CN108270769A - Websocket-based dual-factor authentication system and method - Google Patents
Websocket-based dual-factor authentication system and method Download PDFInfo
- Publication number
- CN108270769A CN108270769A CN201711311526.1A CN201711311526A CN108270769A CN 108270769 A CN108270769 A CN 108270769A CN 201711311526 A CN201711311526 A CN 201711311526A CN 108270769 A CN108270769 A CN 108270769A
- Authority
- CN
- China
- Prior art keywords
- usbkey
- user
- websocket
- web server
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 238000004891 communication Methods 0.000 claims abstract description 21
- 238000005516 engineering process Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a two-factor authentication system and a method based on Websocket, and the method comprises the following steps: step one, a user inputs a user account name, a password and a PIN code of a UsbKey from a browser page and transmits the user account name, the password and the PIN code to the UsbKey; step two, the UsbKey communication module acquires the authentication of the UsbKey equipment by using the PIN code; step three, the UsbKey equipment encrypts a user password and an identifier of the UsbKey by using a public key of the Web server; and step four, the UsbKey equipment uses a private key of the UsbKey equipment to sign the result encrypted by the step five. The invention completes the encryption and decryption operations of the data through the UsbKey hardware, and the performance can be ensured.
Description
Technical field
The present invention relates to a kind of Verification System and methods, and in particular, to a kind of double factor authentication based on Websocket
System and method.
Background technology
In Web application and development double factor authentication functions, past implementation method can only utilize the IE browser of Microsoft to develop
OCX components could be completed.This user for need to carry out double factor authentication accesses application from selecting other browsers.
Until the distribution of HTML5 standards, just so that such case is changed.A skill is included in the standard of HTML5
Art, i.e.,:Websocket.WebSocket agreements are a kind of new procotols based on TCP.It realizes browser and service
Device full duplex (full-duplex) communicates --- and server is allowed actively to send information to client.WebSocket agreements are supported
(not trusted code is run in controlled environment) client and (selection adds in the communication of the code) distance host it
Between carry out full-duplex communication.Security model for this is that Web browser is common based on original safe mode.Agreement includes
One open shake hands and subsequent TCP layer on message frame.The target of the technology be for based on browser, need kimonos
Business device carry out two-way communication (server cannot rely upon open multiple HTTP connections (for example, using XMLHttpRequest or
<iframe>And long poll)) a kind of communication mechanism of application program offer.
Invention content
For the defects in the prior art, the object of the present invention is to provide a kind of double factor authentications based on Websocket
System and method, the encrypt and decrypt operation of data is completed by UsbKey hardware, and performance can be guaranteed.
According to an aspect of the present invention, a kind of two-factor authentication system based on Websocket is provided, feature exists
In, including user authentication module, remote server, client, user authentication interface, Web server, UsbKey communication modules,
User authentication module, remote server, client, user authentication interface, Web server, UsbKey communication modules are sequentially connected,
Web server is the Web application systems of user, UsbKey communication modules using UsbKey interfaces realize Websocket with
UsbKey exchanges the interface of data.
The present invention also provides a kind of double factor authentication methods based on Websocket, which is characterized in that including following step
Suddenly:
Step 1, user input the PIN code of user account name, password and UsbKey from browser page, and pass to
UsbKey;
Step 2, UsbKey communication modules obtain the certification of UsbKey equipment using PIN code;
Step 3, UsbKey equipment use the public key encryption user password of Web server and the mark of UsbKey;
Step 4, UsbKey equipment is using the private key signature of oneself by the encrypted result of step 5;
Step 5, then UsbKey equipment result of calculation is returned into browser;
Result of calculation is submitted to Web server and verified by step 6, browser;
Step 7, Web server obtain the public key of UsbKey according to user name and solve confidential information;
Step 8, Web server use the result of the private key decryption step seven of oneself;
Account in obtained the user name and password and system is authenticated by step 9, Web server again.
Preferably, the Web server is the Web application systems of user.
Preferably, the UsbKey communication modules realize that Websocket exchanges data with UsbKey using UsbKey interfaces
Interface.
Compared with prior art, the present invention has following advantageous effect:One, due to using Websocket technologies, product
Versatility become strong.Two, the present invention completes the encrypt and decrypt operation of data by UsbKey hardware, and performance can be protected
Card.Three, related data is encrypted in preservation by using UsbKey hardware, ensure that the safety of application.Four, by using
UsbKey improves the ease for use of user.
Description of the drawings
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is the schematic diagram of the two-factor authentication system the present invention is based on Websocket.
Fig. 2 is the flow chart of the double factor authentication method the present invention is based on Websocket.
Specific embodiment
With reference to specific embodiment, the present invention is described in detail.Following embodiment will be helpful to the technology of this field
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill to this field
For personnel, without departing from the inventive concept of the premise, various modifications and improvements can be made.These belong to the present invention
Protection domain.
As shown in Figure 1, the two-factor authentication system the present invention is based on Websocket includes user authentication module, long-range clothes
Business device, client, user authentication interface, Web server, UsbKey communication modules, user authentication module, remote server, visitor
Family end, user authentication interface, Web server, UsbKey communication modules are sequentially connected, and Web server is the Web applications system of user
System, UsbKey communication modules realize that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces.
As shown in Fig. 2, the double factor authentication method the present invention is based on Websocket includes the following steps:
Step 1, user input the PIN code of user account name, password and UsbKey from browser page, and pass to
UsbKey;
Step 2, UsbKey communication modules obtain the certification of UsbKey equipment using PIN code;
Step 3, UsbKey equipment use the public key encryption user password of Web server and the mark of UsbKey;
Step 4, UsbKey equipment is using the private key signature of oneself by the encrypted result of step 5;
Step 5, then UsbKey equipment result of calculation is returned into browser;
Result of calculation is submitted to Web server and verified by step 6, browser;
Step 7, Web server obtain the public key of UsbKey according to user name and solve confidential information;
Step 8, Web server use the result of the private key decryption step seven of oneself;
Account in obtained the user name and password and system is authenticated by step 9, Web server again.
Web server is the Web application systems of user so that it is convenient to operate.
UsbKey communication modules realize that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces, in this way
Facilitate communication.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring the substantive content of the present invention.
Claims (4)
1. a kind of two-factor authentication system based on Websocket, which is characterized in that including user authentication module, remote service
Device, client, user authentication interface, Web server, UsbKey communication modules, user authentication module, remote server, client
End, user authentication interface, Web server, UsbKey communication modules are sequentially connected, and Web server is the Web applications system of user
System, UsbKey communication modules realize that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces.
2. a kind of double factor authentication method based on Websocket, which is characterized in that include the following steps:
Step 1, user input the PIN code of user account name, password and UsbKey from browser page, and pass to UsbKey;
Step 2, UsbKey communication modules obtain the certification of UsbKey equipment using PIN code;
Step 3, UsbKey equipment use the public key encryption user password of Web server and the mark of UsbKey;
Step 4, UsbKey equipment is using the private key signature of oneself by the encrypted result of step 5;
Step 5, then UsbKey equipment result of calculation is returned into browser;
Result of calculation is submitted to Web server and verified by step 6, browser;
Step 7, Web server obtain the public key of UsbKey according to user name and solve confidential information;
Step 8, Web server use the result of the private key decryption step seven of oneself;
Account in obtained the user name and password and system is authenticated by step 9, Web server again.
3. the double factor authentication method according to claim 2 based on Websocket, which is characterized in that the Web service
Device is the Web application systems of user.
4. the double factor authentication method according to claim 2 based on Websocket, which is characterized in that the UsbKey
Communication module realizes that Websocket exchanges the interface of data with UsbKey using UsbKey interfaces.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711311526.1A CN108270769A (en) | 2017-12-11 | 2017-12-11 | Websocket-based dual-factor authentication system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711311526.1A CN108270769A (en) | 2017-12-11 | 2017-12-11 | Websocket-based dual-factor authentication system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108270769A true CN108270769A (en) | 2018-07-10 |
Family
ID=62772140
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711311526.1A Pending CN108270769A (en) | 2017-12-11 | 2017-12-11 | Websocket-based dual-factor authentication system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108270769A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20030065761A (en) * | 2002-01-31 | 2003-08-09 | 주식회사 애드시큐 | Fingerprint USB-Key authentication system |
CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
CN101770619A (en) * | 2008-12-31 | 2010-07-07 | 中国银联股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
CN102420800A (en) * | 2010-09-28 | 2012-04-18 | 俞浩波 | Method, system and authentication terminal for accomplishing service by multi-factor identity authentication |
CN104484823A (en) * | 2014-11-26 | 2015-04-01 | 中金金融认证中心有限公司 | Method and system for PKI (public key infrastructure) services of electronic bank |
CN107094081A (en) * | 2017-06-28 | 2017-08-25 | 济南浪潮高新科技投资发展有限公司 | The solution that a kind of use UsbKey for supporting many browsers is digitally signed |
-
2017
- 2017-12-11 CN CN201711311526.1A patent/CN108270769A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20030065761A (en) * | 2002-01-31 | 2003-08-09 | 주식회사 애드시큐 | Fingerprint USB-Key authentication system |
CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
CN101770619A (en) * | 2008-12-31 | 2010-07-07 | 中国银联股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
CN102420800A (en) * | 2010-09-28 | 2012-04-18 | 俞浩波 | Method, system and authentication terminal for accomplishing service by multi-factor identity authentication |
CN104484823A (en) * | 2014-11-26 | 2015-04-01 | 中金金融认证中心有限公司 | Method and system for PKI (public key infrastructure) services of electronic bank |
CN107094081A (en) * | 2017-06-28 | 2017-08-25 | 济南浪潮高新科技投资发展有限公司 | The solution that a kind of use UsbKey for supporting many browsers is digitally signed |
Non-Patent Citations (1)
Title |
---|
朱卫东: "《计算机安全基础教程》", 30 September 2009 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105850073B (en) | Information system access authentication method and device | |
US9185096B2 (en) | Identity verification | |
EP2519906B1 (en) | Method and system for user authentication | |
US10637650B2 (en) | Active authentication session transfer | |
US20130205360A1 (en) | Protecting user credentials from a computing device | |
CN103237305B (en) | Password protection method for smart card on facing moving terminal | |
CN103281193B (en) | Identity authentication method and system and data transmission method and device based on identity authentication system | |
EP1129541A1 (en) | Method and system for authenticating and utilizing secure resources in a computer system | |
KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
TW201409990A (en) | Communication method utilizing fingerprint information for authentication | |
CN109362074A (en) | The method of h5 and server-side safety communication in a kind of mixed mode APP | |
CN104486087A (en) | Digital signature method based on remote hardware security modules | |
CN102404337A (en) | Data encryption method and device | |
CN102412969B (en) | Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
US20150350170A1 (en) | Secure authentication of mobile users with no connectivity between authentication service and requesting entity | |
CN115935301A (en) | Application program generation method based on visual configuration, client and development platform | |
JP2012128726A (en) | Network authentication system, network authentication method and program | |
CN104469758B (en) | More equipment safety login methods | |
US20220376933A1 (en) | Cryptographic services for browser applications | |
CN108270769A (en) | Websocket-based dual-factor authentication system and method | |
CN106027535A (en) | Campus network security authentication system and method | |
Chen et al. | Applications of multi-channel safety authentication protocols in wireless networks | |
Xu et al. | Qrtoken: Unifying authentication framework to protect user online identity | |
CN102780812A (en) | Method and system for achieving safe input by using mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180710 |
|
RJ01 | Rejection of invention patent application after publication |