Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Web system oriented logging-in method

A login method and a login server technology, which are applied in the login field facing Web systems, can solve the problems of session identification data theft, account names and passwords that are easy to forget, confusion, user login system account names and passwords being monitored and stolen, etc. To achieve the effect of simple implementation of the plan, avoiding troubles and potential risks that may exist

Active Publication Date: 2016-09-28
WUHAN UNIV OF TECH
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] First, when a user uses a public computer to log in to the information or application system to be accessed in a public environment such as an Internet cafe, such as logging in to QQ or online games, since the public computer may be installed with a Trojan horse, the account name and password of the user logging in to the system may be monitored, The risk of theft (even dynamic passwords cannot avoid this security risk)
[0004] The second is that users have account names and passwords to remember in different information or application systems. If there are too many account names and passwords, it is easy to forget and confuse them.
[0005] Third, in some occasions with high security requirements, users need to use cryptographic hardware such as USB Keys that store digital certificates and private keys, but if there are multiple USB Key cryptographic hardware that needs to be carried, it will cause inconvenience to users
The biggest feature of 201510472645.X is that it is easy to implement, and the Web system authenticates the user login in the original way. However, there is also a problem in the solution in 201510472645.X, that is, the session identification data is returned to the browser in plain text and Via browser page display, this puts session ID data at risk of being stolen (from the page) by maliciously injected scripts
But there are also some problems in this scheme: the one, the user will input the user's account name in the Web system or an identity mark of the user in the browser, which brings additional troubles to the user; Entering the user's account name in the Web system through the browser will cause the leakage of user information and leave clues for the attacker to crack the account password. The corresponding password password of the same or similar account name to guess the password password of the user in the web system to be logged in (so-called credential stuffing)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] The Web system uses the account name and password method for user login authentication. The account database of the Web system stores the user's account name and password; the mobile login server can directly access the user account database of the Web system; the user uses the mobile login assistant to use the Web system. The account name and password in the mobile login server are authenticated on the mobile login server, and the mobile login server obtains the user's account name and password from the account database of the Web system, and verifies the validity of the account name and password submitted by the user through the mobile login assistant; the verification passes The post-mobile login server uses the obtained account name and password to log in the Web system on behalf of the user, and submits the session identification data obtained based on the temporary identifier according to the way the browser submits the session identification data agreed by the Web ...

Embodiment 2

[0044] Web systems use security tokens (such as SAML security assertions, Spnego security tokens) for login authentication; the mobile login server, as an identity service system that issues security tokens, maintains its own user account data and maintains the user's account data on the mobile login server. The binding or corresponding relationship between the account of the user and the user's account in the Web system; the user uses the identity certificate on the mobile login server to perform identity authentication on the mobile login server through the mobile login assistant; after the identity authentication is completed, the mobile login server The corresponding relationship determines that the user has the right to access the web system, and then issues a security token for the user to access the web system, and uses the security token to log in the web system on behalf of the user, and browses according to the web system agreement when logging in on behalf of the user...

Embodiment 3

[0046] Web systems use security tokens (such as SAML security assertions, Spnego security tokens) for login authentication; the mobile login server, as an identity service system that issues security tokens, maintains its own user account data and maintains the user's account data on the mobile login server. The binding or corresponding relationship between the user's account and the user's account in the Web system; after the user completes identity authentication on the mobile login server using the identity credentials on the mobile login server through the mobile login assistant, the mobile login server determines the user according to the account binding or corresponding relationship With the authority to access the Web system, the mobile login server issues a security token for the user to log in to the Web system, and then returns the security token and the session identification data obtained based on the temporary identifier to the mobile login assistant; the mobile log...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a Web system oriented logging-in method. The method comprises the following steps: when a user employs a browser to access a Web system which is not logged-in, the Web system submits session identification data between the browser and the Web system and a temporary stored identifier of the session identification data to a mobile logging-in server for temporary storage, meanwhile displays the temporary stored identifier in a form of bar codes through a user browser; a mobile logging-in assistant in a user mobile terminal obtains the temporary stored identifier through scanning the bar codes and submits the temporary stored identifier to the mobile logging-in server; after completion of identity authentication of the user, the mobile logging-in server replaces the user to log-in the Web system by using the session identification data corresponding to the temporary stored identifier, or returns the session identification data corresponding to the temporary stored identifier to the mobile logging-in assistant for logging-in the Web system, or encrypts the session identification data corresponding to the temporary stored identifier by using a user encryption key and then returns the session identification data corresponding to the temporary stored identifier to the mobile logging-in assistant for logging-in the Web system after the session identification data are decrypted.

Description

technical field [0001] The invention belongs to the technical field of information security, in particular to a web system-oriented login method. Background technique [0002] Users of network information or application systems may encounter the following problems when accessing network information or application systems. [0003] First, when a user uses a public computer to log in to the information or application system to be accessed in a public environment such as an Internet cafe, such as logging in to QQ or online games, since the public computer may be installed with a Trojan horse, the account name and password of the user logging in to the system may be monitored, The risk of theft (even dynamic passwords cannot avoid this security risk). [0004] The second is that users have account names and passwords to remember in different information or application systems. If there are too many account names and passwords, it is easy to forget and confuse them. [0005] Th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06G06F21/36
CPCG06F21/36H04L63/08H04L63/0823H04L67/02
Inventor 龙毅宏
Owner WUHAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com