CN108989021A - Information authentication method, device, computer equipment and readable storage medium storing program for executing - Google Patents
Information authentication method, device, computer equipment and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN108989021A CN108989021A CN201810564889.4A CN201810564889A CN108989021A CN 108989021 A CN108989021 A CN 108989021A CN 201810564889 A CN201810564889 A CN 201810564889A CN 108989021 A CN108989021 A CN 108989021A
- Authority
- CN
- China
- Prior art keywords
- key
- registrant
- server
- information
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The present invention relates to a kind of information authentication method, device, computer equipment and readable storage medium storing program for executing, belong to technical field of the computer network.The described method includes: determining Public key, Public key and private key are matched;If dynamic key is sent to equipment by successful match;When detecting key to be verified, dynamic key is matched with key to be verified;If dynamic key and key agreement to be verified, it is determined that default server;Log on to default server.The present invention matches Public key and private key, if successful match, then generate dynamic key, dynamic key is matched with the key to be verified got, if matching is consistent, completes the certification of information to be certified, so that after carrying out first time authentification of message based on private key, dynamic key can also be generated and carry out second of authentification of message, criminal, which only gets private key, can not log on to server, improve the safety of server in software systems.
Description
Technical field
The present invention relates to technical field of the computer network, in particular to a kind of information authentication method, device, computer equipment
And readable storage medium storing program for executing.
Background technique
With the rapid development of computer networking technology and field of software development, economic society developing demand increasingly
Increase, consequent is that software systems are proposed with higher service request.For a software systems, in order to give
User provides more services, and the operation of software systems generally requires several or even tens server providing services supports, this
A little servers are respectively used to the calculating for obtaining data, resource and software systems are related in the process of running.Due to these services
Device is usually located in software systems intranet environment mounted, directly can not provide service for outer network environment, it is thus typically necessary to
The connection between these servers and outer network environment is established based on Jumpserver (fort machine).Jumpserver be it is a by
The springboard machine system for the open source that python (explanation type computer programming language) writes, is that registrant steps in outer network environment
The unique channel for recording respective server in software systems is authenticated by information of the Jumpserver to registrant, and realization is stepped on
Record person is logged on in outer network environment in the respective server of software systems.
In the related technology, the major technique of Jumpserver is LDAP (Lightweight Directory Access
Protocol, Light Directory Access Protocol), whole servers in software systems are authenticated by LDAP.In registrant head
When the secondary a certain server logged on in software systems, registrant needs that password is arranged, and by password and is logged in by Jumpserver
(Internet Protocol, the Internet protocol) address IP of person is corresponding to be stored in the database, and extremely by database synchronization
LDAP.When registrant is logged on in the server of software systems in Jumpserver based on IP address request next time, by
Jumpserver extracts the password of current registrant in the database, is sent to password by pexpect (interaction) module
LDAP verifies password by LDAP, to log on in the server of software systems.
In the implementation of the present invention, inventor find the relevant technologies the prior art has at least the following problems:
Since Jumpserver authenticates the information of registrant based on the password that registrant is arranged, and registrant is arranged
Cipher safety it is lower, be easy cracked by criminal by violent means, lead to the peace of server in software systems
Full property is lower.
Summary of the invention
To overcome the cipher safety of the setting of registrant present in the relevant technologies lower, it is easy to be passed through by criminal sudden and violent
Power means are cracked, and the problem for causing the safety of server in software systems lower, the present invention provides a kind of authentification of message
Method, apparatus, computer equipment and readable storage medium storing program for executing.
According to a first aspect of the embodiments of the present invention, a kind of information authentication method is provided, which comprises
Based on the information to be certified received, Public key is determined, the Public key and private key are matched,
The information to be certified includes at least private key and address identifies;
If the Public key and the private key successful match generate dynamic key, registrant's input is obtained
User identifier, the equipment that the dynamic key is sent to user identifier instruction;
When detecting the key to be verified of registrant input, by the dynamic key and the key to be verified into
Row matching;
If the dynamic key and the key agreement to be verified are identified based on the address, determine default service
Device, the default server are that the address identifies any server having at least one server of logon rights;
The default server is logged on to, display logins successfully instruction, completes the certification to the information to be certified.
In another embodiment, described that Public key is determined based on the information to be certified received, it will be described public close
Before key and private key are matched, the method also includes:
It determines at least one the described server for allowing the registrant to access, logs in power for address mark distribution
Limit, by the storage corresponding at least one server address of at least one server of address mark;
Configuring cipher key generates software, and the running environment that the key generates software is changed to default running environment, described
Key generates software and is at least interaction shell environment for generating the dynamic key, the default running environment;
Distribution log folder is identified for the address, the log folder is accessed in record screen software, the log
File is used to store the historical operation record of the registrant, and the record screen software is used to obtain the history behaviour of the registrant
It notes down.
In another embodiment, the key generation software is at least authenticator Authenticator client, described
Key generates software and runs on re-authentication system, and the re-authentication system is at least authenticator open source Authenticator
Open Source system.
In another embodiment, described that Public key is determined based on the information to be certified received, it will be described public close
Key and private key carry out matching
When receiving the information to be certified, the address mark is extracted in the information to be certified;
It inquires and obtains Public key corresponding with address mark;
The private key is extracted in the information to be certified, by the Public key and private key progress
Match.
In another embodiment, described that Public key is determined based on the information to be certified received, it will be described public close
After key and private key are matched, the method also includes:
If the Public key is with the private key, it fails to match, stops current process, and display login failure refers to
It enables.
In another embodiment, described when detecting the key to be verified of registrant's input, by the dynamic
After key is matched with the key to be verified, the method also includes:
If the dynamic key and the key to be verified are inconsistent, stop current process, display login failure refers to
It enables.
In another embodiment, the method also includes:
After detecting that the registrant successfully logs in the default server, starting record screen software;
Based on the record screen software operation behavior of the registrant is recorded, generate the historical operation record and
Recording time;
Shield software based on the record, the historical operation record and the recording time are corresponded to and stored to the log text
Part folder.
In another embodiment, the method also includes:
Log query request is received, the log query request includes at least recording time to be checked and address label to be checked
Know;
It obtains the address to be checked and identifies corresponding log folder to be checked, in the log folder to be checked
Obtain the specified historical operation record of the recording time instruction to be checked;
It is ordered based on projection, the specified historical operation record is shown, the projection order is at least file and returns
Put scriptreplay order.
According to a second aspect of the embodiments of the present invention, a kind of information authenticating apparatus is provided, described device includes:
First matching module, for determining Public key based on the information to be certified received, by the Public key and
Private key is matched, and the information to be certified includes at least private key and address identifies;
Generation module, if generating dynamic key for the Public key and the private key successful match, obtaining
The user identifier for taking registrant to input, the equipment that the dynamic key is sent to the user identifier instruction;
Second matching module, for when detecting the key to be verified of registrant input, by the dynamic key
It is matched with the key to be verified;
Determining module, if identified for the dynamic key and the key agreement to be verified based on the address,
Determine that default server, the default server are that address mark has appointing at least one server of logon rights
One server;
Login module, for logging on to the default server, display logins successfully instruction, completes to the letter to be certified
The certification of breath.
In another embodiment, described device further include:
Authority distribution module allows at least one server described in registrant's access for determining, for describedly
Location mark distribution logon rights, the address are identified corresponding at least one server address of at least one server
Storage;
Software configuration module generates software for configuring cipher key, the running environment that the key generates software is changed to
Default running environment, the key generates software for generating the dynamic key, and the default running environment, which is at least, to be interacted
Shell environment;
Folder allocation module accesses the log folder for distributing log folder for address mark
In record screen software, the log folder is used to store the historical operation record of the registrant, and the record screen software is for obtaining
Take the historical operation record of the registrant.
In another embodiment, the key generation software is at least authenticator Authenticator client, described
Key generates software and runs on re-authentication system, and the re-authentication system is at least authenticator open source Authenticator
Open Source system.
In another embodiment, first matching module includes:
Extracting sub-module, for being extracted describedly in the information to be certified when receiving the information to be certified
Location mark;
Submodule is inquired, for inquiring and obtaining Public key corresponding with address mark;
Matched sub-block, for extracting the private key in the information to be certified, by the Public key and institute
Private key is stated to be matched.
In another embodiment, described device further include:
First failure module stops current stream if it fails to match with the private key for the Public key
Journey, display login failure instruction.
In another embodiment, described device further include:
Second failure module stops current stream if inconsistent for the dynamic key and the key to be verified
Journey, display login failure instruction.
In another embodiment, described device further include:
Starting module, for after detecting that the registrant successfully logs in the default server, software to be shielded in starting record;
Module is recorded, for recording based on record screen software to the operation behavior of the registrant, described in generation
Historical operation record and recording time;
Memory module deposits the historical operation record and recording time correspondence for shielding software based on the record
It stores up to the log folder.
In another embodiment, described device further include:
Receiving module, for receiving log query request, the log query request includes at least recording time to be checked
And address mark to be checked;
Module is obtained, corresponding log folder to be checked is identified for obtaining the address to be checked, described to be checked
Ask the specified historical operation record that the recording time instruction to be checked is obtained in log folder;
Module is shown, for being shown to the specified historical operation record based on projection order, the projection order
At least file playback scriptreplay order.
According to a third aspect of the embodiments of the present invention, a kind of computer equipment, including memory, processor and storage are provided
On a memory and the computer executable instructions that can run on a processor, it is executable that the processor executes the computer
Information authentication method described in above-mentioned first aspect is realized when instruction.
According to a fourth aspect of the embodiments of the present invention, a kind of readable storage medium storing program for executing is provided, is deposited on the readable storage medium storing program for executing
Instruction is contained, described instruction is executed by processor to complete information authentication method described in above-mentioned first aspect.
The technical solution that the embodiment of the present invention provides can include the following benefits:
Based on the information to be certified received, determines Public key, Public key and private key are matched, if
Public key and private key successful match then generate dynamic key, the user identifier of registrant's input are obtained, by dynamic key
Be sent to user identifier instruction equipment, and when detect registrant input key to be verified when, by dynamic key with it is to be tested
Card key is matched, if dynamic key and key agreement to be verified, is identified based on address, is determined default server, step on
Record to default server, display logins successfully instruction, completes the certification for treating authentication information, so that carrying out based on private key
After primary authentification of message, it can also be dynamically generated dynamic key and carry out secondary authentification of message, so that criminal is only
Server can not be logged on to by getting private key, improve the safety of server in software systems.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
It can the limitation present invention.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows and meets implementation of the invention
Example, and be used to explain the principle of the present invention together with specification.
Fig. 1 is a kind of flow chart of information authentication method shown according to an exemplary embodiment;
Fig. 2A is a kind of flow chart of information authentication method shown according to an exemplary embodiment;
Fig. 2 B is a kind of schematic diagram of information authentication method shown according to an exemplary embodiment;
Fig. 2 C is a kind of flow chart of information authentication method shown according to an exemplary embodiment;
Fig. 3 A is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 3 B is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 3 C is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 3 D is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 3 E is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 3 F is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 3 G is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment;
Fig. 4 is a kind of block diagram of information authenticating apparatus 400 shown according to an exemplary embodiment.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistented with the present invention.On the contrary, they be only with it is such as appended
The example of device and method being described in detail in claims, some aspects of the invention are consistent.
Fig. 1 is a kind of flow chart of information authentication method shown according to an exemplary embodiment, as shown in Figure 1, the party
Method includes the following steps.
In a step 101, based on the information to be certified received, Public key is determined, by Public key and private key
It is matched, information to be certified includes at least private key and address identifies.
In a step 102, if Public key and private key successful match, dynamic key is generated, obtains registrant
The user identifier of input, the equipment that dynamic key is sent to user identifier instruction.
In step 103, when detecting the key to be verified of registrant's input, by dynamic key and key to be verified into
Row matching.
At step 104, it if dynamic key and key agreement to be verified, is identified based on address, determines default service
Device, default server are that address identifies any server having at least one server of logon rights.
In step 105, default server is logged on to, display logins successfully instruction, completes the certification for treating authentication information.
Method provided in an embodiment of the present invention determines Public key based on the information to be certified received, by Public key
It is matched with private key, if Public key and private key successful match, generates dynamic key, it is defeated to obtain registrant
The user identifier entered, the equipment that dynamic key is sent to user identifier instruction, and work as and detect the to be verified of registrant's input
When key, dynamic key is matched with key to be verified, if dynamic key and key agreement to be verified, is based on address
Mark, determines default server, logs on to default server, and display logins successfully instruction, completes the certification for treating authentication information,
So that can also be dynamically generated dynamic key after carrying out primary authentification of message based on private key and carry out secondary information
Certification, so that criminal only gets private key and can not log on to server, improves in software systems and services
The safety of device.
In another embodiment, based on the information to be certified received, Public key is determined, by Public key and private
Before key is matched, method further include:
It determines at least one server for allowing registrant to access, for address mark distribution logon rights, address is identified
Storage corresponding at least one server address of at least one server;
Configuring cipher key generates software, the running environment that key generates software is changed to default running environment, key generates
Software is at least interaction shell environment for generating dynamic key, default running environment;
Distribution log folder is identified for address, log folder is accessed in record screen software, log folder is for depositing
The historical operation record of registrant is stored up, record screen software is used to obtain the historical operation record of registrant.
In another embodiment, based on the information to be certified received, Public key is determined, by Public key and private
Before key is matched, method further include:
It determines at least one server for allowing registrant to access, for address mark distribution logon rights, address is identified
Storage corresponding at least one server address of at least one server;
Configuring cipher key generates software, the running environment that key generates software is changed to default running environment, key generates
Software is at least interaction shell environment for generating dynamic key, default running environment;
Distribution log folder is identified for address, log folder is accessed in record screen software, log folder is for depositing
The historical operation record of registrant is stored up, record screen software is used to obtain the historical operation record of registrant.
In another embodiment, the key generation software is at least authenticator Authenticator client, described
Key generates software and runs on re-authentication system, and the re-authentication system is at least authenticator open source Authenticator
Open Source system.
In another embodiment, based on the information to be certified received, Public key is determined, by Public key and private
After key is matched, method further include:
If Public key is with private key, it fails to match, stops current process, display login failure instruction.
In another embodiment, when detect registrant input key to be verified when, by dynamic key with it is to be verified
After key is matched, method further include:
If dynamic key and key to be verified are inconsistent, stop current process, display login failure instruction.
In another embodiment, method further include:
After detecting that registrant successfully logs in default server, starting record screen software;
The operation behavior of registrant is recorded based on record screen software, generates historical operation record and recording time;
Shield software based on record, historical operation record and recording time correspondence are stored to log folder.
In another embodiment, method further include:
Log query request is received, log query request includes at least recording time to be checked and address to be checked identifies;
It obtains address to be checked and identifies corresponding log folder to be checked, obtained in log folder to be checked to be checked
Ask the specified historical operation record of recording time instruction;
It is ordered based on projection, specified historical operation record is shown, projection order is at least file playback
Scriptreplay order.
All the above alternatives can form alternative embodiment of the invention using any combination, herein no longer
It repeats one by one.
Fig. 2A is a kind of flow chart of information authentication method shown according to an exemplary embodiment, as shown in Figure 2 A, should
Method includes the following steps.
In step 201, it determines at least one server for allowing registrant to access, logs in power for address mark distribution
Limit, by the storage corresponding at least one server address of at least one server of address mark.
In embodiments of the present invention, it was recognized by the inventor that for different registrants, in the clothes for carrying out software systems
When business device logs in, the server for being allowed to log in is different, namely the server access permission that different registrants have is not
With.In order to determine the multiple servers for allowing registrant to access, avoid occurring when registrant requests to carry out server log
Registrant logs on in its server without permission, leads to the case where data are stolen in server, can be to step on
Record person distributes logon rights, and after the subsequent Information Authentication to be certified success to registrant, registrant is allowed to log on to its tool
It is operated in the server having permission.
For registrant, the address mark of registrant is fixed under normal conditions, certain can be commonly used in registrant
One fixed address mark accesses to server, therefore, when carrying out logon rights distribution for registrant, can be based on stepping on
The address mark of record person is allocated.Wherein, address mark can request the IP of the equipment used when login service device for registrant
Address.When distributing logon rights for registrant, first determine that the address for allowing registrant to provide identifies at least one logged in and takes
Business device;It is then determined that at least one server address of at least one server, at least one server by address mark
The corresponding storage in location, and then complete to be address mark distribution logon rights, to make subsequent to be identified according to the address received
Determine that the address identifies at least one accessible server address.During practical application, it can be generated shown in table 1
Authority distribution list, store at least one server address is corresponding with address mark into authority distribution list, and will power
Limit distribution list is stored into database, and it is right between at least one server address that the embodiment of the present invention identifies storage address
The mode that should be related to is without specifically limiting.
Table 1
It should be noted that since the equipment of each registrant is stored with the private key of registrant, and authentification of message
It is stored in system for carrying out matched Public key with private key, therefore, in order to guarantee the peace stored to logon rights
Quan Xing can be using Public key at least one clothes when by least one server address with address mark corresponding storage
Corresponding relationship between business device address and address mark is encrypted, for example, if based on authority distribution list storage at least one
Corresponding relationship can be adopted then when storing authority distribution list into database between a server address and address mark
Authority distribution list is encrypted with Public key, and encrypted authority distribution list is stored into database.
In step 202, configuring cipher key generates software, and the running environment that key generates software is changed to default operation ring
Border, key generate software and are at least shell environment for generating dynamic key, default running environment.
In embodiments of the present invention, since the private key of registrant is stored in local, exist and stolen by criminal
Therefore risk is configured with key in authentification of message system and generates software, to use private key in subsequent login person
When being proved to be successful, Software Create dynamic key is generated based on key, registrant is verified again, ensure that in software systems
The safety of server.Wherein, it can be the Authenticator being mounted in Android (Android) system that key, which generates software,
(authenticator) client, Authenticator client run on re-authentication system, and re-authentication system can be
Authenticator Open Source (authenticator open source) system.
When configuring cipher key generates software, in order to guarantee that key generates the normal operation of software, need to generate key soft
The running environment of part is changed to default running environment.Wherein, default running environment can be shell (interaction) environment, shell environment
It can be the integrated script of the script (script) write and logger (logger).
In step 203, it is address mark distribution log folder, log folder is accessed in record screen software, log
File is used to store the historical operation record of registrant, and record screen software is used to obtain the historical operation record of registrant.
In embodiments of the present invention, due to the operation row after needing to log on to registrant server during subsequent
To be recorded, generation historical operation record is subsequent when searching historical operation record in order to make, can be according to specified registrant
The address mark of offer determines corresponding historical operation record, to specify a system of the registrant after logging on to server to this
Column operation behavior is checked, and can be the address mark distribution log folder of each registrant, and then incite somebody to action subsequent therefore
Collected historical operation record is stored in corresponding log folder, to exist according to the historical operation record to registrant
Operation behavior in server is checked, and the safety of server is improved.
Wherein, record screen software can be the record screen software in linux (multi-threaded operating system) system, can also for based on
CentOS (Community Enterprise Operating System, community's Enterprise Operation System) system carries software
The record screen function of script.If record screen software is the record screen function of carrying software script based on CentOS system, log
File can be realized based on logger function, so that installation, the maintenance to record screen software are simple, and occupy less system fortune
Row resource.
In step 204, when receiving information to be certified, address mark is extracted in information to be certified, inquires and obtains
Public key corresponding with address mark is taken, private key is extracted in information to be certified, information to be certified includes at least private
Key and address mark.
In embodiments of the present invention, in order to get the information to be certified of registrant, authentification of message system can taken
Server log entrance is set in the terminal of load.When detecting that registrant triggers the server log entrance, display includes ground
Location identify input frame, private key input frame and confirming button the information input page, when detect user trigger the determination by
When button, determination receives information to be confirmed, extracts address in the mark data frame of address and identifies, mentions in private key data frame
Private key is taken, determines Public key to identify based on address, and match private key and Public key subsequent,
It is verified to treat authentication information.
Wherein, it is stored with Public key corresponding with the private key of registrant in authentification of message system, is stepped on extracting
After the address mark of record person, can be inquired based on address mark, inquire corresponding with address mark Public key, so as to by
Public key is matched with private key, is authenticated to treat authentication information.
In step 205, Public key and private key are matched, if Public key matches mistake with private key
It loses, then executes following step 206;If Public key and private key successful match, execute following step 207.
In embodiments of the present invention, when determined address identify corresponding public-key cryptographic keys after, by Public key with it is to be certified
The private key that information carries is matched, and is treated verification information with this and is verified, if Public key and private key
With failure, then it represents that registrant input information to be verified in private key be it is wrong, registrant can not log on to service
Device, namely execute following step 206;If Public key and private key successful match, then it represents that registrant inputs to be tested
Private key in card information is correctly, to need further to verify registrant, namely execute following step 207.
In step 206, if Public key is with private key, it fails to match, stops current process, and display, which logs in, loses
Lose instruction.
In embodiments of the present invention, if Public key is with private key, it fails to match, then it represents that registrant input to
Private key in verification information be it is wrong, registrant may be criminal, do not allow registrant to log on in server,
Therefore, stop current process, and show that login failure instructs, so as to the authentification of message failure for reminding registrant current.
During practical application, when showing login failure instruction, letter can also be shown in login failure instruction
The page link for ceasing input page, so that registrant accesses the page link, and then re-enters ground in the information input page
Location mark and private key.The embodiment of the present invention is to the mode of display login failure instruction without specifically limiting.
In step 207, if Public key and private key successful match, dynamic key is generated, obtains registrant
The user identifier of input, the equipment that dynamic key is sent to user identifier instruction.
In embodiments of the present invention, if Public key and private key successful match, then it represents that registrant's input to
Private key in verification information is correctly, to need further to verify registrant, and then determine whether to step on
Record person logs on to server, in this way, just needing to generate dynamic key, is further tested based on dynamic key registrant
Card.Wherein, dynamic key can be the one time key with the time limit that Software Create is generated by key, for example, the time limit can be 30
Second, namely only in 30 seconds after dynamic key production the dynamic key be it is effective, if registrant is in dynamic key production
Not having to complete the verifying of dynamic key in 30 seconds afterwards, then the dynamic key fails, need to regenerate new dynamic key, and
It is authenticated based on new dynamic key.
Before generating dynamic key, dynamic key is sent to registrant in order to subsequent, can show that user identifier is defeated
Enter frame, the user identifier that registrant inputs in user identifier input frame is obtained, so that dynamic key is sent to user identifier
The equipment of input frame instruction, to guarantee that registrant can receive dynamic key.Wherein, user identifier can be cell-phone number
The mark such as code, user account, the embodiment of the present invention is to the type of user identifier without specifically limiting.
When the user identifier for getting registrant and after generate dynamic key, need dynamic key being sent to registrant,
So that registrant is in subsequent input dynamic key, so that the certification of authentication information is treated in completion.
In a step 208, when detecting the key to be verified of registrant's input, by dynamic key and key to be verified into
Row matching, if dynamic key and key to be verified are inconsistent, executes following step 209;If dynamic key with it is to be verified
Key agreement then executes following step 210.
In embodiments of the present invention, when the equipment for generating dynamic key and dynamic key being sent to user identifier instruction
Afterwards, authentification of message system can show dynamic key input page in its terminal mounted, in dynamic key incoming page
Dynamic key input frame is shown in face, when detecting that registrant inputs key to be verified in dynamic key input frame, is then obtained
The key to be verified is taken, the dynamic key for being sent to registrant's equipment is compared with the key to be verified that registrant inputs,
If dynamic key and key to be verified are inconsistent, then it represents that registrant may not receive dynamic key really, the login
Person can not log on in server, namely execute following step 209;If dynamic key and key agreement to be verified, then it represents that
Registrant really receives the dynamic key, which can log on in server, namely executes following step 210.
In step 209, if dynamic key and key to be verified are inconsistent, stop current process, display, which logs in, loses
Lose instruction.
In embodiments of the present invention, if dynamic key and key to be verified are inconsistent, then it represents that registrant may be not
Dynamic key really is received, at this moment, stops current process, registrant is not allowed to log on to server, display login failure refers to
It enables, to prompt the current login failure of registrant.
During practical application, it is contemplated that in input input error may occur for registrant, and then cause to authenticate
Therefore failure when showing login failure instruction, can carry dynamic key in login failure instruction and retransmit button, if
When detecting that registrant triggers dynamic key repeating transmission button, new dynamic key is regenerated, and again that new dynamic is close
The equipment that key is sent to user identifier instruction, while dynamic key input page is jumped to, to be based on dynamic key again
Input page authenticates the key to be verified that registrant inputs.
In step 210, it if dynamic key and key agreement to be verified, is identified based on address, determines default service
Device, default server are that address identifies any server having at least one server of logon rights.
In embodiments of the present invention, if dynamic key and key agreement to be verified, then it represents that registrant is currently allowed to
Log on in the server of software systems.Since each address identifies corresponding multiple servers namely the possible quilt of each registrant
Allow to log on in multiple servers, and registrant is only capable of logging on to every time in a server, therefore, for each address label
It for knowledge, is identified in the address and chooses any server in corresponding multiple servers as default server, in this way, when passing through
Verifying dynamic key and key to be verified determine when registrant being allowed to log on to server, can be directly logged onto default service
Device.The embodiment of the present invention is to the mode of selection default server without specifically limiting.
In step 211, default server is logged on to, display logins successfully instruction, completes the certification for treating authentication information.
In embodiments of the present invention, after logging on to default server, it can show and login successfully instruction, to log in
Person or the certification success for currently treating verification information, registrant can carry out corresponding operation in default server.
In the step 212, after detecting that registrant successfully logs in default server, starting record screen software, based on record screen
Software records the operation behavior of registrant, generates historical operation record and recording time.
In the present invention is implemented, after detecting that registrant is successfully logged onto default server, in order to stepped on to registrant
Operation after recording default server is monitored, and when so as to subsequent breaking down, is logging on to default server to registrant
Sequence of operations afterwards is checked, therefore, after detecting that registrant is successfully logged onto default server, to registrant silent
The operation behavior recognized in server is recorded.
When recording to the operation that registrant executes in default server, record screen software can star, based on record
Screen software records operation behavior of the registrant after logging on to default server, and then generates historical operation record and record
Time processed.Wherein, the historical operation record of generation can be the record of video type, after generating historical operation record, in order to
Historical operation record to be checked can be determined based on the recording time to be checked received and address to be checked mark subsequent, it can
With the address mark recorded based on the recording time and historical operation record that generate historical operation record, to historical operation record
It is named.For example, with reference to Fig. 2 B, historical operation record filename shown in Fig. 2 B can be generated, wherein timing is for referring to
Show that the recording time for generating historical operation record, typescript are used to indicate the address mark that historical operation record is recorded,
The embodiment of the present invention is to the mode of name historical operation record without specifically limiting.
In step 213, based on record screen software, historical operation record and recording time correspondence are stored to journal file
Folder.
In embodiments of the present invention, due to that setting can be identified with address in record screen software when screen software is recorded in initialization
The corresponding log folder that the historical operation record generated is identified for storing the address, therefore, when based on record screen software life
After historical operation record, corresponding store to the address of registrant mark of historical operation record and recording time can recorded
Shield in software in corresponding log folder.
It should be noted that in the follow-up process may generating system failure or some login in authentification of message system
There are person the data in the server of permission mistake may occur, and in order to check to these system failures and mistake, need
The historical operation record that some address mark is obtained in some time carries out malfunction elimination, in this way, C referring to fig. 2, it can be by holding
Row following step 214 to process shown in step 216 is realized.
In step 214, log query request is received, address to be checked is obtained and identifies corresponding journal file to be checked
Folder, log query request includes at least recording time to be checked and address to be checked identifies.
In embodiments of the present invention, since different address marks corresponds to different log folders, and log folder
In historical operation record be to be stored according to recording time, therefore, when registrant needs to the history at a certain moment behaviour
It notes down when being checked, needs to provide address mark to be checked and recording time to be checked in log query request.Wherein,
Authentification of message system can provide record queries entrance in the terminal that it is carried, when detecting that registrant triggers the record queries
When entrance, display includes address mark input frame, recording time input frame and the query page for determining key;It is logged in when detecting
When person triggers determining key, the log query request for receiving registrant is determined, obtain the content work in the mark input frame of address
For address to be checked mark, the content in recording time input frame is obtained as recording time to be checked, and is determined to be checkedly
Location identifies corresponding log folder to be checked, to determine the historical operation for needing to obtain note in log folder to be checked
Record.
In step 215, the specified historical operation of recording time instruction to be checked is obtained in log folder to be checked
Record.
In embodiments of the present invention, since the historical operation record in log folder is all based on address mark and records
What the time was named, therefore, when the journal file to be checked of mark instruction in address to be checked in log query request has been determined
After folder, can include in log folder to be checked according to the recording time to be checked extracted in log query is requested
At least one historical operation record in inquiry name in include recording time to be checked historical operation record, which is grasped
It notes down as specified historical operation record, and obtains the specified historical operation record.
In the step 216, based on projection order, specified historical operation record is shown, projection order is at least text
Part plays back scriptreplay order.
In embodiments of the present invention, after historical operation record has been determined, since historical operation record is based on record screen software
It generates, so that historical operation record is the record of video type, therefore, historical operation record can be carried out based on projection order
Projection, is checked to be logged on to the operation behavior after server to registrant based on the historical operation record.
It should be noted that, when receiving log query request, can be based on above-mentioned during practical application
Process in step 214 to step 216 carries out the inquiry of historical operation record;If not receiving log query request,
Above-mentioned steps 214 can not be executed to the process described in step 216.
Method provided in an embodiment of the present invention determines Public key based on the information to be certified received, by Public key
It is matched with private key, if Public key and private key successful match, generates dynamic key, it is defeated to obtain registrant
The user identifier entered, the equipment that dynamic key is sent to user identifier instruction, and work as and detect the to be verified of registrant's input
When key, dynamic key is matched with key to be verified, if dynamic key and key agreement to be verified, is based on address
Mark, determines default server, logs on to default server, and display logins successfully instruction, completes the certification for treating authentication information,
So that can also be dynamically generated dynamic key after carrying out primary authentification of message based on private key and carry out secondary information
Certification, so that criminal only gets private key and can not log on to server, improves in software systems and services
The safety of device.
Fig. 3 A is a kind of block diagram of information authenticating apparatus shown according to an exemplary embodiment.Referring to Fig. 3 A, the device
Including the first matching module 301, generation module 302, the second matching module 303, determining module 304 and login module 305.
First matching module 301, for determining Public key based on the information to be certified received, by Public key
It is matched with private key, information to be certified includes at least private key and address identifies;
The generation module 302 obtains if generating dynamic key for Public key and private key successful match
The user identifier of registrant's input, the equipment that dynamic key is sent to user identifier instruction;
Second matching module 303, for when detect registrant input key to be verified when, by dynamic key with to
Authentication secret is matched;
The determining module 304 is determined silent if identified for dynamic key and key agreement to be verified based on address
Recognize server, default server is that address identifies any server having at least one server of logon rights;
The login module 305, for logging on to default server, display logins successfully instruction, and authentication information is treated in completion
Certification.
Device provided in an embodiment of the present invention determines Public key based on the information to be certified received, by Public key
It is matched with private key, if Public key and private key successful match, generates dynamic key, it is defeated to obtain registrant
The user identifier entered, the equipment that dynamic key is sent to user identifier instruction, and work as and detect the to be verified of registrant's input
When key, dynamic key is matched with key to be verified, if dynamic key and key agreement to be verified, is based on address
Mark, determines default server, logs on to default server, and display logins successfully instruction, completes the certification for treating authentication information,
So that can also be dynamically generated dynamic key after carrying out primary authentification of message based on private key and carry out secondary information
Certification, so that criminal only gets private key and can not log on to server, improves in software systems and services
The safety of device.
In another embodiment, referring to Fig. 3 B, which further includes authority distribution module 306, software configuration module 307
With folder allocation module 308.
The authority distribution module 306, for determining at least one server for allowing registrant to access, for address mark point
With logon rights, by the storage corresponding at least one server address of at least one server of address mark;
The software configuration module 307 generates software for configuring cipher key, the running environment that key generates software is changed to
Default running environment, key generates software and is at least interaction shell environment for generating dynamic key, default running environment;
This document presss from both sides distribution module 308, and for distributing log folder for address mark, log folder is accessed record screen
In software, log folder is used to store the historical operation record of registrant, and record screen software is used to obtain the history behaviour of registrant
It notes down.
In another embodiment, the key generation software is at least authenticator Authenticator client, described
Key generates software and runs on re-authentication system, and the re-authentication system is at least authenticator open source Authenticator
Open Source system.
In another embodiment, referring to Fig. 3 C, first matching module 301, including extracting sub-module 3011, inquiry
Module 3012 and matched sub-block 3013.
The extracting sub-module 3011, for extracting address mark in information to be certified when receiving information to be certified;
The inquiry submodule 3012, for inquiring and obtaining Public key corresponding with address mark;
The matched sub-block 3013, for extracting private key in information to be certified, by Public key and private key
It is matched.
In another embodiment, referring to Fig. 3 D, which further includes the first failure module 309.
The first failure module 309 stops current process if it fails to match with private key for Public key,
Show login failure instruction.
In another embodiment, referring to Fig. 3 E, which further includes the second failure module 310.
If the second failure module 310 stops current process inconsistent for dynamic key and key to be verified,
Show login failure instruction.
In another embodiment, referring to Fig. 3 F, which further includes starting module 311, records module 312 and storage mould
Block 313.
The starting module 311, for after detecting that registrant successfully logs in default server, software to be shielded in starting record;
The recording module 312 generates historical operation for recording based on record screen software to the operation behavior of registrant
Record and recording time;
The memory module 313, for based on record screen software, historical operation record and recording time correspondence to be stored to log
File.
In another embodiment, referring to Fig. 3 G, which further includes receiving module 314, obtains module 315 and projection mould
Block 316.
The receiving module 314, for receiving log query request, log query request includes at least recording time to be checked
And address mark to be checked;
The acquisition module 315 identifies corresponding log folder to be checked for obtaining address to be checked, in day to be checked
The specified historical operation record of recording time instruction to be checked is obtained in will file;
The projection module 316, for being shown to specified historical operation record based on projection order, projection order is extremely
It is less file playback scriptreplay order.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
Fig. 4 is a kind of block diagram of information authenticating apparatus 400 shown according to an exemplary embodiment.For example, device 400 can
To be mobile phone, computer, digital broadcasting terminal, messaging device, game console, tablet device, Medical Devices are good for
Body equipment, personal digital assistant etc..
Referring to Fig. 4, device 400 may include following one or more components: processing component 402, memory 404, power supply
Component 406, multimedia component 408, audio component 410, the interface 412 of I/O (Input/Output, input/output), sensor
Component 414 and communication component 416.
The integrated operation of the usual control device 400 of processing component 402, such as with display, telephone call, data communication, phase
Machine operation and record operate associated operation.Processing component 402 may include that one or more processors 420 refer to execute
It enables, to perform all or part of the steps of the methods described above.In addition, processing component 402 may include one or more modules, just
Interaction between processing component 402 and other assemblies.For example, processing component 402 may include multi-media module, it is more to facilitate
Interaction between media component 408 and processing component 402.
Memory 404 is configured as storing various types of data to support the operation in device 400.These data are shown
Example includes the instruction of any application or method for operating on device 400, contact data, and telephone book data disappears
Breath, picture, video etc..Memory 404 can be by any kind of volatibility or non-volatile memory device or their group
It closes and realizes, such as SRAM (Static Random Access Memory, static random access memory), EEPROM
(Electrically-Erasable Programmable Read-Only Memory, the read-only storage of electrically erasable
Device), EPROM (Erasable Programmable Read Only Memory, Erasable Programmable Read Only Memory EPROM), PROM
(Programmable Read-Only Memory, programmable read only memory), and ROM (Read-Only Memory, it is read-only to deposit
Reservoir), magnetic memory, flash memory, disk or CD.
Power supply module 406 provides electric power for the various assemblies of device 400.Power supply module 406 may include power management system
System, one or more power supplys and other with for device 400 generate, manage, and distribute the associated component of electric power.
Multimedia component 408 includes the screen of one output interface of offer between described device 400 and user.One
In a little embodiments, screen may include LCD (Liquid Crystal Display, liquid crystal display) and TP (Touch
Panel, touch panel).If screen includes touch panel, screen may be implemented as touch screen, from the user to receive
Input signal.Touch panel includes one or more touch sensors to sense the gesture on touch, slide, and touch panel.Institute
The boundary of a touch or slide action can not only be sensed by stating touch sensor, but also be detected and the touch or slide phase
The duration and pressure of pass.In some embodiments, multimedia component 408 includes that a front camera and/or postposition are taken the photograph
As head.When device 400 is in operation mode, such as in a shooting mode or a video mode, front camera and/or rear camera can
With the multi-medium data outside reception.Each front camera and rear camera can be a fixed optical lens system
Or there are focusing and optical zoom capabilities.
Audio component 410 is configured as output and/or input audio signal.For example, audio component 410 includes a MIC
(Microphone, microphone), when device 400 is in operation mode, such as call mode, recording mode, and voice recognition mode
When, microphone is configured as receiving external audio signal.The received audio signal can be further stored in memory 404
Or it is sent via communication component 416.In some embodiments, audio component 410 further includes a loudspeaker, for exporting audio
Signal.
I/O interface 412 provides interface between processing component 402 and peripheral interface module, and above-mentioned peripheral interface module can
To be keyboard, click wheel, button etc..These buttons may include, but are not limited to: home button, volume button, start button and lock
Determine button.
Sensor module 414 includes one or more sensors, and the state for providing various aspects for device 400 is commented
Estimate.For example, sensor module 414 can detecte the state that opens/closes of equipment 400, the relative positioning of component, such as component
For the display and keypad of device 400, sensor module 414 can be with the position of 400 1 components of detection device 400 or device
Set change, the existence or non-existence that user contacts with device 400, the temperature in 400 orientation of device or acceleration/deceleration and device 400
Variation.Sensor module 414 may include proximity sensor, be configured to detect without any physical contact near
The presence of object.Sensor module 414 can also include optical sensor, such as CMOS (Complementary Metal Oxide
Semiconductor, complementary metal oxide) or CCD (Charge-coupled Device, charge coupled cell) image biography
Sensor, for being used in imaging applications.In some embodiments, which can also include acceleration sensing
Device, gyro sensor, Magnetic Sensor, pressure sensor or temperature sensor.
Communication component 416 is configured to facilitate the communication of wired or wireless way between device 400 and other equipment.Device
400 can access the wireless network based on communication standard, such as WiFi, 2G or 3G or their combination.In an exemplary implementation
In example, communication component 416 receives broadcast singal or broadcast related information from external broadcasting management system via broadcast channel.
In one exemplary embodiment, the communication component 416 further includes that (Near Field Communication, near field are logical by NFC
Letter) module, to promote short range communication.For example, RFID (Radio Frequency can be based in NFC module
Identification, radio frequency identification) technology, IrDA (Infra-red Data Association, Infrared Data Association) skill
Art, UWB (Ultra Wideband, ultra wide band) technology, BT (Bluetooth, bluetooth) technology and other technologies are realized.
In the exemplary embodiment, device 400 can be by one or more ASIC (Application Specific
Integrated Circuit, application specific integrated circuit), DSP (Digital signal Processor, at digital signal
Manage device), DSPD (Digital signal Processor Device, digital signal processing appts), PLD (Programmable
Logic Device, programmable logic device), FPGA) (Field Programmable Gate Array, field programmable gate
Array), controller, microcontroller, microprocessor or other electronic components realize, for executing above- mentioned information authentication method.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided
It such as include the memory 404 of instruction, above-metioned instruction can be executed by the processor 420 of device 400 to complete the above method.For example,
The non-transitorycomputer readable storage medium can be ROM, RAM (Random Access Memory, random access memory
Device), CD-ROM (Compact Disc Read-Only Memory, compact disc read-only memory), tape, floppy disk and light data deposit
Store up equipment etc..
A kind of computer equipment can be run on a memory and on a processor including memory, processor and storage
Computer executable instructions, the processor realize above-mentioned information authentication method when executing the computer executable instructions.
A kind of readable storage medium storing program for executing, when the instruction in the storage medium is executed by the processor of data transfer apparatus,
So that data transfer apparatus is able to carry out above- mentioned information authentication method.
A1, a kind of information authentication method, which is characterized in that the described method includes:
Based on the information to be certified received, Public key is determined, the Public key and private key are matched,
The information to be certified includes at least private key and address identifies;
If the Public key and the private key successful match generate dynamic key, registrant's input is obtained
User identifier, the equipment that the dynamic key is sent to user identifier instruction;
When detecting the key to be verified of registrant input, by the dynamic key and the key to be verified into
Row matching;
If the dynamic key and the key agreement to be verified are identified based on the address, determine default service
Device, the default server are that the address identifies any server having at least one server of logon rights;
The default server is logged on to, display logins successfully instruction, completes the certification to the information to be certified.
A2, the method according to claim 1, wherein described based on the information to be certified received, determine
Public key, before the Public key and private key are matched, the method also includes:
It determines at least one the described server for allowing the registrant to access, logs in power for address mark distribution
Limit, by the storage corresponding at least one server address of at least one server of address mark;
Configuring cipher key generates software, and the running environment that the key generates software is changed to default running environment, described
Key generates software and is at least interaction shell environment for generating the dynamic key, the default running environment;
Distribution log folder is identified for the address, the log folder is accessed in record screen software, the log
File is used to store the historical operation record of the registrant, and the record screen software is used to obtain the history behaviour of the registrant
It notes down.
A3, according to the method described in claim 2, it is characterized in that, the key generate software be at least authenticator
Authenticator client, the key generate software and run on re-authentication system, and the re-authentication system is at least
Authenticator open source Authenticator Open Source system.
A4, the method according to claim 1, wherein described based on the information to be certified received, determine
Public key, the Public key and private key, which are carried out matching, includes:
When receiving the information to be certified, the address mark is extracted in the information to be certified;
It inquires and obtains Public key corresponding with address mark;
The private key is extracted in the information to be certified, by the Public key and private key progress
Match.
A5, the method according to claim 1, wherein described based on the information to be certified received, determine
Public key, after the Public key and private key are matched, the method also includes:
If the Public key is with the private key, it fails to match, stops current process, and display login failure refers to
It enables.
A6, the method according to claim 1, wherein it is described when detect registrant input to
When authentication secret, after the dynamic key is matched with the key to be verified, the method also includes:
If the dynamic key and the key to be verified are inconsistent, stop current process, display login failure refers to
It enables.
A7, the method according to claim 1, wherein the method also includes:
After detecting that the registrant successfully logs in the default server, starting record screen software;
Based on the record screen software operation behavior of the registrant is recorded, generate the historical operation record and
Recording time;
Shield software based on the record, the historical operation record and the recording time are corresponded to and stored to the log text
Part folder.
A8, the method according to claim 1, wherein the method also includes:
Log query request is received, the log query request includes at least recording time to be checked and address label to be checked
Know;
It obtains the address to be checked and identifies corresponding log folder to be checked, in the log folder to be checked
Obtain the specified historical operation record of the recording time instruction to be checked;
It is ordered based on projection, the specified historical operation record is shown, the projection order is at least file and returns
Put scriptreplay order.
A9, a kind of information authenticating apparatus, which is characterized in that described device includes:
First matching module, for determining Public key based on the information to be certified received, by the Public key and
Private key is matched, and the information to be certified includes at least private key and address identifies;
Generation module, if generating dynamic key for the Public key and the private key successful match, obtaining
The user identifier for taking registrant to input, the equipment that the dynamic key is sent to the user identifier instruction;
Second matching module, for when detecting the key to be verified of registrant input, by the dynamic key
It is matched with the key to be verified;
Determining module, if identified for the dynamic key and the key agreement to be verified based on the address,
Determine that default server, the default server are that address mark has appointing at least one server of logon rights
One server;
Login module, for logging on to the default server, display logins successfully instruction, completes to the letter to be certified
The certification of breath.
A10, device according to claim 9, which is characterized in that described device further include:
Authority distribution module allows at least one server described in registrant's access for determining, for describedly
Location mark distribution logon rights, the address are identified corresponding at least one server address of at least one server
Storage;
Software configuration module generates software for configuring cipher key, the running environment that the key generates software is changed to
Default running environment, the key generates software for generating the dynamic key, and the default running environment, which is at least, to be interacted
Shell environment;
Folder allocation module accesses the log folder for distributing log folder for address mark
In record screen software, the log folder is used to store the historical operation record of the registrant, and the record screen software is for obtaining
Take the historical operation record of the registrant.
A11, device according to claim 10, which is characterized in that the key generates software and is at least authenticator
Authenticator client, the key generate software and run on re-authentication system, and the re-authentication system is at least
Authenticator open source Authenticator Open Source system.
A12, device according to claim 9, which is characterized in that first matching module includes:
Extracting sub-module, for being extracted describedly in the information to be certified when receiving the information to be certified
Location mark;
Submodule is inquired, for inquiring and obtaining Public key corresponding with address mark;
Matched sub-block, for extracting the private key in the information to be certified, by the Public key and institute
Private key is stated to be matched.
A13, device according to claim 9, which is characterized in that described device further include:
First failure module stops current stream if it fails to match with the private key for the Public key
Journey, display login failure instruction.
A14, device according to claim 9, which is characterized in that described device further include:
Second failure module stops current stream if inconsistent for the dynamic key and the key to be verified
Journey, display login failure instruction.
A15, device according to claim 9, which is characterized in that described device further include:
Starting module, for after detecting that the registrant successfully logs in the default server, software to be shielded in starting record;
Module is recorded, for recording based on record screen software to the operation behavior of the registrant, described in generation
Historical operation record and recording time;
Memory module deposits the historical operation record and recording time correspondence for shielding software based on the record
It stores up to the log folder.
A16, device according to claim 9, which is characterized in that described device further include:
Receiving module, for receiving log query request, the log query request includes at least recording time to be checked
And address mark to be checked;
Module is obtained, corresponding log folder to be checked is identified for obtaining the address to be checked, described to be checked
Ask the specified historical operation record that the recording time instruction to be checked is obtained in log folder;
Module is shown, for being shown to the specified historical operation record based on projection order, the projection order
At least file playback scriptreplay order.
A17, a kind of computer equipment, including memory, processor and storage can transport on a memory and on a processor
Capable computer executable instructions, which is characterized in that the processor realizes right when executing the computer executable instructions
It is required that the described in any item information authentication methods of 1-8.
A18, a kind of readable storage medium storing program for executing, which is characterized in that instruction, described instruction are stored on the readable storage medium storing program for executing
It is executed by processor to complete the described in any item information authentication methods of claim 1-8.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or
Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (10)
1. a kind of information authentication method, which is characterized in that the described method includes:
Based on the information to be certified received, Public key is determined, the Public key and private key are matched, it is described
Information to be certified includes at least private key and address identifies;
If the Public key and the private key successful match generate dynamic key, the use of registrant's input is obtained
Family mark, the equipment that the dynamic key is sent to the user identifier instruction;
When detecting the key to be verified of registrant's input, by the dynamic key and the key progress to be verified
Match;
If the dynamic key and the key agreement to be verified are identified based on the address, determine default server, institute
Stating default server is that the address identifies any server having at least one server of logon rights;
The default server is logged on to, display logins successfully instruction, completes the certification to the information to be certified.
2. determining public the method according to claim 1, wherein described based on the information to be certified received
Key, before the Public key and private key are matched, the method also includes:
Determine at least one the described server for allowing the registrant to access, it, will for address mark distribution logon rights
The address mark storage corresponding at least one server address of at least one server;
Configuring cipher key generates software, and the running environment that the key generates software is changed to default running environment, the key
It generates software and is at least interaction shell environment for generating the dynamic key, the default running environment;
Distribution log folder is identified for the address, the log folder is accessed in record screen software, the journal file
The historical operation record for storing the registrant is pressed from both sides, the record screen software is used to obtain the historical operation note of the registrant
Record.
3. according to the method described in claim 2, it is characterized in that, the key, which generates software, is at least authenticator
Authenticator client, the key generate software and run on re-authentication system, and the re-authentication system is at least
Authenticator open source Authenticator Open Source system.
4. determining public the method according to claim 1, wherein described based on the information to be certified received
Key, the Public key and private key, which are carried out matching, includes:
When receiving the information to be certified, the address mark is extracted in the information to be certified;
It inquires and obtains Public key corresponding with address mark;
The private key is extracted in the information to be certified, the Public key is matched with the private key.
5. determining public the method according to claim 1, wherein described based on the information to be certified received
Key, after the Public key and private key are matched, the method also includes:
If the Public key is with the private key, it fails to match, stops current process, display login failure instruction.
6. the method according to claim 1, wherein described ought detect the to be verified close of registrant's input
When key, after the dynamic key is matched with the key to be verified, the method also includes:
If the dynamic key and the key to be verified are inconsistent, stop current process, display login failure instruction.
7. the method according to claim 1, wherein the method also includes:
After detecting that the registrant successfully logs in the default server, starting record screen software;
The operation behavior of the registrant is recorded based on record screen software, generates the historical operation record and recording
Time;
Shield software based on the record, the historical operation record and recording time correspondence are stored to the journal file
Folder.
8. the method according to claim 1, wherein the method also includes:
Log query request is received, the log query request includes at least recording time to be checked and address to be checked identifies;
It obtains the address to be checked and identifies corresponding log folder to be checked, obtained in the log folder to be checked
The specified historical operation record of the recording time instruction to be checked;
It is ordered based on projection, the specified historical operation record is shown, the projection order is at least file playback
Scriptreplay order.
9. a kind of information authenticating apparatus, which is characterized in that described device includes:
First matching module, for determining Public key based on the information to be certified received, by the Public key and private
Key is matched, and the information to be certified includes at least private key and address identifies;
Generation module, if generating dynamic key, acquisition is stepped on for the Public key and the private key successful match
The user identifier of record person's input, the equipment that the dynamic key is sent to the user identifier instruction;
Second matching module, for when detecting the key to be verified of registrant input, by the dynamic key and institute
Key to be verified is stated to be matched;
Determining module is determined if identified for the dynamic key and the key agreement to be verified based on the address
Default server, the default server are that the address identifies any clothes having at least one server of logon rights
Business device;
Login module, for logging on to the default server, display logins successfully instruction, completes to the information to be certified
Certification.
10. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine executable instruction, which is characterized in that the processor realizes claim 1-8 when executing the computer executable instructions
Described in any item information authentication methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810564889.4A CN108989021A (en) | 2018-06-04 | 2018-06-04 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810564889.4A CN108989021A (en) | 2018-06-04 | 2018-06-04 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108989021A true CN108989021A (en) | 2018-12-11 |
Family
ID=64540017
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810564889.4A Pending CN108989021A (en) | 2018-06-04 | 2018-06-04 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108989021A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110585699A (en) * | 2019-09-11 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Control method, device and equipment of cloud game and storage medium |
| CN112749383A (en) * | 2019-10-29 | 2021-05-04 | 上海商汤智能科技有限公司 | Software authentication method and related product |
| CN112866296A (en) * | 2021-03-31 | 2021-05-28 | 中国工商银行股份有限公司 | Application online verification method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8271528B1 (en) * | 2008-07-25 | 2012-09-18 | United Services Automobile Association (Usaa) | Database for access control center |
| CN102970587A (en) * | 2012-12-02 | 2013-03-13 | 北京中科大洋科技发展股份有限公司 | Multi-user account realizing method suitable for OTT (Over The Top) internet television |
| CN103488793A (en) * | 2013-10-09 | 2014-01-01 | 韩金倡 | User behavior monitoring method based on information retrieval |
| CN104486346A (en) * | 2014-12-19 | 2015-04-01 | 北京奇艺世纪科技有限公司 | Stepping stone system |
| CN106330816A (en) * | 2015-06-17 | 2017-01-11 | 北京神州泰岳软件股份有限公司 | Method and system for logging in cloud desktop |
| CN106936817A (en) * | 2017-02-16 | 2017-07-07 | 上海帝联信息科技股份有限公司 | Operation execution method, springboard machine, cluster certificate server and fort machine system |
| CN107276823A (en) * | 2017-07-20 | 2017-10-20 | 国家电网公司 | O&M safety operation supervising device and method based on message scheduling monitoring system |
-
2018
- 2018-06-04 CN CN201810564889.4A patent/CN108989021A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8271528B1 (en) * | 2008-07-25 | 2012-09-18 | United Services Automobile Association (Usaa) | Database for access control center |
| CN102970587A (en) * | 2012-12-02 | 2013-03-13 | 北京中科大洋科技发展股份有限公司 | Multi-user account realizing method suitable for OTT (Over The Top) internet television |
| CN103488793A (en) * | 2013-10-09 | 2014-01-01 | 韩金倡 | User behavior monitoring method based on information retrieval |
| CN104486346A (en) * | 2014-12-19 | 2015-04-01 | 北京奇艺世纪科技有限公司 | Stepping stone system |
| CN106330816A (en) * | 2015-06-17 | 2017-01-11 | 北京神州泰岳软件股份有限公司 | Method and system for logging in cloud desktop |
| CN106936817A (en) * | 2017-02-16 | 2017-07-07 | 上海帝联信息科技股份有限公司 | Operation execution method, springboard machine, cluster certificate server and fort machine system |
| CN107276823A (en) * | 2017-07-20 | 2017-10-20 | 国家电网公司 | O&M safety operation supervising device and method based on message scheduling monitoring system |
Non-Patent Citations (2)
| Title |
|---|
| 代志勇等: "《ASP.NET动态网站开发技术实践教程》", 28 February 2011 * |
| 陈涛: "《关于运维安全管理系统的技术探讨——以堡垒机为例分析》", 《信息通信技术》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110585699A (en) * | 2019-09-11 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Control method, device and equipment of cloud game and storage medium |
| CN110917614A (en) * | 2019-09-11 | 2020-03-27 | 腾讯科技(深圳)有限公司 | Cloud game system based on block chain system and cloud game control method |
| CN112749383A (en) * | 2019-10-29 | 2021-05-04 | 上海商汤智能科技有限公司 | Software authentication method and related product |
| CN112866296A (en) * | 2021-03-31 | 2021-05-28 | 中国工商银行股份有限公司 | Application online verification method, device, equipment and storage medium |
| CN112866296B (en) * | 2021-03-31 | 2022-09-06 | 中国工商银行股份有限公司 | Application online verification method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10367817B2 (en) | Systems and methods for challengeless coauthentication | |
| CN102045367B (en) | Registration method and authentication server of real-name authentication | |
| US10027641B2 (en) | Method and apparatus of account login | |
| US9531710B2 (en) | Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication | |
| CN113114624B (en) | Identity authentication method and device based on biological characteristics | |
| US8914866B2 (en) | System and method for user authentication by means of web-enabled personal trusted device | |
| TWI668589B (en) | Identity registration method and device | |
| WO2017032263A1 (en) | Identity authentication method and apparatus | |
| US11030287B2 (en) | User-behavior-based adaptive authentication | |
| JP5727008B2 (en) | Operating system unlocking method and mobile phone | |
| US20140289509A1 (en) | System and method for delegating trust to a new authenticator | |
| US11057372B1 (en) | System and method for authenticating a user to provide a web service | |
| KR101451359B1 (en) | User account recovery | |
| CN104767616B (en) | A kind of information processing method, system and relevant device | |
| CN105791309B (en) | A kind of method, apparatus and system executing business processing | |
| TW201430607A (en) | Query system and method to determine authentication capabilities | |
| AU2005307724A2 (en) | Methods and systems for use in biomeiric authentication and/or identification | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN108989021A (en) | Information authentication method, device, computer equipment and readable storage medium storing program for executing | |
| CN108768991B (en) | Real person authentication method and system | |
| US10333707B1 (en) | Systems and methods for user authentication | |
| US11823194B2 (en) | Decentralized biometric authentication platform | |
| EP3443501A1 (en) | Account access | |
| US20170257364A1 (en) | Systems and methods for authentication using authentication votes | |
| JP2007183972A (en) | Authentication system and authentication proxy apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181211 |
|
| RJ01 | Rejection of invention patent application after publication |