Dual verification method for trusted equipment access application

Abstract

The invention provides a dual verification method for trusted equipment to access an application, which comprises the following steps that: when an existing account accesses a new unauthorized client mode, a verification server verifies a current client A by adopting the following modes: the verification server randomly generates a dynamic code plaintext, encrypts the dynamic code plaintext, a dynamic code ciphertext is obtained, and then the dynamic code ciphertext is sent to the authorized client; the authorization client carries out decryption operation on the received dynamic code ciphertext to obtain a dynamic code plaintext, and the dynamic code plaintext is displayed in a display area of the authorization client; and the verification server judges whether the dynamic code plaintext returned by the client A is received within a preset time. The double-verification method for the trusted equipment to access the application has the advantages that a double-verification mechanism of the password and the verification code of the user account is adopted, and the safety of the user account in using the application software is remarkably enhanced.

Description

technical field [0001] The invention belongs to the technical field of application security verification, and in particular relates to a double verification method for a trusted device to access an application. Background technique [0002] Since the Internet entered thousands of households in the 1990s, Internet services (such as mail, e-commerce, and social networking) have flourished. Account passwords have become one of the most important means of protecting user information security in the Internet world, and they are also the most important means of most network systems today. The simplest access control method used, which confirms the user's legitimacy through the matching of passwords. Specifically, the system creates an ID / PW (account / password) pair for each legitimate user. When the user logs in to the system, the user is prompted to enter the account and password. The system checks the account password entered by the user with the existing legitimate users in the ...

AI Technical Summary

Problems solved by technology

This also leads to the security shortcomings of static passwords, such as peeping, guessing, dictionary attacks, brute force cracking, stealing, monitoring, replay attacks, Trojan horse attacks, etc.

On the other hand, in order to prevent forgetting passwords, many users often use strings that are easy to guess such as birthdays and phone numbers as passwords, or record passwords in a place they think is safe, which can easily cause password leakage

Of course, in order to improve the security of static passwords to a certain extent, users can change their passwords regularly, but this leads to difficulties in the use and management of static passwords, especially when a user has several or even dozens of passwords When it needs to be dealt with, it is very easy to cause problems such as misremembering passwords and forgetting passwords, and it is also difficult to require all users to strictly implement the operation of regularly changing passwords

[0004] Static password authentication technology is very vulnerable in the face of the above-mentioned forms of network attacks, security incidents that attackers illegally obtain legitimate user passwords and invade network systems often occur

Images