A kind of computer security implementation method and device based on hardware and server authentication
Technical field
The present invention relates to computer safety field, in particular to a kind of computer security based on hardware and server authentication
Implementation method and device.
Background technique
In computer safety field, traditional method is that the user name password for verifying is sent to clothes after encryption
Business end.Under this mode, password is the combination of simple number and character, which is uploaded to service after encryption
End, such mode are easy to use after being verified elsewhere, reduce safety after user name password is leaked,
Server end also can not effectively control the behavior and state of user.
Summary of the invention
The technical problem to be solved in the present invention is that the defect not high for the above-mentioned safety of the prior art, provides one
The kind higher computer security implementation method and device based on hardware and server authentication of safety.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of based on hardware and server authentication
Computer security implementation method, includes the following steps:
A) input username and password is authenticated by server on the computer;
B) after certification passes through, the computer obtains user identifier, unique hardware identification and date codes;
C user's peace is obtained after) carrying out reversible encryption processing to the user identifier, unique hardware identification and date codes
Full identification information;
D the user security identification information) is uploaded into the server using secure transmission tunnel;
E user identifier, unique hardware identification and date codes and user before) server handles reversible encryption
The corresponding storage of safe identification information;
F when) user again passes by the certification of the server, its unique hardware identification of the server authentication and date are compiled
Whether code matches, if so, thening follow the steps G);Otherwise, authentification failure;
G) again pass by after the server authentication passes through, update in user security identification information by reversible encryption
Date codes after reason.
In the computer security implementation method of the present invention based on hardware and server authentication, the unique hardware
Mark includes hard disk serial number and MAC Address.
In the computer security implementation method of the present invention based on hardware and server authentication, the date codes
It is to be encoded to date when currently passing through certification.
In the computer security implementation method of the present invention based on hardware and server authentication, the safe transmission
Channel is in the channel that client and server is established, and transmission mode is the transmission of https agreement.
In the computer security implementation method of the present invention based on hardware and server authentication, the reversible encryption
Using DES reversible encryption mode.
The invention further relates to a kind of device of computer security implementation method for realizing above-mentioned hardware and server authentication, packets
It includes: input unit: being authenticated for inputting username and password on the computer by server;
Acquiring unit: for after certification passes through, the computer to obtain user identifier, unique hardware identification and date volume
Code;
Encryption unit: for carrying out reversible encryption processing to the user identifier, unique hardware identification and date codes
After obtain user security identification information;
Uploading unit: for the user security identification information to be uploaded to the server using secure transmission tunnel;
Storage unit: for before handling the server by reversible encryption user identifier, unique hardware identification and
Date codes storage corresponding with user security identification information;
Authentication unit: when for again passing by the certification of the server in user, it is unique hard for the server authentication
Whether part mark and date codes match, if so, certification, which is updated after passing through in user security identification information, passes through reversible encryption
Date codes that treated;Otherwise, authentification failure;
Certification updating unit: it for again passing by after the server authentication passes through, updates in user security identification information
By reversible encryption treated date codes.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Stating unique hardware identification includes hard disk serial number and MAC Address.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Stating date codes was encoded to date when currently passing through certification.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Stating secure transmission tunnel is in the channel that client and server is established, and transmission mode is the transmission of https agreement.
In the device of the computer security implementation method of the present invention for realizing above-mentioned hardware and server authentication, institute
Reversible encryption is stated using DES reversible encryption mode.
Implement the computer security implementation method and device of the invention based on hardware and server authentication, has with following
Beneficial effect: since after certification passes through, computer obtains user identifier, unique hardware identification and date codes and carries out reversible add
User security identification information is obtained after close processing;When user again passes by the certification of server, it is unique hard for server authentication
Whether part mark and date codes match, that is, by way of secondary verifying, and combine unique hardware identification and date
The legitimacy of decision verification user is encoded, the one-one relationship between user bound and computer strengthens the tight of user's checking
Lattice, so its safety is higher.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is that the present invention is based in the computer security implementation method and device one embodiment of hardware and server authentication
The flow chart of method;
Fig. 2 is the structural schematic diagram of device in the embodiment.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The present invention is based in the computer security implementation method and Installation practice of hardware and server authentication, it is based on
The flow chart of the computer security implementation method of hardware and server authentication is as shown in Figure 1.In Fig. 1, this method includes following step
Rapid: step S01 inputs username and password on computers and is authenticated by server: in this step, being verified use for the first time
Name in an account book and password are authenticated through server, it is worth mentioning at this point that, the username and password verified for the first time is carried out by server
Distribution, only legal user can just obtain.The username and password of the distribution can only be bound through server authentication
Unique computer.
For step S02 after certification passes through, computer obtains user identifier, unique hardware identification and date codes: this step
In, after username and password is passed through by server authentication, computer obtains user identifier, unique hardware identification and date volume
Code, it is worth mentioning at this point that, in the present embodiment, user identifier is uniquely that user identifier is for current system user, uniquely
Hardware identifier includes hard disk serial number and MAC Address, and date codes are (namely to work as the day before yesterday to date when currently passing through certification
Phase) encoded.
