CN101772022B - Method, device and system for controlling access to network terminal - Google Patents
Method, device and system for controlling access to network terminal Download PDFInfo
- Publication number
- CN101772022B CN101772022B CN200810189805.XA CN200810189805A CN101772022B CN 101772022 B CN101772022 B CN 101772022B CN 200810189805 A CN200810189805 A CN 200810189805A CN 101772022 B CN101772022 B CN 101772022B
- Authority
- CN
- China
- Prior art keywords
- authentication
- wireless terminal
- terminal
- network
- described wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a method for controlling the access to a network terminal. The method comprises the following steps: a wireless terminal receives a wireless terminal side and authenticates the wireless terminal side; the wireless terminal carries out the CA authentication by using a self-saving private key and a public key certificate corresponding to the wireless terminal on an authentication CA server after the authentication of the wireless terminal is passed; and the access to the network terminal is authorized after the CA authentication is passed. The embodiment of the invention also provides a device and a system for controlling the access to the network terminal. By using the embodiment of the invention, the security level for controlling the access to the network terminal can be improved, thereby ensuring that the access to the network terminal of a user is safer and more reliable.
Description
Technical field
The present invention relates to the network information security technology field, be specifically related to a kind of method, Apparatus and system of the access control network terminal.
Background technology
Computer security relates to very many fields, but one of the most basic safety problem is exactly the control mode of access rights.For protection information safety, need to user's identity be authenticated, in case disabled user's login system.
The authentication of areas of information technology is by binding an evidence and entity identities to realize.Come experimental evidence by corresponding mechanism, whether consistent with the identity that evidence is declared to determine this user.Form of authentication by authentication divides, and has at present: password authentication, USB Key authentication, biological characteristic authentication etc.
Password authentication is the most general mode, utilizes account and password as the authentication instrument, and login enters computer system.Because account and password easily are stolen or crack, so fail safe is not high.
USB Key authentication mode is to utilize USB Key as the authentication instrument, and built-in personal digital certificate in the equipment with USB interface is used for doing authentication.
Biological characteristic authentication is to utilize biological characteristic, and as the authentication instrument, login enters computer system.Particularly, by close combinations of high-tech means such as computer and optics, acoustics, biology sensor and biostatistics principles, utilize the intrinsic physiological property of human body, carry out the evaluation of personal identification such as fingerprint, face, red film etc.The advantage of biological characteristic authentication mode is significantly, but its shortcoming is to realize that cost is high and accuracy of identification is relatively low, the situation of identification error easily occurs.
Because USB Key has safe and reliablely, be easy to carry, advantage easy to use, with low cost, be considered to become the main development direction of authentication.Along with increasing and complexity that certificate verification (CA, Certification Authority) is used, the USB KEY of larger capacity can more can meet the demands.From market prospects, that follows that certificate uses deepens continuously and the reduction of unit cost, supports the high-end USB KEY of RSA Algorithm will more meet the trend of development.
Provide in the prior art with the scheme of USB Key as the login Key of PC, for the certificate verification of USBKey embedded digital, carry out authentication in conjunction with network C A in the time of login.
But USB Key adopts software and hardware to encrypt the mode that combines, the checkings such as login of starting shooting.Affirmation trust mode for identity is relatively low.
For the certificate verification of USB Key embedded digital, carry out authentication in conjunction with network C A in the time of login.Can't have access to spider lines or carry notebook and go out to handle official business and to have access in the situation of spider lines as PC so, be inconvenient to carry out network authentication.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method, Apparatus and system of the access control network terminal, can carry out wireless access and carry out authentication and authentication, has improved the level of security of network terminal access control.
The embodiment of the invention provides a kind of method of the access control network terminal, comprising:
Wireless terminal is accepted wireless network side to its authentication;
After the authentication of described wireless terminal was passed through, described wireless terminal used the private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication;
After described ca authentication is passed through, authorize the access to the described network terminal; Described wireless terminal and the network terminal interconnect, and the described network terminal comprises PC or portable terminal.
The embodiment of the invention provides a kind of system of the access control network terminal, comprises interconnective wireless terminal and the network terminal, wherein,
Described wireless terminal is used for accepting wireless network side to its authentication; After the authentication of described wireless terminal is passed through, use the private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; And after described ca authentication is passed through, authorize the access to the described network terminal; The described network terminal comprises PC or portable terminal.
The embodiment of the invention also provides a kind of wireless terminal, and the network terminal interconnects, and described wireless terminal comprises:
Authentication module is used for accepting wireless network side to the authentication of described wireless terminal;
Judge module is used for judging whether the authentication of described wireless terminal is passed through;
Authentication module is used for when described judge module judges that the authentication of described wireless terminal is passed through, and uses the private key of described wireless terminal preservation and the public key certificate of the corresponding described wireless terminal on the authentication CA server to carry out ca authentication;
Described judge module also is used for judging whether described ca authentication is passed through;
Authorization module is used for authorizing the access to the described network terminal when described judge module judges that described ca authentication is passed through; The described network terminal comprises PC or portable terminal.
In sum, in the technical scheme that the embodiment of the invention provides, thereby employing is carried out authentication to wireless terminal and is utilized wireless network access CA server to carry out ca authentication, but only operate by rear ability logging in network terminal in authentication and authentication, improved like this authentication reliability of network terminal access control, so that the user is safer to the accessing operation of the network terminal.Compare with the mode of utilizing USB key to authenticate login in the prior art, improved the level of security of logging in network terminal, and user's operation is more flexible.
Description of drawings
Fig. 1 is the system architecture schematic diagram of the access control network terminal in the embodiment of the invention;
The method flow diagram of the access control network terminal that provides in the embodiment of the invention one is provided Fig. 2;
The method flow diagram of the access control network terminal that provides in the embodiment of the invention two is provided Fig. 3;
The method flow diagram of the access control network terminal that provides in the embodiment of the invention three is provided Fig. 4;
Fig. 5 consists of schematic diagram for a kind of wireless terminal that the embodiment of the invention provides.
Embodiment
Along with public key architecture (PKI, Public Key Infrastructure) technology reaches its maturity, bring into use public key certificate to carry out authentication in many application.Public key certificate is to be that sign and issue at certificate verification CA center (server) by the just third-party institution of authority, the encryption technology take public key certificate as core, and the authenticity of verifying entity identity, thus guarantee safety.
The embodiment of the invention is utilized wireless network to carry out authentication and is obtained the public key certificate of wireless terminal by wireless network access CA server, thereby wireless terminal is authenticated, but operate by rear ability logging in network terminal in authentication and authentication, improved like this level of security of network terminal access control, so that the user is more safe and reliable to the accessing operation of the network terminal.
Embodiment one
In the embodiment of the invention, the system group network pattern of the method for the enforcement embodiment of the invention as shown in Figure 1, this system comprises: wireless terminal (such as Wireless USB-Modem), the network terminal (as, PC or portable terminal) and certificate verification CA server.
Wireless terminal and the network terminal interconnect, and wherein wireless terminal is used for accepting wireless network side to its authentication; After the authentication of described wireless terminal was passed through, wireless terminal used the private key of self preserving and authenticates public key certificate corresponding on the CA server and carries out ca authentication; And after described ca authentication is passed through, authorize the access to the described network terminal.
Comprise SIM/UIM card or flash memory Flash in the described wireless terminal, described SIM/UIM card or flash memory Flash can be used for preserving described private key.
Comprise special-purpose application programming interface api interface in the described wireless terminal, be used for controlling the access of the described private key that described wireless terminal is preserved.
Spread its tail at the sign-on access network terminal, network terminal screen locking, the network terminal moment such as curtain guarantor, computer obtains the connection status of wireless terminal and PC by interrupting or inquiry mode, utilizes this opportunity, by wireless network, carries out authentication.
With reference to Fig. 2, the method for a kind of access control network terminal that the embodiment of the invention provides utilizes wireless terminal to realize the authentication of PC login or access.
S201, wireless network is to the wireless terminal authentication;
Particularly, wireless terminal sends the request of access of radio network, accepts wireless network side is identified SIM card to the user of this wireless terminal authentication; Pass through when this SIM card authentication, described wireless terminal accesses described wireless network.
S202, after the authentication of described wireless terminal was passed through, described wireless terminal used the private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication;
In order to obtain the public key certificate of described wireless terminal, need to apply for public key certificate before, particularly, the process of application public key certificate, wireless terminal by cryptographic algorithm (as, RSA) produce key to (PKI-private key), private key is kept at the secure storage section of wireless terminal, and sends PKI and part personally identifiable information to authentication center (CA server).Authentication center will carry out some necessary steps after examining identity, really sent by the user to be sure of request, then, authentication center will issue public key certificate of user, comprise user's personal information and his public key information in this certificate, also have simultaneously the signing messages of authentication center.The various encrypting and authenticatings that the user just can use the public key certificate of oneself to be correlated with.
Described wireless terminal obtains the public key certificate of described wireless terminal from described CA server, be specially:
After described wireless terminal is activated, to described CA server application public key certificate;
Described wireless terminal is kept at the public key certificate that receives in the wireless terminal, for subsequent authentication after receiving the public key certificate that the CA server sends.
Particularly, the public key certificate after encrypting with the private key of described wireless terminal with by eating dishes without rice or wine deposits in SIM/UIM card or the flash memory Flash.
For the purpose of safe and reliable, special-purpose application programming interface api interface can be set, described api interface is used for controlling private key and public key certificate that described wireless terminal is preserved and conducts interviews.
In the time of the CA authentication, the network terminal authenticates the private key in the wireless terminal, by wireless network access CA server, utilizes public key certificate on the CA server and the private key of wireless terminal that wireless terminal is authenticated.If the private key of the PKI in the public key certificate and wireless terminal coupling is then by authentication.This mode is also referred to as on-line authentication.
Although private key and " public key certificate (PKI) " have been kept in the wireless terminal, PC can directly access by relevant interfaces such as USB, but also need to whether expired at the line justification public key certificate, whether effective etc., so all be to go to access by wireless network that the CA server determines one's identity, authority when authenticating, guarantee is safe and reliable so at every turn.
S203 after ca authentication is passed through, authorizes the access to the described network terminal.
In the technical scheme that the embodiment of the invention provides, wireless terminal user is when activating this terminal equipment, be connected to the CA server by wireless network, to CA server application public key certificate, after the user receives public key certificate, be saved in SIM card/UIM card (or be saved in the terminal flash appointed area, certificate is preserved and decided on the form of wireless terminal, can guarantee that private key is not stolen in the certificate by special purpose interface) by the terminal-specific interface.Wireless terminal device is connected with the PC main frame, reports the USB mouth automatically to be connected to wireless network and CA server interaction to the PC main frame and by default parameters after powering on, and need to carry out the SIM card authentication during connecting wireless network, if authentication is passed through then the wireless network successful connection.PC utilizes the public key certificate information that the CA server provides in the wireless network, and this user is carried out authentication, if the verification passes, then authorizes login PC main frame.
Hence one can see that, the embodiment of the invention is utilized the wireless network authentication and is obtained the public key certificate of wireless terminal by wireless network from the CA server, wireless terminal is carried out double authentication, improved the reliability of authentication, realized the safety operation management to the network terminal.
Embodiment two
As shown in Figure 3, the method for a kind of access control network terminal that the embodiment of the invention provides is used for the authentication that the start of realization PC or other network terminals is logined, and comprises the steps:
Step S301 is connected to PC with wireless terminal, and passes through network access by wireless terminal;
Wireless terminal device starts, and wireless terminal passes through the default parameters access of radio network, and reports USB port to arrive PC;
Step S302, wireless network carries out authentication to wireless terminal;
Wireless terminal is connected with the PC main frame, need to carry out user's identification (SIM, Subscriber Identity Model) card authentication during connecting wireless network, if authentication is passed through, then wireless network successful connection, by wireless network access CA server, and with the CA server interaction.
Wireless terminal is connected the mode that usually adopts modal USB connecting line with PC.Can certainly the time PCMCIA or Express interface, interaction protocol then can adopt usb protocol.
If by authentication, then proceed subsequent step S303, otherwise, the prompting failed authentication, and forward step S306 to;
Step S303 obtains the public key certificate that wireless terminal is carried out ca authentication;
Particularly, when wireless terminal activated, wireless terminal was pressed flow process to CA server application public key certificate, and this public key certificate is built in wireless terminal, can take to deposit in the SIM/UIM card or deposit in the Flash, but consider the safety of storage, need special API to conduct interviews;
Perhaps, the PC main frame is connected to the CA server by wireless network, to obtain public key certificate;
Particularly, the PC main frame also is connected to wireless network and CA server interaction automatically by default parameters, can obtain like this for the public key certificate that described wireless terminal is carried out ca authentication.
Wherein start shooting in the operating process such as the sign-on access network terminal, network terminal screen locking, network terminal solution screen lock, the PC authentication need to be revised interface for the Logon.dll module of Windows system and realize, and for linux system (MAC OS is similar), this module adopts logon.lib, the forms such as logon.so, in booting script/etc/rc.d/rc x.d/, utilize booting script to call operation, the login authentication of starting shooting.
Step S304, PC utilize the public key certificate information that the CA server provides in the wireless network, and this wireless terminal user is carried out authentication;
If by the authentication to this wireless terminal, then carry out follow-up step S105, otherwise prompting ca authentication failure, and forward step S106 to;
Step S305 enters licensing mode, can login/access the PC operation;
Step S306 enters unauthorized mode of operation, forbids logining this PC, such as screen locking.
Hence one can see that, and the embodiment of the invention is utilized the wireless network authentication and wireless terminal is carried out double authentication, improved the reliability of authentication, carries out effective authentication during start logging in network terminal, realizes the safety operation management to the network terminal.
Embodiment three
In addition, the method for a kind of access control network terminal that the embodiment of the invention provides also comprises after the disconnection of wireless terminal, forbids the step of logging in network terminal, and is specific as follows:
When the physical connection of user's disconnection of wireless terminal and PC, the PC authentication need to detect this wireless terminal and not exist for the Logon.dll module of Windows system, then the direct lock-screen of PC main frame.
As shown in Figure 4, the method for a kind of access control network terminal that the embodiment of the invention provides comprises that also the PC main frame is in lock state of screen, separates the step of screen protection flow process, and is specific as follows:
Step S401, wireless terminal device starts, and wireless terminal reports USB port to arrive PC and connects online by default parameters;
Step S402, wireless network carries out authentication to wireless terminal;
Wireless terminal device is connected with the PC main frame, reports the USB mouth to the PC main frame after powering on, and automatically is connected to wireless network and CA server interaction by default parameters, need to carry out the SIM card authentication during connecting wireless network, if authentication is passed through then wireless network successful connection.
Wireless terminal is connected the mode that can adopt modal USB connecting line with PC.Can certainly the time PCMCIA or Express interface, interaction protocol then can adopt usb protocol.
If by authentication, then proceed subsequent step S403, otherwise, the prompting failed authentication, and forward step S406 to;
Step S403 obtains the public key certificate that wireless terminal is carried out ca authentication;
Particularly, when wireless terminal activates, press flow process to CA server application public key certificate, public key certificate is built in wireless terminal, its built-in mode can be taked to deposit in the SIM/UIM card or deposit in the Flash, but consider the safety of storage, need special application programming interface (API, Application Programming Interface) to conduct interviews;
Perhaps, the PC main frame is connected to the CA server by wireless network, to obtain public key certificate;
Particularly, the PC main frame also is connected to wireless network and CA server interaction automatically by default parameters, can obtain like this for the public key certificate that described wireless terminal is carried out ca authentication.
Step S404, PC utilize the public key certificate information that the CA server provides in the wireless network, and this wireless terminal user is carried out authentication;
If by the authentication to this wireless terminal, then carry out follow-up step S405, otherwise prompting ca authentication failure, and forward step S406 to;
Step S405 enters licensing mode, can login PC and operate;
Step S406 enters unauthorized mode of operation, as, PC is in screen locking.
In order to have prevented that the people from illegally usurping wireless terminal login PC main frame, can be wireless terminal exploitation vertical application DLL (dynamic link library) api interface, control is to the access of public key certificate, the built-in public key certificate of every access wireless terminal, all need to input Personal Identification Number (PIN, Personal Identification Number) code.
Hence one can see that, and the present invention utilizes the wireless network authentication and wireless terminal is authenticated, and improved the reliability of authentication, effectively controls in the operational network terminal procedures, realizes the safety operation management to the network terminal.
Embodiment four
The embodiment of the invention also provides a kind of system of the access control network terminal, and with reference to Fig. 1, this system comprises: wireless terminal, the network terminal (as, PC main frame or other network-termination devices) and digital authenticating CA server.
Digital authenticating CA server is used for providing the public key certificate that described wireless terminal is authenticated;
Wireless terminal and the network terminal interconnect, and wireless terminal is used to the PC main frame that the communication connection link of access network is provided; Be used for accepting wireless network side to its authentication; After the authentication of described wireless terminal is passed through, use the private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; And after described ca authentication is passed through, authorize the access to the described network terminal.
Comprise SIM/UIM card or flash memory Flash in the described wireless terminal, described SIM/UIM card or flash memory Flash are used for preserving described public key certificate and described private key.
Comprise special-purpose application programming interface api interface in the described wireless terminal, be used for described private key that control preserves described wireless terminal and the access of public key certificate.
Wireless terminal is connected to the CA server by wireless network, provide public key certificate to the application of CA server, after wireless terminal receives public key certificate, be saved in the SIM card of wireless terminal/UIM card by the wireless terminal special purpose interface and (or be saved in the terminal flash appointed area, certificate is preserved and is decided on the form of wireless terminal, and key is to guarantee that private key is not stolen in the certificate by special purpose interface).
Wireless terminal device adopts wired mode to be connected with the PC main frame, after powering on, wireless terminal report the USB mouth automatically to be connected to wireless network and CA server interaction to the PC main frame and by default parameters, need to carry out the SIM card authentication during connecting wireless network, if authentication is passed through then the wireless network successful connection.Afterwards, PC utilizes the public key certificate information that the CA server provides in the wireless network, and this user is carried out authentication, if the verification passes, then authorizes login PC main frame.
Be provided with SIM/UIM card or flash memory Flash in the described wireless terminal, described public key certificate is kept in SIM/UIM card or the flash memory Flash.
Be provided with special-purpose application programming interface api interface in the described wireless terminal, be used for controlling the access of the public key certificate that described wireless terminal is preserved.
In the system that the embodiment of the invention provides, utilize the wireless network authentication and wireless terminal is carried out double authentication, improve the reliability of authentication, in network terminal start login or operating process, can effectively control, realized the safety operation management to the network terminal.
Embodiment five
With reference to Fig. 5, a kind of wireless terminal 500 that the embodiment of the invention provides comprises:
Particularly, wireless terminal sends the request of access of radio network, and this authentication module is accepted wireless network side is identified SIM card to the user of this wireless terminal authentication;
Pass through when this SIM card authentication, described wireless terminal accesses described wireless network.
Described judge module 520 also is used for judging whether described ca authentication is passed through;
In the time of each CA authentication, the network terminal authenticates the private key in the wireless terminal, by wireless network access CA server, utilizes public key certificate on the CA server and the private key of wireless terminal that wireless terminal is authenticated.If the PKI in the described public key certificate and the private key of wireless terminal coupling, then described judge module 520 definite ca authentications are passed through.
Wherein, described acquisition module 530 comprises application module 531, receiver module 532 and preserves module 533.
Described application module 531 is used for when described wireless terminal activates, to described CA server application public key certificate;
Particularly, the described application module 531 described PKIs of transmission and wireless terminal identity information are to the ca authentication server, with the application public key certificate.
Described receiver module 532 is used for receiving the public key certificate that described CA server sends;
Described preservation module 533 is used for after receiving the public key certificate that the CA server sends the public key certificate that receives being kept in the wireless terminal.
For the purpose of safe and reliable, special-purpose application programming interface api interface is set in wireless terminal, this api interface is used for controlling the access of the public key certificate that described wireless terminal is preserved.
Preferably, the described public key certificate after described preservation module 533 will be encrypted by eating dishes without rice or wine deposits in SIM/UIM card or the flash memory Flash.
Before carrying out ca authentication, described acquisition module 530 obtains the public key certificate of corresponding described wireless terminal from the CA server by wireless network.
Described wireless terminal also comprises:
Described preservation module 533 is kept at the private key that produces in the described wireless terminal;
For safety, must by the described wireless terminal of application programming interface API Access of described special use, just can obtain described private key.
In sum, the embodiment of the invention is connected wireless terminal with the network terminal, thereby by wireless terminal being carried out authentication and utilizing wireless network access CA server to carry out ca authentication, but operate by rear ability logging in network terminal in authentication and authentication, improved like this authentication reliability of network terminal access control, so that the user is safer to the accessing operation of the network terminal.Compare with USB key authentication login of the prior art, improved the level of security of logging in network terminal, and user's operation is more flexible.When the embodiment of the invention had overcome employing CA server authentication public key certificate, USBKey can't be used for the shortcoming of mobile authentication.Can be so that the portable terminal in PC that can't the access cable network or mobile the use operates safer convenience according to the embodiment of the invention.
Obviously, it will be appreciated by those skilled in the art that, each module of the above-mentioned embodiment of the invention or each step can realize with general calculation element, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and be carried out by calculation element, perhaps they are made into respectively each integrated circuit modules, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the embodiment of the invention is not restricted to any specific hardware and software combination.
The above is embodiments of the invention only, is not for limiting protection scope of the present invention.All any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (10)
1. the method for an access control network terminal is characterized in that, comprising:
Wireless terminal is accepted wireless network side to its authentication;
After the authentication of described wireless terminal was passed through, described wireless terminal used the private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication;
After described ca authentication is passed through, authorize the access to the described network terminal;
Described wireless terminal and the network terminal interconnect, and the described network terminal comprises PC or portable terminal;
The public key certificate of described wireless terminal is downloaded acquisition from described CA server by described wireless terminal before carrying out ca authentication.
2. the method for claim 1 is characterized in that, described wireless terminal is accepted wireless network side to its authentication, comprising:
Wireless terminal is accepted wireless network side is identified SIM card to the user of this wireless terminal authentication after sending the request of access of radio network; Pass through when this SIM card authentication, described wireless terminal accesses described wireless network.
3. the method for claim 1 is characterized in that, the private key of described wireless terminal is kept in SIM/UIM card or the flash memory Flash.
4. method as claimed in claim 3 is characterized in that, further comprises:
Special-purpose application programming interface api interface is set, and described api interface is used for the private key access that control is preserved described wireless terminal.
5. the system of an access control network terminal is characterized in that, comprises interconnective wireless terminal and the network terminal, wherein,
Described wireless terminal is used for accepting wireless network side to its authentication; After the authentication of described wireless terminal is passed through, use the private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; And after described ca authentication is passed through, authorize the access to the described network terminal;
The described network terminal comprises PC or portable terminal;
The public key certificate of described wireless terminal is downloaded acquisition from described CA server by described wireless terminal before carrying out ca authentication.
6. system as claimed in claim 5 is characterized in that, comprises SIM/UIM card or flash memory Flash in the described wireless terminal, and described SIM/UIM card or flash memory Flash are used for preserving described private key.
7. system as claimed in claim 5 is characterized in that, comprises special-purpose application programming interface api interface in the described wireless terminal, is used for controlling the access of the described private key that described wireless terminal is preserved.
8. a wireless terminal is characterized in that, and the network terminal interconnects, and described wireless terminal comprises:
Authentication module is used for accepting wireless network side to the authentication of described wireless terminal;
Judge module is used for judging whether the authentication of described wireless terminal is passed through;
Authentication module is used for when described judge module judges that the authentication of described wireless terminal is passed through, and uses the private key of described wireless terminal preservation and the public key certificate of the corresponding described wireless terminal on the authentication CA server to carry out ca authentication;
Described judge module also is used for judging whether described ca authentication is passed through;
Authorization module is used for authorizing the access to the described network terminal when described judge module judges that described ca authentication is passed through;
The described network terminal comprises PC or portable terminal;
Acquisition module is used for obtaining the public key certificate of the corresponding described wireless terminal on the described CA server before carrying out ca authentication.
9. wireless terminal as claimed in claim 8 is characterized in that,
Described authentication module is further used for accepting wireless network side to the SIM card authentication of described wireless terminal.
10. wireless terminal as claimed in claim 8 is characterized in that, also comprises:
The key generation module is used for producing public, private key pair by cryptographic algorithm;
Preserve module, be used for preserving described private key;
Special-purpose application programming interface API is used for control to the access of described private key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189805.XA CN101772022B (en) | 2008-12-31 | 2008-12-31 | Method, device and system for controlling access to network terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189805.XA CN101772022B (en) | 2008-12-31 | 2008-12-31 | Method, device and system for controlling access to network terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101772022A CN101772022A (en) | 2010-07-07 |
| CN101772022B true CN101772022B (en) | 2013-04-24 |
Family
ID=42504541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810189805.XA Active CN101772022B (en) | 2008-12-31 | 2008-12-31 | Method, device and system for controlling access to network terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101772022B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123147B (en) * | 2011-03-01 | 2014-12-31 | 中兴通讯股份有限公司 | Method and system for differential authorization of network device |
| CN103944721A (en) * | 2014-04-14 | 2014-07-23 | 天津艾宝卓越科技有限公司 | Method and device for protecting terminal data security on basis of web |
| CN108449759B (en) * | 2018-03-28 | 2021-05-04 | 湖南东方华龙信息科技有限公司 | Wireless access method and wireless access authentication method |
| DE102018219570A1 (en) * | 2018-11-15 | 2020-05-20 | Audi Ag | Authenticate a user of a software application |
| CN110662172A (en) * | 2019-08-16 | 2020-01-07 | 深圳市豪位科技有限公司 | Indoor positioning navigation system with networked wireless beacon and cloud platform |
| CN113691519B (en) * | 2021-08-18 | 2023-09-01 | 绿能慧充数字技术有限公司 | Off-network equipment centralized control method for unified management of access rights of cloud service |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838141A (en) * | 2006-02-05 | 2006-09-27 | 刘亚威 | Technology for improving security of accessing computer application system by mobile phone |
| CN2914498Y (en) * | 2006-01-27 | 2007-06-20 | 北京飞天诚信科技有限公司 | Information security device based on universal serial bus human-computer interaction type device |
| CN101136915A (en) * | 2007-10-16 | 2008-03-05 | 中兴通讯股份有限公司 | Method and system for implementing multi-service united safety authentication |
-
2008
- 2008-12-31 CN CN200810189805.XA patent/CN101772022B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2914498Y (en) * | 2006-01-27 | 2007-06-20 | 北京飞天诚信科技有限公司 | Information security device based on universal serial bus human-computer interaction type device |
| CN1838141A (en) * | 2006-02-05 | 2006-09-27 | 刘亚威 | Technology for improving security of accessing computer application system by mobile phone |
| CN101136915A (en) * | 2007-10-16 | 2008-03-05 | 中兴通讯股份有限公司 | Method and system for implementing multi-service united safety authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101772022A (en) | 2010-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| US9386014B2 (en) | Soft token system | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| US9294279B2 (en) | User authentication system | |
| US8769289B1 (en) | Authentication of a user accessing a protected resource using multi-channel protocol | |
| KR101198120B1 (en) | Iris information based 3-factor user authentication method for otp generation and secure two way authentication system of wireless communication device authentication using otp | |
| US9264426B2 (en) | System and method for authentication via a proximate device | |
| US8386795B2 (en) | Information security device of Universal Serial Bus Human Interface Device class and data transmission method for same | |
| KR100876003B1 (en) | User Authentication Method Using Biological Information | |
| US20070223685A1 (en) | Secure system and method of providing same | |
| US20080134314A1 (en) | Automated security privilege setting for remote system users | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| KR20140130188A (en) | Controlling access | |
| CN101772022B (en) | Method, device and system for controlling access to network terminal | |
| CN101005361A (en) | Server and software protection method and system | |
| CN109063438A (en) | A kind of data access method, device, local data secure access equipment and terminal | |
| US20070180507A1 (en) | Information security device of universal serial bus human interface device class and data transmission method for same | |
| WO2010128451A2 (en) | Methods of robust multi-factor authentication and authorization and systems thereof | |
| CN101908964A (en) | Method for authenticating remote virtual cryptographic equipment | |
| CN115935318B (en) | Information processing method, device, server, client and storage medium | |
| US20080060060A1 (en) | Automated Security privilege setting for remote system users | |
| CN115987636B (en) | Information security implementation method, device and storage medium | |
| KR101804845B1 (en) | OTP authentication methods and system | |
| CN115103356A (en) | Computer security verification system, method, mobile terminal and readable storage medium | |
| CN115987598A (en) | WebAuthn protocol-based national cryptographic algorithm identity authentication system, method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee after: Huawei terminal (Shenzhen) Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: HUAWEI DEVICE Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181226 Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province Patentee after: HUAWEI DEVICE Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: Huawei terminal (Shenzhen) Co.,Ltd. |
|
| TR01 | Transfer of patent right |