;
Determine the priority of operations of described mathematical algorithm priority based on described random key and/or determine the packet configuration of described mathematical algorithm and the priority of operations of described packet configuration based on described random key, and/or determining that in described mathematical algorithm, operational parameter is to generate mathematical algorithm based on described random key.
Security certification system based on application platform login provided by the invention and authentication method thereof, can bring following beneficial effect:
In security certification system provided by the invention, user carries out in the process registered in application platform, generate the unique safety insert with user-association based on the random key generated and pre-set rule (priority determining unit and/or structure determination unit and/or parameter determination unit) in authentication platform, and this safety insert is stored in client and authentication platform respectively.Clearly know, the uniqueness of random key, ensure the uniqueness of the mathematical algorithm obtained, safety insert based on this mathematical algorithm compiling generation has possessed uniqueness naturally, and (safety insert stored in each client is unique, the mechanism realized is not identical), naturally the security performance of this mathematical algorithm just greatly increases, and is not easy to be cracked.Even if the mathematical algorithm in the safety insert installed in a certain client has been cracked, the security performance of other clients also can not be affected.
Further, in the process of carrying out safety certification, the random parameter that safety insert uses application system to return is as factor of safety, and the authentication code (the first authentication code namely generated in client) of generation has possessed randomness naturally simultaneously; In this course, by the novel cipher system that one-time pad, a people one are close, realize object, substantially increase the fail safe of certification.
Finally, application platform provided by the invention is applicable to the application platform that any one existing user of need logs in, and e.g., logins Mobile banking etc., application possesses universality, greatly extend application.
Accompanying drawing explanation
Below by clearly understandable mode, accompanying drawings preferred implementation, is further described above-mentioned characteristic, technical characteristic, advantage and implementation thereof.
Fig. 1 is a kind of execution mode structural representation of security certification system logged in based on application platform provided by the invention;
Fig. 2 is the another kind of execution mode structural representation of security certification system logged in based on application platform provided by the invention;
Fig. 3 is the identifying procedure schematic diagram of the safe verifying method based on application platform login provided by the invention;
Fig. 4 is the register flow path schematic diagram of the safe verifying method based on application platform login provided by the invention.
Drawing reference numeral illustrates:
100-security certification system, 110-client, 120-application platform, 130-authentication platform, 111-data obtaining module, 112-first memory module, 113-safety insert, 121-first authentication module, 122-first random number generation module, 123-second memory module, 131-the 3rd memory module, 132-second authentication module, 133-feedback module, 134-second random number generation module, 135-algorithm generation module, 136 collectors.
Embodiment
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, contrast accompanying drawing is illustrated the specific embodiment of the present invention below.Apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings, and obtain other execution mode.
Be illustrated in figure 1 the structural representation of the security certification system 100 1 kinds of execution modes based on application platform 120 login provided by the invention, as can be seen from the figure, comprise at this security certification system 100: client 110, application platform 120 and authentication platform 130, wherein, two-way communication can be carried out between client 110 with application platform 120 be connected, between application platform 120 and authentication platform 130, can two-way communication connection be carried out.
Specifically, client 110 comprises: data obtaining module 111 and the first memory module 112112, wherein data obtaining module 111 is for obtaining user profile, the safety insert 113 for generating the first authentication code is had in first memory module 112, and the built-in mathematical algorithm with user's unique association in safety insert 113.Application platform 120 comprises: the first authentication module 121, first random number generation module 122 and the second memory module 123 be connected with the first authentication module 121 and the first random number generation module 122 respectively, first random number generation module 122 is for generating a random parameter and being stored in by random parameter in the second memory module 123, and the first authentication module 121 is for authenticated user information and random parameter.Authentication platform 130 comprises: the 3rd memory module 131, the second authentication module 132 be connected with the 3rd memory module 131 and the feedback module 133 be connected with the second authentication module 132; Wherein, the safety insert 113 for generating the second authentication code is had in the 3rd memory module 131; Second authentication module 132 realizes the certification of the first authentication code based on the second authentication code; Feedback module 133 is for turning back to the authentication result in the second authentication module 132 in application platform 120 and client 110 respectively.
Specifically, the process that user is using this security certification system 100 to carry out login authentication is specially:
First, user inputs user profile (comprising user name and login password) by the data obtaining module 111 in client 110, and this user profile obtained is sent in application platform 120.
After application platform 120 receives this user profile, immediately based on comprising user name search in registered user's list, to verify whether this user is lawful registration user being stored in the second memory module 123; If found this user name in this registered user's list, then illustrate that it is validated user, authentication success; Otherwise authentification failure, returns and points out user to make mistakes in error message to client 110 to re-enter.And to after the user information authentication success received in application platform 120, application platform 120 sends instruction to the first random number generation module 122 and controls it and generate random parameter immediately, and the random parameter of generation and the user profile received is carried out associating and be stored in the second memory module 123 again; Finally this random parameter is fed back in client 110.
Client 110 receive application platform 120 transmit return random parameter after, call the safety insert 113 be built in the first memory module 112 immediately.The random parameter that application platform 120 sends by this safety insert 113 carries out computing generate the first authentication code as calculated factor, the mathematical algorithm that uses it built-in.Then, client 110 is by the first authentication code of the random parameter received and generation, be sent in application platform 120 together with authentication code verifying request.
After application platform 120 receives the information of client 110 transmission, the random parameter received and the random parameter be stored in the second memory module 123 are compared by the first authentication module 121 using application platform 120 to comprise immediately, to realize the certification of this random parameter, and only after this random parameter authentication success, just can send authentication request further in authentication platform 130, otherwise return error message in client 110, reminding user is made mistakes.And after random parameter authentication success, application platform 120 sends authentication request to authentication platform 130 together with the random parameter received and the first authentication code.
After authentication platform 130 receives this authentication request, call the safety insert 113 be built in the 3rd memory module 131 immediately, the random parameter received similarly is generated the second authentication code as factor of safety, the mathematical algorithm that uses it built-in and the second authentication code generated is sent to the second authentication module 132 by this safety insert 113; After second authentication module 132 receives this second authentication code, compare with the first authentication code received with the second authentication code being about to generate, realize the certification of authentication code.Finally, use feedback module 133 to feed back in client 110 by authentication result via application platform 120, complete with this safety certification that user is logged in.When the authentication result returned is authentication code authentication success, then client 110 successfully enters the login page of application platform 120, enters the homepage of this application platform 120; Otherwise login failure.
Can find out in process from the above description, in security certification system 100 provided by the invention, except the mathematical algorithm in the safety insert 113 that calls possesses except uniqueness; Need through at least three certifications (certification of the certification of user name/login password, the certification of random parameter and the first authentication code) in whole verification process, as long as there is mistake in one of them link, will report an error, ensure the security performance of verification process equally largely, and then improve the security performance of this security certification system 100.In a particular embodiment, the figure place of above-mentioned random parameter is not limited, sets according to actual conditions.
Above-mentioned execution mode is improved, obtain present embodiment, as shown in Figure 2, in the security certification system 100 that present embodiment provides, except comprising the module of above-mentioned execution mode, also comprise in authentication platform 130: the second random number generation module 134, algorithm generation module 135 and collector 136; Wherein, algorithm generation module 135 is connected with the second memory module 123 and the second random number generation module 134 respectively, and collector 136 is connected with algorithm generation module 135, completes the registration of new user in application platform 120 and the generation of safety insert 113.
User is when first time logs in application platform 120, and in this application platform 120, the process of registration specifically comprises:
First, user comprises the user profile of user name and login password by data obtaining module 111 input in client 110, and this user profile obtained is sent to application platform 120.
After application platform 120 receives this user profile, search in the existing registered user's list stored in the second memory module 123 based on the user name received immediately, whether the user name of authentication of users input is registered in this application platform 120.If do not find the user name identical with the user name inputted in existing register list, then this user name is proved to be successful, and returns in client 110 by the message feedback be proved to be successful; Otherwise user name authentication failed, prompting user re-enters user name.And after user name is proved to be successful, this user name and login password association store are formed new registered user's list in existing registered user's list.
Client 110 if the result received is authentication failed, then reselects new user name and is again sent in application platform 120 and verifies after receiving the result that application platform 120 sends.If the result received is for being proved to be successful, data obtaining module 111 is then used to obtain the identification information of unique identification user (as International Mobile Station Equipment Identification (IMEI again, InternationalMobileEquipmentIdentity) or general unique identifier (UUID, UniversallyUniqueIdentifier)); And the identification information obtained and identifying code request are sent to application platform 120 in the lump.
After the request of application platform 120 Receipt Validation code, equally the identification information received and user-association are stored in the second memory module 123, and send instruction to the second random number generation module 134 stochastic generation identifying code; Then the identifying code of generation and user-association are stored in the second memory module 123, again the identifying code of generation are sent to client 110 afterwards.Client 110 receives the identifying code of application platform 120 transmission and shows, and after inputting this identifying code, sends identifying code authentication request to application platform 120 in the login page of application platform 120 simultaneously.
After application platform 120 receives the identifying code of client 110 transmission, its first authentication module 121 comprised is compared with the identifying code being about to receive and the identifying code be stored in the second memory module 123, after success, send plug-in unit together with the identification information be stored in the second memory module 123 and generate request in authentication platform 130; Otherwise, send in error message to client 110 and point out user to make mistakes.
When authentication platform 130 receives safety insert generation request, send immediately in instruction to the second random number generation module 134; Second random number generation module 134 generates a random number based on the identification information received after receiving instruction, and the random number of generation is sent in algorithm generation module 135.Algorithm generation module 135 sets it to random key after receiving random number, and based on this random key, the preset algorithm be stored in the 3rd memory module 131 is obtained mathematical algorithm.Finally, mathematical algorithm is programmed to safety insert 113 by the collector 136 in authentication platform 130, is back in client 110 afterwards by safety insert 113 via application platform 120, and client 110 stores after receiving this safety insert 113.
More than be the process that new user registers in application platform 120, can find out from the above description, in the process of registration, only after the checking of completing user name and the checking of identifying code, just can send safety insert 113 and ask to generate in authentication platform 130 safety insert 113 with this user's unique association.From the process that safety insert 113 generates, we know, generating the random key of mathematical algorithm is generate based on the identification information of this user of unique identification, unearned mathematical algorithm/safety insert 113 and this user's unique association, safety very, user does not worry being decrypted.In a specific embodiment, above-mentioned identifying code is short message verification code, and namely after user name and login password authentication success, return authentication result is in client; Now, send short message verification code request in client in application platform, in application platform, the first random number generation module generates short message verification code immediately and sends it in client.Client receives this short message verification code, is inputted in application login page, and this short message verification code is sent in application platform and verifies.
Furthermore, above-mentioned algorithm generation module 135 comprises: for the priority determining unit of the priority of operations according to random key determination mathematical algorithm; And/or for the structure determination unit according to the packet configuration of random key determination mathematical algorithm and the priority of operations of packet configuration; And/or for the parameter determination unit of the operational parameter according to random key determination mathematical algorithm.
Based on above description, in a particular embodiment, we are described in detail the generative process of mathematical algorithm below:
If algorithm generation module 135 comprises priority determining unit, then its process changing the priority of operations of preset algorithm is in a specific embodiment: if the random key obtained in the second random number generation module 134 is the eight-digit number of 1-8, then algorithm generation module 135 changes the computing sequencing of prediction algorithm according to this random key.Specifically, if just in time altogether include eight steps in preset algorithm, then this Priority Determination module can rearrange priority according to the random key generated to eight steps, if the random key generated is 31245768, in the prediction algorithm then generated, originally the 3rd the preferential computing of step in preset algorithm, first step afterwards, second step, 4th step, five steps, 7th step, 6th step and the 8th step successively computing, the computing sequencing of original preset algorithm is changed with this, generate brand-new mathematical algorithm.Certainly, based on this random key, the rule changing preset algorithm can change accordingly according to actual conditions, as first step in eight steps in script preset algorithm is carried out computing as the step of the 3rd in mathematical algorithm by 3 representative of first in this random key; Second step in eight steps in script preset algorithm is carried out computing as the step of first in mathematical algorithm by 1 representative in random key in second, by that analogy, obtains the brand-new mathematical algorithm based on this mathematical algorithm.Certainly, we just simply introduce the rule that two change priority of operations above, setting can be re-started according to actual conditions, as in fact only included six steps in preset algorithm, then can be adjusted by the figure place changing the random number generated in the second random number generation module 134, adaptive adjustment can be carried out by latter two of ignoring in eight random numbers of generation.
If further, algorithm generation module 135 comprises structure determination unit, then the priority of operations of the packet configuration and packet configuration that can change preset algorithm according to it obtains new mathematical algorithm.In a specific embodiment, if according to the packet configuration rule of preset algorithm, operation information will be carried out and be divided into n data block, and each data block comprises 8 little piecemeals (a1, a2, a3, a4, a5, a6, a7 and a8), if the random key now generated is 73124568, and in these eight random keys first represents order of operation, second is the corresponding piecemeal of representative.Then in calculating process, be positioned at deputy 3 and represent that piecemeal a3 and piecemeal a1 exchange and change this packet configuration with this, be positioned at the preferential computing of primary 7 expression piecemeal a7, realize object with this.We exemplary give a kind of embodiment above, in other embodiments, corresponding to bits per inch word in above-mentioned rule of classification (length of each data), random key meaning (as piecemeal exchanges) etc. can set according to actual conditions.
Finally, if algorithm generation module 135 comprises parameter determination unit, then can change the constant term in preset algorithm according to it.In a specific embodiment, if preset algorithm comprises first latter two constant, be respectively 1 and 2, also comprise a several X of the unknown.And the random key obtained is 73124568, the 3rd this preset parameter of bit representation specifically in this random key, then the X in this preset algorithm is 1, forms new mathematical algorithm with this.Certainly, in another specific embodiment, also can change existing constant term in preset algorithm according to 1 in the 3rd, as changed existing second constant 2 in the 3rd 1, in the mathematical algorithm namely generated, two constants are all 1.
As a complete embodiment, if comprise above-mentioned three unit in algorithm generation module 135 simultaneously, and generate random parameter in first represent priority of operations, second represents packet configuration, and the 3rd represents constant term.Now, if the random key generated is 35781246, then a5 and the a1 in grouping block carries out adjustment and changes packet configuration, and the preferential computing of a3, constant a certain in mathematical algorithm is become 7 simultaneously, generate the mathematical algorithm with user's unique association with this.
As another embodiment, above-mentioned client is the mobile terminal such as mobile phone or panel computer, and above-mentioned application platform is mobile terminal banking system.Then when user first logs in this banking system, based on above-mentioned steps, first, input user name and login password is verified in banking system, verify note code afterwards, in last reauthentication platform, generate safety insert.
When logging in this banking system upon registration, based on above-mentioned steps, first authentication of users name and login password, verify random parameter subsequently, last authentication verification code (the first authentication code generated in mobile terminal), one ensures the information security in process of user login.
As shown in Figure 3, present invention also offers a kind of safety certifying method logged in based on application platform 120, be applied to above-mentioned security certification system 100, safety certifying method comprises the following steps: S1 client 110 obtains user name and login password, and user name and login password are sent to application platform 120; The certification of S2 application platform 120 completing user name and login password, and stochastic generation one random parameter after the authentication has been successful, and be sent to client 110 after being stored by random parameter; S3 client 110 using random parameter as calculated factor, use built-in mathematical algorithm to generate the first authentication code, and the first authentication code and random parameter are sent to application platform 120; The random parameter of the random parameter received and self storage is compared by S4 application platform 120, completes the certification of random parameter, and after the authentication has been successful the first authentication code and random parameter is sent to authentication platform 130; The random parameter received is generated the second authentication code as calculated factor, use mathematical algorithm, and the second authentication code generated and the first authentication code received is compared by S5 authentication platform 130; Authentication result turns back in application platform 120 and client 110 by S6 authentication platform 130.Wherein, in step s 2, application platform 120 is based on the certification of new registered user's list completing user name and login password, and stochastic generation random parameter storing after authentication success; In step s 4 which, identification information is International Mobile Station Equipment Identification or general unique identifier.
More particularly, as shown in Figure 4, before step S1, also comprise following registration step: S01 client 110 obtains user name and login password, and user name and login password and registration request are sent to application platform 120; S02 application platform 120 receives registration request, verifies the user name received simultaneously; After S03 user name is verified, user name and login password association store are formed new registered user's list by application platform 120 in current registered user's list, and the result is back to client 110; S04 client 110 Receipt Validation result, and then the identification information obtaining unique identification user; And identification information and identifying code request are sent to application platform 120; After the request of S05 application platform 120 Receipt Validation code, stochastic generation identifying code is sent to client 110; S06 client 110 receives and shows identifying code, sends identifying code authentication request to application platform 120 based on the identifying code received simultaneously; The request of S07 application platform 120 Receipt Validation code authentication, and certification is carried out to identifying code; If authentication success, transmission identification information and safety insert generate request to authentication platform 130; S08 authentication platform 130 receives safety insert and generates request, generates mathematical algorithm based on identification information and built-in preset algorithm; Mathematical algorithm is programmed to safety insert 113 by S09 authentication platform 130, and is back in client 110 via application platform 120 by safety insert 113.Wherein, in step S02, application platform 120 is searched in current registered user's list based on the user name received, if do not find identical user name, is then proved to be successful.Specifically comprise in step S08: generate random key based on identification information; Based on the priority of operations of random key determination mathematical algorithm priority and/or based on the packet configuration of random key determination mathematical algorithm and the priority of operations of packet configuration, and/or based on operational parameter in random key determination mathematical algorithm to generate mathematical algorithm.The process generating mathematical algorithm in authentication platform 130 is described in detail in security certification system 100, does not repeat at this.
It should be noted that above-described embodiment all can independent assortment as required.The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1., based on the security certification system that application platform logs in, it is characterized in that, described security certification system comprises: client, application platform and authentication platform, wherein,
Described client comprises: for obtaining data obtaining module and first memory module of user profile, the safety insert for generating the first authentication code is had in described first memory module, and the built-in mathematical algorithm with user's unique association in described safety insert;
The described application platform be connected with described client communication comprises: the first authentication module, the first random number generation module and the second memory module be connected with described first authentication module and described first random number generation module respectively, described first random number generation module is for generating a random parameter and being stored in by described random parameter in described second memory module, and described first authentication module is used for user profile and described random parameter described in certification;
Comprise with the described authentication platform that described application platform communicates to connect: the 3rd memory module, the second authentication module be connected with described 3rd memory module and the feedback module be connected with described second authentication module; The described safety insert for generating the second authentication code is had in described 3rd memory module; Described second authentication module realizes the certification of described first authentication code based on described second authentication code; Described feedback module is used for the authentication result in the second authentication module being turned back in described application platform and described client respectively.
2. security certification system as claimed in claim 1, is characterized in that, in described client:
Described user profile comprises: user name, login password and the identification information for unique identification user; Described identification information is International Mobile Station Equipment Identification or general unique identifier;
The described random parameter that described application platform sends by described safety insert as calculated factor, use described mathematical algorithm generate described first authentication code.
3. security certification system as claimed in claim 2, it is characterized in that, described second memory module is also for storing registered user's list;
Described first authentication module based on described registered user's list, Authentication Client send user profile in user name and login password;
Described first authentication module, based on described the client random parameter sent and the random parameter stored in a storage module, completes the certification of described random parameter.
4. security certification system as claimed in claim 3, is characterized in that, in described authentication platform:
The random parameter that described application platform sends by described safety insert as calculated factor, use described mathematical algorithm to generate the second authentication code.
5. the security certification system as described in claim 2-4 any one, is characterized in that,
A preset algorithm is had in going back in described 3rd memory module;
And also comprise in described authentication platform: the second random number generation module, algorithm generation module and collector; Wherein,
Described second random number generation module generates random key based on described identification information;
Described algorithm generation module, is connected with described second memory module and described second random number generation module respectively, and described algorithm generation module generates described mathematical algorithm based on described random key and described preset algorithm;
Described collector, be connected with described algorithm generation module, the described mathematical algorithm that described algorithm generation module generates is compiled as described safety insert by described collector, and is back in client via described application platform by described safety insert by feedback module.
6. security certification system as claimed in claim 5, it is characterized in that, described algorithm generation module comprises:
For determining the priority determining unit of the priority of operations of described mathematical algorithm according to described random key;
And/or,
For determining the structure determination unit of the packet configuration of described mathematical algorithm and the priority of operations of described packet configuration according to described random key;
And/or,
For determining the parameter determination unit of the operational parameter of described mathematical algorithm according to described random key.
7., based on the safety certifying method that application platform logs in, it is characterized in that, described safety certifying method is applied to the security certification system as described in claim 1-6 any one, and described safety certifying method comprises the following steps:
S1 client obtains user name and login password, and described user name and login password are sent to application platform;
Application platform described in S2 completes the certification of described user name and login password, and stochastic generation one random parameter after the authentication has been successful, and be sent to described client after being stored by described random parameter;
Client described in S3 using described random parameter as calculated factor, use built-in mathematical algorithm to generate the first authentication code, and described first authentication code and described random parameter are sent to described application platform;
The random parameter of the random parameter received and self storage is compared by application platform described in S4, completes the certification of described random parameter, and after the authentication has been successful described first authentication code and described random parameter is sent to described authentication platform;
Authentication platform described in S5 using the random parameter received as calculated factor, use described mathematical algorithm to generate the second authentication code, and the second authentication code generated and the first authentication code of receiving to be compared;
Described authentication result turns back in described application platform and described client by authentication platform described in S6.
8. safety certifying method as claimed in claim 7, is characterized in that, before step S1, further comprising the steps of:
S01 client obtains described user name and login password, and described user name and login password and registration request are sent to described application platform;
Application platform described in S02 receives described registration request, verifies the user name received simultaneously;
After described in S03, user name is verified, described user name and described login password association store are formed new registered user's list by described application platform in current registered user's list, and the result is back to described client;
Client described in S04 receives described the result, and then obtains the identification information of unique identification user; And described identification information and identifying code request are sent to described application platform;
After application platform described in S05 receives described identifying code request, stochastic generation identifying code is sent to described client;
Client described in S06 receives and shows described identifying code, sends identifying code authentication request to described application platform based on the described identifying code received simultaneously;
Application platform described in S07 receives described identifying code authentication request, and carries out certification to described identifying code; If authentication success, transmission identification information and safety insert generate request to authentication platform;
S08 authentication platform receives described safety insert and generates request, generates mathematical algorithm based on described identification information and built-in preset algorithm;
Described mathematical algorithm is programmed to safety insert by authentication platform described in S09, and is back in client via described application platform by described safety insert.
9. safety certifying method as claimed in claim 8, is characterized in that,
In step s 2, described application platform completes the certification of described user name and login password based on new registered user's list, and random parameter described in stochastic generation storing after authentication success;
And/or,
In step s 4 which, described identification information is International Mobile Station Equipment Identification or general unique identifier;
And/or,
In step S02, described application platform is searched in current registered user's list based on the user name received, if do not find identical user name, is then proved to be successful.
10. safety certifying method as claimed in claim 8 or 9, is characterized in that, specifically comprise in step S08:
Random key is generated based on identification information;
Determine the priority of operations of described mathematical algorithm priority based on described random key and/or determine the packet configuration of described mathematical algorithm and the priority of operations of described packet configuration based on described random key, and/or determining that in described mathematical algorithm, operational parameter is to generate mathematical algorithm based on described random key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610032441.9A CN105516195B (en) | 2016-01-19 | 2016-01-19 | A kind of security certification system and its authentication method based on application platform login |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610032441.9A CN105516195B (en) | 2016-01-19 | 2016-01-19 | A kind of security certification system and its authentication method based on application platform login |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105516195A true CN105516195A (en) | 2016-04-20 |
| CN105516195B CN105516195B (en) | 2018-11-06 |
Family
ID=55723831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610032441.9A Active CN105516195B (en) | 2016-01-19 | 2016-01-19 | A kind of security certification system and its authentication method based on application platform login |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516195B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105827621A (en) * | 2016-04-25 | 2016-08-03 | 上海众人网络安全技术有限公司 | Internet-based reservation platform login system and login method thereof |
| CN105959265A (en) * | 2016-04-25 | 2016-09-21 | 上海众人网络安全技术有限公司 | Electronic form filling system and method thereof |
| CN105959942A (en) * | 2016-04-25 | 2016-09-21 | 上海众人网络安全技术有限公司 | Identification authentication system and identification authentication method based on wireless access |
| CN106412862A (en) * | 2016-10-13 | 2017-02-15 | 上海众人网络安全技术有限公司 | Short message reinforcement method, apparatus and system |
| CN106453422A (en) * | 2016-12-08 | 2017-02-22 | 上海众人网络安全技术有限公司 | Dynamic authentication method and system based on mobile terminal |
| CN106447316A (en) * | 2016-10-13 | 2017-02-22 | 上海众人网络安全技术有限公司 | Fund transferring quota management method and system as well as network payment system |
| CN106598661A (en) * | 2016-12-08 | 2017-04-26 | 上海众人网络安全技术有限公司 | Method and system for dynamically updating plug-in |
| CN106656969A (en) * | 2016-10-13 | 2017-05-10 | 上海众人网络安全技术有限公司 | Payment state management method and system thereof, and network payment system |
| CN106656503A (en) * | 2016-10-13 | 2017-05-10 | 上海众人网络安全技术有限公司 | Key storage method, data encryption and decryption method, electronic signature method and devices thereof |
| CN107995151A (en) * | 2016-10-27 | 2018-05-04 | 腾讯科技(深圳)有限公司 | Login validation method, apparatus and system |
| WO2018107671A1 (en) * | 2016-12-15 | 2018-06-21 | 上海斐讯数据通信技术有限公司 | Sharing authentication method and system, smart device, and control method |
| WO2019037422A1 (en) * | 2017-08-22 | 2019-02-28 | 深圳市文鼎创数据科技有限公司 | Key and key handle generation method and system, and smart key security device |
| CN109495500A (en) * | 2018-12-14 | 2019-03-19 | 北京威努特技术有限公司 | A kind of double factor authentication method based on smart phone |
| CN110147658A (en) * | 2019-04-16 | 2019-08-20 | 平安科技(深圳)有限公司 | User information encipher-decipher method, system and computer equipment |
| CN110572477A (en) * | 2019-09-26 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Priority evaluation method and related equipment thereof |
| CN112256003A (en) * | 2020-10-16 | 2021-01-22 | 英博超算(南京)科技有限公司 | Method for guaranteeing safety of remote control parking process |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7024690B1 (en) * | 2000-04-28 | 2006-04-04 | 3Com Corporation | Protected mutual authentication over an unsecured wireless communication channel |
| CN101222488A (en) * | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101419686A (en) * | 2008-10-28 | 2009-04-29 | 吕金洪 | A kind of on-line contract signing system based on the internet |
| CN101420301A (en) * | 2008-04-21 | 2009-04-29 | 林格灵 | Human face recognizing identity authentication system |
| CN102202040A (en) * | 2010-03-26 | 2011-09-28 | 联想(北京)有限公司 | Client authentication method and device |
| CN102291418A (en) * | 2011-09-23 | 2011-12-21 | 胡祥义 | Method for realizing cloud computing security architecture |
| US20120144189A1 (en) * | 2009-08-11 | 2012-06-07 | Zhong Zhen | Wlan authentication method, wlan authentication server, and terminal |
| CN105069619A (en) * | 2015-07-17 | 2015-11-18 | 上海众人网络安全技术有限公司 | On-line fast payment system and payment method thereof |
-
2016
- 2016-01-19 CN CN201610032441.9A patent/CN105516195B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7024690B1 (en) * | 2000-04-28 | 2006-04-04 | 3Com Corporation | Protected mutual authentication over an unsecured wireless communication channel |
| CN101222488A (en) * | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101420301A (en) * | 2008-04-21 | 2009-04-29 | 林格灵 | Human face recognizing identity authentication system |
| CN101419686A (en) * | 2008-10-28 | 2009-04-29 | 吕金洪 | A kind of on-line contract signing system based on the internet |
| US20120144189A1 (en) * | 2009-08-11 | 2012-06-07 | Zhong Zhen | Wlan authentication method, wlan authentication server, and terminal |
| CN102202040A (en) * | 2010-03-26 | 2011-09-28 | 联想(北京)有限公司 | Client authentication method and device |
| CN102291418A (en) * | 2011-09-23 | 2011-12-21 | 胡祥义 | Method for realizing cloud computing security architecture |
| CN105069619A (en) * | 2015-07-17 | 2015-11-18 | 上海众人网络安全技术有限公司 | On-line fast payment system and payment method thereof |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959265B (en) * | 2016-04-25 | 2019-07-09 | 上海众人网络安全技术有限公司 | A kind of electronics fills out single system and its method |
| CN105959265A (en) * | 2016-04-25 | 2016-09-21 | 上海众人网络安全技术有限公司 | Electronic form filling system and method thereof |
| CN105959942A (en) * | 2016-04-25 | 2016-09-21 | 上海众人网络安全技术有限公司 | Identification authentication system and identification authentication method based on wireless access |
| CN105827621A (en) * | 2016-04-25 | 2016-08-03 | 上海众人网络安全技术有限公司 | Internet-based reservation platform login system and login method thereof |
| CN106656503B (en) * | 2016-10-13 | 2019-09-24 | 上海众人网络安全技术有限公司 | Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device |
| CN106412862A (en) * | 2016-10-13 | 2017-02-15 | 上海众人网络安全技术有限公司 | Short message reinforcement method, apparatus and system |
| CN106656969A (en) * | 2016-10-13 | 2017-05-10 | 上海众人网络安全技术有限公司 | Payment state management method and system thereof, and network payment system |
| CN106656503A (en) * | 2016-10-13 | 2017-05-10 | 上海众人网络安全技术有限公司 | Key storage method, data encryption and decryption method, electronic signature method and devices thereof |
| CN106447316A (en) * | 2016-10-13 | 2017-02-22 | 上海众人网络安全技术有限公司 | Fund transferring quota management method and system as well as network payment system |
| CN106412862B (en) * | 2016-10-13 | 2020-01-31 | 上海众人网络安全技术有限公司 | short message reinforcement method, device and system |
| CN107995151A (en) * | 2016-10-27 | 2018-05-04 | 腾讯科技(深圳)有限公司 | Login validation method, apparatus and system |
| CN106598661A (en) * | 2016-12-08 | 2017-04-26 | 上海众人网络安全技术有限公司 | Method and system for dynamically updating plug-in |
| CN106453422A (en) * | 2016-12-08 | 2017-02-22 | 上海众人网络安全技术有限公司 | Dynamic authentication method and system based on mobile terminal |
| WO2018107671A1 (en) * | 2016-12-15 | 2018-06-21 | 上海斐讯数据通信技术有限公司 | Sharing authentication method and system, smart device, and control method |
| WO2019037422A1 (en) * | 2017-08-22 | 2019-02-28 | 深圳市文鼎创数据科技有限公司 | Key and key handle generation method and system, and smart key security device |
| CN109495500A (en) * | 2018-12-14 | 2019-03-19 | 北京威努特技术有限公司 | A kind of double factor authentication method based on smart phone |
| CN110147658A (en) * | 2019-04-16 | 2019-08-20 | 平安科技(深圳)有限公司 | User information encipher-decipher method, system and computer equipment |
| CN110572477A (en) * | 2019-09-26 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Priority evaluation method and related equipment thereof |
| CN112256003A (en) * | 2020-10-16 | 2021-01-22 | 英博超算(南京)科技有限公司 | Method for guaranteeing safety of remote control parking process |
| CN112256003B (en) * | 2020-10-16 | 2022-10-28 | 英博超算(南京)科技有限公司 | Method for guaranteeing safety of remote control parking process |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105516195B (en) | 2018-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516195A (en) | Security authentication system and security authentication method based on application platform login | |
| CA2591968C (en) | Authentication device and/or method | |
| AU2005318933B2 (en) | Authentication device and/or method | |
| CN107426235B (en) | Authority authentication method, device and system based on equipment fingerprint | |
| CN101166091B (en) | A dynamic password authentication method and service end system | |
| US8590024B2 (en) | Method for generating digital fingerprint using pseudo random number code | |
| CN103856468B (en) | Authentication system and method | |
| CN1937498A (en) | Dynamic cipher authentication method, system and device | |
| CN109618341A (en) | A kind of digital signature authentication method, system, device and storage medium | |
| CN112491881A (en) | Cross-platform single sign-on method, system, electronic equipment and storage medium | |
| CN108900561A (en) | The method, apparatus and system of single-sign-on | |
| CN106779716A (en) | Authentication method, apparatus and system based on block chain account address | |
| CN206212040U (en) | A kind of real-name authentication system for express delivery industry | |
| CN114788226A (en) | Unmanaged tool for building decentralized computer applications | |
| CN105959942A (en) | Identification authentication system and identification authentication method based on wireless access | |
| CN105262748A (en) | Wide area network user terminal identity authentication method and system | |
| CN105515781A (en) | Login system of application platform and login method thereof | |
| CN104767617A (en) | Message processing method, system and related device | |
| CN104426659A (en) | Dynamic password generating method, authentication method, authentication system and corresponding equipment | |
| CN106656969A (en) | Payment state management method and system thereof, and network payment system | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN114301617A (en) | Identity authentication method and device for multi-cloud application gateway, computer equipment and medium | |
| JP5186648B2 (en) | System and method for facilitating secure online transactions | |
| CN109257381A (en) | A kind of key management method, system and electronic equipment | |
| EP2916509B1 (en) | Network authentication method for secure user identity verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 201203 Pudong New Area, Shanghai, China (Shanghai) free trade pilot area 899 9, 1-4 1-4 story 01 rooms. Applicant after: Shanghai PeopleNet Security Technology Co., Ltd. Address before: 201821 211 rooms, No. 1411, Yecheng Road, Jiading District, Shanghai Applicant before: Shanghai PeopleNet Security Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |