CN108234136B - A kind of safety access method, terminal device and system - Google Patents

A kind of safety access method, terminal device and system Download PDF

Info

Publication number
CN108234136B
CN108234136B CN201810073019.7A CN201810073019A CN108234136B CN 108234136 B CN108234136 B CN 108234136B CN 201810073019 A CN201810073019 A CN 201810073019A CN 108234136 B CN108234136 B CN 108234136B
Authority
CN
China
Prior art keywords
data
server
safety devices
information safety
browser
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810073019.7A
Other languages
Chinese (zh)
Other versions
CN108234136A (en
Inventor
孙吉平
念龙龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
Beijing Senseshield Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senseshield Technology Co Ltd filed Critical Beijing Senseshield Technology Co Ltd
Priority to CN201810073019.7A priority Critical patent/CN108234136B/en
Publication of CN108234136A publication Critical patent/CN108234136A/en
Application granted granted Critical
Publication of CN108234136B publication Critical patent/CN108234136B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention discloses a kind of safety access methods, applied to terminal device, the described method includes: receiving the first verification data in response to logging request from server-side, and first verification data is sent to local service module by cross-domain access mode when browse request login service end;First verification data is sent to the information safety devices connecting with terminal device by local service module, and the second verify data generated in response to first verification data is received from information safety devices;Second verify data is sent to browser by cross-domain access mode by local service module, and the second verify data is returned to server-side by browser, to be verified by server-side to the second verify data.The invention also discloses a kind of secure access terminal device and systems.Secure access scheme through the invention, local information safety equipment can be also securely accessed by when browser control part is not available.

Description

A kind of safety access method, terminal device and system
Technical field
The present invention relates to field of information security technology, in particular to a kind of safety access method, terminal device and system.
Background technique
Due to safety concerns, the code run in browser is unable to local resource access, therefore also can not just access hardware Equipment.For example, when user's operation browser enters the verifying page of certain website, browser can not call directly hardware device into Row verifying.
Solution general at present is to go that hardware device is called to obtain verification information, but certain by the control in browser A little operating systems may disable the control of browser, cause browser that can not access local hardware device.
Summary of the invention
In view of this, the embodiment of the present invention proposes a kind of secure access scheme, can be realized through browser to local Information safety devices are had secure access to without being limited by browser control part.
For this purpose, the embodiment of the present invention proposes a kind of safety access method, it is applied to terminal device, which comprises When browse request login service end, the first verification data in response to logging request is received from server-side, and pass through cross-domain visit Ask that first verification data is sent to local service module by mode;First verification data is sent to and terminal by local service module The information safety devices of equipment connection, and the second verifying generated in response to first verification data is received from information safety devices Data;Second verify data is sent to browser by cross-domain access mode by local service module, and browser is by second Verify data returns to server-side, to be verified by server-side to the second verify data.
Preferably, the second verify data by the information safety devices by with the first private key to first verification data into Row digital signature and generate.
It is generated preferably, first verification data encrypts the first character string with the first public key by server-side, the second verifying Data are by the information safety devices by calculating cryptographic Hash to ciphertext data after being decrypted with the first private key to first verification data And it generates.
Preferably, the method also includes: browser sends data to local service module by cross-domain access mode Encryption and decryption instruction and the data to encryption and decryption;Local service module instructs the data encrypting and deciphering and the data to encryption and decryption are sent out The information safety devices are given, receive the encryption and decryption data returned from the information safety devices, and pass through cross-domain access side The encryption and decryption data is returned to browser by formula.
The embodiment of the present invention also proposed a kind of secure access terminal device, comprising: browser is configured to step in request The first verification data in response to logging request is received from server-side when recording server-side, and the second verify data is returned into service End, to be verified by server-side to the second verify data;Local service module is configured to for first verification data being sent to The information safety devices being connect with terminal device, and the generated in response to first verification data is received from information safety devices Two verify datas;Cross-domain access modules are configured to for first verification data to be transmitted to local service module, and second is verified Data forwarding is to browser.
Preferably, the second verify data by the information safety devices by with the first private key to first verification data into Row digital signature and generate.
It is generated preferably, first verification data encrypts the first character string with the first public key by server-side, the second verifying Data are by the information safety devices by calculating cryptographic Hash to ciphertext data after being decrypted with the first private key to first verification data And it generates.
Preferably, browser be additionally configured to generate data encrypting and deciphering instruction, and send data encrypting and deciphering instruction and it is to be added The data of decryption;Local service module is additionally configured to instruct the data encrypting and deciphering and the data to encryption and decryption be sent to it is described Information safety devices receive the encryption and decryption data returned from the information safety devices;Cross-domain access modules are additionally configured to institute Data encrypting and deciphering instruction and the data forwarding to encryption and decryption are stated to local service module, and the encryption and decryption data is transmitted to clear Look at device.
The embodiment of the present invention also proposed a kind of security access system, comprising: the secure access terminal of above-described embodiment is set It is standby;Server-side is configured to determine the public affairs of the information safety devices prestored according to the log-on message in the logging request Key carries out sign test to the second verify data as the first public key, and with the first public key.
The embodiment of the present invention also proposed a kind of security access system, comprising: the secure access terminal of above-described embodiment is set It is standby;Server-side is configured to determine the public affairs of the information safety devices prestored according to the log-on message in the logging request Key generates the first verification data to the encryption of the first character string as the first public key, with the first public key, and with first word The cryptographic Hash of symbol string verifies the second verify data.
Secure access scheme through the embodiment of the present invention can also be with even if certain systems forbid browser using control It realizes through secure access of the browser to local information safety equipment, improves the ease of use and letter of information safety devices Cease safety.
Detailed description of the invention
Fig. 1 is the schematic flow chart of one embodiment of safety access method of the invention;
Fig. 2 is the schematic flow chart of another embodiment of safety access method of the invention;
Fig. 3 is the schematic block diagram of secure access terminal device and system of the invention.
Specific embodiment
Each embodiment of the invention is described in detail with reference to the accompanying drawings.
Fig. 1 is the schematic flow chart of one embodiment of safety access method of the invention, the peace of the embodiment of the present invention Full access method is applied to terminal device.
As shown in Figure 1, the safety access method of the embodiment of the present invention, comprising:
When S101, browse request login service end, the first verification data in response to logging request is received from server-side, And first verification data is sent to by local service module by cross-domain access mode;
Browser is installed on terminal device, and the user of terminal device is when using browser access website, it is sometimes desirable to Some server-side, such as social category website service are logged on to by inputting log-on message on the login page that browser is shown End, mailbox service end, software license server-side etc., browser send the logging request of the log-on message inputted including user to Server-side.To request to establish communication connection between terminal device and server-side.
In order to improve the safety communicated to connect between terminal device and server-side, believe using encryption lock, bluetooth Key etc. It ceases safety equipment and encryption and decryption is carried out to communication interaction data.It is established between terminal device and server-side based on information safety devices Secure communication before, server-side need to information safety devices carry out authentication, for this purpose, server-side be based on connect from browser The logging request of receipts generates first verification data and returns to browser.After browser receives first verification data from server-side, By cross-domain access mode to first verification data is sent to the local service module being mounted in terminal device.Local service mould Block is, for example, local Web service module, for calling the application program in terminal device or call to connect with terminal device The function of external equipment.
First verification data is sent to the information safety devices connecting with terminal device by S102, local service module, and The second verify data generated in response to first verification data is received from information safety devices;
After local service module receives first verification data, execute transfer the operation of local information safety equipment with letter Data interaction is carried out between breath safety equipment, and first verification data is sent to information safety devices.Information safety devices from After local service module receives first verification data, according to the verification mode negotiated in advance, use information safety equipment is held Key be based on first verification data and generate the second verify data, and the second verify data is returned into local service module.
Second verify data is sent to browser by cross-domain access mode by S103, local service module, and is browsed Second verify data is returned to server-side by device, to be verified by server-side to the second verify data.
Local service module receives the second verifying number generated in response to first verification data from information safety devices According to rear, the second verify data is returned to by browser by cross-domain access mode, and the second verify data is returned to by browser To server-side.
After server-side receives the second verify data of return from browser, according to the above-mentioned verification mode negotiated in advance, Second verify data is verified.It is such as verified, then confirms that the information safety devices are legitimate device, complete to pacify information The authentication of full equipment allows terminal device by the information safety devices to the communication number between terminal device and server-side According to progress encryption and decryption processing.
Secure access scheme through the embodiment of the present invention can also be with even if certain systems forbid browser using control It realizes through secure access of the browser to local information safety equipment, server-side pacifies information safety devices Full authentication improves the ease of use and information security of information safety devices.
The verification mode negotiated in advance between above-mentioned server-side and information safety devices is illustrated below.
In an embodiment of the invention, the verification mode negotiated in advance can be, and server-side sends arbitrary string and makees For first verification data, information safety devices use the private key of itself to be digitally signed as the first private key to first verification data The second verify data is generated, the public key of the server-side information safety devices carries out sign test to the second verify data.Wherein, it services The first verification data that end is sent can be the random number that server-side generates in real time, or by by a random number with it is any other Character combination generates first verification data or one of pre-stored character string or multiple character strings.Server-side needs to save Transmitted first verification data is for verifying digital signature.By the verification mode, server-side is directly to the second verifying number According to sign test is carried out, verification efficiency is higher.
In another embodiment, the verification mode negotiated in advance can be, and server-side is set with the information security Standby public key carries out encryption to any character string as the first character string as the first public key and generates first verification data, information After safety equipment uses the private key of itself that first verification data is decrypted as the first private key, to the obtained character string meter of decryption Cryptographic Hash is calculated, using the cryptographic Hash being calculated as the second verify data.It is used when server-side is to generation first verification data Character string also calculates cryptographic Hash, and whether verify with the cryptographic Hash the second verify data correct.Wherein, server-side generates first The first character string used when verify data can be the random number that server-side generates in real time, or by by a random number and its The character string of his any character combination producing or one of pre-stored character string or multiple character strings.Server-side needs to protect The cryptographic Hash of the first character string is deposited for verifying digital signature.By the verification mode, server-side is indirectly to the second verifying number It is security verified higher according to being verified.
Fig. 2 is the schematic flow chart of another embodiment of safety access method of the invention.
As shown in Fig. 2, the safety access method of the embodiment of the present invention includes:
When S201, browse request login service end, the first verification data in response to logging request is received from server-side, And first verification data is sent to by local service module by cross-domain access mode;
First verification data is sent to the information safety devices connecting with terminal device by S202, local service module, and The second verify data generated in response to first verification data is received from information safety devices;
Second verify data is sent to browser by cross-domain access mode by S203, local service module, and is browsed Second verify data is returned to server-side by device, to be verified by server-side to the second verify data.
S204, browser send data encrypting and deciphering to local service module by cross-domain access mode and instruct and to encryption and decryption Data;
S205, local service module instruct the data encrypting and deciphering and the data to encryption and decryption are sent to the information peace Full equipment, receives the encryption and decryption data that returns from the information safety devices, and by cross-domain access mode by the encryption and decryption Data return to browser.
S201-S203 is similar with the S101-S103 in embodiment illustrated in fig. 1 in the embodiment of the present invention, omits herein specific Illustrate, S204-S205 is illustrated below.
In embodiments of the present invention, after server-side has passed through the authentication to information safety devices, information peace can be used The public key of full equipment is sent to browser after encrypting to the communication data of browser to be issued, browser is received from server-side To after the data of encryption, data deciphering instruction and the data to be decrypted are sent to local service mould by cross-domain access mode Block.After local service module receives data deciphering instruction and the data to be decrypted, local information safety equipment is transferred in execution Operation to carry out data interaction between information safety devices, and data deciphering instruction and the data to be decrypted are sent to Information safety devices.After information safety devices receive data deciphering instruction and the data to be decrypted, the decryption instructions are executed, Ciphertext data is obtained after being decrypted with the private key of the information safety devices data to be decrypted to this, and ciphertext data is returned to Local service module.Local service module returns to the ciphertext data returned from information safety devices by way of cross-domain access To browser, thus browser the encryption data that server-side is sent can be shown in clear text manner on the terminal device for Family is checked.
In embodiments of the present invention, before browser will send the data of encryption to server-side, by data to be encrypted and Encrypted instruction is sent to local service module by way of cross-domain access.Local service module receive data encryption instruction and After the data to be encrypted, the operation for transferring local information safety equipment is executed to carry out data friendship between information safety devices Mutually, and by data encryption instruction and the data to be encrypted information safety devices are sent to.Information safety devices receive data After encrypted instruction and the data to be encrypted, the encrypted instruction is executed, the data to be encrypted are carried out with the public key of server-side Encryption data is obtained after encryption, and encryption data is returned into local service module.Local service module will be set from information security The standby encryption data returned returns to browser by way of cross-domain access, so that browser can be by data to be sent to add Close mode is sent to server-side, and server-side private key pair encryption data deciphering can be used in server-side after receiving encryption data.
Secure access scheme through the embodiment of the present invention can also be with even if certain systems forbid browser using control It realizes through secure access of the browser to local information safety equipment, makes it possible for information safety devices to terminal device Communication data between server-side carries out encryption and decryption processing, improves the ease of use and information security of information safety devices Property.
Fig. 3 is the schematic block diagram of secure access terminal device and system of the invention.
As shown in figure 3, the secure access terminal device 20 of the embodiment of the present invention includes browser 23, local service module 21 With cross-domain access modules 22, terminal device 20 is connected to information safety devices 10, and between terminal device 20 and server-side 30 It is communicated by network.
Browser 23 is configured to when requesting login service end 30, is received from server-side 30 in response to the first of logging request Verify data, and the second verify data is returned into server-side 30, to be verified by server-side 30 to the second verify data.Across Domain browsing module 22 is configured to the first verification data that browser 23 receives being transmitted to local service module 21.
Local service module 21, which is configured to for first verification data to be sent to the information security connecting with terminal device 20, to be set Standby 10, and the second verify data generated in response to first verification data is received from information safety devices 10.Cross-domain access mould Block 22 is additionally configured to the second verify data that local service module 21 is obtained from information safety devices 10 being transmitted to browser 23.
The cooperating process of each component can be found in embodiment illustrated in fig. 1 in the embodiment of the present invention, omits illustrate herein.
Cross-domain access modules 22 in the embodiment of the present invention can for example be realized by jsonp code.Jsonp technology benefit The method that<script>node is created in the page submits HTTP request to not same area, can cross-domain submissions Ajax request, and And result can be returned by way of calling callback after request.
Secure access scheme through the embodiment of the present invention can also be with even if certain systems forbid browser using control It realizes through secure access of the browser to local information safety equipment, server-side pacifies information safety devices Full authentication improves the ease of use and information security of information safety devices.
In an embodiment of the invention, server-side 30 sends arbitrary string as first verification data, information security Equipment 10 uses the private key of itself to be digitally signed as the first private key to first verification data and generates the second verify data, service End 30 carries out sign test to the second verify data with the public key of the information safety devices 10.
In another embodiment, server-side 30 uses the public key of the information safety devices 10 as the first public key pair Any character string as the first character string carries out encryption and generates first verification data, itself the private key of information safety devices 10 After first verification data is decrypted as the first private key, cryptographic Hash is calculated to the character string that decryption obtains, will be calculated Cryptographic Hash as the second verify data.30 pairs of the server-side character strings used when generating first verification data also calculate Hash Value, and whether verify with the cryptographic Hash the second verify data correct.
In an embodiment of the invention, browser 23 is additionally configured to generate data encrypting and deciphering instruction, and sends data and add Decryption instructions and data to encryption and decryption.Local service module 21 is additionally configured to by data encrypting and deciphering instruction and to the number of encryption and decryption According to being sent to information safety devices 10, and receive the encryption and decryption data returned from information safety devices 10.Cross-domain access modules 22 It is additionally configured to instruct data encrypting and deciphering and the data forwarding to encryption and decryption is to local service module 21, and encryption and decryption data is turned Issue browser 23.The cooperating process of each component can be found in embodiment illustrated in fig. 2 in the embodiment of the present invention, omit herein specifically It is bright.
The embodiment of the present invention provides a kind of security access system simultaneously, including the secure access terminal in above-described embodiment Equipment 20 and server-side 30.Server-side 30 can send arbitrary string as first verification data, and information safety devices 10 are used The private key of itself is digitally signed first verification data as the first private key and generates the second verify data, and server-side 30 is used should The public key of information safety devices 10 carries out sign test to the second verify data.Wherein, server-side 30 is configurable to according to browser Log-on message in 23 logging requests sent, from the correspondence storage table between the information safety devices and log-on message prestored The public key of information safety devices 10 is found as the first public key.Security access system through the embodiment of the present invention, server-side 30 directly carry out sign test to the second verify data, and verification efficiency is higher.
The embodiment of the invention also provides another security access systems, including the secure access terminal in above-described embodiment Equipment 20 and server-side 30.Server-side 30 uses the public key of information safety devices 10 as the first public key to as the first character string Any character string carries out encryption and generates first verification data, and information safety devices 10 use the private key of itself as the first private key to the After one verify data is decrypted, cryptographic Hash is calculated to the character string that decryption obtains, using the cryptographic Hash being calculated as second Verify data.30 pairs of the server-side character strings that use when generating first verification data also calculate cryptographic Hash, and with the cryptographic Hash come Whether correct verify the second verify data.Wherein, server-side 30 is configurable in the logging request sent according to browser 23 Log-on message, find information safety devices from the correspondence storage table between the information safety devices and log-on message prestored 10 public key is as the first public key.Security access system through the embodiment of the present invention, server-side 30 is indirectly to the second verifying number It is security verified higher according to being verified.
Multiple embodiments of the invention are illustrated above, but the present invention is not limited to above-mentioned specific embodiments, originally Field technical staff can carry out a variety of variants and modifications to these embodiments on the basis of present inventive concept and spirit, this A little variants and modifications should all be fallen within scope of the present invention.

Claims (10)

1. a kind of safety access method is applied to terminal device, which comprises
When browse request login service end, from server-side receive in response to logging request first verification data, and by across First verification data is sent to local service module by domain browsing mode;
First verification data is sent to the information safety devices connecting with terminal device by local service module, and from information security Equipment receives the second verify data generated in response to first verification data;
Second verify data is sent to browser by cross-domain access mode by local service module, and browser is tested second Card data return to server-side, to be verified by server-side to the second verify data.
2. the method for claim 1, wherein the second verify data is by the information safety devices by with the first private key First verification data is digitally signed and is generated.
3. the method for claim 1, wherein first verification data serially adds the first character with the first public key by server-side It is dense at, the second verify data by the information safety devices by with the first private key to after first verification data decryption to decryption Data calculate cryptographic Hash and generate.
4. the method as described in claim 1, further includes:
Browser is by cross-domain access mode to local service module transmission data encrypting and deciphering instruction and to the data of encryption and decryption;
Local service module instructs the data encrypting and deciphering and the data to encryption and decryption are sent to the information safety devices, connects The encryption and decryption data returned from the information safety devices is received, and is returned to the encryption and decryption data by cross-domain access mode Browser.
5. a kind of secure access terminal device, comprising:
Browser is configured to receive when requesting login service end from server-side and verifies number in response to the first of logging request According to, and the second verify data is returned into server-side, to be verified by server-side to the second verify data;
Local service module is configured to for first verification data to be sent to the information safety devices connecting with terminal device, and The second verify data generated in response to first verification data is received from information safety devices;
Cross-domain access modules are configured to for first verification data to be transmitted to local service module, and the second verify data is turned Issue browser.
6. terminal device as claimed in claim 5, wherein the second verify data is by the information safety devices by with first Private key is digitally signed first verification data and generates.
7. terminal device as claimed in claim 5, wherein first verification data is by server-side with the first public key to the first character It serially adds dense at it is right after being decrypted with the first private key to first verification data that the second verify data is passed through by the information safety devices Ciphertext data calculates cryptographic Hash and generates.
8. terminal device as claimed in claim 5, wherein
Browser is additionally configured to generate data encrypting and deciphering instruction, and sends data encrypting and deciphering instruction and the data to encryption and decryption;
Local service module is additionally configured to instruct the data encrypting and deciphering and the data to encryption and decryption are sent to the information peace Full equipment receives the encryption and decryption data returned from the information safety devices;
Cross-domain access modules are additionally configured to instruct the data encrypting and deciphering and the data forwarding to encryption and decryption gives local service mould Block, and the encryption and decryption data is transmitted to browser.
9. a kind of security access system, comprising:
Secure access terminal device as described in claim 5 or 8;
Server-side is configured to determine the public affairs of the information safety devices prestored according to the log-on message in the logging request Key carries out sign test to the second verify data as the first public key, and with the first public key.
10. a kind of security access system, comprising:
Secure access terminal device as described in claim 5 or 8;
Server-side is configured to determine the public affairs of the information safety devices prestored according to the log-on message in the logging request Key generates the first verification data to the encryption of the first character string as the first public key, with the first public key, and with first word The cryptographic Hash of symbol string verifies the second verify data.
CN201810073019.7A 2018-01-25 2018-01-25 A kind of safety access method, terminal device and system Active CN108234136B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810073019.7A CN108234136B (en) 2018-01-25 2018-01-25 A kind of safety access method, terminal device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810073019.7A CN108234136B (en) 2018-01-25 2018-01-25 A kind of safety access method, terminal device and system

Publications (2)

Publication Number Publication Date
CN108234136A CN108234136A (en) 2018-06-29
CN108234136B true CN108234136B (en) 2019-11-12

Family

ID=62668888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810073019.7A Active CN108234136B (en) 2018-01-25 2018-01-25 A kind of safety access method, terminal device and system

Country Status (1)

Country Link
CN (1) CN108234136B (en)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9240991B2 (en) * 2012-12-13 2016-01-19 Sap Se Anti-phishing system for cross-domain web browser single sign-on
CN103873452A (en) * 2012-12-18 2014-06-18 北京掌汇天下科技有限公司 Method and system for connecting android system by PC (personal computer) browser
CN104468698A (en) * 2014-10-11 2015-03-25 杭州盈高科技有限公司 Cross-browser webpage communication system and method
US9794329B2 (en) * 2014-11-28 2017-10-17 Sap Se Cloud application with secure local access
CN105812323B (en) * 2014-12-30 2019-08-27 Tcl集团股份有限公司 A kind of method and apparatus of the cross-domain access data of network
CN106534116A (en) * 2016-11-10 2017-03-22 北京锐安科技有限公司 Asymmetric encryption method and device, and asymmetric decryption method and device
CN106341428A (en) * 2016-11-21 2017-01-18 航天信息股份有限公司 Cross-domain access control method and system
CN106712946B (en) * 2017-02-07 2020-06-26 上海瀚银信息技术有限公司 Data safety transmission method
CN106982228B (en) * 2017-05-08 2018-10-09 北京深思数盾科技股份有限公司 A kind of realization identity authentication method and system

Also Published As

Publication number Publication date
CN108234136A (en) 2018-06-29

Similar Documents

Publication Publication Date Title
US10880732B2 (en) Authentication of phone caller identity
US9838205B2 (en) Network authentication method for secure electronic transactions
US20190140844A1 (en) Identity-linked authentication through a user certificate system
CN105850073B (en) Information system access authentication method and device
US9231925B1 (en) Network authentication method for secure electronic transactions
CN102457507B (en) Cloud computing resources secure sharing method, Apparatus and system
CN105187431B (en) Login method, server, client and the communication system of third-party application
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
CN104954330B (en) A kind of methods, devices and systems to be conducted interviews to data resource
US10250389B2 (en) Script verification using a hash
CN101897166A (en) Systems and methods for establishing a secure communication channel using a browser component
JP5602165B2 (en) Method and apparatus for protecting network communications
CN109981287A (en) A kind of code signature method and its storage medium
CN105657474A (en) Anti-stealing link method and system using identity-based signature in video application
CN106845986A (en) The signature method and system of a kind of digital certificate
CN109981665A (en) Resource provider method and device, resource access method and device and system
CN107911344A (en) A kind of safe docking calculation of cloud platform
CN107347073A (en) A kind of resource information processing method
CN104463584A (en) Method for achieving mobile terminal App safety payment
CN114079645B (en) Method and device for registering service
CN109740319A (en) Digital identity verification method and server
CN109495458A (en) A kind of method, system and the associated component of data transmission
KR20090097036A (en) Otp generating method for using the sms, and personal identification method and system for using the same
CN108289100B (en) A kind of safety access method, terminal device and system
CN108234136B (en) A kind of safety access method, terminal device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee after: Beijing Shendun Technology Co.,Ltd.

Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing

Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd.