System and method for realizing user login identification based on identification type codes

Abstract

The invention relates to a system and a method for realizing user login identification based on identification type codes. Based on the system, a code identification of a user irrelevant to a Web information system account serves as an identification data for the account and is stored in the user account data of the Web information system; when the user logs in the Web information system, the system determines the current valid identification private key of the code identification of the user account to determine that the user is the account owner. If the Web information system originally uses an account name and passwords or uses codes to log in, a security gateway or a plugin which processes the login uses the user code identification as the passwords or a code substituting account and fills in a login request to enable the user to log in the Web information system after identifying the login account of the user. According to the system and the method for realizing the user login identification based on the identification type codes, the identification type private key of the user is only used for substituting the passwords or codes of the account to prove that the user owns the security private data of the account and does not serve as an identity certificate for logging in the system.

Description

technical field [0001] The invention belongs to the field of information security, in particular to a system and method for realizing user login authentication based on an identification password. Background technique [0002] When a user accesses a security-protected and restricted Web information system (including various application systems and security systems), a login operation (Logon or Login) is usually required. The purpose of the user login operation is to confirm that the user is a legitimate user of the Web information system, that is, user authentication (User Authentication); in fact, for many Web information systems, whether the user's identity information is true or not, who he is does not matter. Important, therefore, more precisely, the purpose of the user login operation is to confirm that the user is the owner of a registered account in the Web information system, that is, to perform account authentication (AccountAuthentication). [0003] The current We...

AI Technical Summary

Problems solved by technology

The scheme of account name + password or password is simple and convenient for users to operate and use, but its insecurity is well known

Although the PKI (Public Key Infrastructure) digital certificate (Digital Certificate) is safe, it is used for user or account authentication in the Web information system, which is inconvenient for user operation, difficult for user private key loss and recovery, troublesome for certificate renewal (usually requires manual operation) ) and other problems of poor usability, and it is necessary to develop controls or plug-ins for relevant browsers, resulting in problems such as heavy technical development workload and poor applicability: First, because different controls or plug-ins need to be developed for different browsers, and currently There are many browsers, and the workload of developing controls or plug-ins for all browsers including browsers running in different environments is very large; the second is because some browsers have very limited or no support for controls or plug-ins.

[0005] 1) When IBC is used for user or account identification in a Web information system, the usual solution is to use the user's account name in the Web information system as the user's IBC identifier. The system has different account names, so different IBC key pairs need to be obtained. Second, users obtain non-electronic communication identifications (email addresses, mobile phone numbers, etc. addresses or terminal identifications used for electronic communication are called electronic key pairs) from the key service system. Communication ID) corresponding to the private key, it is more troublesome and difficult for the key service system to confirm that the user is the real owner of the ID (for electronic communication IDs, such as e-mail address, mobile phone number, it is easier to do this);

[0006] 2) When IBC is used in the Web information system, since the cryptographic module needs to be invoked on the client side to perform IBC cryptographic operations, similar to digital certificates, the current solution is usually to use browser controls and plug-ins to invoke the cryptographic module to perform IBC cryptographic operations on the client side. Cryptographic operations, which have the same problems as the application of digital certificates in user login of Web information systems;

Images