Step S03 obtains user after carrying out reversible encryption processing to user identifier, unique hardware identification and date codes
Safe identification information: in this step, in order to increase the safety of system, user identifier, unique hardware identification and date are compiled
Code obtains user security identification information after carrying out reversible encryption.In the present embodiment, reversible encryption is using the reversible encryption side DES
Formula currently under some cases of the present embodiment, can also select other cipher modes.
Step S04 is uploaded onto the server user security identification information using secure transmission tunnel: in this step, using peace
Full transmission channel uploads onto the server user security identification information, which built in client and server
Vertical channel, transmission mode are the transmission of https agreement.The safety of system can also be increased in this way.
Step S05 server reversible encryption is handled before user identifier, unique hardware identification and date codes and use
The corresponding storage of the safe identification information in family: in this step, server reversible encryption is handled before user identifier, unique hardware identification
And date codes storage corresponding with user security identification information.
When step S06 user again passes by the certification of server, its unique hardware identification of server authentication and date codes
Whether match: in this step, when user again passes by the certification of server, its unique hardware identification of server authentication and date are compiled
Code whether match, if verifying result be it is yes, then follow the steps S07;Otherwise, step S08 is executed.
Step S07 is again passed by after server authentication passes through, and is updated in user security identification information and is passed through reversible encryption
Date codes that treated: if the judging result of above-mentioned steps S06 be it is yes, i.e., unique hardware identification and date codes matching,
Then execute this step.In this step, again pass by after server authentication passes through, the process updated in user security identification information can
Reverse encryption treated date codes.
Step S08 authentification failure: if the judging result of above-mentioned steps S06 be it is no, i.e. unique hardware identification and the date compiles
Code mismatches, then executes this step.In this step, the result of return authentication failure.The present invention by way of secondary verifying, and
And the legitimacy of unique hardware identification and date codes decision verification user is combined, it is one-to-one between user bound and computer
Relationship strengthens the stringency of user's checking, so its safety is higher.It is noted that when having recorded use on server
After name in an account book and user security identification information, user will be unable to the computer for replacing client again, if user needs replacing calculating
Machine, it is necessary to obtain legal username and password to server again, this further improves the safety of system.
The present embodiment further relates to a kind of realize the above-mentioned computer security implementation method based on hardware and server authentication
Device, structural schematic diagram are as shown in Figure 2.In Fig. 2, which includes input unit 1, acquiring unit 2, encryption unit 3, uploads
Unit 4, storage unit 5, authentication unit 6 and certification updating unit 7;Wherein, input unit 1 for inputting user on computers
Name and password are authenticated by server;Acquiring unit 2 is used for after certification passes through, computer obtain user identifier, it is unique firmly
Part mark and date codes;Encryption unit 3 is used to carry out reversible encryption to user identifier, unique hardware identification and date codes
User security identification information is obtained after processing;Uploading unit 4 is used to use secure transmission tunnel by user security identification information
Pass to server;Storage unit 5 is for user identifier, unique hardware identification and the day before handling server by reversible encryption
The storage corresponding with user security identification information of phase coding;Authentication unit 6 is used for when user again passes by the certification of server, clothes
Business device verifies its unique hardware identification and whether date codes match, if so, certification updates user security identification information after passing through
In by reversible encryption treated date codes;Otherwise, authentification failure;Certification updating unit 7 is for again passing by service
After device certification passes through, update in user security identification information by reversible encryption treated date codes.The present invention passes through
The mode of secondary verifying, and combine unique hardware identification and date codes decision verification user legitimacy, user bound with
One-one relationship between computer strengthens the stringency of user's checking, so its safety is higher.It is noted that
After having recorded user name and user security identification information on server, user will be unable to the computer for replacing client again, such as
Fruit user needs replacing computer, it is necessary to obtain legal username and password to server again, this is further improved
The safety of system.
It is noted that in the present embodiment, above-mentioned unique hardware identification includes hard disk serial number and MAC Address, certainly,
Unique hardware identification also may include other kinds of hardware identifier.Above-mentioned date codes are to date when currently passing through certification
It is encoded.Secure transmission tunnel is in the channel that client and server is established, and transmission mode is that https agreement passes
It is defeated, the safety of system can be increased in this way.Above-mentioned reversible encryption is using DES reversible encryption mode, it is of course also possible to adopt
Mode with other cipher modes, encryption is more flexible.
In short, in the present embodiment, test for the first time using the user name of server opposite direction user distribution, password
Card, and user security identification information is generated to unique subscriber identification, unique hardware identification and the date codes that computer obtains,
When being verified again, the matching of its unique hardware identification and date codes is verified, improves the safety of system, institute in this way
It is higher with its safety.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.