CN109547412A - Two-factor authentication method, apparatus, system, electronic equipment and storage medium - Google Patents

Two-factor authentication method, apparatus, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN109547412A
CN109547412A CN201811237321.8A CN201811237321A CN109547412A CN 109547412 A CN109547412 A CN 109547412A CN 201811237321 A CN201811237321 A CN 201811237321A CN 109547412 A CN109547412 A CN 109547412A
Authority
CN
China
Prior art keywords
verified
web application
switch
content
subscriber number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811237321.8A
Other languages
Chinese (zh)
Other versions
CN109547412B (en
Inventor
莫延安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811237321.8A priority Critical patent/CN109547412B/en
Publication of CN109547412A publication Critical patent/CN109547412A/en
Application granted granted Critical
Publication of CN109547412B publication Critical patent/CN109547412B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

This application discloses a kind of two-factor authentication method, apparatus, system, electronic equipment and computer readable storage mediums, the method for realizing web application two-factor authentication, the web application runs on browser end, it is connected between the browser end and the server-side of the web application by content-switch, which comprises receive the access request that content-switch is sent;User account information and encrypted message in the access request are verified by domain controller, is verified and Subscriber Number is then read from the domain controller according to the user account information;It calls short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number, is verified, the dual factors are verified.The above method is matched by content-switch, domain controller, short-message verification platform is combined into the operating system offer two-factor authentication for itself not supporting two-factor authentication, makes operating system allow user from while extranet access, not will cause excessive security risk.

Description

Two-factor authentication method, apparatus, system, electronic equipment and storage medium
Technical field
This application involves application authorization technical field, in particular to a kind of two-factor authentication method, apparatus, system, electronics Equipment and computer readable storage medium.
Background technique
Currently, many mechanisms provide operating system web application for internal staff, and operating personnel is accessed by browser to be made Industry system.
For part need to from the operating system of mechanism visiting from outside, to ensure safety, operating personnel open webpage from When mechanism visiting from outside operating system, two-factor authentication, such as LDAP (Lightweight Directory need to be carried out Access Protocol, Light Directory Access Protocol) domain account and user mobile phone dynamic password two-factor authentication.
Under the prior art, the method for security risk caused by control account, password leakage problem includes: to add software and hardware reality The two-factor authentication of existing operating system;Or, forbidding user from mechanism visiting from outside operating system.
Mechanism medium and small for part, former approach cost is excessively high, and latter method is at low cost, but not flexible.Inventor's consciousness It arrives, under the prior art, mechanism realizes the higher cost of two-factor authentication, cannot achieve operating personnel and pacifies from mechanism external network Entirely, inexpensive access operation system.
Apply for content
In order to solve the technical problem at high cost that mechanism in the related technology realizes two-factor authentication, this application provides one Kind two-factor authentication method, apparatus, system, electronic equipment and computer readable storage medium.
A kind of two-factor authentication method, two-factor authentication of the method for realizing web application, the web application Browser end is run on, is connected between the browser end and the server-side of the web application by content-switch, it is described Method includes:
The access request that content-switch is sent is received, the access request is sent to the applications exchange by web application Machine;
User account information and encrypted message in the access request are verified by domain controller, is verified then basis The user account information reads Subscriber Number from the domain controller;
It calls short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number, is verified then described double Factor authentication passes through.
In one exemplary embodiment, the user account information and password in the access request are verified by domain controller Information is verified, and is read Subscriber Number from the domain controller according to the user account information and is included:
The user account information in the access request is verified by domain controller, is verified and then reads and the user The password archive information of account information associated storage;
The password archive information is compared with the encrypted message in the access request, the encrypted message with it is described close The Subscriber Number with the user account information associated storage is then read in the matching of code archive information.
In one exemplary embodiment, short-message verification platform is called to carry out identifying code transmission according to the Subscriber Number and test Card, is verified, the dual factors, which are verified, includes:
After obtaining the Subscriber Number, short-message verification platform is called to send identifying code short message according to the Subscriber Number, with And the web application is controlled by the content-switch and jumps to identifying code input page;
The checking request that the web application is sent is received, the checking request is receiving user institute by the web application It is generated after input identifying code;
The Subscriber Number and the inputted identifying code of user in checking request described in the short-message verification platform validation are called, is tested Card is verified by the then dual factors.
In one exemplary embodiment, the web application is controlled by the content-switch and jumps to identifying code input The page includes:
Challenge code is sent to the content-switch, after the content-switch receives the challenge code, controls the net Page application jumps to the identifying code input page.
A kind of two-factor authentication device, two-factor authentication of the described device for realizing web application, the web application Browser end is run on, is connected between the browser end and the server-side of the web application by content-switch, it is described Device includes:
Receiving module, for receiving the access request of content-switch transmission, the access request is sent by web application To the content-switch;
Domain calling module, for verifying user account information and message in cipher in the access request by domain controller Breath is verified and then reads Subscriber Number from the domain controller according to the user account information;
Short message calling module, for calling short-message verification platform to carry out identifying code transmission according to the Subscriber Number and testing Card, is verified, the dual factors are verified.
In one exemplary embodiment, the domain calling module includes:
Identity authenticating unit, for verifying the user account information in the access request by domain controller, verifying is logical Cross the password archive information then read with the user account information associated storage;
Password authentication unit, for the password archive information to be compared with the encrypted message in the access request, institute It states encrypted message and matches the Subscriber Number then read with the user account information associated storage with the password archive information.
In one exemplary embodiment, the short message calling module includes:
Trigger unit calls short-message verification platform to be sent according to the Subscriber Number after obtaining the Subscriber Number Identifying code short message, and, the web application is controlled by the content-switch and jumps to identifying code input page;
Receiving unit, the checking request sent for receiving the web application, the checking request are answered by the webpage It is generated after receiving the inputted identifying code of user;
Authentication unit is called, for calling Subscriber Number and use in checking request described in the short-message verification platform validation The inputted identifying code in family, is verified, and the dual factors are verified.
In one exemplary embodiment, described that identifying code is jumped to by the content-switch control web application Input page includes:
Challenge code is sent to the content-switch, after the content-switch receives the challenge code, controls the net Page application jumps to the identifying code input page.
A kind of two-factor authentication system, two-factor authentication of the system for realizing web application, the web application Browser end is run on, is connected between the browser end and the server-side of the web application by content-switch, it is described System includes authentication server and the content-switch connecting with the authentication server, domain controller, short-message verification platform, The authentication server is configured as executing:
The access request that content-switch is sent is received, the access request is sent to the applications exchange by web application Machine;
User account information and encrypted message in the access request are verified by domain controller, is verified then basis The user account information reads Subscriber Number from the domain controller;
It calls short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number, is verified then described double Factor authentication passes through.
A kind of electronic equipment, the electronic equipment include:
Processor;
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by processor When row, foregoing method is realized.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor Foregoing method is realized when row.
The technical solution that embodiments herein provides can include the following benefits:
The operating system for not supporting two-factor authentication for itself externally mentions its web application by content-switch For.The access request from web application is received by content-switch;Pass through the user in the request of domain controller authentication-access Account information and encrypted message are verified and then read Subscriber Number from domain controller according to user account information;Call short message Verification platform carries out identifying code transmission and verifying according to Subscriber Number.Above-mentioned two-factor authentication method passes through content-switch, domain Controller, short-message verification platform, which are matched, is combined into the operating system offer two-factor authentication for itself not supporting two-factor authentication, makes operation System allows user from while extranet access, not will cause excessive security risk, with existing two-factor authentication method phase Than the cost paid needed for mechanism is relatively low.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited Application.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the application Example, and in specification it is used to explain the principle of the application together.
Fig. 1 is a kind of schematic diagram of implementation environment shown according to an exemplary embodiment;
Fig. 2 is a kind of flow chart of two-factor authentication method shown according to an exemplary embodiment;
Fig. 3 is the flow chart of the details of the step 230 shown in corresponding embodiment according to fig. 2;
Fig. 4 is the flow chart of the details of the step 250 shown in corresponding embodiment according to fig. 2;
Fig. 5 is a kind of block diagram of two-factor authentication device shown according to an exemplary embodiment.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended Described in claims, the example for the device and method that some aspects of the application are consistent.
Inventors realized that not supporting the operating system of two-factor authentication for itself, its web application can be passed through Content-switch externally provides, by content-switch, domain controller, short-message verification platform be combined into operating system provide it is double because Element certification, making operating system allow user from while extranet access, not will cause excessive security risk, paying needed for mechanism Cost it is relatively low compared with the conventional method.
Fig. 1 is a kind of schematic diagram of implementation environment shown according to an exemplary embodiment.As shown in Figure 1, the implementation ring Border includes browser end 110, content-switch 120, authentication server 130, domain controller 140, short-message verification platform 150.
Web application runs on browser end 110, is handed between browser end 110 and the server-side of web application by application Change planes 120 connections, 130 one side of authentication server is connect with content-switch 120, on the one hand with domain controller 140 and short message Verification platform 150 connects.
Browser end 110 is terminal device (such as smart phone, tablet computer, the desktop for being equipped with browser program Brain), browser program provides running environment for web application.Content-switch 120 be application delivery product supplier (such as Citrix the application delivery platform (such as Citrix Netscaler)) built, application delivery product itself does not have dual factors Authentication function.
Authentication server 130 be based on RADIUS (Remote Authentication Dial In User Service, Remote customer dialing authentication system) protocol development realization two-factor authentication radius server, can receive RADIUS authentication Certification request is respectively sent to domain controller 140 and carries out the certification of the domain LDAP account by request, and short-message verification platform 150 is moved State verifies code authentication, realizes two-factor authentication.
Short-message verification platform 150 is used to be sent according to phone number to mobile terminal (such as smart phone, tablet computer) Identifying code short message.
Fig. 2 is a kind of flow chart of two-factor authentication method shown according to an exemplary embodiment.This method can be by Authentication server 130 in implementation environment shown in Fig. 1 executes, and the two-factor authentication of web application is realized, as shown in Fig. 2, the party Method includes the following steps.
Step 210, the access request that content-switch is sent is received, the access request is sent to described by web application Content-switch.
User inputs user account information and encrypted message by the provided account input page of web application, and confirmation is submitted Afterwards, web application generates the access request for carrying above-mentioned user account information and encrypted message, which is transmitted to Content-switch.
Authentication server is communicated by radius protocol with content-switch, obtains access request from content-switch.
Step 230, it by the user account information and encrypted message in the request of domain controller authentication-access, is verified then Subscriber Number is read from domain controller according to user account information.
From content-switch obtain access request in user account information and encrypted message after, by the user account information And encrypted message is sent to domain controller, completes the verifying to the user account information and encrypted message by domain controller.
Authentication server communicate with domain controller by ldap protocol, and reception domain controller verifies user account information and close Feedback after code information, when being verified, domain controller sends to authentication server and is found according to above-mentioned user account information Subscriber Number.Subscriber Number is that storage is registered when creating the domain AD account, with account relating.
Verifying does not pass through, then the message of instruction authentication failed is sent to authentication server, and authentication server passes through application and hands over It changes planes and triggers web application its account for being inputted of prompt user and/or password is wrong.
Step 250, it calls short-message verification platform to carry out identifying code transmission and verifying according to Subscriber Number, is verified then double Factor authentication passes through.
After authentication server obtains Subscriber Number, short-message verification platform is called to carry out dynamic verification code generation, identifying code is raw Cheng Hou sends short message to the Subscriber Number, and short message content includes the identifying code.
Meanwhile triggering content-switch control web application and jumping to identifying code input page, user passes through the identifying code Input page inputs identifying code, and the inputted identifying code of user is sent to short-message verification platform, short-message verification platform by web application Confirmation the inputted identifying code of user is matched with itself generated identifying code, then the message passed through to authentication server feedback validation, The message being verified from authentication server to content-switch feedback dual factors.
Fig. 3 is the flow chart of the details of the step 230 shown in corresponding embodiment according to fig. 2.As shown in figure 3, step 230 is wrapped It includes:
Step 231, by the user account information in the request of domain controller authentication-access, then reading and user are verified The password archive information of account information associated storage.
Search in domain controller with the presence or absence of with the matched account of user account information in access request, have then verifying logical It crosses, carries out the reading of password archive information.
Password archive information is that storage is registered when creating the domain AD account, is stored with account relating.
Step 233, password archive information and the encrypted message in access request are compared, encrypted message and password achieve and believe The Subscriber Number with user account information associated storage is then read in breath matching.
Fig. 4 is the flow chart of the details of the step 250 shown in corresponding embodiment according to fig. 2.As shown in figure 4, step 250 is wrapped It includes:
Step 251, after obtaining Subscriber Number, short-message verification platform is called to send identifying code short message according to Subscriber Number, with And web application is controlled by content-switch and jumps to identifying code input page.
In one exemplary embodiment, web application is controlled by content-switch and jumps to identifying code incoming page bread It includes: sending challenge code to content-switch, after content-switch receives challenge code, control web application jumps to identifying code input The page.
Step 253, the checking request that web application is sent is received, checking request is inputted by web application in reception user It is generated after identifying code.
Checking request carries the inputted identifying code of user and Subscriber Number, will after web application generates checking request Checking request is transmitted to authentication server by content-switch, and checking request is forwarded to short-message verification again and put down by authentication server Platform.
Step 255, the Subscriber Number and the inputted identifying code of user in the short-message verification platform validation checking request are called, It is verified, dual factors are verified.
After short-message verification platform receives checking request, found according to the Subscriber Number in checking request as the Subscriber Number The identifying code of generation the identifying code found is compared with the identifying code in checking request, the identifying code in checking request It matches, is then verified with the identifying code that this finds.
At this point, the verifying of user account information, encrypted message, identifying code all passes through, dual factors are verified.
The above method is illustrated below according to a specific embodiment.
By taking the application delivery platform Citrix Netscaler of Citrix company as an example, the web application of operating system is led to Cross Citrix Netscaler publication.On the one hand Citrix Netscaler is connect by authentication server with ldap server, On the one hand it is connect with MFA short-message verification platform.
Authentication server program is based on radius protocol, and transformation increases certification on the basis of open source software TinyRadius Function.Improved TinyRadius increases and executes after receiving the radius access request that Citrix Netscaler is sent Several authenticating steps, including ldap server authenticates, MFA (Multi-factor authentication, dual factor anthentication) is short Letter certification.
In addition, increasing log audit function, by performed authentication record into database.
Two-factor authentication the following steps are included:
The first step, authentication server receive the ACCESS_REQUEST request that Citrix Netscaler is sent and (include LDAP user name, password).
ACCESS_REQUEST request in the first step is after being submitted to Citrix Netscaler by web application, by Citrix Netscaler is forwarded to authentication server by radius protocol, includes LDAP user name, password.
Second step, authentication server connect ldap server, carry out LDAP user name and cipher authentication, certification pass through, then Subscriber phone number is obtained in ldap server.
Third step after authentication server obtains subscriber phone number, calls MFA short-message verification platform, sends mobile phone dynamic Code arrives user mobile phone, meanwhile, challenge code is returned to Citrix Netscaler.
4th step after Citrix Netscaler receives challenge code, makes web application jump to the input of user's dynamic password The page.
5th step after user inputs dynamic password, submits ACCESS_REQUEST request (comprising subscriber phone number, to move State password) arrive authentication server.
6th step, authentication server send MFA for subscriber phone number and dynamic password and verify, be verified Afterwards, it is returned to Citrix Netscaler and receives request ACCESS_ACCEPT, dual factors are verified.Verifying does not pass through, then returns Return ACCESS_REJECT.
By above method, the two-factor authentication of web application is realized from safety, development cost is low from cost.
Following is the application Installation practice, can be used for executing the application above method embodiment.The application is filled Undisclosed details in embodiment is set, the application embodiment of the method is please referred to.
Fig. 5 is a kind of block diagram of two-factor authentication device shown according to an exemplary embodiment.Described device is for real The two-factor authentication of existing web application, the web application run on browser end, the browser end and the web application Server-side between by content-switch connect, as shown in figure 5, described device includes:
Receiving module 610, for receiving the access request of content-switch transmission, the access request is sent out by web application It send to the content-switch;
Domain calling module 630, for verifying user account information and password in the access request by domain controller Information is verified and then reads Subscriber Number from the domain controller according to the user account information;
Short message calling module 650, for call short-message verification platform according to the Subscriber Number carry out identifying code transmission and Verifying, is verified, the dual factors are verified.
In one exemplary embodiment, the domain calling module includes:
Identity authenticating unit, for verifying the user account information in the access request by domain controller, verifying is logical Cross the password archive information then read with the user account information associated storage;
Password authentication unit, for the password archive information to be compared with the encrypted message in the access request, institute It states encrypted message and matches the Subscriber Number then read with the user account information associated storage with the password archive information.
In one exemplary embodiment, the short message calling module includes:
Trigger unit calls short-message verification platform to be sent according to the Subscriber Number after obtaining the Subscriber Number Identifying code short message, and, the web application is controlled by the content-switch and jumps to identifying code input page;
Receiving unit, the checking request sent for receiving the web application, the checking request are answered by the webpage It is generated after receiving the inputted identifying code of user;
Authentication unit is called, for calling Subscriber Number and use in checking request described in the short-message verification platform validation The inputted identifying code in family, is verified, and the dual factors are verified.
In one exemplary embodiment, described that identifying code is jumped to by the content-switch control web application Input page includes:
Challenge code is sent to the content-switch, after the content-switch receives the challenge code, controls the net Page application jumps to the identifying code input page.
Correspondingly, the application provides a kind of two-factor authentication system, the system for realizing web application dual factors Certification, the web application run on browser end, by answering between the browser end and the server-side of the web application It is connected with interchanger, the system comprises authentication server and the content-switchs connecting with the authentication server, domain control Device processed, short-message verification platform, the authentication server are configured as executing:
The access request that content-switch is sent is received, the access request is sent to the applications exchange by web application Machine;
User account information and encrypted message in the access request are verified by domain controller, is verified then basis The user account information reads Subscriber Number from the domain controller;
It calls short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number, is verified then described double Factor authentication passes through.
The application also provides a kind of electronic equipment, and the electronic equipment includes:
Processor;
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by processor When row, foregoing method is realized.
The application also provides a kind of computer readable storage medium, is stored thereon with computer program, the computer journey Foregoing method is realized when sequence is executed by processor.
It should be understood that the application is not limited to the precise structure that has been described above and shown in the drawings, and And various modifications and change can executed without departing from the scope.Scope of the present application is only limited by the accompanying claims.

Claims (10)

1. a kind of two-factor authentication method, which is characterized in that the method for realizing web application two-factor authentication, it is described Web application runs on browser end, is connected between the browser end and the server-side of the web application by content-switch It connects, which comprises
The access request that content-switch is sent is received, the access request is sent to the content-switch by web application;
User account information and encrypted message in the access request are verified by domain controller, is verified then according to User account information reads Subscriber Number from the domain controller;
It calls short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number, is verified the then dual factors It is verified.
2. the method according to claim 1, wherein verifying the user in the access request by domain controller Account information and encrypted message are verified and then read Subscriber Number packet from the domain controller according to the user account information It includes:
The user account information in the access request is verified by domain controller, is verified and then reads and the user account The password archive information of information association storage;
The password archive information is compared with the encrypted message in the access request, the encrypted message is deposited with the password Shelves information matches are then read and the Subscriber Number of the user account information associated storage.
3. the method according to claim 1, wherein short-message verification platform is called to be carried out according to the Subscriber Number Identifying code is sent and verifying, is verified, the dual factors, which are verified, includes:
After obtaining the Subscriber Number, short-message verification platform is called to send identifying code short message according to the Subscriber Number, and, lead to It crosses the content-switch control web application and jumps to identifying code input page;
The checking request that the web application is sent is received, the checking request is inputted by the web application in reception user It is generated after identifying code;
The Subscriber Number and the inputted identifying code of user in checking request described in the short-message verification platform validation are called, verifying is logical It crosses, the dual factors are verified.
4. according to the method described in claim 3, being jumped it is characterized in that, controlling the web application by the content-switch Going to identifying code input page includes:
Challenge code is sent to the content-switch, after the content-switch receives the challenge code, the webpage is controlled and answers With jumping to the identifying code input page.
5. a kind of two-factor authentication device, which is characterized in that described device for realizing web application two-factor authentication, it is described Web application runs on browser end, is connected between the browser end and the server-side of the web application by content-switch It connects, described device includes:
Receiving module, for receiving the access request of content-switch transmission, the access request is sent to institute by web application State content-switch;
Domain calling module is tested for verifying user account information and encrypted message in the access request by domain controller Card is by then reading Subscriber Number from the domain controller according to the user account information;
Short message calling module is tested for calling short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number Card is verified by the then dual factors.
6. device according to claim 5, which is characterized in that the domain calling module includes:
Identity authenticating unit is verified then for verifying the user account information in the access request by domain controller Read the password archive information with the user account information associated storage;
Password authentication unit, it is described close for comparing the password archive information with the encrypted message in the access request Code information matches the Subscriber Number then read with the user account information associated storage with the password archive information.
7. device according to claim 5, which is characterized in that the short message calling module includes:
Trigger unit calls short-message verification platform to be sent according to the Subscriber Number and verifies after obtaining the Subscriber Number Code short message, and, the web application is controlled by the content-switch and jumps to identifying code input page;
Receiving unit, the checking request sent for receiving the web application, the checking request are existed by the web application It is generated after receiving the inputted identifying code of user;
Authentication unit is called, for calling Subscriber Number and user institute in checking request described in the short-message verification platform validation Identifying code is inputted, is verified, the dual factors are verified.
8. a kind of two-factor authentication system, which is characterized in that the system for realizing web application two-factor authentication, it is described Web application runs on browser end, is connected between the browser end and the server-side of the web application by content-switch It connects, the system comprises authentication servers and the content-switch connecting with the authentication server, domain controller, short message to test Platform is demonstrate,proved, the authentication server is configured as executing:
The access request that content-switch is sent is received, the access request is sent to the content-switch by web application;
User account information and encrypted message in the access request are verified by domain controller, is verified then according to User account information reads Subscriber Number from the domain controller;
It calls short-message verification platform to carry out identifying code transmission and verifying according to the Subscriber Number, is verified the then dual factors It is verified.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes:
Processor;
Memory is stored with computer-readable instruction on the memory, when the computer-readable instruction is executed by processor, Realize method according to claim 1 to 4.
10. a kind of computer readable storage medium, which is characterized in that be stored thereon with computer program, the computer program Method according to claim 1 to 4 is realized when being executed by processor.
CN201811237321.8A 2018-10-23 2018-10-23 Two-factor authentication method, device, system, electronic equipment and storage medium Active CN109547412B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811237321.8A CN109547412B (en) 2018-10-23 2018-10-23 Two-factor authentication method, device, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811237321.8A CN109547412B (en) 2018-10-23 2018-10-23 Two-factor authentication method, device, system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109547412A true CN109547412A (en) 2019-03-29
CN109547412B CN109547412B (en) 2022-05-27

Family

ID=65844911

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811237321.8A Active CN109547412B (en) 2018-10-23 2018-10-23 Two-factor authentication method, device, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109547412B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111478923A (en) * 2020-04-28 2020-07-31 华为技术有限公司 Access request response method and device and electronic equipment
CN111881461A (en) * 2020-06-12 2020-11-03 福建亿能达信息技术股份有限公司 Equipment maintenance work division accounting method, system, equipment and medium
CN114172700A (en) * 2021-11-24 2022-03-11 中国人寿保险股份有限公司上海数据中心 Unified authentication system and method based on cloud platform and domain control server
CN114666167A (en) * 2022-05-23 2022-06-24 中电云数智科技有限公司 Safety user authentication method of industrial equipment and industrial equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893A (en) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN104883351A (en) * 2015-03-13 2015-09-02 小米科技有限责任公司 Multiple-factor authentication method and device
CN106331003A (en) * 2015-06-23 2017-01-11 中国移动通信集团重庆有限公司 Method and device for accessing application portal system on cloud desktop
CN107241339A (en) * 2017-06-29 2017-10-10 北京小米移动软件有限公司 Auth method, device and storage medium
CN107733838A (en) * 2016-08-11 2018-02-23 中国移动通信集团安徽有限公司 A kind of mobile terminal client terminal identity identifying method, device and system
US20180176212A1 (en) * 2016-12-16 2018-06-21 Vivek Chinar Nair Secure System and Method for Managing the Multi-factor Authentication Data of A User

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893A (en) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN104883351A (en) * 2015-03-13 2015-09-02 小米科技有限责任公司 Multiple-factor authentication method and device
CN106331003A (en) * 2015-06-23 2017-01-11 中国移动通信集团重庆有限公司 Method and device for accessing application portal system on cloud desktop
CN107733838A (en) * 2016-08-11 2018-02-23 中国移动通信集团安徽有限公司 A kind of mobile terminal client terminal identity identifying method, device and system
US20180176212A1 (en) * 2016-12-16 2018-06-21 Vivek Chinar Nair Secure System and Method for Managing the Multi-factor Authentication Data of A User
CN107241339A (en) * 2017-06-29 2017-10-10 北京小米移动软件有限公司 Auth method, device and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111478923A (en) * 2020-04-28 2020-07-31 华为技术有限公司 Access request response method and device and electronic equipment
CN111881461A (en) * 2020-06-12 2020-11-03 福建亿能达信息技术股份有限公司 Equipment maintenance work division accounting method, system, equipment and medium
CN114172700A (en) * 2021-11-24 2022-03-11 中国人寿保险股份有限公司上海数据中心 Unified authentication system and method based on cloud platform and domain control server
CN114666167A (en) * 2022-05-23 2022-06-24 中电云数智科技有限公司 Safety user authentication method of industrial equipment and industrial equipment

Also Published As

Publication number Publication date
CN109547412B (en) 2022-05-27

Similar Documents

Publication Publication Date Title
CN109547412A (en) Two-factor authentication method, apparatus, system, electronic equipment and storage medium
US8090650B2 (en) Secure payment service and system for interactive voice response (IVR) systems
CN103249045B (en) A kind of methods, devices and systems of identification
CN105119887B (en) Method of calling and system
CN103347002B (en) Socialization's login method, system and device
KR100412510B1 (en) An instant log-in method for authentificating a user and settling bills by using two different communication channels and a system thereof
CN102625304B (en) Failure mobile terminal associated application remembers system, the device and method of password
CN105207775B (en) The read method and device of verification information
CN109600306A (en) Create the method, apparatus and storage medium of session
US9001977B1 (en) Telephone-based user authentication
WO2013143343A1 (en) Account login method, apparatus and system, and network server
CN103609090A (en) Method and device for identity login
TW201014315A (en) User identity authentication method, system thereof and identifying code generating maintenance subsystem
CN106921636A (en) Identity identifying method and device
JP2017130928A (en) Mobile device authentication and call routing using dual-tone multi-frequency signaling
CN105515781B (en) A kind of application platform login system and its login method
JP2014504069A (en) Method, apparatus, and system for verifying a communication session
CN107483398B (en) A kind of silence verification method and device, electronic equipment
CN105992204A (en) Access authentication method of applications of mobile intelligent terminal and device
CN105230091B (en) Communication system
CN109561429A (en) A kind of method for authenticating and equipment
CN106603571A (en) Safety authentication method and safety authentication device
US20140330689A1 (en) System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate
CN106790252A (en) Log-on message sharing method and device
CN107766717A (en) A kind of access control method, apparatus and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant