CN105978688B - A kind of cross-domain safety certifying method based on information separation management - Google Patents

A kind of cross-domain safety certifying method based on information separation management Download PDF

Info

Publication number
CN105978688B
CN105978688B CN201610368838.5A CN201610368838A CN105978688B CN 105978688 B CN105978688 B CN 105978688B CN 201610368838 A CN201610368838 A CN 201610368838A CN 105978688 B CN105978688 B CN 105978688B
Authority
CN
China
Prior art keywords
website
certification
app
certificate server
identification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610368838.5A
Other languages
Chinese (zh)
Other versions
CN105978688A (en
Inventor
葛峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201610368838.5A priority Critical patent/CN105978688B/en
Publication of CN105978688A publication Critical patent/CN105978688A/en
Application granted granted Critical
Publication of CN105978688B publication Critical patent/CN105978688B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A kind of cross-domain safety certifying method based on information separation management, user are registered in website with user name Na, the password for account that no setting is required at this time, and website is the incidence relation that user establishes Na and Ca;Corresponding relationship is established by certificate server and certification APP in website, wherein website and certificate server establish corresponding relationship with Ca, certificate server establishes the corresponding relationship of Ca Yu identification code X, certification APP establishes the corresponding relationship of identification code X Yu user name Na, and login step carries out data interaction according to aforementioned corresponding relationship.Account's complete information of user is split by the present invention, and tripartite is transferred to manage respectively, and certification requires to realize safe authentication by three website, certificate server, mobile terminal device certification links each time.Even if breaking through any one or can not both obtain complete data, securely and reliably.

Description

A kind of cross-domain safety certifying method based on information separation management
Technical field
The invention belongs to network safety fileds, are related to a kind of safe identity identifying method, especially in the authentication method In, user is without using password, specifically a kind of side by the way that the account information of user to be split to simultaneously separation management Formula realizes the identity identifying technology of high security level.
Background technique
Currently, the generally utilization with Internet technology in life, almost everyone requires to build in network world Respective account identity is found, and carries out common methods when network ID authentication, is mainly exactly " user name " and " password ";Due to net Network life is ubiquitous, thus " password " that user needs to remember and manage is more and more, while in order to increase as far as possible The difficulty that password is cracked, password setting becomes increasingly complex, also higher and higher to the system safety requirements of Internet Service Provider, But nonetheless, the various novel code-breaking techniques of emergence still seriously threaten the safety of " password ", especially all Such as application of " code dictionary " and " social engineering " (being commonly called as " hitting library ") code-breaking techniques, traditional cipher code protection method It has almost been difficult to ensure " cryptosecurity ".
The basic reason for such cryptosecurity problem occur is that Internet Service Provider holds account's letter of user simultaneously Breath and encrypted message, just look like to be placed on key and lock together, once network is attacked, that is, cause user account to be divulged a secret, together When, the user account information leakage of a network service provider will also seriously threaten user in the account of other network service providers Safety, causes the safety of user account to be often in extremely dangerous condition.
Summary of the invention
The purpose of the present invention is under network environment, the authentication question of user's online identity proposes a kind of high safety grade Other authentication method.Theoretically, if key and lock is separated, the side for holding account number does not hold " password ", holds " close One side of code " does not hold account number, even not there is " password ", will greatly improve Account Security performance.
The technical scheme is that
A kind of cross-domain safety certifying method based on information separation management, it includes registration step and login step;
Registration step includes:
S1, user register in website (including APP client, web page and other forms network service site), User name Na, the password for account that no setting is required at this time, website be user name Na generation be corresponding to it (and include website itself mark Know) unique subscriber encode Ca, make Na and Ca establish incidence relation;
S2, website by certificate server and are mounted on user's intelligent terminal (computer, mobile phone, tablet computer, intelligence Wrist-watch etc.) on certification APP establish corresponding relationship, wherein website and certification APP share user name Na, website and certificate server Subscriber-coded Ca is shared, certificate server and certification APP share the hardware identification identification code of identification code X and intelligent terminal IDp, and (identification code X be authenticate APP be user on website user name Na distribution identification information), certificate server by Ca, X, IDp establishes association, and identification code X and user name Na are recorded in local by certification APP, and X, Na are associated;
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to authentication service Device;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X Identification code ID p;
S6, certificate server forward certification corresponding to character string Str4, identification code X to hardware device identification code ID p APP;
S7, user carry out confirmation response in certification APP, and certification APP is stored in local user name by identification code X lookup Na, and Na and character string Str4 are handled using obfuscation, obfuscation processing result H and identification code X are sent to Certificate server;
S8, certificate server obtain subscriber-coded Ca by identification code X, by subscriber-coded Ca, obscure processing operation result H It is sent to the background server of website;Background server finds associated user name Na according to subscriber-coded Ca;And it uses Operation is carried out to user name Na and character string Str4 with the identical obfuscation of H value is obtained in certification APP, is obtained at obfuscation Manage result H ';Compare the consistency of H and H ';
Comparison passes through, then authentication success of the user name Na in website;Compare inconsistent, then authentification failure, verifying at Function or the information of failure are shown through website or authenticated service device feeds back to certification APP.
Registration step of the invention specifically includes:
S1-1, all kinds of website (including APP client, web page and the other forms networks for needing to open authentication service Services sites) it sends and requests to the certificate server of security certification system, Security Authentication Service is opened in application;Certificate server is awarded Weigh the permission of each website visiting certificate server;
S1-2, user access any website using the network terminal, and register the account of the website, user name Na;Register account When family, the password for account that no setting is required;If user has had account in website, in user's logon account, user is prompted Selection enters cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;Such as Fruit is loaded with down certification APP, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, will use Name in an account book Na and unique subscriber coding Ca establish incidence relation;
S2-1, website background server visual verification information Str1 is shown to the page of user's registration Web account On, and visual verification information Str1 and subscriber-coded Ca are transferred to certificate server, certificate server is by aforementioned Str1 and Ca Data-in library;
S2-2, user respond visual verification information Str1 on certification APP, and certification APP prompt user's input is in website User name Na, certification APP are that user name Na generates an identification code X, user name Na and user name by user in website The corresponding relationship of Na and identification code X is stored in local, authenticates APP for response message, mobile terminal hardware device exclusive identification code IDp and identification code X is transferred to certificate server, and certificate server can by what is recorded in received response message and database Matching verifying is carried out depending on verification information Str1, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, certificate server The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated, and recorded in the database;Recognize The information being verified is fed back to the background server of website by card server, and user Na completes registration.
In the present invention, to prevent the data transmitted between certificate server and website intercepted, in abovementioned steps S2-1, Further include:
Certificate server issues key K0 to the background server of website;
After the background server of website encrypts visual verification information Str1, subscriber-coded Ca using key K0, pass through SSL Encrypted transmission is decrypted after certificate server receives using key K0 to certificate server, is obtained visual verification information Str1, is used Family encodes Ca and data-in library.
It further include certification to prevent the data transmitted between certification APP and certificate server intercepted in the present invention After APP is communicated with certificate server foundation, in access registrar server for the first time, certificate server issues key to certification APP K1;In step S2-2, after certification APP encrypts identification code X, response message using key K1, certification is transferred to by SSL encryption Server is decrypted after certificate server receives using key K1, and identification code X, response message and data-in library are obtained.
In the present invention, for the feedback information authenticity that confirmation certificate server is sent back to, prevents certificate server to be forged, walk Rapid S1-4, S2-1, S2-2 further include:
S1-4, website background server be also user name Na generate random string Str2;
S2-1, website background server random string Str2 is also transferred to certificate server;
S2-2, certificate server close the subscriber-coded Ca, hardware device identification code ID p and identification code X of website After connection, further includes:
A, random string Str2, identification code X are transferred to the shifting that corresponding hardware device identification code is IDp by certificate server The certification APP installed in dynamic terminal;
B, certification APP handles random string Str2 and user name Na using obfuscation, obtains obfuscation Processing result H1;It authenticates APP and obfuscation processing result H1, identification code X is transmitted back to certificate server;
C, after certificate server receives obfuscation processing result H1, identification code X, pass is found by IDp and identification code X The subscriber-coded Ca of connection, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation processing result H1 and subscriber-coded Ca are transferred to website background server;
D, the background server of website finds associated user name Na by subscriber-coded Ca;Background server use with The identical obfuscation of H1 value is obtained in certification APP to handle user name Na and random string Str2, obtains obscuring skill Art processing result H1 ';Obfuscation processing result H1 and H1 ' is compared, confirms this feedback information from user if consistent Certification APP rather than certificate server pretend.
Further, it in step S2-1, to prevent the data transmitted between certificate server and website intercepted, also wraps It includes:
Certificate server issues key K0 to the background server of website;
The background server of website is using key K0 to visual verification information Str1, subscriber-coded Ca and random string After Str2 encryption, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted using key K0, obtaining can Depending on verification information Str1, subscriber-coded Ca and random string Str2 and data-in library.
It further include that certification APP and certification take to prevent the data transmitted between certification APP and certificate server intercepted It is engaged in after device foundation communication, in access registrar server for the first time, certificate server issues key K1 to certification APP;
In step S2-2, certification APP encrypts identification code X, response message and random string Str2 using key K1 Afterwards, certificate server is transferred to after certificate server receives by SSL encryption to decrypt using key K1, obtain identification code X, sound Answer information and random string Str2 and data-in library.
In registration step of the invention, S2-2 or be following steps:
S2-2, certificate server close the subscriber-coded Ca, hardware device identification code ID p and identification code X of website After connection, further includes:
A, random string Str2, identification code X are transferred to the mobile end that hardware device identification code is IDp by certificate server The certification APP installed on end;
B, certification APP generates character string Str3 at random;APP is authenticated using user name Na as key, to random string Str3 Cryptographic calculation is carried out, encrypted result value E is obtained;
C, certification APP is handled random string Str2 and Str3 using obfuscation, obtains obfuscation processing As a result H2;It authenticates APP and obfuscation processing result H2, identification code X, secret value E is transferred to certificate server;
D, after certificate server receives obfuscation processing result H2, identification code X, secret value E, pass through IDp and identification code X Associated subscriber-coded Ca is found, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation Processing result H2, secret value E and subscriber-coded Ca are transferred to website background server;
E, the background server of website finds associated user name Na by subscriber-coded Ca;Background server is with user Name Na is key, and operation is decrypted to secret value E, obtains character string Str3;The background server use of website and certification APP The middle identical obfuscation of H2 value that obtains handles the obtained character string Str3 of random string Str2 and decryption, is mixed Technical treatment result of confusing H2 ';Obfuscation processing result H2 and H2 ' is compared, confirms that this information feedback derives from if consistent The certification APP of user rather than certificate server pretend.
Further, in step b of the invention:
When certification APP is encrypted to obtain secret value E using user name Na as key pair random string Str3, first to user Name Na carries out obfuscation processing, obtains obfuscation processing result h, then added by key pair random string Str3 of h Close operation obtains secret value E ';
Accordingly, in step e, in order to decrypt to obtain random string Str3: the background server of website is to user name Na is used and is obtained the identical obfuscation processing of h value in certification APP, obfuscation processing result h ' is obtained, with h ' for key The secret value E ' received is decrypted, character string Str3 is obtained.
In login step of the invention: step S7, S8 or are as follows:
S7 ', user carry out confirmation response in certification APP, and certification APP generates character string Str5 at random;APP is authenticated with user Name Na encrypts random string Str5 to obtain secret value E1;
S8 ', certification APP are handled random string Str4 and Str5 using obfuscation, are obtained at obfuscation Result H3 is managed, APP is authenticated by obfuscation processing result H3, identification code X and secret value E1 and is sent to certificate server;
After S9 ', certificate server receive obfuscation processing result H3, identification code X, secret value E1, pass through IDp and identification Code X inquiry obtains corresponding associated subscriber-coded Ca, and finds associated website by subscriber-coded Ca;Certificate server will Obfuscation processing result H3, secret value E1 and subscriber-coded Ca are transferred to website background server;
S10 ', background server find associated user name Na according to subscriber-coded Ca;Background server is with user name Na is key, and operation is decrypted to secret value E1, obtains character string Str5;It is obtained in background server use and certification APP The identical obfuscation of H3 value handles random string Str4 and decrypted obtained character string Str5, obtains obscuring skill Art processing result H3 ';Obfuscation processing result H3 and H3 ' is compared, comparison passes through, then authentication of the user name Na in website Success;Inconsistent, then authentification failure is compared, is proved to be successful or the information of failure is shown through website or authenticated service device is anti- It feeds and authenticates APP.
Further, in step S7 ':
When certification APP is encrypted to obtain secret value E1 with user name Na to random string Str5, first to user name Na Obfuscation processing is carried out, obtains obfuscation processing result h1, then encrypted by key pair random string Str5 of h1 Operation obtains secret value E1;
Accordingly, in step S10 ', in order to decrypt to obtain random string Str5: the background server of website is to user Name Na is used and is obtained the identical obfuscation processing of h1 value in certification APP, is obtained obfuscation processing result h1 ', is with h1 ' The secret value E1 that key pair receives is decrypted, and obtains character string Str5.
In step S1 of the invention, for user according to the account of the regular registration of website of website, typing information includes cell-phone number Login account IDa is distributed for it in code, ID card No., address, E-mail address and/or user name, website;Wherein, login account IDa or other can identity information of the unique identification user in website can substitute the user name Na in later step, For being associated with subscriber-coded Ca.
In the present invention, that for confirmation operation certification APP is user, in step S2-2, establishes identification code X and user When the corresponding relationship of name Na, certification APP can also prompt user to be selected as Website login and set corresponding specific authentication instruction Y, Certification instruction includes: a key confirmation, static password, short message verification code, fingerprint and video identification, wherein video identification includes Recognition of face and action recognition, after setting certification instruction, it is necessary to by instructing the certification of Y that could complete the login of website.
Further, certification instruction Y can also use the NFC authentication mode of more high security level, and specific setting procedure is such as Under:
User is selected as Website login setting NFC certification in certification APP;
The NFC function module that APP calls mobile terminal included is authenticated, and opens NFC on interface of mobile terminal and reads boundary Face;
It authenticates APP prompt user and one card or device comprising NFC chip is provided, such as: society, the People's Republic of China (PRC) Card can be ensured, by card close to mobile terminal NFC reading area;
The unique identifier that APP reads nfc card piece is authenticated, and identifier information encryption is sent to certificate server;
Certificate server decrypts the encryption nfc card piece identifier received, and by its with website, subscriber-coded Ca, IDp with And identification code X is associated;
NFC certification is provided with.
In order to improve safety, user is also to log into certification APP itself to be arranged instruction, instruction use static password, One of short message verification code, fingerprint, video identification (including recognition of face and action recognition) or NFC certification mode are more Kind.
Obfuscation of the invention uses cryptographic calculation or Hash operation;Wherein cryptographic calculation selects DES and/or AES, breathes out One of uncommon operation selection MD5, SHA1, SHA256 and SHA384 or a variety of.
In certificate server: obtaining the identical obfuscation acquisition H ' of H value in use and certification APP;
In the background server of website: it is (right to obtain H1 value identical obfuscation acquisition H1 ' in use and certification APP Ying Di, H2, h, H3, h1 respectively with H2 ', h ', H3 ', h1 ' use identical obfuscation), aforementioned acquisition H (H '), H1 (H1 '), H2 (H2 '), h (h '), H3 (H3 ') and h1 (h1 ') obfuscation between can be the same or different, before can using State cryptographic calculation or Hash operation.
Beneficial effects of the present invention:
1, the present invention account's complete information of user is split, and transfer to tripartite (Internet Service Provider i.e. website, Certificate server, customer mobile terminal equipment authentication authorization and accounting APP) mode that manages respectively, certification each time require by website, Three certificate server, mobile terminal device certification links, realize safe authentication.Even if breaking through any one or two It is a all to obtain complete data;In addition, the present invention in data exchange process, is encrypted using obfuscation, effectively Improve the safety of data transmission.
2, using method of the invention, user is not needed using password, is solved in daily life with network Development, APP is more and more, and various accounts, password are excessive, it is difficult to the problem of remembeing.
3, the solution of the present invention is used, even if user is infused in different websites using same account or user name Volume, also can be by being associated and managing on a certification APP, while realizing very high security level;
4, using the solution of the present invention, since password is no longer taken care of in website, even if the performance of website safe design itself is not Enough height, or by hacker attack, the leakage of user password information will not be caused.
5, the present invention has hardware only using mobile terminal hardware device exclusive identification code IDp as one of interaction data One property, this device identification are a possibility that we provide identification account number user identity;Therefore traditional sense is not needed On " password ", thus be truly realized do not have " password " naturally also just there is no crack " password " a possibility that, to establish The ID authentication mechanism of high security level.
6, due to the unique design of this system, so that so-called " the social engineering attack " of current most destructive power (is commonly called as Hit library) password cracking method, can almost no longer be able to achieve.
7, obfuscation of the invention uses cryptographic calculation or Hash operation;Wherein cryptographic calculation selects DES and/or AES, Hash operation selects one of MD5, SHA1, SHA256 and SHA384 or a variety of.The complicated multiplicity of aforementioned obfuscation, technology are difficult Degree is high, can effectively enhance the difficulty cracked, improve the safety of data interaction.
Detailed description of the invention
Fig. 1 is structural schematic diagram of the invention.
Specific embodiment
The present invention is further illustrated with reference to the accompanying drawings and examples.
Embodiment one:
A kind of cross-domain safety certifying method based on information separation management, it includes registration step and login step;
Registration step includes:
S1-1, all kinds of website (including APP client, web page and the other forms networks for needing to open authentication service Services sites) it sends and requests to the certificate server of security certification system, Security Authentication Service is opened in application;Certificate server is awarded Weigh the permission of each website visiting certificate server;
S1-2, user access any website using the network terminal, and register the account (account of registration of website of the website When, common typing information may include one in phone number, ID card No., address, E-mail address and/or user name etc. Kind is a variety of, and website is that it distributes login account IDa;Wherein, login account IDa or other can the unique identification user exist The identity information of website can substitute the user name Na in later step, for being associated with subscriber-coded Ca), user name Na;When login account, the password for account that no setting is required;If user has had account in website, in user's logon account, It prompts user's selection to enter cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;Such as Fruit is loaded with down certification APP, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, will use Name in an account book Na and unique subscriber coding Ca establish incidence relation;
S2-1, website background server visual verification information Str1 is shown to the page of user's registration Web account On, and visual verification information Str1 and subscriber-coded Ca are transferred to certificate server, certificate server is by aforementioned Str1 and Ca Data-in library;
S2-2, user respond visual verification information Str1 on certification APP, and certification APP prompt user's input is in website User name Na, certification APP are that user name Na generates an identification code X, user name Na and user name by user in website The corresponding relationship of Na and identification code X is stored in local, authenticates APP for response message, mobile terminal hardware device exclusive identification code IDp and identification code X is transferred to certificate server, and certificate server can by what is recorded in received response message and database Matching verifying is carried out depending on verification information Str1, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, certificate server The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated, and recorded in the database;Recognize The information being verified is fed back to the background server of website by card server, and user Na completes registration.(when any user is with more When a user name corresponds to the same website (same user has multiple accounts in same website), certification APP is different User name Na distributes different identification code X to show and distinguish;When any user corresponds to multiple websites with user name Na, certification APP is that the user name Na of different web sites distributes different identification code X to show and distinguish)
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to authentication service Device;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X Identification code ID p;
S6, certificate server forward certification corresponding to character string Str4, identification code X to hardware device identification code ID p APP;
S7, user carry out confirmation response in certification APP, and certification APP is stored in local user name by identification code X lookup Na, and Na and character string Str4 are handled using obfuscation (preferably SHA1), by obfuscation processing result H and identification Code X is sent to certificate server;
S8, certificate server obtain subscriber-coded Ca by identification code X, and subscriber-coded Ca, Hash operation result H is sent To the background server of website;Background server finds associated user name Na according to subscriber-coded Ca;And use with recognize It demonstrate,proves and obtains the identical obfuscation (corresponding preferred SHA1) of H value in APP to user name Na and character string Str4 progress operation, obtain To obfuscation processing result H ';Compare the consistency of H and H ';
Comparison passes through, then authentication success of the user name Na in website;Compare inconsistent, then authentification failure, verifying at Function or the information of failure are shown through website or authenticated service device feeds back to certification APP.
Embodiment two:
On the basis of example 1, to prevent between certificate server and website, authenticate between APP and certificate server The data transmitted are intercepted;
In step S2-1 further include:
Certificate server issues key K0 to the background server of website;
After the background server of website encrypts visual verification information Str1, subscriber-coded Ca using key K0, pass through SSL Encrypted transmission is decrypted after certificate server receives using key K0 to certificate server, is obtained visual verification information Str1, is used Family encodes Ca and data-in library;
Certification APP and certificate server are established communicate after, in access registrar server for the first time, certificate server is to certification APP issues key K1;In step S2-2, certification APP using key K1 to identification code X, response message encryption after, by SSL plus The close certificate server that is transferred to is decrypted using key K1 after certificate server receives, obtains identification code X, response message and charge to Database.
Embodiment three:
On the basis of example 1, the feedback information authenticity sent back to for confirmation certificate server, prevents authentication service Device is forged, in registration step, step S1-4, S2-1, S2-2 further include:
S1-4, website background server be also user name Na generate random string Str2;
S2-1, website background server random string Str2 is also transferred to certificate server;
S2-2, certificate server close the subscriber-coded Ca, hardware device identification code ID p and identification code X of website After connection, further includes:
A, random string Str2, identification code X are transferred to the shifting that corresponding hardware device identification code is IDp by certificate server The certification APP installed in dynamic terminal;
B, certification APP handles random string Str2 and user name Na using obfuscation (preferably SHA256), Obtain obfuscation processing result H1;It authenticates APP and obfuscation processing result H1, identification code X is transmitted back to certificate server;
C, after certificate server receives obfuscation processing result H1, identification code X, pass is found by IDp and identification code X The subscriber-coded Ca of connection, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation processing result H1 and subscriber-coded Ca are transferred to website background server;
D, the background server of website finds associated user name Na by subscriber-coded Ca;Background server use with Authenticate obtained in APP the identical obfuscation (corresponding preferred SHA256) of H1 value to user name Na and random string Str2 into Row processing, obtains obfuscation processing result H1 ';Obfuscation processing result H1 and H1 ' is compared, confirmation is this time anti-if consistent Feedforward information derives from the certification APP of user rather than certificate server pretends.
Example IV:
For the safety for further increasing data transmission, enhance the compactness of data interaction, using the Encryption Algorithm of reinforcement;
Registration step:
S1-1, all kinds of website (including APP client, web page and the other forms networks for needing to open authentication service Services sites) it sends and requests to the certificate server of security certification system, Security Authentication Service is opened in application;Certificate server is awarded Weigh the permission of each website visiting certificate server;
S1-2, user access any website using the network terminal, and register the account of the website, user name Na;Register account When family, the password for account that no setting is required;If user has had account in website, in user's logon account, user is prompted Selection enters cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;Such as Fruit is loaded with down certification APP, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, will use Name in an account book Na and unique subscriber coding Ca establishes incidence relation, and the background server of website is also that user name Na generates random string Str2;
S2-1, website background server visual verification information Str1 is shown to the page of user's registration Web account On, and certificate server, authentication service are transferred to by visual verification information Str1, subscriber-coded Ca and by random string Str2 Device is by aforementioned Str1, Ca and Str2 data-in library;
S2-2, user respond visual verification information Str1 on certification APP, and certification APP prompt user's input is in website User name Na, certification APP are that user name Na generates an identification code X, user name Na and user name by user in website The corresponding relationship of Na and identification code X is stored in local, authenticates APP for response message, mobile terminal hardware device exclusive identification code IDp and identification code X is transferred to certificate server, and certificate server can by what is recorded in received response message and database Matching verifying is carried out depending on verification information Str1, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, certificate server The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated, and recorded in the database, is recognized The information being verified is fed back to the background server of website by card server, and user Na completes registration, later;
A, random string Str2, identification code X are transferred to the mobile end that hardware device identification code is IDp by certificate server The certification APP installed on end;
B, certification APP generates character string Str3 at random;APP is authenticated using user name Na as key, to random string Str3 It carries out cryptographic calculation (preferably AES), obtains encrypted result value E;
C, certification APP is handled random string Str2 and Str3 using obfuscation (preferably SHA384), is obtained Obfuscation processing result H2;It authenticates APP and obfuscation processing result H2, identification code X, secret value E is transferred to authentication service Device;
D, after certificate server receives obfuscation processing result H2, identification code X, secret value E, pass through IDp and identification code X Associated subscriber-coded Ca is found, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation Processing result H2, secret value E and subscriber-coded Ca are transferred to website background server;
E, the background server of website finds associated user name Na by subscriber-coded Ca;Background server is with user Name Na is key, and operation is decrypted to secret value E, obtains character string Str3;The background server use of website and certification APP The middle character string for obtaining H2 value identical obfuscation (corresponding preferred SHA384) and random string Str2 and decryption being obtained Str3 is handled, and obfuscation processing result H2 ' is obtained;Obfuscation processing result H2 and H2 ' is compared, is confirmed if consistent This time information feeds back the certification APP from user rather than certificate server pretends.
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to authentication service Device;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X Identification code ID p;
S6, certificate server forward certification corresponding to character string Str4, identification code X to hardware device identification code ID p APP;
S7 ', user carry out confirmation response in certification APP, and certification APP generates character string Str5 at random;APP is authenticated with user Name Na is encrypted (preferably AES) to random string Str5 and obtains secret value E1;
S8 ', certification APP are handled random string Str4 and Str5 using obfuscation (preferably MD5), are mixed Confuse technical treatment result H3, authenticates APP for obfuscation processing result H3, identification code X and secret value E1 and is sent to authentication service Device;
After S9 ', certificate server receive obfuscation processing result H3, identification code X, secret value E1, pass through IDp and identification Code X inquiry obtains corresponding associated subscriber-coded Ca, and finds associated website by subscriber-coded Ca;Certificate server will Obfuscation processing result H3, secret value E1 and subscriber-coded Ca are transferred to website background server;
S10 ', background server find associated user name Na according to subscriber-coded Ca;Background server is with user name Na is key, and operation is decrypted to secret value E1, obtains character string Str5;It is obtained in background server use and certification APP The identical obfuscation of H3 value (corresponding preferred MD5) carries out random string Str4 and decrypted obtained character string Str5 Processing, obtains obfuscation processing result H3 ';Obfuscation processing result H3 and H3 ' is compared, comparison passes through, then user name Na Authentication success in website;Compare inconsistent, then authentification failure, be proved to be successful or the information of failure shown through website or Person's authenticated service device feeds back to certification APP.
Embodiment five:
To further increase the safety that data are transmitted, on the basis of example IV:
In the b of registration step S2-2:
When certification APP is encrypted to obtain secret value E using user name Na as key pair random string Str3, first to user Name Na carries out obfuscation processing (preferably MD5), obtains obfuscation processing result h, then using h as key pair random string Str3 carries out cryptographic calculation, obtains secret value E ';
Accordingly, in step e, in order to decrypt to obtain random string Str3: the background server of website is to user name Na is used and is obtained the identical obfuscation processing (corresponding preferred MD5) of h value in certification APP, obtains obfuscation processing knot Fruit h ' is that the secret value E ' that key pair receives is decrypted with h ', obtains character string Str3.
In the step S7 ' of Login Register:
When certification APP is encrypted to obtain secret value E1 with user name Na to random string Str5, first to user name Na It carries out obfuscation processing (preferably MD5), obtains obfuscation processing result h1, then using h1 as key pair random string Str5 Cryptographic calculation is carried out, secret value E1 is obtained;
Accordingly, in step S10 ', in order to decrypt to obtain random string Str5: the background server of website is to user Name Na is used and is obtained the identical obfuscation processing (corresponding preferred MD5) of h1 value in certification APP, obtains obfuscation processing As a result h1 ' is that the secret value E1 that key pair receives is decrypted with h1 ', obtains character string Str5.
Embodiment six:
On the basis of embodiment five, to prevent between certificate server and website, authenticating between APP and certificate server The data transmitted are intercepted;
In step S2-1, further includes:
Certificate server issues key K0 to the background server of website;
The background server of website is using key K0 to visual verification information Str1, subscriber-coded Ca and random string After Str2 encryption, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted using key K0, obtaining can Depending on verification information Str1, subscriber-coded Ca and random string Str2 and data-in library;
Certification APP and certificate server are established communicate after, in access registrar server for the first time, certificate server is to certification APP issues key K1;In step S2-2, certification APP is using key K1 to identification code X, response message and random string After Str2 encryption, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted, is known using key K1 Other code X, response message and random string Str2 and data-in library.
Embodiment seven:
That for confirmation operation certification APP is user, on the basis of embodiment six, in step S2-2, establishes identification When the corresponding relationship of code X and user name Na, certification APP user can also be prompted to be selected as Website login setting is corresponding specific to be recognized Card instruction Y, certification instruction includes: a key confirmation, static password, short message verification code, fingerprint and video identification, wherein video Identification includes recognition of face and action recognition, after setting certification instruction, it is necessary to by instructing the certification of Y that could complete stepping on for website Record.
Certification instruction Y can also use the NFC authentication mode of more high security level, and specific setting procedure is as follows:
User is selected as Website login setting NFC certification in certification APP;
The NFC function module that APP calls mobile terminal included is authenticated, and opens NFC on interface of mobile terminal and reads boundary Face;
It authenticates APP prompt user and one card or device comprising NFC chip is provided, (such as: society, the People's Republic of China (PRC) Can ensure card), by card close to mobile terminal NFC reading area;
The unique identifier that APP reads nfc card piece is authenticated, and identifier information encryption is sent to certificate server;
Certificate server decrypts the encryption nfc card piece identifier received, and by its with website, subscriber-coded Ca, IDp with And identification code X is associated;
NFC certification is provided with.
In order to improve safety, user may be to log into certification APP itself instruction is arranged, and instruction is using static close One of code, short message verification code, fingerprint, video identification and NFC certification mode.
Part that the present invention does not relate to is the same as those in the prior art or can be realized by using the prior art.

Claims (15)

1. a kind of cross-domain safety certifying method based on information separation management, it is characterized in that it includes registration step and login step Suddenly;
Registration step includes:
S1, user register in website, user name Na, the password for account that no setting is required at this time, and website is user name Na generation Corresponding unique subscriber encodes Ca, and Na and Ca is made to establish incidence relation;
Corresponding relationship is established with the certification APP being mounted on user's intelligent terminal by certificate server in S2, website, wherein Website and certification APP share user name Na, and website and certificate server share subscriber-coded Ca, certificate server and certification APP The hardware identification identification code ID p of shared identification code X and intelligent terminal, wherein identification code X is that certification APP is user in net On standing user name Na distribution identification information, certificate server by Ca, X, IDp establish be associated with, certification APP by identification code X with User name Na is recorded in local, and X, Na are associated;
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to certificate server;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X mark Code IDp;
S6, certificate server forward certification APP corresponding to character string Str4, identification code X to hardware device identification code ID p;
S7, user carry out confirmation response in certification APP, and certification APP is stored in local user name Na by identification code X lookup, And Na and character string Str4 are handled using obfuscation, obfuscation processing result H and identification code X are sent to certification Server;
S8, certificate server obtain subscriber-coded Ca by identification code X, by subscriber-coded Ca, obscure processing operation result H transmission To the background server of website;Background server finds associated user name Na according to subscriber-coded Ca;And use with recognize It demonstrate,proves and obtains the identical obfuscation of H value in APP to user name Na and character string Str4 progress operation, obtain obfuscation processing knot Fruit H ';Compare the consistency of H and H ';
Comparison passes through, then authentication success of the user name Na in website;Compare inconsistent, then authentification failure, be proved to be successful or The information of person's failure is shown through website or authenticated service device feeds back to certification APP.
2. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that registration step Suddenly it specifically includes:
S1-1, the website for needing to open authentication service are sent to the certificate server of security certification system requests, and peace is opened in application Full authentication service;The permission of each website visiting certificate server of certificate server authorization;
S1-2, user access any website using the network terminal, and register the account of the website, user name Na;When login account, The password for account that no setting is required;If user has had account in website, in user's logon account, prompt user select into Enter cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;If It is loaded with certification APP under, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, by user name Na and unique subscriber coding Ca establish incidence relation;
S2-1, website background server visual verification information Str1 is shown on the page of user's registration Web account, and Visual verification information Str1 and subscriber-coded Ca are transferred to certificate server, aforementioned Str1 and Ca are charged to number by certificate server According to library;
S2-2, user respond visual verification information Str1, user of the certification APP prompt user input in website on certification APP Name Na, certification APP be user name Na generate an identification code X, by user website user name Na and user name Na with The corresponding relationship of identification code X is stored in local, certification APP by response message, mobile terminal hardware device exclusive identification code IDp, And identification code X is transferred to certificate server, certificate server is visually tested what is recorded in received response message and database Card information Str1 carries out matching verifying, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, and certificate server is by net Subscriber-coded Ca, hardware device identification code ID p and the identification code X to stand is associated, and is recorded in the database;Certification clothes The information being verified is fed back to the background server of website by business device, and user Na completes registration.
3. the cross-domain safety certifying method according to claim 2 based on information separation management, it is characterized in that: step S1-4, S2-1, S2-2 further include:
S1-4, website background server be also user name Na generate random string Str2;
S2-1, website background server random string Str2 is also transferred to certificate server;
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated it by S2-2, certificate server Afterwards, further includes:
A, random string Str2, identification code X are transferred to the mobile end that corresponding hardware device identification code is IDp by certificate server The certification APP installed on end;
B, certification APP handles random string Str2 and user name Na using obfuscation, obtains obfuscation processing As a result H1;It authenticates APP and obfuscation processing result H1, identification code X is transmitted back to certificate server;
C, it after certificate server receives obfuscation processing result H1, identification code X, is found by IDp and identification code X associated Subscriber-coded Ca, and associated website is found by subscriber-coded Ca;Certificate server by obfuscation processing result H1 and Subscriber-coded Ca is transferred to website background server;
D, the background server of website finds associated user name Na by subscriber-coded Ca;Background server use and certification The identical obfuscation of H1 value is obtained in APP to handle user name Na and random string Str2, is obtained at obfuscation Manage result H1 ';Obfuscation processing result H1 and H1 ' is compared, this feedback information recognizing from user is confirmed if consistent Demonstrate,prove APP rather than certificate server camouflage.
4. the cross-domain safety certifying method according to claim 3 based on information separation management, it is characterized in that registration step In rapid, S2-2 or be following steps:
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated it by S2-2, certificate server Afterwards, further includes:
A, random string Str2, identification code X are transferred on the mobile terminal that hardware device identification code is IDp by certificate server The certification APP of installation;
B, certification APP generates character string Str3 at random;APP is authenticated using user name Na as key, random string Str3 is carried out Cryptographic calculation obtains encrypted result value E;
C, certification APP is handled random string Str2 and Str3 using obfuscation, obtains obfuscation processing result H2;It authenticates APP and obfuscation processing result H2, identification code X, secret value E is transferred to certificate server;
D, it after certificate server receives obfuscation processing result H2, identification code X, secret value E, is searched by IDp and identification code X Associated website is found to associated subscriber-coded Ca, and by subscriber-coded Ca;Certificate server handles obfuscation As a result H2, secret value E and subscriber-coded Ca are transferred to website background server;
E, the background server of website finds associated user name Na by subscriber-coded Ca;Background server is with user name Na For key, operation is decrypted to secret value E, obtains character string Str3;It is obtained in the background server use of website and certification APP It takes the identical obfuscation of H2 value to handle the obtained character string Str3 of random string Str2 and decryption, obtains obscuring skill Art processing result H2 ';Obfuscation processing result H2 and H2 ' is compared, confirms this information feedback from user if consistent Certification APP rather than certificate server pretend.
5. the cross-domain safety certifying method according to claim 4 based on information separation management, it is characterized in that step b In:
When certification APP is encrypted to obtain secret value E using user name Na as key pair random string Str3, first to user name Na Obfuscation processing is carried out, obtains obfuscation processing result h, then carry out encryption fortune by key pair random string Str3 of h It calculates, obtains secret value E ';
Accordingly, in step e, in order to decrypt to obtain random string Str3: the background server of website adopts user name Na It is handled with the identical obfuscation of acquisition h value in certification APP, obtains obfuscation processing result h ', be key docking with h ' The secret value E ' received is decrypted, and obtains character string Str3.
6. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that logging in step In rapid: step S7, S8 or are as follows:
S7 ', user carry out confirmation response in certification APP, and certification APP generates character string Str5 at random;APP is authenticated with user name Na Random string Str5 is encrypted to obtain secret value E1;
S8 ', certification APP are handled random string Str4 and Str5 using obfuscation, obtain obfuscation processing knot Fruit H3 authenticates APP for obfuscation processing result H3, identification code X and secret value E1 and is sent to certificate server;
After S9 ', certificate server receive obfuscation processing result H3, identification code X, secret value E1, pass through IDp and identification code X Inquiry obtains corresponding associated subscriber-coded Ca, and finds associated website by subscriber-coded Ca;Certificate server will mix Technical treatment result of confusing H3, secret value E1 and subscriber-coded Ca are transferred to website background server;
S10 ', background server find associated user name Na according to subscriber-coded Ca;Background server is with user name Na Key is decrypted operation to secret value E1, obtains character string Str5;H3 value is obtained in background server use and certification APP Identical obfuscation handles random string Str4 and decrypted obtained character string Str5, obtains at obfuscation Manage result H3 ';Compare obfuscation processing result H3 and H3 ', comparison passes through, then user name Na website authentication at Function;Inconsistent, then authentification failure is compared, is proved to be successful or the information of failure show through website or authenticated service device is fed back Give certification APP.
7. the cross-domain safety certifying method according to claim 6 based on information separation management, it is characterized in that step S7 ' In:
When certification APP is encrypted to obtain secret value E1 with user name Na to random string Str5, first user name Na is carried out Obfuscation processing obtains obfuscation processing result h1, then carries out cryptographic calculation by key pair random string Str5 of h1, Obtain secret value E1;
Accordingly, in step S10 ', in order to decrypt to obtain random string Str5: the background server of website is to user name Na It is handled using with the identical obfuscation of acquisition h1 value in certification APP, obfuscation processing result h1 ' is obtained, with h1 ' for key The secret value E1 received is decrypted, character string Str5 is obtained.
8. the cross-domain safety certifying method according to claim 2 based on information separation management, it is characterized in that: step In S2-1, further includes:
Certificate server issues key K0 to the background server of website;
After the background server of website encrypts visual verification information Str1, subscriber-coded Ca using key K0, pass through SSL encryption Certificate server is transferred to decrypt using key K0 after certificate server receives, obtain visual verification information Str1, Yong Hubian Code Ca and data-in library.
9. the cross-domain safety certifying method according to claim 3 based on information separation management, it is characterized in that: step In S2-1, further includes:
Certificate server issues key K0 to the background server of website;
The background server of website adds visual verification information Str1, subscriber-coded Ca and random string Str2 using key K0 After close, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted using key K0, is visually verified Information Str1, subscriber-coded Ca and random string Str2 and data-in library.
10. the cross-domain safety certifying method according to claim 2 based on information separation management, it is characterized in that: also wrapping It includes after certification APP and certificate server foundation communicates, in access registrar server for the first time, certificate server is issued to APP is authenticated Send out key K1;
In step S2-2, after certification APP encrypts identification code X, response message using key K1, it is transferred to and is recognized by SSL encryption It demonstrate,proves server to decrypt after certificate server receives using key K1, obtains identification code X, response message and data-in library.
11. the cross-domain safety certifying method according to claim 3 based on information separation management, it is characterized in that: also wrapping It includes after certification APP and certificate server foundation communicates, in access registrar server for the first time, certificate server is issued to APP is authenticated Send out key K1;
In step S2-2, after certification APP encrypts identification code X, response message and random string Str2 using key K1, lead to It crosses SSL encryption and is transferred to certificate server, after certificate server receives, decrypted using key K1, obtain identification code X, response letter Breath and random string Str2 and data-in library.
12. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that described In step S1, user according to the regular registration of website of website account, typing information include phone number, ID card No., Login account IDa is distributed for it in location, E-mail address and/or user name, website;Wherein, login account IDa or other can be only One identity information of the mark user in website can substitute the user name Na in later step, for subscriber-coded Ca into Row association.
13. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that: in step In rapid S2-2, when establishing the corresponding relationship of identification code X and user name Na, certification APP can also prompt user to be selected as login net Stand setting corresponding specific authentication instruction Y, certification instruction include: a key confirmation, static password, short message verification code, fingerprint and Video identification, wherein video identification includes recognition of face and action recognition, after setting certification instruction, it is necessary to instruct Y by certification Certification could complete the login of website;
Certification instruction Y can also use the NFC authentication mode of more high security level, and specific setting procedure is as follows:
User is selected as Website login setting NFC certification in certification APP;
The NFC function module that APP calls mobile terminal included is authenticated, and opens NFC on interface of mobile terminal and reads interface;
It authenticates APP prompt user and one card or device comprising NFC chip is provided, card is read close to mobile terminal NFC Region;
The unique identifier that APP reads nfc card piece is authenticated, and identifier information encryption is sent to certificate server;
Certificate server decrypts the encryption nfc card piece identifier received, and by itself and website, subscriber-coded Ca, IDp and knowledge Other code X is associated;
NFC certification is provided with.
14. the cross-domain safety certifying method according to claim 13 based on information separation management, it is characterized in that: user Also instruction is set to log into certification APP itself, instruction uses any one in addition to " key confirmation " in claim 13 The NFC certification mode of kind or claim 13.
15. according to claim 1 based on the cross-domain safety certifying method of information separation management, feature described in one of -14 Be: obfuscation uses cryptographic calculation or Hash operation;Wherein cryptographic calculation selects DES and/or AES, Hash operation selection One of MD5, SHA1, SHA256 and SHA384 or a variety of.
CN201610368838.5A 2016-05-30 2016-05-30 A kind of cross-domain safety certifying method based on information separation management Active CN105978688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610368838.5A CN105978688B (en) 2016-05-30 2016-05-30 A kind of cross-domain safety certifying method based on information separation management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610368838.5A CN105978688B (en) 2016-05-30 2016-05-30 A kind of cross-domain safety certifying method based on information separation management

Publications (2)

Publication Number Publication Date
CN105978688A CN105978688A (en) 2016-09-28
CN105978688B true CN105978688B (en) 2019-04-16

Family

ID=57009835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610368838.5A Active CN105978688B (en) 2016-05-30 2016-05-30 A kind of cross-domain safety certifying method based on information separation management

Country Status (1)

Country Link
CN (1) CN105978688B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899570B (en) 2016-12-14 2019-11-05 阿里巴巴集团控股有限公司 The processing method of two dimensional code, apparatus and system
CN108259436B (en) * 2016-12-29 2021-01-01 中国移动通信集团公司 User identity authentication processing method, application server and authentication system server
CN107038341B (en) * 2017-04-10 2019-07-12 杭州银江医联网技术股份有限公司 Family health care data managing method and system
CN110247917B (en) * 2019-06-20 2021-09-10 北京百度网讯科技有限公司 Method and apparatus for authenticating identity

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4861631B2 (en) * 2005-02-22 2012-01-25 株式会社リコー User authentication apparatus, image forming apparatus, user authentication method, and user authentication program
KR20140126832A (en) * 2013-04-23 2014-11-03 에스케이플래닛 주식회사 System and method for providing user authentication service
CN104753927A (en) * 2015-03-12 2015-07-01 杭州华三通信技术有限公司 Unified verification method and device
CN104994114A (en) * 2015-07-27 2015-10-21 尤磊 Identity authentication system and method based on electronic identification card
CN105072112A (en) * 2015-08-07 2015-11-18 中国联合网络通信集团有限公司 Identity authentication method and identity authentication device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4861631B2 (en) * 2005-02-22 2012-01-25 株式会社リコー User authentication apparatus, image forming apparatus, user authentication method, and user authentication program
KR20140126832A (en) * 2013-04-23 2014-11-03 에스케이플래닛 주식회사 System and method for providing user authentication service
CN104753927A (en) * 2015-03-12 2015-07-01 杭州华三通信技术有限公司 Unified verification method and device
CN104994114A (en) * 2015-07-27 2015-10-21 尤磊 Identity authentication system and method based on electronic identification card
CN105072112A (en) * 2015-08-07 2015-11-18 中国联合网络通信集团有限公司 Identity authentication method and identity authentication device

Also Published As

Publication number Publication date
CN105978688A (en) 2016-09-28

Similar Documents

Publication Publication Date Title
US11336446B2 (en) System and method for generating and depositing keys for multi-point authentication
EP2166697B1 (en) Method and system for authenticating a user by means of a mobile device
US8245030B2 (en) Method for authenticating online transactions using a browser
US20150349960A1 (en) Two factor authentication using a protected pin-like passcode
CN108092776A (en) A kind of authentication server and authentication token
CN105743638B (en) Method based on B/S architecture system client authorization certifications
CN105656862B (en) Authentication method and device
CN109716725B (en) Data security system, method of operating the same, and computer-readable storage medium
CN101292496A (en) Method and devices for carrying out cryptographic operations in a client-server network
US12047500B2 (en) Generating keys using controlled corruption in computer networks
CN106230594B (en) Method for user authentication based on dynamic password
CN105978688B (en) A kind of cross-domain safety certifying method based on information separation management
WO2014141263A1 (en) Asymmetric otp authentication system
CN105612728B (en) The safe data channel authentication of implicit shared key
CN101420302A (en) Safe identification method and device
CN110493162A (en) Identity identifying method and system based on wearable device
CN113411187A (en) Identity authentication method and system, storage medium and processor
Rao et al. Authentication using mobile phone as a security token
EP2070248B1 (en) System and method for facilitating secure online transactions
Aciobanitei et al. Using cryptography in the cloud for lightweight authentication protocols based on QR codes
Al-Bajjari et al. Optimized authentication scheme for web application
CN117792802B (en) Identity verification and application access control method and system based on multi-system interaction
Kumari et al. Hacking resistance protocol for securing passwords using personal device
CN118233218B (en) Remote authentication system and method based on distributed trusted execution environment application
WO2010070456A2 (en) Method and apparatus for authenticating online transactions using a browser

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant