[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN104601602B - A kind of terminal device network security enhancing access and authentication method - Google Patents

A kind of terminal device network security enhancing access and authentication method Download PDF

Info

Publication number
CN104601602B
CN104601602B CN201510088042.XA CN201510088042A CN104601602B CN 104601602 B CN104601602 B CN 104601602B CN 201510088042 A CN201510088042 A CN 201510088042A CN 104601602 B CN104601602 B CN 104601602B
Authority
CN
China
Prior art keywords
terminal device
certification
authentication code
enhancing
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510088042.XA
Other languages
Chinese (zh)
Other versions
CN104601602A (en
Inventor
丁爱民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Cheng Zhongzhi Science And Technology Ltd
Original Assignee
Beijing Cheng Zhongzhi Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Cheng Zhongzhi Science And Technology Ltd filed Critical Beijing Cheng Zhongzhi Science And Technology Ltd
Priority to CN201510088042.XA priority Critical patent/CN104601602B/en
Publication of CN104601602A publication Critical patent/CN104601602A/en
Application granted granted Critical
Publication of CN104601602B publication Critical patent/CN104601602B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the present invention provides a kind of terminal device network security enhancing access and authentication method, including:Terminal device is registered on checking gateway, and checking gateway is by crucial log-on message according to special algorithm generation safety enhancing authentication code, the safety enhancing authentication code of checking gateway storage generation, while authentication code is imparted to terminal device.During terminal device network insertion, whether the safety enhancing authentication code that checking gateway authentication terminal device is provided is correct, to carry out safety certification to terminal device.The method of the present invention improves many certification factor transmission securities, reduces authentication data network traffic flow, reduces certification duration.

Description

A kind of terminal device network security enhancing access and authentication method
Technical field
The present invention relates to information security field, more particularly to a kind of terminal device network security enhancing access and authenticating party Method.
Background technology
Authentication is an importance of safe practice, for differentiating user identity, limitation unauthorized users to access system System resource.In any one safe network service, communication parties must be demonstrate,proved by some form of Authentication mechanism Their bright identity, then could realize the access control for different user.Authentication is first of pass of security system Card, user first passes around identity authorization system and recognizes whether its identity is consistent with what is declared before access system, Ran Houyou Security system determines whether user is able to access that some resource according to the identity of user and pre-sales database.Once authentication system System is broken, then all safety measures of system will perform practically no function.The target of assault is exactly often identity authorization system, Perfect authentication system builds the authentication of a safety to safeguarding that network security is played a very important role Model is very necessary.
Identification authentication mode main at present is broadly divided into three classes:(1) there was only the secret that the main body is known, it is usually used The form of " user name+password ";Above- mentioned information is sent to authentication center by client, and authentication center is inquired about accordingly from database , certification passes through if being consistent with the information that user provides.(2) article that main body possesses, such as mobile phone, intelligent terminal, intelligence The physical medium such as card or USBKey, the scraps of paper;System validated user all holds a token can just pass through in authentication gateway, wherein producing Raw or storage user personal parameter such as dynamic password, digital certificates etc..When user access resources, by physical medium Certification identification language is sent to system by data.(3) there was only unique feature or ability that the main body has, such as fingerprint, Pupil, sound etc.;Authenticating party according to extract the side of being certified some features come authenticating identity, typical feature such as fingerprint, iris, DNA etc..
Pass through research, it is believed that:The main cause for now resulting in security incident is that main frame soft-hardware configuration has design Leak and strict certification and authorization control are not carried out to user.What conventional security was taken precautions against focuses on to server and net In the protection of network, and ignore the safety of terminal connector in itself.But most attack be all by terminal connector in itself Caused by dangerous, so security system only is set up from the source that terminal is accessed, it is inside and outside to prevent constructing real peace altogether Complete believable network environment.
The present inventor is on the basis of with reference to the characteristics of existing authentication techniques and trust computing, it is proposed that a kind of terminal device net Enhancing is accessed and authentication method network safely.The basic thought of this method is the safety state information by assessing access terminal equipment To implement NS software, before internal network service or resource is provided to terminal device, according to its identity authentication result and Integrity state allows whether to access." hidden danger terminal " is abandoned outside network, one " clean ", " believable " is built Network, so as to reduce the frequency of network safety event generation, improves the ability that network tackles security threat.
During the present invention is realized, inventor has found that the existing method to the access of terminal device network security is at least deposited In following problem:1st, the certification factor of terminal device is more, and the information filled in contains title, type, proxy server, end The input items such as mouth, user name, password, some proprietary term laymans do not know about or are difficult to understand for;2nd, traditional terminal is set Standby security system such as host firewall, main frame bogusware etc. can be found that the potential safety hazard of system, carry out security evaluation, but nothing Method controls the network access authority of the terminal, therefore can not also reduce the harm that dangerous terminal is caused to network.Present terminal Equipment safety system only payes attention to protection local terminal and protects it from virus harm and network attack, but ignores the peace of terminal device Full hidden danger influences whether the safety of whole network, Host Security is not brought into the field of network-wide security.3rd, it is traditional to prevent Wall with flues, intrusion detection and virus prevention software for main composition information safety system to prevent attaching most importance to outside, it is impossible to effectively solution The internal security as caused by dangerous terminal is threatened.4th, in verification process, the certification factor is directly exposed on network and is transmitted, It is easy to be illegally accessed;5th, for having system or network compared with high safety requirement, security domain takes multiple-factor safety certification Technology improves safety certification rank, and existing authorization and identification technology needs demo user to transmit all certification factors, for example The multiple information such as user cipher, user characteristics value, system terminal medium, cause network traffics big, in the feelings that the network bandwidth is limited Under condition, especially under mobile communications network, because authentication data transmission time is longer, to directly result in verification process time-consuming very long;
Compared with prior art, the present invention can effectively solve the problem that prior art can not carry out self-validation and resistance to terminal device Only the problem of man-in-the-middle attack.Before contrast, in the present invention in the registration, access application, access authentication to terminal device Aspect has obvious innovation.This method has obvious innovation in more conventional terminal device access way, employs multiple The way of certification combinations of factors coding, the not certified transmission factor in verification process can more be effectively protected access safety, prevent The certification factor is stolen, and secondly carries out re-authentication to the access authentication of terminal device, has ensured the access safety of terminal device, Prevent go-between's stealing and usurping to access-in point information.
The content of the invention
The embodiment of the present invention provides a kind of terminal device network security enhancing access and authentication method, with right in security domain Many certification factor transmission securities are improved when terminal device is authenticated, authentication data network traffic flow is reduced, certification is reduced Duration.
According to the first aspect of the invention there is provided a kind of terminal device network security enhancing access and authentication method, it is used for The verification process of the terminal device of security domain, the security domain includes checking gateway, terminal device network security enhancing access Include with authentication method:
Step is registered in terminal device access, in the registration step, chooses terminal device Partial key Back ground Information As certification factor storage to checking gateway, the process that the certification factor is stored to checking gateway calls registering;
Generation safety enhancing authentication code step, checking gateway is by the certification factor of storage according to the specific group that puts in order Close, authentication code is strengthened using special computational methods generation safety, and the safety enhancing authentication code of generation is imparted to terminal setting Standby middle storage, itself storage is first read in terminal device application certification factor when accessing uses the combination that puts in order arranged, together When according to agreement specific calculations method, by the multiple certification factors read generation safety enhancing authentication code;
Terminal device strengthens safely authenticating step, and terminal device is first to own verification, and terminal device reads itself storage The partial authentication factor according to agreement the combination that puts in order, and using agreement specific calculations method generation safety enhancing certification Code and the safety enhancing authentication code of itself storage match, if mismatching, self-validation failure are pointed out, if matching sends access Shen Please, while the safety enhancing authentication code that terminal device is generated is sent into checking gateway, checking gateway, which receives safety enhancing, to be recognized The safety enhancing authentication code that card code is stored with itself is matched, and is matched identical, access network, is otherwise pointed out access failure.
A kind of terminal device network security enhancing access according to the second aspect of the invention and authentication method, the terminal Step is registered in equipment access to be included:
In the registration step, terminal device Partial key Back ground Information is chosen as certification factor storage to checking net Close, the process that the certification factor is stored to checking gateway calls registering, and registration does not limit online mode or offline side Formula, this method supports the manual typing certification factor of checking gateway, while also supporting checking gateway to obtain recognizing for terminal device automatically Demonstrate,prove the factor;
A kind of terminal device network security enhancing access according to the third aspect of the invention we and authentication method, the generation The step of safety enhancing authentication code, includes:
Checking gateway according to the specific combination that puts in order, generates the certification factor of storage using special computational methods Safety enhancing authentication code, the safety enhancing authentication code storage of generation is into checking gateway, while the safety enhancing certification of generation Code is imparted in terminal device and stored, when terminal device application is accessed, the certification factor stored in automatic reading terminal equipment, will The certification factor read is according to the combination that puts in order of agreement, the computational methods generation safety enhancing authentication code through agreement;
A kind of terminal device network security enhancing access according to the fourth aspect of the invention and authentication method, the terminal Equipment safety enhancing authentication method includes:
Terminal device first reads the certification factor of itself storage when starting access application, put in order combination according to agreement, Through specific calculations method generation safety enhancing authentication code, the safety enhancing authentication code of generation and the safety enhancing certification of itself storage Code-phase is matched, difference prompting self-validation failure, if identical send access authentication application, the certification application of the access sent includes life Into safety enhancing authentication code, checking gateway receive certification application, by receive safety enhancing authentication code with itself store Safety enhancing authentication code match, if matching checking gateway automatically access network, otherwise point out access failure;
A kind of terminal device network security enhancing access according to the fifth aspect of the invention and authentication method, the structure Terminal device and checking gateway accessing two-way authentication, can either ensure security, operation efficiency can be improved again.In terminal device During each login authentication gateway, terminal device detects whether the safety enhancing authentication code of itself is correct, and terminal device is stored Many certification factors are according to certain combination that puts in order, generation safety enhancing authentication code, the safety enhancing authentication code of generation with from Whether the safety enhancing authentication code of body storage is identical, identical directly to send access application, otherwise can not send access application, point out Self-validation fails, and whether the safety enhancing authentication code that checking gateway checking terminal device when receiving access application is carried is with testing The safety enhancing authentication code of card gateway storage matches;
A kind of terminal device network security enhancing access according to the sixth aspect of the invention and authentication method, generation safety On the one hand strengthen the computational methods of authentication code will have specific calculations method, i.e. the length of safety enhancing authentication code is less than generation The total length of data of safety enhancing authentication code, quantity, the length of the certification factor do not influence the length of safety enhancing authentication code;It is another The difference of aspect identical calculations data put in order generation result of calculation it is different, that is, generate safety enhancing authentication code data Permutation and combination order is different, and the safety enhancing authentication code of generation is also different, and safety enhancing authentication code computational methods are preferably adopted With hash algorithm, MD5, SHA scheduling algorithm are preferably used in hash algorithm, safety enhancing certification code bit number is not limited, preferably 32,64,128,256;
A kind of terminal device network security enhancing access according to the seventh aspect of the invention and authentication method, the certification The state of the factor, obtains the certification factor of terminal device to authentication gateway, the certification factor can be static fixed, can be State change, can also it is existing it is static fixed have dynamic change again, if the certification factor comprising dynamic change, each terminal Equipment application is linked into authentication gateway, and authentication gateway obtains terminal device enhancing authentication code safely, meets dynamic rule, build Vertical access accreditation;
A kind of terminal device network security enhancing access according to the eighth aspect of the invention and authentication method, the terminal Equipment Self-certified method includes:
Terminal device is sent before access application, first itself is carried out preliminary certification to terminal device, is obtained terminal device Subparticipation certification the certification factor, by the order permutation and combination of agreement, and using the specific calculations method generation of agreement Safety enhancing authentication code, the safety enhancing authentication code that the safety enhancing authentication code of generation is stored with itself matches, if matching is logical Self-certified success is crossed, Self-certified failure is otherwise pointed out, this authentication method reduces the checking pressure of checking gateway, improves and test The verification efficiency of gateway is demonstrate,proved, self-validation is without using network traffics, by reducing the content that network authentication number of times and certification are transmitted Improve certification speed.
A kind of terminal device network security enhancing access according to the ninth aspect of the invention and authentication method, the safety Authentication method also includes secondary safety certification process, and once certification is preliminary certification, and preliminary certification increases for the safety of terminal device Strong authentication code certification, the authentication verification factor it is correct, in preliminary certification not in the case of, without it is secondary safety strengthen Access authentication, secondary safety enhancing access authentication is to verify that gateway, to terminal device identity validation certification again, proves institute automatically There are the data on terminal device to be all not tampered with, the safety guarantee to terminal device network insertion is enhanced again.
A kind of terminal device network security enhancing access according to the tenth aspect of the invention and authentication method, the terminal Equipment does not store the generation safety enhancing computational methods of authentication code and putting in order for data, even if terminal device is tampered and copied Shellfish, the method that can not also obtain generation safety enhancing authentication code, has ensured the security of terminal device.
Above-mentioned technical proposal has the advantages that:1st, a kind of terminal device network security of the invention enhancing access with Authentication method is in verification process, simply transmission user name and safely enhancing authentication code, and the certification factor, authentication code generating algorithm Transmitted not in verification process, therefore enhance the security of terminal device network insertion, ensured the safety of the certification factor, Even if terminal device is tampered and copied, the method that can not also obtain generation safety enhancing authentication code has ensured terminal device Security.2nd, the present invention is perfectly suitable for the certification of multiple certification factors, by specific calculations method, encodes out safe enhancing Authentication code causes each, and certification factor is interrelated, be mutually authenticated, and improves the rank of safety certification.3rd, the inventive method is preferably adopted The safety enhancing authentication code of regular length is encoded out with hash algorithm, quantity, the length of the certification factor do not influence safety enhancing to recognize Demonstrate,prove the length of code;Certification only needs the enhancing authentication code safely of certification respectively, and the content transmitted by reducing certification number of times and certification is carried High certification speed, and hash algorithm has very strong data compression effects in itself, is carried by reducing network traffics during certification High certification speed.4th, the present invention completes terminal device registration, safety enhancing authentication code by repeatedly interacting negotiation mechanism The work such as generation, the method that double probate generates authentication code twice improves the stability and applicability of system, especially suitable Authorization and identification under mobile communications network.5th, there is provided one kind is general based on the assembly coding that the certification factor is carried out by the present invention All over the data-encoding scheme for being applied to all data types, identical coding, phase can not possibly be exported for different input values With the different data arrangement order of input value can not possibly export identical coding, the features such as with one-way, anti-collision;6、 Present invention demonstrates that this method is safe, reliably, realize simply, with very strong practical value;7th, using two-way authentication Method, in terminal device certification in itself, improves the efficiency of certification, mitigates the certification pressure of authentication gateway, improves certification effect Rate.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
A kind of terminal device network security enhancing accesses and the overview flow chart of authentication method of the Fig. 1 for the present invention.
The procedure chart that Fig. 2 accesses for the terminal device network security enhancing of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
A kind of terminal device network security enhancing accesses and the overview flow chart of authentication method of the Fig. 1 for the present invention.
A kind of terminal device network security enhancing access of the invention shown in Fig. 1 is used for the end of security domain with authentication method End equipment verification process, the security domain includes checking gateway.A kind of terminal device network security enhancing access and authenticating party Method includes:
101st, step is registered in terminal device access
In the registration step, terminal device Partial key Back ground Information is chosen as certification factor storage to checking net Close, the process that the certification factor is stored to checking gateway calls registering;
102nd, safety enhancing authentication code step is generated
Checking gateway according to the specific combination that puts in order, generates the certification factor of storage using special computational methods Safety enhancing authentication code, and the safety enhancing authentication code of generation is imparted to storage in terminal device, terminal device application access When first read the certification factor of itself storage using the combination that puts in order of agreement, while according to the specific calculations method of agreement, By the multiple certification factors read generation safety enhancing authentication code;
103rd, terminal device strengthens safely authenticating step
Terminal device is first to own verification, and terminal device reads the partial authentication factor of itself storage according to the arrangement of agreement Sequential combination, and authentication code and the safety enhancing certification of itself storage are strengthened using the safety of the specific calculations method generation of agreement Code-phase is matched, if mismatching, and points out self-validation failure, if matching sends access application, while the safety that terminal device is generated Enhancing authentication code is sent to checking gateway, and checking gateway receives safety enhancing authentication code and the safety enhancing certification of itself storage Code matching, matches identical, access network, otherwise points out access failure.
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute Stating terminal device access registration step includes:
In the registration step, terminal device Partial key Back ground Information is chosen as certification factor storage to checking net Close, the process that the certification factor is stored to checking gateway calls registering, and registration does not limit online mode or offline side Formula, this method supports the manual typing certification factor of checking gateway, while also supporting checking gateway to obtain recognizing for terminal device automatically Demonstrate,prove the factor;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute The step of stating generation safety enhancing authentication code includes:
Checking gateway according to the specific combination that puts in order, generates the certification factor of storage using special computational methods Safety enhancing authentication code, the safety enhancing authentication code storage of generation is into checking gateway, while the safety enhancing certification of generation Code is imparted in terminal device and stored, when terminal device application is accessed, the certification factor stored in automatic reading terminal equipment, will The certification factor read is according to the combination that puts in order of agreement, the computational methods generation safety enhancing authentication code through agreement;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute Stating terminal device, enhancing authentication method includes safely:
Terminal device first reads the certification factor of itself storage when starting access application, put in order combination according to agreement, Through specific calculations method generation safety enhancing authentication code, the safety enhancing authentication code of generation and the safety enhancing certification of itself storage Code-phase is matched, difference prompting self-validation failure, if identical send access authentication application, the certification application of the access sent includes life Into safety enhancing authentication code, checking gateway receive certification application, by receive safety enhancing authentication code with itself store Safety enhancing authentication code match, if matching checking gateway automatically access network, otherwise point out access failure;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute Structure terminal device and checking gateway accessing two-way authentication are stated, security can either be ensured, operation efficiency can be improved again.At end During each login authentication gateway of end equipment, terminal device detects whether the safety enhancing authentication code of itself is correct, by terminal device Many certification factors of storage are according to certain combination that puts in order, generation safety enhancing authentication code, the safety enhancing certification of generation Whether code is identical with the safety enhancing authentication code of itself storage, identical directly to send access application, otherwise can not send access Shen Please, prompting self-validation failure, the safety enhancing authentication code that checking gateway checking terminal device when receiving access application is carried The safety enhancing authentication code whether stored with checking gateway matches;
Preferably, it is raw in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1 On the one hand the computational methods for strengthening authentication code into safety will have specific calculations method, i.e. the length of safety enhancing authentication code is small In the total length of data of generation safety enhancing authentication code, quantity, the length of the certification factor do not influence the length of safety enhancing authentication code Degree;The difference of another aspect identical calculations data put in order generation result of calculation it is different, that is, generate safety enhancing certification The data arrangement built-up sequence of code is different, and the safety enhancing authentication code of generation is also different, safety enhancing authentication code calculating side Method, which is preferred to use in hash algorithm, hash algorithm, preferably uses MD5, SHA scheduling algorithm, and safety enhancing certification code bit number is unrestricted It is fixed, preferably 32,64,128,256;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute The state of the certification factor is stated, the certification factor of terminal device is obtained to authentication gateway, the certification factor can be that static state is fixed, can To be dynamic change, can also it is existing it is static fixed have dynamic change again, if the certification factor comprising dynamic change, often Secondary terminal device application is linked into authentication gateway, and authentication gateway obtains terminal device enhancing authentication code safely, meets dynamic change Rule, sets up access accreditation;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute Stating terminal device Self-certified method includes:
Terminal device is sent before access application, first itself is carried out preliminary certification to terminal device, is obtained terminal device Subparticipation certification the certification factor, by the order permutation and combination of agreement, and using the specific calculations method generation of agreement Safety enhancing authentication code, the safety enhancing authentication code that the safety enhancing authentication code of generation is stored with itself matches, if matching is logical Self-certified success is crossed, Self-certified failure is otherwise pointed out, this authentication method reduces the checking pressure of checking gateway, improves and test The verification efficiency of gateway is demonstrate,proved, self-validation is without using network traffics, by reducing the content that network authentication number of times and certification are transmitted Improve certification speed.
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute Stating safety certifying method also includes secondary safety certification process, and once certification is preliminary certification, and preliminary certification is terminal device Safety enhancing authentication code certification, the authentication verification factor it is correct, in preliminary certification not in the case of, without secondary peace Full enhancing access authentication, secondary safety enhancing access authentication is checking gateway to terminal device identity validation certification again, automatically Prove that the data on all terminal devices are all not tampered with, the safety guarantee to terminal device network insertion is enhanced again.
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute State terminal device and do not store the generation safety enhancing computational methods of authentication code and putting in order for data, even if terminal device is usurped Change and copy, the method that can not also obtain generation safety enhancing authentication code has ensured the security of terminal device.
A kind of terminal device network security enhancing access of the present invention has the advantages that with authentication method:1st, it is of the invention A kind of terminal device network security enhancing access with authentication method in verification process, simply transmit user name and safety strengthen Authentication code, and the certification factor, authentication code generating algorithm are transmitted not in verification process, therefore enhance terminal device network and connect The security entered, has ensured the safety of the certification factor, even if terminal device is tampered and copied, and can not also obtain generation safety and increase The method of strong authentication code, has ensured the security of terminal device.2nd, the present invention is perfectly suitable for the certification of multiple certification factors, By specific calculations method, encode out safety enhancing authentication code so that each certification factor is interrelated, be mutually authenticated, improve peace The rank of full certification.3rd, the inventive method is preferred to use the safety enhancing authentication code that hash algorithm encodes out regular length, certification Quantity, the length of the factor do not influence the length of safety enhancing authentication code;Certification only needs certification respectively enhancing authentication code and peace safely Full enhancing authentication code, the content transmitted by reducing certification number of times and certification improves certification speed, and hash algorithm is in itself There are very strong data compression effects, certification speed is improved by reducing network traffics during certification.4th, the present invention is by multiple Interaction negotiation mechanism completes the work such as terminal device registration, the generation of safety enhancing authentication code, and double probate is generated twice The method of authentication code, improves the authorization and identification under the stability and applicability of system, the mobile communications network that is particularly suitable for use in. 5th, there is provided a kind of data volume for being generally applicable to all data types based on the assembly coding that the certification factor is carried out by the present invention Code method, can not possibly export identical coding, the different data arrangement order of identical input value is not for different input values Identical coding may be exported, the features such as with one-way, anti-collision;6th, present invention demonstrates that this method is safe, reliably , realize simply, with very strong practical value;7th, using mutual authentication method, in terminal device certification in itself, improve The efficiency of certification, mitigates the certification pressure of authentication gateway, improves authentication efficiency.
The above-mentioned technical proposal of the present invention is described in detail below in conjunction with Application Example:
Embodiment application scenarios are:Terminal device(Mobile phone)Government's internal network is accessed by Security of Mobile Communication Network Safety enhancing access authentication.It is responsible for realizing that mobile phone accesses government's internal network by Security of Mobile Communication Network in the present embodiment Client software is terminal device;It is checking net to be responsible for carrying out terminal device the background system of access authentication and access-in management Close.Access and authentication method, a complete access authentication procedure are strengthened based on terminal device network security proposed by the present invention It is as follows:
201st, the registration process of mobile phone.
Cellphone subscriber's registration is carried out by background management system, registration mode can be that online mode can also be Offline mode, the inventive method does not do any restriction to registration mode, and the present embodiment is introduced using online registration mode. The automatic certifying key factor for obtaining mobile phone essential information on checking gateway, to terminal device before checking gateway registration information Progress registration confirmation is sent, user confirms registration, and background management system can carry out phone user information registration;Not The cellphone subscriber succeeded in registration does not store any cellphone subscriber's certification factor, cellphone subscriber after only succeeding in registration in checking gateway Background management system can be linked into.The crucial essential information of the cellphone subscriber of registration includes name, organization mechanism code, tissue Organization names, cell-phone number, SIM card sequence number, terminal device string number(IMEI number), user cipher, operating system version, Wei Yishen Part identification code etc., the crucial essential information of mobile telephone registration is stored into mobile phone certification factor table.Verify the mobile phone that gateway is obtained The certifying key factor includes name, cell-phone number, user cipher, organization mechanism code, organization's title, SIM card sequence number, end End equipment string number(IMEI number), store it in checking gateway authentication factor table.
Table 1 below is the initial authentication factor table of mobile phone, and table 2 is the certification factor table of checking gateway.In the present embodiment, Data in the table are as follows:
1 mobile phone of table-certification factor table
Name Ding Aimin
Cell-phone number 13911889771
User cipher 889771
Organization mechanism code 08052849-6
Organization's title Beijing Cheng Zhongzhi Science and Technology Ltd.s
IMEI number 354439062668126
SIM card number 89860113811048802040
Operating system version Androd4.2
Unique identities identification code 1234567
Table 2 verifies gateway-certification factor table
Sequence number Data item Value Data type
1 Name Ding Aimin The safety enhancing certification factor
2 Cell-phone number 13911889771 The safety enhancing certification factor
3 User cipher 889771 The safety enhancing certification factor
4 Organization mechanism code 08052849-6 The safety enhancing certification factor
5 Organization's title Beijing Cheng Zhongzhi Science and Technology Ltd.s The safety enhancing certification factor
6 IMEI number 354439062668126 The safety enhancing certification factor
7 SIM card number 89860113811048802040 The safety enhancing certification factor
8 Unique identities identification code Androd4.2 The safety enhancing certification factor
202nd, checking gateway generation safety enhancing authentication code.
8 certification factors in the safety enhancing certification factor table for verifying gateway are combined into profit according to the collating sequence in table Use hash algorithm(MD5 algorithms can be used in the present embodiment)Generation length is fixed(Can be using MD5 algorithms generation 32 in the present embodiment Position)Safety enhancing authentication code, be stored in checking gateway safety certification table in, while safety enhancing authentication code storage it is in one's hands In machine safety certification table, when mobile phone prepares to access, the automatic critical data item read in mobile phone certification factor table, according to agreement The combination that puts in order, utilize hash algorithm(MD5 algorithms can be used in the present embodiment)Generation length is fixed(Can in the present embodiment 32 are generated using MD5 algorithms)Safety enhancing authentication code.
Tables of data content refers to following table.
Table 3 verifies gateway-safety certification table
Sequence number User name Safety enhancing authentication code
1 13911889771 6e1cf87a26568f3d6256e0d36b1f93ac
4 mobile phones of table-safety certification table
Sequence number User name Safety enhancing authentication code
1 13911889771 6e1cf87a26568f3d6256e0d36b1f93ac
203rd, mobile phone self-validation.
When mobile phone has network insertion demand, start the certification factor in client software, automatic reading certification factor table 1, And the IMEI number and SIM card number of mobile phone are obtained automatically, 8 certification factors are combined according to the collating sequence in table, Hash is utilized Algorithm(MD5 algorithms can be used in the present embodiment)Generation length is fixed(32 can be generated in the present embodiment using MD5 algorithms)'s Safety enhancing authentication code, safety enhancing authentication code and the mobile phone of generation are stored in the safety enhancing certification code-phase in safety certification table Matching, if identical, sends access application, otherwise points out self-validation failure.
204th, checking gateway is authenticated to mobile phone.
Cellphone subscriber's self-validation by while, send safety enhancing authentication code and user name to checking gateway, verify Gateway will receive data and the data match of itself storage, and identical therefore certification passes through, and government's internal network is linked successfully, Otherwise prompting secure accessing failure.
205th, cellphone subscriber's modification initial password.
In order to increase the security of cellphone subscriber's password, after network linking success, cellphone subscriber is actively(Or it is verified net Close and force)Change user in initial user password 889771, the present embodiment and original code is revised as 678901, it is new by what is changed Password is respectively stored into the certification factor table of checking gateway and cellphone subscriber.
Above example is flow when carrying out First Contact Connections, when being verified, and automatic prompting needs Modify password, Such as non-first time access E-gov Network, then E-gov Network is directly accessed after in double probate, without prompting modification user cipher; Once compare and differ during double probate, directly exit access, while pointing out failure cause.
The technical scheme of embodiments of the invention brings following beneficial effect:
1st, embodiments of the invention prove that this method is safe, reliably, realize simply, with very strong practical valency Value.
2nd, embodiments of the invention transmit user name and safety enhancing authentication code, the certification factor in verification process, simply And safety enhancing authentication code generating algorithm is transmitted not in verification process, the security of data is enhanced, even if terminal device It is tampered and copies, the method that can not also obtain generation safety enhancing authentication code has ensured the security of terminal device.
3rd, embodiments of the invention are in verification process, and user only knows the user name and user cipher of mobile phone, and real The safety enhancing authentication code of certification is participated in, user is ignorant, and which increase the security of terminal device access.
4th, the present invention by repeatedly interacting, register, safety strengthens the life of authentication code by negotiation mechanism completion terminal device Into work is waited, the method that double probate generates authentication code twice improves the stability and applicability of system, and be particularly suitable for use in shifting Authorization and identification under dynamic communication network.
5th, using mutual authentication method, in terminal device certification in itself, the efficiency of certification is improved, mitigates authentication gateway Certification pressure, improves authentication efficiency.
6th, embodiments of the invention are verified in verification process to mobile phone IMEI number, mobile phone SIM card number, once Mobile phone is lost, SIM cards of mobile phones is stolen, and by setting the manual confirmation mechanism bound again, mobile phone access will be unable to by recognizing Card, adds the security of government's internal network access.
7 thus embodiments of the invention using regular length hash algorithm encode out 32 safety enhancing authentication code, Quantity, the length of the certification factor do not influence the length of safety enhancing authentication code, solve current most of authentication gateways in certification During limitation to Password Length, multiple authentication is merged and is reduced to secondary checking, is recognized by reducing certification number of times and improving Speed is demonstrate,proved, and hash algorithm has very strong data compression effects in itself, is recognized by reducing network traffics during certification and improving Demonstrate,prove speed.
8th, embodiments of the invention be preferred to use regular length MD5 encode out safety enhancing authentication code, itself have very strong Data compression effects, improve certification speed by reducing network traffics during certification.
9th, embodiments of the invention are perfectly suitable for the multiple-factor certification of multiple factor compositions, it is preferred to use regular length Hash algorithm encode out safety enhancing authorization code so that each factor is interrelated, be mutually authenticated, improve the level of safety certification Not.
10th, assembly coding of the present invention based on the progress of the certification factor is generally applicable to all data class there is provided a kind of The data-encoding scheme of type, for random length, arbitrary data types can become the output of regular length, for difference Input value can not possibly export same coding, the features such as with one-way, anti-collision.
It will be understood by those skilled in the art that the certification factor and safety enhancing that are limited in the above embodiment of the present invention are recognized The card factor is not limited to item listed in each table, but can include the various key elements related to terminal device, as long as can Realize a kind of terminal device network security enhancing access and the authentication method of the present invention.
Those skilled in the art are further appreciated that mobile phone as terminal device only example, and terminal device can include Any wired or wireless electronic installation such as computer, mobile terminal, data card.Those skilled in the art are further appreciated that government Internal network is also only an example of security domain, and it is wired or wireless that any required access to terminal device is limited Network(Including but not limited to government network, civilian network, military network, industrial network, banking network, commercial network, education network Network)Can be security domain, as long as a kind of terminal device network security enhancing access that can be using the present invention and authentication method .
Those skilled in the art will also be appreciated that the various illustrative components, blocks that the embodiment of the present invention is listed (illustrative logical block), unit, and step can be by the knots of electronic hardware, computer software, or both Conjunction is realized.To clearly show that the replaceability of hardware and software(interchangeability), above-mentioned various explanations Property part(illustrative components), unit and step universally describe their function.Such work( Can be that the design requirement depending on specific application and whole system is realized by hardware or software.Those skilled in the art For every kind of specific application various methods can be used to realize described function, but this realization is understood not to The scope protected beyond the embodiment of the present invention.
Various illustrative logical blocks described in the embodiment of the present invention, or unit can by general processor, Digital signal processor, application specific integrated circuit(ASIC), field programmable gate array or other programmable logic devices, discrete gate Or the design of transistor logic, discrete hardware components, or any of the above described combination is come the function described by realizing or operate.General place It can be microprocessor to manage device, and alternatively, the general processor can also be any traditional processor, controller, microcontroller Device or state machine.Processor can also be realized by the combination of computing device, such as digital signal processor and microprocessor, Multi-microprocessor, one or more microprocessors combine a Digital Signal Processor Core, or any other like configuration To realize.
The step of method described in the embodiment of the present invention or algorithm can be directly embedded into hardware, computing device it is soft Part module or the combination of both.Software module can be stored in RAM memory, flash memory, ROM memory, EPROM storages Other any form of storage media in device, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this area In.Exemplarily, storage medium can be connected with processor, to allow processor to read information from storage medium, and Write information can be deposited to storage medium.Alternatively, storage medium can also be integrated into processor.Processor and storage medium can To be arranged in ASIC, ASIC can be arranged in user terminal.Alternatively, processor and storage medium can also be arranged at use In different parts in the terminal of family.
In one or more exemplary designs, above-mentioned functions described by the embodiment of the present invention can be in hardware, soft Part, firmware or any combination of this three are realized.If realized in software, these functions can be stored and computer-readable On medium, or with it is one or more instruction or code form be transmitted on the medium of computer-readable.Computer readable medium includes electricity Brain stores medium and is easy to so that allowing computer program to be transferred to other local telecommunication medias from a place.Storing medium can be with It is that any general or special computer can be with the useable medium of access.For example, such computer readable media can include but It is not limited to RAM, ROM, EEPROM, CD-ROM or other optical disc storage, disk storage or other magnetic storage devices, or other What can be used for carrying or store with instruct or data structure and it is other can be by general or special computer or general or specially treated Device reads the medium of the program code of form.In addition, any connection can be properly termed computer readable medium, example Such as, if software is to pass through a coaxial cable, fiber optic cables, double from web-site, server or other remote resources Twisted wire, Digital Subscriber Line(DSL)Or with defined in being also contained in of the wireless way for transmitting such as infrared, wireless and microwave In computer readable medium.Described disk(disk)And disk(disc)Including Zip disk, radium-shine disk, CD, DVD, floppy disk And Blu-ray Disc, disk is generally with magnetic duplication data, and disk generally carries out optical reproduction data with laser.Combinations of the above It can also be included in computer readable medium.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc. all should be included Within protection scope of the present invention.

Claims (9)

1. a kind of terminal device network security enhancing access and authentication method, for the terminal device authentication process of security domain, institute Stating security domain includes checking gateway, and terminal device network security enhancing access is characterised by with authentication method, including:
Terminal device access register step, in the registration step, choose terminal device Partial key Back ground Information as The storage of the certification factor is to checking gateway, and the process that the certification factor is stored to checking gateway calls registering;
Generation safety enhancing authentication code step, checking gateway according to the specific combination that puts in order, adopts the certification factor of storage With special computational methods generation safety enhancing authentication code, and the safety enhancing authentication code of generation is imparted in terminal device deposited Storage, terminal device application first reads the certification factor of itself storage using the combination that puts in order of agreement when accessing, while according to The specific calculations method of agreement, by the multiple certification factors read generation safety enhancing authentication code.Generation safety enhancing certification On the one hand the computational methods of code will have specific calculations method, and its length for strengthening authentication code safely is less than generation safety enhancing The total length of data of authentication code, quantity, the length of the certification factor do not influence the length of safety enhancing authentication code;On the other hand it is identical Calculate data difference put in order generation result of calculation it is different, its generate safety enhancing authentication code data arrangement combination Sequentially different, the safety enhancing authentication code of generation is also different, and safety enhancing authentication code computational methods use hash algorithm, pacify Full enhancing certification code bit number is not limited.
Terminal device strengthens safely authenticating step, and terminal device is first to own verification, and terminal device reads the part of itself storage The certification factor according to agreement the combination that puts in order, and using agreement specific calculations method generation safety enhancing authentication code with The safety enhancing authentication code of itself storage matches, if mismatching, points out self-validation failure, if matching sends access application, together When the safety enhancing authentication code that generates terminal device be sent to checking gateway, checking gateway receive safety enhancing authentication code with The safety enhancing authentication code matching of itself storage, matches identical, access network, otherwise points out access failure.
2. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described Step is registered in terminal device access to be included:
In the registration step, choose terminal device Partial key Back ground Information and arrive checking gateway as the storage of the certification factor, The storage of the certification factor is referred to as registering to the process of checking gateway, and registration does not limit online mode or offline mode, this Method supports the manual typing certification factor of checking gateway, at the same also support checking gateway obtain automatically the certification of terminal device because Son.
3. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described The step of generation safety enhancing authentication code, includes:
The certification factor of storage according to the specific combination that puts in order, safety is generated using special computational methods by checking gateway Strengthen authentication code, the safety enhancing authentication code storage of generation is into checking gateway, while the safety enhancing authentication code of generation is assigned Give in terminal device and storing, when terminal device application is accessed, the certification factor stored in automatic reading terminal equipment will be read To the certification factor according to agreement the combination that puts in order, through agreement computational methods generation safety enhancing authentication code.
4. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described Enhancing authenticating step includes terminal device safely:
Terminal device first reads the certification factor of itself storage when starting access application, put in order combination according to agreement, through spy Different computational methods generation safety enhancing authentication code, the safety enhancing authentication code of generation and the safety enhancing certification code-phase of itself storage Matching, difference prompting self-validation failure, if identical send access authentication application, the certification application of the access sent includes generation Safety enhancing authentication code, checking gateway receives certification application, by the safety enhancing authentication code received and the peace of itself storage Full enhancing authentication code matches, if matching checking gateway automatically accesses network, otherwise points out access failure.
5. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described Terminal device and checking gateway accessing two-way authentication are built, security can either be ensured, operation efficiency can be improved again;Terminal is set During standby each login authentication gateway, terminal device detects whether the safety enhancing authentication code of itself is correct, and terminal device is stored Many certification factors according to certain combination that puts in order, generation safety enhancing authentication code, the safety enhancing authentication code of generation with Whether the safety enhancing authentication code of itself storage is identical, identical directly to send access application, otherwise can not send access application, carry Show self-validation fail, checking gateway receive access application when checking terminal device carry safety enhancing authentication code whether with The safety enhancing authentication code of checking gateway storage matches.
6. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described The state of the certification factor, the certification factor for obtaining terminal device arrives authentication gateway, and the certification factor can be static fixation, can be with Dynamic change, can also it is existing it is static fixed have dynamic change again, if the certification factor comprising dynamic change, every time Terminal device application is linked into authentication gateway, and authentication gateway obtains terminal device enhancing authentication code safely, meets dynamic change rule Rule, sets up access accreditation.
7. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described Terminal device Self-certified method includes:
Terminal device is sent before access application, first itself is carried out preliminary certification to terminal device, is obtained the portion of terminal device Divide the certification factor for participating in certification, by the order permutation and combination of agreement, and it is safe using the specific calculations method generation of agreement Enhancing authentication code, the safety enhancing authentication code that the safety enhancing authentication code of generation is stored with itself matches, if fitting through certainly Certification success, otherwise points out Self-certified failure, and this authentication method reduces the checking pressure of checking gateway, improves checking net The verification efficiency of pass, self-validation is without using network traffics, and the content transmitted by reducing network authentication number of times and certification is improved Certification speed.
8. a kind of terminal device network security enhancing access as claimed in claim 4 and authentication method, it is characterised in that described Safety certifying method also includes secondary safety certification process, and once certification is preliminary certification, and preliminary certification is the peace of terminal device The certification of full enhancing authentication code, the authentication verification factor it is correct, in preliminary certification not in the case of, without secondary safety Strengthen access authentication, secondary safety enhancing access authentication is to verify gateway to terminal device identity validation certification again, automatic card Data on bright all terminal devices are all not tampered with, and the safety guarantee to terminal device network insertion is enhanced again.
9. a kind of terminal device network security enhancing access as claimed in claim 3 and authentication method, it is characterised in that described Terminal device does not store the generation safety enhancing computational methods of authentication code and putting in order for data, even if terminal device is tampered And copy, the method that can not also obtain generation safety enhancing authentication code, ensure the security of terminal device.
CN201510088042.XA 2015-02-26 2015-02-26 A kind of terminal device network security enhancing access and authentication method Active CN104601602B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510088042.XA CN104601602B (en) 2015-02-26 2015-02-26 A kind of terminal device network security enhancing access and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510088042.XA CN104601602B (en) 2015-02-26 2015-02-26 A kind of terminal device network security enhancing access and authentication method

Publications (2)

Publication Number Publication Date
CN104601602A CN104601602A (en) 2015-05-06
CN104601602B true CN104601602B (en) 2017-08-25

Family

ID=53127106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510088042.XA Active CN104601602B (en) 2015-02-26 2015-02-26 A kind of terminal device network security enhancing access and authentication method

Country Status (1)

Country Link
CN (1) CN104601602B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105142097A (en) * 2015-08-18 2015-12-09 中国联合网络通信集团有限公司 Method and system for realizing terminal access
CN105162798A (en) * 2015-09-24 2015-12-16 西安未来国际信息股份有限公司 Security authentication method for proprietary network access of intelligent terminal
CN106453232B (en) * 2016-08-09 2019-10-08 上海讯陌通讯技术有限公司 Auxiliary multi-user's authentication registration method and system based on mobile client identification module
CN108023865A (en) * 2016-10-28 2018-05-11 上海行邑信息科技有限公司 A kind of verification method
CN107733934A (en) * 2017-11-30 2018-02-23 成都航天科工大数据研究院有限公司 A kind of Industrial Equipment Networking secure access authentication method and the equipment for realizing this method
CN112702171B (en) * 2020-12-23 2021-10-15 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN113865023B (en) * 2021-09-26 2023-05-30 青岛海信日立空调系统有限公司 Multi-split air conditioning system
CN115459957A (en) * 2022-08-15 2022-12-09 广州江南科友科技股份有限公司 User-defined multi-authentication method, system, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001092999A2 (en) * 2000-05-26 2001-12-06 Citrix Systems, Inc. Secure exchange of an authentication token
CN103780397A (en) * 2014-02-25 2014-05-07 中国科学院信息工程研究所 Multi-screen multi-factor WEB identity authentication method convenient and fast to implement
CN104283886A (en) * 2014-10-14 2015-01-14 中国科学院信息工程研究所 Web safety access implementation method based on intelligent terminal local authentication
CN104363207A (en) * 2014-10-29 2015-02-18 北京成众志科技有限公司 Multi-factor security enhancement authorization and authentication method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001092999A2 (en) * 2000-05-26 2001-12-06 Citrix Systems, Inc. Secure exchange of an authentication token
CN103780397A (en) * 2014-02-25 2014-05-07 中国科学院信息工程研究所 Multi-screen multi-factor WEB identity authentication method convenient and fast to implement
CN104283886A (en) * 2014-10-14 2015-01-14 中国科学院信息工程研究所 Web safety access implementation method based on intelligent terminal local authentication
CN104363207A (en) * 2014-10-29 2015-02-18 北京成众志科技有限公司 Multi-factor security enhancement authorization and authentication method

Also Published As

Publication number Publication date
CN104601602A (en) 2015-05-06

Similar Documents

Publication Publication Date Title
CN104601602B (en) A kind of terminal device network security enhancing access and authentication method
CN111429254B (en) Business data processing method and device and readable storage medium
CN104539634B (en) A kind of method that mobile application security strengthens authorization and identification
CN102164141B (en) Method for protecting security of account
JP4861417B2 (en) Extended one-time password method and apparatus
CN104363207B (en) Multiple-factor strengthens safely authorization and identification method
CN103095659B (en) Account logon method and system in a kind of the Internet
CN107426235B (en) Authority authentication method, device and system based on equipment fingerprint
CN112989426B (en) Authorization authentication method and device, and resource access token acquisition method
CN1832401A (en) Method for protecting safety of account number cipher
CN101527634B (en) System and method for binding account information with certificates
CN103167491A (en) Authentication method of mobile terminal uniqueness based on software digital certificate
CN107846414A (en) A kind of single-point logging method and system, Centralized Authentication System
CN106488452A (en) A kind of mobile terminal safety access authentication method of combination fingerprint
CN110166453A (en) A kind of interface authentication method, system and storage medium based on SE chip
CN106453321A (en) Authentication server, system and method, and to-be-authenticated terminal
CN110445805A (en) A kind of false-proof authentication system and method for two dimensional code
CN110336807A (en) A kind of identity identifying method based on Web service, equipment and storage medium
CN107370599A (en) A kind of management method, the device and system of remote destroying private key
CN112667977A (en) Smart city-oriented block chain identity authentication and access control method and system
CN106506529A (en) A kind of mutual authentication method and system
CN111585762A (en) Server login authentication system based on zero-knowledge proof
CN106789069A (en) A kind of zero-knowledge status authentication method
CN110602083B (en) Secure transmission and storage method of digital identity authentication data
CN111641651A (en) Access verification method and device based on Hash chain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant