CN109495468A - Authentication method, device, electronic equipment and storage medium - Google Patents
Authentication method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN109495468A CN109495468A CN201811332972.5A CN201811332972A CN109495468A CN 109495468 A CN109495468 A CN 109495468A CN 201811332972 A CN201811332972 A CN 201811332972A CN 109495468 A CN109495468 A CN 109495468A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- user
- certification request
- authentication method
- account information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment provides a kind of authentication method, device, electronic equipment and storage mediums, are related to field of communication technology.This method comprises: receiving user to the first certification request of target service system in multiple operation systems;The first dynamic password corresponding with first certification request is generated in response to the first certification request;Receive the second dynamic password of user's input and the second certification request to target service system;And determine whether that the user logs in target service system based on the first certification request, the first dynamic password, the second certification request and the second dynamic password.The technical solution of the embodiment of the present invention can carry out unified certification to the account of multiple operation systems, improve the safety of account.
Description
Technical field
The present invention relates to field of communication technology, in particular to a kind of authentication method, authentication device, electronic equipment with
And computer readable storage medium.
Background technique
With the development of internet technology, the operation system of enterprise is also increasing, how to each business system of enterprise
The system of account of system, which is managed, becomes focus of attention.
In a kind of technical solution, a kind of Accounting system framework is provided.Shown in referring to Fig.1, account system architecture point
The function that cloth is coupled in interchanger 110, router 120, wireless network 130 and operation system 140 to operation system 170 itself
In energy module, each operation system mainly passes through account-cipher mode and realizes authentication function.
However, in the technical scheme, unified certification, safety wind can not be carried out to the system of account of the operation system of enterprise
Danger dispersion, account security are lower.
It should be noted that information is only used for reinforcing the reason to background of the present invention disclosed in above-mentioned background technology part
Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
The embodiment of the present invention be designed to provide a kind of authentication method, authentication device, electronic equipment and computer can
Storage medium is read, and then overcomes caused by the limitation and defect due to the relevant technologies one or more at least to a certain extent
A problem.
According to a first aspect of the embodiments of the present invention, a kind of authentication method is provided, multiple operation systems, packet are applied to
It includes: receiving user to the first certification request of target service system in the multiple operation system;In response to first certification
Request generates the first dynamic password corresponding with first certification request;Receive the second dynamic password of user input with
And the second certification request to the target service system;And based on first certification request, first dynamic password,
Second certification request and second dynamic password determine whether that the user logs in the target service system.
In some embodiments of the invention, be based on aforementioned schemes, in response to first certification request generate with it is described
Corresponding first dynamic password of first certification request, comprising: the account letter of the user is extracted from first certification request
Breath;The receiving time of account information and first certification request based on the user generates first dynamic password.
In some embodiments of the invention, aforementioned schemes are based on, account information based on the user and described the
The receiving time of one certification request generates first dynamic password, comprising: account information based on the user and described
The receiving time of first certification request generates first dynamic password by time-based disposal password operation.
In some embodiments of the invention, aforementioned schemes are based on, account information based on the user and described the
The receiving time of one certification request generates first dynamic password, comprising: account information based on the user and described
The receiving time of first certification request generates a pair of of public key and private key, using the private key as first dynamic password.
In some embodiments of the invention, aforementioned schemes, the authentication method further include: pass through the first communication protocols are based on
The account information of the user and first dynamic password are sent to certificate server by view.
In some embodiments of the invention, aforementioned schemes are based on, it is determined whether the user is allowed to log in the target
Operation system, comprising: the second account information of the user is extracted from second certification request;Based on second account
Information inquires first dynamic password from the certificate server;First dynamic password that comparison query arrives with it is described
Second dynamic password;Determine whether that the user logs in the target service system based on comparative result.
In some embodiments of the invention, aforementioned schemes are based on, determine whether the user based on comparative result
Log in the target service system, comprising: when determining that first dynamic password is identical as second dynamic password, allow
The user logs in the target service system;When determining first dynamic password and the second dynamic password difference,
Refuse the user and logs in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, first communication protocol is radius protocol.
In some embodiments of the invention, aforementioned schemes, the authentication method further include: obtain the user's are based on
Log is logged in, logs in log to the multiple operation system progress security audit based on described.
In some embodiments of the invention, be based on aforementioned schemes, second dynamic password be short message verification code or
Picture validation code.
According to a second aspect of the embodiments of the present invention, a kind of authentication device is provided, multiple operation systems, packet are applied to
It includes: the first receiving unit, for receiving user to the first certification request of target service system in the multiple operation system;It is dynamic
State password generated unit, for generating the first dynamic corresponding with first certification request in response to first certification request
Password;Second receiving unit, for receiving the second dynamic password of user's input and to the target service system
Second certification request;And login authentication unit, for based on first certification request, first dynamic password, described
Second certification request and second dynamic password determine whether that the user logs in the target service system.
According to a third aspect of the embodiments of the present invention, a kind of electronic equipment is provided, comprising: processor;And memory,
It is stored with computer-readable instruction on the memory, is realized when the computer-readable instruction is executed by the processor as above
State authentication method described in first aspect.
According to a fourth aspect of the embodiments of the present invention, a kind of computer readable storage medium is provided, meter is stored thereon with
Calculation machine program realizes the authentication method as described in above-mentioned first aspect when the computer program is executed by processor.
In the technical solution provided by some embodiments of the present invention, on the one hand, generated in response to the first certification request
With corresponding first dynamic password, dynamic password can be generated at random;On the other hand, the second dynamic password based on user's input
And second certification request and the first certification request and the first dynamic password determine whether user's registering service system, can
Unified certification is carried out to the account of multiple operation systems;In another aspect, since the first dynamic password and the second dynamic password are all
The password generated at random, so as to improve the safety of account.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
It can the limitation present invention.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows and meets implementation of the invention
Example, and be used to explain the principle of the present invention together with specification.It should be evident that the accompanying drawings in the following description is only the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 shows a kind of schematic block diagram of the Accounting system framework in technical solution;
Fig. 2 shows the flow diagrams of authentication method according to some embodiments of the present invention;
Fig. 3 show should exemplary scene according to example embodiment of the present invention schematic diagram;
Fig. 4 shows the schematic block diagram of the authentication device of an exemplary embodiment according to the present invention;
Fig. 5 shows the structural schematic diagram for being suitable for the computer system for the electronic equipment for being used to realize the embodiment of the present invention.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms
It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the present invention will be comprehensively and complete
It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical appended drawing reference indicates in figure
Same or similar part, thus repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner
In example.In the following description, many details are provided to provide and fully understand to the embodiment of the present invention.However,
It will be appreciated by persons skilled in the art that technical solution of the present invention can be practiced without one or more in specific detail,
Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side
Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step,
It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close
And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
Fig. 2 shows the flow diagrams of authentication method according to some embodiments of the present invention.It, should referring to shown in Fig. 2
Authentication method may comprise steps of:
Step S210 receives user to the first certification request of target service system in the multiple operation system;
Step S220 generates the first dynamic mouth corresponding with first certification request in response to first certification request
It enables;
Step S230 receives the second dynamic password of user's input and recognizes the second of the target service system
Card request;And
Step S240 is based on first certification request, first dynamic password, second certification request and institute
It states the second dynamic password and determines whether that the user logs in the target service system.
The authentication method in example embodiment according to fig. 2, on the one hand, in response to the first certification request generate with it is corresponding
First dynamic password can generate dynamic password at random;On the other hand, the second dynamic password and second based on user's input
Certification request and the first certification request and the first dynamic password determine whether user's registering service system, can be to multiple industry
The account of business system carries out unified certification;In another aspect, since the first dynamic password and the second dynamic password are all randomly generated
Password, so as to improve the safety of account.
In the following, by the authentication method in example embodiment shown in Fig. 2 is described in detail.
In step S210, user is received to the first certification request of target service system in the multiple operation system.
In the exemplary embodiment, multiple operation systems may include medical card management system, medicine management system, permission pipe
Reason system, outpatient registering, doctor workstation system, system of being hospitalized etc..User is to target service system such as out-patient registration
First certification request of system may include the account information of user, and the account information of user can be the cell-phone number or body of user
The information such as part card number.
In the exemplary embodiment, client passes through RADIUS (Remote Authentication Dial In User
Service, remote customer dialing authentication service) agreement to server send the first certification request.Radius protocol is to answer at present
With extensive network safety system agreement.
In step S220, it is dynamic that corresponding with first certification request first is generated in response to first certification request
State password.
In the exemplary embodiment, when server receives the first certification request of client transmission, recognize from described first
The cell-phone number or identification card number information that the account information such as user of the user is extracted in card request, the account letter based on user
The receiving time of breath and first certification request generates the first dynamic password.
TOTP (Time-Based can be passed through based on the receiving time of the account information of user and first certification request
One-Time Password, time-based disposal password algorithm) mode generate the first dynamic password.It can also be based on
The receiving time of the account information of user and first certification request generates the first dynamic password using other hash algorithms, this
It is same within the scope of the present invention.TOTP is that (also referred to as time synchronization is dynamic for a time-based disposal password algorithm
State password), it is the extension for supporting the time as dynamic factor based on HMAC disposal password algorithm.
Further, in the exemplary embodiment, be also based on radius protocol by the account information of the user of extraction with
And generate the first dynamic password and be sent to certificate server, the account information of the user and first dynamic is saved in certificate server
State password, such as can save the account information of the user and the first dynamic password 60 seconds in certificate server.
In the exemplary embodiment, the account information and the first dynamic mouth of the user can be saved in the form of key-value pair
It enables, account information and the first dynamic instruction of the user can also be saved in the form of other, the present invention is to this without spy
It is different to limit.
In step S230, the second dynamic password of user input is received and to the of the target service system
Two certification requests.
In the exemplary embodiment, the short message that the second dynamic password of user's input can receive for user from server is tested
Demonstrate,prove code, or the picture validation code that server automatically generates.Such as server can account information based on user and
The receiving time of first certification request generates the second dynamic password by way of TOTP, and the second dynamic password is sent to
User.
After user inputs the second dynamic password and confirmation input, user end to server is sent to target service system
Second certification request.The generation time of account information and the second dynamic password in second certification request including user.
In addition, in some embodiments, it is also possible to the reception based on the account information of user and first certification request
Time generates a pair of of public key and private key, is stored in the private key as the first dynamic password in certificate server, by the public affairs
Key is sent to the client of user.
In step S240, based on first certification request, first dynamic password, second certification request with
And second dynamic password determines whether that the user logs in the target service system.
In the exemplary embodiment, the second account information of the user is extracted from second certification request;Based on institute
It states the second account information and inquires first dynamic password from the certificate server;First dynamic that comparison query arrives
Password and second dynamic password;Determine whether that the user logs in the target service system based on comparative result.
Further, first dynamic password is inquired from certificate server based on the second account information includes: to pass through
Second account information inquires the first account information from certificate server;When finding the first account information, pass through the first account
Family information searches the first dynamic password from the server of authentication platform 380.
It is possible to further judge whether first dynamic password and second dynamic password are identical;Determining institute
State the first dynamic password it is identical as second dynamic password when, allow the user to log in the target service system;Sentencing
When fixed first dynamic password and the second dynamic password difference, refuses the user and log in the target service system.
In addition, second can be passed through when first dynamic password is private key corresponding with the account information of the user
The first dynamic password is decrypted in dynamic password, after successful decryption, user is allowed to log in the target service system;It is decrypting
When failure, refusal user logs in the target service system.
In addition, in some embodiments, can also obtain the login log of user, the login log based on user is to multiple
Operation system carries out security audit.Security audit (Security Audit) be primarily referred to as in operation system with it is security-related
Movable relevant information is identified, is recorded, stored and is analyzed.The record of security audit is for checking which has occurred on network
With security-related activity, which user is responsible for this activity.
Fig. 3 show should exemplary scene according to example embodiment of the present invention schematic diagram.Referring to shown in Fig. 3,
Account system architecture may include: interchanger 310, router 320 and wireless network 330, operation system 1 to operation system
4 i.e. operation systems 340 are to operation system 370, authentication platform 380.
Wherein, to operation system 370, by HTTP, (HyperText Transfer Protocol surpasses operation system 340
Text transfer protocol) transport protocol communicated with authentication platform 380;Interchanger 310, router 320 and wireless network 330
It is communicated by radius protocol with authentication platform 380.
In Fig. 3, when receiving the first certification request of user by wireless network 330, asked from first certification
The cell-phone number or identification card number information for asking the middle account information such as user for extracting the user, based on the account information of user with
And the receiving time of first certification request generates the first dynamic password.Radius protocol is also based on by the user's of extraction
Account information and the first dynamic password of generation are sent to certificate server such as authentication platform 380, can be in authentication platform 380
Place saves the account information of the user and the first dynamic password for example saves 60 seconds.Authentication platform 380 can also be by generation
First dynamic password is sent to client and is for example sent to client by way of short message verification code.
When receiving the second certification request of user by wireless network 330, extracted from second certification request
The second account information of the user;By the account information of the user of extraction and the second dynamic mouth is generated based on radius protocol
Order is sent to authentication platform 380, inquires described from the server of the authentication platform 380 based on second account information
One dynamic password;First dynamic password and second dynamic password that comparison query arrives;Determination based on comparative result is
It is no that the user is allowed to log in the target service system.
Further, first dynamic password is inquired from the server of authentication platform 380 based on the second account information
It include: that the first account information is inquired from the server of authentication platform 380 by the second account information;Finding the first account
When information, the first dynamic password is searched from the server of authentication platform 380 by the first account information.
In addition, second can be passed through when first dynamic password is private key corresponding with the account information of the user
The first dynamic password is decrypted in dynamic password, after successful decryption, user is allowed to log in the target service system;It is decrypting
When failure, refusal user logs in the target service system.
In addition, in an embodiment of the present invention, additionally providing a kind of authentication device.The authentication device can be applied to multiple
Operation system.Referring to shown in Fig. 4, which may include: the first receiving unit 410, dynamic password generation unit
420, the second receiving unit 430 and login authentication unit 440.Wherein, the first receiving unit 410 is for receiving user to described
First certification request of target service system in multiple operation systems;Dynamic password generation unit 420 is used in response to described the
One certification request generates the first dynamic password corresponding with first certification request;Second receiving unit 430 is for receiving institute
State the second dynamic password of user's input and the second certification request to the target service system;And login authentication unit
440 for based on first certification request, first dynamic password, second certification request and second dynamic
Password determines whether that the user logs in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, dynamic password generation unit 420 includes: the first information
Extraction unit, for extracting the account information of the user from first certification request;First generation unit, for being based on
The receiving time of the account information of the user and first certification request generates first dynamic password.
In some embodiments of the invention, aforementioned schemes are based on, the first generation unit is configured as: based on the user
Account information and first certification request receiving time pass through time-based disposal password operation generate described in
First dynamic password.
In some embodiments of the invention, aforementioned schemes are based on, the first generation unit is configured as: based on the user
Account information and the receiving time of first certification request generate a pair of of public key and private key, using the private key as described in
First dynamic password.
In some embodiments of the invention, aforementioned schemes, the authentication device 400 are based on further include: transmission unit is used
In the account information of the user and first dynamic password are sent to certificate server by the first communication protocol.
In some embodiments of the invention, aforementioned schemes are based on, login authentication unit 440 includes: the second information extraction
Unit, for extracting the second account information of the user from second certification request;Query unit, for based on described
Second account information inquires first dynamic password from the certificate server;Comparing unit is arrived for comparison query
First dynamic password and second dynamic password;Administrative unit is logged in, for determining whether based on comparative result
The user logs in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, administrative unit is logged in and is configured as: determining described the
When one dynamic password is identical as second dynamic password, the user is allowed to log in the target service system;Determining institute
When stating the first dynamic password and the second dynamic password difference, refuses the user and log in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, first communication protocol is radius protocol.
In some embodiments of the invention, aforementioned schemes, the authentication device 400 further include: security audit list are based on
Member logs in log for obtain the user, is logged in log based on described and is carried out security audit to the multiple operation system.
In some embodiments of the invention, be based on aforementioned schemes, second dynamic password be short message verification code or
Picture validation code.
Due to each functional module of the authentication device 400 of example embodiments of the present invention and the example of above-mentioned authentication method
The step of embodiment, is corresponding, therefore details are not described herein.
In an exemplary embodiment of the present invention, a kind of electronic equipment that can be realized the above method is additionally provided.
Below with reference to Fig. 5, it illustrates the computer systems 500 for the electronic equipment for being suitable for being used to realize the embodiment of the present invention
Structural schematic diagram.The computer system 500 of electronic equipment shown in Fig. 5 is only an example, should not be to the embodiment of the present invention
Function and use scope bring any restrictions.
As shown in figure 5, computer system 500 includes central processing unit (CPU) 501, it can be read-only according to being stored in
Program in memory (ROM) 502 or be loaded into the program in random access storage device (RAM) 503 from storage section 508 and
Execute various movements appropriate and processing.In RAM 503, it is also stored with various programs and data needed for system operatio.CPU
501, ROM 502 and RAM 503 is connected with each other by bus 504.Input/output (I/O) interface 505 is also connected to bus
504。
I/O interface 505 is connected to lower component: the importation 506 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 507 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 508 including hard disk etc.;
And the communications portion 509 of the network interface card including LAN card, modem etc..Communications portion 509 via such as because
The network of spy's net executes communication process.Driver 510 is also connected to I/O interface 505 as needed.Detachable media 511, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 510, in order to read from thereon
Computer program be mounted into storage section 508 as needed.
Particularly, according to an embodiment of the invention, may be implemented as computer above with reference to the process of flow chart description
Software program.For example, the embodiment of the present invention includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communications portion 509, and/or from detachable media
511 are mounted.When the computer program is executed by central processing unit (CPU) 501, executes and limited in the system of the application
Above-mentioned function.
It should be noted that computer-readable medium shown in the present invention can be computer-readable signal media or meter
Calculation machine readable storage medium storing program for executing either the two any combination.Computer readable storage medium for example can be --- but not
Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or any above combination.Meter
The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, just of one or more conducting wires
Taking formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type may be programmed read-only storage
Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device,
Or above-mentioned any appropriate combination.In the present invention, computer readable storage medium can be it is any include or storage journey
The tangible medium of sequence, the program can be commanded execution system, device or device use or in connection.And at this
In invention, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By the use of instruction execution system, device or device or program in connection.Include on computer-readable medium
Program code can transmit with any suitable medium, including but not limited to: wireless, electric wire, optical cable, RF etc. are above-mentioned
Any appropriate combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of various embodiments of the invention, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule
The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard
The mode of part realizes that described unit also can be set in the processor.Wherein, the title of these units is in certain situation
Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which be can be
Included in electronic equipment described in above-described embodiment;It is also possible to individualism, and without in the supplying electronic equipment.
Above-mentioned computer-readable medium carries one or more program, when the electronics is set by one for said one or multiple programs
When standby execution, so that the electronic equipment realizes such as above-mentioned authentication method as described in the examples.
For example, the electronic equipment may be implemented as shown in Figure 2: step S210 receives user to the multiple industry
First certification request of target service system in business system;Step S220, in response to first certification request generate with it is described
Corresponding first dynamic password of first certification request;Step S230 receives the second dynamic password of user input and right
Second certification request of the target service system;And step S240 is based on first certification request, first dynamic
Password, second certification request and second dynamic password determine whether that the user logs in the target service
System.
It should be noted that although being referred to several modules for acting the device executed in the above detailed description
Or unit, but this division is not enforceable.In fact, embodiment according to the present invention, above-described two
Or more the feature and function of module or unit can be embodied in a module or unit.Conversely, above-described
One module or the feature and function of unit can be to be embodied by multiple modules or unit with further division.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the present invention
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, touch control terminal or network equipment etc.) executes embodiment according to the present invention
Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or
Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention
Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.
Claims (13)
1. a kind of authentication method is applied to multiple operation systems characterized by comprising
User is received to the first certification request of target service system in the multiple operation system;
The first dynamic password corresponding with first certification request is generated in response to first certification request;
Receive the second dynamic password of user's input and the second certification request to the target service system;And
Based on first certification request, first dynamic password, second certification request and the second dynamic mouth
Order determines whether that the user logs in the target service system.
2. authentication method according to claim 1, which is characterized in that in response to first certification request generate with it is described
Corresponding first dynamic password of first certification request, comprising:
The account information of the user is extracted from first certification request;
The receiving time of account information and first certification request based on the user generates first dynamic password.
3. authentication method according to claim 2, which is characterized in that the account information based on the user and described
The receiving time of one certification request generates first dynamic password, comprising:
The receiving time of account information and first certification request based on the user passes through time-based disposable
Crypto-operation generates first dynamic password.
4. authentication method according to claim 2, which is characterized in that the account information based on the user and described
The receiving time of one certification request generates first dynamic password, comprising:
The receiving time of account information and first certification request based on the user generates a pair of of public key and private key, will
The private key is as first dynamic password.
5. authentication method according to claim 1, which is characterized in that the authentication method further include:
The account information of the user and first dynamic password are sent to certificate server by the first communication protocol.
6. authentication method according to claim 1, which is characterized in that determine whether that the user logs in the target
Operation system, comprising:
The second account information of the user is extracted from second certification request;
First dynamic password is inquired from the certificate server based on second account information;
First dynamic password and second dynamic password that comparison query arrives;
Determine whether that the user logs in the target service system based on comparative result.
7. authentication method according to claim 6, which is characterized in that determine whether the user based on comparative result
Log in the target service system, comprising:
When determining that first dynamic password is identical as second dynamic password, the user is allowed to log in the target industry
Business system;
When determining first dynamic password and the second dynamic password difference, refuses the user and log in the target industry
Business system.
8. authentication method according to claim 5, which is characterized in that first communication protocol is radius protocol.
9. authentication method according to any one of claim 1 to 8, which is characterized in that the authentication method further include:
Obtain the user logs in log, logs in log to the multiple operation system progress security audit based on described.
10. authentication method according to any one of claim 1 to 8, which is characterized in that second dynamic password is short
Believe identifying code or picture validation code.
11. a kind of authentication device is applied to multiple operation systems characterized by comprising
First receiving unit, for receiving user to the first certification request of target service system in the multiple operation system;
Dynamic password generation unit, for generating corresponding with first certification request the in response to first certification request
One dynamic password;
Second receiving unit, for receiving the second dynamic password of user input and to the of the target service system
Two certification requests;And
Login authentication unit, for based on first certification request, first dynamic password, second certification request with
And second dynamic password determines whether that the user logs in the target service system.
12. a kind of electronic equipment characterized by comprising
Processor;And
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by the processor
The authentication method as described in any one of claims 1 to 10 is realized when row.
13. a kind of computer readable storage medium, is stored thereon with computer program, the computer program is executed by processor
Authentication method of the Shi Shixian as described in any one of claims 1 to 10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811332972.5A CN109495468A (en) | 2018-11-09 | 2018-11-09 | Authentication method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811332972.5A CN109495468A (en) | 2018-11-09 | 2018-11-09 | Authentication method, device, electronic equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109495468A true CN109495468A (en) | 2019-03-19 |
Family
ID=65695538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811332972.5A Pending CN109495468A (en) | 2018-11-09 | 2018-11-09 | Authentication method, device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109495468A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112035810A (en) * | 2020-08-19 | 2020-12-04 | 绿盟科技集团股份有限公司 | Access control method, device, medium and equipment |
CN112214751A (en) * | 2019-07-11 | 2021-01-12 | 上海游昆信息技术有限公司 | Verification code generation method and device |
CN112580013A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | Multi-system information interaction method and device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102307093A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Method for generating two-factor dynamic password |
CN103905188A (en) * | 2014-04-02 | 2014-07-02 | 天地融科技股份有限公司 | Method for generating dynamic password through intelligent secret key device, and intelligent secret key device |
CN103905195A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | User card authentication method and system based on dynamic password |
US20160149894A1 (en) * | 2014-11-25 | 2016-05-26 | Appright, Inc. | System and method for providing multi factor authentication |
CN106453321A (en) * | 2016-10-18 | 2017-02-22 | 郑州云海信息技术有限公司 | Authentication server, system and method, and to-be-authenticated terminal |
CN107277015A (en) * | 2017-06-21 | 2017-10-20 | 北京易教阳光教育科技有限公司 | Unifying user authentication management method, system, storage medium and server |
-
2018
- 2018-11-09 CN CN201811332972.5A patent/CN109495468A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102307093A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Method for generating two-factor dynamic password |
CN103905195A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | User card authentication method and system based on dynamic password |
CN103905188A (en) * | 2014-04-02 | 2014-07-02 | 天地融科技股份有限公司 | Method for generating dynamic password through intelligent secret key device, and intelligent secret key device |
US20160149894A1 (en) * | 2014-11-25 | 2016-05-26 | Appright, Inc. | System and method for providing multi factor authentication |
CN106453321A (en) * | 2016-10-18 | 2017-02-22 | 郑州云海信息技术有限公司 | Authentication server, system and method, and to-be-authenticated terminal |
CN107277015A (en) * | 2017-06-21 | 2017-10-20 | 北京易教阳光教育科技有限公司 | Unifying user authentication management method, system, storage medium and server |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112214751A (en) * | 2019-07-11 | 2021-01-12 | 上海游昆信息技术有限公司 | Verification code generation method and device |
CN112580013A (en) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | Multi-system information interaction method and device |
CN112035810A (en) * | 2020-08-19 | 2020-12-04 | 绿盟科技集团股份有限公司 | Access control method, device, medium and equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11665006B2 (en) | User authentication with self-signed certificate and identity verification | |
CN105007279B (en) | Authentication method and Verification System | |
JP7083892B2 (en) | Mobile authentication interoperability of digital certificates | |
CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
CN111062024B (en) | Application login method and device | |
US20140237236A1 (en) | Mobile Security Fob | |
CN109379336A (en) | A kind of uniform authentication method, distributed system and computer readable storage medium | |
US20150074785A1 (en) | Using service request ticket for multi-factor authentication | |
KR20170063559A (en) | Multi-dimensional framework for defining criteria that indicate when authentication should be revoked | |
CN109861973A (en) | Information transferring method, device, electronic equipment and computer-readable medium | |
CN109981287A (en) | A kind of code signature method and its storage medium | |
CN110149354A (en) | A kind of encryption and authentication method and device based on https agreement | |
CN109657492A (en) | Data base management method, medium and electronic equipment | |
CN109495468A (en) | Authentication method, device, electronic equipment and storage medium | |
CN108923925A (en) | Date storage method and device applied to block chain | |
CN110120952A (en) | A kind of total management system single-point logging method, device, computer equipment and storage medium | |
CN109120611A (en) | User authen method, equipment, system and the medium of server are generated for address | |
CN114584381A (en) | Security authentication method and device based on gateway, electronic equipment and storage medium | |
CN108228280A (en) | The configuration method and device of browser parameters, storage medium, electronic equipment | |
CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
CN114598549B (en) | Customer SSL certificate verification method and device | |
CN110659476A (en) | Method and apparatus for resetting password | |
CN110351302B (en) | Bank account login method, equipment and storage medium | |
CN113381982B (en) | Registration method, registration device, electronic equipment and storage medium | |
CN110611656B (en) | Identity management method, device and system based on master identity multiple mapping |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190319 |
|
RJ01 | Rejection of invention patent application after publication |