CN105516195B - A kind of security certification system and its authentication method based on application platform login - Google Patents

A kind of security certification system and its authentication method based on application platform login Download PDF

Info

Publication number
CN105516195B
CN105516195B CN201610032441.9A CN201610032441A CN105516195B CN 105516195 B CN105516195 B CN 105516195B CN 201610032441 A CN201610032441 A CN 201610032441A CN 105516195 B CN105516195 B CN 105516195B
Authority
CN
China
Prior art keywords
authentication
random
module
application platform
client
Prior art date
Application number
CN201610032441.9A
Other languages
Chinese (zh)
Other versions
CN105516195A (en
Inventor
谈剑锋
董亚琴
姜立稳
王力
钱金金
Original Assignee
上海众人网络安全技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海众人网络安全技术有限公司 filed Critical 上海众人网络安全技术有限公司
Priority to CN201610032441.9A priority Critical patent/CN105516195B/en
Publication of CN105516195A publication Critical patent/CN105516195A/en
Application granted granted Critical
Publication of CN105516195B publication Critical patent/CN105516195B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations

Abstract

The present invention provides a kind of security certification system logged in based on application platform and its authentication methods, include in the security certification system:Client, application platform and authentication platform, wherein client includes:Data obtaining module and the first memory module have the safety insert for generating the first authentication code, and built in op algorithm in safety insert in the first memory module.Application platform includes:The first random number generation module for generating a random parameter and being stored in random parameter in the second memory module is used for the first authentication module of certification user information and random parameter.Authentication platform includes:There is the third of safety insert based on the second authentication module of the certification of the second authentication code the first authentication code of realization;Authentication result in second authentication module is returned to the feedback module of application platform and client respectively.Due to the uniqueness of safety insert, the security performance in safety certification process is substantially increased.

Description

A kind of security certification system and its authentication method based on application platform login

Technical field

The present invention relates to field of communication technology more particularly to it is a kind of based on application platform log in security certification system and its Authentication method.

Background technology

With the development of Information technology, information security technology applications in various fields is more extensive.Pacify in information Full field, safety certification are often the first key that information system uses, and safety is more and more paid attention to.Accordingly Ground, the dynamic-password technique in order to reinforce the safety in safety certification process have been increasingly being applied to each different necks Domain, especially in application fields such as Internetbank, network game, telecom operators, E-Government, enterprise servers.

Dynamic password is to generate a uncertain random digit combination according to special algorithm, and a password uses one Secondary is effectively a kind of account anti-theft technology of safe and convenient, the certification safety that can be merchandised and be logged in effective protection.And recognizing During card, using dynamic password authentication be not necessarily to periodic modification password, save worry safely, to most basic cipher authentication this Link ensure that the safety of system, solve the heavy losses caused by password is cheated, and prevent malice invader or artificial It destroys, solves the problems, such as invasion caused by being divulged a secret by password.

However, in existing Verification System, either entity hardware dynamic token or software dynamic token have one A common weakness, i.e. its all token algorithm are all identical and disclosed, and the body of different user is only realized by key Part verification process.Such as in user logs in banking system in the terminal, if login page input user name and Login password, being sent after being verified in server later after dynamic short message verification code is verified can log in.It can To find out, the login mechanism for each mobile terminal is identical, once the key for generating short message verification code is illegal It obtains, criminal can arbitrarily obtain dynamic password, and dynamic token will be no longer safe.

Invention content

In view of the above-mentioned problems, the present invention provides a kind of security certification systems and its authenticating party logged in based on application platform Method, during logging in application platform, while inputting user name and login password application platform submitted to be authenticated, Enhanced authentication code is generated in client local security plug-in unit, safety certification is carried out to client, to ensure the safety of user.

Technical solution provided by the invention is as follows:

A kind of security certification system logged in based on application platform, including:Client, application platform and authentication platform, Wherein,

The client includes:Data obtaining module for obtaining user information and the first memory module, described There is the safety insert for generating the first authentication code in one memory module, and uniquely closed with user built in the safety insert The mathematical algorithm of connection;

The application platform being connect with the client communication includes:First authentication module, the first generating random number Module and the second memory module being connect respectively with first authentication module and first random number generation module, it is described The random parameter for one random parameter of generation and is stored in second memory module by the first random number generation module, First authentication module is for user information and the random parameter described in certification;

With the application platform communication connection the authentication platform include:Third memory module is deposited with the third Second authentication module of storage module connection and the feedback module being connect with second authentication module;In the third memory module There is the safety insert for generating the second authentication code;Second authentication module is based on second authentication code and realizes institute State the certification of the first authentication code;The feedback module is for respectively answering the authentication result in the second authentication module back to described With in platform and the client.

In the technical scheme, all to have included built-in in client and in authentication platform uniquely calculate with the operation of user-association The safety insert of method, user is during logging in application platform, in addition to similar with existing login step, verification is needed to use Except name in an account book and login password, it is also necessary to verify unique authentication code (first generated in client generated in safety insert Authentication code).Due to the uniqueness of mathematical algorithm, i.e., each user corresponds to the mathematical algorithm of oneself, it is difficult to decode, carry significantly naturally Safety in high verification process.

It is further preferred that in the client:

The user information includes:User name, login password and the identification information for unique mark user;The mark It is International Mobile Station Equipment Identification or Universally Unique Identifier to know information;

The random parameter that the safety insert sends the application platform as calculate the factor, using the operation Algorithm generates first authentication code.

In the technical scheme, during generating the first authentication code using the random parameter generated in application platform as Factor of safety is calculated, and due to the randomness and Unpredictability of random parameter, equally improves the safety of Verification System Energy.

It is further preferred that second memory module is additionally operable to storage registration user list;

First authentication module is based on the registration user list, the user in the user information that Authentication Client is sent Name and login password;

Random parameter that first authentication module is sent based on the client and storage in a storage module random Parameter completes the certification of the random parameter.

It is further preferred that in the authentication platform:

The random parameter that the safety insert sends the application platform as calculate the factor, use the mathematical algorithm Generate the second authentication code.

In the technical scheme, the random parameter that will equally be generated in application platform during generating the second authentication code It is calculated as factor of safety.

It is further preferred that also interior in the third memory module have a preset algorithm;

And further include in the authentication platform:Second random number generation module, algorithm generation module and collector;Its In,

Second random number generation module is based on the identification information and generates random key;

The algorithm generation module is connect with second memory module and second random number generation module respectively, The algorithm generation module is based on the random key and the preset algorithm generates the mathematical algorithm;

The collector is connect with the algorithm generation module, and the collector gives birth to the algorithm generation module At the mathematical algorithm be compiled as the safety insert, and the safety insert is put down via the application by feedback module Platform is back in client.

In the technical scheme, user is generated by authentication platform and is pacified during the application platform is registered Full plug-in unit, and safety insert is returned in client and is stored, such user will when logging in application platform The safety insert is called to generate enhanced authentication code, to ensure the security performance of user information.

It is further preferred that the algorithm generation module includes:

Priority determining unit for the priority of operations for determining the mathematical algorithm according to the random key;

And/or

The operation of packet configuration and the packet configuration for determining the mathematical algorithm according to the random key is excellent The structure determination unit of first grade;

And/or

Parameter determination unit for the operational parameter for determining the mathematical algorithm according to the random key.

In the technical scheme, mathematical algorithm is obtained by three of the above mode.

The present invention also provides a kind of safety certifying methods logged in based on application platform, are applied to above-mentioned safety certification system System, the safety certifying method include the following steps:

S1 clients obtain user name and login password, and the user name and login password are sent to application platform;

Application platform described in S2 completes the certification of the user name and login password, and random generation one after the authentication has been successful Random parameter, and the client is sent to after the random parameter is stored;

The random parameter is generated the first authentication code by client described in S3 as the calculating factor, using mathematical algorithm, and First authentication code and the random parameter are sent to the application platform;

The random parameter of the random parameter received and itself storage is compared application platform described in S4, described in completion The certification of random parameter, and first authentication code and the random parameter are sent to the certification after the authentication has been successful and put down Platform;

The random parameter received is generated second by authentication platform described in S5 as the calculating factor, using the mathematical algorithm Authentication code, and the second authentication code of generation is compared with the first authentication code received;

Authentication platform described in S6 returns to the authentication result in the application platform and the client.

It is further preferred that before step S1, it is further comprising the steps of:

S01 clients obtain the user name and login password, and the user name and login password and registration are asked It asks and is sent to the application platform;

Application platform described in S02 receives the registration request, while being verified to the user name received;

After user name described in S03 is verified, the user name is associated with by the application platform with the login password It is stored in current registration user list and forms new registration user list, and verification result is back to the client;

Client described in S04 receives the verification result, and then obtains the identification information of unique mark user;And it will be described Identification information and identifying code request are sent to the application platform;

After application platform described in S05 receives the identifying code request, the random identifying code that generates is sent to the client;

Client described in S06 receives and shows the identifying code, while sending verification based on the identifying code received Code authentication is asked to the application platform;

Application platform described in S07 receives the identifying code certification request, and is authenticated to the identifying code;If certification at Work(, sends identification information and safety insert generates request to authentication platform;

S08 authentication platforms receive the safety insert and generate request, based on the identification information and built-in preset algorithm Generate mathematical algorithm;

The mathematical algorithm is programmed to safety insert by authentication platform described in S09, and by the safety insert via described Application platform is back in client.

It is further preferred that in step s 2, the application platform completes the user based on new registration user list The certification of name and login password, and generate the random parameter at random after certification success and stored;

And/or

In step S04, the identification information is International Mobile Station Equipment Identification or Universally Unique Identifier;

And/or

In step S02, the application platform is looked into based on the user name received in currently registration user list It looks for, if not finding identical user name, is proved to be successful.

It is further preferred that being specifically included in step S08:

Random key is generated based on identification information;

The priority of operations of the mathematical algorithm priority is determined based on the random key, and/or based on described random Key determines the packet configuration of the mathematical algorithm and the priority of operations of the packet configuration, and/or based on described with secret Key determines that operational parameter is to generate mathematical algorithm in the mathematical algorithm.

The security certification system provided by the invention logged in based on application platform and its authentication method, can bring following has Beneficial effect:

In security certification system provided by the invention, user is during application platform is registered, authentication platform In random key and pre-set rule (priority determining unit and/or structure determination unit and/or ginseng based on generation Number determination units) generate with unique safety insert of user-association, and the safety insert is respectively stored in client and is recognized It demonstrate,proves in platform.Clearly know, the uniqueness of random key has ensured the uniqueness of obtained mathematical algorithm, is based on the fortune The safety insert that calculation algorithm compiling generates has uniqueness naturally, and (safety insert stored in each client is unique , the mechanism of realization is different from), so the security performance of the mathematical algorithm just greatly increases, it is not easy to it is cracked.I.e. So that the mathematical algorithm in the safety insert installed in a certain client is cracked, the safety of other clients will not be influenced Energy.

Further more, during carrying out safety certification, safety insert uses the random parameter that application system returns as peace The authentication code (the first authentication code generated in client) of total divisor, generation has been provided simultaneously with randomness naturally;In this mistake Cheng Zhong realizes purpose, substantially increases the safety of certification by the novel cipher system that one-time pad, a people one are close.

Finally, application platform provided by the invention is suitable for any one existing application platform for needing user to log in, e.g., Mobile banking etc. is logined, using above having universality, greatly expands application field.

Description of the drawings

Below by a manner of clearly understandable, preferred embodiment is described with reference to the drawings, to above-mentioned characteristic, technical characteristic, Advantage and its realization method are further described.

Fig. 1 is a kind of embodiment structure signal of the security certification system provided by the invention logged in based on application platform Figure;

Fig. 2 is the security certification system another embodiment structural representation provided by the invention logged in based on application platform Figure;

Fig. 3 is the identifying procedure schematic diagram of the safe verifying method provided by the invention logged in based on application platform;

Fig. 4 is the register flow path schematic diagram of the safe verifying method provided by the invention logged in based on application platform.

Drawing reference numeral explanation:

100- security certification systems, 110- clients, 120- application platforms, 130- authentication platforms, 111- acquisition of information moulds Block, the first memory modules of 112-, 113- safety inserts, the first authentication modules of 121-, the first random number generation modules of 122-, 123- Second memory module, 131- third memory modules, the second authentication modules of 132-, 133- feedback modules, the life of the second random numbers of 134- At module, 135- algorithm generation modules, 136 collectors.

Specific implementation mode

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, control is illustrated below The specific implementation mode of the present invention.It should be evident that drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, other are can also be obtained according to these attached drawings Attached drawing, and obtain other embodiments.

It is the security certification system 100 a kind of embodiment party provided by the invention logged in based on application platform 120 as shown in Figure 1 The structural schematic diagram of formula, it can be seen from the figure that including in the security certification system 100:Client 110, application platform 120 And authentication platform 130, wherein two-way communication link, application platform 120 can be carried out between client 110 and application platform 120 Two-way communication link can be carried out between authentication platform 130.

Specifically, client 110 includes:Data obtaining module 111 and the first memory module 112112, wherein information Acquisition module 111 has the safety insert for generating the first authentication code for obtaining user information in the first memory module 112 113, and the built-in mathematical algorithm with user's unique association in safety insert 113.Application platform 120 includes:First certification mould Block 121, the first random number generation module 122 and connect respectively with the first authentication module 121 and the first random number generation module 122 The second memory module 123 connect, the first random number generation module 122 is for generating a random parameter and being stored in random parameter In second memory module 123, the first authentication module 121 is used for certification user information and random parameter.It is wrapped in authentication platform 130 It includes:Third memory module 131, the second authentication module 132 being connect with third memory module 131 and with the second authentication module 132 The feedback module 133 of connection;Wherein, there is the safety insert 113 for generating the second authentication code in third memory module 131; Second authentication module 132 realizes the certification of the first authentication code based on the second authentication code;Feedback module 133 by second for recognizing respectively The authentication result demonstrate,proved in module 132 returns in application platform 120 and client 110.

Specifically, user is specially in the process for carrying out login authentication using the security certification system 100:

First, user inputs user information by data obtaining module 111 in client 110 and (including user name and steps on Record password), and the user information of acquisition is sent in application platform 120.

After application platform 120 receives the user information, immediately based on including user name be stored in second It registers in memory module 123 and is searched in user list, to verify whether the user is lawful registration user;If in the registration The user name has been found in user list, then illustrates that it is validated user, certification success;Otherwise authentification failure returns to mistake User's error is prompted to re-enter in information to client 110.And the user information authentication in application platform 120 to receiving After success, application platform 120 sends a command to the first random number generation module 122 and controls its generation random parameter immediately, and The random parameter of generation and the user information received are associated and are stored in again in the second memory module 123;Finally should Random parameter is fed back in client 110.

Client 110 receives application platform 120 and is transmitted back to after the random parameter come, and calling is built in first and deposits immediately Store up the safety insert 113 in module 112.The random parameter that the safety insert 113 sends application platform 120 as calculate because Son carries out operation the first authentication code of generation using the mathematical algorithm built in it.Then, the random ginseng that client 110 will receive Number and the first authentication code generated are sent to together with authentication code verifying request in application platform 120.

After application platform 120 receives the information of the transmission of client 110, include using application platform 120 immediately The random parameter received is compared first authentication module 121 with the random parameter being stored in the second memory module 123, To realize the certification of the random parameter, and only just certification request can be further sent after random parameter certification success extremely It in authentication platform 130, otherwise returns in error message to client 110, reminds user's error.And in random parameter certification success Afterwards, application platform 120 sends certification request to authentication platform 130 together with the random parameter received and the first authentication code.

After authentication platform 130 receives the certification request, the safety being built in third memory module 131 is called immediately Plug-in unit 113, the safety insert 113 are similarly calculated using the random parameter received as factor of safety, using the operation built in it Method generates the second authentication code and the second authentication code of generation is sent to the second authentication module 132;Second authentication module 132 receives To after second authentication code, it is compared with the first authentication code received with the second authentication code that will be generated, realization is recognized Demonstrate,prove the certification of code.Finally, authentication result is fed back to via application platform 120 in client 110 using feedback module 133, with This completes the safety certification logged in user.When return authentication result be certification code authentication success, then client 110 success into The login page for entering application platform 120, into the homepage of the application platform 120;Otherwise login failure.

During from the above description as can be seen that in security certification system 100 provided by the invention, in addition to the peace of calling Mathematical algorithm in full plug-in unit 113 has except uniqueness;It is needed in entire verification process by least certification (user three times The certification of name/login password, the certification of random parameter and the certification of the first authentication code), as long as there is mistake in one of link Accidentally, it will report an error, equally largely ensure the security performance of verification process, and then improve the security certification system 100 security performance.In a particular embodiment, the digit of above-mentioned random parameter is not limited, is set according to actual conditions It is fixed.

The above embodiment is improved, present embodiment is obtained, as shown in Fig. 2, the peace provided in present embodiment In full Verification System 100, other than the module including the above embodiment, further include in authentication platform 130:Second random number Generation module 134, algorithm generation module 135 and collector 136;Wherein, algorithm generation module 135 is stored with second respectively Module 123 and the connection of the second random number generation module 134, collector 136 are connect with algorithm generation module 135, complete new use The generation of registration and safety insert 113 of the family in application platform 120.

When first time logging in application platform 120, the process registered in the application platform 120 specifically includes user:

First, user includes user name and the use of login password by the input of data obtaining module 111 in client 110 Family information, and the user information of acquisition is sent to application platform 120.

After application platform 120 receives the user information, immediately based on the user name received in the second memory module It is searched in the existing registration user list stored in 123, whether verifies user name input by user in the application It was registered in platform 120.If not finding user name identical with the user name of input in existing register list, then The user name is proved to be successful, and the message feedback being proved to be successful is returned in client 110;Otherwise user name authentication failed prompts User re-enters user name.And after user name is proved to be successful, by the user name and login password associated storage existing Registration user list in form new registration user list.

After client 110 receives the verification result of the transmission of application platform 120, lost if the verification result received is verification It loses, then reselects new user name and be sent to again in application platform 120 and verified.If the verification result received is verification Success, then again use information acquisition module 111 obtain unique mark user identification information (such as International Mobile Station Equipment Identification (IMEI, International Mobile Equipment Identity) or Universally Unique Identifier (UUID, Universally Unique Identifier));And obtained identification information and identifying code request are sent to application together Platform 120.

After application platform 120 receives identifying code request, equally the identification information received is stored in user-association In second memory module 123, and sends a command to the second random number generation module 134 and generate identifying code at random;Then it will generate Identifying code and user-association be stored in the second memory module 123, the identifying code of generation is sent to client again later 110.Client 110 receives the identifying code of the transmission of application platform 120 and is shown, while in the login of application platform 120 It is inputted in the page after the identifying code, sends identifying code certification request to application platform 120.

Application platform 120 receive client 110 transmission identifying code after, it includes the first authentication module 121 with The identifying code that will be received is compared with the identifying code being stored in the second memory module 123, after success, together with storage Identification information in the second memory module 123 sends plug-in unit and generates in request to authentication platform 130;Otherwise, error letter is sent Prompt user error in breath to client 110.

When authentication platform 130 receives safety insert generation request, the second random number generation module 134 is sent a command to immediately In;After second random number generation module 134 receives instruction, a random number is generated based on the identification information received, and will The random number of generation is sent in algorithm generation module 135.After algorithm generation module 135 receives random number, it is set For random key, and the preset algorithm being stored in third memory module 131 is obtained by mathematical algorithm based on the random key.Most Afterwards, mathematical algorithm is programmed to safety insert 113 by the collector 136 in authentication platform 130, later passes through safety insert 113 It is back in client 110 by application platform 120, client 110 is stored after receiving the safety insert 113.

It is the process that new user registers in application platform 120 above, it can be seen from the foregoing description that in registration In the process, only after completing the verification of verification and identifying code of user name, it can just send the request of safety insert 113 and arrive certification The safety insert 113 with user's unique association is generated in platform 130.From safety insert 113 generate during it is known that The random key for generating mathematical algorithm is that the identification information based on the unique mark user generates, the operation calculation being inherently derived Method/safety insert 113 and user's unique association, very safety, user do not have to worry to be decrypted.It is embodied at one In example, above-mentioned identifying code is short message verification code, i.e., after user name and login password certification success, return authentication result to visitor In the end of family;It is asked into application platform at this point, sending short message verification code in client, the first generating random number mould in application platform Block generates short message verification code and sends it in client immediately.Client receives the short message verification code, is inputted and answers With in login page, and the short message verification code is sent in application platform and is verified.

Furthermore, it is understood that above-mentioned algorithm generation module 135 includes:Fortune for determining mathematical algorithm according to random key Calculate the priority determining unit of priority;And/or packet configuration for determining mathematical algorithm according to random key and grouping knot The structure determination unit of the priority of operations of structure;And/or the ginseng of the operational parameter for determining mathematical algorithm according to random key Number determination unit.

Based on above description, in a particular embodiment, the generating process of mathematical algorithm is described in detail in we below:

If algorithm generation module 135 includes priority determining unit, change the priority of operations of preset algorithm Process is in a specific embodiment:If the random key obtained in the second random number generation module 134 is eight of 1-8 It counts, then algorithm generation module 135 changes the operation sequencing of prediction algorithm according to this random key.Specifically, if it is default Include just eight steps in total in algorithm, then the Priority Determination module can be according to eight steps of random key pair of generation Priority is rearranged, if the random key generated is 31245768, then in the prediction algorithm generated, in script preset algorithm The preferential operation of third step, be later first step, second step, the 4th step, the 5th step, the 7th Step, the 6th step and the 8th step priority operation, the operation sequencing of original preset algorithm is changed with this, Generate completely new mathematical algorithm.Certainly, it is based on the random key, changing the rule of preset algorithm can carry out according to actual conditions Corresponding variation, as first 3 in the random key represents first step in eight steps in script preset algorithm Operation is carried out as the third step in mathematical algorithm;1 representative in random key in second will be in script preset algorithm Second step in eight steps carries out operation as first step in mathematical algorithm, and so on, it obtains being based on being somebody's turn to do The completely new mathematical algorithm of mathematical algorithm.Certainly, it is above we only simply introduce two change priority of operations rules, can To re-start setting according to actual conditions, as actually only included six steps in preset algorithm, then change can be passed through The digit of the random number generated in second random number generation module 134 adjusts, can be by ignoring eight random numbers of generation In rear two adjustment for carrying out adaptability.

Further more, if algorithm generation module 135 includes structure determination unit, point of preset algorithm can be changed according to it The priority of operations of structure and packet configuration is organized to obtain new mathematical algorithm.In a specific embodiment, if according to pre- The packet configuration rule of imputation method will carry out operation information and be divided into n data block, and each data block includes 8 small points Block (a1, a2, a3, a4, a5, a6, a7 and a8), if the random key generated at this time is 73124568, and this eight random First in key represents order of operation, and second is the corresponding piecemeal of representative.Then in calculating process, it is located at deputy 3 It indicates that piecemeal a3 is exchanged with piecemeal a1 and the packet configuration is changed with this, be located at primary 7 and indicate the preferential operations of piecemeal a7, with this Realize purpose.We, which are only exemplary, above gives a kind of specific implementation mode, in other embodiments, to above-mentioned grouping The corresponding meaning of bits per inch word (such as piecemeal exchange) can be according to reality in regular (length of each data), random key Situation is set.

Finally, if algorithm generation module 135 includes parameter determination unit, can be changed in preset algorithm according to it Constant term.In a specific embodiment, if preset algorithm includes latter two first constant, respectively 1 and 2, further include one A unknown several X.And obtained random key is 73124568, the third position in the specific random key indicates that the fixation is joined Number, then the X in the preset algorithm is 1, and new mathematical algorithm is formed with this.It certainly, can also in another specific embodiment Changed according to 1 in third position and have constant term in preset algorithm, such as existing second constant 2 is changed in the third position 1, that is, two constants are all 1 in the mathematical algorithm generated.

As a complete embodiment, if include above three unit simultaneously in algorithm generation module 135, and generate First represents priority of operations in random parameter, and second represents packet configuration, and third position represents constant term.If at this point, The random key of generation is 35781246, then is grouped a5 in the block and a1 and is adjusted change packet configuration, and the preferential operations of a3, A certain constant in mathematical algorithm is become 7 simultaneously, the mathematical algorithm with user's unique association is generated with this.

As another embodiment, above-mentioned client is that mobile terminals, the above application platforms such as mobile phone or tablet computer are Mobile terminal banking system.Then user first log in the banking system when, be based on above-mentioned steps, first, input user name and Login password is verified in banking system, verifies message code later, safety insert is generated in last reauthentication platform.

When logging in the banking system upon registration, above-mentioned steps are based on, first verify that user name and login password, then Random parameter is verified, last authentication verification code (the first authentication code generated in mobile terminal), one ensures in process of user login Information security.

As shown in figure 3, the present invention also provides a kind of safety certifying method logged in based on application platform 120, it is applied to Above-mentioned security certification system 100, safety certifying method includes the following steps:S1 clients 110 obtain user name and login password, And user name and login password are sent to application platform 120;S2 application platforms 120 complete recognizing for user name and login password Card, and generate a random parameter at random after the authentication has been successful, and client 110 is sent to after random parameter is stored; S3 clients 110 using random parameter as calculating the factor, generate the first authentication code using mathematical algorithm, and by the first authentication code and Random parameter is sent to application platform 120;The random parameter that S4 application platforms 120 store the random parameter received with itself It is compared, completes the certification of random parameter, and the first authentication code and random parameter are sent to certification after the authentication has been successful and put down Platform 130;The random parameter received is generated the second authentication code by S5 authentication platforms 130 as the calculating factor, using mathematical algorithm, And the second authentication code of generation is compared with the first authentication code received;S6 authentication platforms 130 return to authentication result Into application platform 120 and client 110.Wherein, in step s 2, application platform 120 is complete based on new registration user list At the certification of user name and login password, and random parameter is generated at random after certification success and is stored.

More specifically, further include following registration step as shown in figure 4, before step S1:S01 clients 110 obtain User name and login password, and user name and login password and registration request are sent to application platform 120;S02 applications are flat Platform 120 receives registration request, while being verified to the user name received;After S03 user names are verified, using flat User name and login password associated storage are formed new registration user list by platform 120 in currently registration user list, and will Verification result is back to client 110;S04 clients 110 receive verification result, and then obtain the mark letter of unique mark user Breath;And identification information and identifying code request are sent to application platform 120;S05 application platforms 120 receive identifying code and ask it Afterwards, identifying code is generated at random be sent to client 110;S06 clients 110 receive and show identifying code, while being based on receiving Identifying code send identifying code certification request to application platform 120;S07 application platforms 120 receive identifying code certification request, and right Identifying code is authenticated;If certification success, sends identification information and safety insert generates request to authentication platform 130;S08 certifications Platform 130 receives safety insert and generates request, and mathematical algorithm is generated based on identification information and built-in preset algorithm;S09 certifications Mathematical algorithm is programmed to safety insert 113 by platform 130, and safety insert 113 is back to client via application platform 120 In 110.Wherein, in step S02, application platform 120 is carried out based on the user name received in currently registration user list It searches, if not finding identical user name, is proved to be successful.It is specifically included in step S08:Based on identification information generate with Secret key;The priority of operations of mathematical algorithm priority is determined based on random key, and/or determines that operation is calculated based on random key The packet configuration of method and the priority of operations of packet configuration, and/or based on random key determine in mathematical algorithm operational parameter with Generate mathematical algorithm.The process that mathematical algorithm is generated in authentication platform 130 has been described in security certification system 100, This will not be repeated here.In step S04, identification information is International Mobile Station Equipment Identification or Universally Unique Identifier.

It should be noted that above-described embodiment can be freely combined as needed.The above is only the preferred of the present invention Embodiment, it is noted that for those skilled in the art, in the premise for not departing from the principle of the invention Under, several improvements and modifications can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.

Claims (9)

1. a kind of security certification system logged in based on application platform, which is characterized in that the security certification system includes:Visitor Family end, application platform and authentication platform, wherein
The client includes:Data obtaining module for obtaining user information and the first memory module, described first deposits There is the safety insert for generating the first authentication code in storage module, and built-in and user's unique association in the safety insert Mathematical algorithm;
The application platform being connect with the client communication includes:First authentication module, the first random number generation module And the second memory module being connect respectively with first authentication module and first random number generation module, described first Random number generation module is described for generating a random parameter and the random parameter being stored in second memory module First authentication module is for user information and the random parameter described in certification;
With the application platform communication connection the authentication platform include:Third memory module stores mould with the third Second authentication module of block connection and the feedback module being connect with second authentication module;Have in the third memory module The safety insert for generating the second authentication code;Second authentication module is based on second authentication code and realizes described the The certification of one authentication code;The feedback module is for respectively putting down the authentication result in the second authentication module back to the application In platform and the client.
2. security certification system as described in claim 1, which is characterized in that in the client:
The user information includes:User name, login password and the identification information for unique mark user;The mark letter Breath is International Mobile Station Equipment Identification or Universally Unique Identifier;
The random parameter that the safety insert sends the application platform as calculate the factor, using the mathematical algorithm Generate first authentication code.
3. security certification system as claimed in claim 2, which is characterized in that second memory module is additionally operable to storage registration User list;
First authentication module be based on the registration user list, Authentication Client send user information in user name and Login password;
The random parameter of the random parameter and storage that first authentication module is sent based on the client in a storage module, Complete the certification of the random parameter.
4. security certification system as claimed in claim 3, which is characterized in that in the authentication platform:
The safety insert generates the random parameter that the application platform is sent as the calculating factor, using the mathematical algorithm Second authentication code.
5. the security certification system as described in claim 2-4 any one, which is characterized in that
It is also interior in the third memory module to have a preset algorithm;
And further include in the authentication platform:Second random number generation module, algorithm generation module and collector;Wherein,
Second random number generation module is based on the identification information and generates random key;
The algorithm generation module is connect with second memory module and second random number generation module respectively, described Algorithm generation module is based on the random key and the preset algorithm generates the mathematical algorithm;
The collector is connect with the algorithm generation module, and the collector generates the algorithm generation module The mathematical algorithm is compiled as the safety insert, and is returned the safety insert via the application platform by feedback module It is back in client.
6. security certification system as claimed in claim 5, which is characterized in that the algorithm generation module includes:
Priority determining unit for the priority of operations for determining the mathematical algorithm according to the random key;
And/or
The priority of operations of packet configuration and the packet configuration for determining the mathematical algorithm according to the random key Structure determination unit;
And/or
Parameter determination unit for the operational parameter for determining the mathematical algorithm according to the random key.
7. a kind of safety certifying method logged in based on application platform, which is characterized in that the safety certifying method is applied to such as Security certification system described in claim 1-6 any one, the safety certifying method include the following steps:
S1 clients obtain user name and login password, and the user name and login password are sent to application platform;
Application platform described in S2 completes the certification of the user name and login password, and random generation one is random after the authentication has been successful Parameter, and the client is sent to after the random parameter is stored;
Client described in S3 is using the random parameter as calculating the factor, generate the first authentication code using mathematical algorithm, and by institute It states the first authentication code and the random parameter is sent to the application platform;
The random parameter of the random parameter received and itself storage is compared application platform described in S4, completes described random The certification of parameter, and first authentication code and the random parameter are sent to the authentication platform after the authentication has been successful;
The random parameter received is generated the second certification by authentication platform described in S5 as the calculating factor, using the mathematical algorithm Code, and the second authentication code of generation is compared with the first authentication code received;
Authentication platform described in S6 returns to the authentication result in the application platform and the client;
Further include following registration step before step S1:
S01 clients obtain the user name and login password, and the user name and login password and registration request are sent out It is sent to the application platform;
Application platform described in S02 receives the registration request, while being verified to the user name received;
After user name described in S03 is verified, the application platform is by the user name and the login password associated storage New registration user list is formed in currently registration user list, and verification result is back to the client;
Client described in S04 receives the verification result, and then obtains the identification information of unique mark user;And by the mark Information and identifying code request are sent to the application platform;
After application platform described in S05 receives the identifying code request, the random identifying code that generates is sent to the client;
Client described in S06 receives and shows the identifying code, while sending identifying code based on the identifying code received and recognizing Card is asked to the application platform;
Application platform described in S07 receives the identifying code certification request, and is authenticated to the identifying code;If certification success, It sends identification information and safety insert generates request to authentication platform;
S08 authentication platforms receive the safety insert and generate request, are generated based on the identification information and built-in preset algorithm Mathematical algorithm;
The mathematical algorithm is programmed to safety insert by authentication platform described in S09, and by the safety insert via the application Platform is back in client.
8. safety certifying method as claimed in claim 7, which is characterized in that
In step s 2, the application platform completes recognizing for the user name and login password based on new registration user list Card, and generate the random parameter at random after certification success and stored;
And/or
In step S04, the identification information is International Mobile Station Equipment Identification or Universally Unique Identifier;
And/or
In step S02, the application platform is searched based on the user name received in currently registration user list, if Identical user name is not found, then is proved to be successful.
9. safety certifying method as claimed in claim 7 or 8, which is characterized in that specifically included in step S08:
Random key is generated based on identification information;
The priority of operations of the mathematical algorithm priority is determined based on the random key, and/or is based on the random key Determine the packet configuration of the mathematical algorithm and the priority of operations of the packet configuration, and/or true based on the random key Operational parameter is to generate mathematical algorithm in the fixed mathematical algorithm.
CN201610032441.9A 2016-01-19 2016-01-19 A kind of security certification system and its authentication method based on application platform login CN105516195B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610032441.9A CN105516195B (en) 2016-01-19 2016-01-19 A kind of security certification system and its authentication method based on application platform login

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610032441.9A CN105516195B (en) 2016-01-19 2016-01-19 A kind of security certification system and its authentication method based on application platform login

Publications (2)

Publication Number Publication Date
CN105516195A CN105516195A (en) 2016-04-20
CN105516195B true CN105516195B (en) 2018-11-06

Family

ID=55723831

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610032441.9A CN105516195B (en) 2016-01-19 2016-01-19 A kind of security certification system and its authentication method based on application platform login

Country Status (1)

Country Link
CN (1) CN105516195B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827621A (en) * 2016-04-25 2016-08-03 上海众人网络安全技术有限公司 Internet-based reservation platform login system and login method thereof
CN105959942A (en) * 2016-04-25 2016-09-21 上海众人网络安全技术有限公司 Identification authentication system and identification authentication method based on wireless access
CN105959265B (en) * 2016-04-25 2019-07-09 上海众人网络安全技术有限公司 A kind of electronics fills out single system and its method
CN106447316A (en) * 2016-10-13 2017-02-22 上海众人网络安全技术有限公司 Fund transferring quota management method and system as well as network payment system
CN106656969A (en) * 2016-10-13 2017-05-10 上海众人网络安全技术有限公司 Payment state management method and system thereof, and network payment system
CN106412862B (en) * 2016-10-13 2020-01-31 上海众人网络安全技术有限公司 short message reinforcement method, device and system
CN106656503B (en) * 2016-10-13 2019-09-24 上海众人网络安全技术有限公司 Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device
CN107995151B (en) * 2016-10-27 2020-02-21 腾讯科技(深圳)有限公司 Login verification method, device and system
CN106598661B (en) * 2016-12-08 2020-10-30 上海众人网络安全技术有限公司 Method and system for dynamically updating plug-in
CN106453422B (en) * 2016-12-08 2020-09-04 上海众人网络安全技术有限公司 Dynamic authentication method and system based on mobile terminal
CN106534192B (en) * 2016-12-15 2020-01-07 上海斐讯数据通信技术有限公司 Shared authentication method and system, intelligent equipment and control method
CN107395350B (en) * 2017-08-22 2019-12-20 深圳市文鼎创数据科技有限公司 Method and system for generating key and key handle and intelligent key safety equipment
CN109495500A (en) * 2018-12-14 2019-03-19 北京威努特技术有限公司 A kind of double factor authentication method based on smart phone

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7024690B1 (en) * 2000-04-28 2006-04-04 3Com Corporation Protected mutual authentication over an unsecured wireless communication channel
CN101222488A (en) * 2007-01-10 2008-07-16 华为技术有限公司 Method and network authentication server for controlling client terminal access to network appliance
CN101420301A (en) * 2008-04-21 2009-04-29 林格灵 Human face recognizing identity authentication system
CN101419686A (en) * 2008-10-28 2009-04-29 吕金洪 A kind of on-line contract signing system based on the internet
CN102202040A (en) * 2010-03-26 2011-09-28 联想(北京)有限公司 Client authentication method and device
CN102291418A (en) * 2011-09-23 2011-12-21 胡祥义 Method for realizing cloud computing security architecture
CN105069619A (en) * 2015-07-17 2015-11-18 上海众人网络安全技术有限公司 On-line fast payment system and payment method thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101621801B (en) * 2009-08-11 2012-11-28 华为终端有限公司 Method, system, server and terminal for authenticating wireless local area network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7024690B1 (en) * 2000-04-28 2006-04-04 3Com Corporation Protected mutual authentication over an unsecured wireless communication channel
CN101222488A (en) * 2007-01-10 2008-07-16 华为技术有限公司 Method and network authentication server for controlling client terminal access to network appliance
CN101420301A (en) * 2008-04-21 2009-04-29 林格灵 Human face recognizing identity authentication system
CN101419686A (en) * 2008-10-28 2009-04-29 吕金洪 A kind of on-line contract signing system based on the internet
CN102202040A (en) * 2010-03-26 2011-09-28 联想(北京)有限公司 Client authentication method and device
CN102291418A (en) * 2011-09-23 2011-12-21 胡祥义 Method for realizing cloud computing security architecture
CN105069619A (en) * 2015-07-17 2015-11-18 上海众人网络安全技术有限公司 On-line fast payment system and payment method thereof

Also Published As

Publication number Publication date
CN105516195A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
Das et al. Design of secure and lightweight authentication protocol for wearable devices environment
Chatterjee et al. Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment
CN104065653B (en) A kind of interactive auth method, device, system and relevant device
CN104579694B (en) A kind of identity identifying method and system
Wazid et al. Design of secure key management and user authentication scheme for fog computing services
US9900163B2 (en) Facilitating secure online transactions
CN104639562B (en) A kind of system of pushing certification and the method for work of equipment
WO2018214133A1 (en) Method, device and system for fido authentication based on blockchain
CN105162785B (en) A kind of method and apparatus registered based on authenticating device
CN104519066B (en) A kind of method for activating mobile terminal token
Todorov Mechanics of user identification and authentication: Fundamentals of identity management
CN103685282B (en) A kind of identity identifying method based on single-sign-on
Bird et al. Systematic design of a family of attack-resistant authentication protocols
JP5058600B2 (en) System and method for providing contactless authentication
RU2506637C2 (en) Method and device for verifying dynamic password
EP2160864B8 (en) Authentication system and method
EP1833219B1 (en) Methods, apparatus and software for using a token to calculate time-limited password within cellular telephone
JP5579872B2 (en) Secure multiple UIM authentication and key exchange
EP1922632B1 (en) Extended one-time password method and apparatus
US8132020B2 (en) System and method for user authentication with exposed and hidden keys
EP1498800B1 (en) Security link management in dynamic networks
US5491752A (en) System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
KR101095239B1 (en) Secure communications
CN1323538C (en) A dynamic identity certification method and system
JP3595109B2 (en) Authentication device, terminal device, authentication method in those devices, and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 201203 Pudong New Area, Shanghai, China (Shanghai) free trade pilot area 899 9, 1-4 1-4 story 01 rooms.

Applicant after: Shanghai PeopleNet Security Technology Co., Ltd.

Address before: 201821 211 rooms, No. 1411, Yecheng Road, Jiading District, Shanghai

Applicant before: Shanghai PeopleNet Security Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant