CN201717891U - Safety certification system - Google Patents
Safety certification system Download PDFInfo
- Publication number
- CN201717891U CN201717891U CN2010202593174U CN201020259317U CN201717891U CN 201717891 U CN201717891 U CN 201717891U CN 2010202593174 U CN2010202593174 U CN 2010202593174U CN 201020259317 U CN201020259317 U CN 201020259317U CN 201717891 U CN201717891 U CN 201717891U
- Authority
- CN
- China
- Prior art keywords
- computer
- server
- client
- random number
- binding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The utility model discloses a safety certification system which comprises a server side and a client side, wherein the client side comprises a safety detecting device. The safety detecting device comprises a hardware information processing unit and a built binding information processing unit, wherein the hardware information processing unit is used for acquiring the related information of hardware of the client side and generating the information into the computer fingerprint and the computer identification; and the built binding information processing unit is used for encrypting the computer fingerprint, the computer identification and the random number obtained from the server side, and transmitting a ciphertext to the server side. The server side comprises a binding building unit which is used for deciphering the ciphertext, obtaining the random number, the computer fingerprint and the computer identification, and building the binding with the client side when the random number is equal to the random number generated by the server side. With the technical scheme, the safety certification system identifies the client side by using the hardware information of the computer during the safety certification, thereby guaranteeing that a network side can uniquely certificate the client side equipment, and improving the safety of the network communication.
Description
Technical field
The utility model relates to network security technology, relates in particular to a kind of system that client is carried out safety certification.
Background technology
Along with the generally use of Internet technology, network security problem has become a key factor of puzzlement network development.Network security hidden danger mainly shows following three aspects: virus, the illegal operation of internal user and the assault of network-external.The illegal operation of internal user comprises two kinds of malice and non-malice: a kind of is because the imprecision of network settings, and network internal user is strayed into the field that they originally should not enter, and changes by mistake data wherein; Another kind is that some internal user utilizes legal identity intentionally data to be destroyed.Assault is the most fearful, and in a single day network hacker enters certain network, and its loss that causes can't be estimated.
For domestic consumer, in order to use network safely, checking to client identity concentrates on medium and the password mostly, whether be that the client exists significant limitation to identification like this, in case medium is lost and/or password is revealed, the client's of this operation of judgement that network side can't be exactly true identity.Subject matter is the network knowledge that fail safe too relies on user itself at present, and for the relatively poor user of security concept, its password is easy to be stolen.The hacker might obtain client's information such as password by illegal means, and then makes client's private data or even some very important data stolen.
For example, a kind of method of commonplace use is, server end utilizes the session mode to keep state with client, in each page, preserve a session ID, if the hacker takes this session ID, (this moment, system can not be judged as concurrent login control just to use client's current sessions to pretend to be the client to submit request to, because that the hacker uses is the session ID that the client logins, rather than the new sessionID of new login generation), therefore there is very big risk in the client on the net when operating.
In view of present this situation, a kind of effective security mechanism need be provided, make the user when internet usage, obtain the network service of safety.
The utility model content
(1) technical problem that will solve
In order to overcome the above-mentioned defective of prior art, the utility model provides a kind of security certification system, to improve internet security.
(2) technical scheme
The utility model provides a kind of security certification system, and this system comprises: the server that is used for providing to client service; The client that is connected with server by network; This client comprises a safety detection device, this safety detection device further comprises: be used to gather the client hardware relevant information, and utilize institute's information of obtaining to generate the computer fingerprint of unique this client of identification of energy and the hardware information processing unit of computer identity; Be used for encrypting, and set up the binding information processing unit what ciphertext sent to described server to described computer fingerprint, computer identity and from first random number that server obtains; Described server further comprises and being used for after server gets access to described ciphertext, described ciphertext is decrypted, obtain a random number, computer fingerprint and computer identity, and the unit is set up in the binding of the binding relationship between foundation and the client when described first random number that this random number and server produce equates.
Preferably, this safety detection device further comprises second random number that is used to obtain described computer fingerprint, computer identity and receives from server, and utilize the key of described computer fingerprint as symmetric cryptography, described second random number is encrypted the inspection binding information processing unit that the ciphertext after encrypting and described computer identity are sent to server in the lump.
Preferably, this server further comprises the computer identity that is used to utilize client upload, at the computer fingerprint of server retrieves client in server registers, and utilize the ciphertext of this computer fingerprint deciphering client upload to obtain a random number, described second random number of this random number and server generation is compared, when equating, judge the inspection binding unit that binding is passed through
Preferably, this safety detection device further comprise be used to control described safety detection device can only be by described server calls, can not be by other domain name websites or the security control unit that website called by the IP visit.
Preferably, state client and comprise PC, portable terminal or PDA.
Preferably, described hardware information comprises ID, mainboard information, hard disk information or the network interface card information of CPU.
Preferably, set up the binding information processing unit and utilize the RSA asymmetric arithmetic, use public-key described first random number, computer fingerprint and computer identity are encrypted.
Preferably, the ciphertext that the reception of unit by using RSA pairing private key is set up in the binding of server is decrypted, and obtains described first random number, computer fingerprint and computer identity.
(3) beneficial effect
Use system of the present utility model, the user utilizes the hardware information of client device to carry out network registry, the same hardware information that uses client device in safety certification process makes that network side server can this client of unique identification, thereby guarantees the fail safe of network operation.
Description of drawings
Fig. 1 is the structured flowchart of safety detection device in the utility model security certification system.
Embodiment
For making the purpose of this utility model, technical scheme and advantage clearer,, the utility model is described in further details below in conjunction with example and with reference to accompanying drawing.
Usually, the user utilizes the Internet or local area network (LAN) etc. to link to each other with server, thereby obtains various services, for example send Email, accessing database, data download or online browse etc. by client devices such as PC, mobile phone or PDA.But a lot of services need be carried out safety certification to the user, according to security authentication mechanism of the present utility model, need one safety detection device be set at client device.Realization principle of the present invention is that particular clients and a certain server are bound, thereby realize that server is when providing certain service to the user, server comes this client of unique identification by the hardware information of client, usurps user cipher and intercepting message to prevent network hacker.
With reference to Fig. 1, Fig. 1 shows the utility model security certification system, and it comprises client 1 and server 2.Server 2 is connected by networks such as the Internet, local area network (LAN) or wide area networks with client 1.Also comprise safety detection device in client 1, this device comprises main control unit 10, hardware information processing unit 11, sets up binding information processing unit 12, checks binding information processing unit 14 and security control unit 15.Wherein hardware information processing unit 11, set up binding information processing unit 12, check that binding information processing unit 14 all is connected with main control unit 10 with security control unit 15.
Hardware information processing unit 11, be used to gather the hardware relevant information of client device, when client device was PC, relevant hardware information for example was: the ID of CPU, mainboard information, hard disk information, network interface card information etc., these information can make a distinction any two machines.
Collect after the hardware relevant information, described hardware information processing unit 11 is according to built-in computer fingerprint generating algorithm, the combination of these information is generated optional network specific digit information by summary and special algorithm, it is computer fingerprint, the computer of the unique definite correspondence of energy, simultaneously, according to built-in computer identity generating algorithm, with the combination of the partial information of aforementioned calculation machine hardware relevant information by summary and special algorithm generation optional network specific digit information, be computer identity, computer that also can unique definite correspondence.And computer fingerprint and the computer identity that generates be transferred to main control unit 10.
Set up binding information processing unit 12, receive one first random number, computer fingerprint and computer identity from main control unit 10.Described first random number downloads to client from server.Set up binding information processing unit 12 and utilize built-in RSA asymmetric arithmetic, utilize PKI that described first random number, computer fingerprint and computer identity are encrypted, wherein said first random number can be used as one and obscures the factor.First random number, computer fingerprint and computer identity after will encrypting then return to main control unit 10, submit to server by main control unit 10.
With client 1 accordingly, at server 2 ends one binding is set and sets up unit 21, be connected the also control of controlled unit 20 with control unit 20, wherein this binding is set up the unit in first random number that gets access to from client 1 through encrypting, after computer fingerprint and the computer identity, utilize RSA pairing private key that the ciphertext of submitting to is decrypted, obtain described first random number, computer fingerprint and computer identity, first random number that produces with this random number of deciphering out and server compares, if equate, then described computer fingerprint and computer identity be registered in the described customer information.
Safety detection device also comprises checks binding information processing unit 14, is used for receiving one second random number, described computer fingerprint and computer identity from main control unit 10, and described second random number is produced by server, and downloads to client.Check that binding information processing unit 14 utilizes the key of described computer fingerprint as symmetric cryptography, described second random number is encrypted, ciphertext and described computer identity after encrypting are returned to main control unit 10 in the lump.Submit to server 2 by main control unit 10.
With client accordingly, be provided with one at server end 2 and check binding unit 22, it is connected to the control of control unit 20 and controlled unit 20.The computer identity that this inspection binding unit 22 utilizes client to transmit up, to the computer fingerprint of server retrieves client in server registers, and utilize this computer fingerprint to decipher the ciphertext of sending on client, obtain one second random number, second random number of this random number and server generation is compared, if equate, then check to bind and pass through.
In addition, safety detection device also comprises security control unit 15, be used to control can only the domain name of appointment (for example: https: //www.***.com.cn/) website calls this safety detection device, can not be called by other domain name websites or the website of visiting by IP, prevent that effectively the hacker from calling this safety detection device, gain client's hardware information by cheating, or obtain disposable hardware check ciphertext spoofs services device.
By security certification system of the present utility model is provided, can set up the binding relationship between client and the server, improve the ability that the client resists network fraud and false website " fishing ", and improved the relative safety of the customer information after information such as password are stolen, be that a kind of very effective of existing network secure authentication mode replenished.Safety detection device can also effectively be controlled the risk that client sessions is held as a hostage, even the hacker takes the session ID that preserves in each page of certain website, also can't carry out key operation, thereby guarantee that further the user carries out the fail safe of network operation from the machine of binding.
The security certification system that the utility model provides is a kind of safety certification pattern of active, provide the client to set up the terminal binding, make the client on the terminal of described binding, to finish some network operation, effectively taken precautions against the networking password and revealed this risk.Core concept of the present utility model is by at client computer terminal deployment secure checkout gear, collect the computer hardware fingerprint and (refer to the computer hardware relevant information, such as: CPU information, mainboard information, hard disk information, the optional network specific digit information that the combination of network interface card information is obtained by summary and special algorithm, the unique definite corresponding computer of energy), and the computer hardware finger print information of collecting is registered in the webserver, when the client carries out network operation, whether check client computer hardware finger print information that uses and the computer hardware finger print information that has been registered in the webserver mates, if be complementary, then allow to carry out network operation, otherwise forbid the network operation of being correlated with.
Above-described specific embodiment; the purpose of this utility model, technical scheme and beneficial effect are further described; institute is understood that; the above only is a specific embodiment of the utility model; be not limited to the utility model; all within spirit of the present utility model and principle, any modification of being made, be equal to replacement, improvement etc., all should be included within the protection range of the present utility model.
Claims (8)
1. a security certification system is characterized in that, this system comprises:
Be used for providing the server of service to client;
The client that is connected with server by network;
This client comprises a safety detection device, and this safety detection device further comprises:
Be used to gather the client hardware relevant information, and utilize institute's information of obtaining to generate the computer fingerprint of unique this client of identification of energy and the hardware information processing unit of computer identity,
Be used for encrypting, and set up the binding information processing unit what ciphertext sent to described server to described computer fingerprint, computer identity and from first random number that server obtains;
Described server further comprises and being used for after server gets access to described ciphertext, described ciphertext is decrypted, obtain a random number, computer fingerprint and computer identity, and the unit is set up in the binding of the binding relationship between foundation and the client when described first random number that this random number and server produce equates.
2. system according to claim 1, it is characterized in that this safety detection device further comprises: second random number that is used to obtain described computer fingerprint, computer identity and receives from server, and utilize the key of described computer fingerprint as symmetric cryptography, described second random number is encrypted the inspection binding information processing unit that the ciphertext after encrypting and described computer identity are sent to server in the lump.
3. system according to claim 2, it is characterized in that this server further comprises: the computer identity that is used to utilize client upload, at the computer fingerprint of server retrieves client in server registers, and utilize the ciphertext of this computer fingerprint deciphering client upload to obtain a random number, described second random number of this random number and server generation is compared, when equating, judge the inspection binding unit that binding is passed through
4. system according to claim 1, wherein safety detection device further comprises security control unit, being used to control described safety detection device can only maybe can call by the website that assigned ip conducts interviews by appointed domain name website.
5. according to each described system of claim 1-4, described client comprises PC, portable terminal or PDA.
6. according to each described system of claim 1-4, described hardware information comprises ID, mainboard information, hard disk information or the network interface card information of CPU.
7. according to each described system of claim 2-4, set up the binding information processing unit and utilize the RSA asymmetric arithmetic, use public-key described first random number, computer fingerprint and computer identity are encrypted.
8. system according to claim 7, the ciphertext that the reception of unit by using RSA pairing private key is set up in the binding of server is decrypted, and obtains described first random number, computer fingerprint and computer identity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010202593174U CN201717891U (en) | 2010-07-07 | 2010-07-07 | Safety certification system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010202593174U CN201717891U (en) | 2010-07-07 | 2010-07-07 | Safety certification system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201717891U true CN201717891U (en) | 2011-01-19 |
Family
ID=43463899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010202593174U Expired - Lifetime CN201717891U (en) | 2010-07-07 | 2010-07-07 | Safety certification system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201717891U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981262A (en) * | 2019-02-28 | 2019-07-05 | 深圳点猫科技有限公司 | A kind of client anti-violence crack method and device |
| CN113923012A (en) * | 2021-09-30 | 2022-01-11 | 杭州默安科技有限公司 | Fingerprint generation method and tamper-proof method for client device |
-
2010
- 2010-07-07 CN CN2010202593174U patent/CN201717891U/en not_active Expired - Lifetime
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981262A (en) * | 2019-02-28 | 2019-07-05 | 深圳点猫科技有限公司 | A kind of client anti-violence crack method and device |
| CN113923012A (en) * | 2021-09-30 | 2022-01-11 | 杭州默安科技有限公司 | Fingerprint generation method and tamper-proof method for client device |
| CN113923012B (en) * | 2021-09-30 | 2024-01-26 | 杭州默安科技有限公司 | Fingerprint generation method and tamper-proof method of client device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101873331B (en) | Safety authentication method and system | |
| CN111209334B (en) | Power terminal data security management method based on block chain | |
| CN102771102B (en) | The network of distribute digital content and management method | |
| CN105975846B (en) | The authentication method and system of terminal | |
| CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
| CN111917773B (en) | Service data processing method and device and server | |
| CN101374050B (en) | Apparatus, system and method for implementing identification authentication | |
| CN110324287A (en) | Access authentication method, device and server | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| CN101951321B (en) | Device, system and method for realizing identity authentication | |
| CN108243176B (en) | Data transmission method and device | |
| CN101534192B (en) | System used for providing cross-domain token and method thereof | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN101299753A (en) | Web service security control mechanism based on proxy server | |
| CN106789841A (en) | Method for processing business, terminal, server and system | |
| CN102457509A (en) | Safe access method, device and system of cloud computing resource | |
| CN109716725B (en) | Data security system, method of operating the same, and computer-readable storage medium | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| CN112613006A (en) | Power data sharing method and device, electronic equipment and storage medium | |
| CN108390866A (en) | Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy | |
| CN202206419U (en) | Network security terminal and interactive system based on terminal | |
| CN106850592B (en) | A kind of information processing method, server and terminal | |
| CN109510710A (en) | A kind of response method and system of service request | |
| CN107615797A (en) | A kind of device, method and system of hiding subscriber identity data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20110119 |
|
| CX01 | Expiry of patent term |