Authentication method and system based on browser plug-in
Technical Field
The present application relates to the field of information authentication technologies, and in particular, to an authentication method and system based on a browser plug-in.
Background
In the process of preventing the system from being logged in without authorization, the user is usually required to input a private key and an account password or use a mobile phone and an App verification code to perform identity verification or identity re-verification.
At present, in the prior art, a user is usually required to input a fixed password or authentication information, and an attacker can forge an identity or attack a man-in-the-middle through a mode of intercepting an authentication credential.
To solve the above problem, further authentication measures may be applied at the transport layer or other business logic layer to reduce the possibility of theft of login credentials or man-in-the-middle attacks. However, these further authentication measures may bring cumbersome actions to the user, degrading the user experience.
Disclosure of Invention
An object of the embodiments of the present application is to provide an authentication method and system based on a browser plug-in, which can complete authentication of information without perception of a user, so as to improve information security and improve user experience.
In order to achieve the above object, an aspect of the present application provides an authentication method based on a browser plug-in, where a browser installed with a specified plug-in is provided, and the method includes:
when the designated plug-in carries out initialization configuration in the browser, inputting user information and a signature key of a user;
when a target site is accessed through the browser, an access request sent outwards by the browser is acquired;
generating signature information based on the signature key, and attaching the signature information and the user information to the access request;
and sending the access request attached with the signature information and the user information to a server of the target site.
Further, when the specified plug-in performs initial configuration in the browser, the method further includes:
entering a protected site list;
and the plug-in detects a current site accessed by the browser, and if the current site is in the protected site list, an access request sent to the current site is acquired through an application programming interface of the browser.
Further, attaching the signature information and the user information to the access request comprises:
and filling the signature information and the user information in a user-defined field in the access request.
Further, generating signature information based on the signing key comprises:
and according to a specified encryption algorithm, converting the signature key into signature information encrypted by the specified encryption algorithm.
Further, the method further comprises:
the server of the target site receives an access request sent by the browser and extracts the user information and the signature information from the access request;
acquiring a target signature key matched with the user information from a database based on the user information;
encrypting the target signature key according to the specified encryption algorithm to obtain target signature information;
and comparing the target signature information with the extracted signature information, and processing the access request according to a comparison result.
Further, the processing the access request according to the comparison result includes:
when the target signature information is consistent with the extracted signature information, allowing the browser to access the target site;
and when the target signature information is inconsistent with the extracted signature information, rejecting the access request.
On the other hand, the application also provides an authentication system based on the browser plug-in, the authentication system comprises a browser installed with a specified plug-in, and the authentication system further comprises:
the information input unit is used for inputting user information and a signature key of a user when the specified plug-in carries out initialization configuration in the browser;
an access request acquisition unit, configured to acquire an access request sent by the browser to the outside when a target site is accessed by the browser;
an information attaching unit, configured to generate signature information based on the signing key, and attach the signature information and the user information to the access request;
and an access request sending unit, configured to send the access request to which the signature information and the user information are attached to a server of the target site.
Further, the system further comprises:
the site list entry unit is used for entering a protected site list;
and the judging unit is used for controlling the plug-in to detect the current site accessed by the browser, and acquiring an access request sent to the current site through an application programming interface of the browser if the current site is in the protected site list.
Further, the information attaching unit includes:
and the encryption module is used for converting the signature key into the signature information encrypted by the specified encryption algorithm according to the specified encryption algorithm.
Further, the system further comprises:
an information extraction unit, configured to control a server of the target site to receive an access request sent by the browser, and extract the user information and the signature information from the access request;
the information matching unit is used for acquiring a target signature key matched with the user information from a database based on the user information;
the encryption unit is used for encrypting the target signature key according to the specified encryption algorithm to obtain target signature information;
and the comparison unit is used for comparing the target signature information with the extracted signature information and processing the access request according to a comparison result.
Therefore, the designated plug-in can be installed in the browser, and the signature key of the user can be pre-entered when the designated plug-in is initialized and configured. The designated plug-in may detect a site that the browser is about to visit. When the browser is about to send an access request to the server of the site, the access request may be intercepted and the signing information encrypted by the signing key may be appended to the access request. In this way, when the server of the site receives the access request, the signature information can be extracted from the access request, the signature key of the user stored locally is encrypted and then is compared with the extracted signature information, and if the signature key of the user stored locally is consistent with the signature key of the user stored locally, the access request is legal, so that the browser is allowed to normally access the site. If the two are not consistent, the access request is not legal, and the access request is rejected. Therefore, the user does not need to perform additional processing on the access request, and the user is unaware in the whole process, so that the information safety can be improved under the condition of improving the user experience.
Specific embodiments of the present application are disclosed in detail with reference to the following description and drawings, indicating the manner in which the principles of the application may be employed. It should be understood that the embodiments of the present application are not so limited in scope. The embodiments of the application include many variations, modifications and equivalents within the spirit and scope of the appended claims.
Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments, in combination with or instead of the features of the other embodiments.
It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps or components.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the application, are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application. It should be apparent that the drawings in the following description are merely some embodiments of the present application, and that other drawings may be obtained by those skilled in the art without inventive exercise. In the drawings:
fig. 1 is a flowchart of an authentication method based on a browser plug-in according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of an authentication method based on a browser plug-in according to another embodiment of the present application;
fig. 3 is a functional block diagram of an authentication system based on a browser plug-in according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art without any inventive work based on the embodiments in the present application shall fall within the scope of protection of the present application.
Referring to fig. 1, the present application provides an authentication method based on a browser plug-in, and when applying the technical solution of the present application, a user needs to specify the plug-in the browser. The designated plug-in may be a pre-edited program component that performs its function when the browser is started. The method may include the following steps.
S1: when the designated plug-in carries out initialization configuration in the browser, inputting user information and a signature key of a user;
s2: when a target site is accessed through the browser, an access request sent outwards by the browser is acquired;
s3: generating signature information based on the signature key, and attaching the signature information and the user information to the access request;
s4: and sending the access request attached with the signature information and the user information to a server of the target site.
In this embodiment, when the specified plug-in performs initialization configuration in the browser, the method further includes:
entering a protected site list;
and the plug-in detects a current site accessed by the browser, and if the current site is in the protected site list, an access request sent to the current site is acquired through an application programming interface of the browser.
In this embodiment, attaching the signature information and the user information to the access request includes:
and filling the signature information and the user information in a user-defined field in the access request.
In this embodiment, generating the signature information based on the signature key includes:
and according to a specified encryption algorithm, converting the signature key into signature information encrypted by the specified encryption algorithm.
In this embodiment, the method further comprises:
the server of the target site receives an access request sent by the browser and extracts the user information and the signature information from the access request;
acquiring a target signature key matched with the user information from a database based on the user information;
encrypting the target signature key according to the specified encryption algorithm to obtain target signature information;
and comparing the target signature information with the extracted signature information, and processing the access request according to a comparison result.
In this embodiment, the processing the access request according to the comparison result includes:
when the target signature information is consistent with the extracted signature information, allowing the browser to access the target site;
and when the target signature information is inconsistent with the extracted signature information, rejecting the access request.
In one application example, a user may install a specified plug-in a browser, and upon completing an initial configuration of the specified plug-in the browser, the user may enter user information (e.g., a username), a signature key (e.g., a string of characters that may be user-defined), a list of protected sites, and so forth. Therefore, when the browser accesses the sites in the protected site list, the information authentication method can be automatically started. It should be noted that, the user information and the signature key and other information entered by the user may be synchronously backed up to the server of the protected site.
Specifically, when the specified plug-in detects that the user is accessing the protected target site, an access request to be sent out by the browser may be acquired through an Application Programming Interface (API) of the browser. Of course, in practical applications, only part of the parameters in the access request may be obtained, which is not limited in the present application.
After the access request is obtained, the specified plug-in can read the signature key which is input by the user before, and encrypt the signature key according to the specified encryption algorithm so as to ensure the security of the information. The specified encryption algorithm may be DES, RSA, MD5, etc. After the encryption process is performed, signature information can be obtained. In this way, the designated plug-in may attach the signature information and the user information of the user to the access request. Specifically, the access request may have a user-defined field, so that the specified plug-in may write the signature information and the user information of the user into the user-defined field. After these steps are completed, the browser may send an access request with additional information to the server at the target site.
Referring to fig. 2, when the server receives an access request from the browser, user information and signature information may be extracted from the access request. At this time, the server may further determine whether the extracted signature information is legitimate. Specifically, the server may read the matching signing key in a local database according to the extracted user information. The read signing key may then be encrypted using the same specified encryption algorithm to obtain the target signing information. At this time, the target signature information may be compared with the signature information extracted from the access request, and when the target signature information is consistent with the extracted signature information, the browser is allowed to access the target site; and when the target signature information is inconsistent with the extracted signature information, rejecting the access request. Meanwhile, the log recording module of the server can record the verification result.
Therefore, the designated plug-in can be installed in the browser, and the signature key of the user can be pre-entered when the designated plug-in is initialized and configured. The designated plug-in may detect a site that the browser is about to visit. When the browser is about to send an access request to the server of the site, the access request may be intercepted and the signing information encrypted by the signing key may be appended to the access request. Therefore, when the server of the site receives the access request, the signature information can be extracted from the access request, the signature key of the user stored locally is encrypted and then is compared with the extracted signature information, and if the signature key of the user is consistent with the signature key of the user, the access request is legal, so that the browser is allowed to normally access the site. If the two are not identical, the access request is not legal, and the access request is rejected. Therefore, the user does not need to perform additional processing on the access request, and the user is unaware in the whole process, so that the information safety can be improved under the condition of improving the user experience.
Referring to fig. 3, the present application further provides an authentication system based on a browser plug-in, where the authentication system includes a browser installed with a specified plug-in, and the authentication system further includes:
an information entry unit 100, configured to enter user information and a signature key of a user when the specified plug-in performs initialization configuration in the browser;
an access request obtaining unit 200, configured to obtain an access request sent by the browser to the outside when a target site is accessed by the browser;
an information attaching unit 300, configured to generate signature information based on the signing key, and attach the signature information and the user information to the access request;
an access request sending unit 400, configured to send the access request with the signature information and the user information attached to the server of the target site.
In this embodiment, the system further comprises:
the site list entry unit is used for entering a protected site list;
and the judging unit is used for controlling the plug-in to detect the current site accessed by the browser, and acquiring an access request sent to the current site through an application programming interface of the browser if the current site is in the protected site list.
In this embodiment, the information attaching unit includes:
and the encryption module is used for converting the signature key into the signature information encrypted by the specified encryption algorithm according to the specified encryption algorithm.
In this embodiment, the system further comprises:
an information extraction unit, configured to control a server of the target site to receive an access request sent by the browser, and extract the user information and the signature information from the access request;
the information matching unit is used for acquiring a target signature key matched with the user information from a database based on the user information;
the encryption unit is used for encrypting the target signature key according to the specified encryption algorithm to obtain target signature information;
and the comparison unit is used for comparing the target signature information with the extracted signature information and processing the access request according to a comparison result.
The foregoing description of various embodiments of the present application is provided to those skilled in the art for the purpose of illustration. It is not intended to be exhaustive or to limit the invention to a single disclosed embodiment. As described above, various alternatives and modifications of the present application will be apparent to those skilled in the art to which the above-described technology pertains. Thus, while some alternative embodiments have been discussed in detail, other embodiments will be apparent or relatively easy to derive by those of ordinary skill in the art. This application is intended to cover all alternatives, modifications, and variations of the invention that have been discussed herein, as well as other embodiments that fall within the spirit and scope of the above-described application.