CN203120164U - Short message based device for bidirectional multiple-factor dynamic identity authentication - Google Patents
Short message based device for bidirectional multiple-factor dynamic identity authentication Download PDFInfo
- Publication number
- CN203120164U CN203120164U CN201320012110.0U CN201320012110U CN203120164U CN 203120164 U CN203120164 U CN 203120164U CN 201320012110 U CN201320012110 U CN 201320012110U CN 203120164 U CN203120164 U CN 203120164U
- Authority
- CN
- China
- Prior art keywords
- authentication
- server
- registered user
- user
- bidirectional
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The utility model discloses a short message based device for bidirectional multiple-factor dynamic identity authentication, which aims to solve the problem that an existing bidirectional multiple-factor authentication method is prone to attacks such as reset, dictionary, network interception, tampering and guessing. The authentication device comprises a registered user and an authentication server, wherein the registered user is connected with the authentication server through the Internet, the authentication server is connected with a GSM modem which is connected with a mobile phone terminal through a mobile network, and the mobile phone terminal is connected with the registered user. The authentication method includes that when the registered user successfully authenticates the authentication server and the authentication server successfully authenticates the registered user, bidirectional authentication is successful, and authentication is completed. By the authentication device, on one hand, the server can authenticate a user, and on the other hand, the user can authenticate the server, so that bidirectional authentication between a client side and the authentication server is achieved. Further, bidirectional identity authentication strength of the client side and the server is enhanced.
Description
Technical field
The utility model relates to field of identity authentication, especially a kind of device that utilizes SMS to carry out two-way multiple-factor authentication.
Background technology
For network information system, can identify user's identity, be to guarantee safe basis and crucial.Authentication is the most important the first line of defence of network security, is most important security service, and other security service all will depend on it.The target of assault often is exactly identity authorization system, in case identity authorization system is broken, then all of system are arranged safely
Execute and to perform practically no function.Along with the development of ecommerce, E-Government and mobile computing technology, it is more and more important and complicated that authentication becomes.Network information system all can require the user before the use system, provides some relevant informations in order to realize the authentication to the user.
Authentication is exactly whether the true identity that confirms the user conforms to its identity of claiming, to prevent that the disabled user is by the process of identity swindle access system resources.At present, main identification authentication mode is broadly divided into three classes: the secret that (1) has only this main body to know, the form of use " user name+password " usually; Client is sent to authentication center with above-mentioned information, and corresponding entry is inquired about by authentication center from database, passes through if conform to then authenticate with information that the user provides.(2) article that have of main body are as physical mediums such as smart card or USBKey; System's validated user is all held a token or smart card, wherein produces or store user's individualized parameter such as dynamic password, digital certificates etc.When user access resources, will authenticate the identification language by the data in the physical medium and send to system.(3) unique feature or the ability of having only this main body to have is as fingerprint, pupil, sound etc.Authenticating party comes authenticating identity according to some feature of extracting certified side, typical feature such as fingerprint, iris, DNA etc.
Adopt above a certain method to carry out authentication separately and be called the single-factor authentication, the single-factor authentication method has open defect: the form of " user name+password " there is nature static, stationarity and long-term usability and is subjected to be subjected to easily playback, dictionary, network interception easily, distorts and attack such as conjecture in (1) class, and is difficult to memory.If physical mediums such as smart card or USBKey are just lost to be pretended to be by the people easily, some physical medium needs special-purpose card reader in addition in (2) class, and is convenient and pay very high purchase cost and management cost inadequately in the use.Biological characteristic authentication in (3) class is not easy to popularize because factors such as authenticating device price and technology only are suitable for the very high occasion of privacy degrees.Deposit biological attribute data storehouse itself in addition and do not have level security, be generalized in system and be easy to be stolen and distort when carrying out authentication in the Internet, and the irrevocable property of biological characteristic, catastrophic consequence just caused in case reveal.
Double factor authentication is exactly on the basis of single-factor authentication, adopts second method to authenticate again, and namely the user need show second identity.The method of double factor authentication mainly contains digital double factor authentication, biological double factor authentication such as finger print identifying etc.One of numeral double factor authentication digital certificate authentication (PKI+USBKEY) is considered to the safest way of present industry identification safety authentication, but because the specification requirement height, the End-Customer operation requires the natural wastage of height and USBKEY big, is difficult to obtain large-scale popularization; Digital certificate has high security, but inconvenient, technical threshold is high, price is expensive and the insecurity of client, is difficult to obtain large-scale popularization equally.Existing bidirectional double factor authentication method, adopt encrypted message and authentication identification language that user and server are carried out the bidirectional double factor authentication, this authentication method exists nature static, stationarity and long-term usability and is subjected to playback, dictionary, network interception easily, distorts and attack such as conjecture.
The utility model content
The purpose of this utility model provides the two-way dynamic identity authentication device of a kind of multiple-factor based on SMS, with being reset easily of solving that existing bidirectional double factor authentication method exists, dictionary, network interception, distort and problem that conjecture etc. is attacked.
The two-way dynamic identity authentication device of a kind of multiple-factor based on SMS, comprise registered user, certificate server, described registered user links to each other with certificate server by the Internet, described certificate server links to each other with the note cat, described note cat links to each other with mobile phone terminal by the mobile network, and described mobile phone terminal links to each other with described registered user.
Certificate server is nullified dynamic verification code in the certain hour section, prevent Replay Attack.Dynamic verification code is the digital one time string that is generated by the random number generation system.Authentication identification language is the character information of oneself knowing easy note that the user arranges when registering, and can be passage, string number or a group code etc.Authentication identification language does not transmit in traditional IP, thereby has avoided information to be intercepted, leak by mobile networks such as GSM, CDMA transmission.
Certificate server is equipped with softwares such as SMS platform and random number generation system, and the information of submitting to the registered user is authenticated; SMS platform is installed on the certificate server; The random number generation system is used for generating at random disposable dynamic verification code, and SMS platform is used for management transmission note and the note cat is used.
The note cat is the intermediate equipment of short message receiving-transmitting indispensability, certificate server sends to mobile phone terminal with dynamic verification code and authentication identification language through note cat and mobile network, information such as the number of the account that the reception registered user submits to by network, dynamic verification code, and authenticate; Described mobile phone terminal is used for receiving the note that comprises dynamic verification code and authentication identification language that sends through SMS platform, mobile network and note cat; The registered user is that the correctness of speaking is identified in the authentication of receiving on the checking mobile phone, and certificate server is authenticated.
The registered user has registered information such as number of the account (comprising username and password), authentication identification language and phone number at certificate server.
The note cat is a kind of technical grade GSM MODEM, is connected with computer by serial ports, can carry out the equipment of short message receiving-transmitting by AT instruction control; SMS platform adopts the fast short message management system that reaches Science and Technology Ltd. of Beijing Noah, can carry out secondary development; The mobile network refers to any one or combination of GSM, GPRS, EDGE or cdma wireless data communication network; Mobile phone terminal is the regular handset that can receive and dispatch note, need not to install any software.
Mobile phone has become the necessity of life at present, and note is used more frequent.This device has improved reliability and the fail safe of authentication, has ensured the safety of the network information.
This device has following characteristics: 1. preventing playback attack.Dynamic verification code is the one-time password that changes, and this password is nullified in the certain hour section automatically, and Service-Port does not keep password, even the assailant has obtained this identifying code by eavesdropping, also can't be used for authentication next time, makes that the assailant is difficult to reset.2. preventing interception, leakage.The user authenticates the identification language by mobile networks such as GSM, CDMA transmission, does not transmit in traditional IP, thereby has avoided information to be intercepted, leak.3. integrality.Realized the two-way authentication between client and the certificate server end.4. be easy to penetration and promotion, this device does not have the problem of hardware compatibility, and is cheap, practical, easy to use, and the management maintenance cost is low, is easy to penetration and promotion.
The utility model organically combines the communication technology and network technology, the two-way dynamic identity authentication method of multiple-factor of a kind of dynamic verification code based on SMS, authentication identification language and network password is proposed, in number of the account checking, dynamic verification code checking and the checking of authentication identification language all during success, the two-way authentication success.This authentication method can provide the authentication of server to the user on the one hand, and the user can be provided authentication to server on the other hand, has realized the two-way authentication of client and certificate server.Further strengthened the intensity of client and server end bidirectional identity authentication.This authentication method does not change the overall architecture of existing system, meets user's use habit.
Description of drawings
Fig. 1 is the structural representation of the two-way dynamic identity authentication device of a kind of multiple-factor based on SMS;
Fig. 2 is the flow chart of the two-way dynamic identity authentication method of a kind of multiple-factor based on SMS.
Embodiment
The following examples can further specify the utility model, but limit the utility model never in any form.
The two-way dynamic identity authentication device of a kind of multiple-factor based on SMS, comprise registered user 3, certificate server 2, described registered user 3 links to each other with certificate server 2 by the Internet 1, described certificate server 2 links to each other with note cat 4, described note cat 4 links to each other with mobile phone terminal 5 by mobile network 6, and described mobile phone terminal 5 links to each other with described registered user 3.
The two-way dynamic identity authentication device authentication of this multiple-factor step is as follows:
Step 100: the authentication beginning, registered user 3 submits to account information to certificate server 2 by the Internet 1.
Step 101: whether the account information checking that 2 couples of registered users of certificate server 3 submit to is successful, is, forwards step 102 to, not, forwards step 111 to.
Step 102: 2 couples of registered users of certificate server 3 are authentication success for the first time.
Step 103: the random number generation system on the certificate server 2 produces disposable dynamic verification code.
Step 104: certificate server 2 is identified language is sent to the registered user by SMS platform, note cat 4, mobile network 6 mobile phone terminal 5 with dynamic verification code and authentication automatically.
Step 105: certificate server 2 is nullified dynamic verification code in the certain hour section, prevent Replay Attack.
Step 106: whether the authentication identification language that registered user's 3 checking mobile phone terminals 5 receive is successful, is, forwards step 107 to, not, forwards step 111 to.
Step 107: the authentication success of 3 pairs of certificate servers 2 of registered user.
Step 108: the dynamic verification code that registered user 3 submits to mobile phone terminal 5 to receive to certificate server 2.
Step 109: whether 2 pairs of dynamic verification code checkings of certificate server are successful, are, forward step 110 to, not, forward step 112. to
Step 110: 2 couples of registered users of certificate server 3 are authentication success for the second time.
Step 111: authentification failure, forward step 100 to, restart authentication.
Step 112: authentification failure, forward step 100 to, restart authentication.
Step 113: when 3 pairs of certificate servers 2 of registered user and 2 couples of registered users of certificate server 3 authenticate successes, the two-way authentication success, authentication finishes.
Claims (1)
1. two-way dynamic identity authentication device of the multiple-factor based on SMS, comprise registered user, certificate server, described registered user links to each other with certificate server by the Internet, it is characterized in that: described certificate server (2) links to each other with note cat (4), described note cat (4) links to each other with mobile phone terminal (5) by mobile network (6), and described mobile phone terminal (5) links to each other with described registered user (3).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201320012110.0U CN203120164U (en) | 2013-01-10 | 2013-01-10 | Short message based device for bidirectional multiple-factor dynamic identity authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201320012110.0U CN203120164U (en) | 2013-01-10 | 2013-01-10 | Short message based device for bidirectional multiple-factor dynamic identity authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN203120164U true CN203120164U (en) | 2013-08-07 |
Family
ID=48900473
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201320012110.0U Expired - Fee Related CN203120164U (en) | 2013-01-10 | 2013-01-10 | Short message based device for bidirectional multiple-factor dynamic identity authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN203120164U (en) |
-
2013
- 2013-01-10 CN CN201320012110.0U patent/CN203120164U/en not_active Expired - Fee Related
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
CN101051908B (en) | Dynamic cipher certifying system and method | |
CN104113549B (en) | A kind of platform authorization method, platform service end and applications client and system | |
CN105164689B (en) | Customer certification system and method | |
TWI587672B (en) | Login authentication method, client, server and system | |
CN108989278A (en) | Identification service system and method | |
CN103916244B (en) | Verification method and device | |
CN105516133B (en) | User identity verification method, server and client | |
US20170310663A1 (en) | Local and Remote Access Apparatus and System for Password Storage and management | |
CN103414562B (en) | User authority control method and device based on URL fingerprint techniques | |
CN103067390A (en) | User registration authentication method and system based on facial features | |
CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
CN106488452A (en) | A kind of mobile terminal safety access authentication method of combination fingerprint | |
CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
CN105635075A (en) | Method of registering cloud terminal, cloud terminal, cloud server and cloud system | |
CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
CN110071937A (en) | Login method, system and storage medium based on block chain | |
CN109257338A (en) | A kind of System and method for of server log re-authentication | |
KR101348079B1 (en) | System for digital signing using portable terminal | |
CN106302539A (en) | A kind of embedded type WEB safety certifying method | |
CN104935550A (en) | Intelligent electronic commerce user management system technique and operating method thereof | |
CN104703180A (en) | Implicit multiple authentication method based on mobile Internet and intelligent terminal | |
CN105681350A (en) | Zero interaction double-factor authentication system and method | |
CN102938116A (en) | Full-link protection and management method for ensuring safety of transaction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130807 Termination date: 20160110 |