CN105978688B - A kind of cross-domain safety certifying method based on information separation management - Google Patents
A kind of cross-domain safety certifying method based on information separation management Download PDFInfo
- Publication number
- CN105978688B CN105978688B CN201610368838.5A CN201610368838A CN105978688B CN 105978688 B CN105978688 B CN 105978688B CN 201610368838 A CN201610368838 A CN 201610368838A CN 105978688 B CN105978688 B CN 105978688B
- Authority
- CN
- China
- Prior art keywords
- website
- certification
- app
- certificate server
- identification code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A kind of cross-domain safety certifying method based on information separation management, user are registered in website with user name Na, the password for account that no setting is required at this time, and website is the incidence relation that user establishes Na and Ca;Corresponding relationship is established by certificate server and certification APP in website, wherein website and certificate server establish corresponding relationship with Ca, certificate server establishes the corresponding relationship of Ca Yu identification code X, certification APP establishes the corresponding relationship of identification code X Yu user name Na, and login step carries out data interaction according to aforementioned corresponding relationship.Account's complete information of user is split by the present invention, and tripartite is transferred to manage respectively, and certification requires to realize safe authentication by three website, certificate server, mobile terminal device certification links each time.Even if breaking through any one or can not both obtain complete data, securely and reliably.
Description
Technical field
The invention belongs to network safety fileds, are related to a kind of safe identity identifying method, especially in the authentication method
In, user is without using password, specifically a kind of side by the way that the account information of user to be split to simultaneously separation management
Formula realizes the identity identifying technology of high security level.
Background technique
Currently, the generally utilization with Internet technology in life, almost everyone requires to build in network world
Respective account identity is found, and carries out common methods when network ID authentication, is mainly exactly " user name " and " password ";Due to net
Network life is ubiquitous, thus " password " that user needs to remember and manage is more and more, while in order to increase as far as possible
The difficulty that password is cracked, password setting becomes increasingly complex, also higher and higher to the system safety requirements of Internet Service Provider,
But nonetheless, the various novel code-breaking techniques of emergence still seriously threaten the safety of " password ", especially all
Such as application of " code dictionary " and " social engineering " (being commonly called as " hitting library ") code-breaking techniques, traditional cipher code protection method
It has almost been difficult to ensure " cryptosecurity ".
The basic reason for such cryptosecurity problem occur is that Internet Service Provider holds account's letter of user simultaneously
Breath and encrypted message, just look like to be placed on key and lock together, once network is attacked, that is, cause user account to be divulged a secret, together
When, the user account information leakage of a network service provider will also seriously threaten user in the account of other network service providers
Safety, causes the safety of user account to be often in extremely dangerous condition.
Summary of the invention
The purpose of the present invention is under network environment, the authentication question of user's online identity proposes a kind of high safety grade
Other authentication method.Theoretically, if key and lock is separated, the side for holding account number does not hold " password ", holds " close
One side of code " does not hold account number, even not there is " password ", will greatly improve Account Security performance.
The technical scheme is that
A kind of cross-domain safety certifying method based on information separation management, it includes registration step and login step;
Registration step includes:
S1, user register in website (including APP client, web page and other forms network service site),
User name Na, the password for account that no setting is required at this time, website be user name Na generation be corresponding to it (and include website itself mark
Know) unique subscriber encode Ca, make Na and Ca establish incidence relation;
S2, website by certificate server and are mounted on user's intelligent terminal (computer, mobile phone, tablet computer, intelligence
Wrist-watch etc.) on certification APP establish corresponding relationship, wherein website and certification APP share user name Na, website and certificate server
Subscriber-coded Ca is shared, certificate server and certification APP share the hardware identification identification code of identification code X and intelligent terminal
IDp, and (identification code X be authenticate APP be user on website user name Na distribution identification information), certificate server by Ca,
X, IDp establishes association, and identification code X and user name Na are recorded in local by certification APP, and X, Na are associated;
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to authentication service
Device;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X
Identification code ID p;
S6, certificate server forward certification corresponding to character string Str4, identification code X to hardware device identification code ID p
APP;
S7, user carry out confirmation response in certification APP, and certification APP is stored in local user name by identification code X lookup
Na, and Na and character string Str4 are handled using obfuscation, obfuscation processing result H and identification code X are sent to
Certificate server;
S8, certificate server obtain subscriber-coded Ca by identification code X, by subscriber-coded Ca, obscure processing operation result H
It is sent to the background server of website;Background server finds associated user name Na according to subscriber-coded Ca;And it uses
Operation is carried out to user name Na and character string Str4 with the identical obfuscation of H value is obtained in certification APP, is obtained at obfuscation
Manage result H ';Compare the consistency of H and H ';
Comparison passes through, then authentication success of the user name Na in website;Compare inconsistent, then authentification failure, verifying at
Function or the information of failure are shown through website or authenticated service device feeds back to certification APP.
Registration step of the invention specifically includes:
S1-1, all kinds of website (including APP client, web page and the other forms networks for needing to open authentication service
Services sites) it sends and requests to the certificate server of security certification system, Security Authentication Service is opened in application;Certificate server is awarded
Weigh the permission of each website visiting certificate server;
S1-2, user access any website using the network terminal, and register the account of the website, user name Na;Register account
When family, the password for account that no setting is required;If user has had account in website, in user's logon account, user is prompted
Selection enters cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;Such as
Fruit is loaded with down certification APP, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, will use
Name in an account book Na and unique subscriber coding Ca establish incidence relation;
S2-1, website background server visual verification information Str1 is shown to the page of user's registration Web account
On, and visual verification information Str1 and subscriber-coded Ca are transferred to certificate server, certificate server is by aforementioned Str1 and Ca
Data-in library;
S2-2, user respond visual verification information Str1 on certification APP, and certification APP prompt user's input is in website
User name Na, certification APP are that user name Na generates an identification code X, user name Na and user name by user in website
The corresponding relationship of Na and identification code X is stored in local, authenticates APP for response message, mobile terminal hardware device exclusive identification code
IDp and identification code X is transferred to certificate server, and certificate server can by what is recorded in received response message and database
Matching verifying is carried out depending on verification information Str1, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, certificate server
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated, and recorded in the database;Recognize
The information being verified is fed back to the background server of website by card server, and user Na completes registration.
In the present invention, to prevent the data transmitted between certificate server and website intercepted, in abovementioned steps S2-1,
Further include:
Certificate server issues key K0 to the background server of website;
After the background server of website encrypts visual verification information Str1, subscriber-coded Ca using key K0, pass through SSL
Encrypted transmission is decrypted after certificate server receives using key K0 to certificate server, is obtained visual verification information Str1, is used
Family encodes Ca and data-in library.
It further include certification to prevent the data transmitted between certification APP and certificate server intercepted in the present invention
After APP is communicated with certificate server foundation, in access registrar server for the first time, certificate server issues key to certification APP
K1;In step S2-2, after certification APP encrypts identification code X, response message using key K1, certification is transferred to by SSL encryption
Server is decrypted after certificate server receives using key K1, and identification code X, response message and data-in library are obtained.
In the present invention, for the feedback information authenticity that confirmation certificate server is sent back to, prevents certificate server to be forged, walk
Rapid S1-4, S2-1, S2-2 further include:
S1-4, website background server be also user name Na generate random string Str2;
S2-1, website background server random string Str2 is also transferred to certificate server;
S2-2, certificate server close the subscriber-coded Ca, hardware device identification code ID p and identification code X of website
After connection, further includes:
A, random string Str2, identification code X are transferred to the shifting that corresponding hardware device identification code is IDp by certificate server
The certification APP installed in dynamic terminal;
B, certification APP handles random string Str2 and user name Na using obfuscation, obtains obfuscation
Processing result H1;It authenticates APP and obfuscation processing result H1, identification code X is transmitted back to certificate server;
C, after certificate server receives obfuscation processing result H1, identification code X, pass is found by IDp and identification code X
The subscriber-coded Ca of connection, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation processing result
H1 and subscriber-coded Ca are transferred to website background server;
D, the background server of website finds associated user name Na by subscriber-coded Ca;Background server use with
The identical obfuscation of H1 value is obtained in certification APP to handle user name Na and random string Str2, obtains obscuring skill
Art processing result H1 ';Obfuscation processing result H1 and H1 ' is compared, confirms this feedback information from user if consistent
Certification APP rather than certificate server pretend.
Further, it in step S2-1, to prevent the data transmitted between certificate server and website intercepted, also wraps
It includes:
Certificate server issues key K0 to the background server of website;
The background server of website is using key K0 to visual verification information Str1, subscriber-coded Ca and random string
After Str2 encryption, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted using key K0, obtaining can
Depending on verification information Str1, subscriber-coded Ca and random string Str2 and data-in library.
It further include that certification APP and certification take to prevent the data transmitted between certification APP and certificate server intercepted
It is engaged in after device foundation communication, in access registrar server for the first time, certificate server issues key K1 to certification APP;
In step S2-2, certification APP encrypts identification code X, response message and random string Str2 using key K1
Afterwards, certificate server is transferred to after certificate server receives by SSL encryption to decrypt using key K1, obtain identification code X, sound
Answer information and random string Str2 and data-in library.
In registration step of the invention, S2-2 or be following steps:
S2-2, certificate server close the subscriber-coded Ca, hardware device identification code ID p and identification code X of website
After connection, further includes:
A, random string Str2, identification code X are transferred to the mobile end that hardware device identification code is IDp by certificate server
The certification APP installed on end;
B, certification APP generates character string Str3 at random;APP is authenticated using user name Na as key, to random string Str3
Cryptographic calculation is carried out, encrypted result value E is obtained;
C, certification APP is handled random string Str2 and Str3 using obfuscation, obtains obfuscation processing
As a result H2;It authenticates APP and obfuscation processing result H2, identification code X, secret value E is transferred to certificate server;
D, after certificate server receives obfuscation processing result H2, identification code X, secret value E, pass through IDp and identification code X
Associated subscriber-coded Ca is found, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation
Processing result H2, secret value E and subscriber-coded Ca are transferred to website background server;
E, the background server of website finds associated user name Na by subscriber-coded Ca;Background server is with user
Name Na is key, and operation is decrypted to secret value E, obtains character string Str3;The background server use of website and certification APP
The middle identical obfuscation of H2 value that obtains handles the obtained character string Str3 of random string Str2 and decryption, is mixed
Technical treatment result of confusing H2 ';Obfuscation processing result H2 and H2 ' is compared, confirms that this information feedback derives from if consistent
The certification APP of user rather than certificate server pretend.
Further, in step b of the invention:
When certification APP is encrypted to obtain secret value E using user name Na as key pair random string Str3, first to user
Name Na carries out obfuscation processing, obtains obfuscation processing result h, then added by key pair random string Str3 of h
Close operation obtains secret value E ';
Accordingly, in step e, in order to decrypt to obtain random string Str3: the background server of website is to user name
Na is used and is obtained the identical obfuscation processing of h value in certification APP, obfuscation processing result h ' is obtained, with h ' for key
The secret value E ' received is decrypted, character string Str3 is obtained.
In login step of the invention: step S7, S8 or are as follows:
S7 ', user carry out confirmation response in certification APP, and certification APP generates character string Str5 at random;APP is authenticated with user
Name Na encrypts random string Str5 to obtain secret value E1;
S8 ', certification APP are handled random string Str4 and Str5 using obfuscation, are obtained at obfuscation
Result H3 is managed, APP is authenticated by obfuscation processing result H3, identification code X and secret value E1 and is sent to certificate server;
After S9 ', certificate server receive obfuscation processing result H3, identification code X, secret value E1, pass through IDp and identification
Code X inquiry obtains corresponding associated subscriber-coded Ca, and finds associated website by subscriber-coded Ca;Certificate server will
Obfuscation processing result H3, secret value E1 and subscriber-coded Ca are transferred to website background server;
S10 ', background server find associated user name Na according to subscriber-coded Ca;Background server is with user name
Na is key, and operation is decrypted to secret value E1, obtains character string Str5;It is obtained in background server use and certification APP
The identical obfuscation of H3 value handles random string Str4 and decrypted obtained character string Str5, obtains obscuring skill
Art processing result H3 ';Obfuscation processing result H3 and H3 ' is compared, comparison passes through, then authentication of the user name Na in website
Success;Inconsistent, then authentification failure is compared, is proved to be successful or the information of failure is shown through website or authenticated service device is anti-
It feeds and authenticates APP.
Further, in step S7 ':
When certification APP is encrypted to obtain secret value E1 with user name Na to random string Str5, first to user name Na
Obfuscation processing is carried out, obtains obfuscation processing result h1, then encrypted by key pair random string Str5 of h1
Operation obtains secret value E1;
Accordingly, in step S10 ', in order to decrypt to obtain random string Str5: the background server of website is to user
Name Na is used and is obtained the identical obfuscation processing of h1 value in certification APP, is obtained obfuscation processing result h1 ', is with h1 '
The secret value E1 that key pair receives is decrypted, and obtains character string Str5.
In step S1 of the invention, for user according to the account of the regular registration of website of website, typing information includes cell-phone number
Login account IDa is distributed for it in code, ID card No., address, E-mail address and/or user name, website;Wherein, login account
IDa or other can identity information of the unique identification user in website can substitute the user name Na in later step,
For being associated with subscriber-coded Ca.
In the present invention, that for confirmation operation certification APP is user, in step S2-2, establishes identification code X and user
When the corresponding relationship of name Na, certification APP can also prompt user to be selected as Website login and set corresponding specific authentication instruction Y,
Certification instruction includes: a key confirmation, static password, short message verification code, fingerprint and video identification, wherein video identification includes
Recognition of face and action recognition, after setting certification instruction, it is necessary to by instructing the certification of Y that could complete the login of website.
Further, certification instruction Y can also use the NFC authentication mode of more high security level, and specific setting procedure is such as
Under:
User is selected as Website login setting NFC certification in certification APP;
The NFC function module that APP calls mobile terminal included is authenticated, and opens NFC on interface of mobile terminal and reads boundary
Face;
It authenticates APP prompt user and one card or device comprising NFC chip is provided, such as: society, the People's Republic of China (PRC)
Card can be ensured, by card close to mobile terminal NFC reading area;
The unique identifier that APP reads nfc card piece is authenticated, and identifier information encryption is sent to certificate server;
Certificate server decrypts the encryption nfc card piece identifier received, and by its with website, subscriber-coded Ca, IDp with
And identification code X is associated;
NFC certification is provided with.
In order to improve safety, user is also to log into certification APP itself to be arranged instruction, instruction use static password,
One of short message verification code, fingerprint, video identification (including recognition of face and action recognition) or NFC certification mode are more
Kind.
Obfuscation of the invention uses cryptographic calculation or Hash operation;Wherein cryptographic calculation selects DES and/or AES, breathes out
One of uncommon operation selection MD5, SHA1, SHA256 and SHA384 or a variety of.
In certificate server: obtaining the identical obfuscation acquisition H ' of H value in use and certification APP;
In the background server of website: it is (right to obtain H1 value identical obfuscation acquisition H1 ' in use and certification APP
Ying Di, H2, h, H3, h1 respectively with H2 ', h ', H3 ', h1 ' use identical obfuscation), aforementioned acquisition H (H '), H1 (H1 '),
H2 (H2 '), h (h '), H3 (H3 ') and h1 (h1 ') obfuscation between can be the same or different, before can using
State cryptographic calculation or Hash operation.
Beneficial effects of the present invention:
1, the present invention account's complete information of user is split, and transfer to tripartite (Internet Service Provider i.e. website,
Certificate server, customer mobile terminal equipment authentication authorization and accounting APP) mode that manages respectively, certification each time require by website,
Three certificate server, mobile terminal device certification links, realize safe authentication.Even if breaking through any one or two
It is a all to obtain complete data;In addition, the present invention in data exchange process, is encrypted using obfuscation, effectively
Improve the safety of data transmission.
2, using method of the invention, user is not needed using password, is solved in daily life with network Development,
APP is more and more, and various accounts, password are excessive, it is difficult to the problem of remembeing.
3, the solution of the present invention is used, even if user is infused in different websites using same account or user name
Volume, also can be by being associated and managing on a certification APP, while realizing very high security level;
4, using the solution of the present invention, since password is no longer taken care of in website, even if the performance of website safe design itself is not
Enough height, or by hacker attack, the leakage of user password information will not be caused.
5, the present invention has hardware only using mobile terminal hardware device exclusive identification code IDp as one of interaction data
One property, this device identification are a possibility that we provide identification account number user identity;Therefore traditional sense is not needed
On " password ", thus be truly realized do not have " password " naturally also just there is no crack " password " a possibility that, to establish
The ID authentication mechanism of high security level.
6, due to the unique design of this system, so that so-called " the social engineering attack " of current most destructive power (is commonly called as
Hit library) password cracking method, can almost no longer be able to achieve.
7, obfuscation of the invention uses cryptographic calculation or Hash operation;Wherein cryptographic calculation selects DES and/or AES,
Hash operation selects one of MD5, SHA1, SHA256 and SHA384 or a variety of.The complicated multiplicity of aforementioned obfuscation, technology are difficult
Degree is high, can effectively enhance the difficulty cracked, improve the safety of data interaction.
Detailed description of the invention
Fig. 1 is structural schematic diagram of the invention.
Specific embodiment
The present invention is further illustrated with reference to the accompanying drawings and examples.
Embodiment one:
A kind of cross-domain safety certifying method based on information separation management, it includes registration step and login step;
Registration step includes:
S1-1, all kinds of website (including APP client, web page and the other forms networks for needing to open authentication service
Services sites) it sends and requests to the certificate server of security certification system, Security Authentication Service is opened in application;Certificate server is awarded
Weigh the permission of each website visiting certificate server;
S1-2, user access any website using the network terminal, and register the account (account of registration of website of the website
When, common typing information may include one in phone number, ID card No., address, E-mail address and/or user name etc.
Kind is a variety of, and website is that it distributes login account IDa;Wherein, login account IDa or other can the unique identification user exist
The identity information of website can substitute the user name Na in later step, for being associated with subscriber-coded Ca), user name
Na;When login account, the password for account that no setting is required;If user has had account in website, in user's logon account,
It prompts user's selection to enter cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;Such as
Fruit is loaded with down certification APP, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, will use
Name in an account book Na and unique subscriber coding Ca establish incidence relation;
S2-1, website background server visual verification information Str1 is shown to the page of user's registration Web account
On, and visual verification information Str1 and subscriber-coded Ca are transferred to certificate server, certificate server is by aforementioned Str1 and Ca
Data-in library;
S2-2, user respond visual verification information Str1 on certification APP, and certification APP prompt user's input is in website
User name Na, certification APP are that user name Na generates an identification code X, user name Na and user name by user in website
The corresponding relationship of Na and identification code X is stored in local, authenticates APP for response message, mobile terminal hardware device exclusive identification code
IDp and identification code X is transferred to certificate server, and certificate server can by what is recorded in received response message and database
Matching verifying is carried out depending on verification information Str1, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, certificate server
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated, and recorded in the database;Recognize
The information being verified is fed back to the background server of website by card server, and user Na completes registration.(when any user is with more
When a user name corresponds to the same website (same user has multiple accounts in same website), certification APP is different
User name Na distributes different identification code X to show and distinguish;When any user corresponds to multiple websites with user name Na, certification
APP is that the user name Na of different web sites distributes different identification code X to show and distinguish)
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to authentication service
Device;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X
Identification code ID p;
S6, certificate server forward certification corresponding to character string Str4, identification code X to hardware device identification code ID p
APP;
S7, user carry out confirmation response in certification APP, and certification APP is stored in local user name by identification code X lookup
Na, and Na and character string Str4 are handled using obfuscation (preferably SHA1), by obfuscation processing result H and identification
Code X is sent to certificate server;
S8, certificate server obtain subscriber-coded Ca by identification code X, and subscriber-coded Ca, Hash operation result H is sent
To the background server of website;Background server finds associated user name Na according to subscriber-coded Ca;And use with recognize
It demonstrate,proves and obtains the identical obfuscation (corresponding preferred SHA1) of H value in APP to user name Na and character string Str4 progress operation, obtain
To obfuscation processing result H ';Compare the consistency of H and H ';
Comparison passes through, then authentication success of the user name Na in website;Compare inconsistent, then authentification failure, verifying at
Function or the information of failure are shown through website or authenticated service device feeds back to certification APP.
Embodiment two:
On the basis of example 1, to prevent between certificate server and website, authenticate between APP and certificate server
The data transmitted are intercepted;
In step S2-1 further include:
Certificate server issues key K0 to the background server of website;
After the background server of website encrypts visual verification information Str1, subscriber-coded Ca using key K0, pass through SSL
Encrypted transmission is decrypted after certificate server receives using key K0 to certificate server, is obtained visual verification information Str1, is used
Family encodes Ca and data-in library;
Certification APP and certificate server are established communicate after, in access registrar server for the first time, certificate server is to certification
APP issues key K1;In step S2-2, certification APP using key K1 to identification code X, response message encryption after, by SSL plus
The close certificate server that is transferred to is decrypted using key K1 after certificate server receives, obtains identification code X, response message and charge to
Database.
Embodiment three:
On the basis of example 1, the feedback information authenticity sent back to for confirmation certificate server, prevents authentication service
Device is forged, in registration step, step S1-4, S2-1, S2-2 further include:
S1-4, website background server be also user name Na generate random string Str2;
S2-1, website background server random string Str2 is also transferred to certificate server;
S2-2, certificate server close the subscriber-coded Ca, hardware device identification code ID p and identification code X of website
After connection, further includes:
A, random string Str2, identification code X are transferred to the shifting that corresponding hardware device identification code is IDp by certificate server
The certification APP installed in dynamic terminal;
B, certification APP handles random string Str2 and user name Na using obfuscation (preferably SHA256),
Obtain obfuscation processing result H1;It authenticates APP and obfuscation processing result H1, identification code X is transmitted back to certificate server;
C, after certificate server receives obfuscation processing result H1, identification code X, pass is found by IDp and identification code X
The subscriber-coded Ca of connection, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation processing result
H1 and subscriber-coded Ca are transferred to website background server;
D, the background server of website finds associated user name Na by subscriber-coded Ca;Background server use with
Authenticate obtained in APP the identical obfuscation (corresponding preferred SHA256) of H1 value to user name Na and random string Str2 into
Row processing, obtains obfuscation processing result H1 ';Obfuscation processing result H1 and H1 ' is compared, confirmation is this time anti-if consistent
Feedforward information derives from the certification APP of user rather than certificate server pretends.
Example IV:
For the safety for further increasing data transmission, enhance the compactness of data interaction, using the Encryption Algorithm of reinforcement;
Registration step:
S1-1, all kinds of website (including APP client, web page and the other forms networks for needing to open authentication service
Services sites) it sends and requests to the certificate server of security certification system, Security Authentication Service is opened in application;Certificate server is awarded
Weigh the permission of each website visiting certificate server;
S1-2, user access any website using the network terminal, and register the account of the website, user name Na;Register account
When family, the password for account that no setting is required;If user has had account in website, in user's logon account, user is prompted
Selection enters cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;Such as
Fruit is loaded with down certification APP, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, will use
Name in an account book Na and unique subscriber coding Ca establishes incidence relation, and the background server of website is also that user name Na generates random string
Str2;
S2-1, website background server visual verification information Str1 is shown to the page of user's registration Web account
On, and certificate server, authentication service are transferred to by visual verification information Str1, subscriber-coded Ca and by random string Str2
Device is by aforementioned Str1, Ca and Str2 data-in library;
S2-2, user respond visual verification information Str1 on certification APP, and certification APP prompt user's input is in website
User name Na, certification APP are that user name Na generates an identification code X, user name Na and user name by user in website
The corresponding relationship of Na and identification code X is stored in local, authenticates APP for response message, mobile terminal hardware device exclusive identification code
IDp and identification code X is transferred to certificate server, and certificate server can by what is recorded in received response message and database
Matching verifying is carried out depending on verification information Str1, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, certificate server
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated, and recorded in the database, is recognized
The information being verified is fed back to the background server of website by card server, and user Na completes registration, later;
A, random string Str2, identification code X are transferred to the mobile end that hardware device identification code is IDp by certificate server
The certification APP installed on end;
B, certification APP generates character string Str3 at random;APP is authenticated using user name Na as key, to random string Str3
It carries out cryptographic calculation (preferably AES), obtains encrypted result value E;
C, certification APP is handled random string Str2 and Str3 using obfuscation (preferably SHA384), is obtained
Obfuscation processing result H2;It authenticates APP and obfuscation processing result H2, identification code X, secret value E is transferred to authentication service
Device;
D, after certificate server receives obfuscation processing result H2, identification code X, secret value E, pass through IDp and identification code X
Associated subscriber-coded Ca is found, and associated website is found by subscriber-coded Ca;Certificate server is by obfuscation
Processing result H2, secret value E and subscriber-coded Ca are transferred to website background server;
E, the background server of website finds associated user name Na by subscriber-coded Ca;Background server is with user
Name Na is key, and operation is decrypted to secret value E, obtains character string Str3;The background server use of website and certification APP
The middle character string for obtaining H2 value identical obfuscation (corresponding preferred SHA384) and random string Str2 and decryption being obtained
Str3 is handled, and obfuscation processing result H2 ' is obtained;Obfuscation processing result H2 and H2 ' is compared, is confirmed if consistent
This time information feeds back the certification APP from user rather than certificate server pretends.
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to authentication service
Device;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X
Identification code ID p;
S6, certificate server forward certification corresponding to character string Str4, identification code X to hardware device identification code ID p
APP;
S7 ', user carry out confirmation response in certification APP, and certification APP generates character string Str5 at random;APP is authenticated with user
Name Na is encrypted (preferably AES) to random string Str5 and obtains secret value E1;
S8 ', certification APP are handled random string Str4 and Str5 using obfuscation (preferably MD5), are mixed
Confuse technical treatment result H3, authenticates APP for obfuscation processing result H3, identification code X and secret value E1 and is sent to authentication service
Device;
After S9 ', certificate server receive obfuscation processing result H3, identification code X, secret value E1, pass through IDp and identification
Code X inquiry obtains corresponding associated subscriber-coded Ca, and finds associated website by subscriber-coded Ca;Certificate server will
Obfuscation processing result H3, secret value E1 and subscriber-coded Ca are transferred to website background server;
S10 ', background server find associated user name Na according to subscriber-coded Ca;Background server is with user name
Na is key, and operation is decrypted to secret value E1, obtains character string Str5;It is obtained in background server use and certification APP
The identical obfuscation of H3 value (corresponding preferred MD5) carries out random string Str4 and decrypted obtained character string Str5
Processing, obtains obfuscation processing result H3 ';Obfuscation processing result H3 and H3 ' is compared, comparison passes through, then user name Na
Authentication success in website;Compare inconsistent, then authentification failure, be proved to be successful or the information of failure shown through website or
Person's authenticated service device feeds back to certification APP.
Embodiment five:
To further increase the safety that data are transmitted, on the basis of example IV:
In the b of registration step S2-2:
When certification APP is encrypted to obtain secret value E using user name Na as key pair random string Str3, first to user
Name Na carries out obfuscation processing (preferably MD5), obtains obfuscation processing result h, then using h as key pair random string
Str3 carries out cryptographic calculation, obtains secret value E ';
Accordingly, in step e, in order to decrypt to obtain random string Str3: the background server of website is to user name
Na is used and is obtained the identical obfuscation processing (corresponding preferred MD5) of h value in certification APP, obtains obfuscation processing knot
Fruit h ' is that the secret value E ' that key pair receives is decrypted with h ', obtains character string Str3.
In the step S7 ' of Login Register:
When certification APP is encrypted to obtain secret value E1 with user name Na to random string Str5, first to user name Na
It carries out obfuscation processing (preferably MD5), obtains obfuscation processing result h1, then using h1 as key pair random string Str5
Cryptographic calculation is carried out, secret value E1 is obtained;
Accordingly, in step S10 ', in order to decrypt to obtain random string Str5: the background server of website is to user
Name Na is used and is obtained the identical obfuscation processing (corresponding preferred MD5) of h1 value in certification APP, obtains obfuscation processing
As a result h1 ' is that the secret value E1 that key pair receives is decrypted with h1 ', obtains character string Str5.
Embodiment six:
On the basis of embodiment five, to prevent between certificate server and website, authenticating between APP and certificate server
The data transmitted are intercepted;
In step S2-1, further includes:
Certificate server issues key K0 to the background server of website;
The background server of website is using key K0 to visual verification information Str1, subscriber-coded Ca and random string
After Str2 encryption, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted using key K0, obtaining can
Depending on verification information Str1, subscriber-coded Ca and random string Str2 and data-in library;
Certification APP and certificate server are established communicate after, in access registrar server for the first time, certificate server is to certification
APP issues key K1;In step S2-2, certification APP is using key K1 to identification code X, response message and random string
After Str2 encryption, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted, is known using key K1
Other code X, response message and random string Str2 and data-in library.
Embodiment seven:
That for confirmation operation certification APP is user, on the basis of embodiment six, in step S2-2, establishes identification
When the corresponding relationship of code X and user name Na, certification APP user can also be prompted to be selected as Website login setting is corresponding specific to be recognized
Card instruction Y, certification instruction includes: a key confirmation, static password, short message verification code, fingerprint and video identification, wherein video
Identification includes recognition of face and action recognition, after setting certification instruction, it is necessary to by instructing the certification of Y that could complete stepping on for website
Record.
Certification instruction Y can also use the NFC authentication mode of more high security level, and specific setting procedure is as follows:
User is selected as Website login setting NFC certification in certification APP;
The NFC function module that APP calls mobile terminal included is authenticated, and opens NFC on interface of mobile terminal and reads boundary
Face;
It authenticates APP prompt user and one card or device comprising NFC chip is provided, (such as: society, the People's Republic of China (PRC)
Can ensure card), by card close to mobile terminal NFC reading area;
The unique identifier that APP reads nfc card piece is authenticated, and identifier information encryption is sent to certificate server;
Certificate server decrypts the encryption nfc card piece identifier received, and by its with website, subscriber-coded Ca, IDp with
And identification code X is associated;
NFC certification is provided with.
In order to improve safety, user may be to log into certification APP itself instruction is arranged, and instruction is using static close
One of code, short message verification code, fingerprint, video identification and NFC certification mode.
Part that the present invention does not relate to is the same as those in the prior art or can be realized by using the prior art.
Claims (15)
1. a kind of cross-domain safety certifying method based on information separation management, it is characterized in that it includes registration step and login step
Suddenly;
Registration step includes:
S1, user register in website, user name Na, the password for account that no setting is required at this time, and website is user name Na generation
Corresponding unique subscriber encodes Ca, and Na and Ca is made to establish incidence relation;
Corresponding relationship is established with the certification APP being mounted on user's intelligent terminal by certificate server in S2, website, wherein
Website and certification APP share user name Na, and website and certificate server share subscriber-coded Ca, certificate server and certification APP
The hardware identification identification code ID p of shared identification code X and intelligent terminal, wherein identification code X is that certification APP is user in net
On standing user name Na distribution identification information, certificate server by Ca, X, IDp establish be associated with, certification APP by identification code X with
User name Na is recorded in local, and X, Na are associated;
Login step includes;
S3, user request Website login with user name Na;
S4, website background server send subscriber-coded Ca and at least one random string Str4 to certificate server;
S5, certificate server obtain the corresponding identification code X of subscriber-coded Ca, and hardware device corresponding with identification code X mark
Code IDp;
S6, certificate server forward certification APP corresponding to character string Str4, identification code X to hardware device identification code ID p;
S7, user carry out confirmation response in certification APP, and certification APP is stored in local user name Na by identification code X lookup,
And Na and character string Str4 are handled using obfuscation, obfuscation processing result H and identification code X are sent to certification
Server;
S8, certificate server obtain subscriber-coded Ca by identification code X, by subscriber-coded Ca, obscure processing operation result H transmission
To the background server of website;Background server finds associated user name Na according to subscriber-coded Ca;And use with recognize
It demonstrate,proves and obtains the identical obfuscation of H value in APP to user name Na and character string Str4 progress operation, obtain obfuscation processing knot
Fruit H ';Compare the consistency of H and H ';
Comparison passes through, then authentication success of the user name Na in website;Compare inconsistent, then authentification failure, be proved to be successful or
The information of person's failure is shown through website or authenticated service device feeds back to certification APP.
2. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that registration step
Suddenly it specifically includes:
S1-1, the website for needing to open authentication service are sent to the certificate server of security certification system requests, and peace is opened in application
Full authentication service;The permission of each website visiting certificate server of certificate server authorization;
S1-2, user access any website using the network terminal, and register the account of the website, user name Na;When login account,
The password for account that no setting is required;If user has had account in website, in user's logon account, prompt user select into
Enter cross-domain safety certification mode, turns S1-3;
S1-3, web site prompts user download the client end AP P authentication authorization and accounting APP of security certification system using mobile terminal;If
It is loaded with certification APP under, then directly goes to step S1-4;
S1-4, website background server be that user name Na generates visual verification information Str1 and subscriber-coded Ca, by user name
Na and unique subscriber coding Ca establish incidence relation;
S2-1, website background server visual verification information Str1 is shown on the page of user's registration Web account, and
Visual verification information Str1 and subscriber-coded Ca are transferred to certificate server, aforementioned Str1 and Ca are charged to number by certificate server
According to library;
S2-2, user respond visual verification information Str1, user of the certification APP prompt user input in website on certification APP
Name Na, certification APP be user name Na generate an identification code X, by user website user name Na and user name Na with
The corresponding relationship of identification code X is stored in local, certification APP by response message, mobile terminal hardware device exclusive identification code IDp,
And identification code X is transferred to certificate server, certificate server is visually tested what is recorded in received response message and database
Card information Str1 carries out matching verifying, is verified, then can discover and seize subscriber-coded Ca corresponding with Str1, and certificate server is by net
Subscriber-coded Ca, hardware device identification code ID p and the identification code X to stand is associated, and is recorded in the database;Certification clothes
The information being verified is fed back to the background server of website by business device, and user Na completes registration.
3. the cross-domain safety certifying method according to claim 2 based on information separation management, it is characterized in that: step
S1-4, S2-1, S2-2 further include:
S1-4, website background server be also user name Na generate random string Str2;
S2-1, website background server random string Str2 is also transferred to certificate server;
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated it by S2-2, certificate server
Afterwards, further includes:
A, random string Str2, identification code X are transferred to the mobile end that corresponding hardware device identification code is IDp by certificate server
The certification APP installed on end;
B, certification APP handles random string Str2 and user name Na using obfuscation, obtains obfuscation processing
As a result H1;It authenticates APP and obfuscation processing result H1, identification code X is transmitted back to certificate server;
C, it after certificate server receives obfuscation processing result H1, identification code X, is found by IDp and identification code X associated
Subscriber-coded Ca, and associated website is found by subscriber-coded Ca;Certificate server by obfuscation processing result H1 and
Subscriber-coded Ca is transferred to website background server;
D, the background server of website finds associated user name Na by subscriber-coded Ca;Background server use and certification
The identical obfuscation of H1 value is obtained in APP to handle user name Na and random string Str2, is obtained at obfuscation
Manage result H1 ';Obfuscation processing result H1 and H1 ' is compared, this feedback information recognizing from user is confirmed if consistent
Demonstrate,prove APP rather than certificate server camouflage.
4. the cross-domain safety certifying method according to claim 3 based on information separation management, it is characterized in that registration step
In rapid, S2-2 or be following steps:
The subscriber-coded Ca, hardware device identification code ID p and identification code X of website are associated it by S2-2, certificate server
Afterwards, further includes:
A, random string Str2, identification code X are transferred on the mobile terminal that hardware device identification code is IDp by certificate server
The certification APP of installation;
B, certification APP generates character string Str3 at random;APP is authenticated using user name Na as key, random string Str3 is carried out
Cryptographic calculation obtains encrypted result value E;
C, certification APP is handled random string Str2 and Str3 using obfuscation, obtains obfuscation processing result
H2;It authenticates APP and obfuscation processing result H2, identification code X, secret value E is transferred to certificate server;
D, it after certificate server receives obfuscation processing result H2, identification code X, secret value E, is searched by IDp and identification code X
Associated website is found to associated subscriber-coded Ca, and by subscriber-coded Ca;Certificate server handles obfuscation
As a result H2, secret value E and subscriber-coded Ca are transferred to website background server;
E, the background server of website finds associated user name Na by subscriber-coded Ca;Background server is with user name Na
For key, operation is decrypted to secret value E, obtains character string Str3;It is obtained in the background server use of website and certification APP
It takes the identical obfuscation of H2 value to handle the obtained character string Str3 of random string Str2 and decryption, obtains obscuring skill
Art processing result H2 ';Obfuscation processing result H2 and H2 ' is compared, confirms this information feedback from user if consistent
Certification APP rather than certificate server pretend.
5. the cross-domain safety certifying method according to claim 4 based on information separation management, it is characterized in that step b
In:
When certification APP is encrypted to obtain secret value E using user name Na as key pair random string Str3, first to user name Na
Obfuscation processing is carried out, obtains obfuscation processing result h, then carry out encryption fortune by key pair random string Str3 of h
It calculates, obtains secret value E ';
Accordingly, in step e, in order to decrypt to obtain random string Str3: the background server of website adopts user name Na
It is handled with the identical obfuscation of acquisition h value in certification APP, obtains obfuscation processing result h ', be key docking with h '
The secret value E ' received is decrypted, and obtains character string Str3.
6. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that logging in step
In rapid: step S7, S8 or are as follows:
S7 ', user carry out confirmation response in certification APP, and certification APP generates character string Str5 at random;APP is authenticated with user name Na
Random string Str5 is encrypted to obtain secret value E1;
S8 ', certification APP are handled random string Str4 and Str5 using obfuscation, obtain obfuscation processing knot
Fruit H3 authenticates APP for obfuscation processing result H3, identification code X and secret value E1 and is sent to certificate server;
After S9 ', certificate server receive obfuscation processing result H3, identification code X, secret value E1, pass through IDp and identification code X
Inquiry obtains corresponding associated subscriber-coded Ca, and finds associated website by subscriber-coded Ca;Certificate server will mix
Technical treatment result of confusing H3, secret value E1 and subscriber-coded Ca are transferred to website background server;
S10 ', background server find associated user name Na according to subscriber-coded Ca;Background server is with user name Na
Key is decrypted operation to secret value E1, obtains character string Str5;H3 value is obtained in background server use and certification APP
Identical obfuscation handles random string Str4 and decrypted obtained character string Str5, obtains at obfuscation
Manage result H3 ';Compare obfuscation processing result H3 and H3 ', comparison passes through, then user name Na website authentication at
Function;Inconsistent, then authentification failure is compared, is proved to be successful or the information of failure show through website or authenticated service device is fed back
Give certification APP.
7. the cross-domain safety certifying method according to claim 6 based on information separation management, it is characterized in that step S7 '
In:
When certification APP is encrypted to obtain secret value E1 with user name Na to random string Str5, first user name Na is carried out
Obfuscation processing obtains obfuscation processing result h1, then carries out cryptographic calculation by key pair random string Str5 of h1,
Obtain secret value E1;
Accordingly, in step S10 ', in order to decrypt to obtain random string Str5: the background server of website is to user name Na
It is handled using with the identical obfuscation of acquisition h1 value in certification APP, obfuscation processing result h1 ' is obtained, with h1 ' for key
The secret value E1 received is decrypted, character string Str5 is obtained.
8. the cross-domain safety certifying method according to claim 2 based on information separation management, it is characterized in that: step
In S2-1, further includes:
Certificate server issues key K0 to the background server of website;
After the background server of website encrypts visual verification information Str1, subscriber-coded Ca using key K0, pass through SSL encryption
Certificate server is transferred to decrypt using key K0 after certificate server receives, obtain visual verification information Str1, Yong Hubian
Code Ca and data-in library.
9. the cross-domain safety certifying method according to claim 3 based on information separation management, it is characterized in that: step
In S2-1, further includes:
Certificate server issues key K0 to the background server of website;
The background server of website adds visual verification information Str1, subscriber-coded Ca and random string Str2 using key K0
After close, certificate server is transferred to after certificate server receives by SSL encryption and is decrypted using key K0, is visually verified
Information Str1, subscriber-coded Ca and random string Str2 and data-in library.
10. the cross-domain safety certifying method according to claim 2 based on information separation management, it is characterized in that: also wrapping
It includes after certification APP and certificate server foundation communicates, in access registrar server for the first time, certificate server is issued to APP is authenticated
Send out key K1;
In step S2-2, after certification APP encrypts identification code X, response message using key K1, it is transferred to and is recognized by SSL encryption
It demonstrate,proves server to decrypt after certificate server receives using key K1, obtains identification code X, response message and data-in library.
11. the cross-domain safety certifying method according to claim 3 based on information separation management, it is characterized in that: also wrapping
It includes after certification APP and certificate server foundation communicates, in access registrar server for the first time, certificate server is issued to APP is authenticated
Send out key K1;
In step S2-2, after certification APP encrypts identification code X, response message and random string Str2 using key K1, lead to
It crosses SSL encryption and is transferred to certificate server, after certificate server receives, decrypted using key K1, obtain identification code X, response letter
Breath and random string Str2 and data-in library.
12. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that described
In step S1, user according to the regular registration of website of website account, typing information include phone number, ID card No.,
Login account IDa is distributed for it in location, E-mail address and/or user name, website;Wherein, login account IDa or other can be only
One identity information of the mark user in website can substitute the user name Na in later step, for subscriber-coded Ca into
Row association.
13. the cross-domain safety certifying method according to claim 1 based on information separation management, it is characterized in that: in step
In rapid S2-2, when establishing the corresponding relationship of identification code X and user name Na, certification APP can also prompt user to be selected as login net
Stand setting corresponding specific authentication instruction Y, certification instruction include: a key confirmation, static password, short message verification code, fingerprint and
Video identification, wherein video identification includes recognition of face and action recognition, after setting certification instruction, it is necessary to instruct Y by certification
Certification could complete the login of website;
Certification instruction Y can also use the NFC authentication mode of more high security level, and specific setting procedure is as follows:
User is selected as Website login setting NFC certification in certification APP;
The NFC function module that APP calls mobile terminal included is authenticated, and opens NFC on interface of mobile terminal and reads interface;
It authenticates APP prompt user and one card or device comprising NFC chip is provided, card is read close to mobile terminal NFC
Region;
The unique identifier that APP reads nfc card piece is authenticated, and identifier information encryption is sent to certificate server;
Certificate server decrypts the encryption nfc card piece identifier received, and by itself and website, subscriber-coded Ca, IDp and knowledge
Other code X is associated;
NFC certification is provided with.
14. the cross-domain safety certifying method according to claim 13 based on information separation management, it is characterized in that: user
Also instruction is set to log into certification APP itself, instruction uses any one in addition to " key confirmation " in claim 13
The NFC certification mode of kind or claim 13.
15. according to claim 1 based on the cross-domain safety certifying method of information separation management, feature described in one of -14
Be: obfuscation uses cryptographic calculation or Hash operation;Wherein cryptographic calculation selects DES and/or AES, Hash operation selection
One of MD5, SHA1, SHA256 and SHA384 or a variety of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610368838.5A CN105978688B (en) | 2016-05-30 | 2016-05-30 | A kind of cross-domain safety certifying method based on information separation management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610368838.5A CN105978688B (en) | 2016-05-30 | 2016-05-30 | A kind of cross-domain safety certifying method based on information separation management |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105978688A CN105978688A (en) | 2016-09-28 |
CN105978688B true CN105978688B (en) | 2019-04-16 |
Family
ID=57009835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610368838.5A Active CN105978688B (en) | 2016-05-30 | 2016-05-30 | A kind of cross-domain safety certifying method based on information separation management |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105978688B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106899570B (en) * | 2016-12-14 | 2019-11-05 | 阿里巴巴集团控股有限公司 | The processing method of two dimensional code, apparatus and system |
CN108259436B (en) * | 2016-12-29 | 2021-01-01 | 中国移动通信集团公司 | User identity authentication processing method, application server and authentication system server |
CN107038341B (en) * | 2017-04-10 | 2019-07-12 | 杭州银江医联网技术股份有限公司 | Family health care data managing method and system |
CN110247917B (en) * | 2019-06-20 | 2021-09-10 | 北京百度网讯科技有限公司 | Method and apparatus for authenticating identity |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4861631B2 (en) * | 2005-02-22 | 2012-01-25 | 株式会社リコー | User authentication apparatus, image forming apparatus, user authentication method, and user authentication program |
KR20140126832A (en) * | 2013-04-23 | 2014-11-03 | 에스케이플래닛 주식회사 | System and method for providing user authentication service |
CN104753927A (en) * | 2015-03-12 | 2015-07-01 | 杭州华三通信技术有限公司 | Unified verification method and device |
CN104994114A (en) * | 2015-07-27 | 2015-10-21 | 尤磊 | Identity authentication system and method based on electronic identification card |
CN105072112A (en) * | 2015-08-07 | 2015-11-18 | 中国联合网络通信集团有限公司 | Identity authentication method and identity authentication device |
-
2016
- 2016-05-30 CN CN201610368838.5A patent/CN105978688B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4861631B2 (en) * | 2005-02-22 | 2012-01-25 | 株式会社リコー | User authentication apparatus, image forming apparatus, user authentication method, and user authentication program |
KR20140126832A (en) * | 2013-04-23 | 2014-11-03 | 에스케이플래닛 주식회사 | System and method for providing user authentication service |
CN104753927A (en) * | 2015-03-12 | 2015-07-01 | 杭州华三通信技术有限公司 | Unified verification method and device |
CN104994114A (en) * | 2015-07-27 | 2015-10-21 | 尤磊 | Identity authentication system and method based on electronic identification card |
CN105072112A (en) * | 2015-08-07 | 2015-11-18 | 中国联合网络通信集团有限公司 | Identity authentication method and identity authentication device |
Also Published As
Publication number | Publication date |
---|---|
CN105978688A (en) | 2016-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11336446B2 (en) | System and method for generating and depositing keys for multi-point authentication | |
EP2166697B1 (en) | Method and system for authenticating a user by means of a mobile device | |
US8245030B2 (en) | Method for authenticating online transactions using a browser | |
US20150349960A1 (en) | Two factor authentication using a protected pin-like passcode | |
CN105743638B (en) | Method based on B/S architecture system client authorization certifications | |
CN108092776A (en) | A kind of authentication server and authentication token | |
CN105656862B (en) | Authentication method and device | |
CN101292496A (en) | Method and devices for carrying out cryptographic operations in a client-server network | |
US12047500B2 (en) | Generating keys using controlled corruption in computer networks | |
CN109716725B (en) | Data security system, method of operating the same, and computer-readable storage medium | |
CN106230594B (en) | Method for user authentication based on dynamic password | |
CN101420302A (en) | Safe identification method and device | |
WO2014141263A1 (en) | Asymmetric otp authentication system | |
CN105978688B (en) | A kind of cross-domain safety certifying method based on information separation management | |
CN110493162A (en) | Identity identifying method and system based on wearable device | |
CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
JP2018026631A (en) | SSL communication system, client, server, SSL communication method, computer program | |
Rao et al. | Authentication using mobile phone as a security token | |
EP2070248B1 (en) | System and method for facilitating secure online transactions | |
Aciobanitei et al. | Using cryptography in the cloud for lightweight authentication protocols based on QR codes | |
Al-Bajjari et al. | Optimized authentication scheme for web application | |
CN117792802B (en) | Identity verification and application access control method and system based on multi-system interaction | |
Kumari et al. | Hacking resistance protocol for securing passwords using personal device | |
CN118233218B (en) | Remote authentication system and method based on distributed trusted execution environment application | |
WO2010070456A2 (en) | Method and apparatus for authenticating online transactions using a browser |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |