CN105577611B - A kind of computer security implementation method and device based on hardware and server authentication - Google Patents
A kind of computer security implementation method and device based on hardware and server authentication Download PDFInfo
- Publication number
- CN105577611B CN105577611B CN201410532737.8A CN201410532737A CN105577611B CN 105577611 B CN105577611 B CN 105577611B CN 201410532737 A CN201410532737 A CN 201410532737A CN 105577611 B CN105577611 B CN 105577611B
- Authority
- CN
- China
- Prior art keywords
- user
- server
- computer
- identification information
- date codes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention proposes a kind of computer security implementation method and device based on hardware and server authentication, method include: to input username and password on computers to be authenticated by server;After certification passes through, computer obtains user identifier, unique hardware identification and date codes and carries out reversible encryption and handles to obtain user security identification information;User security identification information is uploaded onto the server using secure transmission tunnel;Server by user identifier, unique hardware identification and date codes it is corresponding with user security identification information storage;When again passing by certification, whether its unique hardware identification of server authentication and date codes are matched, if so, then performing the next step rapid;Otherwise, authentification failure;Again pass by after server authentication passes through, update in user security identification information by reversible encryption treated date codes.Implement the computer security implementation method and device of the invention based on hardware and server authentication, has the advantages that safety is higher.
Description
Technical field
The present invention relates to computer safety field, in particular to a kind of computer security based on hardware and server authentication
Implementation method and device.
Background technique
In computer safety field, traditional method is that the user name password for verifying is sent to clothes after encryption
Business end.Under this mode, password is the combination of simple number and character, which is uploaded to service after encryption
End, such mode are easy to use after being verified elsewhere, reduce safety after user name password is leaked,
Server end also can not effectively control the behavior and state of user.
Summary of the invention
The technical problem to be solved in the present invention is that the defect not high for the above-mentioned safety of the prior art, provides one
The kind higher computer security implementation method and device based on hardware and server authentication of safety.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of based on hardware and server authentication
Computer security implementation method, includes the following steps:
A) input username and password is authenticated by server on the computer;
B) after certification passes through, the computer obtains user identifier, unique hardware identification and date codes;
C user's peace is obtained after) carrying out reversible encryption processing to the user identifier, unique hardware identification and date codes
Full identification information;
D the user security identification information) is uploaded into the server using secure transmission tunnel;
E user identifier, unique hardware identification and date codes and user before) server handles reversible encryption
The corresponding storage of safe identification information;
F when) user again passes by the certification of the server, its unique hardware identification of the server authentication and date are compiled
Whether code matches, if so, thening follow the steps G);Otherwise, authentification failure;
G) again pass by after the server authentication passes through, update in user security identification information by reversible encryption
Date codes after reason.
In the computer security implementation method of the present invention based on hardware and server authentication, the unique hardware
Mark includes hard disk serial number and MAC Address.
In the computer security implementation method of the present invention based on hardware and server authentication, the date codes
It is to be encoded to date when currently passing through certification.
In the computer security implementation method of the present invention based on hardware and server authentication, the safe transmission
Channel is in the channel that client and server is established, and transmission mode is the transmission of https agreement.
In the computer security implementation method of the present invention based on hardware and server authentication, the reversible encryption
Using DES reversible encryption mode.
The invention further relates to a kind of device of computer security implementation method for realizing above-mentioned hardware and server authentication, packets
It includes: input unit: being authenticated for inputting username and password on the computer by server;
Acquiring unit: for after certification passes through, the computer to obtain user identifier, unique hardware identification and date volume
Code;
Encryption unit: for carrying out reversible encryption processing to the user identifier, unique hardware identification and date codes
After obtain user security identification information;
Uploading unit: for the user security identification information to be uploaded to the server using secure transmission tunnel;
Storage unit: for before handling the server by reversible encryption user identifier, unique hardware identification and
Date codes storage corresponding with user security identification information;
Authentication unit: when for again passing by the certification of the server in user, it is unique hard for the server authentication
Whether part mark and date codes match, if so, certification, which is updated after passing through in user security identification information, passes through reversible encryption
Date codes that treated;Otherwise, authentification failure;
Certification updating unit: it for again passing by after the server authentication passes through, updates in user security identification information
By reversible encryption treated date codes.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Stating unique hardware identification includes hard disk serial number and MAC Address.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Stating date codes was encoded to date when currently passing through certification.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Stating secure transmission tunnel is in the channel that client and server is established, and transmission mode is the transmission of https agreement.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Reversible encryption is stated using DES reversible encryption mode.
Implement the computer security implementation method and device of the invention based on hardware and server authentication, has with following
Beneficial effect: since after certification passes through, computer obtains user identifier, unique hardware identification and date codes and carries out reversible add
User security identification information is obtained after close processing;When user again passes by the certification of server, it is unique hard for server authentication
Whether part mark and date codes match, that is, by way of secondary verifying, and combine unique hardware identification and date
The legitimacy of decision verification user is encoded, the one-one relationship between user bound and computer strengthens the tight of user's checking
Lattice, so its safety is higher.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is that the present invention is based in the computer security implementation method and device one embodiment of hardware and server authentication
The flow chart of method;
Fig. 2 is the structural schematic diagram of device in the embodiment.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The present invention is based in the computer security implementation method and Installation practice of hardware and server authentication, it is based on
The flow chart of the computer security implementation method of hardware and server authentication is as shown in Figure 1.In Fig. 1, this method includes following step
Rapid: step S01 inputs username and password on computers and is authenticated by server: in this step, being verified use for the first time
Name in an account book and password are authenticated through server, it is worth mentioning at this point that, the username and password verified for the first time is carried out by server
Distribution, only legal user can just obtain.The username and password of the distribution can only be bound through server authentication
Unique computer.
For step S02 after certification passes through, computer obtains user identifier, unique hardware identification and date codes: this step
In, after username and password is passed through by server authentication, computer obtains user identifier, unique hardware identification and date volume
Code, it is worth mentioning at this point that, in the present embodiment, user identifier is uniquely that user identifier is for current system user, uniquely
Hardware identifier includes hard disk serial number and MAC Address, and date codes are (namely to work as the day before yesterday to date when currently passing through certification
Phase) encoded.
Step S03 obtains user after carrying out reversible encryption processing to user identifier, unique hardware identification and date codes
Safe identification information: in this step, in order to increase the safety of system, user identifier, unique hardware identification and date are compiled
Code obtains user security identification information after carrying out reversible encryption.In the present embodiment, reversible encryption is using the reversible encryption side DES
Formula currently under some cases of the present embodiment, can also select other cipher modes.
Step S04 is uploaded onto the server user security identification information using secure transmission tunnel: in this step, using peace
Full transmission channel uploads onto the server user security identification information, which built in client and server
Vertical channel, transmission mode are the transmission of https agreement.The safety of system can also be increased in this way.
Step S05 server reversible encryption is handled before user identifier, unique hardware identification and date codes and use
The corresponding storage of the safe identification information in family: in this step, server reversible encryption is handled before user identifier, unique hardware identification
And date codes storage corresponding with user security identification information.
When step S06 user again passes by the certification of server, its unique hardware identification of server authentication and date codes
Whether match: in this step, when user again passes by the certification of server, its unique hardware identification of server authentication and date are compiled
Code whether match, if verifying result be it is yes, then follow the steps S07;Otherwise, step S08 is executed.
Step S07 is again passed by after server authentication passes through, and is updated in user security identification information and is passed through reversible encryption
Date codes that treated: if the judging result of above-mentioned steps S06 be it is yes, i.e., unique hardware identification and date codes matching,
Then execute this step.In this step, again pass by after server authentication passes through, the process updated in user security identification information can
Reverse encryption treated date codes.
Step S08 authentification failure: if the judging result of above-mentioned steps S06 be it is no, i.e. unique hardware identification and the date compiles
Code mismatches, then executes this step.In this step, the result of return authentication failure.The present invention by way of secondary verifying, and
And the legitimacy of unique hardware identification and date codes decision verification user is combined, it is one-to-one between user bound and computer
Relationship strengthens the stringency of user's checking, so its safety is higher.It is noted that when having recorded use on server
After name in an account book and user security identification information, user will be unable to the computer for replacing client again, if user needs replacing calculating
Machine, it is necessary to obtain legal username and password to server again, this further improves the safety of system.
The present embodiment further relates to a kind of realize the above-mentioned computer security implementation method based on hardware and server authentication
Device, structural schematic diagram are as shown in Figure 2.In Fig. 2, which includes input unit 1, acquiring unit 2, encryption unit 3, uploads
Unit 4, storage unit 5, authentication unit 6 and certification updating unit 7;Wherein, input unit 1 for inputting user on computers
Name and password are authenticated by server;Acquiring unit 2 is used for after certification passes through, computer obtain user identifier, it is unique firmly
Part mark and date codes;Encryption unit 3 is used to carry out reversible encryption to user identifier, unique hardware identification and date codes
User security identification information is obtained after processing;Uploading unit 4 is used to use secure transmission tunnel by user security identification information
Pass to server;Storage unit 5 is for user identifier, unique hardware identification and the day before handling server by reversible encryption
The storage corresponding with user security identification information of phase coding;Authentication unit 6 is used for when user again passes by the certification of server, clothes
Business device verifies its unique hardware identification and whether date codes match, if so, certification updates user security identification information after passing through
In by reversible encryption treated date codes;Otherwise, authentification failure;Certification updating unit 7 is for again passing by service
After device certification passes through, update in user security identification information by reversible encryption treated date codes.The present invention passes through
The mode of secondary verifying, and combine unique hardware identification and date codes decision verification user legitimacy, user bound with
One-one relationship between computer strengthens the stringency of user's checking, so its safety is higher.It is noted that
After having recorded user name and user security identification information on server, user will be unable to the computer for replacing client again, such as
Fruit user needs replacing computer, it is necessary to obtain legal username and password to server again, this is further improved
The safety of system.
It is noted that in the present embodiment, above-mentioned unique hardware identification includes hard disk serial number and MAC Address, certainly,
Unique hardware identification also may include other kinds of hardware identifier.Above-mentioned date codes are to date when currently passing through certification
It is encoded.Secure transmission tunnel is in the channel that client and server is established, and transmission mode is that https agreement passes
It is defeated, the safety of system can be increased in this way.Above-mentioned reversible encryption is using DES reversible encryption mode, it is of course also possible to adopt
Mode with other cipher modes, encryption is more flexible.
In short, in the present embodiment, test for the first time using the user name of server opposite direction user distribution, password
Card, and user security identification information is generated to unique subscriber identification, unique hardware identification and the date codes that computer obtains,
When being verified again, the matching of its unique hardware identification and date codes is verified, improves the safety of system, institute in this way
It is higher with its safety.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (4)
1. a kind of computer security implementation method based on hardware and server authentication, which comprises the steps of:
A) input username and password is authenticated by server on the computer;The username and password can only be bound
Pass through the unique computer of server authentication;
B) after certification passes through, the computer obtains user identifier, unique hardware identification and date codes;
C user security knowledge is obtained after) carrying out reversible encryption processing to the user identifier, unique hardware identification and date codes
Other information;
D the user security identification information) is uploaded into the server using secure transmission tunnel;
E user identifier, unique hardware identification and date codes and user security before) server handles reversible encryption
The corresponding storage of identification information;
F when) user again passes by the certification of the server, its unique hardware identification of the server authentication and date codes are
No matching, if so, thening follow the steps G);Otherwise, authentification failure;By way of secondary verifying, and combine unique hardware mark
Know the legitimacy with date codes decision verification user, the one-one relationship between user bound and computer;When on server
After having recorded user name and user security identification information, user will be unable to the computer for replacing client again, if user needs
Replace computer, it is necessary to obtain legal username and password to server again;
G) again pass by after the server authentication passes through, update in user security identification information after reversible encryption is handled
Date codes;
The unique hardware identification includes hard disk serial number and MAC Address;
The date codes were encoded to date when currently passing through certification;
The secure transmission tunnel is in the channel that client and server is established, and transmission mode is the transmission of https agreement.
2. the computer security implementation method according to claim 1 based on hardware and server authentication, which is characterized in that
The reversible encryption is using DES reversible encryption mode.
3. a kind of dress for realizing the computer security implementation method as described in claim 1 based on hardware and server authentication
It sets characterized by comprising
Input unit: it is authenticated for inputting username and password on the computer by server;The user name and
Password can only bind the unique computer by server authentication;
Acquiring unit: for after certification passes through, the computer to obtain user identifier, unique hardware identification and date codes;
Encryption unit: for being obtained after carrying out reversible encryption processing to the user identifier, unique hardware identification and date codes
To user security identification information;
Uploading unit: for the user security identification information to be uploaded to the server using secure transmission tunnel;
Storage unit: for user identifier, unique hardware identification and the date before handling the server by reversible encryption
Encode storage corresponding with user security identification information;
Authentication unit: when for again passing by the certification of the server in user, its unique hardware mark of the server authentication
Know and whether date codes match, if so, certification updates handling in user security identification information by reversible encryption after passing through
Date codes afterwards;Otherwise, authentification failure;By way of secondary verifying, and combine unique hardware identification and date codes
The legitimacy of decision verification user, the one-one relationship between user bound and computer;When having recorded user name on server
After user security identification information, the computer that user will be unable to replace client again must if user needs replacing computer
Legal username and password must be obtained to server again;
Certification updating unit: for again passing by after the server authentication passes through, the warp in user security identification information is updated
Cross reversible encryption treated date codes;
The unique hardware identification includes hard disk serial number and MAC Address;
The date codes were encoded to date when currently passing through certification;
The secure transmission tunnel is in the channel that client and server is established, and transmission mode is the transmission of https agreement.
4. the dress according to claim 3 for realizing the above-mentioned computer security implementation method based on hardware and server authentication
It sets, which is characterized in that the reversible encryption is using DES reversible encryption mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410532737.8A CN105577611B (en) | 2014-10-10 | 2014-10-10 | A kind of computer security implementation method and device based on hardware and server authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410532737.8A CN105577611B (en) | 2014-10-10 | 2014-10-10 | A kind of computer security implementation method and device based on hardware and server authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105577611A CN105577611A (en) | 2016-05-11 |
| CN105577611B true CN105577611B (en) | 2019-05-24 |
Family
ID=55887279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410532737.8A Active CN105577611B (en) | 2014-10-10 | 2014-10-10 | A kind of computer security implementation method and device based on hardware and server authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105577611B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302539A (en) * | 2016-10-12 | 2017-01-04 | 广州市芯德电子技术有限公司 | A kind of embedded type WEB safety certifying method |
| CN106789883A (en) * | 2016-11-21 | 2017-05-31 | 美的智慧家居科技有限公司 | The method and apparatus of connection server |
| CN112002080B (en) * | 2019-05-27 | 2022-02-15 | 中电金融设备系统(深圳)有限公司 | Bank terminal, bank terminal equipment and information security processing method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007091098A1 (en) * | 2006-02-10 | 2007-08-16 | Rabbit Point Limited | Ip-based communication |
| CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
| CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
| CN101697542A (en) * | 2009-10-19 | 2010-04-21 | 中兴通讯股份有限公司 | Authentication method, soft switch and terminal |
| CN102664903A (en) * | 2012-05-16 | 2012-09-12 | 李明 | Network user identifying method and system |
-
2014
- 2014-10-10 CN CN201410532737.8A patent/CN105577611B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007091098A1 (en) * | 2006-02-10 | 2007-08-16 | Rabbit Point Limited | Ip-based communication |
| CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
| CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
| CN101697542A (en) * | 2009-10-19 | 2010-04-21 | 中兴通讯股份有限公司 | Authentication method, soft switch and terminal |
| CN102664903A (en) * | 2012-05-16 | 2012-09-12 | 李明 | Network user identifying method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105577611A (en) | 2016-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768970B (en) | Binding method of intelligent equipment, identity authentication platform and storage medium | |
| TWI705349B (en) | Terminal authentication processing, authentication method, device and system | |
| CN104125226B (en) | A kind of method, apparatus and system for locking and unlocking application | |
| CN104573516B (en) | A kind of industrial control system trusted context management-control method and platform based on safety chip | |
| US9009463B2 (en) | Secure delivery of trust credentials | |
| US20180048649A1 (en) | Systems and methods for authenticating an online user using a secure authorization server | |
| US9780950B1 (en) | Authentication of PKI credential by use of a one time password and pin | |
| CN105187450A (en) | Authentication method and device based on authentication equipment | |
| CN102510378B (en) | Method for logging in online game through mobile equipment | |
| CU20170033A7 (en) | METHODS AND APPLIANCE FOR THE AUTHENTICATION OF A SEVICIO NETWORK BY A USER TEAM (EU) USING CREDENTIALS OF A DOMESTIC NETWORK | |
| CN103475477A (en) | Safe authorized access method | |
| CN105577611B (en) | A kind of computer security implementation method and device based on hardware and server authentication | |
| US9154304B1 (en) | Using a token code to control access to data and applications in a mobile platform | |
| CN104580136A (en) | UEFI-based long-distance identity authentication system and method | |
| CN103124266A (en) | Mobile terminal, method and system for logging in through mobile terminal and cloud server | |
| CN109450854A (en) | A kind of distribution terminal communication security protection method and system | |
| KR101739203B1 (en) | Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption | |
| CN104506321A (en) | Method for updating seed data in dynamic token | |
| WO2015186829A1 (en) | Transmission node, reception node, communication network system, message creation method, and computer program | |
| CN108886530B (en) | Method for activating mobile device in enterprise mobile management and mobile device | |
| CN103118022A (en) | Verification method of no-password unauthenticated login | |
| GB2501069A (en) | Authentication using coded images to derive an encrypted passcode | |
| CZ2013373A3 (en) | Authentication method of safe data channel | |
| CN106533677B (en) | A kind of user login method, user terminal and server | |
| CN102769629A (en) | Client-side password storage method and service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 510000 No. 16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province, 1 501 Patentee after: Link Technology Co., Ltd. Address before: 510665 No. 16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province, 1 501 Patentee before: Guangzhou Lianyi Information Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Computer safety realization method and computer safety realization device based on hardware and server authentication Effective date of registration: 20200426 Granted publication date: 20190524 Pledgee: China Co truction Bank Corp Guangzhou economic and Technological Development Zone sub branch Pledgor: LIANYI TECHNOLOGY Co.,Ltd. Registration number: Y2020440000096 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 510000 No. 16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province, 1 501 Patentee after: Link Polytron Technologies Inc. Address before: 510000 No. 16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province, 1 501 Patentee before: LIANYI TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |