CN113660208B - Browser-based security password authentication service system and method - Google Patents
Browser-based security password authentication service system and method Download PDFInfo
- Publication number
- CN113660208B CN113660208B CN202110804511.9A CN202110804511A CN113660208B CN 113660208 B CN113660208 B CN 113660208B CN 202110804511 A CN202110804511 A CN 202110804511A CN 113660208 B CN113660208 B CN 113660208B
- Authority
- CN
- China
- Prior art keywords
- password
- authentication
- etkb
- soft keyboard
- virtual soft
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The invention discloses a browser-based security password authentication service system and a method, wherein the authentication service system comprises: the system comprises a mobile terminal and a cloud security service platform; wherein: the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and the password is sent to the cloud security service platform for storage through a network; the cloud security service platform receives a password authentication request submitted by a business side application through a mobile terminal, authenticates a password in the password authentication request, and returns a password authentication result to the business side application. According to the embodiment of the invention, the binary virtual soft keyboard modules capable of running in all browsers are developed based on the WASM and are matched with the cloud security service platform, so that the security problem in the password input and authentication process is thoroughly solved, the browser has high adaptability, does not need to be installed, and has good user experience.
Description
Technical Field
The invention relates to the field of password authentication, in particular to a browser-based security password authentication service system and a browser-based security password authentication service method.
Background
In electronic devices, a browser is generally installed, and various online applications can be logged in through the browser.
When the browser logs in the online application, password input operation is generally required. At present, there are several ways to safely enter a password in a browser to avoid malicious theft:
one is browser plug-in mode. This mode requires the user to install a plug-in for a particular operating system and browser in advance. This model is inconvenient for the user and may present compatibility issues between the browser and the operating system.
The other is a virtual keyboard library developed based on HTML/JavaScript language. Although the mode solves the problem of compatibility between the browser and the operating system, the HTML/JavaScript scripting language is easy to crack due to the interpretation and execution characteristics, and has potential safety problems.
Disclosure of Invention
In view of this, according to the browser-based security password authentication service system and method provided by the embodiments of the present invention, a binary virtual soft keyboard module capable of running in all browsers is developed based on the WASM, and the security problem in the password input and authentication process is thoroughly solved through the cooperation of the mobile terminal and the cloud security service platform, and the system and method are implemented by adopting the W3C technical standard, so that the browser has high adaptability, does not need to be installed, and has good user experience.
The technical scheme adopted by the invention for solving the technical problems is as follows:
according to an aspect of an embodiment of the present invention, there is provided a browser-based security password authentication service system, including: the system comprises a mobile terminal and a cloud security service platform; wherein:
the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, the binary virtual soft keyboard module is embedded in the browser, and the binary virtual soft keyboard module is used for providing a binary virtual soft keyboard for a user to select characters to input as a password and sending the password to the cloud security service platform for storage through a network;
the cloud security service platform is used for receiving a password authentication request submitted by a business side application through the mobile terminal, comparing and authenticating a password in the password authentication request with a stored password, and returning a password authentication result to the business side application.
In one possible design, the binary virtual softkey module is implemented in the form of an ekkb SDK, comprising: a JavaScript layer and a WASM core submodule; and the WASM core submodule interacts with the application of a service party through the JavaScript layer to realize password security authentication.
In one possible design, the WASM core sub-module includes: the JavaScript API interface layer is used for interacting with the service side application through the JavaScript API interface of the JavaScript API interface layer to realize password security authentication.
In one possible design, the WASM core sub-module includes: the UI layer realizes interface interaction with a user and comprises a binary virtual soft keyboard and a text box;
the binary virtual soft keyboard is realized by binary logic drawing and is used for providing characters which are selected from the binary virtual soft keyboard and used as password input and are input in the text box by a user.
In one possible design, the WASM core sub-module includes: and the business layer is used for providing business interaction with business side application and the cloud service security service platform.
In one possible design, the business layer includes a security sandbox, which includes providing algorithm management, network management; wherein:
the algorithm management is to perform password operation on the password input through the binary virtual soft keyboard by adopting a preset algorithm to obtain an encryption operation result;
and the network management is used for transmitting the encryption operation result to the cloud security service platform through the network for storage so as to ensure that the cloud security service platform carries out password security authentication.
In one possible design, the cloud security service platform includes a WebAPI interface, and interacts with the back end of the business side application through the WebAPI interface to provide a password security authentication service for the back end of the business side application.
According to an aspect of an embodiment of the present invention, a method for providing a browser-based security password authentication service is applied to a browser-based security password authentication service system, where the authentication service system includes: the system comprises a mobile terminal and a cloud security service platform; the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, the binary virtual soft keyboard module is realized in an eTKB SDK mode, and the cloud security service platform realizes security authentication service in an eTKB server side mode; the authentication service method includes:
the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform through a network for storage so as to realize password authentication by the cloud security service platform;
and the cloud security service platform receives a password authentication request submitted by a business side application through the mobile terminal, compares a password in the password authentication request with a stored password for authentication, and returns a password authentication result to the business side application.
In one possible design, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform for storage through a network, so that the cloud security service platform can realize password authentication; the method comprises the following steps:
the eTKB SDK establishes an initialization connection with the eTKB server through a network;
the eTKB SDK automatically calls a binary virtual soft keyboard to allow a user to select characters to be used as a password for inputting;
the eTKB SDK performs password operation on the password input by the user, encrypts an operation result to form an encryption operation result and transmits the encryption operation result to the eTKB server;
and the eTKB server stores the encryption operation result sent by the eTKB SDK.
In one possible design, the cloud security service platform receives a password authentication request submitted by a business side application through the mobile terminal, compares a password in the password authentication request with a stored password for authentication, and returns a password authentication result to the business side application; the method comprises the following steps:
the business side application submits a password authentication request to a back end of the business side application, wherein the password authentication request comprises password information input by a user in a binary virtual soft keyboard;
after receiving the password authentication request submitted by the service party application, the service party application back end sends the password authentication request to the eTKB server;
the eTKB server responds to a password authentication request of the rear end of the service party application, and compares password information in the password authentication request with password information in a pre-stored encryption operation result to obtain a password authentication result;
the eTKB server returns the password authentication result response message to the service party application back end;
the rear end of the service party application is connected to a password authentication result response message returned by the eTKB server, and password information in the password authentication result returned by the eTKB server is compared with password information in the password authentication request submitted by the service party application to obtain an authentication result;
the back end of the business side application returns the authentication result to the business side application;
and the business side application feeds back an authentication result returned by the back end of the business side application to the user.
Compared with the related art, the embodiment of the invention provides a browser-based security password authentication service system and a method thereof,
in this embodiment, the mobile terminal includes a browser and a binary virtual soft keyboard module developed based on the WASM, the binary virtual soft keyboard module is embedded in the browser, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform for storage through a network, the cloud security service platform is configured to receive a password authentication request submitted by a business side application through the mobile terminal, compare and authenticate a password in the password authentication request with the stored password, and return a password authentication result to the business side application, so that the binary virtual soft keyboard module capable of running in all browsers is developed based on the WASM, and by cooperation of the mobile terminal and the cloud security service platform, the security problem in the password input and authentication processes is thoroughly solved, and the browser is implemented by using a W3C technical standard, and has high browser adaptability, no need of installation, and good user experience.
Drawings
Fig. 1 is a schematic structural diagram of a browser-based secure password authentication service system according to the present invention.
Fig. 2 is a schematic structural diagram of a browser-based secure password authentication service system method according to the present invention.
Fig. 3 is a schematic flowchart of a browser-based security password authentication service method according to the present invention.
Fig. 4 is a schematic flowchart of a browser-based security password authentication service method according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
WASM, known collectively as WebAssembly, is a binary instruction set designed for a stacked virtual machine. WASM was designed to be a platform compilation target for high level languages like C/C + +/Rust, originally designed to address the performance issues of JavaScript.
The WASM runs in a sandboxed execution environment and can even be implemented in an existing JavaScript virtual machine.
The Web platform is a virtual machine environment similar to Java, python on a browser, and the browser provides the virtual machine environment to execute some JavaScript or other scripting language.
The WASM is an Assembly running on a Web platform, specifically runs in a sandboxed execution environment, and can even be implemented in an existing JavaScript virtual machine.
In the present case, the WASM can replace part of the JavaScript code in use to execute a more efficient CPU computation program.
The WASM is a binary instruction set based on a stack virtual machine, can be used as a compiling target of a programming language, and can be deployed in applications of a web client and a server.
First, the WASM is composed of the words Web and Assembly, where the Web indicates that it must be associated with the front end. Assembly means assembling, assembling the corresponding machine code, and the machine code is related to the instruction set of the CPU.
WASM became the recommended standard for the world Wide Web Consortium (W3C) in 2019, 12, 5, along with HTML, CSS and JavaScript, as the fourth language for the Web.
The WASM technology has the advantages that: 1. the performance is high-efficient: the WASM adopts binary coding and has superior performance in the program execution process; 2. the storage cost is low: compared with a text format, the binary coded text occupies smaller storage space; 3. multi-language support: the user can write the smart contract and compile it into the byte code of WASM format using various languages such as C/C + +/RUST/Go.
In one embodiment, as shown in fig. 1, the present invention provides a browser-based secure password authentication service system, including: a mobile terminal 10 and a cloud security service platform 20; wherein:
the mobile terminal 10 comprises a browser 11 and a binary virtual soft keyboard module 12 developed based on the WASM, wherein the binary virtual soft keyboard module 12 is embedded in the browser 11, and the binary virtual soft keyboard module 12 is used for providing a binary virtual soft keyboard for a user to select characters as password input, and sending the password to the cloud security service platform 20 for storage through a network, so that the cloud security service platform 20 can realize password authentication.
The cloud security service platform 20 is configured to receive a password authentication request submitted by a service application through the mobile terminal 10, compare a password in the password authentication request with a stored password, and return a password authentication result to the service application.
In this embodiment, the mobile terminal includes a browser and a binary virtual soft keyboard module developed based on the WASM, the binary virtual soft keyboard module is embedded in the browser, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform for storage through a network, the cloud security service platform is configured to receive a password authentication request submitted by a business side application through the mobile terminal, compare and authenticate a password in the password authentication request with the stored password, and return a password authentication result to the business side application, so that the binary virtual soft keyboard module capable of running in all browsers is developed based on the WASM, and by cooperation of the mobile terminal and the cloud security service platform, the security problem in the password input and authentication processes is thoroughly solved, and the browser is implemented by using a W3C technical standard, and has high browser adaptability, no need of installation, and good user experience.
In one embodiment, the binary virtual soft keyboard module 12 is a binary virtual soft keyboard developed based on WASM, capable of running in all browsers, and nested in the browser being run.
Specifically, the binary virtual soft KeyBoard module 12 is configured to provide a JS API for the application/APP to call, the password input box, the binary virtual soft KeyBoard, and a preset algorithm for performing password operation, and the binary virtual soft KeyBoard module is implemented in an eTKB SDK (Software Development Kit) manner, where the eTKB is an abbreviation of e Text key board, and the chinese name is the binary virtual soft KeyBoard.
As shown in fig. 2, the binary virtual soft keyboard module 12 includes: javaScript layer 121 and WASM core submodule 122; the WASM core submodule 122 interacts with the service party application through the JavaScript layer 121 to realize password security authentication.
The WASM core submodule 122 includes: javaScript (JS) API Interface layer 1221, UI (User Interface) layer 1222, and business layer 1223.
The JS API interface layer 1221 is used for interacting with the application of the service party on the JavaScript layer through the JS API interface of the JS API interface layer 1221, so that password security authentication is realized.
The UI layer 1222 enables interface interaction with a user, including a binary virtual soft keyboard 12221 and a text box 12222. The binary virtual soft keyboard 12221 is implemented using binary logic drawing, and is used for providing a user to input a character selected from the binary virtual soft keyboard 12221 as a password input in the text box 12222.
The business layer 1223 is configured to provide business interaction with a business application and the cloud service security service platform 20, and the business layer 1223 includes a security sandbox 12231, where the security sandbox is configured to protect a secret key and operation security of the mobile terminal, and interact with the business application and the cloud security service platform. The secure sandbox provides key management, algorithm management, and network management. Wherein:
and the algorithm management is to perform password operation on the password input through the binary virtual soft keyboard by adopting a preset algorithm to obtain an encryption operation result.
And the network management is used for transmitting the encryption operation result to the cloud security service platform through the network for storage so as to ensure that the cloud security service platform carries out password security authentication.
In this embodiment, by developing a binary virtual soft keyboard module capable of running in all browsers based on the WASM, the UI control input by the whole user does not use an H5 native control, but uses binary logic to draw a binary virtual soft keyboard to implement a UI layer, and data is not intercepted by JS from the control; the binary system realizes the cryptology operation, and ensures that the encryption input by a user is finished and the mobile terminal cannot be revealed; a security sandbox is adopted to protect the key and the operation security of the terminal; providing a simple JS API interface for the application of a business party to realize password authentication; the browser is realized by adopting a W3C technical standard, the browser has high adaptability, does not need to be installed, and has good user experience. Through the cooperation of the mobile terminal and the cloud security service platform, the security problem in the password input and authentication process is thoroughly solved.
In an embodiment, as shown in fig. 2, the cloud security service platform 20 is configured to receive a password authentication request submitted by a service application through the mobile terminal 10, compare a password in the password authentication request with a stored password for authentication, and return a password authentication result to the service application.
The cloud security service platform 20 is configured to interact with the binary virtual soft keyboard module 12 through a network, and provide a security authentication service for the binary virtual soft keyboard module 12.
The cloud security service platform 20 includes a WebAPI interface, and interacts with the back end of the business application through the WebAPI interface to provide a password security authentication service for the back end of the business application.
The cloud security service platform realizes security authentication service in an eTKB service side mode.
In one embodiment, as shown in fig. 3, the present invention provides a browser-based secure password authentication service method, applied to an authentication service system, where the authentication service system includes: the system comprises a mobile terminal and a cloud security service platform; the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, wherein the binary virtual soft keyboard module is nested in the browser; the binary virtual soft keyboard module is realized in an eTKB SDK mode, and the cloud security service platform realizes security authentication service in an eTKB server side mode. The authentication service method includes:
the method comprises the following steps that S1, a binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters to input as a password, and the password is sent to the cloud security service platform to be stored through a network so as to be used for the cloud security service platform to realize password authentication.
S2, the cloud security service platform receives a password authentication request submitted by a business side application through the mobile terminal, compares a password in the password authentication request with a stored password for authentication, and returns a password authentication result to the business side application.
In this embodiment, the mobile terminal includes a browser and a binary virtual soft keyboard module developed based on the WASM, the binary virtual soft keyboard module is embedded in the browser, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform for storage through a network, the cloud security service platform is configured to receive a password authentication request submitted by a business side application through the mobile terminal, compare and authenticate a password in the password authentication request with the stored password, and return a password authentication result to the business side application, so that the binary virtual soft keyboard module capable of running in all browsers is developed based on the WASM, and by cooperation of the mobile terminal and the cloud security service platform, the security problem in the password input and authentication processes is thoroughly solved, and the browser is implemented by using a W3C technical standard, and has high browser adaptability, no need of installation, and good user experience.
In one embodiment, in step S1, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform through a network for storage, so that the cloud security service platform realizes password authentication; the method comprises the following steps:
s11, the eTKB SDK establishes initialization connection with the eTKB server through a network. The method comprises the following steps:
s111, the user inputs the URL of the service side application in any browser.
And S112, the browser loads the service side application corresponding to the URL according to the URL input by the user.
And S113, after the application of the service party is loaded, interacting with the eTKB SDK through a JS API, and sending a show (display) request to the eTKB SDK through the JS API.
And S114, after receiving the show request, the eTKB SDK interacts with the eTKB server through the network, and sends an initialization connection request to the eTKB server through the network.
S115, the eTKB server responds to the initialization connection request of the eTKB SDK and returns a response message of the established initialization connection to the eTKB SDK through the network.
S12, the eTKB SDK automatically calls the binary virtual soft keyboard for the user to select characters as password input. The method comprises the following steps:
s121, the eTKB SDK returns a token to the application according to the established initialization connection response returned by the eTKB server.
S122, the user selects a password input box according to the returned token and sends a selection request to the eTKB SDK.
And S123, the eTKB SDK automatically calls the binary virtual soft keyboard according to the selection request of the user, displays the binary virtual soft keyboard, and allows the user to input characters selected from the binary virtual soft keyboard as password input in the text box.
S124, the user clicks the binary virtual soft keyboard, characters used as password input are selected from the binary virtual soft keyboard and input into the textbox to form a password, and a password operation request is sent to the eTKB SDK.
And S13, performing password operation on the password input by the user by the eTKB SDK, encrypting the operation result to form an encryption operation result, and transmitting the encryption operation result to the eTKB server. The method comprises the following steps:
and S131, after receiving the password operation request of the user, the eTKB SDK performs the password operation and sends a request for preparing to transmit an encryption operation result to the eTKB server.
S132, the eTKB server responds to the encryption operation result ready-to-transmit request sent by the eTKB SDK, and returns a ready-to-receive response message of the encryption operation result to the eTKB SDK.
And S133, after receiving the ready response message that the encryption operation result sent by the eTKB server is ready to receive, the eTKB SDK encrypts the operation result to form an encryption operation result and transmits the encryption operation result to the eTKB server, and requests the eTKB server to store the encryption operation result.
S14, the eTKB server side stores the encryption operation result sent by the eTKB SDK.
The eTKB server side responds to the eTKB SDK encryption operation result storage request, stores the encryption operation result sent by the eTKB SDK for the cloud security service platform to achieve password authentication, and returns an encryption operation result stored response message to the eTKB SDK.
In one embodiment, in step S2, the cloud security service platform receives a password authentication request submitted by a service application through the mobile terminal, compares a password in the password authentication request with a stored password, and returns a password authentication result to the service application; the method comprises the following steps:
and S21, the service side application submits a password authentication request to the rear end of the service side application, wherein the password authentication request comprises password information input by a user in a binary virtual soft keyboard.
And S22, after receiving the password authentication request submitted by the service party application, the service party application back end sends the password authentication request (getCode (token)) to the eTKB server.
S23, the eTKB server responds to the password authentication request of the rear end of the service party application, and compares password information in the password authentication request with password information in a pre-stored encryption operation result to obtain a password authentication result, wherein the password authentication result comprises: if the password information in the password authentication request is matched with the password information in the pre-stored encryption operation result after being compared, returning the password information (Code) in the encryption operation result as the password authentication result; if the password information in the password authentication request is not matched with the password information in the pre-stored encryption operation result after the password information in the password authentication request is compared with the password information in the pre-stored encryption operation result, the prompt information which is not matched with the password is returned as the password authentication result.
And the eTKB server returns the password authentication result (Code) response message to the service party application back end.
And S24, the rear end of the service party application is connected to a password authentication result (Code) response message returned by the eTKB server, and password information in the password authentication result (Code) returned by the eTKB server is compared with password information in the password authentication request submitted by the service party application to obtain an authentication result. Wherein the authentication result comprises: if the password information in the password authentication result (Code) returned by the eTKB server is matched with the password information in the password authentication request submitted by the service party application, the prompt information that the returned password authentication passes is used as the authentication result; and if the password information in the password authentication result (Code) returned by the eTKB server is not matched with the password information in the password authentication request submitted by the service party application after the password information in the password authentication result (Code) returned by the eTKB server is compared with the password information in the password authentication request submitted by the service party application, returning prompt information indicating that the password authentication fails as the authentication result.
And S25, the back end of the service party application returns the authentication result to the service party application.
S26, the service side application feeds back an authentication result returned by the service side application back end to a user in a preset mode, wherein the preset mode comprises the following steps: pop-up display frame display and voice broadcast.
It should be noted that the method embodiment and the system embodiment belong to the same concept, and specific implementation processes thereof are described in detail in the system embodiment, and technical features in the system embodiment are correspondingly applicable in the method embodiment, which is not described herein again.
The technical solution of the present invention is further explained below by a specific embodiment and the accompanying drawings.
In one embodiment, as shown in fig. 4, the present invention provides a browser-based security password authentication service method, which is applied to an authentication service system, where the authentication service system includes: the system comprises a mobile terminal and a cloud security service platform; the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, wherein the binary virtual soft keyboard module is nested in the browser; the binary system virtual soft keyboard module is realized in an eTKB SDK mode, and the cloud security service platform realizes security authentication service in an eTKB server side mode.
The authentication service method includes:
1. user → browser: entering a URL
The user enters the URL of the business party application in any browser.
2. Browser → application: loading applications
And the browser loads the service side application corresponding to the URL according to the URL input by the user.
3. Application → etkb SDK: show
After the application of the service party is loaded, the application of the service party interacts with the eTKB SDK through the JS API, and a show (display) request is sent to the eTKB SDK through the JS API.
4. etkb SDK → etkb server: initialization
And after receiving the show request, the eTKB SDK interacts with the eTKB server through the network and sends an initialization connection request to the eTKB server through the network.
5. etkb server → etkb SDK: return to
The eTKB server responds to the initialization connection request of the eTKB SDK and returns a response message of the established initialization connection to the eTKB SDK through a network.
6. etkb SDK → app: return token
The eTKB SDK returns a token to the application according to the established initialization connection response returned by the eTKB server.
7. User → etkb SDK: select password input box
And the user selects a password input box according to the returned token and sends a selection request to the eTKB SDK.
8. etkb SDK: display soft keyboard
And the eTKB SDK automatically calls the binary virtual soft keyboard according to the selection request of the user, displays the binary virtual soft keyboard, and allows the user to input the character selected from the binary virtual soft keyboard as the password input in the textbox.
9. User → etkb SDK: inputting password by clicking soft keyboard
And clicking the binary virtual soft keyboard by the user, selecting characters input as a password from the binary virtual soft keyboard, inputting the characters into the textbox to form the password, and sending a password operation request to the eTKB SDK.
10. etkb SDK → etkb server: cryptographic operation
And after receiving the password operation request of the user, the eTKB SDK performs the password operation and sends a request for preparing to transmit an encryption operation result to the eTKB server.
11. etkb server → etkb SDK: return to
And the eTKB server responds to the encryption operation result transmission preparation request sent by the eTKB SDK and returns a ready-to-receive response message of the encryption operation result to the eTKB SDK.
12. etkb SDK → etkb server: encrypting transmission operation result
And after receiving the ready response message that the encryption operation result sent by the eTKB server is ready to receive, the eTKB SDK encrypts the operation result to form an encryption operation result and transmits the encryption operation result to the eTKB server, and requests the eTKB server to store the encryption operation result.
13. etkb server → etkb SDK: return to
The eTKB server side responds to the eTKB SDK encryption operation result storage request, stores the encryption operation result sent by the eTKB SDK, and returns an encryption operation result stored response message to the eTKB SDK.
14. Application → application backend: submission
And the service side application submits a password authentication request to the rear end of the service side application, wherein the password authentication request comprises password information input by a user in a binary virtual soft keyboard.
15. Application backend → etkb server: getCode (token)
And after receiving the password authentication request submitted by the service party application, the service party application back end sends the password authentication request (getCode (token)) to the eTKB server.
16. etkb server → application backend: code
The eTKB server responds to a password authentication request of the rear end of the service party application, and compares password information in the password authentication request with password information in a pre-stored encryption operation result to obtain a password authentication result, wherein the password authentication result comprises: if the password information in the password authentication request is matched with the password information in the pre-stored encryption operation result after being compared, returning the password information (Code) in the encryption operation result as the password authentication result; if the password information in the password authentication request is not matched with the password information in the pre-stored encryption operation result after being compared, the prompt information which is not matched with the password is returned as the password authentication result.
And the eTKB server returns the password authentication result (Code) response message to the service party application back end.
17. Application of the backend: comparison results
And the rear end of the service party application is connected to a password authentication result (Code) response message returned by the eTKB server, and the password information in the password authentication result (Code) returned by the eTKB server is compared with the password information in the password authentication request submitted by the service party application to obtain an authentication result. Wherein the authentication result comprises: if the password information in the password authentication result (Code) returned by the eTKB server is matched with the password information in the password authentication request submitted by the service party application, the prompt information that the returned password authentication passes is used as the authentication result; and if the password information in the password authentication result (Code) returned by the eTKB server is not matched with the password information in the password authentication request submitted by the service party application after the password information in the password authentication result (Code) returned by the eTKB server is compared with the password information in the password authentication request submitted by the service party application, returning prompt information indicating that the password authentication fails as the authentication result.
18. Application back end → application: authentication result
And the service side application back end returns the authentication result to the service side application.
19. Application → user: feeding back authentication results
The business side application feeds back an authentication result returned by the back end of the business side application to a user in a preset mode, wherein the preset mode comprises the following steps: pop-up display frame display and voice broadcast.
In this embodiment, the mobile terminal includes a browser and a binary virtual soft keyboard module developed based on the WASM, the binary virtual soft keyboard module is embedded in the browser, the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform for storage through a network, the cloud security service platform is configured to receive a password authentication request submitted by a business side application through the mobile terminal, compare and authenticate a password in the password authentication request with the stored password, and return a password authentication result to the business side application, so that the binary virtual soft keyboard module capable of running in all browsers is developed based on the WASM, and by cooperation of the mobile terminal and the cloud security service platform, the security problem in the password input and authentication processes is thoroughly solved, and the browser is implemented by using a W3C technical standard, and has high browser adaptability, no need of installation, and good user experience.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
While the present invention has been described with reference to the particular illustrative embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but is intended to cover various modifications, equivalent arrangements, and equivalents thereof, which may be made by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A browser-based secure password authentication service system, the authentication service system comprising: the system comprises a mobile terminal and a cloud security service platform; wherein:
the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, the binary virtual soft keyboard module is embedded in the browser, and the binary virtual soft keyboard module is used for providing a binary virtual soft keyboard for a user to select characters to input as a password and sending the password to the cloud security service platform for storage through a network;
the cloud security service platform is used for receiving a password authentication request submitted by a business side application through the mobile terminal, comparing and authenticating a password in the password authentication request with a stored password, and returning a password authentication result to the business side application.
2. The authentication service system of claim 1, wherein the binary virtual softkey module is implemented in the form of an eTKB SDK comprising: a JavaScript layer and a WASM core submodule; and the WASM core submodule interacts with the application of a service party through the JavaScript layer to realize password security authentication.
3. The authentication service system of claim 2, wherein the WASM core sub-module comprises: the JavaScript API interface layer is used for interacting with the service side application through the JavaScript API interface of the JavaScript API interface layer to realize password security authentication.
4. The authentication service system of claim 2, wherein the WASM core sub-module comprises: the UI layer realizes interface interaction with a user and comprises a binary virtual soft keyboard and a text box;
the binary virtual soft keyboard is realized by binary logic drawing and is used for providing characters which are selected from the binary virtual soft keyboard and used as password input and are input in the text box by a user.
5. The authentication service system of claim 2, wherein the WASM core sub-module comprises: and the business layer is used for providing business interaction with business side application and the cloud security service platform.
6. The authentication service system of claim 5, wherein the business layer comprises a security sandbox, the security sandbox including providing algorithm management, network management; wherein:
the algorithm management is to perform password operation on the password input through the binary virtual soft keyboard by adopting a preset algorithm to obtain an encryption operation result;
and the network management is used for transmitting the encryption operation result to the cloud security service platform through the network for storage so as to ensure that the cloud security service platform carries out password security authentication.
7. The authentication service system of claim 1, wherein the cloud security service platform comprises a WebAPI interface, and the WebAPI interface interacts with a business application backend to provide password security authentication service for the business application backend.
8. A browser-based secure password authentication service method applied to a browser-based secure password authentication service system according to any one of claims 1 to 7, the authentication service system comprising: the system comprises a mobile terminal and a cloud security service platform; the mobile terminal comprises a browser and a binary virtual soft keyboard module developed based on WASM, the binary virtual soft keyboard module is realized in an eTKB SDK mode, and the cloud security service platform realizes security authentication service in an eTKB server side mode; the authentication service method includes:
the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform through a network for storage so as to realize password authentication by the cloud security service platform;
and the cloud security service platform receives a password authentication request submitted by a business side application through the mobile terminal, compares a password in the password authentication request with a stored password for authentication, and returns a password authentication result to the business side application.
9. The authentication service method of claim 8, wherein the binary virtual soft keyboard module provides a binary virtual soft keyboard for a user to select characters as password input, and sends the password to the cloud security service platform through a network for storage, so as to enable the cloud security service platform to implement password authentication; the method comprises the following steps:
the eTKB SDK establishes an initialization connection with the eTKB server through a network;
the eTKB SDK automatically calls a binary virtual soft keyboard for a user to select characters as password input;
the eTKB SDK carries out password operation on the password input by the user, encrypts an operation result to form an encryption operation result and transmits the encryption operation result to the eTKB server;
and the eTKB server stores the encryption operation result sent by the eTKB SDK.
10. The authentication service method of claim 9, wherein the cloud security service platform receives a password authentication request submitted by a business application through the mobile terminal, compares a password in the password authentication request with a stored password for authentication, and returns a password authentication result to the business application; the method comprises the following steps:
the business side application submits a password authentication request to a back end of the business side application, wherein the password authentication request comprises password information input by a user in a binary virtual soft keyboard;
after receiving the password authentication request submitted by the service party application, the service party application back end sends the password authentication request to the eTKB server;
the eTKB server responds to a password authentication request of the rear end of the service party application, and compares password information in the password authentication request with password information in a pre-stored encryption operation result to obtain a password authentication result;
the eTKB server returns the password authentication result response message to the service party application back end;
the rear end of the service party application is connected to a password authentication result response message returned by the eTKB server, and password information in the password authentication result returned by the eTKB server is compared with password information in the password authentication request submitted by the service party application to obtain an authentication result;
the back end of the business side application returns the authentication result to the business side application;
and the service party application feeds back an authentication result returned by the service party application back end to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110804511.9A CN113660208B (en) | 2021-07-16 | 2021-07-16 | Browser-based security password authentication service system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110804511.9A CN113660208B (en) | 2021-07-16 | 2021-07-16 | Browser-based security password authentication service system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113660208A CN113660208A (en) | 2021-11-16 |
| CN113660208B true CN113660208B (en) | 2023-04-07 |
Family
ID=78489409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110804511.9A Active CN113660208B (en) | 2021-07-16 | 2021-07-16 | Browser-based security password authentication service system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113660208B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114189369B (en) * | 2021-11-30 | 2024-04-26 | 中国建设银行股份有限公司 | Secure communication method and device under browser |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103177095A (en) * | 2013-03-15 | 2013-06-26 | 成都三零凯天通信实业有限公司 | Embedded browser and implement method thereof |
| CN107438008A (en) * | 2017-06-01 | 2017-12-05 | 上海斐讯数据通信技术有限公司 | A kind of POE electric power system and method |
| CN109858290A (en) * | 2019-01-15 | 2019-06-07 | 招银云创(深圳)信息技术有限公司 | Cipher-code input method, device, computer equipment and storage medium |
| US10404662B1 (en) * | 2015-11-10 | 2019-09-03 | Source Defense | VICE system, method, and medium for protecting a computer browser from third-party computer code interference |
| CN111459463A (en) * | 2019-01-21 | 2020-07-28 | 中科星图股份有限公司 | Algorithm module generation method and linear symbol drawing method |
| CN112115738A (en) * | 2019-06-19 | 2020-12-22 | 北京京东尚科信息技术有限公司 | Image identification method and device applied to browser end |
| CN112434234A (en) * | 2020-05-15 | 2021-03-02 | 上海哔哩哔哩科技有限公司 | Frame extraction method and system based on browser |
| CN112988154A (en) * | 2021-03-19 | 2021-06-18 | 武汉虹信技术服务有限责任公司 | JavaScript-based reusable virtual keyboard implementation method and application thereof |
-
2021
- 2021-07-16 CN CN202110804511.9A patent/CN113660208B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103177095A (en) * | 2013-03-15 | 2013-06-26 | 成都三零凯天通信实业有限公司 | Embedded browser and implement method thereof |
| US10404662B1 (en) * | 2015-11-10 | 2019-09-03 | Source Defense | VICE system, method, and medium for protecting a computer browser from third-party computer code interference |
| CN107438008A (en) * | 2017-06-01 | 2017-12-05 | 上海斐讯数据通信技术有限公司 | A kind of POE electric power system and method |
| CN109858290A (en) * | 2019-01-15 | 2019-06-07 | 招银云创(深圳)信息技术有限公司 | Cipher-code input method, device, computer equipment and storage medium |
| CN111459463A (en) * | 2019-01-21 | 2020-07-28 | 中科星图股份有限公司 | Algorithm module generation method and linear symbol drawing method |
| CN112115738A (en) * | 2019-06-19 | 2020-12-22 | 北京京东尚科信息技术有限公司 | Image identification method and device applied to browser end |
| CN112434234A (en) * | 2020-05-15 | 2021-03-02 | 上海哔哩哔哩科技有限公司 | Frame extraction method and system based on browser |
| CN112988154A (en) * | 2021-03-19 | 2021-06-18 | 武汉虹信技术服务有限责任公司 | JavaScript-based reusable virtual keyboard implementation method and application thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113660208A (en) | 2021-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2129148B1 (en) | Content distribution system | |
| EP2684330B1 (en) | Method and system for granting access to a secured website | |
| US8364968B2 (en) | Dynamic web services systems and method for use of personal trusted devices and identity tokens | |
| CN102414690B (en) | The method and apparatus of secure web-page browsing environment is created with privilege signature | |
| US8661420B2 (en) | System and method for runtime interface versioning | |
| CN101006680A (en) | System and method for authentificting a user to a service provider | |
| CN112039826B (en) | Login method and device applied to applet end, electronic equipment and readable medium | |
| CN108829528B (en) | Content sharing method and device, and message processing method and device | |
| US20130041830A1 (en) | Methods and apparatus to provision payment services | |
| CN101099385A (en) | Methods and apparatus for enforcing application level restrictions on local and remote content | |
| CN106656944B (en) | Method and device for sliding verification of handheld mobile equipment | |
| CN105791324A (en) | Account login method and device | |
| CN106406961A (en) | Method and device for loading and providing application based on browser | |
| CN102830992A (en) | Plug-in loading method and system | |
| CN105577648A (en) | Method for obtaining and sending short message identifying code, calculating device and mobile terminal | |
| CN106682491B (en) | Application downloading method and device | |
| CN113660208B (en) | Browser-based security password authentication service system and method | |
| US10291718B2 (en) | Method and apparatus for implementing communication from web page to client | |
| CN107368339B (en) | Container entrance program operation method, system, device and storage medium | |
| CN103036852A (en) | Method and device for achieving network login | |
| CN101656714B (en) | Single login method | |
| CN107066888B (en) | Extensible trusted user interface, method and electronic device | |
| US20120054299A1 (en) | System for and method of verifying packages | |
| CN112769798A (en) | Login method and device | |
| CN112448917A (en) | Website login method and device, readable medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |