CN109495468A - Authentication method, device, electronic equipment and storage medium - Google Patents

Authentication method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN109495468A
CN109495468A CN201811332972.5A CN201811332972A CN109495468A CN 109495468 A CN109495468 A CN 109495468A CN 201811332972 A CN201811332972 A CN 201811332972A CN 109495468 A CN109495468 A CN 109495468A
Authority
CN
China
Prior art keywords
dynamic password
user
certification request
authentication method
account information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811332972.5A
Other languages
Chinese (zh)
Inventor
张勤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Medical Duyun Medical Technology Co Ltd
Original Assignee
Nanjing Medical Duyun Medical Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Medical Duyun Medical Technology Co Ltd filed Critical Nanjing Medical Duyun Medical Technology Co Ltd
Priority to CN201811332972.5A priority Critical patent/CN109495468A/en
Publication of CN109495468A publication Critical patent/CN109495468A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment provides a kind of authentication method, device, electronic equipment and storage mediums, are related to field of communication technology.This method comprises: receiving user to the first certification request of target service system in multiple operation systems;The first dynamic password corresponding with first certification request is generated in response to the first certification request;Receive the second dynamic password of user's input and the second certification request to target service system;And determine whether that the user logs in target service system based on the first certification request, the first dynamic password, the second certification request and the second dynamic password.The technical solution of the embodiment of the present invention can carry out unified certification to the account of multiple operation systems, improve the safety of account.

Description

Authentication method, device, electronic equipment and storage medium
Technical field
The present invention relates to field of communication technology, in particular to a kind of authentication method, authentication device, electronic equipment with And computer readable storage medium.
Background technique
With the development of internet technology, the operation system of enterprise is also increasing, how to each business system of enterprise The system of account of system, which is managed, becomes focus of attention.
In a kind of technical solution, a kind of Accounting system framework is provided.Shown in referring to Fig.1, account system architecture point The function that cloth is coupled in interchanger 110, router 120, wireless network 130 and operation system 140 to operation system 170 itself In energy module, each operation system mainly passes through account-cipher mode and realizes authentication function.
However, in the technical scheme, unified certification, safety wind can not be carried out to the system of account of the operation system of enterprise Danger dispersion, account security are lower.
It should be noted that information is only used for reinforcing the reason to background of the present invention disclosed in above-mentioned background technology part Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
The embodiment of the present invention be designed to provide a kind of authentication method, authentication device, electronic equipment and computer can Storage medium is read, and then overcomes caused by the limitation and defect due to the relevant technologies one or more at least to a certain extent A problem.
According to a first aspect of the embodiments of the present invention, a kind of authentication method is provided, multiple operation systems, packet are applied to It includes: receiving user to the first certification request of target service system in the multiple operation system;In response to first certification Request generates the first dynamic password corresponding with first certification request;Receive the second dynamic password of user input with And the second certification request to the target service system;And based on first certification request, first dynamic password, Second certification request and second dynamic password determine whether that the user logs in the target service system.
In some embodiments of the invention, be based on aforementioned schemes, in response to first certification request generate with it is described Corresponding first dynamic password of first certification request, comprising: the account letter of the user is extracted from first certification request Breath;The receiving time of account information and first certification request based on the user generates first dynamic password.
In some embodiments of the invention, aforementioned schemes are based on, account information based on the user and described the The receiving time of one certification request generates first dynamic password, comprising: account information based on the user and described The receiving time of first certification request generates first dynamic password by time-based disposal password operation.
In some embodiments of the invention, aforementioned schemes are based on, account information based on the user and described the The receiving time of one certification request generates first dynamic password, comprising: account information based on the user and described The receiving time of first certification request generates a pair of of public key and private key, using the private key as first dynamic password.
In some embodiments of the invention, aforementioned schemes, the authentication method further include: pass through the first communication protocols are based on The account information of the user and first dynamic password are sent to certificate server by view.
In some embodiments of the invention, aforementioned schemes are based on, it is determined whether the user is allowed to log in the target Operation system, comprising: the second account information of the user is extracted from second certification request;Based on second account Information inquires first dynamic password from the certificate server;First dynamic password that comparison query arrives with it is described Second dynamic password;Determine whether that the user logs in the target service system based on comparative result.
In some embodiments of the invention, aforementioned schemes are based on, determine whether the user based on comparative result Log in the target service system, comprising: when determining that first dynamic password is identical as second dynamic password, allow The user logs in the target service system;When determining first dynamic password and the second dynamic password difference, Refuse the user and logs in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, first communication protocol is radius protocol.
In some embodiments of the invention, aforementioned schemes, the authentication method further include: obtain the user's are based on Log is logged in, logs in log to the multiple operation system progress security audit based on described.
In some embodiments of the invention, be based on aforementioned schemes, second dynamic password be short message verification code or Picture validation code.
According to a second aspect of the embodiments of the present invention, a kind of authentication device is provided, multiple operation systems, packet are applied to It includes: the first receiving unit, for receiving user to the first certification request of target service system in the multiple operation system;It is dynamic State password generated unit, for generating the first dynamic corresponding with first certification request in response to first certification request Password;Second receiving unit, for receiving the second dynamic password of user's input and to the target service system Second certification request;And login authentication unit, for based on first certification request, first dynamic password, described Second certification request and second dynamic password determine whether that the user logs in the target service system.
According to a third aspect of the embodiments of the present invention, a kind of electronic equipment is provided, comprising: processor;And memory, It is stored with computer-readable instruction on the memory, is realized when the computer-readable instruction is executed by the processor as above State authentication method described in first aspect.
According to a fourth aspect of the embodiments of the present invention, a kind of computer readable storage medium is provided, meter is stored thereon with Calculation machine program realizes the authentication method as described in above-mentioned first aspect when the computer program is executed by processor.
In the technical solution provided by some embodiments of the present invention, on the one hand, generated in response to the first certification request With corresponding first dynamic password, dynamic password can be generated at random;On the other hand, the second dynamic password based on user's input And second certification request and the first certification request and the first dynamic password determine whether user's registering service system, can Unified certification is carried out to the account of multiple operation systems;In another aspect, since the first dynamic password and the second dynamic password are all The password generated at random, so as to improve the safety of account.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not It can the limitation present invention.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows and meets implementation of the invention Example, and be used to explain the principle of the present invention together with specification.It should be evident that the accompanying drawings in the following description is only the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 shows a kind of schematic block diagram of the Accounting system framework in technical solution;
Fig. 2 shows the flow diagrams of authentication method according to some embodiments of the present invention;
Fig. 3 show should exemplary scene according to example embodiment of the present invention schematic diagram;
Fig. 4 shows the schematic block diagram of the authentication device of an exemplary embodiment according to the present invention;
Fig. 5 shows the structural schematic diagram for being suitable for the computer system for the electronic equipment for being used to realize the embodiment of the present invention.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the present invention will be comprehensively and complete It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical appended drawing reference indicates in figure Same or similar part, thus repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to provide and fully understand to the embodiment of the present invention.However, It will be appreciated by persons skilled in the art that technical solution of the present invention can be practiced without one or more in specific detail, Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step, It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
Fig. 2 shows the flow diagrams of authentication method according to some embodiments of the present invention.It, should referring to shown in Fig. 2 Authentication method may comprise steps of:
Step S210 receives user to the first certification request of target service system in the multiple operation system;
Step S220 generates the first dynamic mouth corresponding with first certification request in response to first certification request It enables;
Step S230 receives the second dynamic password of user's input and recognizes the second of the target service system Card request;And
Step S240 is based on first certification request, first dynamic password, second certification request and institute It states the second dynamic password and determines whether that the user logs in the target service system.
The authentication method in example embodiment according to fig. 2, on the one hand, in response to the first certification request generate with it is corresponding First dynamic password can generate dynamic password at random;On the other hand, the second dynamic password and second based on user's input Certification request and the first certification request and the first dynamic password determine whether user's registering service system, can be to multiple industry The account of business system carries out unified certification;In another aspect, since the first dynamic password and the second dynamic password are all randomly generated Password, so as to improve the safety of account.
In the following, by the authentication method in example embodiment shown in Fig. 2 is described in detail.
In step S210, user is received to the first certification request of target service system in the multiple operation system.
In the exemplary embodiment, multiple operation systems may include medical card management system, medicine management system, permission pipe Reason system, outpatient registering, doctor workstation system, system of being hospitalized etc..User is to target service system such as out-patient registration First certification request of system may include the account information of user, and the account information of user can be the cell-phone number or body of user The information such as part card number.
In the exemplary embodiment, client passes through RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication service) agreement to server send the first certification request.Radius protocol is to answer at present With extensive network safety system agreement.
In step S220, it is dynamic that corresponding with first certification request first is generated in response to first certification request State password.
In the exemplary embodiment, when server receives the first certification request of client transmission, recognize from described first The cell-phone number or identification card number information that the account information such as user of the user is extracted in card request, the account letter based on user The receiving time of breath and first certification request generates the first dynamic password.
TOTP (Time-Based can be passed through based on the receiving time of the account information of user and first certification request One-Time Password, time-based disposal password algorithm) mode generate the first dynamic password.It can also be based on The receiving time of the account information of user and first certification request generates the first dynamic password using other hash algorithms, this It is same within the scope of the present invention.TOTP is that (also referred to as time synchronization is dynamic for a time-based disposal password algorithm State password), it is the extension for supporting the time as dynamic factor based on HMAC disposal password algorithm.
Further, in the exemplary embodiment, be also based on radius protocol by the account information of the user of extraction with And generate the first dynamic password and be sent to certificate server, the account information of the user and first dynamic is saved in certificate server State password, such as can save the account information of the user and the first dynamic password 60 seconds in certificate server.
In the exemplary embodiment, the account information and the first dynamic mouth of the user can be saved in the form of key-value pair It enables, account information and the first dynamic instruction of the user can also be saved in the form of other, the present invention is to this without spy It is different to limit.
In step S230, the second dynamic password of user input is received and to the of the target service system Two certification requests.
In the exemplary embodiment, the short message that the second dynamic password of user's input can receive for user from server is tested Demonstrate,prove code, or the picture validation code that server automatically generates.Such as server can account information based on user and The receiving time of first certification request generates the second dynamic password by way of TOTP, and the second dynamic password is sent to User.
After user inputs the second dynamic password and confirmation input, user end to server is sent to target service system Second certification request.The generation time of account information and the second dynamic password in second certification request including user.
In addition, in some embodiments, it is also possible to the reception based on the account information of user and first certification request Time generates a pair of of public key and private key, is stored in the private key as the first dynamic password in certificate server, by the public affairs Key is sent to the client of user.
In step S240, based on first certification request, first dynamic password, second certification request with And second dynamic password determines whether that the user logs in the target service system.
In the exemplary embodiment, the second account information of the user is extracted from second certification request;Based on institute It states the second account information and inquires first dynamic password from the certificate server;First dynamic that comparison query arrives Password and second dynamic password;Determine whether that the user logs in the target service system based on comparative result.
Further, first dynamic password is inquired from certificate server based on the second account information includes: to pass through Second account information inquires the first account information from certificate server;When finding the first account information, pass through the first account Family information searches the first dynamic password from the server of authentication platform 380.
It is possible to further judge whether first dynamic password and second dynamic password are identical;Determining institute State the first dynamic password it is identical as second dynamic password when, allow the user to log in the target service system;Sentencing When fixed first dynamic password and the second dynamic password difference, refuses the user and log in the target service system.
In addition, second can be passed through when first dynamic password is private key corresponding with the account information of the user The first dynamic password is decrypted in dynamic password, after successful decryption, user is allowed to log in the target service system;It is decrypting When failure, refusal user logs in the target service system.
In addition, in some embodiments, can also obtain the login log of user, the login log based on user is to multiple Operation system carries out security audit.Security audit (Security Audit) be primarily referred to as in operation system with it is security-related Movable relevant information is identified, is recorded, stored and is analyzed.The record of security audit is for checking which has occurred on network With security-related activity, which user is responsible for this activity.
Fig. 3 show should exemplary scene according to example embodiment of the present invention schematic diagram.Referring to shown in Fig. 3, Account system architecture may include: interchanger 310, router 320 and wireless network 330, operation system 1 to operation system 4 i.e. operation systems 340 are to operation system 370, authentication platform 380.
Wherein, to operation system 370, by HTTP, (HyperText Transfer Protocol surpasses operation system 340 Text transfer protocol) transport protocol communicated with authentication platform 380;Interchanger 310, router 320 and wireless network 330 It is communicated by radius protocol with authentication platform 380.
In Fig. 3, when receiving the first certification request of user by wireless network 330, asked from first certification The cell-phone number or identification card number information for asking the middle account information such as user for extracting the user, based on the account information of user with And the receiving time of first certification request generates the first dynamic password.Radius protocol is also based on by the user's of extraction Account information and the first dynamic password of generation are sent to certificate server such as authentication platform 380, can be in authentication platform 380 Place saves the account information of the user and the first dynamic password for example saves 60 seconds.Authentication platform 380 can also be by generation First dynamic password is sent to client and is for example sent to client by way of short message verification code.
When receiving the second certification request of user by wireless network 330, extracted from second certification request The second account information of the user;By the account information of the user of extraction and the second dynamic mouth is generated based on radius protocol Order is sent to authentication platform 380, inquires described from the server of the authentication platform 380 based on second account information One dynamic password;First dynamic password and second dynamic password that comparison query arrives;Determination based on comparative result is It is no that the user is allowed to log in the target service system.
Further, first dynamic password is inquired from the server of authentication platform 380 based on the second account information It include: that the first account information is inquired from the server of authentication platform 380 by the second account information;Finding the first account When information, the first dynamic password is searched from the server of authentication platform 380 by the first account information.
In addition, second can be passed through when first dynamic password is private key corresponding with the account information of the user The first dynamic password is decrypted in dynamic password, after successful decryption, user is allowed to log in the target service system;It is decrypting When failure, refusal user logs in the target service system.
In addition, in an embodiment of the present invention, additionally providing a kind of authentication device.The authentication device can be applied to multiple Operation system.Referring to shown in Fig. 4, which may include: the first receiving unit 410, dynamic password generation unit 420, the second receiving unit 430 and login authentication unit 440.Wherein, the first receiving unit 410 is for receiving user to described First certification request of target service system in multiple operation systems;Dynamic password generation unit 420 is used in response to described the One certification request generates the first dynamic password corresponding with first certification request;Second receiving unit 430 is for receiving institute State the second dynamic password of user's input and the second certification request to the target service system;And login authentication unit 440 for based on first certification request, first dynamic password, second certification request and second dynamic Password determines whether that the user logs in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, dynamic password generation unit 420 includes: the first information Extraction unit, for extracting the account information of the user from first certification request;First generation unit, for being based on The receiving time of the account information of the user and first certification request generates first dynamic password.
In some embodiments of the invention, aforementioned schemes are based on, the first generation unit is configured as: based on the user Account information and first certification request receiving time pass through time-based disposal password operation generate described in First dynamic password.
In some embodiments of the invention, aforementioned schemes are based on, the first generation unit is configured as: based on the user Account information and the receiving time of first certification request generate a pair of of public key and private key, using the private key as described in First dynamic password.
In some embodiments of the invention, aforementioned schemes, the authentication device 400 are based on further include: transmission unit is used In the account information of the user and first dynamic password are sent to certificate server by the first communication protocol.
In some embodiments of the invention, aforementioned schemes are based on, login authentication unit 440 includes: the second information extraction Unit, for extracting the second account information of the user from second certification request;Query unit, for based on described Second account information inquires first dynamic password from the certificate server;Comparing unit is arrived for comparison query First dynamic password and second dynamic password;Administrative unit is logged in, for determining whether based on comparative result The user logs in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, administrative unit is logged in and is configured as: determining described the When one dynamic password is identical as second dynamic password, the user is allowed to log in the target service system;Determining institute When stating the first dynamic password and the second dynamic password difference, refuses the user and log in the target service system.
In some embodiments of the invention, aforementioned schemes are based on, first communication protocol is radius protocol.
In some embodiments of the invention, aforementioned schemes, the authentication device 400 further include: security audit list are based on Member logs in log for obtain the user, is logged in log based on described and is carried out security audit to the multiple operation system.
In some embodiments of the invention, be based on aforementioned schemes, second dynamic password be short message verification code or Picture validation code.
Due to each functional module of the authentication device 400 of example embodiments of the present invention and the example of above-mentioned authentication method The step of embodiment, is corresponding, therefore details are not described herein.
In an exemplary embodiment of the present invention, a kind of electronic equipment that can be realized the above method is additionally provided.
Below with reference to Fig. 5, it illustrates the computer systems 500 for the electronic equipment for being suitable for being used to realize the embodiment of the present invention Structural schematic diagram.The computer system 500 of electronic equipment shown in Fig. 5 is only an example, should not be to the embodiment of the present invention Function and use scope bring any restrictions.
As shown in figure 5, computer system 500 includes central processing unit (CPU) 501, it can be read-only according to being stored in Program in memory (ROM) 502 or be loaded into the program in random access storage device (RAM) 503 from storage section 508 and Execute various movements appropriate and processing.In RAM 503, it is also stored with various programs and data needed for system operatio.CPU 501, ROM 502 and RAM 503 is connected with each other by bus 504.Input/output (I/O) interface 505 is also connected to bus 504。
I/O interface 505 is connected to lower component: the importation 506 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 507 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 508 including hard disk etc.; And the communications portion 509 of the network interface card including LAN card, modem etc..Communications portion 509 via such as because The network of spy's net executes communication process.Driver 510 is also connected to I/O interface 505 as needed.Detachable media 511, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 510, in order to read from thereon Computer program be mounted into storage section 508 as needed.
Particularly, according to an embodiment of the invention, may be implemented as computer above with reference to the process of flow chart description Software program.For example, the embodiment of the present invention includes a kind of computer program product comprising be carried on computer-readable medium On computer program, which includes the program code for method shown in execution flow chart.In such reality It applies in example, which can be downloaded and installed from network by communications portion 509, and/or from detachable media 511 are mounted.When the computer program is executed by central processing unit (CPU) 501, executes and limited in the system of the application Above-mentioned function.
It should be noted that computer-readable medium shown in the present invention can be computer-readable signal media or meter Calculation machine readable storage medium storing program for executing either the two any combination.Computer readable storage medium for example can be --- but not Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or any above combination.Meter The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, just of one or more conducting wires Taking formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type may be programmed read-only storage Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device, Or above-mentioned any appropriate combination.In the present invention, computer readable storage medium can be it is any include or storage journey The tangible medium of sequence, the program can be commanded execution system, device or device use or in connection.And at this In invention, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for By the use of instruction execution system, device or device or program in connection.Include on computer-readable medium Program code can transmit with any suitable medium, including but not limited to: wireless, electric wire, optical cable, RF etc. are above-mentioned Any appropriate combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of various embodiments of the invention, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard The mode of part realizes that described unit also can be set in the processor.Wherein, the title of these units is in certain situation Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which be can be Included in electronic equipment described in above-described embodiment;It is also possible to individualism, and without in the supplying electronic equipment. Above-mentioned computer-readable medium carries one or more program, when the electronics is set by one for said one or multiple programs When standby execution, so that the electronic equipment realizes such as above-mentioned authentication method as described in the examples.
For example, the electronic equipment may be implemented as shown in Figure 2: step S210 receives user to the multiple industry First certification request of target service system in business system;Step S220, in response to first certification request generate with it is described Corresponding first dynamic password of first certification request;Step S230 receives the second dynamic password of user input and right Second certification request of the target service system;And step S240 is based on first certification request, first dynamic Password, second certification request and second dynamic password determine whether that the user logs in the target service System.
It should be noted that although being referred to several modules for acting the device executed in the above detailed description Or unit, but this division is not enforceable.In fact, embodiment according to the present invention, above-described two Or more the feature and function of module or unit can be embodied in a module or unit.Conversely, above-described One module or the feature and function of unit can be to be embodied by multiple modules or unit with further division.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the present invention The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server, touch control terminal or network equipment etc.) executes embodiment according to the present invention Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.

Claims (13)

1. a kind of authentication method is applied to multiple operation systems characterized by comprising
User is received to the first certification request of target service system in the multiple operation system;
The first dynamic password corresponding with first certification request is generated in response to first certification request;
Receive the second dynamic password of user's input and the second certification request to the target service system;And
Based on first certification request, first dynamic password, second certification request and the second dynamic mouth Order determines whether that the user logs in the target service system.
2. authentication method according to claim 1, which is characterized in that in response to first certification request generate with it is described Corresponding first dynamic password of first certification request, comprising:
The account information of the user is extracted from first certification request;
The receiving time of account information and first certification request based on the user generates first dynamic password.
3. authentication method according to claim 2, which is characterized in that the account information based on the user and described The receiving time of one certification request generates first dynamic password, comprising:
The receiving time of account information and first certification request based on the user passes through time-based disposable Crypto-operation generates first dynamic password.
4. authentication method according to claim 2, which is characterized in that the account information based on the user and described The receiving time of one certification request generates first dynamic password, comprising:
The receiving time of account information and first certification request based on the user generates a pair of of public key and private key, will The private key is as first dynamic password.
5. authentication method according to claim 1, which is characterized in that the authentication method further include:
The account information of the user and first dynamic password are sent to certificate server by the first communication protocol.
6. authentication method according to claim 1, which is characterized in that determine whether that the user logs in the target Operation system, comprising:
The second account information of the user is extracted from second certification request;
First dynamic password is inquired from the certificate server based on second account information;
First dynamic password and second dynamic password that comparison query arrives;
Determine whether that the user logs in the target service system based on comparative result.
7. authentication method according to claim 6, which is characterized in that determine whether the user based on comparative result Log in the target service system, comprising:
When determining that first dynamic password is identical as second dynamic password, the user is allowed to log in the target industry Business system;
When determining first dynamic password and the second dynamic password difference, refuses the user and log in the target industry Business system.
8. authentication method according to claim 5, which is characterized in that first communication protocol is radius protocol.
9. authentication method according to any one of claim 1 to 8, which is characterized in that the authentication method further include:
Obtain the user logs in log, logs in log to the multiple operation system progress security audit based on described.
10. authentication method according to any one of claim 1 to 8, which is characterized in that second dynamic password is short Believe identifying code or picture validation code.
11. a kind of authentication device is applied to multiple operation systems characterized by comprising
First receiving unit, for receiving user to the first certification request of target service system in the multiple operation system;
Dynamic password generation unit, for generating corresponding with first certification request the in response to first certification request One dynamic password;
Second receiving unit, for receiving the second dynamic password of user input and to the of the target service system Two certification requests;And
Login authentication unit, for based on first certification request, first dynamic password, second certification request with And second dynamic password determines whether that the user logs in the target service system.
12. a kind of electronic equipment characterized by comprising
Processor;And
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by the processor The authentication method as described in any one of claims 1 to 10 is realized when row.
13. a kind of computer readable storage medium, is stored thereon with computer program, the computer program is executed by processor Authentication method of the Shi Shixian as described in any one of claims 1 to 10.
CN201811332972.5A 2018-11-09 2018-11-09 Authentication method, device, electronic equipment and storage medium Pending CN109495468A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811332972.5A CN109495468A (en) 2018-11-09 2018-11-09 Authentication method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811332972.5A CN109495468A (en) 2018-11-09 2018-11-09 Authentication method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN109495468A true CN109495468A (en) 2019-03-19

Family

ID=65695538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811332972.5A Pending CN109495468A (en) 2018-11-09 2018-11-09 Authentication method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109495468A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112035810A (en) * 2020-08-19 2020-12-04 绿盟科技集团股份有限公司 Access control method, device, medium and equipment
CN112214751A (en) * 2019-07-11 2021-01-12 上海游昆信息技术有限公司 Verification code generation method and device
CN112580013A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Multi-system information interaction method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307093A (en) * 2011-04-27 2012-01-04 上海动联信息技术有限公司 Method for generating two-factor dynamic password
CN103905188A (en) * 2014-04-02 2014-07-02 天地融科技股份有限公司 Method for generating dynamic password through intelligent secret key device, and intelligent secret key device
CN103905195A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 User card authentication method and system based on dynamic password
US20160149894A1 (en) * 2014-11-25 2016-05-26 Appright, Inc. System and method for providing multi factor authentication
CN106453321A (en) * 2016-10-18 2017-02-22 郑州云海信息技术有限公司 Authentication server, system and method, and to-be-authenticated terminal
CN107277015A (en) * 2017-06-21 2017-10-20 北京易教阳光教育科技有限公司 Unifying user authentication management method, system, storage medium and server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102307093A (en) * 2011-04-27 2012-01-04 上海动联信息技术有限公司 Method for generating two-factor dynamic password
CN103905195A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 User card authentication method and system based on dynamic password
CN103905188A (en) * 2014-04-02 2014-07-02 天地融科技股份有限公司 Method for generating dynamic password through intelligent secret key device, and intelligent secret key device
US20160149894A1 (en) * 2014-11-25 2016-05-26 Appright, Inc. System and method for providing multi factor authentication
CN106453321A (en) * 2016-10-18 2017-02-22 郑州云海信息技术有限公司 Authentication server, system and method, and to-be-authenticated terminal
CN107277015A (en) * 2017-06-21 2017-10-20 北京易教阳光教育科技有限公司 Unifying user authentication management method, system, storage medium and server

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112214751A (en) * 2019-07-11 2021-01-12 上海游昆信息技术有限公司 Verification code generation method and device
CN112580013A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Multi-system information interaction method and device
CN112035810A (en) * 2020-08-19 2020-12-04 绿盟科技集团股份有限公司 Access control method, device, medium and equipment

Similar Documents

Publication Publication Date Title
US11665006B2 (en) User authentication with self-signed certificate and identity verification
CN105007279B (en) Authentication method and Verification System
JP7083892B2 (en) Mobile authentication interoperability of digital certificates
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN111062024B (en) Application login method and device
US20140237236A1 (en) Mobile Security Fob
CN109379336A (en) A kind of uniform authentication method, distributed system and computer readable storage medium
US20150074785A1 (en) Using service request ticket for multi-factor authentication
KR20170063559A (en) Multi-dimensional framework for defining criteria that indicate when authentication should be revoked
CN109861973A (en) Information transferring method, device, electronic equipment and computer-readable medium
CN109981287A (en) A kind of code signature method and its storage medium
CN110149354A (en) A kind of encryption and authentication method and device based on https agreement
CN109657492A (en) Data base management method, medium and electronic equipment
CN109495468A (en) Authentication method, device, electronic equipment and storage medium
CN108923925A (en) Date storage method and device applied to block chain
CN110120952A (en) A kind of total management system single-point logging method, device, computer equipment and storage medium
CN109120611A (en) User authen method, equipment, system and the medium of server are generated for address
CN114584381A (en) Security authentication method and device based on gateway, electronic equipment and storage medium
CN108228280A (en) The configuration method and device of browser parameters, storage medium, electronic equipment
CN106529216B (en) Software authorization system and software authorization method based on public storage platform
CN114598549B (en) Customer SSL certificate verification method and device
CN110659476A (en) Method and apparatus for resetting password
CN110351302B (en) Bank account login method, equipment and storage medium
CN113381982B (en) Registration method, registration device, electronic equipment and storage medium
CN110611656B (en) Identity management method, device and system based on master identity multiple mapping

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190319

RJ01 Rejection of invention patent application after publication