CN101378386A - Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology - Google Patents
Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology Download PDFInfo
- Publication number
- CN101378386A CN101378386A CNA2007100454786A CN200710045478A CN101378386A CN 101378386 A CN101378386 A CN 101378386A CN A2007100454786 A CNA2007100454786 A CN A2007100454786A CN 200710045478 A CN200710045478 A CN 200710045478A CN 101378386 A CN101378386 A CN 101378386A
- Authority
- CN
- China
- Prior art keywords
- authentication
- server
- user
- virtual
- check code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a safety authenticator transferring a screen through a handy terminal by applying virtual technology, which comprises: an authentication server used for generating a transaction check code randomly according to a user request, transmitting the transaction check code to the user side and generating an authentication result after providing the safety authentication, an intermediate server which comprises: an ISP server used for transmitting the transaction check code and the check result between the user side and the virtual authentication server, a virtual machine server used for establishing an authentication screen that is matched with the transaction check code and requesting safety authentication from the authentication server, the user side used for making a request, requesting the virtual machine server to transmit the authentication screen according to the transaction check code and carrying out user authentication to the authentication server according to the authentication screen. The safety authentication method comprises the following steps of: requesting for the virtual security authentication message; providing a random transaction check code; generating an authentication screen corresponding to the transaction check code; transmitting the authentication screen to the handy terminal of the user; inputting the security authentication message; and authenticating and transmitting the authentication result to the user side respectively.
Description
Technical field
The present invention relates to using virtual technology and guarantee secure authentication technology by palm terminal transmission operating system screen, more precisely relating to the Internet Service Provider uses Intel Virtualization Technology to pass through a plurality of virtual machines of operation on server, the screen of operating system is passed to another operating system terminal realize providing safe network verification, the common authentication method and the device of authentication and authorization service to public network user.
Technical background
Current I SP operator carries out safety certification by network, authentication and authorize method commonly used mainly to comprise two kinds: a kind of is by after the network electronic certificate is installed is guaranteed user's legitimacy, and the mode that re-uses WEB is imported user's authorization information and verified; Another kind of then be to carry out safety certification by the client software that operator provides specially with safety precautions.But, more than the prerequisite that can normally use safely of two kinds of verification methods be that the user not only self has certain safe alertness, when can pick out some deception modes commonly used on the network, the terminal computer that also must be able to guarantee himself to be used to carry out safety certification must be safe, do not have leak.In case user self divulges a secret or terminal computer itself suffers wooden horse or system vulnerability attack, then user's secure authenticated information and privacy will be faced with the danger of leakage, seriously even also can cause huge property loss to the user.
Summary of the invention
At described problem, current virtualization software market and technology have developed into a kind of very flourishing skill level.By a plurality of virtual machines of operation on server, the screen of operating system is passed to another operating system terminal realize that the technology of safety certification just can remedy the shortcoming of existing universal safety authentication method.The objective of the invention is by a plurality of virtual machines of operation on server, the authentication screen of server OS is passed to another palm operating system terminal (as mobile phone etc.), and submit to the method for user authentication information to realize safety certification by this palm operating system terminal.Because all users' secure authenticated information is all submitted to certificate server by palm operating system terminal, this method has just reduced greatly for the requirement of user itself and terminal computer, thereby remedies the leak that existing safety certifying method exists at the terminal computer end.
To achieve these goals, a kind of using virtual technology transmits the safety certification device of screen by the palm terminal, described device comprises: a certificate server generates the transaction check code at random and sends user side to according to user's request, and generates authentication result after safety certification is provided; One intermediate server, described intermediate server comprises: an isp server is used for transmitting transaction check code and check results between user side and virtual certificate server; One virtual machine server, the authentication screen that establishment one and described transaction check code are complementary, and to certificate server request safety certification; One user side is filed a request, and transmits described authentication screen according to described transaction check code to described virtual machine server request, carries out authentification of user according to described authentication screen to described certificate server.
Reasonable is that described certificate server further comprises: a virtual certificate server is used for generating the transaction check code at random, and sends it to described isp server; One certificate server provides by user side according to authentication screen by the authentication of virtual machine server request with by the authentication of virtual machine server to the certificate server request.
Reasonable is that described virtual machine server comprises the access interface of opening certificate server to the authentication of certificate server request.
Reasonable is that described user side further comprises: a subscriber computer is used to login isp server, and receives security certification result; One palm terminal is used for input transaction check code, and according to the authentication screen input secure authenticated information that receives.
Reasonable is that described secure authenticated information comprises user cipher name, user name, card number.
Reasonable is that described palm terminal comprises that described palm terminal comprises mobile phone, personal digital assistant.
The invention also discloses the safety certifying method of a kind of using virtual technology by palm terminal transmission screen, described method comprises: step 1, subscriber computer request virtual secure authentication information; Step 2 provides the check code of concluding the business at random; Step 3, described transaction check code sends to subscriber computer, generate one with the corresponding authentication screen of described transaction check code; Step 4 under the correct situation of the transaction check code of user's palm terminal input, sends described authentication screen to user's palm terminal; Step 5, user's palm terminal is according to the prompting input secure authenticated information of described authentication screen; Step 6, certificate server authenticates described secure authenticated information, and described authentication result is passed to subscriber computer and user's palm terminal respectively.
Reasonablely be that to pass to subscriber computer be to be realized by isp server to authentication result in virtual secure authentication request in the described step 1 and the described step 6.
Reasonable is that described secure authenticated information comprises user cipher name, user name, card number.
Reasonable is that described palm terminal comprises mobile phone, personal digital assistant.
Description of drawings
Below, with reference to accompanying drawing, for those skilled in the art that, from the detailed description to the inventive method, above-mentioned and other purposes of the present invention, feature and advantage will be apparent.
Fig. 1 is the flow chart of safety certifying method of the present invention;
Fig. 2 is the block diagram of safety certification device of the present invention.
Embodiment
See also accompanying drawing 1, shown in be using virtual technology and transmit the flow chart that the operating system screen is realized the method for safety certification by the palm terminal, comprise the steps:
Step S11, at first, when comprising behavior such as online payment by subscriber computer when user preparation, the subscriber computer of this moment proposes safety certification request to isp server;
Step S12, IPS server report to virtual certificate server, and request virtual secure authentication information;
Step S13 because virtual certificate server is in listening state always, in case receive the request of ISP, generates the transaction check code at random;
Step S14, this transaction check code sends to subscriber computer by isp server on the one hand, create by a management system on the other hand and form a virtual machine, specifically, this constructive process at first is to look for an idle virtual machine, if find idle virtual machine is arranged, and just binds spendable virtual machine server, if do not have idle virtual machine but the hardware system of virtual machine server satisfies certain condition, just create a new virtual machine.If preceding two conditions all do not satisfy, just has only wait.Virtual machine server provides an authentication screen because relevant informations such as the IP of the virtual machine server of creating and ID are corresponding with the transaction check code, so authentication screen also with transaction check code coupling;
Step S15, after the user receives the transaction check code by subscriber computer, import this transaction check code by the palm terminal again, the palm terminal sends to virtual machine server with relevant information of concluding the business check code and makes a decision, if user's input makes mistakes, virtual machine server is made mistakes to the report of palm terminal, specifically is that the Authentication Client on the palm terminal reports an error; If user class input is correct, the Authentication Client request virtual machine server of palm terminal transmits the authentication screen with transaction check code coupling, and this is to send the authentication screen of virtual machine technique server to the palm terminal by the remote desktop technology;
Step S16, when transmitting screen, virtual machine server is to certificate server request authentication service interface and visit this interface, why to carry out this request, be because the authentication that will use on isp server is of a great variety, virtual machine server among the application is opened authentication service interface and visit, in fact only is to open the interface;
Step S17 finishes after the transmission of above-mentioned authentication screen, and the user comprises user cipher name, user name, card number by palm terminal input associated safety authentication information, submits to certificate server by virtual machine server then;
Step S18, the certificate server relevant information that verification receives in its database, and check results passed to virtual machine server;
After step S19, isp server receive the safety check result, it is passed to subscriber computer and palm terminal,, finish whole process verification process.
From above-mentioned flow process, the work period of whole virtual machine server originates in: receive check code and create virtual machine,--pass check results back palm terminal and general isp server.The length of this work period depends on the time of user's input validation sign indicating number, if the time is grown to necessarily, need control.
Fig. 2 has provided the application's virtual technology is transmitted the safety certification device of screen by the palm terminal the composition frame chart of quoting, this authenticate device is on the basis of existing subscriber computer 101, palm terminal 102, isp server 201 and certificate server 302, add virtual machine server 202 and virtual certificate server 301 that virtual technology realizes, the environment of safety and reliability is provided for the certificate server of local area network side so on the one hand, on the other hand, virtual machine server can also be supported multi-user's big capacity occasion.
In running, in case subscriber computer 101 proposes authentication request to isp server 201, isp server 201 has changed and has directly entered the conventional authentication way that local area network (LAN) 30 is filed a request to certificate server 302, but ask for the transaction check code to virtual machine certificate server 301 earlier, virtual machine certificate server 301 generates the transaction check code at random under this request, and the check code of should concluding the business is sent subscriber computer 10 back to by isp server 201, virtual machine management system is created a virtual machine server 202 after receiving check code, specifically, virtual machine management system at first is to look for whether idle virtual machine is arranged in the virtual machine pond, if have idle, just binding is as virtual machine server, under the hardware system situation with good conditionsi, do not create a new virtual machine if there is idle virtual machine.If both there be not idle virtual machine, and under the hardware system situation about not satisfying condition again, just has only temporary transient wait.After the virtual machine server establishment is finished, become a brand-new operating system, and an authentication screen is provided.
After finishing the authentication screen transmission, prompting according to this authentication screen, the user is again by the relevant secure authenticated information of palm terminal 102 inputs, to comprise that like this secure authenticated information such as user cipher name, user name, card number submit to certificate server 302 by virtual machine server 202, carry out user safety authentication by certificate server 302, and send authentication result to palm terminal 102 on the one hand by virtual machine server 202, send subscriber computer 101 to by isp server 201 on the other hand, in a single day the two receive authentication result, promptly finishes verification.
By the detailed introduction of Fig. 1 and Fig. 2, realize that a certain authentication or mandate are finished in the mutual authentication of terminal and user's hand-held device.Need not to import the safety that Any user information guarantees user profile and privacy at subscriber computer.On hand-held device, provide service access to realize the safety of user and server interaction.In said process, be in all the time between palm terminal 102 and the virtual machine server 202 under the state of screen transmission, promptly the all-access interface of virtual machine server 202 unlatching certificate servers 302 all sends palm terminal 102 to.So just the way at the access registrar interface of original subscriber computer 101 is transferred to user's palm terminal 102, because the attack that to palm terminal 102 with the screen is information carrier suffers that far beyond subscriber computer the difficulty that wooden horse destroys is bigger, therefore, the application has good fail safe.In addition, because the intermediate server 20 that is provided with between user side 10 and local area network (LAN) 30 is in outward online, certificate server 302 will can not be exposed on the net outer, thereby guarantee the fail safe and the robustness of certificate server 302.
In sum, the present invention combines the system virtualization technology, and remote desktop technology and Computer Applied Technology are for public network user and group provide a kind of safe and reliable telecommunication network safety certification and the technology of service.
Any technical staff in this area more than provides description, so that can use or utilize the present invention to preferred embodiment.But the various modifications for this embodiment are very easy for those skilled in the art, do not need to use creativeness just can be applied to total principle described here in the middle of other embodiment.Thereby, the embodiment shown in the present invention will be not limited to here, and the wide region of principle that should disclose and new feature according to meeting here.
Claims (10)
1, a kind of using virtual technology is by the safety certification device of palm terminal transmission screen, and described device comprises:
One certificate server generates the transaction check code at random and sends user side to according to user's request, and generates authentication result after safety certification is provided;
One intermediate server, described intermediate server comprises:
One isp server is used for transmitting transaction check code and check results between user side and virtual certificate server;
One virtual machine server, the authentication screen that establishment one and described transaction check code are complementary, and to certificate server request safety certification;
One user side is filed a request, and transmits described authentication screen according to described transaction check code to described virtual machine server request, carries out authentification of user according to described authentication screen to described certificate server.
2, using virtual technology according to claim 1 is characterized in that by the safety certification device of palm terminal transmission screen described certificate server further comprises:
One virtual certificate server is used for generating the transaction check code at random, and sends it to described isp server;
One certificate server provides by user side according to authentication screen by the authentication of virtual machine server request with by the authentication of virtual machine server to the certificate server request.
3, using virtual technology according to claim 2 is characterized in that by the safety certification device of palm terminal transmission screen,
Described virtual machine server comprises the access interface of opening certificate server to the authentication of certificate server request.
4, using virtual technology according to claim 3 is characterized in that by the safety certification device of palm terminal transmission screen described user side further comprises:
One subscriber computer is used to login isp server, and receives security certification result;
One palm terminal is used for input transaction check code, and according to the authentication screen input secure authenticated information that receives.
5, using virtual technology according to claim 3 is characterized in that by the safety certification device of palm terminal transmission screen,
Described secure authenticated information comprises user cipher name, user name, card number.
6, according to the safety certification device of each described using virtual technology among the claim 1-5, it is characterized in that by palm terminal transmission screen,
Described palm terminal comprises that described palm terminal comprises mobile phone, personal digital assistant.
7, a kind of using virtual technology is by the safety certifying method of palm terminal transmission screen, and described method comprises:
Step 1, subscriber computer request virtual secure authentication information;
Step 2 provides the check code of concluding the business at random;
Step 3, described transaction check code sends to subscriber computer, generate one with the corresponding authentication screen of described transaction check code;
Step 4 under the correct situation of the transaction check code of user's palm terminal input, sends described authentication screen to user's palm terminal;
Step 5, user's palm terminal is according to the prompting input secure authenticated information of described authentication screen;
Step 6, certificate server authenticates described secure authenticated information, and described authentication result is passed to subscriber computer and user's palm terminal respectively.
8, using virtual technology according to claim 7 is characterized in that by the safety certifying method of palm terminal transmission screen,
To pass to subscriber computer be to be realized by isp server to authentication result in virtual secure authentication request in the described step 1 and the described step 6.
9, pass through the safety certifying method that the palm terminal is transmitted screen according to claim 7 or 8 described using virtual technologies, it is characterized in that,
Described secure authenticated information comprises user cipher name, user name, card number.
10, according to the safety certifying method of each described using virtual technology among the claim 7-9, it is characterized in that by palm terminal transmission screen,
Described palm terminal comprises mobile phone, personal digital assistant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100454786A CN101378386B (en) | 2007-08-31 | 2007-08-31 | Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100454786A CN101378386B (en) | 2007-08-31 | 2007-08-31 | Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101378386A true CN101378386A (en) | 2009-03-04 |
| CN101378386B CN101378386B (en) | 2012-11-07 |
Family
ID=40421729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100454786A Expired - Fee Related CN101378386B (en) | 2007-08-31 | 2007-08-31 | Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101378386B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202289A (en) * | 2011-04-13 | 2011-09-28 | 张�林 | Method and system for remote calling software and hardware resources through mobile terminal |
| CN102487380A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Desktop virtual terminal entrusting method and system |
| CN103927648A (en) * | 2013-01-15 | 2014-07-16 | 深圳市朗科科技股份有限公司 | Method, device and system for achieving remote payment services |
| CN110782240A (en) * | 2019-10-12 | 2020-02-11 | 上海陆家嘴国际金融资产交易市场股份有限公司 | Service data processing method and device, computer equipment and storage medium |
-
2007
- 2007-08-31 CN CN2007100454786A patent/CN101378386B/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102487380A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Desktop virtual terminal entrusting method and system |
| CN102202289A (en) * | 2011-04-13 | 2011-09-28 | 张�林 | Method and system for remote calling software and hardware resources through mobile terminal |
| CN102202289B (en) * | 2011-04-13 | 2013-12-25 | 张�林 | Method and system for remote calling software and hardware resources through mobile terminal |
| CN103927648A (en) * | 2013-01-15 | 2014-07-16 | 深圳市朗科科技股份有限公司 | Method, device and system for achieving remote payment services |
| CN110782240A (en) * | 2019-10-12 | 2020-02-11 | 上海陆家嘴国际金融资产交易市场股份有限公司 | Service data processing method and device, computer equipment and storage medium |
| CN110782240B (en) * | 2019-10-12 | 2022-09-09 | 未鲲(上海)科技服务有限公司 | Business data processing method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101378386B (en) | 2012-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| US7840813B2 (en) | Method and system with authentication, revocable anonymity and non-repudiation | |
| US6523067B2 (en) | System and method for using internet based caller ID for controlling access to an object stored in a computer | |
| CN101263468B (en) | Creating secure interactive connections with remote resources | |
| CN100485699C (en) | Method for obtaining and verifying credentials | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| US7406594B2 (en) | Method and apparatus for certification and authentication of users and computers over networks | |
| US6715073B1 (en) | Secure server using public key registration and methods of operation | |
| CN108834144B (en) | Method and system for managing association of operator number and account | |
| CN103229452A (en) | Mobile handset identification and communication authentication | |
| CN105791272A (en) | Method and device for secure communication in Internet of Things | |
| CN1937498A (en) | Dynamic cipher authentication method, system and device | |
| CN101616136A (en) | A kind of method and service integration platform system that Internet service is provided | |
| CN102195932A (en) | Method and system for realizing network identity authentication based on two pieces of isolation equipment | |
| CN100365974C (en) | Device and method for controlling computer access | |
| CN108989290A (en) | A kind of control method and control device for realizing server network access limitation in outer net | |
| RU2007138849A (en) | NETWORK COMMERCIAL TRANSACTIONS | |
| CN101540757A (en) | Method and system for identifying network and identification equipment | |
| CN103546290B (en) | Third Party Authentication system or method with user group | |
| CN112383401B (en) | User name generation method and system for providing identity authentication service | |
| JP2001186122A (en) | Authentication system and authentication method | |
| CN103368831B (en) | A kind of anonymous instant communicating system identified based on frequent visitor | |
| CN101378386B (en) | Safety authentication method and apparatus for transferring screen by a palm terminal using virtual technology | |
| TWI357752B (en) | Network user id verification system and method | |
| CN103379119A (en) | Network multi-authentication system or network multi-authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121107 Termination date: 20200831 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |