CN101051904B - Method for landing by account number cipher for protecting network application sequence - Google Patents
Method for landing by account number cipher for protecting network application sequence Download PDFInfo
- Publication number
- CN101051904B CN101051904B CN200710049117A CN200710049117A CN101051904B CN 101051904 B CN101051904 B CN 101051904B CN 200710049117 A CN200710049117 A CN 200710049117A CN 200710049117 A CN200710049117 A CN 200710049117A CN 101051904 B CN101051904 B CN 101051904B
- Authority
- CN
- China
- Prior art keywords
- client
- server end
- account
- private key
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000002427 irreversible effect Effects 0.000 claims description 8
- 230000002452 interceptive effect Effects 0.000 claims description 4
- 230000008676 import Effects 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 241000700605 Viruses Species 0.000 abstract description 2
- 238000013478 data encryption standard Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 230000003612 virological effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Through client end to input cipher, then the method carries out log on through authentication at server end. Characters are that universal keyboard drive program is setup at client end, encrypted private key and module for encrypting private key are preset inside the keyboard drive program; at same time, being identical to those setup at client end, the encrypted private key and module for encrypting private key are also setup at server end. The invention can prevent wooden horse virus process possessing function of recording keyboard and running at application layer on operation system from stealing account cipher input by user effectively as well as prevent network monitor tool (NMT) from intercepting log on data packet containing information of user account cipher etc, and prevent NMT implements chicaning log on through software method.
Description
Technical field
The present invention relates to internet, applications Information Security process field, the method that particularly a kind of protecting network application program uses account number cipher to land.
Background technology
Flourish along with the internet information industry, more and more general based on the application of the Internet, as online game, instant chat software, the Internet bank etc., and account number cipher is the authentication means that present most of web application adopts; In order to seek unlawful interests, the situation that the lawless person utilizes means such as viral wooden horse to steal other people account number cipher takes place again and again; In addition; the lawless person can also utilize network monitor instrument intercept network program login data and implement the swindle of server is logined with software approach; therefore the effectively account number cipher fail safe of protecting network application program is an important topic of development internet, applications.
Prevent keyboard writing function theft account number cipher, conventional method typically uses soft keyboard, promptly change into corresponding keyboard input information by the click graphics field, the main drawback that this method exists is viral and wooden horse can be at specific software, write down the soft keyboard layout that they use, by the information reverting of intercepting and capturing click information, thereby steal the account number cipher of user's login with user's input.In addition, concerning the user, use the operation of soft keyboard more loaded down with trivial details, very not directly perceived.
Implement the problem that swindle is logined for network monitor instrument intercepting login data and with software approach, use main socket layer safe in utilization at the higher Web of some security requirements, be that Security Socket Layer (abbreviation SSL) guarantees the fail safe of communication, as be applied to the HTTPS (HTTP+SSL) of website service.SSL is to use the secure network communications protocol of PKI and private key techniques combination, it is very high to the server hardware performance requirement of Web system to dispose SSL, initialization SSL session is handled complicated Handshake Protocol with the state information process need that is connected between the server and client side, increase extra network burden, the user also has the tangible stand-by period in use.In addition; number of patent application provides a kind of method of utilizing disposable random number to carry out authenticating user identification for 03148856.0 Chinese invention patent application; treat verify data (number of the account, password or both combinations) and the raw information of random number composition is encrypted with the MD5 message digest algorithm; sending to server end then verifies; and the method only can be protected the transmission of account number cipher data, can not prevent the steal-number behavior of virus and wooden horse.
Summary of the invention
The present invention is for the method that provides a kind of protecting network application program to use account number cipher to login is provided; can prevent effectively that processes such as trojan horse from stealing the account number cipher of user input; perhaps the network monitor instrument is intercepted and captured login data and is carried out server swindle login, the fail safe that has improved network application information greatly.
Technical scheme of the present invention is as follows:
The method that a kind of protecting network application program uses account number cipher to login, import by the client password, checking is logined through server end then, it is characterized in that: client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use.
Described concrete use step is as follows:
A, user end to server end are initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server end returns, activate keyboard drive, accept user's account number cipher input;
C, default encryption key and the encrypted private key module of described keyboard driver are encrypted the encrypted message after client obtains encrypting to the account number cipher of step party B-subscriber input;
D, client are respectively to user account information, user cipher after the encryption adds that the data splitting of the random number information that obtains from step B carries out irreversible informative abstract and encrypts, and then the summary info of the summary info of number of the account and password+random number data splitting is packaged into login data and sends to the server end requests verification;
E, after server end receives the login data of client, parse the summary info of number of the account summary info and encryption back password+random number data splitting respectively, the number of the account summary info that obtains by parsing retrieves number of the account summary info that server end deposits and the encrypted message behind the encrypted private key, the Crypted password that retrieval is come out and the data splitting of server end random number are carried out the informative abstract encryption the same with client then, compare generating after the encryption that informative abstract and client send the summary info of password+random number data splitting, can judge the correctness of account number cipher.
Among the described step C, client activates the encryption function of keyboard driver by the interactive interface DeviceIoControl of device driver, keyboard driver receives the keypad code of input at the driving bottom of operating system, by encryption key and encrypted private key module the input keyboard sign indicating number is encrypted, keypad code after encrypting is put into the operating system application layer, and client obtains is that the user inputs information after the encryption of password.The algorithm employing data encryption standard of encrypted private key module (Data Encryptoin Standard, DES).
Among the described step D client to data splitting carry out informative abstract encrypt to adopt irreversible Secure Hash Algorithm (Safe Hash Algorithm, SHA).The data splitting of the random number of the user cipher that client was encrypted user account number and keyboard driver respectively+receive from server is carried out informative abstract and is encrypted, the informative abstract data encapsulation of SHA (Account) and SHA (Password+RandomWord) is become login data, send to server end and verify.
Beneficial effect of the present invention is as follows:
The present invention can effectively prevent to operate in the trojan horse process with keyboard writing function of operating system application layer and steal the account number cipher of user's input, can prevent that also the network monitor instrument from intercepting and capturing the login data that contains information such as user account password and implementing the swindle login with software approach.
Description of drawings
Fig. 1 is a flow chart of the present invention
Embodiment
Embodiment 1
The method that a kind of protecting network application program uses account number cipher to login, import by the client password, checking is logined through server end then, and client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use.
Described concrete use step is as follows:
A, user end to server end are initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server end returns, activate keyboard drive, accept user's account number cipher input;
C, default encryption key and the encrypted private key module of described keyboard driver are encrypted the encrypted message after client obtains encrypting to the account number cipher of step party B-subscriber input;
D, client are respectively to user account information, user cipher after the encryption adds that the data splitting of the random number information that obtains from step B carries out irreversible informative abstract and encrypts, and then the summary info of the summary info of number of the account and password+random number data splitting is packaged into login data and sends to the server end requests verification;
E, after server end receives the login data of client, parse the summary info of number of the account summary info and encryption back password+random number data splitting respectively, the number of the account summary info that obtains by parsing retrieves number of the account summary info that server end deposits and the encrypted message behind the encrypted private key, the Crypted password that retrieval is come out and the data splitting of server end random number are carried out the informative abstract encryption the same with client then, compare generating after the encryption that informative abstract and client send the summary info of password+random number data splitting, can judge the correctness of account number cipher.
Embodiment 2
The method that a kind of protecting network application program uses account number cipher to login; client activates the encryption function of keyboard driver by the interactive interface DeviceIoControl of device driver; keyboard driver receives the account number cipher of input at the driving bottom of operating system; by encryption key and encrypted private key module the input account number cipher is encrypted; account number cipher after encrypting is put into the operating system application layer, and client obtains is that the user inputs information after the encryption of password.The algorithm employing data encryption standard of encrypted private key module (DataEncryptoin Standard, DES).
Embodiment 3
The method that a kind of protecting network application program uses account number cipher to login, client to data splitting carry out informative abstract encrypt adopt irreversible Secure Hash Algorithm (Safe Hash Algorithm, SHA).The data splitting of the random number of the user cipher that client was encrypted user account and keyboard driver respectively+receive from server end is carried out informative abstract and is encrypted, the informative abstract data encapsulation of SHA (Account) and SHA (Password+RandomWord) is become login data, send to server end and verify.
Embodiment 4
The method that a kind of protecting network application program uses account number cipher to login, the client (as network game client, chat tool client etc.) that network application software at first is installed on the subscriber's local computer.This client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use.
Described concrete use step is as follows:
A, user start the client-side program of network application software, and the client-side program initialization procedure loads described keyboard driver; After loading was finished, the user end to server end was initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server returns, enter the interface of user account password input;
C, when the user prepares to input password, the interactive interface DeviceIoControl of client by device driver activates the encryption function of keyboard drive.Keyboard driver receives the account number cipher of user's input at the driving bottom of computer operating system, according to described default encrypting module and key user among the step B being imported account number cipher encrypts, render to the operating system application layer encrypting the back account number cipher, the encrypted message of the user's input after the account number cipher inputting interface of client can obtain to encrypt;
D, client are respectively to user account number, the data splitting of the random number of the encrypted message that keyboard driver was encrypted+receive from server end, carry out irreversible Secure Hash Algorithm (SHA) and carry out the eap-message digest encryption, the eap-message digest data of SHA (Account) and SHA (Password+RandomWord) are packaged into network packet together, send to server end and carry out login authentication;
After E, server end receive the login data of client, parse the SHA summary info of number of the account and password; Because message digest algorithm is irreversible, so what server end was deposited is not original account number cipher, but the user account that SHA encrypts and the user cipher of encrypted private key, the account information of utilizing client to send can retrieve server end and leave number of the account and password in database or the file in.Equally, the password that retrieval is come out and the data splitting of random number carry out the SHA informative abstract, and the cryptographic summary information that summary info and client are sent is just compared, and can verify the accuracy of account number cipher, by after accept user login, otherwise refusal login.
Claims (3)
1. a protecting network application program is used the method that account number cipher is logined, import by the client password, checking is logined through server end then, it is characterized in that: client is provided with the universal keyboard driver, is preset with encryption key and encrypted private key module in the described keyboard driver; Simultaneously, server end also is provided with encryption key and encrypting module, and consistent with the private key and the encrypted private key module of client use; The algorithm of described encrypted private key module adopts DES Cipher;
The concrete step of using is as follows:
A, user end to server end are initiated connection request, and server end generates random number after receiving connection request, and server end keeps the record of the random number that generates, and described random number is sent to client by the network connection;
After the random number that B, client receive and the record server end returns, activate keyboard drive, accept user's account number cipher input;
C, default encryption key and the encrypted private key module of described keyboard driver are encrypted the encrypted message after client obtains encrypting to the account number cipher of step party B-subscriber input;
D, client are respectively to user account information, user cipher after the encryption adds that the data splitting of the random number information that obtains from step B carries out irreversible informative abstract and encrypts, and then the summary info of the summary info of number of the account and password+random number data splitting is packaged into login data and sends to the server end requests verification;
E, after server end receives the login data of client, parse the summary info of number of the account summary info and encryption back password+random number data splitting respectively, the number of the account summary info that obtains by parsing retrieves number of the account summary info that server end deposits and the encrypted message behind the encrypted private key, the Crypted password that retrieval is come out and the data splitting of server end random number are carried out the informative abstract encryption the same with client then, compare generating after the encryption that informative abstract and client send the summary info of password+random number data splitting, can judge the correctness of account number cipher.
2. the method for using account number cipher to login according to the described a kind of protecting network application program of claim 1; it is characterized in that: among the described step C; client activates the encryption function of keyboard driver by the interactive interface DeviceIoControl of device driver; keyboard driver receives the keypad code of input at the driving bottom of operating system; by encryption key and encrypted private key module the input keyboard sign indicating number is encrypted; keypad code after encrypting is put into the operating system application layer, and client obtains is that the user inputs information after the encryption of password.
3. the method for using account number cipher to login according to the described a kind of protecting network application program of claim 1 is characterized in that: client is carried out informative abstract to data splitting and is encrypted and adopt irreversible Secure Hash Algorithm among the described step D.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710049117A CN101051904B (en) | 2007-05-17 | 2007-05-17 | Method for landing by account number cipher for protecting network application sequence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710049117A CN101051904B (en) | 2007-05-17 | 2007-05-17 | Method for landing by account number cipher for protecting network application sequence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101051904A CN101051904A (en) | 2007-10-10 |
| CN101051904B true CN101051904B (en) | 2010-05-19 |
Family
ID=38783119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710049117A Active CN101051904B (en) | 2007-05-17 | 2007-05-17 | Method for landing by account number cipher for protecting network application sequence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101051904B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478407B (en) * | 2008-01-03 | 2011-05-25 | 联想(北京)有限公司 | Method and apparatus for on-line safe login |
| CN102387069B (en) * | 2011-10-08 | 2014-05-07 | 华为技术有限公司 | Method and system for connecting clients with server and clients as well as server |
| CN102780812B (en) * | 2011-11-30 | 2014-02-19 | 北京数字认证股份有限公司 | Method and system for achieving safe input by using mobile terminal |
| CN103581121B (en) * | 2012-07-25 | 2019-04-16 | 深圳中兴网信科技有限公司 | A kind of login authentication method and system of web application |
| CN103780379B (en) * | 2012-10-19 | 2017-09-19 | 阿里巴巴集团控股有限公司 | Cipher encrypting method and system and cryptographic check method and system |
| WO2015081560A1 (en) * | 2013-12-06 | 2015-06-11 | 北京新媒传信科技有限公司 | Instant messaging client recognition method and recognition system |
| CN103731258B (en) * | 2013-12-20 | 2017-07-28 | 三星电子(中国)研发中心 | Generate the method and apparatus of key |
| CN103825910B (en) * | 2014-03-19 | 2018-04-10 | 北京极科极客科技有限公司 | The method and apparatus for obtaining network access authentication information |
| CN103929743B (en) * | 2014-04-28 | 2018-08-28 | 深圳市杰瑞特科技有限公司 | A kind of encryption method to mobile intelligent terminal transmission data |
| CN104243484B (en) * | 2014-09-25 | 2016-04-13 | 小米科技有限责任公司 | Information interacting method and device, electronic equipment |
| CN106302369A (en) | 2015-06-11 | 2017-01-04 | 杭州海康威视数字技术股份有限公司 | Long-range Activiation method, device and the remote activation system of a kind of network monitoring device |
| CN105160214A (en) * | 2015-06-19 | 2015-12-16 | 收付宝科技有限公司 | Multi-password electronic signature account protection system and multi-password electronic signature account protection method |
| CN105069351A (en) * | 2015-07-23 | 2015-11-18 | 浪潮电子信息产业股份有限公司 | Apparatus and method for preventing stealing of login information of application program |
| CN107317791B (en) * | 2016-12-15 | 2018-07-31 | 平安科技(深圳)有限公司 | Login validation method, logging request method and Security Login System |
| CN107231346A (en) * | 2017-05-03 | 2017-10-03 | 北京海顿中科技术有限公司 | A kind of method of cloud platform identification |
| CN110968878B (en) * | 2018-09-28 | 2024-04-05 | 京东科技控股股份有限公司 | Information transmission method, system, electronic equipment and readable medium |
| CN110674493B (en) * | 2019-09-29 | 2021-05-14 | 重庆市筑智建信息技术有限公司 | BIM system login verification method and system |
| CN111787005B (en) * | 2020-06-30 | 2023-02-17 | 中国工商银行股份有限公司 | Dynamic encrypted secure login method and device |
| CN114344915A (en) * | 2021-12-29 | 2022-04-15 | 深圳方舟互动科技有限公司 | Online game interaction method based on AI intelligent recognition |
| CN115296825A (en) * | 2022-10-09 | 2022-11-04 | 安徽华云安科技有限公司 | Authentication method based on random number, first terminal, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1502185A (en) * | 2000-05-01 | 2004-06-02 | �Ҵ���˾ | Improving DES hardware throughput for short operations |
| CN1567294A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | User certification method |
| CN1702998A (en) * | 2005-06-09 | 2005-11-30 | 石国伟 | A method for inputting private data in network application |
-
2007
- 2007-05-17 CN CN200710049117A patent/CN101051904B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1502185A (en) * | 2000-05-01 | 2004-06-02 | �Ҵ���˾ | Improving DES hardware throughput for short operations |
| CN1567294A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | User certification method |
| CN1702998A (en) * | 2005-06-09 | 2005-11-30 | 石国伟 | A method for inputting private data in network application |
Non-Patent Citations (1)
| Title |
|---|
| 同上. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101051904A (en) | 2007-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101051904B (en) | Method for landing by account number cipher for protecting network application sequence | |
| WO2020237868A1 (en) | Data transmission method, electronic device, server and storage medium | |
| US12088721B2 (en) | Dongle for ciphering data | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| US8904195B1 (en) | Methods and systems for secure communications between client applications and secure elements in mobile devices | |
| JP2016063533A (en) | Network authentication method for electronic transactions | |
| CN111770088A (en) | Data authentication method, device, electronic equipment and computer readable storage medium | |
| CN109951295B (en) | Key processing and using method, device, equipment and medium | |
| CN105162764A (en) | Dual authentication method, system and device for SSH safe login | |
| KR20060045440A (en) | Password protection Methods and systems for recovering this secret data over a communications network without exposing secret data | |
| CN112564887A (en) | Key protection processing method, device, equipment and storage medium | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN113872992B (en) | Method for realizing remote Web access strong security authentication in BMC system | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN114697113B (en) | Multiparty privacy calculation method, device and system based on hardware accelerator card | |
| WO2008053279A1 (en) | Logging on a user device to a server | |
| CN112865965A (en) | Train service data processing method and system based on quantum key | |
| CN112487380A (en) | Data interaction method, device, equipment and medium | |
| CN109740319B (en) | Digital identity verification method and server | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN116032556A (en) | Key negotiation method and device for applet application | |
| CN110912857B (en) | Method and storage medium for sharing login between mobile applications | |
| CN112073185B (en) | Cloud game safety transmission method and device | |
| CN114844644A (en) | Resource request method, device, electronic equipment and storage medium | |
| CN104994498A (en) | Method and system for interaction between terminal application and mobile phone card application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |