CN108270769A - Websocket-based dual-factor authentication system and method - Google Patents

Websocket-based dual-factor authentication system and method Download PDF

Info

Publication number
CN108270769A
CN108270769A CN201711311526.1A CN201711311526A CN108270769A CN 108270769 A CN108270769 A CN 108270769A CN 201711311526 A CN201711311526 A CN 201711311526A CN 108270769 A CN108270769 A CN 108270769A
Authority
CN
China
Prior art keywords
usbkey
user
websocket
web server
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711311526.1A
Other languages
Chinese (zh)
Inventor
刘光前
明宏
余秦勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
No32 Research Institute Of China Electronics Technology Group Corp
Original Assignee
No32 Research Institute Of China Electronics Technology Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by No32 Research Institute Of China Electronics Technology Group Corp filed Critical No32 Research Institute Of China Electronics Technology Group Corp
Priority to CN201711311526.1A priority Critical patent/CN108270769A/en
Publication of CN108270769A publication Critical patent/CN108270769A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a two-factor authentication system and a method based on Websocket, and the method comprises the following steps: step one, a user inputs a user account name, a password and a PIN code of a UsbKey from a browser page and transmits the user account name, the password and the PIN code to the UsbKey; step two, the UsbKey communication module acquires the authentication of the UsbKey equipment by using the PIN code; step three, the UsbKey equipment encrypts a user password and an identifier of the UsbKey by using a public key of the Web server; and step four, the UsbKey equipment uses a private key of the UsbKey equipment to sign the result encrypted by the step five. The invention completes the encryption and decryption operations of the data through the UsbKey hardware, and the performance can be ensured.

Description

Two-factor authentication system and method based on Websocket
Technical field
The present invention relates to a kind of Verification System and methods, and in particular, to a kind of double factor authentication based on Websocket System and method.
Background technology
In Web application and development double factor authentication functions, past implementation method can only utilize the IE browser of Microsoft to develop OCX components could be completed.This user for need to carry out double factor authentication accesses application from selecting other browsers.
Until the distribution of HTML5 standards, just so that such case is changed.A skill is included in the standard of HTML5 Art, i.e.,:Websocket.WebSocket agreements are a kind of new procotols based on TCP.It realizes browser and service Device full duplex (full-duplex) communicates --- and server is allowed actively to send information to client.WebSocket agreements are supported (not trusted code is run in controlled environment) client and (selection adds in the communication of the code) distance host it Between carry out full-duplex communication.Security model for this is that Web browser is common based on original safe mode.Agreement includes One open shake hands and subsequent TCP layer on message frame.The target of the technology be for based on browser, need kimonos Business device carry out two-way communication (server cannot rely upon open multiple HTTP connections (for example, using XMLHttpRequest or <iframe>And long poll)) a kind of communication mechanism of application program offer.
Invention content
For the defects in the prior art, the object of the present invention is to provide a kind of double factor authentications based on Websocket System and method, the encrypt and decrypt operation of data is completed by UsbKey hardware, and performance can be guaranteed.
According to an aspect of the present invention, a kind of two-factor authentication system based on Websocket is provided, feature exists In, including user authentication module, remote server, client, user authentication interface, Web server, UsbKey communication modules, User authentication module, remote server, client, user authentication interface, Web server, UsbKey communication modules are sequentially connected, Web server is the Web application systems of user, UsbKey communication modules using UsbKey interfaces realize Websocket with UsbKey exchanges the interface of data.
The present invention also provides a kind of double factor authentication methods based on Websocket, which is characterized in that including following step Suddenly:
Step 1, user input the PIN code of user account name, password and UsbKey from browser page, and pass to UsbKey;
Step 2, UsbKey communication modules obtain the certification of UsbKey equipment using PIN code;
Step 3, UsbKey equipment use the public key encryption user password of Web server and the mark of UsbKey;
Step 4, UsbKey equipment is using the private key signature of oneself by the encrypted result of step 5;
Step 5, then UsbKey equipment result of calculation is returned into browser;
Result of calculation is submitted to Web server and verified by step 6, browser;
Step 7, Web server obtain the public key of UsbKey according to user name and solve confidential information;
Step 8, Web server use the result of the private key decryption step seven of oneself;
Account in obtained the user name and password and system is authenticated by step 9, Web server again.
Preferably, the Web server is the Web application systems of user.
Preferably, the UsbKey communication modules realize that Websocket exchanges data with UsbKey using UsbKey interfaces Interface.
Compared with prior art, the present invention has following advantageous effect:One, due to using Websocket technologies, product Versatility become strong.Two, the present invention completes the encrypt and decrypt operation of data by UsbKey hardware, and performance can be protected Card.Three, related data is encrypted in preservation by using UsbKey hardware, ensure that the safety of application.Four, by using UsbKey improves the ease for use of user.
Description of the drawings
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention, Objects and advantages will become more apparent upon:
Fig. 1 is the schematic diagram of the two-factor authentication system the present invention is based on Websocket.
Fig. 2 is the flow chart of the double factor authentication method the present invention is based on Websocket.
Specific embodiment
With reference to specific embodiment, the present invention is described in detail.Following embodiment will be helpful to the technology of this field Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill to this field For personnel, without departing from the inventive concept of the premise, various modifications and improvements can be made.These belong to the present invention Protection domain.
As shown in Figure 1, the two-factor authentication system the present invention is based on Websocket includes user authentication module, long-range clothes Business device, client, user authentication interface, Web server, UsbKey communication modules, user authentication module, remote server, visitor Family end, user authentication interface, Web server, UsbKey communication modules are sequentially connected, and Web server is the Web applications system of user System, UsbKey communication modules realize that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces.
As shown in Fig. 2, the double factor authentication method the present invention is based on Websocket includes the following steps:
Step 1, user input the PIN code of user account name, password and UsbKey from browser page, and pass to UsbKey;
Step 2, UsbKey communication modules obtain the certification of UsbKey equipment using PIN code;
Step 3, UsbKey equipment use the public key encryption user password of Web server and the mark of UsbKey;
Step 4, UsbKey equipment is using the private key signature of oneself by the encrypted result of step 5;
Step 5, then UsbKey equipment result of calculation is returned into browser;
Result of calculation is submitted to Web server and verified by step 6, browser;
Step 7, Web server obtain the public key of UsbKey according to user name and solve confidential information;
Step 8, Web server use the result of the private key decryption step seven of oneself;
Account in obtained the user name and password and system is authenticated by step 9, Web server again.
Web server is the Web application systems of user so that it is convenient to operate.
UsbKey communication modules realize that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces, in this way Facilitate communication.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow Ring the substantive content of the present invention.

Claims (4)

1. a kind of two-factor authentication system based on Websocket, which is characterized in that including user authentication module, remote service Device, client, user authentication interface, Web server, UsbKey communication modules, user authentication module, remote server, client End, user authentication interface, Web server, UsbKey communication modules are sequentially connected, and Web server is the Web applications system of user System, UsbKey communication modules realize that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces.
2. a kind of double factor authentication method based on Websocket, which is characterized in that include the following steps:
Step 1, user input the PIN code of user account name, password and UsbKey from browser page, and pass to UsbKey;
Step 2, UsbKey communication modules obtain the certification of UsbKey equipment using PIN code;
Step 3, UsbKey equipment use the public key encryption user password of Web server and the mark of UsbKey;
Step 4, UsbKey equipment is using the private key signature of oneself by the encrypted result of step 5;
Step 5, then UsbKey equipment result of calculation is returned into browser;
Result of calculation is submitted to Web server and verified by step 6, browser;
Step 7, Web server obtain the public key of UsbKey according to user name and solve confidential information;
Step 8, Web server use the result of the private key decryption step seven of oneself;
Account in obtained the user name and password and system is authenticated by step 9, Web server again.
3. the double factor authentication method according to claim 2 based on Websocket, which is characterized in that the Web service Device is the Web application systems of user.
4. the double factor authentication method according to claim 2 based on Websocket, which is characterized in that the UsbKey Communication module realizes that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces.
CN201711311526.1A 2017-12-11 2017-12-11 Websocket-based dual-factor authentication system and method Pending CN108270769A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711311526.1A CN108270769A (en) 2017-12-11 2017-12-11 Websocket-based dual-factor authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711311526.1A CN108270769A (en) 2017-12-11 2017-12-11 Websocket-based dual-factor authentication system and method

Publications (1)

Publication Number Publication Date
CN108270769A true CN108270769A (en) 2018-07-10

Family

ID=62772140

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711311526.1A Pending CN108270769A (en) 2017-12-11 2017-12-11 Websocket-based dual-factor authentication system and method

Country Status (1)

Country Link
CN (1) CN108270769A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20030065761A (en) * 2002-01-31 2003-08-09 주식회사 애드시큐 Fingerprint USB-Key authentication system
CN101350723A (en) * 2008-06-20 2009-01-21 北京天威诚信电子商务服务有限公司 USB Key equipment and method for implementing verification thereof
CN101770619A (en) * 2008-12-31 2010-07-07 中国银联股份有限公司 Multiple-factor authentication method for online payment and authentication system
CN102420800A (en) * 2010-09-28 2012-04-18 俞浩波 Method, system and authentication terminal for accomplishing service by multi-factor identity authentication
CN104484823A (en) * 2014-11-26 2015-04-01 中金金融认证中心有限公司 Method and system for PKI (public key infrastructure) services of electronic bank
CN107094081A (en) * 2017-06-28 2017-08-25 济南浪潮高新科技投资发展有限公司 The solution that a kind of use UsbKey for supporting many browsers is digitally signed

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20030065761A (en) * 2002-01-31 2003-08-09 주식회사 애드시큐 Fingerprint USB-Key authentication system
CN101350723A (en) * 2008-06-20 2009-01-21 北京天威诚信电子商务服务有限公司 USB Key equipment and method for implementing verification thereof
CN101770619A (en) * 2008-12-31 2010-07-07 中国银联股份有限公司 Multiple-factor authentication method for online payment and authentication system
CN102420800A (en) * 2010-09-28 2012-04-18 俞浩波 Method, system and authentication terminal for accomplishing service by multi-factor identity authentication
CN104484823A (en) * 2014-11-26 2015-04-01 中金金融认证中心有限公司 Method and system for PKI (public key infrastructure) services of electronic bank
CN107094081A (en) * 2017-06-28 2017-08-25 济南浪潮高新科技投资发展有限公司 The solution that a kind of use UsbKey for supporting many browsers is digitally signed

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱卫东: "《计算机安全基础教程》", 30 September 2009 *

Similar Documents

Publication Publication Date Title
CN105850073B (en) Information system access authentication method and device
US9185096B2 (en) Identity verification
EP2519906B1 (en) Method and system for user authentication
US10637650B2 (en) Active authentication session transfer
US20130205360A1 (en) Protecting user credentials from a computing device
CN103237305B (en) Password protection method for smart card on facing moving terminal
CN103281193B (en) Identity authentication method and system and data transmission method and device based on identity authentication system
EP1129541A1 (en) Method and system for authenticating and utilizing secure resources in a computer system
KR101879758B1 (en) Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate
TW201409990A (en) Communication method utilizing fingerprint information for authentication
CN109362074A (en) The method of h5 and server-side safety communication in a kind of mixed mode APP
CN104486087A (en) Digital signature method based on remote hardware security modules
CN102404337A (en) Data encryption method and device
CN102412969B (en) Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof
CN109495458A (en) A kind of method, system and the associated component of data transmission
US20150350170A1 (en) Secure authentication of mobile users with no connectivity between authentication service and requesting entity
CN115935301A (en) Application program generation method based on visual configuration, client and development platform
JP2012128726A (en) Network authentication system, network authentication method and program
CN104469758B (en) More equipment safety login methods
US20220376933A1 (en) Cryptographic services for browser applications
CN108270769A (en) Websocket-based dual-factor authentication system and method
CN106027535A (en) Campus network security authentication system and method
Chen et al. Applications of multi-channel safety authentication protocols in wireless networks
Xu et al. Qrtoken: Unifying authentication framework to protect user online identity
CN102780812A (en) Method and system for achieving safe input by using mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180710

RJ01 Rejection of invention patent application after publication