[go: up one dir, main page]

CN111143808B - System security authentication method and device, computing equipment and storage medium - Google Patents

System security authentication method and device, computing equipment and storage medium Download PDF

Info

Publication number
CN111143808B
CN111143808B CN201911370550.1A CN201911370550A CN111143808B CN 111143808 B CN111143808 B CN 111143808B CN 201911370550 A CN201911370550 A CN 201911370550A CN 111143808 B CN111143808 B CN 111143808B
Authority
CN
China
Prior art keywords
information
authentication
stored
characteristic information
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911370550.1A
Other languages
Chinese (zh)
Other versions
CN111143808A (en
Inventor
刘睿
穆帅
郑维
陆文婷
赵亚丽
王帅
孙杨杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Nsfocus Technologies Inc
Priority to CN201911370550.1A priority Critical patent/CN111143808B/en
Publication of CN111143808A publication Critical patent/CN111143808A/en
Application granted granted Critical
Publication of CN111143808B publication Critical patent/CN111143808B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a system security authentication method, a device, a computing device and a storage medium, which relate to the technical field of computers, wherein the system works in a local area network environment and comprises the following steps: analyzing pre-stored characteristic information of the system from an authentication file stored in the system; the characteristic information comprises user information and system information of the system; acquiring current characteristic information of the system, and matching the current characteristic information with pre-stored characteristic information; if the matching fails, determining that the system is unsafe; and if the matching is successful, determining the safety of the system. According to the method, the pre-stored characteristic information is acquired by analyzing the authentication file, the current characteristic information is compared with the pre-stored characteristic information, the safety of the system is determined, dependence on hardware equipment is reduced, and the system does not need to be safely authenticated by accessing an external network in real time.

Description

System security authentication method and device, computing equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a system security authentication method and apparatus, a computing device, and a storage medium.
Background
With the development of computer and internet technologies, software products are being used in many aspects of production and life. Meanwhile, software products also face more and more potential safety hazards, such as: and a lawbreaker maliciously attacks the operating system, so that the operating system is crashed and cannot work normally. The existence of the potential safety hazard of the software product generally brings safety risks to software developers and software users, so that the safety problem of the software product is widely concerned.
The authentication technology is an important way for guaranteeing the safety and the legality of the system, and the user using the equipment is authenticated in real time when the system safety is increased by an authentication means. The traditional authentication technology is realized by technical means such as a Universal Serial Bus key (USBKey), a password, remote authentication and the like, the USBKey has a certain dependence on hardware, the password is only user information input by a user and cannot play a role in authenticating the safety of the system, and the remote authentication needs to be connected with a cloud server in real time to access an external network for security authentication of the system, so that the security authentication of the system has limitation.
Based on this, a new system security authentication method is needed to solve the above problems.
Disclosure of Invention
The embodiment of the application provides a system security authentication method and device, a computing device and a storage medium, which are used for improving the convenience of system security authentication.
In a first aspect, an embodiment of the present application provides a system security authentication method, where the system operates in a local area network environment, and the method includes:
analyzing pre-stored characteristic information of the system from an authentication file stored in the system; the characteristic information comprises user information and system information of the system;
acquiring current characteristic information of the system, and matching the current characteristic information with the pre-stored characteristic information;
if the matching fails, determining that the system is unsafe;
and if the matching is successful, determining that the system is safe.
In one embodiment, a plurality of authentication files are stored in the system, and each authentication file is the same, and the method further includes:
regularly acquiring more than a preset number of authentication files from the system;
respectively calculating a fifth version (Message-Digest Algorithm5, MD5 value) of the corresponding Message Digest Algorithm for each acquired authentication file;
determining whether each MD5 value is the same as a pre-stored MD5 value;
if each MD5 value is the same as the pre-stored MD5 value, executing the step of analyzing the pre-stored characteristic information of the system;
and if the MD5 values are not identical to the prestored MD5 values, determining that the system is unsafe.
In one embodiment, the method further comprises:
storing the matching result;
when an expressive state transition rest request is received, obtaining the matching result;
if the matching result is that the matching fails, prohibiting the system from working and returning an error status code to prompt the user to re-import the authentication file;
and if the matching result is that the matching is successful, allowing the system to work.
In one embodiment, the method further comprises:
periodically detecting the number of the devices in the local area network and the state information of each device, and recording detection results; the state information includes: at least two of a device identifier, an Internet Protocol (IP) Address, and a Media Access Control Address (MAC Address);
comparing information with the detection result based on a pre-stored state file; the state file is information obtained by detecting the number of devices in the local area network and the state information of the devices when the system successfully imports the authentication file;
if the matched information quantity exceeds a preset threshold value, determining the working environment safety of the system;
and if the number of the information matches is lower than the preset threshold value, determining that potential safety hazards exist in the working environment of the system, and forbidding the system to work.
In one embodiment, the system information includes: system carrier information and a signature sequence code;
the user information is a user identifier obtained by decrypting an installation certificate during system installation;
the system carrier information comprises an IP address, a subnet mask, a gateway and a hardware serial number;
the characteristic sequence code is obtained by performing encryption algorithm operation on Central Processing Unit (CPU) information, mainboard information, network card information and hard disk information.
In one embodiment, the authentication file is generated by writing the characteristic information according to a preset data format, encoding the written information, and randomly inserting confusion parameters.
In one embodiment, before parsing the pre-stored characteristic information of the system from the authentication file stored in the system, the method further includes:
authenticating the authentication file to be imported into the system, and storing the MD5 value of the authenticated authentication file as the pre-stored MD5 value;
and dispersedly importing the authenticated authentication files into a storage space specified by a system.
In one embodiment, the authenticating the authentication file to be imported into the system, and storing the MD5 value of the authenticated authentication file as the pre-stored MD5 value includes:
extracting confusion parameters at a preset position of the authentication file to be imported, and decoding information to obtain characteristic information of a system compiled by a preset data format;
acquiring current characteristic information of the system, and comparing the current characteristic information with the characteristic information of the system compiled by the preset data format;
if the information is matched, the authentication of the authentication file to be imported passes, and an MD5 value is stored as the pre-stored MD5 value after the MD5 value of the file to be imported is determined;
and if at least one item of information is not matched, not importing the authentication file to be imported.
In one embodiment, the method further comprises:
when a request for changing the system carrier information is received, changing the system carrier information according to the request and regenerating an authentication file according to the changed system carrier information;
and updating the pre-stored authentication file according to the regenerated authentication file.
In one embodiment, said modifying said system bearer information in accordance with said request comprises:
determining whether the system carrier is a physical machine or a virtual machine;
if the system carrier is a physical machine, changing the system carrier information;
and if the system carrier is a virtual machine, changing the system carrier information after the dynamic password is determined to pass the verification.
In one embodiment, verifying a dynamic password comprises:
acquiring user information in current characteristic information of a system and a characteristic sequence code in the current characteristic information;
encoding the user information in the current characteristic information and the characteristic sequence code in the current characteristic information to obtain a secret key, and calculating a dynamic password code through the secret key;
generating a dynamic password according to the user information in the current characteristic information, the characteristic sequence code in the current characteristic information, the secret key and the dynamic password code;
comparing the dynamic Password with a dynamic Password generated by a Password generation control based on a dynamic Password (One Time Password, OTP) algorithm;
if the dynamic password is the same as the dynamic password, the dynamic password is determined to pass the verification;
and if not, determining that the dynamic password authentication fails.
In a second aspect, an embodiment of the present application provides a system security authentication apparatus, where the system operates in a local area network environment, and the apparatus includes:
the analysis module is used for analyzing the pre-stored characteristic information of the system from the authentication file stored in the system; the characteristic information comprises user information and system information of the system;
the matching module is used for acquiring the current characteristic information of the system and matching the current characteristic information with the pre-stored characteristic information;
the first determining module is used for determining that the system is unsafe if the matching fails;
and the second determining module is used for determining the safety of the system if the matching is successful.
In one embodiment, the system security system stores a plurality of authentication files, and each authentication file is the same, and the apparatus further includes:
the acquisition module is used for periodically acquiring authentication files with the number exceeding the preset number from the system;
respectively calculating corresponding message digest algorithm fifth version MD5 values for the acquired authentication files;
determining whether each MD5 value is the same as a pre-stored MD5 value;
if each MD5 value is the same as the pre-stored MD5 value, executing the step of analyzing the pre-stored characteristic information of the system;
and if the MD5 values are not identical to the prestored MD5 values, determining that the system is unsafe.
In one embodiment, the apparatus further comprises:
the storage module is used for storing the matching result;
when an expressive state transition rest request is received, obtaining the matching result;
if the matching result is that the matching fails, prohibiting the system from working and returning an error status code to prompt the user to re-import the authentication file;
and if the matching result is that the matching is successful, allowing the system to work.
In one embodiment, the apparatus further comprises:
the detection module is used for periodically detecting the number of the devices in the local area network and the state information of each device and recording detection results; the state information includes: at least two of the device identification, the Internet Protocol (IP) address and the local area network (MAC) address;
comparing information with the detection result based on a pre-stored state file; the state file is information obtained by detecting the number of devices in the local area network and the state information of the devices when the system successfully imports the authentication file;
if the matched information quantity exceeds a preset threshold value, determining the working environment safety of the system;
and if the number of the information matches is lower than the preset threshold value, determining that potential safety hazards exist in the working environment of the system, and forbidding the system to work.
In one embodiment, the system information includes: system carrier information and a signature sequence code;
the user information is a user identifier obtained by decrypting an installation certificate during system installation;
the system carrier information comprises an IP address, a subnet mask, a gateway and a hardware serial number;
the characteristic sequence code is obtained by computing CPU information, mainboard information, network card information and hard disk information of the central processing unit through an encryption algorithm.
In one embodiment, the authentication file is generated by writing the characteristic information according to a preset data format, encoding the written information, and randomly inserting confusion parameters.
In one embodiment, before the parsing module parses the pre-stored characteristic information of the system from the authentication file stored in the system, the parsing module further includes:
the authentication module is used for authenticating the authentication file to be imported into the system, and the MD5 value of the authentication file passing the authentication is stored as the pre-stored MD5 value;
and dispersedly importing the authenticated authentication files into a storage space designated by a system.
In one embodiment, the authentication module is specifically configured to:
extracting confusion parameters at a preset position of the authentication file to be imported, and decoding information to obtain characteristic information of a system compiled by a preset data format;
acquiring current characteristic information of the system, and comparing the current characteristic information with the characteristic information of the system compiled by the preset data format;
if the information is matched, the authentication of the authentication file to be imported passes, and an MD5 value is stored as the pre-stored MD5 value after the MD5 value of the file to be imported is determined;
and if at least one item of information is not matched, not importing the authentication file to be imported.
In one embodiment, the apparatus further comprises:
the information change module is used for changing the system carrier information according to the request and regenerating an authentication file according to the changed system carrier information when receiving the request of changing the system carrier information;
and updating the pre-stored authentication file according to the regenerated authentication file.
In one embodiment, the information becomes a module specifically configured to:
determining whether the system carrier is a physical machine or a virtual machine;
if the system carrier is a physical machine, changing the system carrier information;
and if the system carrier is a virtual machine, changing the system carrier information after the dynamic password is determined to pass the verification.
In one embodiment, the apparatus further comprises:
the dynamic password verification module is used for acquiring user information in the current characteristic information of the system and a characteristic sequence code in the current characteristic information;
coding the user information in the current characteristic information and the characteristic sequence code in the current characteristic information to obtain a secret key, and calculating a dynamic password code through the secret key;
generating a dynamic password according to the user information in the current characteristic information, the characteristic sequence code in the current characteristic information, the secret key and the dynamic password code;
comparing the dynamic password with a dynamic password generated by a password generation control based on a dynamic password OTP algorithm;
if the dynamic password is the same as the dynamic password, the dynamic password is determined to pass the verification;
and if not, determining that the dynamic password authentication fails.
In a third aspect, an embodiment of the present application further provides a computing device, including:
a memory and a processor;
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and obtaining the system security authentication method of any one of the first aspect of the program instructions.
In a fourth aspect, the present application further provides a computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are configured to cause a computer to execute any system security authentication method in the present application.
According to the system security authentication method and device, the computing device and the storage medium provided by the embodiment of the application, firstly, the system needs to analyze the pre-stored characteristic information of the system from the authentication file stored in the system, wherein the characteristic information comprises: the system acquires the current characteristic information of the system and matches the current characteristic information with the pre-stored characteristic information; if the matching fails, determining that the system is unsafe; and if the matching is successful, determining the safety of the system. According to the method, the pre-stored characteristic information is acquired by analyzing the authentication file, the current characteristic information is compared with the pre-stored characteristic information, the safety of the system is determined, dependence on hardware equipment is reduced, and the system does not need to be safely authenticated by accessing an external network in real time.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a system security authentication method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for authenticating an authentication file to be imported according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a system security authentication method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a system security authentication method according to an embodiment of the present application;
FIG. 5 is a schematic flow chart illustrating a dynamic password authentication method according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a system security authentication apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a computing device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
As described in the background art, in the related art, the USBKey is used for authenticating the system security, and the USBKey is a hardware device, and once the USBKey is damaged, the system security authentication cannot be performed; the password is adopted only by inputting user name, password and other identity information when the user uses the system, only the use authority of a login user is limited, and whether the system is safe or not cannot be determined; the remote authentication is adopted, a server which is connected with a cloud end in real time by a system is used for carrying out system authentication through accessing an external network, and under the condition that certain environments need strict secrecy (such as bank office environments, military research and development environments and the like), data information running in the system is leaked due to the fact that the external network is accessed, so that the system authentication cannot be carried out through accessing the external network. Therefore, the existing system safety mode is neither convenient nor universal. Based on this application, a new system security authentication method is provided to solve the above technical problem.
Fig. 1 is a schematic view of an application scenario of system security authentication provided in an embodiment of the present application, where the application scenario is illustrated by including three system installation devices, where the system installation devices may be a host, a server, and the like. The server is taken as an example in the figure, and it is assumed that after a user acquires the installation authority of the system, the system can be installed in the servers 101, 102 and 103, respectively, and authentication files generated based on the characteristic information are all imported into the system, and the characteristic information includes the user information and the system information of the system. And when the pre-stored characteristic information analyzed by the authentication file is determined to be consistent with the current characteristic information of the system, determining that the system is safe.
In one embodiment, the system will periodically detect the number of devices in the local area network and the status information of each device, and record the detection result; the state information includes: at least two of a device identifier, an IP address, and a MAC address; then, comparing information based on a pre-stored state file and a detection result; the state file is information obtained by detecting the number of devices in the local area network and the state information of the devices when the system successfully imports the authentication file; if the matched information quantity exceeds a preset threshold value, determining the working environment safety of the system; and if the number of the matched information is lower than a preset threshold value, determining that the working environment of the system has potential safety hazards, and forbidding the system to work.
It should be noted that the TCP SYN method may be used to scan the number of devices in the lan. When detecting the state information, the state information may be detected by broadcasting an ARP packet through the system, for example, when the system successfully imports the authentication file, 3 servers in the lan are respectively servers 101, 102, and 103, and if the state information detected when the system successfully imports the authentication file is a device identifier, an IP address, and an MAC address, it is assumed that the device identifier corresponding to the server 101 is 101, the IP address is 36.106.247.71, and the MAC address is an address a; suppose that the device identifier corresponding to the server 102 is 102, the IP address is 36.106.247.72, and the MAC address is address B; assume that the server 103 corresponds to a device identification of 103, IP address of 36.106.247.73, and MAC address of address C, and stores the state information.
The system can detect the working environment information of the system in real time, acquire the state information of the equipment, and when finding that the information of other network segments inconsistent with the network segment appears, assume that the preset threshold value is 50% (namely the number of matched information is higher than 50%, the local area network is determined to be in a safe state, and if the number of matched information is lower than 50%, the local area network is determined to be in an unsafe state), if: detecting 3 devices, wherein the detected state information comprises a device identifier 101, an IP address 36.106.247.71 and an MAC address A; the detected state information includes a device identifier 104, an IP address 36.106.247.75 and a MAC address D; the device identifier 107, the IP address 36.106.247.78, and the MAC address F in the detected status information are inconsistent with the pre-stored information, and if the number of matches is less than 50%, it is determined that the environmental information in the lan has changed, and the system is disabled, thereby ensuring the security of the system.
In one embodiment, the system information including the system information includes: system carrier information and a signature sequence code; the user information is a user identifier obtained by decrypting the installation certificate during system installation; the system carrier information comprises an IP address, a subnet mask, a gateway and a hardware serial number; the characteristic sequence code is obtained by computing the CPU information, the mainboard information, the network card information and the hard disk information through an encryption algorithm, and can be a hash value or a numerical value obtained by other encryption operations.
The feature information may be: and compiling the user information, the system carrier information and the characteristic sequence code of the system according to a preset format, coding the compiled information, and randomly inserting confusion parameters to generate an authentication file. The authentication file generated by the method is safer and more reliable.
In further detail, the authentication file may be generated as follows: writing the characteristic information into a characteristic information file in a Json data format, wherein keys in the Json data format are specific character strings, and values are values of the corresponding system characteristic information; as shown in table 1, keys are user information, IP addresses, and subnet masks, respectively, and the corresponding value values are flag, 36.106.159.21X, and 255.255.255.0, respectively.
TABLE 1
key value
User information Dragon
IP address 36.106.159.21X
Subnet mask 255.255.255.0
Then, the feature information file can be encoded through Base64 to obtain an encoded file, and obfuscated by using a random obfuscating parameter method to obtain an authentication file, and when performing random obfuscation, an obfuscating rule can be set for obfuscation, such as: a is inserted between the 3 rd and 4 th characters of the encoded file, and B is inserted between the 7 th and 8 th characters. In specific implementation, the confusion rule may be set according to the requirement, and is not specifically limited herein.
In one implementation, in order to ensure the security of the system, after the authentication file is generated, the authentication file to be imported into the system needs to be authenticated, and the MD5 value of the authenticated authentication file is stored as the pre-stored MD5 value.
It should be noted that, referring to the method shown in fig. 2, when the authentication file to be imported into the system is authenticated, step 201 may be executed first: and extracting the confusion parameters at the preset position of the authentication file to be imported, and decoding the information to obtain the characteristic information of the system compiled by the preset data format.
In specific implementation, the step is the inverse process of the authentication file generation, wherein the preset position is a position where the authentication file is randomly confused, and the characteristic information can be analyzed in this way.
Step 202: acquiring current characteristic information of the system, and comparing the current characteristic information with the characteristic information of the system compiled by a preset data format; if the information is matched, go to step 203; if at least one of the messages does not match, step 204 is performed.
Step 203: the authentication of the authentication file to be imported passes, and the MD5 value is stored as a pre-stored MD5 value after the MD5 value of the file to be imported is determined;
step 204: and not importing the authentication file to be imported.
In addition, after the authentication file passes the authentication, the authenticated authentication file is dispersedly led into a storage space appointed by the system, the concealment and the dispersibility of the authentication file can be improved through the method, so that the system is not easy to damage, wherein the appointed storage space is determined according to the property of the system, if the system is a cash register system, a module related to electronic resource transaction in the system can dispersedly lead in a plurality of authentication files, so that after a non-sending molecule damages the authentication file, the cash register system is forbidden in time, and the cash register system is prevented from being seriously threatened by safety.
Based on the above description, the embodiment of the present application provides a schematic flow chart of a system security authentication method, as shown in fig. 3, when the system works in a local area network environment, step 301 may be executed first: analyzing pre-stored characteristic information of the system from an authentication file stored in the system; the characteristic information includes user information of the system and system information. The parsing may be performed with reference to step 201 in fig. 2.
Step 302: acquiring current characteristic information of the system, and matching the current characteristic information with pre-stored characteristic information; if the matching fails, go to step 303; if the matching is successful, go to step 304.
Step 303: it is determined that the system is not secure.
Step 304: and determining the safety of the system.
According to the method, the pre-stored characteristic information is acquired by analyzing the authentication file, the current characteristic information is compared with the pre-stored characteristic information, the safety of the system is determined, dependence on hardware equipment is reduced, and the system does not need to access an external network in real time to perform safety authentication on the system.
In one embodiment, a plurality of authentication files are stored in the system with system security, and each authentication file is the same, and when performing system security authentication, the following steps may be performed with reference to fig. 4:
step 401: and acquiring more than a preset number of authentication files from the system periodically.
Step 402: and calculating corresponding MD5 values for the acquired authentication files.
Step 403: determining whether each MD5 value is the same as a pre-stored MD5 value; if the values of MD5 are the same as the pre-stored values of MD5, go to step 404; if the values of MD5 are not all the same as the pre-stored values of MD5, step 405 is executed.
Step 404: a step 301 of parsing out pre-stored characteristic information of the system is performed.
Step 405: it is determined that the system is not secure.
When the system security authentication is performed by adopting the method, whether the MD5 values of the authentication files are consistent or not is determined, if the MD5 values are inconsistent, the system is determined to be abnormal, the authentication files do not need to be analyzed, and the system security authentication method is more convenient and faster through the application of the MD5 values.
In one embodiment, after step 304, the matching result may also be stored, and when a rest request is received, the matching result is obtained; if the matching result is matching failure, prohibiting the system from working and returning an error status code to prompt the user to re-import the authentication file; and if the matching result is that the matching is successful, allowing the system to work. When a user uses the system, a rest request is sent, if the system is subjected to safety authentication before the rest request is received and a matching result is stored, the working state of the system is fed back according to the matching result, if the stored matching result is matching failure, an authentication file can be returned to be damaged, and a new error state transition code of which the authentication is destroyed is introduced to prompt the user, so that the user can introduce a new authentication file in time, and the working state of the system can be recovered in time; and if the stored matching result is successful, directly operating the system.
By the method, the user can conveniently and visually acquire the working state of the authentication file, and the authentication file is imported again according to the prompt, so that the normal operation of the system is ensured.
In one embodiment, when a request for system carrier information change is received, the system carrier information can be changed according to the request, the authentication file can be regenerated according to the changed system carrier information, and the pre-stored authentication file can be updated according to the regenerated authentication file. The pre-stored authentication file can be directly updated according to the change information of the system carrier in the request, the updating time of the authentication file is not limited, and the authentication file is updated as long as the request of changing the system carrier information is received.
It should be noted that, after the user has the installation authority of the system and the system carrier information is changed, the authentication file information can be updated to continue to use the system without acquiring the installation authority of the system again, and the authentication file in the system is updated more flexibly by this method.
In one embodiment, when the carrier information of the system is changed, whether the carrier of the system is a physical machine or a virtual machine is further determined; if the system carrier is a physical machine, changing the information of the system carrier; and if the system carrier is the virtual machine, changing the system carrier information after the dynamic password verification is determined to pass.
It should be noted that, when the system carrier information is updated, determining whether the system carrier is a physical machine or a virtual machine is performed to further ensure the security of the system operating environment, and when the operating environment is not secure, the operation of changing the system carrier information is not performed.
In one implementation, verification of the dynamic password may be performed with reference to fig. 5, which may be performed as step 501: and acquiring user information in the current characteristic information of the system and the characteristic sequence code in the current characteristic information.
Step 502: and coding the user information in the current characteristic information and the characteristic sequence code in the current characteristic information to obtain a secret key, and calculating the dynamic password code through the secret key.
Step 503: and generating a dynamic password according to the user information in the current characteristic information, the characteristic sequence code, the secret key and the dynamic password code in the current characteristic information.
Step 504: comparing the dynamic password with a dynamic password generated by a password generation control based on an OTP algorithm; if yes, go to step 505; if not, go to step 506.
Step 505: and determining that the dynamic password passes the authentication.
Step 506: determining that the dynamic password authentication fails.
It should be noted that the dynamic password has a valid time, for example, 60 seconds, it is assumed that the dynamic password generated based on the user information and the feature sequence code in the current feature information is 124334, but the password generated based on the OTP algorithm password generation control is 123123, the passwords are not identical, it is determined that the dynamic password authentication fails, the system bearer information is not allowed to be changed, if the password generated based on the OTP algorithm password generation control is 124334, but the time is generated before 70 seconds, the authentication of the dynamic password also fails, and it is determined that the dynamic password authentication passes only if the values of the dynamic password are the same within the valid time.
In this way, the operation of randomly changing the system characteristic information is avoided.
Referring to fig. 6, a system security authentication apparatus, the system operating in a lan environment, includes: a parsing module 61, a matching module 62, a first determining module 63 and a second determining module 64.
The analysis module 61 is used for analyzing the pre-stored characteristic information of the system from the authentication file stored in the system; the characteristic information comprises user information and system information of the system; the matching module 62 is configured to obtain current feature information of the system, and match the current feature information with pre-stored feature information; a first determining module 63, configured to determine that the system is unsafe if the matching fails; and a second determining module 64, configured to determine that the system is safe if the matching is successful.
Optionally, a plurality of authentication files are stored in the system with system security, and each authentication file is the same, and the apparatus further includes: the acquisition module is used for periodically acquiring more than a preset number of authentication files from the system; respectively calculating corresponding message digest algorithm fifth version MD5 values for the acquired authentication files; determining whether each MD5 value is the same as a pre-stored MD5 value; if each MD5 value is the same as a pre-stored MD5 value, executing a step of analyzing pre-stored characteristic information of the system; if the values of MD5 are not identical to the prestored values of MD5, the system is determined to be unsafe.
Optionally, the apparatus further comprises: the storage module is used for storing the matching result; when an expressive state transition rest request is received, acquiring the matching result; if the matching result is matching failure, prohibiting the system from working and returning an error state code to prompt the user to re-import the authentication file; and if the matching result is that the matching is successful, allowing the system to work.
Optionally, the apparatus further comprises: the detection module is used for periodically detecting the number of the devices in the local area network and the state information of each device and recording the detection result; the state information includes: at least two of the device identification, the Internet Protocol (IP) address and the local area network (MAC) address; comparing information based on a pre-stored state file and a detection result; the state file is information obtained by detecting the number of the devices in the local area network and the state information of the devices when the system successfully imports the authentication file; if the matched information quantity exceeds a preset threshold value, determining the working environment safety of the system; and if the number of the information matches is lower than a preset threshold value, determining that potential safety hazards exist in the working environment of the system, and forbidding the system to work.
Optionally, the system information includes: system carrier information and a signature sequence code; the user information is a user identifier obtained by decrypting the installation certificate during system installation; the system carrier information comprises an IP address, a subnet mask, a gateway and a hardware serial number; the characteristic sequence code is obtained by computing CPU information, mainboard information, network card information and hard disk information of the central processing unit through an encryption algorithm.
Optionally, the authentication file is generated by compiling the feature information according to a preset data format, coding the compiled information, and randomly inserting the confusion parameter.
Optionally, before the parsing module parses the pre-stored feature information of the system from the authentication file stored in the system, the parsing module further includes: the authentication module is used for authenticating the authentication file to be imported into the system, and storing the MD5 value of the authentication file passing the authentication as a pre-stored MD5 value; and dispersedly importing the authenticated authentication files into a storage space designated by the system.
Optionally, the authentication module is specifically configured to: extracting confusion parameters at a preset position of an authentication file to be imported, and decoding information to obtain characteristic information of a system compiled by a preset data format; acquiring current characteristic information of the system, and comparing the current characteristic information with the characteristic information of the system compiled by a preset data format; if the information is matched, the authentication of the authentication file to be imported passes, and the MD5 value is stored as a pre-stored MD5 value after the MD5 value of the file to be imported is determined; if at least one item of information is not matched, the authentication file to be imported is not imported.
Optionally, the apparatus further comprises: the information change module is used for changing the system carrier information according to the request and regenerating the authentication file according to the changed system carrier information when receiving the request of changing the system carrier information; and updating the pre-stored authentication file according to the regenerated authentication file.
Optionally, the information change module is specifically configured to: determining whether the system carrier is a physical machine or a virtual machine; if the system carrier is a physical machine, changing the information of the system carrier; and if the system carrier is the virtual machine, changing the system carrier information after the dynamic password verification is determined to pass.
Optionally, the apparatus further comprises: the dynamic password verification module is used for acquiring user information in the current characteristic information of the system and a characteristic sequence code in the current characteristic information; encoding user information in the current characteristic information and a characteristic sequence code in the current characteristic information to obtain a secret key, and calculating a dynamic password code through the secret key; generating a dynamic password according to the user information in the current characteristic information, the characteristic sequence code, the secret key and the dynamic password code in the current characteristic information; comparing the dynamic password with a dynamic password generated by a password generation control based on a dynamic password OTP algorithm; if the dynamic password is the same as the password, the dynamic password is determined to pass the verification; if not, determining that the dynamic password authentication fails.
In some possible implementations, a computing device according to the present application may include at least one processor, and at least one memory. Wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the system security authentication method according to various exemplary embodiments of the present application described above in the present specification. For example, the processor may perform steps 301-304 as shown in FIG. 3.
The computing device 130 according to this embodiment of the present application is described below with reference to fig. 7. The computing device 130 shown in fig. 7 is only an example and should not impose any limitations on the functionality or scope of use of embodiments of the present application.
As shown in FIG. 7, computing device 130 is embodied in the form of a general purpose computing apparatus. Components of computing device 130 may include, but are not limited to: the at least one processor 131, the at least one memory 132, and a bus 133 that connects the various system components (including the memory 132 and the processor 131).
Bus 133 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.
The memory 132 may include readable media in the form of volatile memory, such as Random Access Memory (RAM)1321 and/or cache memory 1322, and may further include Read Only Memory (ROM) 1323.
Memory 132 may also include a program/utility 1325 having a set (at least one) of program modules 1324, such program modules 1324 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The computing device 130 may also communicate with one or more external devices 134 (e.g., keyboard, pointing device, etc.), and/or with any device (e.g., router, modem, etc.) that enables the computing device 130 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 135. Also, computing device 130 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via network adapter 136. As shown, network adapter 136 communicates with other modules for computing device 130 over bus 133. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computing device 130, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
In some possible embodiments, various aspects of the system security authentication method provided by the present application may also be implemented in the form of a program product including a computer program for causing a computer device to perform the steps in the system security authentication method according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the computer device may perform steps 301-304 as shown in fig. 3.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The program product for parameter processing of the embodiments of the present application may employ a portable compact disc read only memory (CD-ROM) and include a computer program, and may be run on a computing device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A readable signal medium may include a propagated data signal with a readable computer program embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer program embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer programs for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer program may execute entirely on the target object computing device, partly on the target object apparatus, as a stand-alone software package, partly on the target object computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the target object computing device over any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., over the internet using an internet service provider).
It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, according to embodiments of the application. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.
Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having a computer-usable computer program embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the present application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (22)

1. A method for secure authentication of a system, wherein the system operates in a local area network environment, the method comprising:
analyzing pre-stored characteristic information of the system from an authentication file stored in the system; the characteristic information comprises user information and system information of the system;
acquiring current characteristic information of the system, and matching the current characteristic information with the pre-stored characteristic information;
if the matching fails, determining that the system is unsafe;
if the matching is successful, determining the system safety;
wherein the method further comprises:
periodically detecting the number of the devices in the local area network and the state information of each device, and recording detection results; the state information includes: at least two of the device identification, the Internet Protocol (IP) address and the local area network (MAC) address;
comparing information with the detection result based on a pre-stored state file; the state file is information obtained by detecting the number of devices in the local area network and the state information of the devices when the system successfully imports the authentication file;
if the number of the matched devices exceeds a preset threshold value, determining the working environment safety of the system;
if the number of the matched devices is lower than the preset threshold value, determining that potential safety hazards exist in the working environment of the system, and prohibiting the system from working;
wherein, the matched device is that the state information corresponding to one device in the state file is completely consistent with the detected state information corresponding to one device.
2. The method of claim 1, wherein the system security system has a plurality of authentication files stored therein, and each authentication file is the same, the method further comprising:
regularly acquiring more than a preset number of authentication files from the system;
respectively calculating corresponding message digest algorithm fifth version MD5 values for the acquired authentication files;
determining whether each MD5 value is the same as a pre-stored MD5 value;
if each MD5 value is the same as the pre-stored MD5 value, executing the step of analyzing the pre-stored characteristic information of the system;
if the values of the MD5 and the pre-stored values of the MD5 are not identical, the system is determined to be unsafe.
3. The method of claim 1, further comprising:
storing the matching result;
when an expressive state transition rest request is received, obtaining the matching result;
if the matching result is that the matching fails, prohibiting the system from working and returning an error status code to prompt the user to re-import the authentication file;
and if the matching result is that the matching is successful, allowing the system to work.
4. The method of claim 1, wherein the system information comprises: system carrier information and a signature sequence code;
the user information is a user identifier obtained by decrypting an installation certificate during system installation;
the system carrier information comprises an IP address, a subnet mask, a gateway and a hardware serial number;
the characteristic sequence code is obtained by computing CPU information, mainboard information, network card information and hard disk information of the central processing unit through an encryption algorithm.
5. The method according to claim 1 or 4, wherein the authentication file is generated by writing the characteristic information according to a preset data format, encoding the written information, and randomly inserting confusion parameters.
6. The method of claim 2, wherein prior to parsing the pre-stored signature information of the system from the authentication file stored by the system, further comprising:
authenticating the authentication file to be imported into the system, and storing the MD5 value of the authenticated authentication file as the pre-stored MD5 value;
and dispersedly importing the authenticated authentication files into a storage space specified by a system.
7. The method of claim 6, wherein the authenticating the authentication file of the system to be imported and storing the authenticated authentication file with the MD5 value as the pre-stored MD5 value comprises:
extracting confusion parameters at a preset position of the authentication file to be imported, and decoding information to obtain characteristic information of a system compiled by a preset data format;
acquiring current characteristic information of the system, and comparing the current characteristic information with the characteristic information of the system compiled by the preset data format;
if the information is matched, the authentication of the authentication file to be imported passes, and an MD5 value is stored as the pre-stored MD5 value after the MD5 value of the file to be imported is determined;
and if at least one item of information is not matched, not importing the authentication file to be imported.
8. The method of claim 4, further comprising:
when a request for changing the system carrier information is received, changing the system carrier information according to the request and regenerating an authentication file according to the changed system carrier information;
and updating the pre-stored authentication file according to the regenerated authentication file.
9. The method of claim 8, wherein said modifying said system bearer information in accordance with said request comprises:
determining whether the system carrier is a physical machine or a virtual machine;
if the system carrier is a physical machine, changing the system carrier information;
and if the system carrier is a virtual machine, changing the system carrier information after the dynamic password is determined to pass the verification.
10. The method of claim 9, wherein verifying the dynamic password comprises:
acquiring user information in current characteristic information of a system and a characteristic sequence code in the current characteristic information;
encoding the user information in the current characteristic information and the characteristic sequence code in the current characteristic information to obtain a secret key, and calculating a dynamic password code through the secret key;
generating a dynamic password according to the user information in the current characteristic information, the characteristic sequence code in the current characteristic information, the secret key and the dynamic password code;
comparing the dynamic password with a dynamic password generated by a password generation control based on a dynamic password OTP algorithm;
if the dynamic password is the same as the dynamic password, the dynamic password is determined to pass the verification;
and if not, determining that the dynamic password authentication fails.
11. A system security authentication apparatus, wherein the system operates in a local area network environment, the apparatus comprising:
the analysis module is used for analyzing the pre-stored characteristic information of the system from the authentication file stored in the system; the characteristic information comprises user information and system information of the system;
the matching module is used for acquiring the current characteristic information of the system and matching the current characteristic information with the pre-stored characteristic information;
the first determining module is used for determining that the system is unsafe if the matching fails;
the second determining module is used for determining the safety of the system if the matching is successful;
wherein the apparatus further comprises:
the detection module is used for periodically detecting the number of the devices in the local area network and the state information of each device and recording detection results; the state information includes: at least two of the device identification, the Internet Protocol (IP) address and the local area network (MAC) address;
comparing information with the detection result based on a pre-stored state file; the state file is information obtained by detecting the number of devices in the local area network and the state information of the devices when the system successfully imports the authentication file;
if the number of the matched devices exceeds a preset threshold value, determining the working environment safety of the system;
if the number of the matched devices is lower than the preset threshold value, determining that potential safety hazards exist in the working environment of the system, and prohibiting the system from working;
wherein, the matched device is that the state information corresponding to one device in the state file is completely consistent with the detected state information corresponding to one device.
12. The apparatus of claim 11, wherein the system security system has a plurality of authentication files stored therein, and each authentication file is the same, the apparatus further comprising:
the acquisition module is used for periodically acquiring more than a preset number of authentication files from the system;
respectively calculating corresponding message digest algorithm fifth version MD5 values for the acquired authentication files;
determining whether each MD5 value is the same as a pre-stored MD5 value;
if each MD5 value is the same as the pre-stored MD5 value, executing the step of analyzing the pre-stored characteristic information of the system;
and if the MD5 values are not identical to the prestored MD5 values, determining that the system is unsafe.
13. The apparatus of claim 11, further comprising:
the storage module is used for storing the matching result;
when an expressive state transition rest request is received, obtaining the matching result;
if the matching result is that the matching fails, prohibiting the system from working and returning an error status code to prompt the user to re-import the authentication file;
and if the matching result is that the matching is successful, allowing the system to work.
14. The apparatus of claim 11, wherein the system information comprises: system carrier information and a signature sequence code;
the user information is a user identifier obtained by decrypting an installation certificate during system installation;
the system carrier information comprises an IP address, a subnet mask, a gateway and a hardware serial number;
the characteristic sequence code is obtained by computing CPU information, mainboard information, network card information and hard disk information of the central processing unit through an encryption algorithm.
15. The device according to claim 11 or 14, wherein the authentication file is generated by writing the characteristic information according to a preset data format, encoding the written information, and randomly inserting confusion parameters.
16. The apparatus of claim 12, wherein before the parsing module parses the pre-stored profile information of the system from the authentication file stored in the system, the apparatus further comprises:
the authentication module is used for authenticating the authentication file to be imported into the system, and the MD5 value of the authentication file passing the authentication is stored as the pre-stored MD5 value;
and dispersedly importing the authenticated authentication files into a storage space designated by a system.
17. The apparatus according to claim 16, wherein the authentication module is specifically configured to:
extracting confusion parameters at a preset position of the authentication file to be imported, and decoding information to obtain characteristic information of a system compiled by a preset data format;
acquiring current characteristic information of the system, and comparing the current characteristic information with the characteristic information of the system compiled by the preset data format;
if the information is matched, the authentication of the authentication file to be imported passes, and an MD5 value is stored as the pre-stored MD5 value after the MD5 value of the file to be imported is determined;
and if at least one item of information is not matched, not importing the authentication file to be imported.
18. The apparatus of claim 14, further comprising:
the information change module is used for changing the system carrier information according to the request and regenerating an authentication file according to the changed system carrier information when receiving the request of changing the system carrier information;
and updating the pre-stored authentication file according to the regenerated authentication file.
19. The apparatus of claim 18, wherein the information modification module is specifically configured to:
determining whether the system carrier is a physical machine or a virtual machine;
if the system carrier is a physical machine, changing the system carrier information;
and if the system carrier is a virtual machine, changing the system carrier information after the dynamic password is determined to pass the verification.
20. The apparatus of claim 19, further comprising:
the dynamic password verification module is used for acquiring user information in the current characteristic information of the system and a characteristic sequence code in the current characteristic information;
encoding the user information in the current characteristic information and the characteristic sequence code in the current characteristic information to obtain a secret key, and calculating a dynamic password code through the secret key;
generating a dynamic password according to the user information in the current characteristic information, the characteristic sequence code in the current characteristic information, the secret key and the dynamic password code;
comparing the dynamic password with a dynamic password generated by a password generation control based on a dynamic password OTP algorithm;
if the dynamic password is the same as the dynamic password, the dynamic password is determined to pass the verification;
and if not, determining that the dynamic password authentication fails.
21. A computing device, comprising: a memory and a processor;
a memory for storing program instructions;
a processor for calling program instructions stored in said memory and for executing the method of any one of claims 1 to 10 in accordance with the obtained program instructions.
22. A computer storage medium storing computer-executable instructions for performing the method of any one of claims 1-10.
CN201911370550.1A 2019-12-26 2019-12-26 System security authentication method and device, computing equipment and storage medium Active CN111143808B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911370550.1A CN111143808B (en) 2019-12-26 2019-12-26 System security authentication method and device, computing equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911370550.1A CN111143808B (en) 2019-12-26 2019-12-26 System security authentication method and device, computing equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111143808A CN111143808A (en) 2020-05-12
CN111143808B true CN111143808B (en) 2022-05-03

Family

ID=70520687

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911370550.1A Active CN111143808B (en) 2019-12-26 2019-12-26 System security authentication method and device, computing equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111143808B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112650172B (en) * 2020-12-17 2021-08-20 山东云天安全技术有限公司 Safety authentication method and equipment for industrial control system
CN112637013B (en) * 2020-12-21 2022-11-04 苏州三六零智能安全科技有限公司 Method and device, device, and storage medium for abnormal detection of CAN bus message
CN113221092B (en) * 2021-05-26 2024-05-31 德明通讯(上海)股份有限公司 Screen unlocking method and terminal based on trust environment
CN118410466B (en) * 2024-04-22 2024-11-08 北京长擎软件有限公司 Authentication method for intranet clustered distributed operating system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6993664B2 (en) * 2001-03-27 2006-01-31 Microsoft Corporation Method and system for licensing a software product
CN101689237A (en) * 2007-06-25 2010-03-31 微软公司 Activation system architecture
CN102034059A (en) * 2010-12-02 2011-04-27 东莞宇龙通信科技有限公司 Application program management method, device and terminal
CN102354358A (en) * 2011-10-17 2012-02-15 无锡诺宝科技发展有限公司 Method for protecting copyright by combining IP (Internet Protocol) address
CN103368941A (en) * 2013-04-22 2013-10-23 北京奇虎科技有限公司 User network access scenario-based protection method and device
CN103544409A (en) * 2012-07-11 2014-01-29 腾讯科技(深圳)有限公司 Method for controlling application program, use equipment and server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6993664B2 (en) * 2001-03-27 2006-01-31 Microsoft Corporation Method and system for licensing a software product
CN101689237A (en) * 2007-06-25 2010-03-31 微软公司 Activation system architecture
CN102034059A (en) * 2010-12-02 2011-04-27 东莞宇龙通信科技有限公司 Application program management method, device and terminal
CN102354358A (en) * 2011-10-17 2012-02-15 无锡诺宝科技发展有限公司 Method for protecting copyright by combining IP (Internet Protocol) address
CN103544409A (en) * 2012-07-11 2014-01-29 腾讯科技(深圳)有限公司 Method for controlling application program, use equipment and server
CN103368941A (en) * 2013-04-22 2013-10-23 北京奇虎科技有限公司 User network access scenario-based protection method and device

Also Published As

Publication number Publication date
CN111143808A (en) 2020-05-12

Similar Documents

Publication Publication Date Title
CN111143808B (en) System security authentication method and device, computing equipment and storage medium
CN106330850B (en) Security verification method based on biological characteristics, client and server
EP3275159B1 (en) Technologies for secure server access using a trusted license agent
CN103581105B (en) Login validation method and login authentication system
CN109067813B (en) Network vulnerability detection method and device, storage medium and computer equipment
US10063538B2 (en) System for secure login, and method and apparatus for same
KR20160138063A (en) Techniques to operate a service with machine generated authentication tokens
WO2018017609A1 (en) Secure asynchronous communications
CN102377756A (en) Service access method and system, authentication method and system, client and authentication server
CN111935095A (en) Source code leakage monitoring method and device and computer storage medium
CN113268716A (en) Authorization verification system, method and device for application and storage medium
CN112765588B (en) Identity recognition method and device, electronic equipment and storage medium
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN114139131A (en) Operating system login method and device and electronic equipment
CN112825093B (en) Security baseline checking method, host, server, electronic device and storage medium
CN113792319A (en) File encryption method and device, storage medium and electronic equipment
CN112926101A (en) Disk partition encryption method, system, device and computer readable medium
KR20210125234A (en) Security system and method for software inputting to trusted network enclosed type
CN116723026A (en) Login verification method, login verification device, computer equipment and storage medium
CN114238922B (en) Login identity verification method and device
CN114257404B (en) Abnormal external connection statistical alarm method, device, computer equipment and storage medium
CN110572371B (en) Identity uniqueness verification control method based on HTML5 local storage mechanism
CN113127141B (en) Container system management method and device, terminal equipment and storage medium
CN115329315A (en) Service authentication method, device, storage medium and electronic device
CN113221081A (en) Double-factor identity authentication method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Applicant after: NSFOCUS Technologies Group Co.,Ltd.

Applicant after: NSFOCUS TECHNOLOGIES Inc.

Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Applicant before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd.

Applicant before: NSFOCUS TECHNOLOGIES Inc.

GR01 Patent grant
GR01 Patent grant