CN110677431A - Bidirectional verification method and device - Google Patents

Bidirectional verification method and device Download PDF

Info

Publication number
CN110677431A
CN110677431A CN201910974225.XA CN201910974225A CN110677431A CN 110677431 A CN110677431 A CN 110677431A CN 201910974225 A CN201910974225 A CN 201910974225A CN 110677431 A CN110677431 A CN 110677431A
Authority
CN
China
Prior art keywords
short message
verification
client
server
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910974225.XA
Other languages
Chinese (zh)
Inventor
陈本峰
冀托
付安龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunshen Interconnection (beijing) Technology Co Ltd
Original Assignee
Yunshen Interconnection (beijing) Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunshen Interconnection (beijing) Technology Co Ltd filed Critical Yunshen Interconnection (beijing) Technology Co Ltd
Priority to CN201910974225.XA priority Critical patent/CN110677431A/en
Publication of CN110677431A publication Critical patent/CN110677431A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Abstract

The embodiment of the invention relates to the technical field of network security, in particular to a method and a device for bidirectional verification. The application provides a bidirectional verification method, which is applied to a server; the method comprises the following steps: receiving a short message sent by a client, wherein the short message is encrypted by the client by using a preset secret key; decrypting the short message by using a preset secret key to obtain short message content; verifying the client according to the verification parameters in the short message content; and if the verification is not passed, refusing to receive the data sent by the client. The invention solves the problem of low security caused by only adopting user name and password for verification in the prior art. The invention firstly uses the encrypted short message for verification, and the short message also carries the verification parameters to further verify whether the client is legal or not, thereby greatly improving the safety of the system.

Description

Bidirectional verification method and device
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a method and a device for bidirectional verification.
Background
When a client logs in a server, one server usually deals with access of thousands of clients, wherein malicious clients intentionally send Dos attacks or viruses to the server are not excluded; in the prior art, the authentication mode of the client is only authentication in the form of a login user name and a login password, and if the user name and the login password of the user are stolen, the server is still attacked to cause damage.
Disclosure of Invention
Therefore, embodiments of the present invention provide a method and an apparatus for bidirectional authentication, so as to solve the problem of low security caused by only using user name and password authentication in the prior art.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of the embodiments of the present invention, a method for bidirectional authentication is applied to a server; the method comprises the following steps:
receiving a short message sent by a client, wherein the short message is encrypted by the client by using a preset secret key;
decrypting the short message by using a preset secret key to obtain short message content;
verifying the client according to the verification parameters in the short message content;
and if the verification is not passed, refusing to receive the data sent by the client.
Further, if the verification is passed, a short message is sent to the client, and the short message carries a verification code.
Further, the method further comprises: receiving a verification code sent to the server after the client receives a short message carrying the verification code;
and judging whether the verification code is the same as the verification code sent in advance, and if not, determining that the client is illegal.
Further, if the data packets are the same, the client is determined to be legal, and the access request data packet sent by the client is received.
Further, after receiving an access request data packet, verifying verification parameters carried in the access request data packet, and after the verification is passed, opening a forbidden port and receiving range data sent by the client; and after the receiving is finished, the port is forbidden.
Further, the access request data packet includes one or more of the following: the transmission time point, the port identification to be accessed, the user name and the device identification.
If the parameters are verified successfully, determining that the client is legal; opening the forbidden port and receiving the access data sent by the client;
if one of the parameters fails to be verified, the client is determined to be illegal, and the forbidden port is not opened; the responding client is denied.
Further, for port identification, the step of verifying comprises:
comparing the received port identification with a pre-stored list of legitimate port identifications,
judging whether the received port identification is in a legal port identification list, if so, determining that the port identification is legal;
if not, the port identification is determined to be illegal.
According to a second aspect of the embodiments of the present invention, a method for bidirectional authentication is applied to a client, and the method includes:
encrypting and sending the generated short message by using a preset secret key;
and receiving a short message carrying a verification code sent by the server after the server passes the verification.
Further, after receiving a short message carrying a verification code and sent after the server passes verification, sending the verification code to the server so that the server verifies the verification code;
and if the verification passing message sent by the server is received, sending an access request data packet.
Further, the access request data packet includes authentication parameters including a transmission time point, a port identifier to be accessed, a user name and a device identifier.
According to a third aspect of the embodiments of the present invention, an apparatus for bidirectional authentication is applied to a server; the device comprises:
the receiving module is used for receiving a short message sent by a client, and the short message is encrypted by the client by using a preset secret key;
the verification processing module is used for decrypting the short message by using a preset secret key to obtain the content of the short message;
verifying the client according to the verification parameters in the short message content;
and if the verification is not passed, refusing to receive the data sent by the client.
The system further comprises a sending module, wherein the sending module is used for sending a short message to the client if the verification processing module passes the verification, and the short message carries a verification code.
According to a first aspect of the embodiments of the present invention, a bidirectional authentication apparatus applied to a client includes:
the encryption module is used for encrypting the generated short message by using a preset secret key;
the sending module is used for sending the encrypted short message to a server;
and the receiving module is used for sending the short message carrying the verification code after the server receives and passes the verification.
Further, the sending module is further configured to send a verification code to the server, so that the server verifies the verification code; and if the verification passing message sent by the server is received, sending an access request data packet.
The embodiment of the invention has the following advantages: the invention firstly uses the encrypted short message for verification, and the short message also carries the verification parameters to further verify whether the client is legal or not, thereby greatly improving the safety of the system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so that those skilled in the art can understand and read the present invention, and do not limit the conditions for implementing the present invention, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the functions and purposes of the present invention, should still fall within the scope of the present invention.
Fig. 1 is a flowchart of a method for bidirectional authentication according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a bidirectional authentication apparatus according to an embodiment of the present invention;
in the figure: 21-a sending module; 22-a receiving module; 23-authentication processing module.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
According to a first aspect of the embodiments of the present invention, a method for bidirectional authentication is applied to a server; the method comprises the following steps:
step S101, receiving a short message sent by a client, wherein the short message is encrypted by the client by using a preset secret key;
the server sets a key for each device of each user; one person can use one key. Is a key generated when the client is installed on the user's handset.
Step S102, decrypting the short message by using a preset secret key to obtain short message content;
wherein, the preset key on the server and the preset key on the client are the same key.
Step S103, verifying the client according to the verification parameters in the short message content;
step S104, judging whether the verification is passed; if not, executing step S105; if yes, go to step S106;
step S105, refusing to receive the data sent by the client;
and step S106, receiving the data sent by the client.
In this case, a state in which the port is disabled may be preset, and when it is decided to receive data, the port is opened to receive data. After the data reception is finished, the port is disabled.
