CN111831998A - Identity verification method for BS application service binding hardware code in offline state - Google Patents
Identity verification method for BS application service binding hardware code in offline state Download PDFInfo
- Publication number
- CN111831998A CN111831998A CN202010736826.XA CN202010736826A CN111831998A CN 111831998 A CN111831998 A CN 111831998A CN 202010736826 A CN202010736826 A CN 202010736826A CN 111831998 A CN111831998 A CN 111831998A
- Authority
- CN
- China
- Prior art keywords
- encryption lock
- information
- user
- application
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of identity information verification, and discloses an identity verification method for binding a BS application service with a hardware code in an off-line state.A server deployed by a B/S application is used for web application in a non-Internet environment and comprises a webpage and a database, wherein the database comprises a user name, a password and other relational database information; the Web front end is used for accessing a user to a Web application; the local service is installed at the user side and used for data interaction; and the encryption lock is used for writing 8k bytes of information, and writing the user name, the password and the firmware information into the encryption lock in a fixed format in advance. The invention makes up the defect that the software encryption lock does not provide the web api by installing the developed service locally, the developed local service is the core of the whole invention thought, and the service runs on the user computer and plays a role in interacting with the server and the hardware information of the user computer.
Description
Technical Field
The invention belongs to the technical field of identity information verification, and particularly relates to an identity verification method for a BS application service binding hardware code in an offline state.
Background
At present, in the prior art, authentication of an application system by using a user name and a password is the most common and loose authentication method, and is used in various application systems developed based on a B/S architecture. The user logs in the web page through the user name and the password, the user name and the password are uploaded to the server by the web front end and are compared with the user name and the password in the database, and the user can successfully log in the system after the comparison is passed.
In the prior art, two pairs of authentication modes adopt an encryption lock, i.e., a usk key, as authentication of an application system, for example, an internet bank U shield, which is a hardware device with a USB interface. A single chip microcomputer or an intelligent card chip is arranged in the USB Key, a certain storage space is provided, a private Key and a digital certificate of a user can be stored, and the authentication of the user identity is realized by utilizing a public Key algorithm arranged in the USB Key. The user private key is stored in the encryption lock, so that the safety of user authentication is ensured.
In the third pair of authentication methods in the prior art, a system authorization file or a digital certificate is used for authentication of an application system, for example, a digital certificate, and the digital authorization certificate is used for authentication of a user identity.
In summary, the problems of the prior art are as follows: (1) in the prior art, a user can log in at any terminal by using the same user name and password, and can not realize specific application requirements and restrict a specific computer or other terminals from logging in a system under a specific environment. Even if the hardware codes (MAC addresses, CPU IDs and the like) of computers or other terminal hardware are recorded into a background database in advance, the binding between the user name and login hardware cannot be realized because the web front end does not have the authority of reading the system hardware address.
(2) In the prior art, part of the application apps at the PC end are developed by adopting a C/S architecture design, and a program of an application system needs to be separately installed at a user terminal, and meanwhile, the application apps are required to be connected with the internet, such as professional versions of apps at a business recruitment bank. The major disadvantage of this mode is that the normal operation of apps needs to depend on the user's computer, NET environment, and in addition, when the apps are updated, new apps need to be upgraded and reinstalled at each computer terminal.
(3) Part of the web-side apps are developed by adopting a B/S structure, and the USB key information on a computer cannot be directly read due to the limited read-write permission of the browser, so that the web-version online banking application needs to be developed by an ActiveX based on the browser. However, since the system requirement developed by activeX is that the IE kernel browser can run, the running of part of app requires the type of browser, and can only be run in IE, 360 and other IE kernel-based browsers, and ***, roaming and other browsers which are also mainstream cannot use the application. Such as a public version app for a tenderer bank. The mode needs the application developed by the B/S structure to be connected with the Internet for identity verification, and the application cannot be used in an offline local area network.
The difficulty of solving the technical problems is as follows: (1) the solution needs to have a wide applicability. The browser and the encryption lock of the PC terminal are not uniform, and the types and brands are various. The first difficulty is that the authentication solution should be applicable to most mainstream browsers, so that the solution cannot be developed in the way of an ActiveX plug-in running at the front end of a webpage; secondly, the usbkey encryption lock on the market only provides a control type interface, while the common usbkey encryption lock often does not provide webapi due to small market demand, and the provided development api cannot realize functions of calling the encryption lock interface, reading encryption lock information and the like on web application.
(2) The web application system based on the B/S architecture has natural advantages in program updating and deployment compared with the application program based on the C/S architecture, and only the installation, the distribution and the program updating upgrading of the system are completed on the deployed server without repeated installation, updating and the like on each PC terminal using the system. In a web application system based on a B/S (browser/Server) architecture, an intermediate bridge for realizing interaction between local information of a user and a server is a web page, but the web page cannot read information such as hardware of a computer due to the safety policy limit of a computer operating system.
The significance of solving the technical problems is as follows: according to application requirements, the solution of identity authentication can be applied to an application service system deployed in a local area network, internet connection authentication is not required, the user identity, a terminal PC and an encryption lock are required to be authenticated in a combined mode, and unique binding of a user name and a password, a computer hardware code and a usb key encryption lock is achieved. The method can be used by a specific user on a specific computer, and the following conditions are verified to be invalid: the login of a user name or a password is failed by mistake; second, the computer is replaced automatically and login fails; no usb key encryption lock is failed to connect with the computer for login; and fourthly, monitoring the state of the encryption lock in the using process, and the system cannot be used continuously when the encryption lock is not connected with the computer correctly.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an identity verification method of a BS application service binding hardware code in an off-line state. Two main methods for identity verification in application system development are based on background technology. The method for authenticating the identity by using the encryption lock (usb key, U shield) can write the user information into the encryption lock, and the security of the method for binding the user information and the hardware is obviously stronger than that of a login mode only using a user name and a password. But still has its disadvantages, such as a requirement for internet connection, a limitation on the types of two pairs of browsers, a browser that can only use the IE kernel, etc.
In some application scenarios, for example, an application system of a B/S architecture running inside an enterprise lan, unique binding of user information, computer hardware information, and the like is required, and multiple mainstream browsers are compatible. The two authentication means cannot meet the requirements, so a method is urgently needed to be provided for realizing the authentication of the web application system user in the non-internet environment on the premise of low cost, good compatibility and safety.
The invention is realized in such a way that an identity verification system of BS application service binding hardware code used in off-line condition comprises:
the server for deploying the B/S application is used for deploying the web application in a non-Internet environment and comprises a webpage and a database, wherein the database comprises a user name, a password and other relational database information;
the Web front end is used for accessing a user to a Web application;
the local service is installed at the user side and used for data interaction;
and the encryption lock is used for writing 8k bytes of information, and writing the user name, the password and the firmware information into the encryption lock in a fixed format in advance.
Further, a server to which the web application belongs, particularly the web application in a non-internet environment, includes a web page, a database and the like, and the database includes other relational database information such as a user name, a password and the like, and serves as a server.
Further, the Web front end is used for displaying, interacting and displaying functional result functions of the Web application service, and the browser is used for IE, Google and roaming.
Further, the local service installed at the user side is different from the case that the plug-in runs by depending on the browser, but runs in a background program local to the user, and is used for reading information in the encryption lock, reading a local CPU ID and the like, and the main function is used for interacting with the web.
Further, any encryption lock produced in the market uses software provided by an encryption lock manufacturer, writes the firmware information with an MAC address or a CPU ID into the encryption lock for subsequent verification. The system adopts a dual verification mode of client intra-lock signature and server verification signature, adopts a market universal brand USB key as user identity verification of an online coordinate conversion system, uses different random data for USB key signature each time, prevents external monitoring data from simulating equipment, and realizes verification by a server end through a net api, thereby increasing cracking difficulty.
Another object of the present invention is to provide an identity verification method of the identity verification system for BS application service binding hardware code used in an offline situation, including:
reading the user name and password information written in advance in the encryption lock, comparing the user name and password with the server database through web front-end interaction, and passing the user name and password after the user name and password are successfully compared;
reading firmware information written in advance in the encryption lock, comparing the firmware information with firmware information of a local computer through web front-end interaction, and passing the comparison result after the comparison is successful;
during the full-cycle use of the web front end, the heartbeat monitoring of the online state of the encryption lock is carried out during the use.
Specifically, the method comprises the following steps:
1) taking the unique machine code CPU ID of a local computer as firmware information, and calling an operating system library to provide a function GETCPED () to obtain the CPU ID, wherein the following case machine code is that the CPU ID is formed by a 16-bit 16-system number, namely 'BFEBFBFF 000306C 3'; as shown in fig. 6.
2) A user name and a password registered by a user in an application system are used as login information, and the user name 'Admin' and the password 'Admin' are taken as examples in the following cases;
3) the invention edits the predefined information according to the format of 'UserName, PassWord, CPU ID', writes the predefined information into the encryption lock through the SDK provided by the encryption lock manufacturer or a matched locking tool, and the writing is as follows; after the encryption lock is written, the admin is only used by the user on a computer with a CPU ID of BFEBFBFF000306C3 in the following case; as shown in fig. 7.
4) Developing a local service running at a user side for interaction of information data between a web front end and terminal hardware, on one hand, the local service is called by an encryption lock manufacturer to interact with an encryption lock inserted in a computer, on the other hand, predefined information stored in a readable area of the encryption lock is read, and information such as a system user name, a password, a CPU ID and the like is analyzed; on the other hand, the CPU ID of the local computer is obtained through GETCPED (); as shown in fig. 8.
And (3) developing an application system, interacting the web front end with a service plug-in running in a local computer, and performing multiple comparison verification so as to realize identity verification: firstly, detecting whether the local computer is correctly connected with the encryption lock, if not, prompting that the system fails to detect the encryption lock, and if so, carrying out next verification; secondly, comparing the user name and the password acquired in the encryption lock with the database of the server, if the user name and the password are not correct, prompting that the user name or the password are incorrect, and if the user name and the password are not correct, carrying out next verification; thirdly, comparing the CPU ID obtained in the encryption lock with the CPU ID of the local computer, if the CPU ID is unsuccessful, prompting that the correct encryption lock is used, and if the CPU ID is successful, logging in the system correctly;
5) the web front end of the application system performs heartbeat monitoring during the use period of a user, monitors the online state of the encryption lock every 10 seconds, gives an alarm prompt and temporarily disables system services if the encryption lock is pulled out, and automatically quits if the encryption lock is pulled out for a certain time.
In the whole period of application system use, there are safe and reliable protection mechanisms for user's effectiveness, system data security and system availability.
Another object of the present invention is to provide an information data processing terminal implementing the identity verification method of BS application service binding hardware code used in the offline case.
Another object of the present invention is to provide a computer-readable storage medium, comprising a computer program, which when run on a computer, causes the computer to execute the method for verifying the identity of BS application service binding hardware code used in an offline situation.
In summary, the advantages and positive effects of the invention are: the invention makes up the defect that the software encryption lock does not provide the web api by installing the developed service locally, the developed local service is the core of the whole invention thought, and the service runs on the user computer and plays a role in interacting with the server and the hardware information of the user computer. The software encryption lock is also an important component in the whole solution, and stores information such as computer hardware information and user names. And the login authentication of the online coordinate transformation system is realized by adopting the unique binding mode of 'encryption lock + machine code + user name' for authentication.
Drawings
Fig. 1 is a schematic diagram of an identity verification system for BS application service binding hardware code used in an offline situation according to an embodiment of the present invention.
In the figure: 1. a server for B/S application deployment; 2. a Web front end; 3. an encryption lock; 4. a local service.
Fig. 2 is a first diagram illustrating an example demonstration effect provided by the embodiment of the invention.
Fig. 3 is a second diagram of an example demonstration effect provided by the embodiment of the invention.
Fig. 4 is a cross-sectional view illustrating that the user monitors the online status of the dongle during use, and if the dongle is removed, the system provides an alarm prompt and temporarily disables system services, and if the dongle is removed for a certain time, the system automatically exits.
Fig. 5 is a diagram illustrating an effect of monitoring an online state of a dongle during a user using period, wherein if the dongle is removed, an alarm is given by the system, service of the system is temporarily disabled, and if the dongle is removed for a certain time, the system automatically exits.
Fig. 6 is an interface diagram for acquiring a CPU ID for a subsequent verification step by calling a service running locally through a web according to the embodiment of the present invention.
FIG. 7 is a diagram of the effect of admin only for the user on a computer with a CPU ID of BFEBFBFF000306C3 according to the embodiment of the present invention.
Fig. 8 is a schematic diagram of obtaining the CPU ID of the local computer through GETCPUID (), according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the prior art, a user can log in at any terminal by using the same user name and password, and a specific computer can not log in a system under a specific environment. Even if the hardware code of the terminal hardware computer, such as the MAC address, is recorded into the background database in advance, the binding between the user name and the login hardware cannot be realized because the web front end does not have the authority of reading the system hardware address. In the prior art, part of the internet banking apps at the PC end are developed by adopting a C/S structure, and a program of an application system needs to be separately installed on a user terminal, and the apps are required to be connected with the internet.
Part of the online banking apps of the web side are developed by adopting a B/S structure, and the USB key information on a computer cannot be directly read due to the limited read-write permission of the browser, so that the web-version online banking apps need to be developed by an ActiveX based on the browser. However, since the system requirement developed by activeX is that the IE kernel browser can run, the running of part of app requires the type of browser, and can only be run in IE, 360 and other IE kernel-based browsers, and ***, roaming and other browsers which are also mainstream cannot use the application. Applications developed with the B/S architecture also require internet connectivity. The prior art method can only realize the binding of the usb key and personal information such as a user name and the like, and cannot meet the requirement of binding the usb key and terminal hardware in certain situations, for example, the usb key can only be used by a specific user on a specific computer.
In view of the problems in the prior art, the present invention provides an identity verification method for a BS application service binding hardware code in an offline state, and the present invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the identity verification system for BS application service binding hardware code used in offline condition according to the embodiment of the present invention includes:
Web front end 2: is the main way for users to access the web application ears, and is not limited by browsers, IE, ***, roaming, etc.
The encryption lock 3: the encryption lock can be any software encryption lock on the market, and 8k bytes of information can be written in the encryption lock. The user name, the password and the firmware information are written into the encryption lock in advance in a fixed format. Firmware information that may be used for binding is a MAC address or a CPU ID.
Local service4 installed on the user side: and the core function needs to be installed as a local service in advance for data interaction. The main functions are as follows: reading information such as a user name, a password and the like written in advance in the encryption lock, comparing the user name and the password with the server database through web front-end interaction, and passing the result after the user name and the password are successfully compared; II, secondly: reading firmware information written in advance in the encryption lock, comparing the firmware information with firmware information of a local computer through web front-end interaction, and passing the comparison result after the comparison is successful; thirdly, the method comprises the following steps: in the whole period use process of the web front end, the heartbeat monitoring is carried out on the online state of the encryption lock during the use period, and a safe and reliable protection mechanism is ensured in the whole use process of the system.
The identity verification method of the BS application service binding hardware code used in the offline condition provided by the embodiment of the invention comprises the following steps:
and reading the user name and password information written in advance in the encryption lock, comparing the user name and password with the server database through web front-end interaction, and passing the user name and password after the user name and password are successfully compared.
And reading the firmware information written in advance in the encryption lock, comparing the firmware information with the firmware information of the local computer through web front end interaction, and passing the comparison result after the comparison is successful.
During the full-cycle use of the web front end, the heartbeat monitoring of the online state of the encryption lock is carried out during the use.
The invention is further described below with reference to specific application examples.
The method is already applied to a coordinate conversion system on the intranet of the Wuhan city surveying and mapping research institute, and the identity verification of the web application system in the LAN is realized with lower cost through the unique binding mode of the user name, the encryption lock and the computer hardware code. The user can access the web application system identity control on a fixed computer using a specially burned dongle.
1) And example demonstration.
The safety verification module mainly comprises encryption lock identity verification and encryption lock online state monitoring. When a user logs in, the system service reads user data in the encryption lock and verifies a machine code (Mac address and CPU code) account password, and when the user logs in, the encryption lock is not on line or verification information is not passed, so that the user cannot log in the system. As shown in fig. 2.
Secondly, the encryption lock is on line and becomes blue, and the authentication information of the encryption lock is logged in the system through 'one-key login'. As shown in fig. 3.
And thirdly, monitoring the online state of the encryption lock during the use period of the user, if the encryption lock is pulled out, giving an alarm prompt by the system, temporarily disabling system service, and if the pulling-out exceeds a certain time, automatically quitting the system. As in fig. 4, as in fig. 5.
And fourthly, developing an interface, calling the service running in the local through the web, and acquiring the CPU ID for the subsequent verification step. As shown in fig. 6.
2) Third party assessment report of application example
Intercepting an evaluation report (report number 201800U1050287-00TR) inner page related to the safety management related module, writing the report into a 2.11FA safety management related module, and inevitably bringing hidden danger of information safety due to the openness of a network, so that various effective measures must be taken to strengthen a safety support system and ensure the safety and reliability of resources such as data, programs and the like. The system authorizes through the form that the dongle or information is bound with the computer hardware, and the application range of the system is controlled.
In the invention, the unique machine code CPU ID of the local computer is used as firmware information, and the CPU ID is obtained by calling an operating system library to provide a function GETCPEUID (), wherein the following case machine code is used as the CPU ID and consists of 16-bit 16-system digits to form 'BFEBFBFF 000306C 3'; as shown in fig. 6.
The user name and the password registered by the user in the application system are used as login information, and the user name "Admin" and the password "Admin" are taken as examples in the following cases.
The invention edits the predefined information according to the format of 'UserName, PassWord, CPU ID', writes the predefined information into the encryption lock through the SDK provided by the encryption lock manufacturer or a matched locking tool, and the writing is as follows; after the encryption lock is written, the admin is only used by the user on a computer with a CPU ID of BFEBFBFF000306C3 in the following case; as shown in fig. 7.
Developing a local service running at a user side for interaction of information data between a web front end and terminal hardware, on one hand, the local service is called by an encryption lock manufacturer to interact with an encryption lock inserted in a computer, on the other hand, predefined information stored in a readable area of the encryption lock is read, and information such as a system user name, a password, a CPU ID and the like is analyzed; on the other hand, the CPU ID of the local computer is obtained through GETCPED (); as shown in fig. 8.
And (3) developing an application system, interacting the web front end with a service plug-in running in a local computer, and performing multiple comparison verification so as to realize identity verification: firstly, detecting whether the local computer is correctly connected with the encryption lock, if not, prompting that the system fails to detect the encryption lock, and if so, carrying out next verification; secondly, comparing the user name and the password acquired in the encryption lock with the database of the server, if the user name and the password are not correct, prompting that the user name or the password are incorrect, and if the user name and the password are not correct, carrying out next verification; thirdly, comparing the CPU ID obtained in the encryption lock with the CPU ID of the local computer, if the CPU ID is unsuccessful, prompting that the correct encryption lock is used, and if the CPU ID is successful, logging in the system correctly;
the web front end of the application system performs heartbeat monitoring during the use period of a user, monitors the online state of the encryption lock every 10 seconds, gives an alarm prompt and temporarily disables system services if the encryption lock is pulled out, and automatically quits if the encryption lock is pulled out for a certain time.
In the whole period of application system use, there are safe and reliable protection mechanisms for user's effectiveness, system data security and system availability.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus a necessary hardware platform, and may also be implemented by hardware entirely. With this understanding in mind, all or part of the technical solutions of the present invention that contribute to the background can be embodied in the form of a software product, which can be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes instructions for causing a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments or some parts of the embodiments of the present invention.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (6)
1. An authentication system of BS application service binding hardware code for offline use, comprising:
the server deployed by the B/S application is used for web application in a non-Internet environment and comprises a webpage and a database, wherein the database comprises a user name, a password and other relational database information;
the Web front end is used for accessing a user to a Web application;
installing a local service running at a user side for data interaction;
and the encryption lock is used for writing 8k bytes of information, and writing the user name, the password and the firmware information into the encryption lock in a fixed format in advance.
2. The system for authenticating BS application service binding hardware code for offline use of claim 1, wherein the browser available to the Web front end includes IE, ***, roaming.
3. The system for authenticating BS application service binding hardware code for use in an offline situation of claim 1, wherein the dongle further has firmware information for binding with MAC address or CPU ID.
4. The system for authenticating BS application service binding hardware code used in the offline case according to claim 1, wherein the method for authenticating BS application service binding hardware code used in the offline case comprises:
reading the user name and password information written in advance in the encryption lock, interacting through a web front end, uploading to a server, comparing the user name and password with a database of the server, and passing after the comparison is successful;
reading firmware information written in advance in the encryption lock, comparing the firmware information with firmware information of a local computer through web front-end interaction, and passing the comparison result after the comparison is successful;
and in the whole period use process of the web front end, carrying out heartbeat monitoring on the online state of the encryption lock during the use period, and checking whether the encryption lock is correctly connected with the computer equipment or not in the use process of the web application.
5. An information data processing terminal implementing the identity verification method of the BS application service binding hardware code for use in the offline case as claimed in any one of claim 4.
6. A computer-readable storage medium comprising a computer program which, when run on a computer, causes the computer to perform the method of identity verification of BS application service binding hardware code for use in an offline situation of claim 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010736826.XA CN111831998A (en) | 2020-07-28 | 2020-07-28 | Identity verification method for BS application service binding hardware code in offline state |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010736826.XA CN111831998A (en) | 2020-07-28 | 2020-07-28 | Identity verification method for BS application service binding hardware code in offline state |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111831998A true CN111831998A (en) | 2020-10-27 |
Family
ID=72925718
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010736826.XA Pending CN111831998A (en) | 2020-07-28 | 2020-07-28 | Identity verification method for BS application service binding hardware code in offline state |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111831998A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115085942A (en) * | 2022-07-28 | 2022-09-20 | 四川省数字证书认证管理中心有限公司 | Digital signature method and system based on distributed UKey service |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102005030305A1 (en) * | 2005-06-23 | 2007-01-04 | Deutsche Telekom Ag | Service e.g. online banking, authentification method for computer, involves reading digital identification data, verifying if permissible link of identification data exists with identification, and supplying data if link exists |
| CN101018132A (en) * | 2007-03-02 | 2007-08-15 | 北京东方育鼎科技有限公司 | A control method of the PC network and its device |
| US20070187266A1 (en) * | 2006-02-15 | 2007-08-16 | Porter Gilbert D | Method, apparatus, and system for tracking unique items |
| CN101174295A (en) * | 2008-01-16 | 2008-05-07 | 北京飞天诚信科技有限公司 | Off-line DRM authentication method and system |
| CN101562607A (en) * | 2009-05-25 | 2009-10-21 | 姚清野 | Authentication method of Real-name Registration based on U disc |
| CN102427459A (en) * | 2011-12-23 | 2012-04-25 | 杭州数盾信息技术有限公司 | Offline authorization method based on Usbkeys |
| CN102486819A (en) * | 2010-12-01 | 2012-06-06 | 中铁信息工程集团有限公司 | Reinforcing system |
| CN103413083A (en) * | 2013-08-15 | 2013-11-27 | 水利部水利信息中心 | Security defending system for single host |
| CN103427989A (en) * | 2012-05-16 | 2013-12-04 | 王志良 | Data encryption and identity authentication method oriented in environment of internet of things |
| CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
| CN103995991A (en) * | 2014-05-07 | 2014-08-20 | 华中师范大学 | Method for binding hardware information and secret keys in software copyright protection |
| CN104618384A (en) * | 2015-02-13 | 2015-05-13 | 成都中科合迅科技有限公司 | Single authentication method based on AD (Access Device) server |
| CN105656902A (en) * | 2016-01-15 | 2016-06-08 | 深圳市利谱信息技术有限公司 | One-way reliable transmission and control system based on light transmission |
| CN107241345A (en) * | 2017-06-30 | 2017-10-10 | 西安电子科技大学 | Cloud computing resources management method based on UKey |
| CN109391615A (en) * | 2018-09-27 | 2019-02-26 | 深圳互联先锋科技有限公司 | A kind of server exempts from close login method and system |
| CN111131906A (en) * | 2020-01-13 | 2020-05-08 | 贵服通网络科技有限责任公司 | Service system for realizing trusted security authentication on intelligent set top box based on CLA technology |
-
2020
- 2020-07-28 CN CN202010736826.XA patent/CN111831998A/en active Pending
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102005030305A1 (en) * | 2005-06-23 | 2007-01-04 | Deutsche Telekom Ag | Service e.g. online banking, authentification method for computer, involves reading digital identification data, verifying if permissible link of identification data exists with identification, and supplying data if link exists |
| US20070187266A1 (en) * | 2006-02-15 | 2007-08-16 | Porter Gilbert D | Method, apparatus, and system for tracking unique items |
| CN101018132A (en) * | 2007-03-02 | 2007-08-15 | 北京东方育鼎科技有限公司 | A control method of the PC network and its device |
| CN101174295A (en) * | 2008-01-16 | 2008-05-07 | 北京飞天诚信科技有限公司 | Off-line DRM authentication method and system |
| CN101562607A (en) * | 2009-05-25 | 2009-10-21 | 姚清野 | Authentication method of Real-name Registration based on U disc |
| CN102486819A (en) * | 2010-12-01 | 2012-06-06 | 中铁信息工程集团有限公司 | Reinforcing system |
| CN102427459A (en) * | 2011-12-23 | 2012-04-25 | 杭州数盾信息技术有限公司 | Offline authorization method based on Usbkeys |
| CN103427989A (en) * | 2012-05-16 | 2013-12-04 | 王志良 | Data encryption and identity authentication method oriented in environment of internet of things |
| CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
| CN103413083A (en) * | 2013-08-15 | 2013-11-27 | 水利部水利信息中心 | Security defending system for single host |
| CN103995991A (en) * | 2014-05-07 | 2014-08-20 | 华中师范大学 | Method for binding hardware information and secret keys in software copyright protection |
| CN104618384A (en) * | 2015-02-13 | 2015-05-13 | 成都中科合迅科技有限公司 | Single authentication method based on AD (Access Device) server |
| CN105656902A (en) * | 2016-01-15 | 2016-06-08 | 深圳市利谱信息技术有限公司 | One-way reliable transmission and control system based on light transmission |
| CN107241345A (en) * | 2017-06-30 | 2017-10-10 | 西安电子科技大学 | Cloud computing resources management method based on UKey |
| CN109391615A (en) * | 2018-09-27 | 2019-02-26 | 深圳互联先锋科技有限公司 | A kind of server exempts from close login method and system |
| CN111131906A (en) * | 2020-01-13 | 2020-05-08 | 贵服通网络科技有限责任公司 | Service system for realizing trusted security authentication on intelligent set top box based on CLA technology |
Non-Patent Citations (2)
| Title |
|---|
| 刘文印;吴鸿文;李昕;凡帅;张启翔;巫家宏;沈治恒;: "登录易, 一种基于可信用户代理的多方闭环网络身份认证及管理机制", 信息安全研究, no. 07 * |
| 马永强;蒋泽军;王丽芳;: "ActiveX在基于硬件识别的身份认证中的应用", 计算机工程与科学, no. 06 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115085942A (en) * | 2022-07-28 | 2022-09-20 | 四川省数字证书认证管理中心有限公司 | Digital signature method and system based on distributed UKey service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10235524B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| US9525684B1 (en) | Device-specific tokens for authentication | |
| US10078754B1 (en) | Volume cryptographic key management | |
| CN108804906B (en) | System and method for application login | |
| JP5959749B2 (en) | How to protect your operating system from malicious software attacks | |
| CN107077546B (en) | System and method for updating possession factor credentials | |
| US7827592B2 (en) | Implicit authentication to computer resources and error recovery | |
| EP2278523A2 (en) | Network access protection | |
| KR20100003234A (en) | Method and system for a platform-based trust verifying service for multi-party verification | |
| US20070250918A1 (en) | Authentication System and Security Device | |
| US11783016B2 (en) | Computing system and method for verification of access permissions | |
| CN111083132B (en) | Safe access method and system for web application with sensitive data | |
| CN110298162A (en) | Application client login method, device, computer equipment and storage medium | |
| CN114297708A (en) | Access control method, device, equipment and storage medium | |
| US20180063149A1 (en) | Enhanced Security Using Wearable Device with Authentication System | |
| CN110661797A (en) | Data protection method, terminal and computer readable storage medium | |
| CN111831998A (en) | Identity verification method for BS application service binding hardware code in offline state | |
| US8261328B2 (en) | Trusted electronic communication through shared vulnerability | |
| CN111783047A (en) | RPA (resilient packet Access) automatic safety protection method and device | |
| JP2010122776A (en) | Privilege id management system | |
| CN113162936B (en) | Method and system for preventing abnormal dynamic analysis | |
| KR20160146146A (en) | Method of integrity verification and apparatus thereof | |
| CN113794718A (en) | Security authentication method and security authentication device for multiple application systems | |
| CN106997430B (en) | Method and device for preventing linux service equipment from being copied | |
| JP4299635B2 (en) | Personal authentication method and write control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |