CN107454063B - User interaction authentication method, device and system - Google Patents
User interaction authentication method, device and system Download PDFInfo
- Publication number
- CN107454063B CN107454063B CN201710558212.5A CN201710558212A CN107454063B CN 107454063 B CN107454063 B CN 107454063B CN 201710558212 A CN201710558212 A CN 201710558212A CN 107454063 B CN107454063 B CN 107454063B
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- password
- information
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 130
- 230000002452 interceptive effect Effects 0.000 claims abstract description 25
- 230000005540 biological transmission Effects 0.000 claims abstract description 11
- 230000008569 process Effects 0.000 claims abstract description 11
- 238000013475 authorization Methods 0.000 claims description 39
- 238000012545 processing Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000005034 decoration Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a safe user interaction authentication method, equipment and a system, wherein the method comprises the following steps: the server side obtains a user account transmitted by the client; the server side obtains a user password according to the user account, generates an authentication passing credit granting bill and a verification password, combines the verification password and the authentication passing credit granting bill, encrypts the verification password and the authentication passing credit granting bill by using the obtained user password, and transmits encrypted information to the client; the server receives user authentication information which is transmitted by the client and contains a verification string encrypted by the verification password, a bill passing the credit for authentication and interactive information; the server side processes the authentication of the user according to the received user authentication information, and the invention can realize the purpose of ensuring the transmission safety of the user authentication information under the open network environment without the intervention of a credible third party.
Description
Technical Field
The present invention relates to the field of security authentication technologies, and in particular, to a method, device, and system for user interaction authentication.
Background
Under the environment of rapid development of the current open network technology, the services of all industries almost need to submit and feed back user authentication information through the open network, but the open network is an untrusted network environment. That is, if the client and the server communicate in plaintext over an untrusted network, anyone can obtain the plaintext content and even tamper with it, and the privacy and rights of the user are seriously threatened.
Because sensitive information such as user passwords cannot be directly transmitted in an open network environment, and when a user logs in and submits user authentication information, the authentication information submitted by the user often needs to be processed to improve the security, and at present, the following two methods are mainly adopted:
one approach is to perform a Message Digest Algorithm, such as MD5(Message Digest Algorithm 5, fifth edition) or SHA Algorithm (Secure hashdigest Algorithm), on the client one or more times to form a Message Digest of the password, and then transmit the Message Digest of the user account and password to the server. The server receives the user account, inquires out the password plaintext of the user, then carries out information abstract algorithm calculation on the inquired password for the same times and the same algorithm, and compares the calculated value with the value transmitted by the user. If the two are consistent, the authentication is successful; otherwise, it fails.
However, in the case of a large number of MD5 rainbow tables, it becomes a secret that an attacker can obtain the MD5 value of the user's password and inquire out the possible plaintext of the user. Moreover, this method cannot prevent impersonation.
Another method, that is, the mainstream solution in the current open network environment, is an https (hyper text transfer Protocol over Secure Socket layer) mode, in which a server transmits a public key to a client, the client encrypts a secret key for subsequent communication between the two parties with the public key, then transmits a ciphertext to the server, and the server decrypts the secret key with its own private key to obtain a communication secret key to be used by the client. When the two parties carry out user authentication later, the client encrypts the submitted user information by using the agreed communication secret key, and the server decrypts the received ciphertext to obtain the user name and the password.
However, this approach can achieve security. However, the public key used in HTTPS often requires the intervention of a trusted third party CA (Certification Authority), which increases cost and complexity.
Disclosure of Invention
In order to overcome the defects of the prior art, the present invention provides a secure user interaction authentication method, device and system, which can ensure the security of the transmission of user authentication information in an open network environment without the intervention of a trusted third party.
In order to achieve the purpose, the technical scheme provided by the invention is as follows:
a user interaction authentication method comprises the following steps:
step one, a server side obtains a user account transmitted by a client;
the server side obtains a user password according to the user account, generates an authentication passing authorization bill and a verification password, combines the verification password and the authentication passing authorization bill, encrypts the verification password and the authentication passing authorization bill by using the obtained user password, and transmits encrypted information to the client;
step three, the server receives user authentication information which is transmitted by the client and contains a verification string encrypted by the verification password, a bill passing the authentication and the interactive information;
and step four, the server side processes the authentication of the user according to the received user authentication information.
Further, the second step comprises:
the server side inquires out a user password according to the user account and resolves out a sender IP according to a sender address in a transmission protocol packet in the network;
the server side makes part or all of the client user name, the client IP, the validity period and the time stamp form a string, a server side password is used for encryption, and a generated ciphertext is used as the authentication passing credit bill;
the server end forms a string with a verification password and the certification passing credit bill, encrypts the user password by using the inquired user password and transmits the encrypted information to the client.
Further, the server-side password is a randomly generated random character string.
Further, the verification password is a password randomly generated by the server side.
Further, the fourth step includes:
step S1, whether the user authentication information has the authentication passing credit bill is verified, if yes, the step S2 is executed, otherwise the authentication fails;
step S2, the verification string in the user authentication information is decrypted by using the verification password, whether the user authentication information is legal and effective is verified, if so, the step S3 is executed, otherwise, the authentication fails;
step S3 is performed to process the mutual information in the user authentication information.
Further, the user authentication information is obtained by:
the client decrypts the encrypted information by using the user password to obtain a verification password and a credit authorization bill;
when the client communicates with the server, generating verification information, encrypting by using the verification password to obtain a verification string, and sending the verification string, the authentication pass authorization ticket and the interactive information to the server as the user authentication information.
Further, the authentication information includes a client user name, a client IP address, a time stamp, a part of or all of a validity period based on the time stamp.
In order to achieve the above object, the present invention further provides a user interaction authentication device, which is applied to a server side, and includes:
the user account acquisition unit is used for acquiring a user account transmitted by a client;
an encrypted information generating unit for obtaining a user password according to the user account, generating an authentication passing credit ticket and a verification password, combining the verification password and the authentication passing credit ticket, encrypting the same by using the obtained user password, and transmitting the encrypted information to the client
A user authentication information receiving unit for receiving user authentication information which is transmitted by the client and contains a verification string encrypted by the verification password, a verification passing credit granting bill and interactive information;
and the authentication processing unit is used for processing the authentication of the user according to the received user authentication information.
In order to achieve the above object, the present invention further provides a user interaction authentication system, including:
the client machine transmits the user account to the user interaction authentication equipment when obtaining the user account, receives the encrypted information transmitted by the user interaction authentication equipment, decrypts the encrypted information by using the user password to obtain a verification password and an authentication passing authorization bill, generates verification information and encrypts by using the verification password to obtain a verification string when the client machine is communicated with the user interaction authentication equipment, and transmits the verification string, the authentication passing authorization bill and the interaction information to the user interaction authentication equipment as user authentication information
The user interactive authentication equipment is applied to a server and used for acquiring a user account transmitted by the client, acquiring a user password according to the user account, generating an authentication passing authorization bill and an authentication password, combining the authentication password and the authentication passing authorization bill, encrypting the user password by using the acquired user password, transmitting the encrypted information to the client, receiving a verification string which is transmitted by the client and contains the authentication passing authorization bill and the interactive information encrypted by using the authentication password, and processing the authentication of the user according to the received user authentication information.
Further, the client includes:
the user account acquisition and transmission unit is used for acquiring a user account and a password input by a user and transmitting the user account to the user interaction authentication equipment;
the encrypted information acquisition and processing unit is used for receiving the encrypted information transmitted by the user interaction equipment, decrypting the encrypted information by using the user password and acquiring a verification password and an authentication passing credit bill;
and the user authentication information generating unit generates verification information and obtains a verification string by utilizing the verification password to encrypt when the client communicates with the user interaction authentication equipment, and sends the verification string, the authentication passing authorization ticket and the interaction information as user authentication information to the user interaction authentication equipment.
Compared with the prior art, the safe user interaction authentication method, equipment and system have the advantages that:
the invention relates to a safe user interactive authentication method, equipment and a system, which obtains a user account transmitted by a client through a server, obtains a user password according to the user account, generates an authentication passing credit granting bill and a verification password, combines the verification password and the authentication passing credit granting bill, encrypts the user password by using the obtained user password, transmits the encrypted information to the client, receives user authentication information which is transmitted by the client and comprises a verification string encrypted by using the verification password, the authentication passing credit granting bill and interactive information by using the server, and processes the authentication of a user according to the received user authentication information, so that the aim of ensuring the transmission safety of the user authentication information under an open network environment without the intervention of a credible third party is fulfilled.
Drawings
FIG. 1 is a flowchart illustrating steps of one embodiment of a secure user interaction authentication method;
FIG. 2 is a schematic structural diagram of an embodiment of a secure user interaction authentication device according to the present invention;
FIG. 3 is a detailed structure diagram of an encrypted message generating unit according to an embodiment of the present invention;
FIG. 4 is a detailed structure diagram of an authentication processing unit according to an embodiment of the present invention;
FIG. 5 is a block diagram of an embodiment of a secure user interaction authentication system according to the present invention
Fig. 6 is a detailed structure diagram of the client according to an embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will be made with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
For the sake of simplicity, the drawings only schematically show the parts relevant to the present invention, and they do not represent the actual structure as a product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "one" means not only "only one" but also a case of "more than one".
In an embodiment of the present invention, as shown in fig. 1, a secure user interaction authentication method of the present invention includes the following steps:
And 102, the server side obtains a user password according to the user account, generates an authentication passing authorization bill and a verification password, combines the verification password and the authentication passing authorization bill, encrypts the user password by using the obtained user password and transmits the encrypted information to the client.
Specifically, step 102 further comprises:
step S21, the server inquires out the user password according to the user account, and resolves out the sender IP according to the sender address in the transmission protocol packet in the network;
step S22, the server generates a random character string as the password of the server, the client user name, the client IP, the validity period and the time stamp form a string, the password of the server is used for encryption, and the generated ciphertext is used as the certification passing credit bill;
step S23, the server generates a random verification password, and forms a string with the verification password and the authentication passing ticket, encrypts the string with the queried user password, and transmits the encrypted information to the client.
And 103, receiving user authentication information which comprises a verification string encrypted by a verification password, a verification passing credit bill and interactive information and is transmitted by the client by the server. Specifically, after receiving the encrypted information sent by the server, the client decrypts the encrypted information by using the user password temporarily stored therein to obtain a verification password and a verification passing authorization ticket, and when the client communicates with the server, generates verification information and encrypts by using the verification password to obtain a verification string, and sends the verification string, the verification passing authorization ticket, and the interaction information as user authentication information to the server.
And 104, the server side processes the authentication of the user according to the received user authentication information. Specifically, step 104 further includes:
step S41, whether the user authentication information has the authentication passing credit bill is verified, if yes, the step S42 is executed, otherwise the authentication fails;
step S42, decrypting the verification string in the user authentication information by using the verification password, verifying whether the user authentication information is valid, if so, entering step S43, otherwise, failing to authenticate, in the specific embodiment of the present invention, judging whether the user authentication information is valid according to the timestamp in the verification string and the validity period based on the timestamp, and assuming that the validity period based on the timestamp is two minutes, determining whether the current user authentication information is valid according to the time of the timestamp and the validity period of two minutes.
Step S43, the mutual information in the user authentication information is processed.
In another embodiment of the present invention, as shown in fig. 2, a secure user interaction authentication device of the present invention is applied to a server, and includes: a user account acquisition unit 201, an encrypted information generation unit 202, a user authentication information reception unit 203, and an authentication processing unit 204.
The user account obtaining unit 201 is configured to obtain a user account transmitted by a client. That is, when a user wants to perform security authentication through a client, the user needs to input a user name and a password on the client, the client temporarily stores the user name and the password of the user in a local memory, and the client transmits an account number of the user to a server through an open network.
The encrypted information generating unit 202 is used for obtaining a user password according to the user account, generating an authentication passing credit ticket and a verification password, combining the verification password and the authentication passing credit ticket, encrypting the user password by using the obtained user password, and transmitting the encrypted information to the client.
Specifically, as shown in fig. 3, the encrypted information generation unit 202 further includes:
the protocol analysis unit 2021 is configured to query a user password according to the user account, and analyze a sender IP according to a sender address in a transport protocol packet in the network;
the credit granting bill generating unit 2022 is configured to generate a random character string as a server-side password, combine a client username, a client IP, an expiration date, and a timestamp into a string, encrypt the string using the server-side password, and use a generated ciphertext as an authentication passing credit granting bill;
the encryption transmission unit 2023 is configured to generate a random verification password, form a string of the verification password and the authentication passing ticket, encrypt the verification password and the authentication passing ticket by using the queried user password, and transmit the encrypted information to the client.
And a user authentication information receiving unit 203 for receiving user authentication information transmitted by the client, the user authentication information including a verification string encrypted by the verification password, a verification passing credit ticket, and the interactive information. Specifically, after receiving the encrypted information sent by the server, the client decrypts the encrypted information by using the user password temporarily stored therein to obtain a verification password and a verification passing authorization ticket, and when the client communicates with the server, generates verification information and encrypts by using the verification password to obtain a verification string, and sends the verification string, the verification passing authorization ticket, and the interaction information as user authentication information to the server.
An authentication processing unit 204, configured to process authentication of the user according to the received user authentication information. Specifically, as shown in fig. 4, the authentication processing unit 204 further includes:
a credit authorization bill verification unit 2041, configured to verify whether a credit authorization bill passing authentication exists in the user authentication information, if yes, start a verification string verification unit 2042, and otherwise, fail to authenticate;
the verification string verification unit 2042 is configured to decrypt a verification string in the user authentication information with a verification password, verify whether the user authentication information is valid or not, if so, enter the interactive information processing unit 2043, otherwise, the authentication fails.
The mutual information processing unit 2043 is configured to process the mutual information in the user authentication information.
In another embodiment of the present invention, as shown in FIG. 5, the present invention is a secure user interaction authentication system, which comprises a client 50 and a user interaction authentication device 51
The client 50, when obtaining the user account, transmits the user account to the user interaction authentication device, receives the encrypted information transmitted by the user interaction authentication device, decrypts the encrypted information by using the user password, obtains the verification password and the authentication passing authorization ticket, when the client communicates 51 with the user interaction authentication device, generates the verification information and encrypts by using the verification password to obtain the verification string, and transmits the verification string, the authentication passing authorization ticket and the interaction information as the user authentication information to the user interaction authentication device 51.
The user interactive authentication device 51 is applied to a server side and used for acquiring a user account transmitted by a client, acquiring a user password according to the user account, generating an authentication passing authorization bill and an authentication password, combining the authentication password and the authentication passing authorization bill, encrypting the user password by using the acquired user password, transmitting the encrypted information to the client, receiving a verification string which is transmitted by the client and contains the authentication passing authorization bill and the interactive information encrypted by using the authentication password, and processing the authentication of the user according to the received user authentication information.
Specifically, as shown in fig. 6, the client 50 further includes: a user account acquisition and transmission unit 501, an encrypted information acquisition and processing unit 502, and a user authentication information generation unit 503.
The user account obtaining and transmitting unit 501 is configured to obtain a user account and a password input by a user, and transmit the user account to the user interaction authentication device. That is, when a user wants to perform security authentication through a client, the user needs to input a user name (user account) and a password on the client, the client temporarily stores the user name and the password of the user in a local memory, and simultaneously the client transmits the user account to user interaction authentication equipment (i.e., a server) through an open network;
an encrypted information obtaining and processing unit 502, configured to receive encrypted information sent by a user interaction device, and decrypt the encrypted information by using a user password to obtain a verification password and an authentication passing credit ticket;
the user authentication information generating unit 503 generates a verification information and encrypts the verification information with the verification password to obtain a verification string when the client communicates with the user interactive authentication device, and sends the verification string, the authentication pass authorization ticket and the interactive information as the user authentication information to the user interactive authentication device.
The invention will be further illustrated by the following specific examples:
1. the user inputs the user name and the password on the client computer, and the client computer temporarily stores the user name and the password of the user in the local memory.
2. The client transmits the account number (user name) of the user to the server side on the open network.
3. The server inquires out the user password through the account number of the user, and simultaneously analyzes the IP of the sender according to the address of the sender in the transmission protocol packet in the network.
4. The server generates a random character string as a server password, a client user name, a client IP, a validity period and a time stamp are combined into a string, the server password is used for encryption, and a generated ciphertext is used as an authentication passing credit granting bill.
5. The server side generates a random verification password, the verification password and the authentication passing credit bill form a string, the user password which is inquired is used for encrypting, and the encrypted information is transmitted to the client.
6. After receiving the encrypted information, the client uses the user password in the memory to decrypt and obtain the verification password and the bill passing the credit for authentication.
7. When the client communicates with the server, information consisting of a user name, an IP address, a timestamp and a two-minute validity period based on the timestamp is encrypted by using a verification password to obtain a verification string, and the verification string, a credit-passing bill for authentication and interaction information are transmitted to the server together.
8. After receiving the interactive information, the server side firstly needs to verify whether the bill passing the trust of the authentication exists or not, and if so, then utilizes the verification password, decrypts the verification string, verifies whether the user authentication is legal and effective or not, and finally processes the interactive information.
In summary, the present invention provides a secure user interactive authentication method, device and system, which obtains a user account transmitted by a client through a server, obtains a user password according to the user account, generates an authentication passing authorization ticket and a verification password, combines the verification password and the authentication passing authorization ticket, encrypts the user password by using the obtained user password, transmits the encrypted information to the client, receives, by the server, user authentication information including a verification string encrypted by using the verification password, an authentication passing authorization ticket and interaction information transmitted by the client, and processes user authentication according to the received user authentication information, so as to achieve the purpose of ensuring the security of user authentication information transmitted in an open network environment without intervention of a trusted third party.
It should be noted that the above embodiments can be freely combined as necessary. The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (8)
1. A user interaction authentication method comprises the following steps:
step one, a server side obtains a user account transmitted by a client;
the server side obtains a user password according to the user account, generates an authentication passing authorization bill and a verification password, combines the verification password and the authentication passing authorization bill, encrypts the verification password and the authentication passing authorization bill by using the obtained user password, and transmits encrypted information to the client;
step three, the server receives user authentication information which is transmitted by the client and contains a verification string encrypted by the verification password, a bill passing the authentication and the interactive information;
step four, the server side processes the authentication of the user according to the received user authentication information, and the step four further comprises:
step S1, whether the user authentication information has the authentication passing credit bill is verified, if yes, the step S2 is executed, otherwise the authentication fails;
step S2, the verification string in the user authentication information is decrypted by using the verification password, whether the user authentication information is legal and effective is verified, if so, the step S3 is executed, otherwise, the authentication fails;
step S3 is performed to process the mutual information in the user authentication information.
2. The method of claim 1, wherein step two further comprises:
the server side inquires out a user password according to the user account and resolves out a sender IP according to a sender address in a transmission protocol packet in the network;
the server side makes part or all of the client user name, the client IP, the validity period and the time stamp form a string, a server side password is used for encryption, and a generated ciphertext is used as the authentication passing credit bill;
the server end forms a string with a verification password and the certification passing credit bill, encrypts the user password by using the inquired user password and transmits the encrypted information to the client.
3. The user interaction authentication method of claim 2, wherein: the server-side password is a random character string generated randomly.
4. The user interaction authentication method of claim 2, wherein: the verification password is a password randomly generated by the server side.
5. The user interaction authentication method of claim 2, wherein: the user authentication information is generated by the steps of:
the client decrypts the encrypted information by using the user password to obtain a verification password and a credit authorization bill;
when the client communicates with the server, generating verification information, encrypting by using the verification password to obtain a verification string, and sending the verification string, the authentication pass authorization ticket and the interactive information to the server as the user authentication information.
6. The user interaction authentication method of claim 5, wherein: the authentication information includes a client username, a client IP address, a timestamp, and part or all of a validity period based on the timestamp.
7. A user interaction authentication device is applied to a server side and comprises:
the user account acquisition unit is used for acquiring a user account transmitted by a client;
an encrypted information generating unit for obtaining a user password according to the user account, generating an authentication passing credit granting bill and a verification password, combining the verification password and the authentication passing credit granting bill, encrypting the same by using the obtained user password, and transmitting the encrypted information to the client;
a user authentication information receiving unit for receiving user authentication information which is transmitted by the client and contains a verification string encrypted by the verification password, a verification passing credit granting bill and interactive information;
and the authentication processing unit is used for verifying whether the user authentication information contains an authentication passing trust bill or not, if not, the authentication fails, if so, the verification string in the user authentication information is decrypted by using the verification password, whether the user authentication information is legal and effective or not is verified, if so, the interactive information in the user authentication information is processed, and otherwise, the authentication fails.
8. A user interaction authentication system, comprising:
the client machine transmits the user account to the user interaction authentication equipment when obtaining the user account, receives the encrypted information transmitted by the user interaction authentication equipment, decrypts the encrypted information by using the user password to obtain a verification password and a certification passing authorization bill, generates verification information and encrypts by using the verification password to obtain a verification string when the client machine is communicated with the user interaction authentication equipment, and transmits the verification string, the certification passing authorization bill and the interaction information to the user interaction authentication equipment as user authentication information, wherein the client machine comprises:
the user account acquisition and transmission unit is used for acquiring a user account and a password input by a user and transmitting the user account to the user interaction authentication equipment;
the encrypted information acquisition and processing unit is used for receiving the encrypted information transmitted by the user interaction equipment, decrypting the encrypted information by using the user password and acquiring a verification password and an authentication passing credit bill;
the user authentication information generating unit generates authentication information and obtains an authentication string by utilizing the authentication password encryption when the client communicates with the user interaction authentication equipment, and sends the authentication string, the authentication passing authorization ticket and the interaction information as user authentication information to the user interaction authentication equipment;
the user interactive authentication equipment is applied to a server and used for acquiring a user account transmitted by the client, acquiring a user password according to the user account, generating an authentication passing authorization bill and an authentication password, combining the authentication password and the authentication passing authorization bill, encrypting the user password by using the acquired user password, transmitting the encrypted information to the client, receiving a verification string which is transmitted by the client and contains the authentication passing authorization bill and the interactive information encrypted by using the authentication password, and processing the authentication of the user according to the received user authentication information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710558212.5A CN107454063B (en) | 2017-07-10 | 2017-07-10 | User interaction authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710558212.5A CN107454063B (en) | 2017-07-10 | 2017-07-10 | User interaction authentication method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107454063A CN107454063A (en) | 2017-12-08 |
| CN107454063B true CN107454063B (en) | 2020-09-18 |
Family
ID=60487882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710558212.5A Active CN107454063B (en) | 2017-07-10 | 2017-07-10 | User interaction authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107454063B (en) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465735B (en) * | 2008-12-19 | 2011-06-01 | 北京大学 | Network user identification verification method, server and client terminal |
| US11257075B2 (en) * | 2015-10-20 | 2022-02-22 | Paypal, Inc. | Secure multi-factor user authentication on disconnected mobile devices |
-
2017
- 2017-07-10 CN CN201710558212.5A patent/CN107454063B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107454063A (en) | 2017-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| US11799656B2 (en) | Security authentication method and device | |
| CN109728909B (en) | Identity authentication method and system based on USBKey | |
| CN109088889B (en) | SSL encryption and decryption method, system and computer readable storage medium | |
| EP3318043B1 (en) | Mutual authentication of confidential communication | |
| US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
| Barker et al. | Recommendation for key management part 3: Application-specific key management guidance | |
| US8130961B2 (en) | Method and system for client-server mutual authentication using event-based OTP | |
| CN111512608B (en) | Trusted execution environment based authentication protocol | |
| CN106713279B (en) | video terminal identity authentication system | |
| CN105024819A (en) | Multifactor authentication method and system based on mobile terminal | |
| CN103763356A (en) | Establishment method, device and system for connection of secure sockets layers | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN104796265A (en) | Internet-of-things identity authentication method based on Bluetooth communication access | |
| CN103236931B (en) | A kind of auth method based on TPM and system and relevant device | |
| CN103763631A (en) | Authentication method, server and television | |
| CN108809633B (en) | Identity authentication method, device and system | |
| KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
| CN105072125A (en) | HTTP communication system and method | |
| CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
| CN104486087A (en) | Digital signature method based on remote hardware security modules | |
| JP2003188874A (en) | System for secure data transmission | |
| CN114513339A (en) | Security authentication method, system and device | |
| JP2019507971A5 (en) | ||
| JPH10340255A (en) | System for authenticating network user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201119 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201221 Address after: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee after: Bengbu Lichao Information Technology Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210311 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 8319 Yanshan Road, Bengbu City, Anhui Province Patentee before: Bengbu Lichao Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221216 Address after: Room 804, 8/F, Building 4 #, Phase II, Modern Service Demonstration Base, Huazhong University of Science and Technology Park, No. 15-1, University Park Road, Guandong Street, Donghu New Technology Development Zone, Wuhan City, 430000 Hubei Province Patentee after: Wuhan Lingyu Information Technology Co.,Ltd. Address before: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee before: Huzhou YingLie Intellectual Property Operation Co.,Ltd. |