Shulou(Shulou.com)06/01 Report--

Pre-sales Tel: 13522858185 Liu Xiande

Wechat synchronizes with the phone! If you are interested, you can contact me. Network and system security is the responsibility of our technicians!

I. the demand background of network security authentication

Phishing, fraud and other network crimes have reached a very serious situation, if users only rely on personal passwords for account login or online transactions, it is a very dangerous and unreliable authentication method. To solve these problems, Beijing Zhongke Henglun Technology Co., Ltd. launched a two-factor identity authentication service based on dynamic tokens, targeting online merchants who provide online transactions and services for enterprises × × secure login, IDC remote access management, and consumers. As long as they install Zhongke Henglun's two-factor authentication system, they will be able to provide identity authentication services to their customers so that their consumers can enjoy online services anytime and anywhere in a simple and easy way in the future. IT administrators or end consumers no longer have to worry all day, allowing online merchants to build closer and trusting relationships with their customers.

Second, the analysis of the main existing identity authentication technologies

At present, the main authentication methods commonly used in computer and network systems are as follows:

1. User name / password mode

User name / password is the simplest and most commonly used authentication method, which is based on "what you know". The password of each user is set by the user, as long as the password can be entered correctly, the computer thinks that the operator is a legitimate user. For the sake of security, users are required to change their passwords regularly and cannot repeat them. in fact, in order to prevent forgetting their passwords, many users often use strings that are easy to guess, such as birthdays and phone numbers, as their passwords. or copy the password on paper and put it in a place where you think it is safe, so it is easy to leak the password. Even if the user's password is guaranteed not to be disclosed, because the password is static data, it is easy to be intercepted by programs residing in computer memory or listening devices in the network. Therefore, in terms of security, user name / password is a very insecure way of identity authentication.

2. Smart card authentication

Smart card is a kind of chip with built-in integrated circuit, which contains data related to user identity. Smart card is produced by special manufacturers through special equipment, and it is non-replicable hardware. The smart card is carried by the legitimate user. When logging in, the smart card must be inserted into a special card reader to read the information in order to verify the identity of the user. Smart card authentication is a means based on "what you have", which can not be copied by smart card hardware to ensure that the user's identity will not be counterfeited. However, because the data read from the smart card is static, it is easy to intercept the user's authentication information through memory scanning or network monitoring and other technologies, so there are still security risks.

3. Dynamic password authentication

Dynamic password authentication is a technology that allows users' passwords to change according to time or times of use, and each password can only be used once. The technology is based on dynamic tokens, and the password generation chip runs a special password algorithm to generate the current password according to the current time and display it on the display screen. The authentication server uses the same algorithm to calculate the current valid password. Users only need to enter the current password displayed on the dynamic token into the client computer to achieve identity authentication. Because the password used each time must be generated by a dynamic token, and only a legitimate user holds the hardware, the user's identity can be considered reliable as long as it is verified by the password. The password used by the user is different each time. Even if the password is intercepted once, the password cannot be used to impersonate the identity of a legitimate user.

4. Biometric technology

Biometric technology mainly refers to a technology that authenticates identity through biological characteristics such as measurable body or behavior. Biometrics refer to the only physiological characteristics or behavior that can be measured or automatically verified. Biometrics can be divided into two categories: identity characteristics and behavioral characteristics. Physical features include: fingerprint, palm, retina, iris, DNA, etc.; behavioral features include signature, voice, walking gait and so on. The identity authentication mechanism based on biometrics is easily affected by external factors (such as the change of noise, position, direction and illumination or the change of the characteristics of the subject itself), which makes it difficult to extract biometric features or match. In addition, all biometric recognition technologies use the extracted biometric data as identification codes, so they are easy to be illegally intercepted in transmission, and the cost of biometric recognition technology is high.

Three. Two-factor identity authentication solution based on dynamic token of Beijing Zhongke Henglun Technology Co., Ltd.

Beijing Zhongke Henglun Technology Co., Ltd. is a company that provides consumer identity authentication solutions, designed for online merchants such as online banking, IDC server and switch management, × × secure login authentication, e-commerce, online game companies and other services, to provide its customers with two-factor identity authentication services, so that consumers can enjoy secure and convenient online trading services at any time and anywhere.

1.CKEY token

CKEY consumer identity authentication service uses well-known hardware tokens and technologies, and CKEY tokens use time synchronization technology to change passwords every 60 seconds. Each token has a unique seed that generates a new password every 60 seconds according to the industry standard algorithm. Because the resulting password is unpredictable and dynamic, it is difficult to detect the correct password at any time. This technology matches the identity authentication device with the server, thus ensuring a high degree of security. As long as you consider the risk of exposure to important information resources, you will think that this kind of protection is essential. The use of CKEY hardware tokens is as simple as entering a personal password, but much more secure. Each end user is issued with a token that generates an one-time password every 60 seconds. When logging in, the user enters the original password (static password), and then enters the dynamic password displayed on the token to achieve secure two-factor identity authentication protection. Characteristics of dynamic tokens:

Use intuitive, simple and one-time passwords

The circuit inside the token is unreadable and cannot be cracked, tampered with and copied; it is similar to the size of a credit card and is easy to carry; a clearly readable LCD display

Automatically generate unpredictable single-use access passwords every 60 seconds

Each card has a unique 128-bit seed number, and the time is synchronized with the authentication server; no other reading equipment is needed; strong waterproof; strong anti-static; strong anti-shock.

2. Authentication server

The authentication server can perform the following functions:

Enterprise authentication: ensure that the logged-in user is indeed an authorized individual, greatly reducing the risk of * and illegal access control: custom access rights, protect access to private network systems, files and applications to avoid * *: identify illegal users to access the network, and effectively prevent.

User responsibility: access to the history log ensures that users will not be affected by any illegal access events

3. Agent software

The function of the intermediate agent software which implements this powerful authentication function is similar to that of the security personnel and is used to implement the security policy established by the SAE/Server system. SAE/API is a device-specific agent software that has been built into most mainstream network devices and browsers and Web server software systems in the industry, allowing security administrators to select and apply appropriate settings for users and protected resources through mouse clicks rather than writing code. The characteristics of intermediate agent software are:

● provides seamless integration without the need to install client software

● 's existing mainstream network equipment has been pre-installed. CKEY has the most extensive global identity authentication partners, a total of 170236 products support CKEY SecurID, such as Cisco,3Com, Huawei A8010 Magna Alcatel and so on.

● supports most of the existing mainstream platforms. CKEY supports authentication protection of Sun Solaris, IBM AIX, HP-UX, SunOS,IRIX.BSDi,Free,BSD,Redhat LINUX, OS/390, OS/400, Dec Unix, Unisys, SGI, MAC OS, DG/UX, Netware, Palm OS, Rocket z/OS and other operating systems.

● supports Mircrosoft RAS remote access authentication.

● CKEY supports Web servers such as Microsoft IIS, iPlanet, Apache, Lotus Domino Web Server, etc.

● is easy to configure and run.

4. The advantages of Zhongke Henglun two-factor identity authentication solution

Time synchronization with UTC: token clock and authentication server system clock are synchronized to UCT (Greenwich mean time) valid token window and clock drift adjustment: suitable for situations where the clock in the authentication token deviates slightly from the time phase of the authentication server.

Hash communication with authentication server (SAE/Server)

Disaster recovery capability of the authentication server: recover the necessary data from the authentication server through a network connection

Dynamic and parallel token authentication engine: the number of concurrent authentication of a single authentication server is more than 1000, which requires a large number of concurrent authentication. Cluster mode can be used to carry out automatic authentication server load.

Pre-sales Tel: 13522858185 Liu Xiande

Wechat synchronizes with the phone! If you are interested, you can contact me. Network and system security is the responsibility of our technicians!

Author: CKEY dynamic password

Source: CSDN

Original: https://blog.csdn.net/andywhitestar/article/details/87626609

Copyright notice: this article is the original article of the blogger, please attach a link to the blog article to reprint it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.