CN109889548A

CN109889548A - The authentication method of Web site based on U-shield device, apparatus and system

Info

Publication number: CN109889548A
Application number: CN201910257015.9A
Authority: CN
Inventors: 戴新华; 孙琪; 杨武; 陈兵
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2019-04-01
Filing date: 2019-04-01
Publication date: 2019-06-14

Abstract

The invention discloses a kind of authentication methods of Web site based on U-shield device, apparatus and system, the system includes: client, with U-shield device and server communication, for obtaining verification information, and verification information is sent to U-shield device, receive the checking solicited message that U-shield device is sent, and checking solicited message is forwarded to server, so that server authenticates current web page, U-shield device, for receiving the verification information of client transmission, encrypted authentication solicited message, first random number is compared with what client forwarded by the second random number that the server generates；Server authenticates current web page according to verification information for receiving the checking solicited message of client transmission.According to authentication result, the second random number is generated, and the second random number is forwarded to U-shield device by client.The present invention can effectively guard against infringement of the illegal website to client personal information.

Description

The authentication method of Web site based on U-shield device, apparatus and system

Technical field

The present invention relates to internet security technical fields, are based particularly on the internet security technology of banking system, specifically It is related to authentication method, the apparatus and system of a kind of Web site based on U-shield device.

Background technique

With the rise of internet electric business platform, internet exchange amount explosive growth has considerable user to pass through network Shopping.When progress Web bank transfers accounts, online trading is settled accounts, user is likely to encounter trap set by illegal website. Current electric business platform and Web bank take the technological means such as customer authentication, transaction verification, resisting denying and transmission encryption, from The safety of network trading is improved to a certain extent.But illegal website pretends to be the effectively website such as official to extract user account, close Code, and the thing for causing clients fund to lose still happens occasionally.User's note is mainly reminded for the current method of problems Meaning identifies fishing website, but most users, due to professional knowledge, the shortage of experience, awareness of safety is not high, it is difficult to identify the non-net of justice It stands, leads to userspersonal information's leakage, property loss.

Summary of the invention

For the problems of the prior art, method, apparatus and system provided by the invention can authenticate the login of Web site The page, the payment page, and authentication result is prompted to user, this method is safe and reliable, can effectively guard against fishing website etc. Infringement of other illegal websites to userspersonal information.

In order to solve the above technical problems, the present invention the following technical schemes are provided:

In a first aspect, the present invention provides a kind of authentication method of Web site based on U-shield device, comprising:

Applied to client, verification information is obtained, and verification information is sent to U-shield device, wherein verification information includes User requests corresponding session identification data and current web page uniform resource locator data in the data input of current web page.

The checking solicited message that U-shield device is sent is received, and checking solicited message is forwarded to server, so that server Current web page is authenticated, wherein checking solicited message is by U-shield device to the first random number of generation, the sequence of U-shield device Number and verification information encryption after obtain.

In one embodiment, if server passes through current web page certification, the heartbeat message that forwarding is sent by server to U Shield device, and forward the response message fed back by U-shield device to server.

Applied to U-shield device, the verification information that client is sent is received, wherein verification information includes user in current net The data input of page requests corresponding session identification data and current web page uniform resource locator data；

Encrypted authentication solicited message, wherein checking solicited message is by believing preset first random number, sequence number and verifying It is obtained after encryption for information；And checking solicited message is sent to by server by client；

First random number and the second random number generated by server that client forwards are compared.

In one embodiment, if U-shield device passes through current web page certification, according to raw from the received heartbeat message of client Server is forwarded to by client at response message, and by response message, wherein heartbeat message is generated by server.

Applied to server, the checking solicited message that client is sent is received, wherein checking solicited message is by preset It is obtained after first random number, sequence number and verification information encryption；Verification information includes that user asks in the data input of current web page Ask corresponding session identification data and current web page uniform resource locator data；

Current web page is authenticated according to verification information.

According to authentication result, the second random number is generated, and the second random number is forwarded to U-shield device by client.

In one embodiment, if server passes through current web page certification, send heartbeat message to client, and receive by Client forwarding issues response message by U-shield device.

Second aspect, the present invention also provides the Verification System of the Web site based on U-shield device, which includes: client End, with U-shield device and server communication, is sent to U-shield device for obtaining verification information, and by verification information, wherein verifying Information includes user in the corresponding session identification data of data input request of current web page and the positioning of current web page unified resource Accord with data；

The checking solicited message that U-shield device is sent is received, and checking solicited message is forwarded to server, so that server Current web page is authenticated, wherein checking solicited message is by U-shield device to the first random number of generation, the sequence of U-shield device Number and verification information encryption after obtain；

U-shield device, for receiving the verification information of client transmission；

Encrypted authentication solicited message；

Current web page is recognized according to the second random number generated by server that the first random number and client forward Card；

Server, for receiving the checking solicited message of client transmission；

Current web page is authenticated according to verification information；

The third aspect, the present invention provide the authentication device of the Web site based on U-shield device, which includes:

Verification information acquiring unit is sent to U-shield device for obtaining verification information, and by verification information, wherein verifying Information includes user in the corresponding session identification data of data input request of current web page and the positioning of current web page unified resource Accord with data；

Checking solicited message receiving unit for receiving the checking solicited message of U-shield device transmission, and checking request is believed Breath is forwarded to server, so that server authenticates current web page, wherein checking solicited message is by U-shield device to generation The first random number, U-shield device sequence number and verification information encryption after obtain.

Verification information receiving unit, for receiving the verification information of client transmission, wherein verification information includes that user exists The data input of current web page requests corresponding session identification data and current web page uniform resource locator data；

Checking solicited message encryption unit is used for encrypted authentication solicited message, wherein checking solicited message is by preset It is obtained after first random number, sequence number and verification information encryption；And checking solicited message is sent to by server by client；

Current web page carries out certification first unit, is generated for what is forwarded according to the first random number and client by server The second random number current web page is authenticated.

Checking solicited message receiving unit, for receiving the checking solicited message of client transmission, wherein checking request letter Breath after encrypting to preset first random number, sequence number and verification information by obtaining；Verification information includes user in current web page Data input request corresponding session identification data and current web page uniform resource locator data；

Current web page carries out certification certification second unit, for being authenticated according to verification information to current web page.

Second random number generation unit for generating the second random number according to authentication result, and the second random number is passed through Client is forwarded to U-shield device.

In one embodiment, the authentication device of the Web site based on U-shield device further include:

Heartbeat message retransmission unit for forwarding the heartbeat message sent by server to U-shield device, and is forwarded by U-shield The response message that device is fed back is to server.

Response message transmission unit, for generating response message according to from the received heartbeat message of client, and will response Information is forwarded to server by client, and wherein heartbeat message is generated by server.

Heartbeat message transmission unit for sending heartbeat message to client, and is received and is filled by what client forwarded by U-shield Set sending response message.

Fourth aspect, the present invention provides a kind of electronic equipment, including memory, processor and storage are on a memory and can The computer program run on a processor, processor realize the authentication method of the Web site based on U-shield device when executing program The step of.

5th aspect, the present invention provide a kind of computer readable storage medium, are stored thereon with computer program, the calculating The step of authentication method of the Web site based on U-shield device is realized when machine program is executed by processor.

It is found that the present invention provides the authentication method of the Web site based on U-shield device, U-shield device passes through to pre- foregoing description If random number, sequence number and current web page data input request corresponding session identification data and current web page unified resource It is verified solicited message after locator data encryption, server can be to current where user according to the checking solicited message After website is authenticated, and authentication result is prompted to user, and certification passes through, persistently keep using by heartbeat message technology Safe condition of the family in the information typing district operation of current web page.To sum up, the present invention provides the certification Web based on U-shield device The method, apparatus and system of website can identify illegal website, and compared with current technology, having does not have typing individual letter in user Before typing information is submitted not yet before breath or, so that it may notify whether user's current web page is effective, remove the non-net of justice from The advantages that risk of the personal information of user, is stolen at station, and this method is easy to operate for a user, and highly-safe, Ke Yiyou Infringement of the effect ground prevention illegal website to client personal information.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.

Fig. 1 is a structural schematic diagram of the Verification System of the Web site based on U-shield device in the embodiment of the present invention；

Fig. 2 is the Verification System structural schematic diagram of the Web site based on U-shield device in specific application example of the invention；

Fig. 3 is the structural schematic diagram of the U-shield device in the embodiment of the present invention；

Fig. 4 is the configuration diagram of the server in the embodiment of the present invention；

Fig. 5 is the stream that client is used in the authentication method of the Web site based on U-shield device in the embodiment of the present invention Journey schematic diagram；

Fig. 6 is the structural schematic diagram of the authentication device for the Web site based on U-shield device that the present invention is applied to client；

Fig. 7 is that U-shield device end is used in the authentication method of the Web site based on U-shield device in the embodiment of the present invention Flow diagram；

Fig. 8 is the structural schematic diagram of the authentication device for the Web site based on U-shield device that the present invention is applied to U-shield device；

Fig. 9 is in the authentication method of the Web site based on U-shield device in the embodiment of the present invention for server end Flow diagram；

Figure 10 is the structural schematic diagram of the authentication device for the Web site based on U-shield device that the present invention is applied to server；

Figure 11 is the process signal of the authentication method of the Web site based on U-shield device in a specific embodiment of the invention Figure；

Figure 12 is the process signal of specific application example in the authentication method of the Web site of the invention based on U-shield device Figure；

Figure 13 is user's operation webpage schematic diagram in specific application example of the invention；

Figure 14 is the structural schematic diagram of the electronic equipment in the embodiment of the present invention.

Specific embodiment

In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.

The authentication method of Web site provided by the present application, apparatus and system can effectively identify illegal website, and current Technology is compared, before typing information is submitted not yet before user does not have typing personal information or, so that it may which notice is used Whether family current web page is effective, removes the risk that the personal information of user is stolen in illegal website from, has obvious advantage, this method pair It is easy to operate for user and highly-safe, infringement of the illegal website to client personal information can be effectively guarded against.Specifically It is illustrated by following multiple embodiments and application scenarios.

Based on above content, the application provides a kind of Verification System of the Web site of U-shield device, referring to Fig. 1, the system Including customer end B, U-shield device C and server A, wherein customer end B is communicated with U-shield device C and server A, is tested for obtaining Information is demonstrate,proved, verification information is sent to U-shield device C, and receives the checking solicited message of U-shield device C transmission, and by checking request Information is forwarded to server A, so that server A authenticates current web page.Wherein, verification information includes user in current net The data input of page requests corresponding session identification data and current web page uniform resource locator data；Checking solicited message by U-shield device C is obtained after encrypting to the first random number of generation, the sequence number of U-shield device C and verification information, in practical applications, Customer end B in this system can be the client device may include smart phone, Flat electronic equipment, network machine top box, Portable computer, desktop computer, personal digital assistant (PDA), mobile unit, intelligent wearable device etc., referring to fig. 2.

The verification information that U-shield device is sent for receiving client, encrypted authentication solicited message, and according to the first random number And the second random number of client forwarding generated by server authenticates current web page.Referring to Fig. 3, inside U-shield device 5 Comprising main control chip 21, display module 22, key and usb interface module 23, the outer ROM memory 25 of bi-colour LED 24, piece, piece Outer RAM memory 26.Main control chip 21 be based on intelligent card chip operating system (cos) inside it memory management number of users Word certificate file, private key for user and public key, 23 driver of display module 22, key and usb interface module, main control chip 21 are logical Cross control bus connection bi-colour LED 24, by the outer ROM memory 25 of data/address bus connection sheet and the outer RAM memory 26 of piece. The outer ROM memory 25 of 21 intelligent card chip operating system management piece of main control chip and the outer RAM memory 26 of piece, the outer ROM storage of piece Device 25 stores server public key, 24 driver of bi-colour LED, and fit end 4 carries out testing for both sides' verifying with server Demonstrate,prove program.

Server is used to receive the checking solicited message of client transmission, is recognized according to verification information current web page Card generates the second random number according to authentication result, and the second random number is forwarded to U-shield device by client.Referring to fig. 4, The application provides a kind of architecture diagram of server.Server includes WEB server 1, authentication server 2, database server 3. Client carries out communication connection by internet 7 and WEB server 1.The server can root during practical application is disposed It is integrated according to user volume, it may be assumed that, can be whole by WEB server 1, authentication server 2, database server 3 if user volume is small It closes onto a physical server, if user volume is big, WEB server 1, authentication server 2, database server 3 can divide It is not deployed on 3 or more, it might even be possible to dispose load-balancing device in 1 front end of WEB server.In addition, According to security needs, firewall can be disposed respectively in WEB server 1,2 front end of authentication server, reach hierarchical control, filtering The security needs of user's access.

Referring to fig. 2, any suitable network protocol can be used between server and client device to be communicated, including In the network protocol that the application submitting day is not yet developed.Network protocol for example may include ICP/IP protocol, UDP/IP agreement, Http protocol, HTTPS agreement etc..Certainly, network protocol for example can also include the RPC agreement used on above-mentioned agreement (Remote Procedure Call Protocol, remote procedure call protocol), REST agreement (Representational State Transfer, declarative state transfer protocol) etc..

The embodiment of the present invention also provides a kind of authentication method of Web site based on U-shield device applied to client Specific embodiment, referring to Fig. 5, this method specifically includes following content:

Step 100: obtaining verification information, and verification information is sent to U-shield device, wherein verification information includes user Corresponding session identification data and current web page uniform resource locator data are requested in the data input of current web page.

In one embodiment, the button.onrelease in client collects the data input request that user is currently located webpage Corresponding session identification data (Session ID) and current web page uniform resource locator data (URL), it is to be understood that Session ID is used to track the session of user, is identified using the Session ID that server generates, to distinguish user. Session ID is stored in inside the Cookie of server memory and client.When user issues the checking request to current web page When information, server compares the Session ID in the Session ID and server memory that record inside user Cookie It is right, it is operated to find the corresponding Session ID of this user.URL is to the resource that can be obtained from internet A kind of expression of position and access method is the address of standard resource on internet.Each file on internet has one Unique URL, the information that it includes are the position of file.

In one embodiment, client includes the end computer PC and mobile client.It is understood that can be by U Increase earphone and blue tooth interface in shield device, U-shield device is connected to mobile client.

Step 200: the checking solicited message that U-shield device is sent is received, and checking solicited message is forwarded to server, with Authenticate server to current web page, wherein checking solicited message is filled by the first random number, U-shield of the U-shield device to generation It is obtained after sequence number and the verification information encryption set.

It is understood that the Session ID and URL that are collected into are sent to U-shield and filled by client by step 100 It sets, U-shield device encrypts sequence number, the Session ID and URL of the first pre-generated random number, U-shield device, and will Encrypted result (checking solicited message) is sent to server by client.

In one embodiment, if server passes through current web page certification, client forwards the heartbeat sent by server Information forwards the response message fed back by U-shield device to server to U-shield device.

It is understood that heartbeat message is sent since server, until U-shield device is closed, during which server can not Intermittent sending cycle or repetition message.When U-shield device does not receive message within some message sink period, recipient then recognizes It has been switched off, break down or is currently unavailable for transmission source.

The embodiment of the present invention also provides a kind of certification that can be realized the Web site based on U-shield device and determines answering for method The specific embodiment of the authentication device of the Web site based on U-shield device for client is applied to client referring to Fig. 6 The authentication device of the Web site based on U-shield device specifically include following content:

Verification information acquiring unit 10 is sent to U-shield device for obtaining verification information, and by verification information, wherein test Card information includes that user is fixed in the corresponding session identification data of data input request and current web page unified resource of current web page Position symbol data；

Checking solicited message receiving unit 20, for receiving the checking solicited message of U-shield device transmission, and by checking request Information is forwarded to server, so that server authenticates current web page, wherein checking solicited message is by U-shield device to production It is obtained after sequence number and the verification information encryption of raw random number, U-shield device.

The embodiment of the present invention provides a kind of authentication method for the Web site based on U-shield device for being applied to U-shield device Specific embodiment, referring to Fig. 7, this method specifically includes following content:

Step 300: receiving the verification information that client is sent, wherein verification information includes letter of the user in current web page It ceases typing and requests corresponding session identification data and current web page uniform resource locator data.

It is understood that session identification data and current web page uniform resource locator data respectively correspond step 100 In Session ID and url data.

Step 400: encrypted authentication solicited message, wherein checking solicited message is by preset first random number, sequence number And it is obtained after verification information encryption；And checking solicited message is sent to by server by client.

Step 400 is when it is implemented, U-shield device encrypts first pre-generated by itself according to server public key at random Number, the U-shield sequence number obtained, Session ID and URL will simultaneously be verified by encrypted result loopback client, and by client Solicited message is sent to server.

Step 500: the first random number and the second random number generated by server that client forwards are compared.

It is understood that if it is invalid that U-shield device regards current web page when the first random number and the second random number are inconsistent Bi-colour LED 24 is set to red by webpage, U-shield device, to provide user's information warning., whereas if first and second is random When number is consistent, bi-colour LED 24 is set to green by U-shield device, and user learns that current web page is effective web.

In one embodiment, if U-shield device passes through current web page certification, U-shield device is according to from the received heart of client Hop-information generates response message, and response message is forwarded to server by client, and wherein heartbeat message is given birth to by server At.

The embodiment of the present invention also provides a kind of certification that can be realized the Web site based on U-shield device and determines answering for method The specific embodiment of the authentication device of the Web site based on U-shield device for U-shield device is applied to U-shield and fills referring to Fig. 8 The authentication device for the Web site based on U-shield device set specifically includes following content:

Verification information receiving unit 30, for receiving the verification information of client transmission, wherein verification information includes user Corresponding session identification data and current web page uniform resource locator data are requested in the data input of current web page；

Checking solicited message encryption unit 40 is used for encrypted authentication solicited message, wherein checking solicited message is by default Random number, sequence number and verification information encryption after obtain；And checking solicited message is sent to by server by client；

Current web page carry out certification first unit 50, for according to random number and client forwarding by server generate Second random number authenticates current web page.

The embodiment of the present invention provides a kind of authentication method for the Web site based on U-shield device for being applied to server Specific embodiment, referring to Fig. 9, this method specifically includes following content:

Step 600: receiving the checking solicited message that client is sent, wherein checking solicited message is by preset first It is obtained after random number, sequence number and verification information encryption；Verification information includes data input request pair of the user in current web page The session identification data and current web page uniform resource locator data answered.

Step 700: current web page being authenticated according to verification information.

Step 700 when it is implemented, server authentication Session ID whether there is, and verify Session ID whether with URL information matching, if Session ID exists, and matches with URL information, then authenticating current web page is effective web, instead It, certification current web page is invalid web pages.

Step 800: according to authentication result, generating the second random number, and the second random number is forwarded to U-shield by client Device.

Specifically, if authentication result is effective web, the first random number remains unchanged step 800, and random by first Number is set as the second random number, if authentication result is invalid web pages, changes the first random number, and the first random number is arranged For the second random number, and the second random number is sent to U-shield device.

The embodiment of the present invention also provides a kind of certification that can be realized the Web site based on U-shield device and determines answering for method The specific embodiment of the authentication device of the Web site based on U-shield device for server is applied to service referring to Figure 10 The authentication device of the Web site based on U-shield device of device specifically includes following content:

Checking solicited message receiving unit 60, for receiving the checking solicited message of client transmission, wherein checking request Information after encrypting to preset random number, sequence number and verification information by obtaining；Verification information includes user in current web page Data input requests corresponding session identification data and current web page uniform resource locator data；

Current web page carries out certification certification second unit 70, for being authenticated according to verification information to current web page.

Second random number generation unit 80 for generating the second random number according to authentication result, and the second random number is led to It crosses client and is forwarded to U-shield device.

In a specific embodiment, the present invention also provides the tools in the authentication method of the Web site based on U-shield device Body embodiment, referring to Figure 11.

Step M01: user opens in client or jumps to related web page, triggers the button.onrelease of client.

In a specific embodiment, step M01 further includes following scenario described, when the operation mouse of user moves into current web page Information typing district when, the button.onrelease of client is also triggered.

Step M02: whether client detection U-shield device has accessed client, if not having, user is prompted to be inserted into U-shield device.

It is understood that whether having been accessed by the button.onrelease detection U-shield device in client.

Step M03:U shield device generates the first random number, and obtains U-shield device sequence number.

Step M03 is when it is implemented, U-shield device can generate the first random number by random function.

Step M04: client obtains the Session ID and URL for being currently located webpage, as verification information.

In one embodiment, step M04 further include: building verification information stream, if verification information stream length is more than key Length, verification information stream is segmented and is sorted by the button.onrelease in client, in favor of encrypted each segment information Stream recombination.

Step M05: verification information is sent to U-shield device by client.

Step M05 is when it is implemented, the verification information that will be handled well by the button.onrelease in client, according to row Sequence is sequentially sent to U-shield device.

Step M06:U shield device, which encrypts the first random number, the sequence number of U-shield device and verifying by server public key, to be believed Breath, is sent to client as checking solicited message, and by checking solicited message.

Step M06 when it is implemented, U-shield device encrypts the first random number and U-shield sequence number using server public key first, And loopback computer, each segmentation verification information, and successively loopback computer are successively encrypted further in accordance with reception sequence.Event handling journey Sequence receives each segment information of encryption that U-shield device returns, and each segment information is recombinated according to reception sequence, as the main of checking request Content.

Step M07: checking solicited message is sent to server by client.

Step M07 when it is implemented, button.onrelease to WEB service pointed by the URL by obtaining in step M04 Device sends checking solicited message.

Step M08: checking solicited message is decrypted in server.

It is random to isolate first when it is implemented, server privacy key decryption verification solicited message by step M06 Number, the sequence number of U-shield device, Session ID and URL.

Step M09: server obtains U-shield device public key by the sequence number of U-shield device.

Step M09 is when it is implemented, server searches the public key of U-shield device by the sequence number of U-shield device, and keeping in should Public key.

Step M10: server authentication Session ID whether there is, and verify Session ID whether with URL information Match.

Step M11: server generates the second random number according to verification result.

Step M11 is when it is implemented, if Session ID exists, and Session ID is matched with URL information, services The first random number+0 is arranged in device, i.e. the first random number is constant；And the second random number is set by the first random number；Conversely, service Device changes the first random number, and sets the second random number for the first random number after change.

Step M12: the second random number of server for encrypting.

Step M12 is when it is implemented, server is used in the second random number of public key encryption for the U-shield that step M09 is obtained.

Step M13: the second random number is sent to client by server.

It is understood that the encrypted state of the second random number in M13 is after encrypting.

Step M14: the second random number is sent to U-shield device by client.

Step M15:U shield device decrypts the second random number using U-shield device private key.

Whether the second random number that the judgement of step M16:U shield device receives and the first random number sent are consistent, and generate To the authentication result of current web page.

If the second random number is consistent with the first random number, bi-colour LED is set to green, i.e. current web page is effective Webpage；Conversely, bi-colour LED is set to red, i.e. current web page is invalid web pages.It is understood that step M01 is extremely walked Rapid M16, the verifying to current web page is completed in server, and verification result is informed user, and present embodiment also provides After current web page is by verifying, in user in the information typing district input information process of current web page, lasting protection is provided The method of measure, to prevent in user in input information process, to maintain the safe condition of information typing district.

Step M17: when server passes through current web page certification, server sends heartbeat message and is sent to client.

Step M17 when it is implemented, server using U-shield device public key encryption heartbeat message (with predefined format and Content) to client push.

Step M18: client forwards heartbeat message to U-shield device.

Step M19:U shield device decrypts heartbeat message using U-shield private key, and judges decrypted result.

Step M20: according to judging result, response message is sent to server.

If decrypted result is not heartbeat message, bi-colour LED is set to red, if decrypted result is heartbeat message, Response message is generated according to heartbeat message, and response message is sent to server by client, and bi-colour LED is set For green.

Step M21: if server receives response message, continue to send heartbeat message to client, and pass through client End is sent to U-shield device, until being not received by the response message of U-shield device.

To further explain this programme, the present invention is provided with the intelligent U-shield device in banking system based on U-shield device Web site authentication method specific application example, which includes following content, referring to Figure 12.

In this specific application example, the Verification System of the Web site based on U-shield device is as shown in Fig. 2, client 4 is logical Cross 3 interaction process information of internet 7 and WEB server 1, authentication server 2 and database server, and by USB cable with Intelligent 5 interaction process information of U-shield device.It is understood that client 4 can be the end computer PC or mobile client, Accordingly, client and the connecting interface of intelligent U-shield device 5 can be USB cable, bluetooth or earphone interface.

Step S00: referring to Figure 13, user 6 opens or jumps to related web page 30 in client 4, when the mouse of user 6 When moving into information typing district 31, S01 is entered step.

User 6 carries out online financial transaction in client 4, and user 6 enters the Web page 30, and mouse moves into information typing district 31, verification process is triggered at this time.In this specific application example, server (WEB server 1, authentication server 2, database clothes Business device 3) with intelligent U-shield device 5 it is considered as credible end, client 4 is considered as insincere end.Two credible ends are jointly on insincere end Information typing district 31 verified, if the information typing district 31 of 6 place webpage 30 of user is strictly that Service Providers are mentioned For, and maintain this safe condition, then safety instruction (that is a: bi-colour LED 24 is provided to user 6 by intelligent U-shield device 5 For green), client can input information on information input column 32, and otherwise intelligent U-shield device 5 is (that is: double to the alarm instruction of user 6 Color indicator light 24 is red), client can decide whether continue to operate in related web page in its sole discretion.

Step S01: user's mouse behavior triggers client event processing routine.

Step S02: client event processing routine detects whether intelligent U-shield device 5 has accessed client 4 first, if not having Have, user 6 is prompted to be inserted into intelligent U-shield device 5.

Step S03: the main control chip 21 in intelligent U-shield device calls the outer program of piece in the outer ROM memory 25 of piece in piece It is run in outer RAM memory 26, bi-colour LED 24 is set to red by the outer program of piece.

It include main control chip 21, display module 22, key and usb interface module inside intelligent U-shield device 5 referring to Fig. 3 23, the outer ROM memory 25 of bi-colour LED 24, piece, the outer RAM memory 26 of piece.

Main control chip 21 be based on intelligent card chip operating system (cos) inside it memory management customer digital certificate File, private key for user and public key, display screen, key, communication interface driver, data io handler, key are calculated Method is cured as hardware, calls processing asymmetric and symmetric encryption and decryption operation, Hash operation, signature by intelligent card chip operating system Operation and other function program, referred above to piece internal program.Main control chip 21, display module 22, key and usb interface module 23 have the function of second-generation U-key, and abide by second-generation U-key read-write rule.

Main control chip 21 connects bi-colour LED 24 by control bus, by the outer ROM memory of data/address bus connection sheet 25 and the outer RAM memory 26 of piece.The outer ROM memory 25 of 21 intelligent card chip operating system management piece of main control chip and the outer RAM of piece Memory 26, the outer ROM memory 25 of piece store server public key, 24 driver of bi-colour LED, fit end 4 and clothes Business device carries out the proving program of both sides' verifying, these data and program are known as the outer program of piece.Intelligent U-shield device 5 accesses computer Afterwards, main control chip 21 runs program outside the piece stored in ROM memory 25 outside piece with RAM memory 26 outside piece, by program outside piece It dispatches piece internal program to run in 21 internal storage of main control chip, the outer program of piece completes part verification process, and controls double-colored finger Show the red green conversion and holding of lamp 24.

It is understood that further include before step S03, after intelligent U-shield device 5 accesses client 4, intelligent U-shield dress Set 5 completion self-tests and initialization procedure.

Step S04: the outer routine call piece internal program of piece in intelligent U-shield device generates random number, obtains intelligent U-shield device Sequence number keeps in the two data.

Step S05: client event processing routine collects Session ID and the URL letter that user 6 is currently located webpage 30 Breath, and verification information stream is constructed, if verification information stream length is more than key length, button.onrelease flows into verification information Row segmentation and sequence, so that encrypted each segment information stream recombinates.

Step S06: the verification information that client event processing routine will be handled well is sequentially sent to intelligent U-shield according to sequence In device 5.

Step S07: the outer program of piece in intelligent U-shield device waits client 4 to be sent into information, after step C04 is sent into information, The outer program of piece needs to judge whether the information is verification information.

Step S08: the outer program of piece in intelligent U-shield device judges that client 4 inputs whether information is verification information.

If not verification information format, then depending on doing normal U-shield processing information, goes to step U32 and handled by piece internal program. If it is verification information format, then the outer routine call piece internal program of piece starts encryption.

Step S09: the outer routine call piece internal program server-side public key encrypting step first of piece in intelligent U-shield device The random number and U-shield sequence number that S04 is generated, and loopback computer, successively encrypt each segmentation verification information further in accordance with reception sequence, And successively loopback computer.

Step S10: client event processing routine receives each segment information of encryption that intelligent U-shield device 5 returns.

It is understood that button.onrelease recombinates each segment information according to reception sequence, using the master as checking request Want content.

Step S11: client event processing routine constructs checking solicited message, the URL established by step S05, to URL The WEB server 1 of direction sends checking solicited message, and the feedback of returning of authentication server 2 is waited to believe.Checking solicited message is by intelligence U-shield device obtains after encrypting to the random number of generation, the sequence number of U-shield device, Session ID and URL information.

Step S12:WEB server 1 receives user's checking request, is forwarded to the processing of authentication server 2.

Step S13: the server-side private key decryption verification information of authentication server 2, and random number is isolated, intelligent U-shield dress Set 5 sequence number, session ID and URL information.

Step S14: the sequence number that authentication server 2 passes through intelligent U-shield device 5 checks in user's public affairs in database server 3 Key, and keep in the data.

Step S15: authentication server 2, which verifies session ID by WEB server 1, whether there is, and verify session Whether ID matches with URL information.

Step S16: authentication server 2 judges whether current web page 30 passes through verifying.

Exist it is understood that verifying session ID by WEB server 1 when authentication server 2, and Session When ID is matched with URL information, current web page 30 is by verifying, conversely, current web page 30 does not pass through verifying.

Step S17: if the verification passes, authentication server 2 is used in random number+0, i.e. random number obtained in step S01 It is constant.

Step S18: if verifying does not pass through, authentication server 2 is by random number+1 obtained in step S01, i.e. random number Change.

Step S19: authentication server 2 is used in the client public key that step S02 is obtained and is encrypted in obtained in step S04 at random Number.

Step S20: authentication server 2 returns the feedback encrypted random number of client 4 by WEB server 1.

Step S21: client event processing routine receives the feedforward information that returns of authentication server 2, and button.onrelease will It returns feedforward information and is sent into intelligent U-shield device 5.

It is understood that the feedback information in step S21 includes the encrypted random number in step S20.

Step S22: what the outer program of piece in intelligent U-shield device received 4 button.onrelease of client returns feedforward information.

Step S23: the outer program judgement of piece in intelligent U-shield device returns whether feedforward information has timed, out.

Step S24: returning feedback in vain if returning feedforward information and having timed, out to be considered as, and the outer program of the piece in intelligent U-shield device will be double Color indicator light 24 is set to red.

Step S25: being not timed-out if returning feedforward information, and the outer routine call piece internal program of the piece in intelligent U-shield device uses Feedforward information is returned in private key for user decryption, extracts random number.

Step S26: whether the random number and transmission random number that the outer program judgement of piece in intelligent U-shield device receives are consistent.

If inconsistent be considered as of random number returns feedback in vain, it is transferred to step S24, the outer program of the piece in intelligent U-shield device will be double Color indicator light 24 is set to red.

Step S27: if random number is consistent, bi-colour LED 24 is set to green by the outer program of piece in intelligent U-shield device.

Step S28: the outer program of piece in intelligent U-shield device waits new information input.

So far information typing district 31 is completed and the first both sides of server-side verifying, intelligence in the webpage 30 in client 4 The bi-colour LED 24 of energy U-shield device 5 is shown as the state after the completion of verifying, and red is designated as precarious position, and green is designated as Safe condition.

Step S29: in 4 webpage 30 of client in both sides' verification process of information typing district 31 and server-side or verifying When completion, if the mouse of user 6 removes information typing district 31, or enter other webpages, then being transferred to step C01, waits stand-by The mouse at family 6 moves into information typing district 31 again, and trigger event processing routine is verified again.

Step S30: client event processing routine receives heartbeat message and is sent into intelligent U-shield device 5.

In 4 webpage 30 of client in both sides' verification process of information typing district 31 and server-side or when verifying is completed, If the mouse of user 6 is maintained at information typing district 31, button.onrelease receives the heartbeat message that authentication server 2 pushes, And the heartbeat message received is forwarded to intelligent U-shield device 5, to maintain the safe condition of information typing district 31.

Step S31: authentication server 2 is pushed using client public key encrypted heartbeat information to client 4.

In the specific implementation, authentication server 2 is using client public key encrypted heartbeat information (with predefined lattice by step S31 Formula and content) it is pushed to client 4.

Step S32: the outer routine call piece internal program decryption of piece in intelligent U-shield device.

After outer program receives information, piece internal program is called to use private key for user solution confidential information.

Step S33: whether the information that intelligent U-shield device judges that the outer program of piece receives is heartbeat message.

Step S34: if the information that the outer program of piece in intelligent U-shield device receives is heartbeat message, judge the heartbeat Whether information is overtime.

If it has timed out, then the outer program of piece regards it as invalid heartbeat, it is transferred to step S00, the outer program of piece is by bi-colour LED 24 are set to red.

Step S35: if had not timed out, intelligent U-shield device generates response message, and bi-colour LED 24 according to heartbeat message It is set to green.

Step S36: if the information that the outer program of piece receives in intelligent U-shield device is not heartbeat message, the outer program tune of piece It is handled with piece internal program by processing result loopback client 4.

Step S37: after client event processing routine receives heartbeat message, the WEB server 1 being directed toward by URL is to testing It demonstrate,proves 2 loopback heartbeat message of server and receives confirmation.

Step S38: response message of the client 4 to be received such as authentication server 2 to heartbeat message.

Step S39: authentication server 2 judges whether to receive client 4 to the response message of heartbeat message.

If authentication server 2 receives client 4 to the response message of heartbeat message, step S09 continuation is jumped to Heartbeat message is pushed to client 4, in cycles.

Step S40: it if authentication server 2 is not received by response of the client 4 to heartbeat message, enters step 442, authentication server 2 stops pushing heartbeat message to client 4.

Step S41: user 6 is before information input column 32 inputs information, in input information process, before submitting information, and user 6 It needs to keep mouse in information typing district 31, and whether the bi-colour LED 24 for observing intelligent U-shield device 5 is always maintained at green light State.

Referring to Figure 12, it is to be understood that the step of the top one arranges in Figure 12 (S03-S04, S07-S09, S22-S28 And S32-S36) be the movement that intelligent U-shield device 5 is initiated, an intermediate column step (S00-S02, S05-S06, S10-S11, S21, S29-S30, S37) it is the movement that client is initiated, and S41 is in user needs to pay attention to when client 4 inputs relevant information The step of appearance, bottom one arranges (S12-S20, S31 and S38-S40) is the movement that server end is initiated.User 6 completes information After submission, it is transferred to other webpages or mouse leave message typing area 31, the bi-colour LED 24 of intelligent U-shield device 5 can be transformed into Red status, state instruction user 6 are currently located webpage and do not verify or verify not over individual privacy information is in danger Dangerous state, user 6 can voluntarily choose whether to continue to operate according to the operation purpose of oneself.

Based on the same inventive concept, the embodiment of the present application also provides the authentication device of the Web site based on U-shield device, It can be used to implement method described in above-described embodiment, such as the following examples.Due to the Web site based on U-shield device The principle that authentication device solves the problems, such as is similar to the authentication method of the Web site based on U-shield device, therefore based on U-shield device The authentication method that the implementation of the authentication device of Web site may refer to the Web site based on U-shield device is implemented, and repeats place not It repeats again.Used below, the group of the software and/or hardware of predetermined function may be implemented in term " unit " or " module " It closes.Although system described in following embodiment is preferably realized with software, the combination of hardware or software and hardware Realization be also that may and be contemplated.

The embodiment of the present invention provide a kind of certification that can be realized the Web site based on U-shield device determine method based on U The specific embodiment of the authentication device of the Web site of shield device, the authentication device of the Web site based on U-shield device are specifically wrapped Include following content:

It is found that the present invention provides the authentication device of the Web site based on U-shield device, U-shield device passes through to pre- foregoing description If random number, sequence number and current web page data input request corresponding session identification data and current web page unified resource It is verified solicited message after locator data encryption, server can be to current where user according to the checking solicited message After website is authenticated, and authentication result is prompted to user, and certification passes through, persistently keep using by heartbeat message technology Safe condition of the family in the information typing district operation of current web page.To sum up, the present invention provides the certification Web based on U-shield device The method, apparatus and system of website can identify illegal website, and compared with current technology, having does not have typing individual letter in user Before typing information is submitted not yet before breath or, so that it may notify whether user's current web page is effective, remove the non-net of justice from The advantages that risk of the personal information of user, is stolen at station, and this method is easy to operate for a user, and highly-safe, Ke Yiyou Infringement of the effect ground prevention illegal website to client personal information.

Embodiments herein also provides the certification that can be realized the Web site based on U-shield device in above-described embodiment The specific embodiment of the Verification System of a kind of Web site based on U-shield device of Overall Steps in method, referring to Fig. 1, this is System includes following content:

Client is sent to U-shield dress for obtaining verification information, and by verification information with U-shield device and server communication It sets, wherein verification information includes data input request corresponding session identification data and current web page of the user in current web page Uniform resource locator data.

The checking solicited message that U-shield device is sent is received, and checking solicited message is forwarded to server, so that server Current web page is authenticated, wherein checking solicited message by U-shield device to the random number of generation, the sequence number of U-shield device and It is obtained after verification information encryption.

U-shield device, for receiving the verification information of client transmission, wherein verification information includes user in current web page Data input request corresponding session identification data and current web page uniform resource locator data.

Encrypted authentication solicited message, wherein checking solicited message is by adding preset random number, sequence number and verification information It is obtained after close；And checking solicited message is sent to by server by client.

Current web page is authenticated according to the second random number generated by server that random number and client forward.

Server, for receive client transmission checking solicited message, wherein checking solicited message by it is preset with It is obtained after machine number, sequence number and verification information encryption；Verification information includes that user corresponds in the data input request of current web page Session identification data and current web page uniform resource locator data.

Current web page is authenticated according to verification information.

Embodiments herein also provides the certification that can be realized the Web site based on U-shield device in above-described embodiment The specific embodiment of a kind of electronic equipment of Overall Steps in method, referring to Figure 14, electronic equipment specifically includes following content:

Processor (processor) 1201, memory (memory) 1202, communication interface (Communications Interface) 1203 and bus 1204；

Wherein, processor 1201, memory 1202, communication interface 1203 complete mutual communication by bus 1204； Communication interface 1203 passes for realizing the information between the relevant devices such as server-side devices, U-shield device and client device It is defeated.

Processor 1201 is used to call the computer program in memory 1202, and processor is realized when executing computer program Overall Steps in the authentication method of the Web site based on U-shield device in above-described embodiment, for example, processor executes calculating Following step is realized when machine program:

Step 200: the checking solicited message that U-shield device is sent is received, and checking solicited message is forwarded to server, with Authenticate server to current web page, wherein checking solicited message is by U-shield device to the random number of generation, U-shield device It is obtained after sequence number and verification information encryption.

Step 400: encrypted authentication solicited message, wherein checking solicited message is by preset random number, sequence number and testing It is obtained after card information encryption；And checking solicited message is sent to by server by client.

Step 500: the second random number generated by server forwarded according to random number and client to current web page into Row certification.

Step 600: receiving the checking solicited message that client is sent, wherein checking solicited message is by preset random It is obtained after number, sequence number and verification information encryption；Verification information includes that user is corresponding in the data input request of current web page Session identification data and current web page uniform resource locator data.

Foregoing description is it is found that electronic equipment in the embodiment of the present application, U-shield device pass through to preset random number, sequence Number and the data input of current web page request corresponding session identification data and current web page uniform resource locator data encryption After be verified solicited message, server can authenticate the current site where user according to the checking solicited message, And authentication result is prompted to user, and after authenticating and passing through, persistently keep user in current web page by heartbeat message technology Information typing district operation when safe condition.To sum up, the present invention provides the method for the certification Web site based on U-shield device, dress It sets and system can identify illegal website, compared with current technology, with before user does not have typing personal information or Before typing information is submitted not yet, so that it may notify whether user's current web page is effective, remove illegal website from and steal user's The advantages that risk of personal information, this method is easy to operate for a user, and highly-safe, can effectively guard against illegal Infringement of the website to client personal information.

Embodiments herein also provides the certification that can be realized the Web site based on U-shield device in above-described embodiment A kind of computer readable storage medium of Overall Steps in method is stored with computer program on computer readable storage medium, The computer program realizes the authentication method of the Web site based on U-shield device in above-described embodiment when being executed by processor Overall Steps, for example, processor realizes following step when executing computer program:

Foregoing description it is found that computer readable storage medium in the embodiment of the present application, U-shield device by it is preset with The data input of machine number, sequence number and current web page requests corresponding session identification data and current web page uniform resource locator Be verified solicited message after data encryption, server according to the checking solicited message can to the current site where user into After row authenticates, and authentication result is prompted to user, and certification passes through, user is persistently kept to work as by heartbeat message technology Safe condition when the information typing district operation of preceding webpage.To sum up, the present invention provides the certification Web site based on U-shield device Method, apparatus and system can identify illegal website, compared with current technology, have before user does not have typing personal information Or there are no before submitting for typing information, so that it may notify whether user's current web page is effective, remove illegal website from and steal The advantages that risk of the personal information of user, this method is easy to operate for a user, and highly-safe, can effectively prevent Infringement of the model illegal website to client personal information.

All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for hardware+ For program class embodiment, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to side The part of method embodiment illustrates.

It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.

Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive The labour for the property made may include more or less operating procedure.The step of enumerating in embodiment sequence is only numerous steps One of execution sequence mode, does not represent and unique executes sequence.It, can when device or client production in practice executes To execute or parallel execute (such as at parallel processor or multithreading according to embodiment or method shown in the drawings sequence The environment of reason).

Although this specification embodiment provides the method operating procedure as described in embodiment or flow chart, based on conventional It may include either more or less operating procedure without creative means.The step of being enumerated in embodiment sequence be only One of numerous step execution sequence mode does not represent and unique executes sequence.Device or end product in practice is held When row, can be executed according to embodiment or method shown in the drawings sequence or it is parallel execute (such as parallel processor or The environment of multiple threads, even distributed data processing environment).The terms "include", "comprise" or its any other change Body is intended to non-exclusive inclusion, so that process, method, product or equipment including a series of elements are not only wrapped Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, product Or the element that equipment is intrinsic.In the absence of more restrictions, being not precluded is including process, the side of the element There is also other identical or equivalent elements in method, product or equipment.

For convenience of description, it is divided into various modules when description apparatus above with function to describe respectively.Certainly, implementing this The function of each module can be realized in the same or multiple software and or hardware when specification embodiment, it can also be by reality Show the module of same function by the combination realization etc. of multiple submodule or subelement.Installation practice described above is only Schematically, for example, the division of the unit, only a kind of logical function partition, can there is other draw in actual implementation The mode of dividing, such as multiple units or components can be combined or can be integrated into another system, or some features can be ignored, Or it does not execute.Another point, shown or discussed mutual coupling, direct-coupling or communication connection can be by one The indirect coupling or communication connection of a little interfaces, device or unit can be electrical property, mechanical or other forms.

It is also known in the art that other than realizing controller in a manner of pure computer readable program code, it is complete Entirely can by by method and step carry out programming in logic come so that controller with logic gate, switch, specific integrated circuit, programmable Logic controller realizes identical function with the form for being embedded in microcontroller etc..Therefore this controller is considered one kind Hardware component, and the structure that the device for realizing various functions that its inside includes can also be considered as in hardware component.Or Person even, can will be considered as realizing the device of various functions either the software module of implementation method can be hardware again Structure in component.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices or Any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, computer Readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.

It will be understood by those skilled in the art that the embodiment of this specification can provide as the production of method, system or computer program Product.Therefore, in terms of this specification embodiment can be used complete hardware embodiment, complete software embodiment or combine software and hardware Embodiment form.Moreover, it wherein includes computer available programs that this specification embodiment, which can be used in one or more, Implement in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of code The form of computer program product.

This specification embodiment can describe in the general context of computer-executable instructions executed by a computer, Such as program module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, journey Sequence, object, component, data structure etc..This specification embodiment can also be practiced in a distributed computing environment, in these points Cloth calculates in environment, by executing task by the connected remote processing devices of communication network.In distributed computing ring In border, program module can be located in the local and remote computer storage media including storage equipment.

All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", The description of " specific example " or " some examples " etc. means specific features described in conjunction with this embodiment or example, structure, material Or feature is contained at least one embodiment or example of this specification embodiment.In the present specification, to above-mentioned term Schematic representation be necessarily directed to identical embodiment or example.Moreover, description specific features, structure, material or Person's feature may be combined in any suitable manner in any one or more of the embodiments or examples.In addition, in not conflicting feelings Under condition, those skilled in the art by different embodiments or examples described in this specification and different embodiment or can show The feature of example is combined.

The foregoing is merely the embodiments of this specification embodiment, are not limited to this specification embodiment.It is right For those skilled in the art, this specification embodiment can have various modifications and variations.It is all in this specification embodiment Any modification, equivalent replacement, improvement and so within spirit and principle, the right that should be included in this specification embodiment are wanted Within the scope of asking.

Claims

1. a kind of authentication method of the Web site based on U-shield device characterized by comprising

Verification information is obtained, and the verification information is sent to U-shield device, wherein the verification information includes that user is working as The data input of preceding webpage requests corresponding session identification data and current web page uniform resource locator data；

The checking solicited message that the U-shield device is sent is received, and the checking solicited message is forwarded to server, so that institute It states server to authenticate current web page, wherein the checking solicited message is random to the first of generation by the U-shield device It is obtained after the sequence number of several, the described U-shield device and verification information encryption.

2. the method as described in claim 1, which is characterized in that further include:

If certification passes through, the heartbeat message that forwarding is sent by server to the U-shield device, and forwarding is by the U-shield device The response message fed back is to the server.

3. a kind of authentication method of the Web site based on U-shield device characterized by comprising

Receive the verification information that client is sent, wherein the verification information includes that user asks in the data input of current web page Ask corresponding session identification data and current web page uniform resource locator data；

Encrypted authentication solicited message, wherein the checking solicited message is by preset first random number, sequence number and described testing It is obtained after card information encryption；And the checking solicited message is sent to by server by client；

First random number is compared with what the client forwarded by the second random number that the server generates.

4. method as claimed in claim 3, which is characterized in that further include:

If certification passes through, response message is generated according to from the received heartbeat message of the client, and by the response message It is forwarded to the server by the client, wherein the heartbeat message is generated by the server.

5. a kind of authentication method of the Web site based on U-shield device characterized by comprising

Receive the checking solicited message that client is sent, wherein the checking solicited message is by preset first random number, sequence It is obtained after row number and verification information encryption；The verification information includes that user corresponds in the data input request of current web page Session identification data and current web page uniform resource locator data；

Current web page is authenticated according to verification information；

According to authentication result, the second random number is generated, and second random number is forwarded to the U-shield by the client Device.

6. method as claimed in claim 5, which is characterized in that further include:

If certification passes through, transmission heartbeat message to the client, and receive and sent out by what client forwarded by the U-shield device Response message out.

7. a kind of Verification System of the Web site based on U-shield device characterized by comprising

Client is sent to U-shield dress for obtaining verification information, and by the verification information with U-shield device and server communication It sets, wherein the verification information, which includes user, requests corresponding session identification data and current in the data input of current web page Webpage uniform resource locator data；

The checking solicited message that the U-shield device is sent is received, and the checking solicited message is forwarded to server, so that institute It states server to authenticate current web page, wherein the checking solicited message is random to the first of generation by the U-shield device It is obtained after the sequence number of several, the described U-shield device and verification information encryption；

Encrypted authentication solicited message；

The second random number generated by the server forwarded according to first random number and the client is to current net Page is authenticated；

Server, for receiving the checking solicited message of client transmission；

Current web page is authenticated according to verification information；

8. a kind of authentication device of the Web site based on U-shield device characterized by comprising

Verification information acquiring unit is sent to U-shield device for obtaining verification information, and by the verification information, wherein described Verification information includes data input request corresponding session identification data and current web page unified resource of the user in current web page Locator data；

Checking solicited message receiving unit, the checking solicited message sent for receiving the U-shield device, and the verifying is asked Information is asked to be forwarded to server, so that the server authenticates current web page, wherein the checking solicited message is by institute It states after U-shield device encrypts the first random number of generation, the sequence number of the U-shield device and the verification information and obtains.

9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that the processor realizes that claim 1 to 6 is any described based on U when executing the computer program The authentication method of the Web site of shield device.

10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has perform claim It is required that the computer program of the authentication method of 1 to 6 any Web site based on U-shield device.