CN109587123A - Double factor verification method and certificate server, biometric authentication service device - Google Patents
Double factor verification method and certificate server, biometric authentication service device Download PDFInfo
- Publication number
- CN109587123A CN109587123A CN201811393375.3A CN201811393375A CN109587123A CN 109587123 A CN109587123 A CN 109587123A CN 201811393375 A CN201811393375 A CN 201811393375A CN 109587123 A CN109587123 A CN 109587123A
- Authority
- CN
- China
- Prior art keywords
- biometric authentication
- server
- authentication service
- service device
- logging device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The present invention relates to technical field of power systems, especially double factor verification method and certificate servers, biometric authentication service device.By logging device according to the input of user, account number cipher information is sent to certificate server, after certificate server is proved to be successful account encrypted message, sends and requests to biometric authentication service device;Upon receiving a request, it sends and orders to logging device;After receiving order, the biological information of user is acquired, and is sent to biometric authentication service device;Biological information is verified according to biological characteristic corresponding to the user, after success, logging device is allowed to obtain data or service from Web server, the double factor verifying login function in Web system is realized, improves the safety of Web system.
Description
Technical field
The present invention relates to technical field of power systems, especially double factor verification method and certificate server, biological characteristic
Authentication server.
Background technique
With the rapid development of power construction, digitized electric system has begun to take shape, and power dispatching automation is matched
Electric automation, electricity market technical support, client service center, monitoring system, all these words that can be heard in the power system are existing
All it is be unableing to do without data transmission and exchange.At the same time, internal confidential information is possible to bring information in online transmission
Leakage, for electric power enterprise, it is possible to cause serious consequence.Theoretically, electric power system data accomplishes abampere
Be with secrecy entirely it is impossible, can only design when more consider safety and secrecy principle, correspondingly increase system safety and
Confidentiality.
Current common identity recognizing technology: usemame/password is simplest identity identifying method, however is actually being answered
It in, since password is static data, in verification process, is easy to be trapped, therefore is a kind of authentication mode being absolutely unsafe.
Dynamic-password technique is that one kind allows user password according to time and the continuous dynamic change of access times, and each password can only use one
Secondary technology generates current password according to current time, and the method that dynamic-password technique uses one-time pad is effectively guaranteed
The safety of user identity, but the time of client and server-side is required to keep good synchronous, otherwise can not log in, when use
It is inconvenient.The key and digital certificate of USBKEY built in user, the contradiction of very good solution safety and ease for use, but at this time
Safety places one's entire reliance upon the safety of hardware.IC card certification, dynamic password, USBKEY and biological information verifying are compared,
It is the most reliable with the use of biological information verifying, because it needs directly to identify visitor using everyone biological characteristic
Identity, to a certain extent it is considered that can not be forged counterfeit.Although biological information verifying is most reliable body
Part authentication mode, but combine the reliability verified also higher various ways, for example, in new power grid security specification
It is also proposed that doing the authentication of double factor verifying in conjunction with biological identification technology;And in current field of power system, using Web system
The electric system of system is more, how to realize double factor verifying in Web system, is a problem to be solved.
Summary of the invention
The object of the present invention is to provide double factor verification method and certificate server, biometric authentication service device, to
Solve the problems, such as how to carry out double factor verifying in Web system to improve safety.
Double factor verifying is carried out in Web system in order to realize, to improve safety, the present invention provides a kind of for Web
The double factor verification method of login, steps are as follows:
1) logging device sends account number cipher information, certificate server reconciliation to certificate server according to the input of user
Number encrypted message is verified, if being proved to be successful, is sent and is requested to biometric authentication service device;
2) it after the biometric authentication service device receives request, sends and orders to logging device;
3) after the logging device receives the order, the biological information of user is acquired, and is sent to biology
Signature verification server;
4) after biometric authentication service device receives the biological information, according to the spy of biology corresponding to the user
Sign verifies the biological information, if being proved to be successful, notifies certificate server, logging device is allowed to take from Web
Business device obtains data or service.
Beneficial effect is the input of account number cipher information to be realized by logging device, and be proved to be successful in certificate server
Afterwards carry out biological information verifying, after biological information is proved to be successful notify certificate server allow logging device from
Web server obtains data or service, realizes the double factor verifying login function in Web system, improves Web system
Safety.
Further, in order to remind user's operation, the waiting time is saved, user experience is improved, the logging device receives
To after the order, user is prompted to input biological information.
Further, for the ease of realization biological characteristic validation, the biological characteristic is fingerprint, the biological characteristic validation
Server is fingerprint authentication server.
The present invention provides a kind of certificate server, including processor, memory and storage in memory and can located
The program run on reason device, the processor perform the steps of when executing described program
1) the account number cipher information that logging device is sent is obtained, and account encrypted message is verified, if being proved to be successful,
It then sends and requests to biometric authentication service device;
2) logical after biological information is proved to be successful when receiving biometric authentication service device after the request is sent
When knowing, logging device is allowed to obtain data or service from Web server.
Beneficial effect is the account number cipher information that certificate server is sent by obtaining logging device, and is being proved to be successful
Biological information verifying is opened afterwards, and allows logging device to obtain from Web server after biological information is proved to be successful
Data or service realize the double factor verifying login function in Web system, improve the safety of Web system.
The present invention provides a kind of biometric authentication service device, including processor, memory and storage are in memory
And the program that can be run on a processor, the processor perform the steps of when executing described program
1) request that certificate server is sent is obtained, and sends and orders to logging device;
2) biological information that the logging device receives the user acquired after the order is received;
3) biological characteristic according to corresponding to the user verifies the biological information, if being proved to be successful,
It notifies certificate server, logging device is allowed to obtain data or service from Web server.
Beneficial effect is that the request control logging device that biometric authentication service device is sent according to certificate server acquires
The biological information of user, and biological information verifying is carried out, the notice certification clothes after biological information is proved to be successful
Device permission logging device be engaged in from Web server acquisition data or service, the double factor verifying realized in Web system logs in function
Can, improve the safety of Web system.
Further, for the ease of realization biological characteristic validation, biological characteristic described in the biometric authentication service device
For fingerprint, the biometric authentication service device is fingerprint authentication server.
Detailed description of the invention
Fig. 1 is Principle of Signal Transmission figure in a kind of double factor verification method logged in for Web of the invention;
Fig. 2 is a kind of flow chart of double factor verification method logged in for Web of the invention.
Specific embodiment
The present invention will be further described in detail with reference to the accompanying drawing.
Embodiment of the method
The present invention provides a kind of double factor verification method logged in for Web, and steps are as follows:
1) logging device sends account number cipher information, certificate server reconciliation to certificate server according to the input of user
Number encrypted message is verified, if being proved to be successful, is sent and is requested to biometric authentication service device;
2) it after biometric authentication service device receives request, sends and orders to logging device;
3) after logging device receives order, the biological information of user is acquired, and is sent to biological characteristic validation
Server;
4) after biometric authentication service device receives biological information, according to biological characteristic pair corresponding to the user
Biological information is verified, if being proved to be successful, notifies certificate server, logging device is allowed to obtain from Web server
Data or service.
Above-mentioned logging device is needed with browser, and user can carry out the operations such as input account number cipher on the Web,
Such as the information such as ordinary password, picture validation code or dynamic password are inputted, the biological characteristic of these information and user can phases
It is corresponding.
After above-mentioned logging device receives order, also prompt user inputs biological information.
Above-mentioned biological characteristic is fingerprint, and biometric authentication service device is fingerprint authentication server, but the biological characteristic
Authentication server is not limited to fingerprint authentication server, if biological characteristic is the features such as iris, face, corresponding biology is special
Levying authentication server can be iris verification server, face recognition authentication server etc., the biologies such as iris recognition, face recognition
Existing mature technology can be used in acquisition, the comparison of feature.
It is fingerprint authentication server as example using biometric authentication service device, above-mentioned logging device has Web and refers to
Line collector, such as can be PC and fingerprint capturer for being equipped with browser, fingerprint capturer, which can be, not to be had
There is network function, be connected with PC, or have network function, with PC independence.Whether have network function or do not have net
The fingerprint capturer of network function, belongs to the prior art.
Above-mentioned logging device, certificate server, biometric authentication service device and Web server is arranged at a net
In network, above-mentioned Web server and logging device can have multiple, and certificate server and biometric authentication service device are at least
One.
As shown in Figure 1, stating double factor in use between logging device, certificate server A and fingerprint authentication server B
Information transmission principle when verification method, the information data transmission between certificate server A and fingerprint authentication server B can lead to
Network transmission is crossed, the data of transmitting include above-mentioned subscriber identity information and operating time etc., and transmitting identity information is tested to open
Demonstrate,prove corresponding fingerprint, transmitting operating time information have confirmed that whether time-out, fingerprint authentication server B receiving certificate server A
Request after, activate fingerprint capturer, the finger print information of passback and corresponding fingerprint in fingerprint authentication server B carried out pair
Than result being returned to certificate server A, when being proved to be successful, is then logined successfully, that is, allows to step on after confirming identity information
Recording apparatus obtains data or service from Web server.Wherein, above-mentioned fingerprint authentication server B is true according to subscriber identity information
Determine the fingerprint corresponding to it, and the fingerprint is compared with fingerprint collected, to be verified.
When biometric authentication service device is fingerprint authentication server, the flow chart of double factor verification method, such as Fig. 2 institute
Show, wherein server-side A authentication authorization and accounting server A, server-side B, that is, fingerprint authentication server B.Two relatively independent operations of server-side,
Unified management, but server-side B only receives the request from server-side A, does not receive the request from other server-sides.
Certificate server embodiment
The present invention provides a kind of certificate server, including processor, memory and storage in memory and can located
The program run on reason device, processor perform the steps of when executing program
1) the account number cipher information that logging device is sent is obtained, and account encrypted message is verified, if being proved to be successful,
It then sends and requests to biometric authentication service device;
2) logical after biological information is proved to be successful when receiving biometric authentication service device after the request is sent
When knowing, logging device is allowed to obtain data or service from Web server.
The certificate server is communicated to connect with logging device and biometric authentication service device, and simultaneous processor can be right
Information, which has been stored, in input information and memory compares verifying.In addition, the certificate server takes as logging device and Web
Bridge between business device, can be sent to logging device by certificate server for Web server, be also possible to only control login
Communication between equipment and Web server is connected.
The other function of the certificate server is described in detail in above method embodiment, no longer superfluous herein
It states.
Biometric authentication service device embodiment
The present invention provides a kind of biometric authentication service device, including processor, memory and storage are in memory
And the program that can be run on a processor, the processor perform the steps of when executing described program
1) request that certificate server is sent is obtained, and sends and orders to logging device;
2) biological information that logging device receives the user acquired after order is received;
3) biological characteristic according to corresponding to the user verifies biological information, if being proved to be successful, notifies
Certificate server allows logging device to obtain data or service from Web server.
Above-mentioned biological characteristic is fingerprint, and biometric authentication service device is fingerprint authentication server.But the biological characteristic
Authentication server is not limited to fingerprint authentication server, if biological characteristic is the features such as iris, face, corresponding biology is special
Levying authentication server can be iris verification server, face recognition authentication server etc., the biologies such as iris recognition, face recognition
Existing mature technology can be used in the comparison of feature.
Connection between the biometric authentication service device and other equipment, server and the function of being realized are upper
It states in embodiment of the method and is illustrated, details are not described herein.
Specific embodiment of the present invention is presented above, but the present invention is not limited to described embodiment.
The technological means in above-described embodiment is converted by the way of being readily apparent that those skilled in the art, is replaced,
Modification, and play the role of with the present invention in relevant art means it is essentially identical, realization goal of the invention it is also essentially identical,
The technical solution formed in this way is to be finely adjusted to be formed to above-described embodiment, and this technical solution still falls within protection of the invention
In range.
Claims (6)
1. a kind of double factor verification method logged in for Web, which is characterized in that steps are as follows:
1) logging device sends account number cipher information to certificate server, certificate server is close to account according to the input of user
Code information is verified, if being proved to be successful, is sent and is requested to biometric authentication service device;
2) it after the biometric authentication service device receives request, sends and orders to logging device;
3) after the logging device receives the order, the biological information of user is acquired, and is sent to biological characteristic
Authentication server;
4) after biometric authentication service device receives the biological information, according to biological characteristic pair corresponding to the user
The biological information is verified, if being proved to be successful, is notified certificate server, is allowed logging device from Web server
Obtain data or service.
2. the double factor verification method according to claim 1 logged in for Web, which is characterized in that the logging device
After receiving the order, user is prompted to input biological information.
3. the double factor verification method according to claim 1 or 2 logged in for Web, which is characterized in that the biology is special
Sign is fingerprint, and the biometric authentication service device is fingerprint authentication server.
4. a kind of certificate server, can run in memory and on a processor including processor, memory and storage
Program, which is characterized in that the processor performs the steps of when executing described program
1) the account number cipher information that logging device is sent is obtained, and account encrypted message is verified, if being proved to be successful, to
Biometric authentication service device sends request;
2) after the request is sent when receiving biometric authentication service device in the notice after biological information is proved to be successful,
Logging device is allowed to obtain data or service from Web server.
5. a kind of biometric authentication service device, including processor, memory and storage are in memory and can be in processor
The program of upper operation, which is characterized in that the processor performs the steps of when executing described program
1) request that certificate server is sent is obtained, and sends and orders to logging device;
2) biological information that the logging device receives the user acquired after the order is received;
3) biological characteristic according to corresponding to the user verifies the biological information, if being proved to be successful, notifies
Certificate server allows logging device to obtain data or service from Web server.
6. biometric authentication service device according to claim 5, which is characterized in that the biological characteristic is fingerprint, institute
Stating biometric authentication service device is fingerprint authentication server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811393375.3A CN109587123A (en) | 2018-11-21 | 2018-11-21 | Double factor verification method and certificate server, biometric authentication service device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811393375.3A CN109587123A (en) | 2018-11-21 | 2018-11-21 | Double factor verification method and certificate server, biometric authentication service device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109587123A true CN109587123A (en) | 2019-04-05 |
Family
ID=65923660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811393375.3A Pending CN109587123A (en) | 2018-11-21 | 2018-11-21 | Double factor verification method and certificate server, biometric authentication service device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109587123A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704834A (en) * | 2019-10-17 | 2020-01-17 | 淮北师范大学 | Digital certificate authentication method using cryptography |
| CN111859326A (en) * | 2020-07-23 | 2020-10-30 | 天津恒辉创意科技有限公司 | Identity recognition post-processing method |
| CN112437088A (en) * | 2020-11-25 | 2021-03-02 | 安徽泰迪信息科技有限公司 | Internet terminal login double-factor security authentication system |
| CN113537921A (en) * | 2021-05-29 | 2021-10-22 | 中国南方电网有限责任公司 | Intelligent safety anti-error check system and anti-error check system thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391734A (en) * | 2015-12-10 | 2016-03-09 | 布比(北京)网络技术有限公司 | Secure login system, secure login method, login server and authentication server |
| US20170034159A1 (en) * | 2009-08-07 | 2017-02-02 | At&T Intellectual Property I, L.P. | Methods, Systems, and Products for Authenticating Users |
| CN108804884A (en) * | 2017-05-02 | 2018-11-13 | 北京旷视科技有限公司 | Identity authentication method, device and computer storage media |
-
2018
- 2018-11-21 CN CN201811393375.3A patent/CN109587123A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170034159A1 (en) * | 2009-08-07 | 2017-02-02 | At&T Intellectual Property I, L.P. | Methods, Systems, and Products for Authenticating Users |
| CN105391734A (en) * | 2015-12-10 | 2016-03-09 | 布比(北京)网络技术有限公司 | Secure login system, secure login method, login server and authentication server |
| CN108804884A (en) * | 2017-05-02 | 2018-11-13 | 北京旷视科技有限公司 | Identity authentication method, device and computer storage media |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704834A (en) * | 2019-10-17 | 2020-01-17 | 淮北师范大学 | Digital certificate authentication method using cryptography |
| CN111859326A (en) * | 2020-07-23 | 2020-10-30 | 天津恒辉创意科技有限公司 | Identity recognition post-processing method |
| CN112437088A (en) * | 2020-11-25 | 2021-03-02 | 安徽泰迪信息科技有限公司 | Internet terminal login double-factor security authentication system |
| CN112437088B (en) * | 2020-11-25 | 2022-07-12 | 安徽泰迪信息科技有限公司 | Internet terminal login double-factor security authentication system |
| CN113537921A (en) * | 2021-05-29 | 2021-10-22 | 中国南方电网有限责任公司 | Intelligent safety anti-error check system and anti-error check system thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110519062B (en) | Identity authentication method, authentication system and storage medium based on block chain | |
| US10169937B1 (en) | Systems and methods for multifactor physical authentication | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN103259667B (en) | The method and system of eID authentication on mobile terminal | |
| EP1288765B1 (en) | Universal authentication mechanism | |
| US20050138421A1 (en) | Server mediated security token access | |
| CN109587123A (en) | Double factor verification method and certificate server, biometric authentication service device | |
| EP2819050B1 (en) | Electronic signature system for an electronic document using a third-party authentication circuit | |
| CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
| TWM623435U (en) | System for verifying client identity and transaction services using multiple security levels | |
| CN106850201A (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
| US20030115154A1 (en) | System and method for facilitating operator authentication | |
| GB2384069A (en) | Transferring user authentication for first to second web site | |
| CN109347831A (en) | A kind of double authentication safety access system and method based on UKey certification | |
| CN109409041A (en) | A kind of server-side safety certifying method and system based on the application of more certificates | |
| CN104135480A (en) | Entrance guard authorization system and entrance guard authorization method | |
| CN111010279A (en) | Remote multi-factor authentication protocol based on zero-knowledge proof | |
| CN109684802A (en) | A kind of method and system providing a user artificial intelligence platform | |
| CN116112242B (en) | Unified safety authentication method and system for power regulation and control system | |
| CN108964883A (en) | It is a kind of using smart phone as the digital certificate store of medium and endorsement method | |
| CN115967581A (en) | Login verification method and device, electronic equipment and storage medium | |
| KR102547590B1 (en) | Apparatus and method for performing non-face-to-face identification using a bio-certificate | |
| Chen et al. | On enhancing biometric authentication with data protection | |
| KR20170142983A (en) | Method for Providing Appointed Service by using Biometric Information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190405 |