CN105850073A - 信息系统访问认证方法及装置 - Google Patents

信息系统访问认证方法及装置 Download PDF

Info

Publication number
CN105850073A
CN105850073A CN201480059165.4A CN201480059165A CN105850073A CN 105850073 A CN105850073 A CN 105850073A CN 201480059165 A CN201480059165 A CN 201480059165A CN 105850073 A CN105850073 A CN 105850073A
Authority
CN
China
Prior art keywords
information system
authentication
code
quick response
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201480059165.4A
Other languages
English (en)
Other versions
CN105850073B (zh
Inventor
韩子天
谭振兴
马泰华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Angtong Technology Macau Co ltd
Macau University of Science and Technology
Original Assignee
Macau University of Science and Technology
Ict Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Macau University of Science and Technology, Ict Technology Co ltd filed Critical Macau University of Science and Technology
Publication of CN105850073A publication Critical patent/CN105850073A/zh
Application granted granted Critical
Publication of CN105850073B publication Critical patent/CN105850073B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

一种信息系统访问认证方法及装置,所述方法包括步骤:对根据客户端的信息系统访问登录请求生成的随机验证码进行匿名认证,若匿名认证成功,对获取的用户名及密码信息进行认证;所述装置包括相连的验证码认证模块、用户名及密码认证模块,所述验证码认证模块用于对根据客户端的信息系统访问登录请求生成的随机验证码进行匿名认证,所述用户名及密码认证模块用于当匿名认证成功时,对获取的用户名及密码信息进行认证。本发明采用二阶段双因素认证方法,使在不增加用户登录复杂性的同时,提高了登录信息的安全性。

Description

PCT国内申请,说明书已公开。

Claims (10)

  1. PCT国内申请,权利要求书已公开。
CN201480059165.4A 2013-10-28 2014-10-10 信息系统访问认证方法及装置 Active CN105850073B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN2013105180769 2013-10-28
CN201310518076 2013-10-28
PCT/CN2014/088271 WO2015062398A1 (zh) 2013-10-28 2014-10-10 信息系统访问认证方法及装置

Publications (2)

Publication Number Publication Date
CN105850073A true CN105850073A (zh) 2016-08-10
CN105850073B CN105850073B (zh) 2019-04-26

Family

ID=52913545

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201480059165.4A Active CN105850073B (zh) 2013-10-28 2014-10-10 信息系统访问认证方法及装置
CN201410531861.2A Active CN104468115B (zh) 2013-10-28 2014-10-10 信息系统访问认证方法及装置

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201410531861.2A Active CN104468115B (zh) 2013-10-28 2014-10-10 信息系统访问认证方法及装置

Country Status (3)

Country Link
US (1) US10530582B2 (zh)
CN (2) CN105850073B (zh)
WO (1) WO2015062398A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430346A (zh) * 2022-01-27 2022-05-03 亿咖通(湖北)技术有限公司 登录方法、装置及电子设备

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10491587B2 (en) * 2013-10-28 2019-11-26 Singou Technology Ltd. Method and device for information system access authentication
CN105024819B (zh) * 2015-05-29 2019-02-12 北京中亦安图科技股份有限公司 一种基于移动终端的多因子认证方法及系统
CN106713225B (zh) * 2015-11-12 2021-02-02 国民技术股份有限公司 基于二维码认证的二维码装置、系统及其操作方法
US10817593B1 (en) * 2015-12-29 2020-10-27 Wells Fargo Bank, N.A. User information gathering and distribution system
CN106255108A (zh) * 2016-08-31 2016-12-21 华自科技股份有限公司 射频通信方法及射频通信装置
CN106572076A (zh) * 2016-09-27 2017-04-19 山东浪潮商用系统有限公司 一种Web服务访问方法、一种客户端、一种服务端
CN107979575A (zh) * 2016-10-25 2018-05-01 中华电信股份有限公司 线上认证服务器以及线上认证方法
WO2018111858A1 (en) * 2016-12-12 2018-06-21 Trusona, Inc. Methods and systems for network-enabled account creation using optical detection
CN106875212B (zh) * 2017-01-07 2023-05-02 云南中烟工业有限责任公司 一种评吸用卷烟及评吸方法
US10445487B2 (en) * 2017-07-20 2019-10-15 Singou Technology (Macau) Ltd. Methods and apparatus for authentication of joint account login
CN108092994B (zh) * 2018-01-12 2021-02-05 哈尔滨工业大学深圳研究生院 用户认证方法
CN108712382B (zh) * 2018-04-17 2021-07-06 新大陆(福建)公共服务有限公司 一种基于安全二维码的数字身份的认证方法以及系统
CN110719247B (zh) * 2018-07-11 2021-09-10 视联动力信息技术股份有限公司 终端入网方法和装置
US10893043B1 (en) * 2018-09-12 2021-01-12 Massachusetts Mutual Life Insurance Company Systems and methods for secure display of data on computing devices
CN109672664B (zh) * 2018-11-13 2021-06-18 视联动力信息技术股份有限公司 一种视联网终端的认证方法和系统
US11290278B2 (en) * 2019-01-15 2022-03-29 Thales Avionics, Inc. Inflight entertainment system that securely pairs and communicates with a user device based on multiple security controls
CN111726320B (zh) * 2019-03-19 2022-08-30 阿里巴巴集团控股有限公司 数据处理方法、装置及设备
CN110167023B (zh) * 2019-05-23 2022-06-21 中国人民解放军陆军工程大学 一种导航信号加密认证方法
CN110247914A (zh) * 2019-06-19 2019-09-17 上海明我信息技术有限公司 一种网络密码管理方法和装置
CN111031539A (zh) * 2019-09-30 2020-04-17 武汉信安珞珈科技有限公司 一种基于移动端增强Windows操作系统登录安全性的方法和系统
US11451519B2 (en) * 2019-11-25 2022-09-20 Electronics And Telecommunications Research Institute Anonymous credential authentication system and method thereof
CN111083164A (zh) * 2019-12-30 2020-04-28 宁波和利时信息安全研究院有限公司 工业控制系统的安全防护方法和相关设备
CN113225295B (zh) * 2020-01-21 2022-10-25 汇丰软件开发(广东)有限公司 一种安全的匿名意见反馈系统
CN112165478A (zh) * 2020-09-22 2021-01-01 北京景安云信科技有限公司 使用安全网关对OracleTNS协议登录用户名进行获取方法及系统
CN112053139A (zh) * 2020-09-25 2020-12-08 中国直升机设计研究所 一种在内网进行载体异地签收的方法和系统
US11601418B2 (en) * 2020-10-14 2023-03-07 Bank Of America Corporation System for increasing authentication complexity for access to online systems
CN112507296B (zh) * 2020-11-12 2024-04-05 迅鳐成都科技有限公司 一种基于区块链的用户登录验证方法及系统
CN112242905B (zh) * 2020-12-10 2021-03-16 飞天诚信科技股份有限公司 一种基于浏览器的注册接口实现数据通讯的方法和系统
US12003643B2 (en) * 2021-02-26 2024-06-04 Aetna Inc. Systems and methods for verifying or ensuring communication paths
CN113656661B (zh) * 2021-08-13 2022-08-19 重庆市规划和自然资源信息中心 基于自然语言识别的移动政务系统
CN113726769B (zh) * 2021-08-28 2023-07-04 睿思网盾(北京)科技有限公司 一种基于数据采集的网络安全防控系统
CN113726807B (zh) * 2021-09-03 2023-07-14 烟台艾睿光电科技有限公司 一种网络摄像机访问方法、设备、系统及存储介质
CN114071650B (zh) * 2021-09-26 2024-07-19 深圳市酷开网络科技股份有限公司 跨端配网方法、装置、计算机设备及存储介质
CN114422233B (zh) * 2022-01-17 2023-01-13 中国科学院软件研究所 私有设备的登录方法及系统
CN114500074B (zh) * 2022-02-11 2024-04-12 京东科技信息技术有限公司 单点系统安全访问方法、装置及相关设备
CN115102766A (zh) * 2022-06-24 2022-09-23 中电云数智科技有限公司 一种用户权限校验和接入系统和方法
CN115174187A (zh) * 2022-06-30 2022-10-11 济南浪潮数据技术有限公司 一种用户安全登录方法、系统及装置
CN116668196B (zh) * 2023-07-28 2024-03-12 深圳市科力锐科技有限公司 登录认证方法、装置、设备及存储介质
CN117792687B (zh) * 2023-12-01 2024-06-14 招商局检测认证(重庆)有限公司 一种实现智慧消防安全管理平台的方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957701A (zh) * 2012-11-05 2013-03-06 深圳市共进电子股份有限公司 防止telnet服务器被暴力攻击的验证方法及系统
US20130254858A1 (en) * 2012-03-26 2013-09-26 Computer Associates Think, Inc. Encoding an Authentication Session in a QR Code

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2527836C (en) * 2003-05-30 2011-02-15 Privaris, Inc. An in-circuit security system and methods for controlling access to and use of sensitive data
CN101286848A (zh) * 2008-05-23 2008-10-15 杨筑平 登录认证方法和登录签名程序
CN102043804A (zh) * 2009-10-22 2011-05-04 上海杉达学院 数据库系统的安全登录方法
CN102202040B (zh) 2010-03-26 2014-06-04 联想(北京)有限公司 一种对客户端进行认证方法及装置
GB2512532B (en) * 2010-11-08 2014-11-26 Samsung Electronics Co Ltd Providing access of a user equipment to a data network
CN102651739B (zh) * 2011-02-28 2016-01-13 阿里巴巴集团控股有限公司 登录验证方法、系统及im服务器
US9276921B2 (en) * 2011-03-31 2016-03-01 Sony Corporation System and method for establishing a communication session
US8943320B2 (en) * 2011-10-31 2015-01-27 Novell, Inc. Techniques for authentication via a mobile device
US8862888B2 (en) * 2012-01-11 2014-10-14 King Saud University Systems and methods for three-factor authentication
US9363259B2 (en) * 2013-05-23 2016-06-07 Symantec Corporation Performing client authentication using onetime values recovered from barcode graphics
US20180082050A1 (en) * 2013-09-08 2018-03-22 Yona Flink Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
US9374365B2 (en) * 2014-08-20 2016-06-21 Vmware, Inc. Pushing a virtual desktop session from an authenticated device using image scanning

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254858A1 (en) * 2012-03-26 2013-09-26 Computer Associates Think, Inc. Encoding an Authentication Session in a QR Code
CN102957701A (zh) * 2012-11-05 2013-03-06 深圳市共进电子股份有限公司 防止telnet服务器被暴力攻击的验证方法及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430346A (zh) * 2022-01-27 2022-05-03 亿咖通(湖北)技术有限公司 登录方法、装置及电子设备
CN114430346B (zh) * 2022-01-27 2023-09-05 亿咖通(湖北)技术有限公司 登录方法、装置及电子设备

Also Published As

Publication number Publication date
US10530582B2 (en) 2020-01-07
CN105850073B (zh) 2019-04-26
WO2015062398A1 (zh) 2015-05-07
CN104468115A (zh) 2015-03-25
US20160269181A1 (en) 2016-09-15
CN104468115B (zh) 2017-10-10

Similar Documents

Publication Publication Date Title
CN104468115B (zh) 信息系统访问认证方法及装置
US11663578B2 (en) Login using QR code
US10491587B2 (en) Method and device for information system access authentication
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US9871791B2 (en) Multi factor user authentication on multiple devices
US9191394B2 (en) Protecting user credentials from a computing device
TWI519992B (zh) 登錄驗證方法以及系統、電腦存儲介質
Jangirala et al. A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards
US20180062863A1 (en) Method and system for facilitating authentication
TW201545526A (zh) 安全校驗方法、裝置、伺服器及終端
WO2019095856A1 (zh) 一种网络身份认证方法、系统及其使用的用户代理设备
US10291588B2 (en) Secure registration to a service provided by a web server
US9954853B2 (en) Network security
US20150328119A1 (en) Method of treating hair
CN103368831B (zh) 一种基于熟客识别的匿名即时通讯系统
JP2023532976A (ja) ユーザの身元の検証のための方法およびシステム
KR20210116407A (ko) 온라인 서비스 서버와 클라이언트 간의 상호 인증 방법 및 시스템
KR101651607B1 (ko) 익명 아이디를 사용하는 원클릭 사용자 인증 방법 및 시스템
Xu et al. Qrtoken: Unifying authentication framework to protect user online identity
Mandal An Efficient Identity Based Authentication Protocol by Using Password
Dixit and Ketan Kotecha Department of Computer Science and Engineering, Symbiosis Institute of Technology, Pune, India {ashish. dixit. btech2019, arnav. gupta. btech2019
Zavrak et al. Global Journal of Computer Sciences: Theory and Research
Cheol-Joo et al. A Study of the OAuth 2.0 Protocol Extended Using SMS for Safe User Access
CN108234136A (zh) 一种安全访问方法、终端设备及系统

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200724

Address after: Block B, g / F, Baili building, 18 Beidi lane, Macao, China

Co-patentee after: Macau University of Science and Technology

Patentee after: Angtong Technology (Macau) Co.,Ltd.

Address before: Tortola Island, British Virgin Islands

Co-patentee before: Macau University of Science and Technology

Patentee before: ICT Technology Co.,Ltd.

TR01 Transfer of patent right