According to the method, the client is verified by the encrypted short message, so that the safety is improved.
Further, if the verification is passed, a short message is sent to the client, and the short message carries a verification code.
Wherein, the verification code can be Arabic numerals with 6 digits; such as 235980; it may also be 6 letters, or a mixture of letters and numbers, or special characters.
Further, the method further comprises: receiving a verification code sent to the server after the client receives a short message carrying the verification code;
after receiving the verification code, the client inputs the verification code on the login page; the browser sends the verification code to a server;
and judging whether the verification code is the same as the verification code sent in advance, and if not, determining that the client is illegal.
And the server receives the verification code input by the user on the login page, and if the verification code is inconsistent with the verification code, the server refuses to accept the access of the client.
Further, if the data packets are the same, the client is determined to be legal, and the access request data packet sent by the client is received.
Further, after receiving an access request data packet, verifying verification parameters carried in the access request data packet, and after the verification is passed, opening a forbidden port and receiving range data sent by the client; and after the receiving is finished, the port is forbidden.
The disabled state of the port is preset by the server;
further, the access request data packet includes one or more of the following: the transmission time point, the port identification to be accessed, the user name and the device identification.
If the parameters are verified successfully, determining that the client is legal; opening the forbidden port and receiving the access data sent by the client;
if one of the parameters fails to be verified, the client is determined to be illegal, and the forbidden port is not opened; the responding client is denied.
Further, for port identification, the step of verifying comprises:
comparing the received port identification with a pre-stored list of legitimate port identifications,
judging whether the received port identification is in a legal port identification list, if so, determining that the port identification is legal;
if not, the port identification is determined to be illegal.
According to a second aspect of the embodiments of the present invention, a method for bidirectional authentication is applied to a client, and the method includes:
encrypting and sending the generated short message by using a preset secret key;
and receiving a short message carrying a verification code sent by the server after the server passes the verification.
Further, sending a verification code to the server to enable the server to verify the verification code;
and if the verification passing message sent by the server is received, sending an access request data packet.
Further, the access request data packet includes authentication parameters including a transmission time point, a port identifier to be accessed, a user name and a device identifier.
According to a third aspect of the embodiments of the present invention, an apparatus for bidirectional authentication is applied to a server; referring to fig. 2, a schematic structural diagram of a bidirectional authentication device is shown, the device includes:
the receiving module 21 is configured to receive a short message sent by a client, where the short message is encrypted by the client using a preset key;
the verification processing module 22 is configured to decrypt the short message with a preset key to obtain the content of the short message;
verifying the client according to the verification parameters in the short message content;
and if the verification is not passed, refusing to receive the data sent by the client.
The system further comprises a sending module, wherein the sending module is used for sending a short message to the client if the verification of the verification processing module is passed, and the short message carries a verification code.
Further, the verification processing module 22 is further configured to, after receiving the access request data packet, verify the verification parameters carried in the access request data packet, and after the verification is passed, open the disabled port and receive the range data sent by the client; and after the receiving is finished, the port is forbidden.
The disabled state of the port is preset by the server;
further, the access request data packet includes one or more of the following: the transmission time point, the port identification to be accessed, the user name and the device identification.
The verification processing module 22 is further configured to determine that the client is legal if all the parameters are verified successfully; opening the forbidden port and receiving the access data sent by the client;
if one of the parameters fails to be verified, the client is determined to be illegal, and the forbidden port is not opened; the responding client is denied.
Further, the verification processing module 22 is further configured to, for port identification verification, perform the steps of:
comparing the received port identification with a pre-stored list of legitimate port identifications,
judging whether the received port identification is in a legal port identification list, if so, determining that the port identification is legal;
if not, the port identification is determined to be illegal.
The authentication processing module is further configured to, for user name authentication, perform authentication including:
if the user name is in a preset legal user name set, determining that the user name is legal;
and if the user name is not in the preset legal user name set, determining that the user name is illegal.
The verification processing module is further configured to verify the device identifier, and the verifying includes:
if the equipment identifier is in a preset legal equipment identifier set, determining that the equipment identifier is legal;
and if the device identification is not in the preset legal device identification set, determining that the device identification is illegal.
According to a fourth aspect of the embodiments of the present invention, a method for bidirectional authentication is applied to a client, and the method includes:
encrypting and sending the short message by using a preset secret key;
and receiving a short message carrying a verification code sent by the server after the server passes the verification.
Further, sending a verification code to the server to enable the server to verify the verification code;
and if the verification passing message sent by the server is received, sending an access request data packet.
Further, the access request data packet includes authentication parameters including a transmission time point, a port identifier to be accessed, a user name and a device identifier
According to a second aspect of the embodiments of the present invention, an apparatus for bidirectional authentication, applied to a client, includes:
the encryption module is used for encrypting the generated short message by using a preset secret key;
the sending module is used for sending the encrypted short message to a server;
and the receiving module is used for receiving the short message carrying the verification code sent by the server after the short message passes the verification.
Further, the sending module is further configured to send a verification code to the server, so that the server verifies the verification code; and if the verification passing message sent by the server is received, sending an access request data packet.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.

Claims (10)

1. A method of two-way authentication is characterized in that the method is applied to a server; the method comprises the following steps:
receiving a short message sent by a client, wherein the short message is encrypted by the client by using a preset secret key;
decrypting the short message by using a preset secret key to obtain short message content;
verifying the client according to the verification parameters in the short message content;
and if the verification is not passed, refusing to receive the data sent by the client.
2. The method of claim 1,
and if the verification is passed, sending a short message to the client, wherein the short message carries a verification code.
3. The method of claim 2, wherein the method further comprises: receiving a verification code sent to the server after the client receives a short message carrying the verification code;
and judging whether the verification code is the same as the verification code sent in advance, and if not, determining that the client is illegal.
4. The method of claim 2, wherein if the two are the same, the client is determined to be legal, and the access request data packet sent by the client is received.
5. A method for bidirectional authentication, which is applied to a client, the method comprising:
encrypting and sending the generated short message by using a preset secret key;
and receiving the short message carrying the verification code sent by the server after the short message passes the verification.
6. The method of claim 5, wherein after receiving the short message carrying the verification code sent by the server after passing the verification, the method comprises:
sending a verification code to the server to enable the server to verify the verification code;
and if the verification passing message sent by the server is received, sending an access request data packet.
7. A device for bidirectional authentication is applied to a server; the device comprises:
the receiving module is used for receiving a short message sent by a client, and the short message is encrypted by the client by using a preset secret key;
the verification processing module is used for decrypting the short message by using a preset secret key to obtain the content of the short message;
verifying the client according to the verification parameters in the short message content;
and if the verification is not passed, refusing to receive the data sent by the client.
8. The apparatus of claim 7, further comprising a sending module, wherein the sending module is further configured to send a short message to the client if the verification processing module passes the verification, and the short message carries a verification code.
9. An apparatus for bidirectional authentication, applied to a client, includes:
the encryption module is used for encrypting the generated short message by using a preset secret key;
the sending module is used for sending the encrypted short message to a server;
and the receiving module is used for receiving the short message carrying the verification code sent by the server after the server passes the verification.
10. The apparatus of claim 9, wherein the sending module is further configured to send a validation code to the server to cause the server to validate the validation code; and if the verification passing message sent by the server is received, sending an access request data packet.
CN201910974225.XA 2019-10-14 2019-10-14 Bidirectional verification method and device Pending CN110677431A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910974225.XA CN110677431A (en) 2019-10-14 2019-10-14 Bidirectional verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910974225.XA CN110677431A (en) 2019-10-14 2019-10-14 Bidirectional verification method and device

Publications (1)

Publication Number Publication Date
CN110677431A true CN110677431A (en) 2020-01-10

Family

ID=69082216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910974225.XA Pending CN110677431A (en) 2019-10-14 2019-10-14 Bidirectional verification method and device

Country Status (1)

Country Link
CN (1) CN110677431A (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090307765A1 (en) * 2008-06-06 2009-12-10 Ebay Inc. Authenticating users and on-line sites
CN102164033A (en) * 2010-02-24 2011-08-24 腾讯科技(深圳)有限公司 Method, device and system for preventing services from being attacked
CN102300182A (en) * 2011-09-07 2011-12-28 飞天诚信科技股份有限公司 Short-message-based authentication method, system and device
US20130179683A1 (en) * 2010-09-15 2013-07-11 Eric Joubert Secure registration to a service provided by a web server
CN103345601A (en) * 2013-06-28 2013-10-09 无锡华御信息技术有限公司 Identity recording and verification system based on radio frequency
CN103795724A (en) * 2014-02-07 2014-05-14 陈珂 Method for protecting account security based on asynchronous dynamic password technology
CN106101064A (en) * 2016-05-27 2016-11-09 深圳市永兴元科技有限公司 Account login method and device
CN106375096A (en) * 2016-09-09 2017-02-01 北京小米移动软件有限公司 Short message verification method and device
CN107770155A (en) * 2017-09-22 2018-03-06 维沃移动通信有限公司 A kind of short-message verification method and mobile terminal
CN108900479A (en) * 2018-06-12 2018-11-27 泰康保险集团股份有限公司 Short message verification code acquisition methods and device
CN109525565A (en) * 2018-11-01 2019-03-26 石豫扬 A kind of defence method and system for SMS interception attack
CN112566121A (en) * 2020-12-09 2021-03-26 北京深思数盾科技股份有限公司 Method for preventing attack, server, electronic equipment and storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090307765A1 (en) * 2008-06-06 2009-12-10 Ebay Inc. Authenticating users and on-line sites
CN102164033A (en) * 2010-02-24 2011-08-24 腾讯科技(深圳)有限公司 Method, device and system for preventing services from being attacked
US20130179683A1 (en) * 2010-09-15 2013-07-11 Eric Joubert Secure registration to a service provided by a web server
CN102300182A (en) * 2011-09-07 2011-12-28 飞天诚信科技股份有限公司 Short-message-based authentication method, system and device
CN103345601A (en) * 2013-06-28 2013-10-09 无锡华御信息技术有限公司 Identity recording and verification system based on radio frequency
CN103795724A (en) * 2014-02-07 2014-05-14 陈珂 Method for protecting account security based on asynchronous dynamic password technology
CN106101064A (en) * 2016-05-27 2016-11-09 深圳市永兴元科技有限公司 Account login method and device
CN106375096A (en) * 2016-09-09 2017-02-01 北京小米移动软件有限公司 Short message verification method and device
CN107770155A (en) * 2017-09-22 2018-03-06 维沃移动通信有限公司 A kind of short-message verification method and mobile terminal
CN108900479A (en) * 2018-06-12 2018-11-27 泰康保险集团股份有限公司 Short message verification code acquisition methods and device
CN109525565A (en) * 2018-11-01 2019-03-26 石豫扬 A kind of defence method and system for SMS interception attack
CN112566121A (en) * 2020-12-09 2021-03-26 北京深思数盾科技股份有限公司 Method for preventing attack, server, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN101212297B (en) WEB-based WLAN access authentication method and system
EP1498800B1 (en) Security link management in dynamic networks
CN101192926B (en) Account protection method and system
CN112039909A (en) Authentication method, device, equipment and storage medium based on unified gateway
CN105828332B (en) improved method of wireless local area network authentication mechanism
CA3035817A1 (en) System and method for decentralized authentication using a distributed transaction-based state machine
CN110830446B (en) SPA security verification method and device
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
US20050198501A1 (en) System and method of providing credentials in a network
CN106453361B (en) A kind of security protection method and system of the network information
CN101272301B (en) Safety access method of wireless metropolitan area network
US11245526B2 (en) Full-duplex password-less authentication
KR20060017594A (en) Technique for secure wireless lan access
US20110107410A1 (en) Methods, systems, and computer program products for controlling server access using an authentication server
CN101986598B (en) Authentication method, server and system
CN111800378A (en) Login authentication method, device, system and storage medium
US20220116385A1 (en) Full-Duplex Password-less Authentication
CN101827112A (en) Method and system for recognizing client software through network authentication server
CN104753886A (en) Locking method for remote user, unlocking method and device
CN101621503A (en) Identity identification system and method being applied under virtual private network framework
KR100819024B1 (en) Method for authenticating user using ID/password
CN112016073A (en) Method for constructing server zero trust connection architecture
CN106576050B (en) Three-tier security and computing architecture
EP2940618A1 (en) Method, system, user equipment and program for authenticating a user
CN106412904B (en) Method and system for preventing counterfeit user authentication authority

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200110

RJ01 Rejection of invention patent application after publication