CN104601602B - A kind of terminal device network security enhancing access and authentication method - Google Patents
A kind of terminal device network security enhancing access and authentication method Download PDFInfo
- Publication number
- CN104601602B CN104601602B CN201510088042.XA CN201510088042A CN104601602B CN 104601602 B CN104601602 B CN 104601602B CN 201510088042 A CN201510088042 A CN 201510088042A CN 104601602 B CN104601602 B CN 104601602B
- Authority
- CN
- China
- Prior art keywords
- terminal device
- certification
- authentication code
- enhancing
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the present invention provides a kind of terminal device network security enhancing access and authentication method, including:Terminal device is registered on checking gateway, and checking gateway is by crucial log-on message according to special algorithm generation safety enhancing authentication code, the safety enhancing authentication code of checking gateway storage generation, while authentication code is imparted to terminal device.During terminal device network insertion, whether the safety enhancing authentication code that checking gateway authentication terminal device is provided is correct, to carry out safety certification to terminal device.The method of the present invention improves many certification factor transmission securities, reduces authentication data network traffic flow, reduces certification duration.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of terminal device network security enhancing access and authenticating party
Method.
Background technology
Authentication is an importance of safe practice, for differentiating user identity, limitation unauthorized users to access system
System resource.In any one safe network service, communication parties must be demonstrate,proved by some form of Authentication mechanism
Their bright identity, then could realize the access control for different user.Authentication is first of pass of security system
Card, user first passes around identity authorization system and recognizes whether its identity is consistent with what is declared before access system, Ran Houyou
Security system determines whether user is able to access that some resource according to the identity of user and pre-sales database.Once authentication system
System is broken, then all safety measures of system will perform practically no function.The target of assault is exactly often identity authorization system,
Perfect authentication system builds the authentication of a safety to safeguarding that network security is played a very important role
Model is very necessary.
Identification authentication mode main at present is broadly divided into three classes:(1) there was only the secret that the main body is known, it is usually used
The form of " user name+password ";Above- mentioned information is sent to authentication center by client, and authentication center is inquired about accordingly from database
, certification passes through if being consistent with the information that user provides.(2) article that main body possesses, such as mobile phone, intelligent terminal, intelligence
The physical medium such as card or USBKey, the scraps of paper;System validated user all holds a token can just pass through in authentication gateway, wherein producing
Raw or storage user personal parameter such as dynamic password, digital certificates etc..When user access resources, by physical medium
Certification identification language is sent to system by data.(3) there was only unique feature or ability that the main body has, such as fingerprint,
Pupil, sound etc.;Authenticating party according to extract the side of being certified some features come authenticating identity, typical feature such as fingerprint, iris,
DNA etc..
Pass through research, it is believed that:The main cause for now resulting in security incident is that main frame soft-hardware configuration has design
Leak and strict certification and authorization control are not carried out to user.What conventional security was taken precautions against focuses on to server and net
In the protection of network, and ignore the safety of terminal connector in itself.But most attack be all by terminal connector in itself
Caused by dangerous, so security system only is set up from the source that terminal is accessed, it is inside and outside to prevent constructing real peace altogether
Complete believable network environment.
The present inventor is on the basis of with reference to the characteristics of existing authentication techniques and trust computing, it is proposed that a kind of terminal device net
Enhancing is accessed and authentication method network safely.The basic thought of this method is the safety state information by assessing access terminal equipment
To implement NS software, before internal network service or resource is provided to terminal device, according to its identity authentication result and
Integrity state allows whether to access." hidden danger terminal " is abandoned outside network, one " clean ", " believable " is built
Network, so as to reduce the frequency of network safety event generation, improves the ability that network tackles security threat.
During the present invention is realized, inventor has found that the existing method to the access of terminal device network security is at least deposited
In following problem:1st, the certification factor of terminal device is more, and the information filled in contains title, type, proxy server, end
The input items such as mouth, user name, password, some proprietary term laymans do not know about or are difficult to understand for;2nd, traditional terminal is set
Standby security system such as host firewall, main frame bogusware etc. can be found that the potential safety hazard of system, carry out security evaluation, but nothing
Method controls the network access authority of the terminal, therefore can not also reduce the harm that dangerous terminal is caused to network.Present terminal
Equipment safety system only payes attention to protection local terminal and protects it from virus harm and network attack, but ignores the peace of terminal device
Full hidden danger influences whether the safety of whole network, Host Security is not brought into the field of network-wide security.3rd, it is traditional to prevent
Wall with flues, intrusion detection and virus prevention software for main composition information safety system to prevent attaching most importance to outside, it is impossible to effectively solution
The internal security as caused by dangerous terminal is threatened.4th, in verification process, the certification factor is directly exposed on network and is transmitted,
It is easy to be illegally accessed;5th, for having system or network compared with high safety requirement, security domain takes multiple-factor safety certification
Technology improves safety certification rank, and existing authorization and identification technology needs demo user to transmit all certification factors, for example
The multiple information such as user cipher, user characteristics value, system terminal medium, cause network traffics big, in the feelings that the network bandwidth is limited
Under condition, especially under mobile communications network, because authentication data transmission time is longer, to directly result in verification process time-consuming very long;
Compared with prior art, the present invention can effectively solve the problem that prior art can not carry out self-validation and resistance to terminal device
Only the problem of man-in-the-middle attack.Before contrast, in the present invention in the registration, access application, access authentication to terminal device
Aspect has obvious innovation.This method has obvious innovation in more conventional terminal device access way, employs multiple
The way of certification combinations of factors coding, the not certified transmission factor in verification process can more be effectively protected access safety, prevent
The certification factor is stolen, and secondly carries out re-authentication to the access authentication of terminal device, has ensured the access safety of terminal device,
Prevent go-between's stealing and usurping to access-in point information.
The content of the invention
The embodiment of the present invention provides a kind of terminal device network security enhancing access and authentication method, with right in security domain
Many certification factor transmission securities are improved when terminal device is authenticated, authentication data network traffic flow is reduced, certification is reduced
Duration.
According to the first aspect of the invention there is provided a kind of terminal device network security enhancing access and authentication method, it is used for
The verification process of the terminal device of security domain, the security domain includes checking gateway, terminal device network security enhancing access
Include with authentication method:
Step is registered in terminal device access, in the registration step, chooses terminal device Partial key Back ground Information
As certification factor storage to checking gateway, the process that the certification factor is stored to checking gateway calls registering;
Generation safety enhancing authentication code step, checking gateway is by the certification factor of storage according to the specific group that puts in order
Close, authentication code is strengthened using special computational methods generation safety, and the safety enhancing authentication code of generation is imparted to terminal setting
Standby middle storage, itself storage is first read in terminal device application certification factor when accessing uses the combination that puts in order arranged, together
When according to agreement specific calculations method, by the multiple certification factors read generation safety enhancing authentication code;
Terminal device strengthens safely authenticating step, and terminal device is first to own verification, and terminal device reads itself storage
The partial authentication factor according to agreement the combination that puts in order, and using agreement specific calculations method generation safety enhancing certification
Code and the safety enhancing authentication code of itself storage match, if mismatching, self-validation failure are pointed out, if matching sends access Shen
Please, while the safety enhancing authentication code that terminal device is generated is sent into checking gateway, checking gateway, which receives safety enhancing, to be recognized
The safety enhancing authentication code that card code is stored with itself is matched, and is matched identical, access network, is otherwise pointed out access failure.
A kind of terminal device network security enhancing access according to the second aspect of the invention and authentication method, the terminal
Step is registered in equipment access to be included:
In the registration step, terminal device Partial key Back ground Information is chosen as certification factor storage to checking net
Close, the process that the certification factor is stored to checking gateway calls registering, and registration does not limit online mode or offline side
Formula, this method supports the manual typing certification factor of checking gateway, while also supporting checking gateway to obtain recognizing for terminal device automatically
Demonstrate,prove the factor;
A kind of terminal device network security enhancing access according to the third aspect of the invention we and authentication method, the generation
The step of safety enhancing authentication code, includes:
Checking gateway according to the specific combination that puts in order, generates the certification factor of storage using special computational methods
Safety enhancing authentication code, the safety enhancing authentication code storage of generation is into checking gateway, while the safety enhancing certification of generation
Code is imparted in terminal device and stored, when terminal device application is accessed, the certification factor stored in automatic reading terminal equipment, will
The certification factor read is according to the combination that puts in order of agreement, the computational methods generation safety enhancing authentication code through agreement;
A kind of terminal device network security enhancing access according to the fourth aspect of the invention and authentication method, the terminal
Equipment safety enhancing authentication method includes:
Terminal device first reads the certification factor of itself storage when starting access application, put in order combination according to agreement,
Through specific calculations method generation safety enhancing authentication code, the safety enhancing authentication code of generation and the safety enhancing certification of itself storage
Code-phase is matched, difference prompting self-validation failure, if identical send access authentication application, the certification application of the access sent includes life
Into safety enhancing authentication code, checking gateway receive certification application, by receive safety enhancing authentication code with itself store
Safety enhancing authentication code match, if matching checking gateway automatically access network, otherwise point out access failure;
A kind of terminal device network security enhancing access according to the fifth aspect of the invention and authentication method, the structure
Terminal device and checking gateway accessing two-way authentication, can either ensure security, operation efficiency can be improved again.In terminal device
During each login authentication gateway, terminal device detects whether the safety enhancing authentication code of itself is correct, and terminal device is stored
Many certification factors are according to certain combination that puts in order, generation safety enhancing authentication code, the safety enhancing authentication code of generation with from
Whether the safety enhancing authentication code of body storage is identical, identical directly to send access application, otherwise can not send access application, point out
Self-validation fails, and whether the safety enhancing authentication code that checking gateway checking terminal device when receiving access application is carried is with testing
The safety enhancing authentication code of card gateway storage matches;
A kind of terminal device network security enhancing access according to the sixth aspect of the invention and authentication method, generation safety
On the one hand strengthen the computational methods of authentication code will have specific calculations method, i.e. the length of safety enhancing authentication code is less than generation
The total length of data of safety enhancing authentication code, quantity, the length of the certification factor do not influence the length of safety enhancing authentication code;It is another
The difference of aspect identical calculations data put in order generation result of calculation it is different, that is, generate safety enhancing authentication code data
Permutation and combination order is different, and the safety enhancing authentication code of generation is also different, and safety enhancing authentication code computational methods are preferably adopted
With hash algorithm, MD5, SHA scheduling algorithm are preferably used in hash algorithm, safety enhancing certification code bit number is not limited, preferably
32,64,128,256;
A kind of terminal device network security enhancing access according to the seventh aspect of the invention and authentication method, the certification
The state of the factor, obtains the certification factor of terminal device to authentication gateway, the certification factor can be static fixed, can be
State change, can also it is existing it is static fixed have dynamic change again, if the certification factor comprising dynamic change, each terminal
Equipment application is linked into authentication gateway, and authentication gateway obtains terminal device enhancing authentication code safely, meets dynamic rule, build
Vertical access accreditation;
A kind of terminal device network security enhancing access according to the eighth aspect of the invention and authentication method, the terminal
Equipment Self-certified method includes:
Terminal device is sent before access application, first itself is carried out preliminary certification to terminal device, is obtained terminal device
Subparticipation certification the certification factor, by the order permutation and combination of agreement, and using the specific calculations method generation of agreement
Safety enhancing authentication code, the safety enhancing authentication code that the safety enhancing authentication code of generation is stored with itself matches, if matching is logical
Self-certified success is crossed, Self-certified failure is otherwise pointed out, this authentication method reduces the checking pressure of checking gateway, improves and test
The verification efficiency of gateway is demonstrate,proved, self-validation is without using network traffics, by reducing the content that network authentication number of times and certification are transmitted
Improve certification speed.
A kind of terminal device network security enhancing access according to the ninth aspect of the invention and authentication method, the safety
Authentication method also includes secondary safety certification process, and once certification is preliminary certification, and preliminary certification increases for the safety of terminal device
Strong authentication code certification, the authentication verification factor it is correct, in preliminary certification not in the case of, without it is secondary safety strengthen
Access authentication, secondary safety enhancing access authentication is to verify that gateway, to terminal device identity validation certification again, proves institute automatically
There are the data on terminal device to be all not tampered with, the safety guarantee to terminal device network insertion is enhanced again.
A kind of terminal device network security enhancing access according to the tenth aspect of the invention and authentication method, the terminal
Equipment does not store the generation safety enhancing computational methods of authentication code and putting in order for data, even if terminal device is tampered and copied
Shellfish, the method that can not also obtain generation safety enhancing authentication code, has ensured the security of terminal device.
Above-mentioned technical proposal has the advantages that:1st, a kind of terminal device network security of the invention enhancing access with
Authentication method is in verification process, simply transmission user name and safely enhancing authentication code, and the certification factor, authentication code generating algorithm
Transmitted not in verification process, therefore enhance the security of terminal device network insertion, ensured the safety of the certification factor,
Even if terminal device is tampered and copied, the method that can not also obtain generation safety enhancing authentication code has ensured terminal device
Security.2nd, the present invention is perfectly suitable for the certification of multiple certification factors, by specific calculations method, encodes out safe enhancing
Authentication code causes each, and certification factor is interrelated, be mutually authenticated, and improves the rank of safety certification.3rd, the inventive method is preferably adopted
The safety enhancing authentication code of regular length is encoded out with hash algorithm, quantity, the length of the certification factor do not influence safety enhancing to recognize
Demonstrate,prove the length of code;Certification only needs the enhancing authentication code safely of certification respectively, and the content transmitted by reducing certification number of times and certification is carried
High certification speed, and hash algorithm has very strong data compression effects in itself, is carried by reducing network traffics during certification
High certification speed.4th, the present invention completes terminal device registration, safety enhancing authentication code by repeatedly interacting negotiation mechanism
The work such as generation, the method that double probate generates authentication code twice improves the stability and applicability of system, especially suitable
Authorization and identification under mobile communications network.5th, there is provided one kind is general based on the assembly coding that the certification factor is carried out by the present invention
All over the data-encoding scheme for being applied to all data types, identical coding, phase can not possibly be exported for different input values
With the different data arrangement order of input value can not possibly export identical coding, the features such as with one-way, anti-collision;6、
Present invention demonstrates that this method is safe, reliably, realize simply, with very strong practical value;7th, using two-way authentication
Method, in terminal device certification in itself, improves the efficiency of certification, mitigates the certification pressure of authentication gateway, improves certification effect
Rate.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
A kind of terminal device network security enhancing accesses and the overview flow chart of authentication method of the Fig. 1 for the present invention.
The procedure chart that Fig. 2 accesses for the terminal device network security enhancing of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
A kind of terminal device network security enhancing accesses and the overview flow chart of authentication method of the Fig. 1 for the present invention.
A kind of terminal device network security enhancing access of the invention shown in Fig. 1 is used for the end of security domain with authentication method
End equipment verification process, the security domain includes checking gateway.A kind of terminal device network security enhancing access and authenticating party
Method includes:
101st, step is registered in terminal device access
In the registration step, terminal device Partial key Back ground Information is chosen as certification factor storage to checking net
Close, the process that the certification factor is stored to checking gateway calls registering;
102nd, safety enhancing authentication code step is generated
Checking gateway according to the specific combination that puts in order, generates the certification factor of storage using special computational methods
Safety enhancing authentication code, and the safety enhancing authentication code of generation is imparted to storage in terminal device, terminal device application access
When first read the certification factor of itself storage using the combination that puts in order of agreement, while according to the specific calculations method of agreement,
By the multiple certification factors read generation safety enhancing authentication code;
103rd, terminal device strengthens safely authenticating step
Terminal device is first to own verification, and terminal device reads the partial authentication factor of itself storage according to the arrangement of agreement
Sequential combination, and authentication code and the safety enhancing certification of itself storage are strengthened using the safety of the specific calculations method generation of agreement
Code-phase is matched, if mismatching, and points out self-validation failure, if matching sends access application, while the safety that terminal device is generated
Enhancing authentication code is sent to checking gateway, and checking gateway receives safety enhancing authentication code and the safety enhancing certification of itself storage
Code matching, matches identical, access network, otherwise points out access failure.
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
Stating terminal device access registration step includes:
In the registration step, terminal device Partial key Back ground Information is chosen as certification factor storage to checking net
Close, the process that the certification factor is stored to checking gateway calls registering, and registration does not limit online mode or offline side
Formula, this method supports the manual typing certification factor of checking gateway, while also supporting checking gateway to obtain recognizing for terminal device automatically
Demonstrate,prove the factor;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
The step of stating generation safety enhancing authentication code includes:
Checking gateway according to the specific combination that puts in order, generates the certification factor of storage using special computational methods
Safety enhancing authentication code, the safety enhancing authentication code storage of generation is into checking gateway, while the safety enhancing certification of generation
Code is imparted in terminal device and stored, when terminal device application is accessed, the certification factor stored in automatic reading terminal equipment, will
The certification factor read is according to the combination that puts in order of agreement, the computational methods generation safety enhancing authentication code through agreement;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
Stating terminal device, enhancing authentication method includes safely:
Terminal device first reads the certification factor of itself storage when starting access application, put in order combination according to agreement,
Through specific calculations method generation safety enhancing authentication code, the safety enhancing authentication code of generation and the safety enhancing certification of itself storage
Code-phase is matched, difference prompting self-validation failure, if identical send access authentication application, the certification application of the access sent includes life
Into safety enhancing authentication code, checking gateway receive certification application, by receive safety enhancing authentication code with itself store
Safety enhancing authentication code match, if matching checking gateway automatically access network, otherwise point out access failure;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
Structure terminal device and checking gateway accessing two-way authentication are stated, security can either be ensured, operation efficiency can be improved again.At end
During each login authentication gateway of end equipment, terminal device detects whether the safety enhancing authentication code of itself is correct, by terminal device
Many certification factors of storage are according to certain combination that puts in order, generation safety enhancing authentication code, the safety enhancing certification of generation
Whether code is identical with the safety enhancing authentication code of itself storage, identical directly to send access application, otherwise can not send access Shen
Please, prompting self-validation failure, the safety enhancing authentication code that checking gateway checking terminal device when receiving access application is carried
The safety enhancing authentication code whether stored with checking gateway matches;
Preferably, it is raw in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1
On the one hand the computational methods for strengthening authentication code into safety will have specific calculations method, i.e. the length of safety enhancing authentication code is small
In the total length of data of generation safety enhancing authentication code, quantity, the length of the certification factor do not influence the length of safety enhancing authentication code
Degree;The difference of another aspect identical calculations data put in order generation result of calculation it is different, that is, generate safety enhancing certification
The data arrangement built-up sequence of code is different, and the safety enhancing authentication code of generation is also different, safety enhancing authentication code calculating side
Method, which is preferred to use in hash algorithm, hash algorithm, preferably uses MD5, SHA scheduling algorithm, and safety enhancing certification code bit number is unrestricted
It is fixed, preferably 32,64,128,256;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
The state of the certification factor is stated, the certification factor of terminal device is obtained to authentication gateway, the certification factor can be that static state is fixed, can
To be dynamic change, can also it is existing it is static fixed have dynamic change again, if the certification factor comprising dynamic change, often
Secondary terminal device application is linked into authentication gateway, and authentication gateway obtains terminal device enhancing authentication code safely, meets dynamic change
Rule, sets up access accreditation;
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
Stating terminal device Self-certified method includes:
Terminal device is sent before access application, first itself is carried out preliminary certification to terminal device, is obtained terminal device
Subparticipation certification the certification factor, by the order permutation and combination of agreement, and using the specific calculations method generation of agreement
Safety enhancing authentication code, the safety enhancing authentication code that the safety enhancing authentication code of generation is stored with itself matches, if matching is logical
Self-certified success is crossed, Self-certified failure is otherwise pointed out, this authentication method reduces the checking pressure of checking gateway, improves and test
The verification efficiency of gateway is demonstrate,proved, self-validation is without using network traffics, by reducing the content that network authentication number of times and certification are transmitted
Improve certification speed.
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
Stating safety certifying method also includes secondary safety certification process, and once certification is preliminary certification, and preliminary certification is terminal device
Safety enhancing authentication code certification, the authentication verification factor it is correct, in preliminary certification not in the case of, without secondary peace
Full enhancing access authentication, secondary safety enhancing access authentication is checking gateway to terminal device identity validation certification again, automatically
Prove that the data on all terminal devices are all not tampered with, the safety guarantee to terminal device network insertion is enhanced again.
Preferably, in a kind of terminal device network security enhancing access and authentication method of the invention shown in Fig. 1, institute
State terminal device and do not store the generation safety enhancing computational methods of authentication code and putting in order for data, even if terminal device is usurped
Change and copy, the method that can not also obtain generation safety enhancing authentication code has ensured the security of terminal device.
A kind of terminal device network security enhancing access of the present invention has the advantages that with authentication method:1st, it is of the invention
A kind of terminal device network security enhancing access with authentication method in verification process, simply transmit user name and safety strengthen
Authentication code, and the certification factor, authentication code generating algorithm are transmitted not in verification process, therefore enhance terminal device network and connect
The security entered, has ensured the safety of the certification factor, even if terminal device is tampered and copied, and can not also obtain generation safety and increase
The method of strong authentication code, has ensured the security of terminal device.2nd, the present invention is perfectly suitable for the certification of multiple certification factors,
By specific calculations method, encode out safety enhancing authentication code so that each certification factor is interrelated, be mutually authenticated, improve peace
The rank of full certification.3rd, the inventive method is preferred to use the safety enhancing authentication code that hash algorithm encodes out regular length, certification
Quantity, the length of the factor do not influence the length of safety enhancing authentication code;Certification only needs certification respectively enhancing authentication code and peace safely
Full enhancing authentication code, the content transmitted by reducing certification number of times and certification improves certification speed, and hash algorithm is in itself
There are very strong data compression effects, certification speed is improved by reducing network traffics during certification.4th, the present invention is by multiple
Interaction negotiation mechanism completes the work such as terminal device registration, the generation of safety enhancing authentication code, and double probate is generated twice
The method of authentication code, improves the authorization and identification under the stability and applicability of system, the mobile communications network that is particularly suitable for use in.
5th, there is provided a kind of data volume for being generally applicable to all data types based on the assembly coding that the certification factor is carried out by the present invention
Code method, can not possibly export identical coding, the different data arrangement order of identical input value is not for different input values
Identical coding may be exported, the features such as with one-way, anti-collision;6th, present invention demonstrates that this method is safe, reliably
, realize simply, with very strong practical value;7th, using mutual authentication method, in terminal device certification in itself, improve
The efficiency of certification, mitigates the certification pressure of authentication gateway, improves authentication efficiency.
The above-mentioned technical proposal of the present invention is described in detail below in conjunction with Application Example:
Embodiment application scenarios are:Terminal device(Mobile phone)Government's internal network is accessed by Security of Mobile Communication Network
Safety enhancing access authentication.It is responsible for realizing that mobile phone accesses government's internal network by Security of Mobile Communication Network in the present embodiment
Client software is terminal device;It is checking net to be responsible for carrying out terminal device the background system of access authentication and access-in management
Close.Access and authentication method, a complete access authentication procedure are strengthened based on terminal device network security proposed by the present invention
It is as follows:
201st, the registration process of mobile phone.
Cellphone subscriber's registration is carried out by background management system, registration mode can be that online mode can also be
Offline mode, the inventive method does not do any restriction to registration mode, and the present embodiment is introduced using online registration mode.
The automatic certifying key factor for obtaining mobile phone essential information on checking gateway, to terminal device before checking gateway registration information
Progress registration confirmation is sent, user confirms registration, and background management system can carry out phone user information registration;Not
The cellphone subscriber succeeded in registration does not store any cellphone subscriber's certification factor, cellphone subscriber after only succeeding in registration in checking gateway
Background management system can be linked into.The crucial essential information of the cellphone subscriber of registration includes name, organization mechanism code, tissue
Organization names, cell-phone number, SIM card sequence number, terminal device string number(IMEI number), user cipher, operating system version, Wei Yishen
Part identification code etc., the crucial essential information of mobile telephone registration is stored into mobile phone certification factor table.Verify the mobile phone that gateway is obtained
The certifying key factor includes name, cell-phone number, user cipher, organization mechanism code, organization's title, SIM card sequence number, end
End equipment string number(IMEI number), store it in checking gateway authentication factor table.
Table 1 below is the initial authentication factor table of mobile phone, and table 2 is the certification factor table of checking gateway.In the present embodiment,
Data in the table are as follows:
1 mobile phone of table-certification factor table
Name | Ding Aimin |
Cell-phone number | 13911889771 |
User cipher | 889771 |
Organization mechanism code | 08052849-6 |
Organization's title | Beijing Cheng Zhongzhi Science and Technology Ltd.s |
IMEI number | 354439062668126 |
SIM card number | 89860113811048802040 |
Operating system version | Androd4.2 |
Unique identities identification code | 1234567 |
Table 2 verifies gateway-certification factor table
Sequence number | Data item | Value | Data type |
1 | Name | Ding Aimin | The safety enhancing certification factor |
2 | Cell-phone number | 13911889771 | The safety enhancing certification factor |
3 | User cipher | 889771 | The safety enhancing certification factor |
4 | Organization mechanism code | 08052849-6 | The safety enhancing certification factor |
5 | Organization's title | Beijing Cheng Zhongzhi Science and Technology Ltd.s | The safety enhancing certification factor |
6 | IMEI number | 354439062668126 | The safety enhancing certification factor |
7 | SIM card number | 89860113811048802040 | The safety enhancing certification factor |
8 | Unique identities identification code | Androd4.2 | The safety enhancing certification factor |
202nd, checking gateway generation safety enhancing authentication code.
8 certification factors in the safety enhancing certification factor table for verifying gateway are combined into profit according to the collating sequence in table
Use hash algorithm(MD5 algorithms can be used in the present embodiment)Generation length is fixed(Can be using MD5 algorithms generation 32 in the present embodiment
Position)Safety enhancing authentication code, be stored in checking gateway safety certification table in, while safety enhancing authentication code storage it is in one's hands
In machine safety certification table, when mobile phone prepares to access, the automatic critical data item read in mobile phone certification factor table, according to agreement
The combination that puts in order, utilize hash algorithm(MD5 algorithms can be used in the present embodiment)Generation length is fixed(Can in the present embodiment
32 are generated using MD5 algorithms)Safety enhancing authentication code.
Tables of data content refers to following table.
Table 3 verifies gateway-safety certification table
Sequence number | User name | Safety enhancing authentication code |
1 | 13911889771 | 6e1cf87a26568f3d6256e0d36b1f93ac |
4 mobile phones of table-safety certification table
Sequence number | User name | Safety enhancing authentication code |
1 | 13911889771 | 6e1cf87a26568f3d6256e0d36b1f93ac |
203rd, mobile phone self-validation.
When mobile phone has network insertion demand, start the certification factor in client software, automatic reading certification factor table 1,
And the IMEI number and SIM card number of mobile phone are obtained automatically, 8 certification factors are combined according to the collating sequence in table, Hash is utilized
Algorithm(MD5 algorithms can be used in the present embodiment)Generation length is fixed(32 can be generated in the present embodiment using MD5 algorithms)'s
Safety enhancing authentication code, safety enhancing authentication code and the mobile phone of generation are stored in the safety enhancing certification code-phase in safety certification table
Matching, if identical, sends access application, otherwise points out self-validation failure.
204th, checking gateway is authenticated to mobile phone.
Cellphone subscriber's self-validation by while, send safety enhancing authentication code and user name to checking gateway, verify
Gateway will receive data and the data match of itself storage, and identical therefore certification passes through, and government's internal network is linked successfully,
Otherwise prompting secure accessing failure.
205th, cellphone subscriber's modification initial password.
In order to increase the security of cellphone subscriber's password, after network linking success, cellphone subscriber is actively(Or it is verified net
Close and force)Change user in initial user password 889771, the present embodiment and original code is revised as 678901, it is new by what is changed
Password is respectively stored into the certification factor table of checking gateway and cellphone subscriber.
Above example is flow when carrying out First Contact Connections, when being verified, and automatic prompting needs Modify password,
Such as non-first time access E-gov Network, then E-gov Network is directly accessed after in double probate, without prompting modification user cipher;
Once compare and differ during double probate, directly exit access, while pointing out failure cause.
The technical scheme of embodiments of the invention brings following beneficial effect:
1st, embodiments of the invention prove that this method is safe, reliably, realize simply, with very strong practical valency
Value.
2nd, embodiments of the invention transmit user name and safety enhancing authentication code, the certification factor in verification process, simply
And safety enhancing authentication code generating algorithm is transmitted not in verification process, the security of data is enhanced, even if terminal device
It is tampered and copies, the method that can not also obtain generation safety enhancing authentication code has ensured the security of terminal device.
3rd, embodiments of the invention are in verification process, and user only knows the user name and user cipher of mobile phone, and real
The safety enhancing authentication code of certification is participated in, user is ignorant, and which increase the security of terminal device access.
4th, the present invention by repeatedly interacting, register, safety strengthens the life of authentication code by negotiation mechanism completion terminal device
Into work is waited, the method that double probate generates authentication code twice improves the stability and applicability of system, and be particularly suitable for use in shifting
Authorization and identification under dynamic communication network.
5th, using mutual authentication method, in terminal device certification in itself, the efficiency of certification is improved, mitigates authentication gateway
Certification pressure, improves authentication efficiency.
6th, embodiments of the invention are verified in verification process to mobile phone IMEI number, mobile phone SIM card number, once
Mobile phone is lost, SIM cards of mobile phones is stolen, and by setting the manual confirmation mechanism bound again, mobile phone access will be unable to by recognizing
Card, adds the security of government's internal network access.
7 thus embodiments of the invention using regular length hash algorithm encode out 32 safety enhancing authentication code,
Quantity, the length of the certification factor do not influence the length of safety enhancing authentication code, solve current most of authentication gateways in certification
During limitation to Password Length, multiple authentication is merged and is reduced to secondary checking, is recognized by reducing certification number of times and improving
Speed is demonstrate,proved, and hash algorithm has very strong data compression effects in itself, is recognized by reducing network traffics during certification and improving
Demonstrate,prove speed.
8th, embodiments of the invention be preferred to use regular length MD5 encode out safety enhancing authentication code, itself have very strong
Data compression effects, improve certification speed by reducing network traffics during certification.
9th, embodiments of the invention are perfectly suitable for the multiple-factor certification of multiple factor compositions, it is preferred to use regular length
Hash algorithm encode out safety enhancing authorization code so that each factor is interrelated, be mutually authenticated, improve the level of safety certification
Not.
10th, assembly coding of the present invention based on the progress of the certification factor is generally applicable to all data class there is provided a kind of
The data-encoding scheme of type, for random length, arbitrary data types can become the output of regular length, for difference
Input value can not possibly export same coding, the features such as with one-way, anti-collision.
It will be understood by those skilled in the art that the certification factor and safety enhancing that are limited in the above embodiment of the present invention are recognized
The card factor is not limited to item listed in each table, but can include the various key elements related to terminal device, as long as can
Realize a kind of terminal device network security enhancing access and the authentication method of the present invention.
Those skilled in the art are further appreciated that mobile phone as terminal device only example, and terminal device can include
Any wired or wireless electronic installation such as computer, mobile terminal, data card.Those skilled in the art are further appreciated that government
Internal network is also only an example of security domain, and it is wired or wireless that any required access to terminal device is limited
Network(Including but not limited to government network, civilian network, military network, industrial network, banking network, commercial network, education network
Network)Can be security domain, as long as a kind of terminal device network security enhancing access that can be using the present invention and authentication method
.
Those skilled in the art will also be appreciated that the various illustrative components, blocks that the embodiment of the present invention is listed
(illustrative logical block), unit, and step can be by the knots of electronic hardware, computer software, or both
Conjunction is realized.To clearly show that the replaceability of hardware and software(interchangeability), above-mentioned various explanations
Property part(illustrative components), unit and step universally describe their function.Such work(
Can be that the design requirement depending on specific application and whole system is realized by hardware or software.Those skilled in the art
For every kind of specific application various methods can be used to realize described function, but this realization is understood not to
The scope protected beyond the embodiment of the present invention.
Various illustrative logical blocks described in the embodiment of the present invention, or unit can by general processor,
Digital signal processor, application specific integrated circuit(ASIC), field programmable gate array or other programmable logic devices, discrete gate
Or the design of transistor logic, discrete hardware components, or any of the above described combination is come the function described by realizing or operate.General place
It can be microprocessor to manage device, and alternatively, the general processor can also be any traditional processor, controller, microcontroller
Device or state machine.Processor can also be realized by the combination of computing device, such as digital signal processor and microprocessor,
Multi-microprocessor, one or more microprocessors combine a Digital Signal Processor Core, or any other like configuration
To realize.
The step of method described in the embodiment of the present invention or algorithm can be directly embedded into hardware, computing device it is soft
Part module or the combination of both.Software module can be stored in RAM memory, flash memory, ROM memory, EPROM storages
Other any form of storage media in device, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this area
In.Exemplarily, storage medium can be connected with processor, to allow processor to read information from storage medium, and
Write information can be deposited to storage medium.Alternatively, storage medium can also be integrated into processor.Processor and storage medium can
To be arranged in ASIC, ASIC can be arranged in user terminal.Alternatively, processor and storage medium can also be arranged at use
In different parts in the terminal of family.
In one or more exemplary designs, above-mentioned functions described by the embodiment of the present invention can be in hardware, soft
Part, firmware or any combination of this three are realized.If realized in software, these functions can be stored and computer-readable
On medium, or with it is one or more instruction or code form be transmitted on the medium of computer-readable.Computer readable medium includes electricity
Brain stores medium and is easy to so that allowing computer program to be transferred to other local telecommunication medias from a place.Storing medium can be with
It is that any general or special computer can be with the useable medium of access.For example, such computer readable media can include but
It is not limited to RAM, ROM, EEPROM, CD-ROM or other optical disc storage, disk storage or other magnetic storage devices, or other
What can be used for carrying or store with instruct or data structure and it is other can be by general or special computer or general or specially treated
Device reads the medium of the program code of form.In addition, any connection can be properly termed computer readable medium, example
Such as, if software is to pass through a coaxial cable, fiber optic cables, double from web-site, server or other remote resources
Twisted wire, Digital Subscriber Line(DSL)Or with defined in being also contained in of the wireless way for transmitting such as infrared, wireless and microwave
In computer readable medium.Described disk(disk)And disk(disc)Including Zip disk, radium-shine disk, CD, DVD, floppy disk
And Blu-ray Disc, disk is generally with magnetic duplication data, and disk generally carries out optical reproduction data with laser.Combinations of the above
It can also be included in computer readable medium.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention
Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc. all should be included
Within protection scope of the present invention.
Claims (9)
1. a kind of terminal device network security enhancing access and authentication method, for the terminal device authentication process of security domain, institute
Stating security domain includes checking gateway, and terminal device network security enhancing access is characterised by with authentication method, including:
Terminal device access register step, in the registration step, choose terminal device Partial key Back ground Information as
The storage of the certification factor is to checking gateway, and the process that the certification factor is stored to checking gateway calls registering;
Generation safety enhancing authentication code step, checking gateway according to the specific combination that puts in order, adopts the certification factor of storage
With special computational methods generation safety enhancing authentication code, and the safety enhancing authentication code of generation is imparted in terminal device deposited
Storage, terminal device application first reads the certification factor of itself storage using the combination that puts in order of agreement when accessing, while according to
The specific calculations method of agreement, by the multiple certification factors read generation safety enhancing authentication code.Generation safety enhancing certification
On the one hand the computational methods of code will have specific calculations method, and its length for strengthening authentication code safely is less than generation safety enhancing
The total length of data of authentication code, quantity, the length of the certification factor do not influence the length of safety enhancing authentication code;On the other hand it is identical
Calculate data difference put in order generation result of calculation it is different, its generate safety enhancing authentication code data arrangement combination
Sequentially different, the safety enhancing authentication code of generation is also different, and safety enhancing authentication code computational methods use hash algorithm, pacify
Full enhancing certification code bit number is not limited.
Terminal device strengthens safely authenticating step, and terminal device is first to own verification, and terminal device reads the part of itself storage
The certification factor according to agreement the combination that puts in order, and using agreement specific calculations method generation safety enhancing authentication code with
The safety enhancing authentication code of itself storage matches, if mismatching, points out self-validation failure, if matching sends access application, together
When the safety enhancing authentication code that generates terminal device be sent to checking gateway, checking gateway receive safety enhancing authentication code with
The safety enhancing authentication code matching of itself storage, matches identical, access network, otherwise points out access failure.
2. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described
Step is registered in terminal device access to be included:
In the registration step, choose terminal device Partial key Back ground Information and arrive checking gateway as the storage of the certification factor,
The storage of the certification factor is referred to as registering to the process of checking gateway, and registration does not limit online mode or offline mode, this
Method supports the manual typing certification factor of checking gateway, at the same also support checking gateway obtain automatically the certification of terminal device because
Son.
3. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described
The step of generation safety enhancing authentication code, includes:
The certification factor of storage according to the specific combination that puts in order, safety is generated using special computational methods by checking gateway
Strengthen authentication code, the safety enhancing authentication code storage of generation is into checking gateway, while the safety enhancing authentication code of generation is assigned
Give in terminal device and storing, when terminal device application is accessed, the certification factor stored in automatic reading terminal equipment will be read
To the certification factor according to agreement the combination that puts in order, through agreement computational methods generation safety enhancing authentication code.
4. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described
Enhancing authenticating step includes terminal device safely:
Terminal device first reads the certification factor of itself storage when starting access application, put in order combination according to agreement, through spy
Different computational methods generation safety enhancing authentication code, the safety enhancing authentication code of generation and the safety enhancing certification code-phase of itself storage
Matching, difference prompting self-validation failure, if identical send access authentication application, the certification application of the access sent includes generation
Safety enhancing authentication code, checking gateway receives certification application, by the safety enhancing authentication code received and the peace of itself storage
Full enhancing authentication code matches, if matching checking gateway automatically accesses network, otherwise points out access failure.
5. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described
Terminal device and checking gateway accessing two-way authentication are built, security can either be ensured, operation efficiency can be improved again;Terminal is set
During standby each login authentication gateway, terminal device detects whether the safety enhancing authentication code of itself is correct, and terminal device is stored
Many certification factors according to certain combination that puts in order, generation safety enhancing authentication code, the safety enhancing authentication code of generation with
Whether the safety enhancing authentication code of itself storage is identical, identical directly to send access application, otherwise can not send access application, carry
Show self-validation fail, checking gateway receive access application when checking terminal device carry safety enhancing authentication code whether with
The safety enhancing authentication code of checking gateway storage matches.
6. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described
The state of the certification factor, the certification factor for obtaining terminal device arrives authentication gateway, and the certification factor can be static fixation, can be with
Dynamic change, can also it is existing it is static fixed have dynamic change again, if the certification factor comprising dynamic change, every time
Terminal device application is linked into authentication gateway, and authentication gateway obtains terminal device enhancing authentication code safely, meets dynamic change rule
Rule, sets up access accreditation.
7. a kind of terminal device network security enhancing access as claimed in claim 1 and authentication method, it is characterised in that described
Terminal device Self-certified method includes:
Terminal device is sent before access application, first itself is carried out preliminary certification to terminal device, is obtained the portion of terminal device
Divide the certification factor for participating in certification, by the order permutation and combination of agreement, and it is safe using the specific calculations method generation of agreement
Enhancing authentication code, the safety enhancing authentication code that the safety enhancing authentication code of generation is stored with itself matches, if fitting through certainly
Certification success, otherwise points out Self-certified failure, and this authentication method reduces the checking pressure of checking gateway, improves checking net
The verification efficiency of pass, self-validation is without using network traffics, and the content transmitted by reducing network authentication number of times and certification is improved
Certification speed.
8. a kind of terminal device network security enhancing access as claimed in claim 4 and authentication method, it is characterised in that described
Safety certifying method also includes secondary safety certification process, and once certification is preliminary certification, and preliminary certification is the peace of terminal device
The certification of full enhancing authentication code, the authentication verification factor it is correct, in preliminary certification not in the case of, without secondary safety
Strengthen access authentication, secondary safety enhancing access authentication is to verify gateway to terminal device identity validation certification again, automatic card
Data on bright all terminal devices are all not tampered with, and the safety guarantee to terminal device network insertion is enhanced again.
9. a kind of terminal device network security enhancing access as claimed in claim 3 and authentication method, it is characterised in that described
Terminal device does not store the generation safety enhancing computational methods of authentication code and putting in order for data, even if terminal device is tampered
And copy, the method that can not also obtain generation safety enhancing authentication code, ensure the security of terminal device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510088042.XA CN104601602B (en) | 2015-02-26 | 2015-02-26 | A kind of terminal device network security enhancing access and authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510088042.XA CN104601602B (en) | 2015-02-26 | 2015-02-26 | A kind of terminal device network security enhancing access and authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104601602A CN104601602A (en) | 2015-05-06 |
CN104601602B true CN104601602B (en) | 2017-08-25 |
Family
ID=53127106
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510088042.XA Active CN104601602B (en) | 2015-02-26 | 2015-02-26 | A kind of terminal device network security enhancing access and authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104601602B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105142097A (en) * | 2015-08-18 | 2015-12-09 | 中国联合网络通信集团有限公司 | Method and system for realizing terminal access |
CN105162798A (en) * | 2015-09-24 | 2015-12-16 | 西安未来国际信息股份有限公司 | Security authentication method for proprietary network access of intelligent terminal |
CN106453232B (en) * | 2016-08-09 | 2019-10-08 | 上海讯陌通讯技术有限公司 | Auxiliary multi-user's authentication registration method and system based on mobile client identification module |
CN108023865A (en) * | 2016-10-28 | 2018-05-11 | 上海行邑信息科技有限公司 | A kind of verification method |
CN107733934A (en) * | 2017-11-30 | 2018-02-23 | 成都航天科工大数据研究院有限公司 | A kind of Industrial Equipment Networking secure access authentication method and the equipment for realizing this method |
CN112702171B (en) * | 2020-12-23 | 2021-10-15 | 北京航空航天大学 | Distributed identity authentication method facing edge gateway |
CN113865023B (en) * | 2021-09-26 | 2023-05-30 | 青岛海信日立空调系统有限公司 | Multi-split air conditioning system |
CN115459957A (en) * | 2022-08-15 | 2022-12-09 | 广州江南科友科技股份有限公司 | User-defined multi-authentication method, system, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001092999A2 (en) * | 2000-05-26 | 2001-12-06 | Citrix Systems, Inc. | Secure exchange of an authentication token |
CN103780397A (en) * | 2014-02-25 | 2014-05-07 | 中国科学院信息工程研究所 | Multi-screen multi-factor WEB identity authentication method convenient and fast to implement |
CN104283886A (en) * | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | Web safety access implementation method based on intelligent terminal local authentication |
CN104363207A (en) * | 2014-10-29 | 2015-02-18 | 北京成众志科技有限公司 | Multi-factor security enhancement authorization and authentication method |
-
2015
- 2015-02-26 CN CN201510088042.XA patent/CN104601602B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001092999A2 (en) * | 2000-05-26 | 2001-12-06 | Citrix Systems, Inc. | Secure exchange of an authentication token |
CN103780397A (en) * | 2014-02-25 | 2014-05-07 | 中国科学院信息工程研究所 | Multi-screen multi-factor WEB identity authentication method convenient and fast to implement |
CN104283886A (en) * | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | Web safety access implementation method based on intelligent terminal local authentication |
CN104363207A (en) * | 2014-10-29 | 2015-02-18 | 北京成众志科技有限公司 | Multi-factor security enhancement authorization and authentication method |
Also Published As
Publication number | Publication date |
---|---|
CN104601602A (en) | 2015-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104601602B (en) | A kind of terminal device network security enhancing access and authentication method | |
CN111429254B (en) | Business data processing method and device and readable storage medium | |
CN104539634B (en) | A kind of method that mobile application security strengthens authorization and identification | |
CN102164141B (en) | Method for protecting security of account | |
JP4861417B2 (en) | Extended one-time password method and apparatus | |
CN104363207B (en) | Multiple-factor strengthens safely authorization and identification method | |
CN103095659B (en) | Account logon method and system in a kind of the Internet | |
CN107426235B (en) | Authority authentication method, device and system based on equipment fingerprint | |
CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
CN1832401A (en) | Method for protecting safety of account number cipher | |
CN101527634B (en) | System and method for binding account information with certificates | |
CN103167491A (en) | Authentication method of mobile terminal uniqueness based on software digital certificate | |
CN107846414A (en) | A kind of single-point logging method and system, Centralized Authentication System | |
CN106488452A (en) | A kind of mobile terminal safety access authentication method of combination fingerprint | |
CN110166453A (en) | A kind of interface authentication method, system and storage medium based on SE chip | |
CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
CN110445805A (en) | A kind of false-proof authentication system and method for two dimensional code | |
CN110336807A (en) | A kind of identity identifying method based on Web service, equipment and storage medium | |
CN107370599A (en) | A kind of management method, the device and system of remote destroying private key | |
CN112667977A (en) | Smart city-oriented block chain identity authentication and access control method and system | |
CN106506529A (en) | A kind of mutual authentication method and system | |
CN111585762A (en) | Server login authentication system based on zero-knowledge proof | |
CN106789069A (en) | A kind of zero-knowledge status authentication method | |
CN110602083B (en) | Secure transmission and storage method of digital identity authentication data | |
CN111641651A (en) | Access verification method and device based on Hash chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |