CN111131140A - Method and system for enhancing login security of Windows operating system based on message pushing - Google Patents

Method and system for enhancing login security of Windows operating system based on message pushing Download PDF

Info

Publication number
CN111131140A
CN111131140A CN201910939703.3A CN201910939703A CN111131140A CN 111131140 A CN111131140 A CN 111131140A CN 201910939703 A CN201910939703 A CN 201910939703A CN 111131140 A CN111131140 A CN 111131140A
Authority
CN
China
Prior art keywords
login
information
mobile terminal
authentication
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910939703.3A
Other languages
Chinese (zh)
Other versions
CN111131140B (en
Inventor
胡进
张庆勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN ARGUSEC TECHNOLOGY CO LTD
Beijing Infosec Technologies Co Ltd
Original Assignee
WUHAN ARGUSEC TECHNOLOGY CO LTD
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WUHAN ARGUSEC TECHNOLOGY CO LTD, Beijing Infosec Technologies Co Ltd filed Critical WUHAN ARGUSEC TECHNOLOGY CO LTD
Priority to CN201910939703.3A priority Critical patent/CN111131140B/en
Publication of CN111131140A publication Critical patent/CN111131140A/en
Application granted granted Critical
Publication of CN111131140B publication Critical patent/CN111131140B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

The invention discloses a method for enhancing the login security of a Windows operating system based on message pushing, which is applied to the environment of an authentication server, a client and a mobile terminal, and comprises the following steps: the client sends a login authentication request message to the mobile terminal through the authentication server after receiving a login request from an operating system login user, the mobile terminal generates one-time login authentication information by using identity identification information and the login authentication request message, and sends the one-time login authentication information to the authentication server, the authentication server judges whether the one-time login authentication information from the mobile terminal is valid, if so, the authentication server sends a successful authentication result to the client, and the client logs in the operating system by using the operating system login user name according to the successful authentication result. The invention can effectively solve the technical problem that the Windows operating system can not be logged in when the operating system login user forgets the static password in the existing login mode of the Windows operating system.

Description

Method and system for enhancing login security of Windows operating system based on message pushing
Technical Field
The invention belongs to the technical field of information security and internet communication, and particularly relates to a method and a system for enhancing the login security of a Windows operating system based on message pushing.
Background
Currently, Windows operating systems are becoming more widely used.
The login mode of the existing Windows operating system is mainly that the login user of the operating system inputs a correct static password, but the login mode has some technical problems which are not negligible: firstly, an operating system login user needs to remember the static password firmly, and once the static password is forgotten, the operating system login user cannot log in the Windows operating system completely; second, the static password is stored in a file of the Windows operating system, and the file is easily stolen, so that the static password is easily cracked by a hacker.
Disclosure of Invention
Aiming at the defects or improvement requirements in the prior art, the invention provides a method and a system for enhancing the login security of a Windows operating system based on message pushing, and aims to effectively solve the technical problems that the operating system can not be logged in the Windows operating system when a login user of the operating system forgets a static password in the login mode of the existing Windows operating system and the static password is easy to crack because a file storing the static password is easy to steal.
To achieve the above object, according to one aspect of the present invention, there is provided a method for enhancing Windows operating system login security based on message pushing, which is applied in an environment of an authentication server, a client, and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the method comprising the following steps:
(1) after receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
(2) the mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message;
(3) the mobile terminal sends the one-time login verification information to an authentication server;
(4) the authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (5) is carried out, and if not, the step (7) is carried out;
(5) the authentication server sends a verification success result to the client;
(6) the client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
(7) the authentication server informs the client that the verification fails, and the process is finished.
Preferably, the login authentication request message includes one or more of a nonce, a client hardware identification, and a Windows operating system identification of the client.
Preferably, the identification information of the mobile terminal includes one or more of a private key, an encryption certificate, a seed key, and biometric information of the operating system login user of the mobile terminal.
Preferably, when the identification information of the mobile terminal is the private key of the mobile terminal, the process of generating the one-time login verification information by using the identification information of the mobile terminal and the login authentication request message is to perform digital signature operation on the login authentication request message by using the private key of the mobile terminal to generate signature information as the one-time login verification information;
when the identity identification information of the mobile terminal is the encrypted certificate of the mobile terminal, the identity identification information of the mobile terminal and the login authentication request message are used for generating the one-time login authentication information, and the process is that the encrypted certificate of the mobile terminal is used for carrying out encryption operation on the login authentication request message to generate the encrypted information as the one-time login authentication information;
when the identity identification information of the mobile terminal is the seed key of the mobile terminal, the process of generating the one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to use the seed key of the mobile terminal to perform dynamic password operation on the login authentication request message to generate a one-time dynamic password as the one-time login verification information;
when the identification information of the mobile terminal is the biological identification information of the operating system login user of the mobile terminal, the process of generating the one-time login verification information by using the identification information of the mobile terminal and the login authentication request message is to calculate the login authentication request message by using the biological identification information of the operating system login user of the mobile terminal to generate the authentication information as the one-time login verification information.
Preferably, when the one-time login verification information is signature information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server performs validity authentication on the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, otherwise, the one-time login verification information is invalid;
when the one-time login verification information is encrypted information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, searching a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server by using the private key, decrypting the encrypted information by using the private key, if the decryption is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is dynamic password information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, judging whether the dynamic password is valid or not by the authentication server, if so, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, otherwise, the one-time login verification information is indicated to be invalid.
Preferably, the operating system login user name is included in the login authentication request message in step (1), or is built in the mobile terminal in step (3), or is created by the authentication server in step (5) when the mobile terminal registers with it.
Preferably, before the step (1), the client detects whether the client is networked, if so, the step (1) is entered, otherwise, the client simulates and displays a default Windows login interface for the login user of the operating system to log in, and the process is finished.
Preferably, after the step (2) and before the step (3), the mobile terminal performs identity authentication on the operating system login user, if the authentication is successful, the step (3) is performed, and if the authentication is failed, the process is ended.
Preferably, when the login authentication request message in step (1) includes the identity authentication information of the generator, the method further includes, after step (2) and before step (3), verifying the identity authentication information by the mobile terminal, and if the verification is successful, entering step (3), and if the verification is unsuccessful, ending the process.
Preferably, the identity authentication information of the login authentication request message generator may be signature information; when the identity authentication information is signature information, the mobile terminal verifies the identity authentication information, specifically, the mobile terminal verifies the validity of the signature information, if the identity authentication information is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid; when the identity authentication information is encrypted information, the process that the mobile terminal verifies the identity authentication information is specifically that the mobile terminal searches a private key which is stored by the mobile terminal and generated when the mobile terminal registers to the authentication server, then decrypts the encrypted information by using the private key, if the decryption is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid; when the identity authentication information is dynamic password information, the process that the mobile terminal verifies the identity authentication information is that the mobile terminal judges whether the dynamic password is valid, if so, the identity authentication information is valid, and otherwise, the identity authentication information is invalid.
According to another aspect of the present invention, there is provided a system for enhancing login security of a Windows operating system based on message pushing, which is applied in an environment of an authentication server, a client, and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the system comprising:
the system comprises a first module, a second module and a third module, wherein the first module is arranged in a client and used for pushing a login authentication request message to a mobile terminal through an authentication server after receiving a login request from an operating system login user;
the second module is arranged in the mobile terminal and used for generating one-time login verification information by utilizing the identity identification information and the login authentication request message of the mobile terminal;
a third module, which is arranged in the mobile terminal and is used for sending the one-time login verification information to the authentication server, generating the one-time login verification information by using the identity identification information and the login authentication request message of the authentication server, and sending the one-time login verification information to the authentication server;
the fourth module is arranged in the authentication server and used for judging whether the one-time login verification information from the mobile terminal is valid or not, if so, switching to the fifth module, and otherwise, switching to the seventh module;
a fifth module, disposed in the authentication server, for sending a successful verification result to the client;
a sixth module, which is arranged in the client and used for logging in the operating system by using the operating system to log in the user name according to the successful verification result, and the process is finished;
and the seventh module is arranged in the authentication server and used for notifying the client that the verification fails and finishing the process.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
(1) because the invention provides a mode of logging in the Windows operating system by using the mobile terminal, the logging user does not need to remember the static password, thereby solving the technical problem that the existing static password logging Windows system can not log in when the logging user forgets the static password;
(2) the process of generating the one-time login verification information and the process of authenticating the validity of the one-time login verification information both use the mobile terminal identity identification information and adopt the password technology (namely signature, encryption and authentication processes) to generate the dynamic one-time login verification information, thereby improving the login security level of an operating system and solving the technical problem that a static password is easy to crack by a hacker in the existing login mode;
(3) the invention realizes Windows system login based on the mobile terminal, thereby improving the safety of Windows local account information (namely an operating system login user name and a login password), and solving the technical problem that the static password is easy to crack because a file storing the static password is easy to steal in the existing login mode.
(4) The invention does not change the original operation experience of the operating system login user even under the condition of no networking, thereby enhancing the use convenience of the operating system login user;
(5) because the invention can only generate one-time login verification information for the legal operating system login user, the safety of the method can be enhanced;
(6) because the invention verifies the identity authentication information of the login authentication request message generator, the generator of the login authentication request message can be ensured to be legal, and the login authentication request message is prevented from being replaced by a hacker, thereby further improving the safety of the method of the invention;
(7) when the operating system logs in, the complex password is used for replacing the login password originally set by the login user, so that the security strength of the login password can be enhanced, and the hacker can be prevented from cracking violently;
(8) the invention is realized based on the mobile terminal, so the operation of logging in the user is simple and the carrying is convenient.
Drawings
FIG. 1 is a flowchart of a method for enhancing Windows operating system login security based on message pushing according to a first embodiment of the present invention.
FIG. 2 is a flowchart of a method for enhancing Windows operating system login security based on message pushing according to a second embodiment of the present invention.
FIG. 3 is a flowchart of a method for enhancing Windows operating system login security based on message pushing according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
For the purpose of facilitating understanding of the present invention, the technical terms of the present invention will be explained and explained first:
authentication server (Authentication server): the authentication server is responsible for receiving a connection request of an operating system login user, authenticating the legality of the operating system login user, and then returning an authentication result to the operating system login user.
As shown in fig. 1, according to a first embodiment of the present invention, there is provided a method for enhancing Windows operating system login security based on message pushing, which is applied in an environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the method includes the following steps:
(1) after receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
specifically, the authentication server in the present invention has a Message pushing function, and can be implemented by google Cloud Message service (C2 DM for short), Message queue telemetry Transport Protocol (MQTT for short), Extensible communication and presentation Protocol (XMPP for short), third party push service, and the like.
Specifically, after receiving a login request from an operating system login user, the client sends a login authentication request message to the authentication server, and pushes the login authentication request message to the mobile terminal through the authentication server.
Specifically, the client is installed with a Windows operating system, which may be a Personal Computer (PC), a notebook (Laptop), a Server (Server), or the like.
The mobile terminal may be a terminal with identification information pre-bound to the client, including but not limited to a mobile phone, IPad, etc.
The login authentication request message can be generated by the client or the authentication server and comprises one or more of a one-time random number, a client hardware identifier and a Windows operating system identifier of the client.
Preferably, before the step (1), the client detects whether the client is networked, and if so, the step (1) is performed, otherwise, the client simulates and displays a default Windows login interface for the operating system login user to log in, and the process is ended.
The specific process of the steps is as follows: the client enters a user-defined Credential provider (CP for short) to detect whether the client is networked, if the client is networked, the step (1) is carried out, otherwise, the user-defined Credential provider simulates a default Credential provider, an interface which is the same as the default Windows login is displayed for the login of the operating system login user, after a static password input by the operating system login user is received, the default login authentication process is executed, the verification is successful, the operating system user is allowed to login, and otherwise, the operating system login user is refused to login.
The method has the advantages that the original operation experience of the operating system login user is not changed even under the condition of no networking, so that the use convenience of the operating system login user is further enhanced.
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message;
the identity information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information (including fingerprints, irises, human faces and the like) of a login user of the operating system of the mobile terminal.
Further preferably, the method of the present invention may further include, after the step (2) and before the step (3), performing identity authentication on the operating system login user by the mobile terminal, entering the step (3) if the authentication is successful, and ending the process if the authentication is failed; the identification mode comprises one or more of fingerprint authentication, iris authentication and face recognition.
The step has the advantage that only one-time login verification information is generated for a legal operating system login user, so that the safety of the method can be enhanced.
Further preferably, when the login authentication request message in step (1) includes the identity authentication information of the generator, the method of the present invention may further include, after step (2) and before step (3), verifying the identity authentication information by the mobile terminal, and if the verification is successful, entering step (3), and if the verification is unsuccessful, ending the process.
The step has the advantages that the generation party of the login authentication request message can be ensured to be legal, and the login authentication request message is prevented from being replaced by a hacker, so that the safety of the method is further improved.
The authentication information of the login authentication request message generator may be signature information, encryption information, or dynamic password information.
When the identity authentication information is signature information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal verifies the validity of the signature information, if the identity authentication information is successful, the identity authentication information is valid, and if the identity authentication information is not successful, the identity authentication information is invalid.
When the identity authentication information is encrypted information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal searches a private key which is stored by the mobile terminal and generated when the mobile terminal registers to the authentication server, then decrypts the encrypted information by using the private key, if the decryption is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid.
When the identity authentication information is dynamic password information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal judges whether the dynamic password is valid, if so, the identity authentication information is valid, and otherwise, the identity authentication information is invalid.
(3) The mobile terminal sends the one-time login verification information and an operating system login user name built in the mobile terminal to an authentication server;
in this step, the process of generating the one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal may be to perform digital signature operation on the login authentication request message by using a private key of the mobile terminal to generate signature information as the one-time login verification information, or to perform encryption operation on the login authentication request message by using an encryption certificate of the mobile terminal to generate encryption information as the one-time login verification information, or to perform dynamic password operation on the login authentication request message by using a seed key of the mobile terminal to generate a one-time dynamic password as the one-time login verification information, or to perform operation on the login authentication request message by using biometric information of an operating system login user of the mobile terminal to generate authentication information as the one-time login verification information.
(4) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (5) is carried out, and if not, the step (7) is carried out;
specifically, when the one-time login verification information is signature information, the process of determining whether the one-time login verification information from the mobile terminal is valid in this step is specifically that the authentication server performs validity authentication on the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, and if the one-time login verification information is not valid, the one-time login verification information is invalid.
When the one-time login verification information is encrypted information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server searches a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server, then the private key is used for decrypting the encrypted information, if the decryption is successful, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is dynamic password information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server judges whether the dynamic password is valid, if so, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid or not in the step is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, and otherwise, the one-time login verification information is indicated to be invalid.
(5) The authentication server sends the login user name of the operating system and the successful verification result to the client;
specifically, in this step, the authentication server sends the operating system login user name and the successful verification result to the client, where the authentication server sends the operating system login user name and the successful verification result to the client after the client polls the verification result, or the authentication server actively pushes the operating system login user name and the successful verification result to the client.
(6) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
specifically, the steps are as follows: the client executes Windows standard login authentication using the operating system login username and the saved login password.
Further preferably, the login password may be an original login password input by the operating system login user in the registration stage with the authentication server, or may be a new complex password generated by deriving the original login password by the client after the operating system login user inputs the original login password in the registration stage with the authentication server, and the client then calls the operating system to modify the login password function and uses the new complex password to replace the original login password.
The specific process of deriving the original login password is to perform a Hash operation, a Hash-based message authentication Code (HMAC) operation, or a Key Derivation Function (KDF) operation on the original login password as input.
The advantage of using the new complex password to replace the original login password in this step is that the security strength of the login password is enhanced and the hacker is prevented from breaking violently.
(7) The authentication server informs the client that the verification fails, and the process is finished.
As shown in fig. 2, according to a second embodiment of the present invention, there is provided a method for enhancing Windows operating system login security based on message pushing, which is applied in the environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the method includes the following steps:
(1) after receiving a login request from an operating system login user, a client pushes a login authentication request message to a mobile terminal through an authentication server, wherein the login authentication request message comprises an operating system login user name;
specifically, the authentication server in the present invention has a Message pushing function, and can be implemented by google Cloud Message service (C2 DM for short), Message queue telemetry Transport Protocol (MQTT for short), Extensible communication and presentation Protocol (XMPP for short), third party push service, and the like.
Specifically, after receiving a login request from an operating system login user, the client sends a login authentication request message to the authentication server, and pushes the login authentication request message to the mobile terminal through the authentication server.
Specifically, the client is installed with a Windows operating system, which may be a Personal Computer (PC), a notebook (Laptop), a Server (Server), or the like.
The mobile terminal may be a terminal with identification information pre-bound to the client, including but not limited to a mobile phone, IPad, etc.
The login authentication request message can be generated by the client or the authentication server and comprises one or more of a one-time random number, a client hardware identifier and a Windows operating system identifier of the client.
Preferably, before the step (1), the client detects whether the client is networked, and if so, the step (1) is performed, otherwise, the client simulates and displays a default Windows login interface for the operating system login user to log in, and the process is ended.
The specific process of the steps is as follows: the client enters a user-defined Credential provider (CP for short) to detect whether the client is networked, if the client is networked, the step (1) is carried out, otherwise, the user-defined Credential provider simulates a default Credential provider, an interface which is the same as the default Windows login is displayed for the login of the operating system login user, after a static password input by the operating system login user is received, the default login authentication process is executed, the verification is successful, the operating system user is allowed to login, and otherwise, the operating system login user is refused to login.
The method has the advantages that the original operation experience of the operating system login user is not changed even under the condition of no networking, so that the use convenience of the operating system login user is further enhanced.
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message;
the identity information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information (including fingerprints, irises, human faces and the like) of a login user of the operating system of the mobile terminal.
Further preferably, the method of the present invention may further include, after the step (2) and before the step (3), performing identity authentication on the operating system login user by the mobile terminal, entering the step (3) if the authentication is successful, and ending the process if the authentication is failed; the identification mode comprises one or more of fingerprint authentication, iris authentication and face recognition.
The step has the advantage that only one-time login verification information is generated for a legal operating system login user, so that the safety of the method can be enhanced.
Further preferably, when the login authentication request message in step (1) includes the identity authentication information of the generator, the method of the present invention may further include, after step (2) and before step (3), verifying the identity authentication information by the mobile terminal, and if the verification is successful, entering step (3), and if the verification is unsuccessful, ending the process.
The step has the advantages that the generation party of the login authentication request message can be ensured to be legal, and the login authentication request message is prevented from being replaced by a hacker, so that the safety of the method is further improved.
The authentication information of the login authentication request message generator is signature information, encryption information, or dynamic password information.
When the identity authentication information is signature information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal verifies the validity of the signature information, if the identity authentication information is successful, the identity authentication information is valid, and if the identity authentication information is not successful, the identity authentication information is invalid.
When the identity authentication information is encrypted information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal searches a private key which is stored by the mobile terminal and generated when the mobile terminal registers to the authentication server, then decrypts the encrypted information by using the private key, if the decryption is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid.
When the identity authentication information is dynamic password information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal judges whether the dynamic password is valid, if so, the identity authentication information is valid, and otherwise, the identity authentication information is invalid.
(3) The mobile terminal sends the one-time login verification information and the login user name of the operating system to an authentication server;
in this step, the process of generating the one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal may be to perform digital signature operation on the login authentication request message by using a private key of the mobile terminal to generate signature information as the one-time login verification information, or to perform encryption operation on the login authentication request message by using an encryption certificate of the mobile terminal to generate encryption information as the one-time login verification information, or to perform dynamic password operation on the login authentication request message by using a seed key of the mobile terminal to generate a one-time dynamic password as the one-time login verification information, or to perform operation on the login authentication request message by using biometric information of an operating system login user of the mobile terminal to generate authentication information as the one-time login verification information.
(4) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (5) is carried out, and if not, the step (7) is carried out;
specifically, when the one-time login verification information is signature information, the process of determining whether the one-time login verification information from the mobile terminal is valid in this step is specifically that the authentication server performs validity authentication on the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, and if the one-time login verification information is not valid, the one-time login verification information is invalid.
When the one-time login verification information is encrypted information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server searches a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server, then the private key is used for decrypting the encrypted information, if the decryption is successful, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is dynamic password information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server judges whether the dynamic password is valid, if so, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid or not in the step is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, and otherwise, the one-time login verification information is indicated to be invalid.
(5) The authentication server sends the login user name of the operating system and the successful verification result to the client;
specifically, in this step, the authentication server sends the operating system login user name and the successful verification result to the client, where the authentication server sends the operating system login user name and the successful verification result to the client after the client polls the verification result, or the authentication server actively pushes the operating system login user name and the successful verification result to the client.
(6) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
specifically, the steps are as follows: the client executes Windows standard login authentication using the operating system login username and the saved login password.
Further preferably, the login password may be an original login password input by the operating system login user in the registration stage with the authentication server, or may be a new complex password generated by deriving the original login password by the client after the operating system login user inputs the original login password in the registration stage with the authentication server, and the client then calls the operating system to modify the login password function and uses the new complex password to replace the original login password.
The specific process of deriving the original login password is to perform a Hash operation, a Hash-based message authentication Code (HMAC) operation, or a Key Derivation Function (KDF) operation on the original login password as input.
The advantage of using the new complex password to replace the original login password in this step is that the security strength of the login password is enhanced and the hacker is prevented from breaking violently.
(7) The authentication server informs the client that the verification fails, and the process is finished.
As shown in fig. 3, according to a third embodiment of the present invention, there is provided a method for enhancing Windows operating system login security based on message pushing, which is applied in the environment of an authentication server, a client and a mobile terminal, wherein the authentication server is communicatively connected to both the client and the mobile terminal, the method includes the following steps:
(1) after receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
specifically, the authentication server in the present invention has a Message pushing function, and can be implemented by google Cloud Message service (C2 DM for short), Message queue telemetry Transport Protocol (MQTT for short), Extensible communication and presentation Protocol (XMPP for short), third party push service, and the like.
Specifically, after receiving a login request from an operating system login user, the client sends a login authentication request message to the authentication server, and pushes the login authentication request message to the mobile terminal through the authentication server.
Specifically, the client is installed with a Windows operating system, which may be a Personal Computer (PC), a notebook (Laptop), a Server (Server), or the like.
The mobile terminal may be a terminal with identification information pre-bound to the client, including but not limited to a mobile phone, IPad, etc.
The login authentication request message can be generated by the client or the authentication server and comprises one or more of a one-time random number, a client hardware identifier and a Windows operating system identifier of the client.
Preferably, before the step (1), the client detects whether the client is networked, and if so, the step (1) is performed, otherwise, the client simulates and displays a default Windows login interface for the operating system login user to log in, and the process is ended. The specific process is as follows: the client program enters a user-defined credential provider, whether the client is networked is detected, if the client is networked, the step (1) is carried out, otherwise, the user-defined credential provider simulates a default credential provider, an interface which is the same as the default Windows login is displayed for the login of an operating system login user, after a static password input by the operating system login user is received, the default login authentication process is executed, the verification is successful, the login is allowed, and otherwise, the login is refused.
The method has the advantages that the original operation experience of the operating system login user is not changed even under the condition of no networking, so that the use convenience of the operating system login user is further enhanced.
(2) The mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message;
the identity information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information (including fingerprints, irises, human faces and the like) of a login user of the operating system of the mobile terminal.
Further preferably, the method of the present invention may further include, after the step (2) and before the step (3), performing identity authentication on the operating system login user by the mobile terminal, entering the step (3) if the authentication is successful, and ending the process if the authentication is failed; the identification mode comprises one or more of fingerprint authentication, iris authentication and face recognition.
The step has the advantage that only one-time login verification information is generated for a legal operating system login user, so that the safety of the method can be enhanced.
Further preferably, when the login authentication request message in step (1) includes the identity authentication information of the generator, the method of the present invention may further include, after step (2) and before step (3), verifying the identity authentication information by the mobile terminal, and if the verification is successful, entering step (3), and if the verification is unsuccessful, ending the process.
The step has the advantages that the generation party of the login authentication request message can be ensured to be legal, and the login authentication request message is prevented from being replaced by a hacker, so that the safety of the method is further improved.
The authentication information of the login authentication request message generator may be signature information, encryption information, or dynamic password information.
When the identity authentication information is signature information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal verifies the validity of the signature information, if the identity authentication information is successful, the identity authentication information is valid, and if the identity authentication information is not successful, the identity authentication information is invalid.
When the identity authentication information is encrypted information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal searches a private key which is stored by the mobile terminal and generated when the mobile terminal registers to the authentication server, then decrypts the encrypted information by using the private key, if the decryption is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid.
When the identity authentication information is dynamic password information, the process of verifying the identity authentication information in the step is specifically that the mobile terminal judges whether the dynamic password is valid, if so, the identity authentication information is valid, and otherwise, the identity authentication information is invalid.
(3) The mobile terminal sends the one-time login verification information to an authentication server;
in this step, the process of generating the one-time login verification information by using the identity identification information and the login authentication request message of the mobile terminal may be to perform digital signature operation on the login authentication request message by using a private key of the mobile terminal to generate signature information as the one-time login verification information, or to perform encryption operation on the login authentication request message by using an encryption certificate of the mobile terminal to generate encryption information as the one-time login verification information, or to perform dynamic password operation on the login authentication request message by using a seed key of the mobile terminal to generate a one-time dynamic password as the one-time login verification information, or to perform operation on the login authentication request message by using biometric information of an operating system login user of the mobile terminal to generate authentication information as the one-time login verification information.
(4) The authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (5) is carried out, and if not, the step (7) is carried out;
specifically, when the one-time login verification information is signature information, the process of determining whether the one-time login verification information from the mobile terminal is valid in this step is specifically that the authentication server performs validity authentication on the signature information, if the one-time login verification information is successful, the one-time login verification information is valid, and if the one-time login verification information is not valid, the one-time login verification information is invalid.
When the one-time login verification information is encrypted information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server searches a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server, then the private key is used for decrypting the encrypted information, if the decryption is successful, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is dynamic password information, the process of judging whether the one-time login verification information from the mobile terminal is valid in the step is specifically that the authentication server judges whether the dynamic password is valid, if so, the one-time login verification information is valid, and if not, the one-time login verification information is invalid.
When the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid or not in the step is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, and otherwise, the one-time login verification information is indicated to be invalid.
(5) The authentication server sends the successful verification result and the operating system login user name created when the mobile terminal registers to the authentication server to the client;
specifically, in this step, the authentication server sends the operating system login user name and the successful verification result to the client, where the authentication server sends the operating system login user name and the successful verification result to the client after the client polls the verification result, or the authentication server actively pushes the operating system login user name and the successful verification result to the client.
(6) The client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
specifically, the steps are as follows: the client executes Windows standard login authentication using the operating system login username and the saved login password.
Further preferably, the login password may be an original login password input by the operating system login user in the registration stage with the authentication server, or may be a new complex password generated by deriving the original login password by the client after the operating system login user inputs the original login password in the registration stage with the authentication server, and the client then calls the operating system to modify the login password function and uses the new complex password to replace the original login password.
The specific process of deriving the original login password is to perform a Hash operation, a Hash-based message authentication Code (HMAC) operation, or a Key Derivation Function (KDF) operation on the original login password as input.
The advantage of using the new complex password to replace the original login password in this step is that the security strength of the login password is enhanced and the hacker is prevented from breaking violently.
(7) The authentication server informs the client that the verification fails, and the process is finished.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method for enhancing the login security of a Windows operating system based on message pushing is applied to the environments of an authentication server, a client and a mobile terminal, wherein the authentication server is in communication connection with both the client and the mobile terminal, and the method is characterized by comprising the following steps:
(1) after receiving a login request from an operating system login user, a client side pushes a login authentication request message to a mobile side through an authentication server;
(2) the mobile terminal generates one-time login verification information by using the identity identification information and the login authentication request message;
(3) the mobile terminal sends the one-time login verification information to an authentication server;
(4) the authentication server judges whether the one-time login verification information from the mobile terminal is valid, if so, the step (5) is carried out, and if not, the step (7) is carried out;
(5) the authentication server sends a verification success result to the client;
(6) the client logs in the operating system by using the operating system according to the successful verification result, and the process is finished;
(7) the authentication server informs the client that the verification fails, and the process is finished.
2. The method for enhancing Windows operating system login security based on message push of claim 1,
the login authentication request message comprises one or more of a one-time random number, a client hardware identifier and a Windows operating system identifier of the client;
the identity information of the mobile terminal comprises one or more of a private key, an encryption certificate, a seed key and biological identification information of a user logged in by an operating system of the mobile terminal.
3. The method for enhancing the login security of the Windows operating system based on message pushing of claim 2, wherein,
when the identity identification information of the mobile terminal is the private key of the mobile terminal, the process of generating the one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to use the private key of the mobile terminal to perform digital signature operation on the login authentication request message to generate signature information as the one-time login verification information;
when the identity identification information of the mobile terminal is the encrypted certificate of the mobile terminal, the identity identification information of the mobile terminal and the login authentication request message are used for generating the one-time login authentication information, and the process is that the encrypted certificate of the mobile terminal is used for carrying out encryption operation on the login authentication request message to generate the encrypted information as the one-time login authentication information;
when the identity identification information of the mobile terminal is the seed key of the mobile terminal, the process of generating the one-time login verification information by using the identity identification information of the mobile terminal and the login authentication request message is to use the seed key of the mobile terminal to perform dynamic password operation on the login authentication request message to generate a one-time dynamic password as the one-time login verification information;
when the identification information of the mobile terminal is the biological identification information of the operating system login user of the mobile terminal, the process of generating the one-time login verification information by using the identification information of the mobile terminal and the login authentication request message is to calculate the login authentication request message by using the biological identification information of the operating system login user of the mobile terminal to generate the authentication information as the one-time login verification information.
4. The method for enhancing Windows operating system login security based on message push of claim 3, wherein,
when the one-time login verification information is signature information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, carrying out validity authentication on the signature information by an authentication server, if the one-time login verification information is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is encrypted information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, searching a private key which is stored by the authentication server and generated when the mobile terminal registers in the authentication server by using the private key, decrypting the encrypted information by using the private key, if the decryption is successful, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is dynamic password information, judging whether the one-time login verification information from the mobile terminal is valid or not, specifically, judging whether the dynamic password is valid or not by the authentication server, if so, indicating that the one-time login verification information is valid, otherwise, indicating that the one-time login verification information is invalid;
when the one-time login verification information is identification authentication information, the process of judging whether the one-time login verification information from the mobile terminal is valid is specifically that the authentication server performs inverse operation on the one-time login verification information, analyzes the biological identification information of the operating system login user of the mobile terminal, compares the biological identification information with the stored biological characteristic identification information of the operating system login user of the mobile terminal, if the comparison is passed, the one-time login verification information is indicated to be valid, otherwise, the one-time login verification information is indicated to be invalid.
5. The method for enhancing Windows operating system login security based on message pushing as claimed in claim 1, wherein the operating system login user name is included in the login authentication request message in step (1), or is built in the mobile terminal in step (3), or is created by the authentication server in step (5) when the mobile terminal registers with it.
6. The method for enhancing the login security of the Windows operating system based on the message pushing as claimed in claim 1, further comprising before the step (1), the client detecting whether the client is networked, if so, entering the step (1), otherwise, the client simulating and displaying a default Windows login interface for the login user of the operating system to log in, and ending the process.
7. The method for enhancing the login security of the Windows operating system based on message pushing as claimed in claim 1, further comprising after the step (2) and before the step (3), the mobile terminal performing identity authentication on the login user of the operating system, and if the authentication is successful, entering the step (3), and if the authentication is unsuccessful, ending the process.
8. The method for enhancing Windows operating system login security based on message pushing according to claim 1, wherein when the login authentication request message in step (1) includes the identity authentication information of the generator, the method further includes, after the step (2) and before the step (3), the mobile terminal verifies the identity authentication information, if the verification is successful, the step (3) is performed, and if the verification is unsuccessful, the process is ended.
9. The method for enhancing Windows operating system login security based on message push of claim 8, wherein,
the identity authentication information of the login authentication request message generator can be signature information, encryption information or dynamic password information;
when the identity authentication information is signature information, the mobile terminal verifies the identity authentication information, specifically, the mobile terminal verifies the validity of the signature information, if the identity authentication information is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid;
when the identity authentication information is encrypted information, the process that the mobile terminal verifies the identity authentication information is specifically that the mobile terminal searches a private key which is stored by the mobile terminal and generated when the mobile terminal registers to the authentication server, then decrypts the encrypted information by using the private key, if the decryption is successful, the identity authentication information is valid, otherwise, the identity authentication information is invalid;
when the identity authentication information is dynamic password information, the process that the mobile terminal verifies the identity authentication information is that the mobile terminal judges whether the dynamic password is valid, if so, the identity authentication information is valid, and otherwise, the identity authentication information is invalid.
10. A system for enhancing login security of a Windows operating system based on message pushing is applied to the environments of an authentication server, a client and a mobile terminal, wherein the authentication server is in communication connection with both the client and the mobile terminal, and the system is characterized by comprising:
the system comprises a first module, a second module and a third module, wherein the first module is arranged in a client and used for pushing a login authentication request message to a mobile terminal through an authentication server after receiving a login request from an operating system login user;
the second module is arranged in the mobile terminal and used for generating one-time login verification information by utilizing the identity identification information and the login authentication request message of the mobile terminal;
a third module, which is arranged in the mobile terminal and is used for sending the one-time login verification information to the authentication server, generating the one-time login verification information by using the identity identification information and the login authentication request message of the authentication server, and sending the one-time login verification information to the authentication server;
the fourth module is arranged in the authentication server and used for judging whether the one-time login verification information from the mobile terminal is valid or not, if so, switching to the fifth module, and otherwise, switching to the seventh module;
a fifth module, disposed in the authentication server, for sending a successful verification result to the client;
a sixth module, which is arranged in the client and used for logging in the operating system by using the operating system to log in the user name according to the successful verification result, and the process is finished;
and the seventh module is arranged in the authentication server and used for notifying the client that the verification fails and finishing the process.
CN201910939703.3A 2019-09-30 2019-09-30 Method and system for enhancing login security of Windows operating system based on message pushing Active CN111131140B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910939703.3A CN111131140B (en) 2019-09-30 2019-09-30 Method and system for enhancing login security of Windows operating system based on message pushing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910939703.3A CN111131140B (en) 2019-09-30 2019-09-30 Method and system for enhancing login security of Windows operating system based on message pushing

Publications (2)

Publication Number Publication Date
CN111131140A true CN111131140A (en) 2020-05-08
CN111131140B CN111131140B (en) 2022-11-08

Family

ID=70496036

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910939703.3A Active CN111131140B (en) 2019-09-30 2019-09-30 Method and system for enhancing login security of Windows operating system based on message pushing

Country Status (1)

Country Link
CN (1) CN111131140B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112349368A (en) * 2020-09-29 2021-02-09 福建西岸康健管理有限公司 Electronic health record authorization sharing and management system based on medical block chain
CN114139131A (en) * 2021-12-03 2022-03-04 深圳竹云科技有限公司 Operating system login method and device and electronic equipment

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195932A (en) * 2010-03-05 2011-09-21 北京路模思科技有限公司 Method and system for realizing network identity authentication based on two pieces of isolation equipment
CN104350723A (en) * 2014-05-22 2015-02-11 华为技术有限公司 Login method and device
CN104363226A (en) * 2014-11-12 2015-02-18 深圳市腾讯计算机系统有限公司 Method, device and system for logging in operating system
CN104902028A (en) * 2015-06-19 2015-09-09 赛肯(北京)科技有限公司 Onekey registration authentication method, device and system
CN105101205A (en) * 2015-06-19 2015-11-25 赛肯(北京)科技有限公司 One-click login authentication method, device and system
US20160112497A1 (en) * 2014-10-16 2016-04-21 Amazon Technologies, Inc. On-demand delivery of applications to virtual desktops
CN106656952A (en) * 2016-09-21 2017-05-10 北京神州绿盟信息安全科技股份有限公司 Authentication method, device and system for registration equipment
CN107819766A (en) * 2017-11-14 2018-03-20 中国银行股份有限公司 Safety certifying method, system and computer-readable recording medium
CN108234412A (en) * 2016-12-15 2018-06-29 腾讯科技(深圳)有限公司 Auth method and device
CN108259445A (en) * 2016-12-29 2018-07-06 上海格尔软件股份有限公司 MS windows desktops Security Login System and its login method based on smart mobile phone
CN108809659A (en) * 2015-12-01 2018-11-13 神州融安科技(北京)有限公司 Generation, verification method and system, the dynamic password system of dynamic password

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195932A (en) * 2010-03-05 2011-09-21 北京路模思科技有限公司 Method and system for realizing network identity authentication based on two pieces of isolation equipment
CN104350723A (en) * 2014-05-22 2015-02-11 华为技术有限公司 Login method and device
US20160112497A1 (en) * 2014-10-16 2016-04-21 Amazon Technologies, Inc. On-demand delivery of applications to virtual desktops
CN104363226A (en) * 2014-11-12 2015-02-18 深圳市腾讯计算机系统有限公司 Method, device and system for logging in operating system
CN104902028A (en) * 2015-06-19 2015-09-09 赛肯(北京)科技有限公司 Onekey registration authentication method, device and system
CN105101205A (en) * 2015-06-19 2015-11-25 赛肯(北京)科技有限公司 One-click login authentication method, device and system
CN108809659A (en) * 2015-12-01 2018-11-13 神州融安科技(北京)有限公司 Generation, verification method and system, the dynamic password system of dynamic password
CN106656952A (en) * 2016-09-21 2017-05-10 北京神州绿盟信息安全科技股份有限公司 Authentication method, device and system for registration equipment
CN108234412A (en) * 2016-12-15 2018-06-29 腾讯科技(深圳)有限公司 Auth method and device
CN108259445A (en) * 2016-12-29 2018-07-06 上海格尔软件股份有限公司 MS windows desktops Security Login System and its login method based on smart mobile phone
CN107819766A (en) * 2017-11-14 2018-03-20 中国银行股份有限公司 Safety certifying method, system and computer-readable recording medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112349368A (en) * 2020-09-29 2021-02-09 福建西岸康健管理有限公司 Electronic health record authorization sharing and management system based on medical block chain
CN114139131A (en) * 2021-12-03 2022-03-04 深圳竹云科技有限公司 Operating system login method and device and electronic equipment

Also Published As

Publication number Publication date
CN111131140B (en) 2022-11-08

Similar Documents

Publication Publication Date Title
CN106330850B (en) Security verification method based on biological characteristics, client and server
US10009340B2 (en) Secure, automatic second factor user authentication using push services
CN107948204B (en) One-key login method and system, related equipment and computer readable storage medium
US10530582B2 (en) Method and device for information system access authentication
US10762181B2 (en) System and method for user confirmation of online transactions
US8955076B1 (en) Controlling access to a protected resource using multiple user devices
TW201914256A (en) Identity verification method and device, electronic equipment
US10848304B2 (en) Public-private key pair protected password manager
US20150334108A1 (en) Global authentication service using a global user identifier
US11406196B2 (en) Multi-factor authentication with increased security
CN111031539A (en) Method and system for enhancing login security of Windows operating system based on mobile terminal
WO2020041747A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
KR101451359B1 (en) User account recovery
CN107733636B (en) Authentication method and authentication system
JP2016524248A (en) Method and system for protecting identity information from theft or copying
CN110659467A (en) Remote user identity authentication method, device, system, terminal and server
CN104426659B (en) Dynamic password formation method, authentication method and system, relevant device
CN107612949B (en) Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint
CN111131140B (en) Method and system for enhancing login security of Windows operating system based on message pushing
CN110598469A (en) Information processing method and device and computer storage medium
CN108667800B (en) Access authority authentication method and device
US20230198751A1 (en) Authentication and validation procedure for improved security in communications systems
CN111083100B (en) Method and system for enhancing login security of Linux operating system based on message pushing
CN109246062B (en) Authentication method and system based on browser plug-in
US9413533B1 (en) System and method for authorizing a new authenticator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant