CN105827624B - an authentication system - Google Patents

an authentication system Download PDF

Info

Publication number
CN105827624B
CN105827624B CN201610269359.8A CN201610269359A CN105827624B CN 105827624 B CN105827624 B CN 105827624B CN 201610269359 A CN201610269359 A CN 201610269359A CN 105827624 B CN105827624 B CN 105827624B
Authority
CN
China
Prior art keywords
client
management server
access
code
user name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610269359.8A
Other languages
Chinese (zh)
Other versions
CN105827624A (en
Inventor
周迪
赵子华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Uniview Technologies Co Ltd
Original Assignee
Zhejiang Uniview Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Uniview Technologies Co Ltd filed Critical Zhejiang Uniview Technologies Co Ltd
Priority to CN201610269359.8A priority Critical patent/CN105827624B/en
Publication of CN105827624A publication Critical patent/CN105827624A/en
Application granted granted Critical
Publication of CN105827624B publication Critical patent/CN105827624B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种身份验证系统,应用于视频监控网络,包括管理服务器和客户端,所述客户端包括第一客户端和第二客户端,所述第一客户端访问管理服务器,由管理服务器生成对应的访问ID,并向管理服务器查询该访问ID是否已经获得授权,在获得授权后直接登录管理服务器;第二客户端携带访问ID连接管理服务器,在管理服务器中建立该访问ID、第二客户端和监控用户名的绑定关系,对第一客户端进行授权。本发明的身份验证系统由第二客户端移动终端通过指纹确认对第一客户端进行授权,不需要每次登录时输入复杂的用户名和密码,方便了用户在不同的客户端上进行登录。

The invention discloses an identity verification system, which is applied to a video surveillance network, and includes a management server and a client, the client includes a first client and a second client, the first client accesses the management server, and the management The server generates a corresponding access ID, and queries the management server whether the access ID has been authorized, and directly logs in to the management server after being authorized; the second client carries the access ID to connect to the management server, and establishes the access ID, the second access ID in the management server. The binding relationship between the second client and the monitoring user name is used to authorize the first client. In the identity verification system of the present invention, the mobile terminal of the second client authorizes the first client through fingerprint confirmation, and does not need to input complicated user names and passwords every time they log in, which facilitates users to log in on different clients.

Description

一种身份验证系统an authentication system

技术领域technical field

本发明属于安全验证技术领域,尤其涉及一种视频监控网络中的身份验证系统。The invention belongs to the technical field of safety verification, in particular to an identity verification system in a video surveillance network.

背景技术Background technique

视频监控是安全防范系统的重要组成部分,视频监控以其直观、准确、及时和信息内容丰富而广泛应用于许多场合。近年来,随着计算机、网络以及图像处理、传输技术的飞速发展,视频监控的普及化趋势越来越明显。Video surveillance is an important part of the security system. Video surveillance is widely used in many occasions because of its intuition, accuracy, timeliness and rich information content. In recent years, with the rapid development of computer, network, image processing and transmission technology, the popularization trend of video surveillance has become more and more obvious.

随着移动通信技术的发展,特别是3G/4G技术的普及,高带宽的移动服务为视频监控在移动终端上的实现提供了条件,越来越多的用户开始使用移动终端作为视频监控的客户端。用户在需要查看视频监控系统的录像或实况时,只需要通过移动终端登录视频监控系统的管理服务器,即可实现录像查看和实况监控。With the development of mobile communication technology, especially the popularization of 3G/4G technology, high-bandwidth mobile services provide conditions for the realization of video surveillance on mobile terminals, and more and more users begin to use mobile terminals as customers of video surveillance end. When the user needs to view the video or live video of the video surveillance system, he only needs to log in to the management server of the video surveillance system through a mobile terminal to realize video viewing and live monitoring.

在现有技术中,视频监控系统的身份验证主要是通过用户名和密码进行登录和验证。在某些视频监控系统中,还不能直接访问管理服务器,需要通过VPN的拨号后才能接入网络,此时还需要输入VPN拨号的用户名和密码。而对于需要多次输入用户名和密码的视频监控系统,用户的操作比较繁琐。密码设置的过于简单,容易被猜测被非法入侵,而如果密码设置的过于复杂,又不便于记忆和输入。In the prior art, the identity verification of the video surveillance system is mainly through login and verification through user names and passwords. In some video surveillance systems, the management server cannot be accessed directly, and the network needs to be dialed up through the VPN. At this time, the user name and password of the VPN dial-up also need to be entered. However, for a video surveillance system that needs to input user names and passwords multiple times, the user's operations are more cumbersome. If the password is set too simple, it is easy to be guessed and illegally invaded, and if the password is set too complicated, it is not easy to remember and input.

发明内容Contents of the invention

本发明的目的是提供一种身份验证系统,避免了现有技术密码输入繁琐,不便于登录的技术问题,能够快速安全地接入视频监控系统。The purpose of the present invention is to provide an identity verification system, which avoids the technical problems of cumbersome password input and inconvenient login in the prior art, and can quickly and safely access the video monitoring system.

为了实现上述目的,本发明技术方案如下:In order to achieve the above object, the technical scheme of the present invention is as follows:

一种身份验证系统,应用于视频监控网络,包括管理服务器和客户端,所述客户端包括第一客户端和第二客户端,其中:An identity verification system, applied to a video surveillance network, includes a management server and a client, and the client includes a first client and a second client, wherein:

所述第一客户端,用于携带自身的特征码访问管理服务器,根据管理服务器的反馈信息,显示对应的图形码,该图形码包含管理服务器根据所述特征码生成的访问ID,并向管理服务器查询该访问ID是否已经获得授权,在获得授权后直接登录管理服务器;The first client is used to carry its own feature code to access the management server, and display the corresponding graphic code according to the feedback information of the management server, the graphic code includes the access ID generated by the management server according to the feature code, and sends the The server queries whether the access ID has been authorized, and directly logs in to the management server after obtaining the authorization;

所述第二客户端,用于扫描第一客户端显示的图形码,携带第二客户端的特征码以及所述图形码中的访问ID连接管理服务器,在管理服务器中没有该访问ID、第二客户端特征码和监控用户名的绑定关系时,提示用户输入监控用户名和密码,向管理服务器发起登录,在验证通过后在管理服务器中记录该访问ID、第二客户端特征码与监控用户名的绑定关系,并在第二客户端上建立用户身份信息与该访问ID的绑定关系;在管理服务器中存在该访问ID、第二客户端特征码和监控用户名的绑定关系时,接收管理服务器的响应信息,根据提示输入用户身份信息,向管理服务器发送携带该访问ID和第二客户端特征码的授权信息;The second client is used to scan the graphic code displayed by the first client, and carry the feature code of the second client and the access ID in the graphic code to connect to the management server. In the management server, there is no such access ID, the second When there is a binding relationship between the client feature code and the monitoring user name, prompt the user to enter the monitoring user name and password, initiate a login to the management server, and record the access ID, the second client feature code and the monitoring user name in the management server name, and establish a binding relationship between user identity information and the access ID on the second client; when there is a binding relationship between the access ID, the second client feature code, and the monitoring user name in the management server , receiving the response information from the management server, inputting user identity information according to the prompt, and sending authorization information carrying the access ID and the second client feature code to the management server;

管理服务器,用于在收到第二客户端携带特征码及访问ID的连接时,查询自身是否具有该访问ID、特征码和监控用户名的绑定关系,在存在该绑定关系时,向第二客户端发送响应消息,在收到第二客户端的授权信息后,判断授权信息是否与记录的访问ID、第二客户端特征码与监控用户名的绑定关系一致,如果一致则授权第一客户端登录;如果不存在该绑定关系,则通知第二客户端输入监控用户名和密码进行登录,在验证通过后,记录访问ID、第二客户端特征码和监控用户名的绑定关系。The management server is configured to, when receiving the connection that the second client carries the feature code and the access ID, inquire whether itself has the binding relationship of the access ID, the feature code and the monitoring user name, and when there is the binding relationship, send The second client sends a response message. After receiving the authorization information of the second client, it judges whether the authorization information is consistent with the recorded access ID, the second client characteristic code and the binding relationship of the monitoring user name. A client logs in; if the binding relationship does not exist, the second client is notified to enter the monitoring user name and password to log in, and after the verification is passed, the binding relationship between the access ID, the second client feature code and the monitoring user name is recorded .

进一步地,所述第一客户端还用于记录管理服务器返回的访问ID,在二次访问管理服务器时,携带该访问ID访问管理服务器,并显示带有该访问ID的图形码供第二客户端扫描。Further, the first client is also used to record the access ID returned by the management server, and when accessing the management server for the second time, carry the access ID to access the management server, and display the graphic code with the access ID for the second client side scan.

所述管理服务器还用于接收第一客户端携带访问ID的访问,在收到第二客户端的授权信息后,判断授权信息是否与记录的访问ID、第二客户端特征码与监控用户名的绑定关系一致,如果一致则授权第一客户端登录。Described management server is also used for receiving the visit that the first client carries access ID, after receiving the authorization information of the second client, judges whether authorization information and the access ID of record, the second client characteristic code and monitoring username The binding relationship is consistent, and if they are consistent, the first client is authorized to log in.

进一步地,所述第一客户端还用于在管理服务器没有得到第二客户端的授权时,输入VPN用户名和密码进行VPN连接;在管理服务器得到第二客户端的授权时,直接根据管理服务器返回的VPN用户名和密码进行VPN连接。Further, the first client is also used to input the VPN user name and password to perform VPN connection when the management server is not authorized by the second client; when the management server is authorized by the second client, directly according to the VPN username and password for VPN connection.

所述图形码还包含管理服务器地址、VPN用户名与密码、VPN拨号后的管理服务器地址。The graphic code also includes management server address, VPN user name and password, and management server address after VPN dial-up.

所述第二客户端还用于根据图形码中包含的VPN用户名与密码进行VPN拨号,与管理服务器建立VPN连接。The second client is also used for performing VPN dial-up according to the VPN user name and password contained in the graphic code, and establishing a VPN connection with the management server.

进一步地,所述管理服务器还用于记录第一客户端的访问ID及登录状态作为使用痕迹,将第一客户端的访问ID及管理使用痕迹的管理服务器IP地址和端口号发给第二客户端,第二客户端保留第一客户端的访问ID及管理使用痕迹的管理服务器IP地址和端口号。Further, the management server is also used to record the access ID and login status of the first client as usage traces, and send the management server IP address and port number of the first client access ID and management usage traces to the second client, The second client retains the access ID of the first client and the IP address and port number of the management server for managing usage traces.

所述第二客户端还用于向管理服务器发送断开连接请求,将所述访问ID发送给管理使用痕迹的管理服务器IP地址和端口号,所述管理服务器收到携带访问ID的断开连接请求后,终止与对应第一客户端的所有业务。The second client is also used to send a disconnection request to the management server, and send the access ID to the IP address and port number of the management server that manages the usage traces, and the management server receives the disconnection request carrying the access ID. After the request, terminate all services with the corresponding first client.

本发明提出的一种身份验证系统,通过管理服务器根据PC客户端特征码生成访问ID,并通过第二客户端移动终端登录管理服务器,在管理服务器中生成访问ID、移动终端和监控用户名的绑定关系,由移动终端通过指纹确认对第一客户端进行授权,实现在PC客户端免密码登录。本发明的身份验证系统,不需要每次登录时输入复杂的用户名和密码,方便了用户在不同的客户端上进行登录。In the identity verification system proposed by the present invention, the access ID is generated by the management server according to the feature code of the PC client, and the mobile terminal of the second client logs into the management server, and the access ID, mobile terminal and monitoring user name are generated in the management server. In the binding relationship, the mobile terminal authorizes the first client through fingerprint confirmation, so as to realize password-free login on the PC client. The identity verification system of the present invention does not need to input complicated user names and passwords every time when logging in, which facilitates users to log in on different clients.

附图说明Description of drawings

图1为本发明实施例视频监控网络结构示意图;Fig. 1 is a schematic diagram of the structure of a video surveillance network according to an embodiment of the present invention;

图2为本发明身份验证系统结构示意图。Fig. 2 is a schematic structural diagram of the identity verification system of the present invention.

具体实施方式Detailed ways

下面结合附图和实施例对本发明技术方案做进一步详细说明,以下实施例不构成对本发明的限定。The technical solution of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments, and the following embodiments do not constitute a limitation of the present invention.

如图1所示,视频监控网络包括管理服务器、客户端,以及前端设备等。客户端可以是PC客户端或移动终端客户端,客户端通过客户端软件或者浏览器登录到管理服务器,通过验证和授权后访问整个视频监控系统,客户端也会直接访问管理服务器所管理的下级设备(IPC、存储)。As shown in Figure 1, a video surveillance network includes a management server, a client, and a front-end device. The client can be a PC client or a mobile terminal client. The client logs in to the management server through client software or a browser, and accesses the entire video surveillance system after verification and authorization. The client will also directly access the subordinates managed by the management server. Devices (IPC, storage).

对于大型视频监控系统,其视频管理服务器VM即可作为本实施例中的管理服务器。而对于NVR+IPC的小型组网系统,可以认为NVR是本实施例中的管理服务器的角色。特别地,也可以认为单个IPC组成的视频监控系统,IPC自己就是管理服务器的角色。而本实施例的前端设备通常指网络摄像机IPC。在本实施例中,管理服务器仅以视频管理服务器为例加以描述,对于管理服务器管辖下的其它设备,仅以IPC为例加以描述。For a large-scale video surveillance system, its video management server VM can be used as the management server in this embodiment. As for the small-scale networking system of NVR+IPC, it can be considered that the NVR is the role of the management server in this embodiment. In particular, a video surveillance system composed of a single IPC can also be considered, and the IPC itself plays the role of a management server. The front-end device in this embodiment generally refers to the network camera IPC. In this embodiment, the management server is described only by taking the video management server as an example, and other devices under the management of the management server are described only by taking the IPC as an example.

如图2所示,本实施例一种身份验证系统,应用于视频监控网络,包括管理服务器和客户端,客户端包括第一客户端和第二客户端。As shown in FIG. 2 , an identity verification system in this embodiment is applied to a video surveillance network, and includes a management server and a client, and the client includes a first client and a second client.

在本实施例中,第一客户端为PC客户端,或其他固定安装的客户端,大屏幕显示客户端等,而第二客户端为移动终端,或智能平板电脑等。本发明的总体思想是,管理服务器根据第一客户端的特征码,生成第一客户端对应的访问ID返回给第一客户端,第二客户端通过登录管理服务器实现该访问ID与第二客户端的绑定,从而可以通过第二客户端来授权第一客户端免密码登录管理服务器。In this embodiment, the first client is a PC client, or other fixedly installed clients, large-screen display clients, etc., and the second client is a mobile terminal, or a smart tablet computer, or the like. The general idea of the present invention is that, according to the feature code of the first client, the management server generates the corresponding access ID of the first client and returns it to the first client, and the second client realizes the connection between the access ID and the second client by logging into the management server. Binding, so that the first client can be authorized to log in to the management server without a password through the second client.

以下分别对第一客户端、第二客户端和管理服务器进行详细的阐述:The first client, the second client and the management server are described in detail below:

第一客户端,用于携带自身的特征码访问管理服务器,根据管理服务器的反馈信息,显示对应的图形码,该图形码包含管理服务器根据所述特征码生成的访问ID,并向管理服务器查询该访问ID是否已经获得授权,在获得授权后直接登录管理服务器。The first client is used to carry its own feature code to access the management server, and display the corresponding graphic code according to the feedback information from the management server. The graphic code includes the access ID generated by the management server according to the feature code, and queries the management server Whether the access ID has been authorized, and directly log in to the management server after being authorized.

以PC上安装了客户端软件作为第一客户端为例,当PC客户端访问管理服务器时,PC客户端可以根据PC的特征生成唯一的特征码,例如根据MAC地址、随机数、登陆用户名生成唯一的特征码。如果PC客户端直接采用Web浏览器,则可以根据浏览器版本、操作系统、计算机名等生成唯一的特征码。Taking the client software installed on the PC as the first client as an example, when the PC client accesses the management server, the PC client can generate a unique feature code based on the characteristics of the PC, such as the MAC address, random number, and login user name. Generate a unique signature. If the PC client directly uses a web browser, a unique feature code can be generated based on the browser version, operating system, and computer name.

PC客户端唯一的特征码提交到管理服务器后,管理服务器再次生成随机数,将随机数与提交的唯一的特征码进行哈希算法后的计算结果作为第一客户端的访问ID返回给PC客户端。PC客户端保留此访问ID,后续访问通过此访问ID和唯一的特征码一起作为第一客户端的区分标识。After the unique feature code of the PC client is submitted to the management server, the management server generates a random number again, and returns the hash algorithm calculation result of the random number and the submitted unique feature code to the PC client as the access ID of the first client. . The PC client retains this access ID, and the subsequent access uses this access ID and the unique feature code as the distinguishing identifier of the first client.

容易理解的是,对于不同的管理服务器,根据管理服务器的哈希算法,对于同一个PC客户端产生的访问ID可以相同,也可以不同。但是对于同一台管理服务器,对于一个PC客户端,产生的访问ID是唯一的。然而当PC上的特征码发生变化后,将生成不同的访问ID,这里不再赘述。It is easy to understand that, for different management servers, according to the hash algorithm of the management server, the access IDs generated for the same PC client may be the same or different. But for the same management server, for a PC client, the generated access ID is unique. However, when the feature code on the PC changes, a different access ID will be generated, and details will not be described here.

例如,PC客户端对应的特征码为随机数12938,在首次访问管理服务器时,携带该随机数12938,管理服务器进行计算后得到访问ID 32309。管理服务器生成二维码或直接将访问ID返回给PC客户端,PC客户端将此访问ID保存至本地cookie作为后续访问ID。For example, the feature code corresponding to the PC client is a random number 12938. When accessing the management server for the first time, the random number 12938 is carried, and the management server obtains the access ID 32309 after calculation. The management server generates a QR code or directly returns the access ID to the PC client, and the PC client saves the access ID in a local cookie as a subsequent access ID.

本实施例图形码为二维码,也可以为条形码等其他可以识别的图形码。在第一客户端上显示的图形码,可以有管理服务器直接生成,然后下发给第一客户端,或者由第一客户端根据管理服务器下发的信息,在第一客户端上生成。The graphic code in this embodiment is a two-dimensional code, and may also be other identifiable graphic codes such as a barcode. The graphic code displayed on the first client may be directly generated by the management server and then sent to the first client, or generated by the first client on the first client according to the information sent by the management server.

二维码中包含如下信息:第一客户端对应的访问ID(例如32309)、管理服务器地址。在二维码中携带管理服务器地址是针对多个管理服务器的情形,为了区分所登录的管理服务器,对于仅有一台管理服务器的视频监控网络,也可以不携带该信息。The two-dimensional code includes the following information: the access ID corresponding to the first client (for example, 32309), and the address of the management server. Carrying the address of the management server in the QR code is for multiple management servers. In order to distinguish the logged-in management server, for a video surveillance network with only one management server, this information may not be carried.

在第一客户端显示二维码之后,就开始不断向管理服务器查询访问ID是否已经得到第二客户端的授权,同时页面显示监控用户名和密码的输入界面,便于用户在第二客户端上手工登录。一旦用户在第二客户端上进行确认授权后,第一客户端就能够完成登录过程,登录成功,不需要手工输入用户名和密码。After the first client displays the QR code, it starts to continuously inquire the management server whether the access ID has been authorized by the second client, and at the same time, the page displays the input interface for monitoring the user name and password, which is convenient for the user to log in manually on the second client . Once the user confirms the authorization on the second client, the first client can complete the login process, and the login is successful without manually inputting the user name and password.

容易理解的是,在第一客户端访问管理服务器,管理服务器根据第一客户端的特征码生成访问ID后,第一客户端保存了访问ID,在后续需要访问管理服务器时,只需要携带该访问ID向管理服务器发起访问即可,并显示带有该访问ID的图形码供第二客户端扫描。It is easy to understand that after the first client accesses the management server and the management server generates an access ID according to the feature code of the first client, the first client saves the access ID, and only needs to carry the access ID when it needs to access the management server later. The ID only needs to initiate access to the management server, and display the graphic code with the access ID for the second client to scan.

而目前很多视频监控系统都处于用户的私网中,处于公网的用户需要通过VPN接入管理服务器,因此第一客户端在访问管理服务器时,还需要通过VPN拨号建立与管理服务器的VPN连接。在这样的系统中,直接访问管理服务器时会提示下载VPN拨号客户端,然后通过VPN拨号客户端输入VPN用户名和密码后才能连接到管理服务器,再次输入监控系统的用户名密码后才能进行完整的访问。At present, many video surveillance systems are in the user's private network, and users in the public network need to access the management server through VPN. Therefore, when the first client accesses the management server, it also needs to establish a VPN connection with the management server through VPN dial-up. . In such a system, when you directly access the management server, you will be prompted to download the VPN dial-up client, and then you can connect to the management server only after entering the VPN user name and password through the VPN dial-up client. access.

具体地,第一客户端还用于在管理服务器没有得到第二客户端的授权时,输入VPN用户名和密码进行VPN连接;在管理服务器得到第二客户端的授权时,直接根据管理服务器返回的VPN用户名和密码进行VPN连接。Specifically, the first client is also used to input the VPN user name and password for VPN connection when the management server is not authorized by the second client; username and password for a VPN connection.

同样地,第二客户端也需要与管理服务器建立VPN连接,因此本实施例二维码中,还携带有VPN用户名、密码、VPN拨号后的管理服务器地址。Similarly, the second client also needs to establish a VPN connection with the management server, so the QR code in this embodiment also carries the VPN user name, password, and management server address after VPN dialing.

即管理服务器在与第一客户端建立VPN连接后,将上述信息生成在二维码中返回给第一客户端,或直接返回给第一客户端,由第一客户端来生成二维码。第二客户端在访问管理服务器时,也需要根据图形码中包含的VPN用户名与密码进行VPN拨号,与管理服务器建立VPN连接。That is, after the management server establishes a VPN connection with the first client, the above information is generated in a two-dimensional code and returned to the first client, or directly returned to the first client, and the first client generates a two-dimensional code. When the second client accesses the management server, it also needs to perform VPN dial-up according to the VPN user name and password contained in the graphic code, and establish a VPN connection with the management server.

第二客户端,用于扫描第一客户端显示的图形码,携带第二客户端的特征码以及所述图形码中的访问ID连接管理服务器,在管理服务器中没有该访问ID、第二客户端特征码和监控用户名的绑定关系时,提示用户输入监控用户名和密码,向管理服务器发起登录,在验证通过后在管理服务器中记录该访问ID、第二客户端特征码与监控用户名的绑定关系,并在第二客户端上建立用户身份信息与该访问ID的绑定关系;在管理服务器中存在该访问ID、第二客户端特征码和监控用户名的绑定关系时,接收管理服务器的响应信息,根据提示输入用户身份信息,向管理服务器发送携带该访问ID和第二客户端特征码的授权信息。The second client is used to scan the graphic code displayed by the first client, and carries the feature code of the second client and the access ID in the graphic code to connect to the management server. There is no such access ID and second client in the management server. When the feature code is bound to the monitoring user name, the user is prompted to enter the monitoring user name and password, and initiates a login to the management server. binding relationship, and set up the binding relationship between user identity information and the access ID on the second client; when there is a binding relationship between the access ID, the second client feature code and the monitoring user name in the management server, receive For the response information of the management server, input the user identity information according to the prompt, and send the authorization information carrying the access ID and the characteristic code of the second client to the management server.

本实施例以安装有客户端软件的移动终端为第二客户端为例,移动终端通过扫面第一客户端显示的二维码,可以得到第一客户端对应的访问ID、管理服务器地址,进一步地,还可以得到VPN用户名和密码。从而可以访问管理服务器,如果管理服务器在私网内,需要通过VPN连接来实现访问,则还根据得到的VPN用户名和密码先建立VPN连接。二维码中也可以不包含VPN用户名和密码,由用户自己手动输入。This embodiment takes the mobile terminal installed with client software as the second client as an example. The mobile terminal can obtain the access ID and management server address corresponding to the first client by scanning the QR code displayed by the first client. Further, the VPN user name and password can also be obtained. Thereby, the management server can be accessed. If the management server is in the private network and needs to be accessed through a VPN connection, then a VPN connection is established first according to the obtained VPN user name and password. The two-dimensional code may also not contain the VPN user name and password, which are manually input by the user himself.

第二客户端首次扫描二维码时,还未在第二客户端中生成访问ID、移动终端特征码以及监控用户名的绑定关系,在管理服务器中也不存在对应的绑定关系。因此需要进行一次绑定,即第二客户端连接管理服务器时,第二客户端携带了访问ID和自身的特征码,如移动终端的IMEI序列号,管理服务器会查询到自身没有访问ID、第二客户端特征码和监控用户名的绑定关系,则返回连接失败。第二客户端提示输入监控用户名和密码,向管理服务器发起登录,在验证通过后在管理服务器中记录访问ID、第二客户端特征码与监控用户名的绑定关系。When the second client scans the QR code for the first time, the binding relationship between the access ID, the mobile terminal feature code and the monitoring user name has not been generated in the second client, and there is no corresponding binding relationship in the management server. Therefore, a binding is required, that is, when the second client connects to the management server, the second client carries the access ID and its own feature code, such as the IMEI serial number of the mobile terminal, and the management server will find that it does not have the access ID, the first If there is a binding relationship between the client feature code and the monitoring user name, the connection failure will be returned. The second client prompts to input the monitoring user name and password, initiates login to the management server, and records the binding relationship between the access ID, the second client characteristic code and the monitoring user name in the management server after the authentication is passed.

同时在第二客户端中,保存第一客户端的访问ID,并提示用户输入用户身份信息(如指纹、或脸、或视网膜,本实施例以指纹为例)对保存的访问ID进行绑定,同时第二客户端保存连接监控服务器的地址和VPN用户名和密码。从而通过在需要携带访问ID访问管理服务器时,需要输入用户身份信息来进行确认,保证了是用户本人的操作,提高了安全性。Simultaneously in the second client, save the access ID of the first client, and prompt the user to input user identity information (such as fingerprint, or face, or retina, the present embodiment takes fingerprint as an example) to bind the saved access ID, At the same time, the second client saves the address connected to the monitoring server and the VPN user name and password. Therefore, when the access ID needs to be carried to access the management server, the user identity information needs to be input for confirmation, which ensures that the operation is performed by the user himself and improves security.

在第二客户端成功登录管理服务器后,管理服务器中记录访问ID、第二客户端特征码与监控用户名的绑定关系,此时在管理服务器中存在了访问ID与监控用户名的绑定关系,因此管理服务器向第二客户端发送响应信息,即在第二客户端显示“用户将在PC客户端登陆”,提示输入用户身份信息(例如指纹)进行授权。一旦用户输入指纹,就向管理服务器发送携带访问ID和第二客户端特征码的授权信息。After the second client successfully logs in to the management server, the management server records the binding relationship between the access ID, the feature code of the second client and the monitoring user name. At this time, there is a binding between the access ID and the monitoring user name in the management server Therefore, the management server sends a response message to the second client, that is, the second client displays "the user will log in on the PC client", and prompts to input user identity information (such as fingerprint) for authorization. Once the user inputs the fingerprint, the authorization information carrying the access ID and the second client feature code is sent to the management server.

容易理解的是,在首次第二客户端与管理服务器进行交互,已经完成过绑定后,第二次再扫描第一客户端的二维码时,只需输入用户身份信息,就可以调用绑定的访问ID和第二客户端特征码向管理服务器发起访问,而管理服务器在接收到访问后,查找自身是否有存在的绑定关系,这时候存在绑定关系,向第二客户端发送响应,通知第二客户端进行授权即可。It is easy to understand that when the second client interacts with the management server for the first time, after the binding has been completed, when scanning the QR code of the first client for the second time, you only need to enter the user identity information to call the binding The access ID of the second client and the characteristic code of the second client initiate access to the management server, and the management server checks whether there is a binding relationship with itself after receiving the access. At this time, there is a binding relationship and sends a response to the second client. Just notify the second client to authorize.

在授权时,在第二客户端,也需要用户输入用户身份信息,向管理服务器发送携带该访问ID和第二客户端特征码的授权信息。When authorizing, the second client also needs the user to input user identity information, and sends authorization information carrying the access ID and the second client feature code to the management server.

管理服务器,用于在收到第二客户端携带特征码及访问ID的连接时,查询自身是否具有该访问ID、特征码和监控用户名的绑定关系,在存在该绑定关系时,通知第二客户端进行授权,在收到第二客户端的授权信息后,判断授权信息是否与记录的访问ID、第二客户端特征码与监控用户名的绑定关系一致,如果一致则授权第一客户端登录;如果不存在该绑定关系,则通知第二客户端进行登录,在验证通过后,记录访问ID、第二客户端特征码和监控用户名的绑定关系。The management server is used to, when receiving the connection of the second client carrying the feature code and the access ID, inquire whether itself has the binding relationship between the access ID, the feature code and the monitoring user name, and when there is the binding relationship, notify The second client authorizes. After receiving the authorization information of the second client, it judges whether the authorization information is consistent with the recorded access ID, the second client characteristic code and the binding relationship of the monitoring user name. If it is consistent, the first client is authorized. Client login; if the binding relationship does not exist, the second client is notified to log in, and after the verification is passed, the binding relationship of the access ID, the second client characteristic code and the monitoring user name is recorded.

管理服务器在收到第一客户端的访问后,生成对应第一客户端的访问ID,并开始查询该访问ID是否得到第二客户端的授权。在得到第二客户端的授权后,就直接授权第一客户端登录成功。从而不需要在第一客户端上输入用户名和密码来进行登录操作。After receiving the access from the first client, the management server generates an access ID corresponding to the first client, and starts to inquire whether the access ID is authorized by the second client. After being authorized by the second client, the first client is directly authorized to log in successfully. Therefore, there is no need to input a user name and password on the first client to perform a login operation.

容易理解的是,第二客户端在完成首次绑定后,当再次遇到第一客户端需要进行登录时,只需扫描第一客户端的二维码,通过指纹确认后携带访问ID和自身的特征码连接管理服务器,而管理服务器查询到存在绑定关系,向第二客户端发送响应信息,即在第二客户端显示“用户将在PC客户端登陆”,提示输入用户身份信息(例如指纹)进行授权。一旦用户输入指纹,就向管理服务器发送携带访问ID和第二客户端特征码的授权信息。管理服务器在收到第二客户端的授权信息后,判断授权信息是否与记录的访问ID、第二客户端特征码与监控用户名的绑定关系一致,如果一致则授权第一客户端登录。It is easy to understand that after the first binding, the second client only needs to scan the QR code of the first client and carry the access ID and its own ID when it encounters the first client again and needs to log in. The feature code connects to the management server, and the management server inquires that there is a binding relationship, and sends a response message to the second client, that is, the second client displays "The user will log in on the PC client" and prompts to enter user identity information (such as fingerprint ) to authorize. Once the user inputs the fingerprint, the authorization information carrying the access ID and the second client feature code is sent to the management server. After receiving the authorization information of the second client, the management server judges whether the authorization information is consistent with the recorded access ID, the second client characteristic code and the binding relationship of the monitoring user name, and if consistent, authorizes the first client to log in.

需要说明的是,在访问ID发生变化时,需要重新进行绑定,绑定过程相同,这里不再赘述。It should be noted that when the access ID changes, it needs to be bound again, and the binding process is the same, which will not be repeated here.

下面通过具体的实施例来描述实现的过程,其中用户身份信息以指纹为例。The implementation process is described below through specific embodiments, where user identity information takes fingerprints as an example.

PC通过浏览器首次访问管理服务器,携带特征码12938;The PC accesses the management server for the first time through a browser, carrying feature code 12938;

管理服务器进行计算后返回访问ID 32309;The management server returns access ID 32309 after calculation;

PC浏览器将此访问ID保存至本地cookie作为后续访问ID;The PC browser saves this access ID to a local cookie as a subsequent access ID;

PC浏览器访问管理服务器,管理服务器发现PC直接访问的是管理服务器的公网地址,提示用户下载和安装VPN拨号软件;The PC browser accesses the management server, and the management server finds that the PC is directly accessing the public network address of the management server, prompting the user to download and install the VPN dial-up software;

用户安装VPN拨号软件后,输入VPN拨号用户名和密码,VPN登录后再次访问管理服务器;After the user installs the VPN dial-up software, enter the VPN dial-up user name and password, and access the management server again after VPN login;

管理服务器发现客户端已经拨号,跳转至拨号后的管理服务器地址,完成VPN登陆;The management server finds that the client has dialed up, jumps to the dialed management server address, and completes the VPN login;

此时PC浏览器显示生成的二维码,二维码中包含如下信息:访问ID32309、管理服务器地址、VPN用户名、密码、VPN拨号后的管理服务器地址;At this time, the PC browser displays the generated QR code, which contains the following information: access ID32309, management server address, VPN user name, password, management server address after VPN dial-up;

PC浏览器向管理服务器查询是否已经获得授权;The PC browser queries the management server whether it has been authorized;

作为第二客户端的移动终端扫二维码,获取访问ID32309、管理服务器地址、VPN用户名、密码、VPN拨号后的管理服务器地址;The mobile terminal as the second client scans the QR code to obtain access ID32309, management server address, VPN user name, password, and management server address after VPN dial-up;

移动终端尝试以管理服务器地址连接管理服务器,由于未进行VPN拨号,连接失败;The mobile terminal tries to connect to the management server with the address of the management server, but the connection fails because the VPN dial-up is not performed;

管理服务器地址尝试使用二维码中携带的VPN用户名、密码进行拨号,拨号成功后再次连接管理服务器,携带访问ID32309和手机唯一标识,例如IMEI;Try to use the VPN user name and password carried in the QR code to dial the address of the management server. After the dial is successful, connect to the management server again, carrying the access ID32309 and the unique identifier of the mobile phone, such as IMEI;

管理服务器地址向管理服务器查询ID32309+IMEI是否绑定监控用户,返回失败;The management server address queries the management server whether ID32309+IMEI is bound to the monitoring user, and returns failure;

管理服务器地址提示输入监控用户名和密码,在输入监控用户名和密码后,管理服务器验证该用户名密码正确性;The management server address prompts to enter the monitoring user name and password. After entering the monitoring user name and password, the management server verifies the correctness of the user name and password;

管理服务器验证通过后将访问ID32309和监控用户名绑定,管理服务器记录监控用户名-访问ID-IMEI之间的绑定关系;After the management server is verified, it binds the access ID32309 with the monitoring user name, and the management server records the binding relationship between the monitoring user name-access ID-IMEI;

移动终端登录管理服务器后,保存访问ID,并提示用户输入指纹对保存的访问ID进行绑定,同时移动终端保存连接管理服务器的地址和VPN用户/密码(如有);After the mobile terminal logs into the management server, it saves the access ID, and prompts the user to input the fingerprint to bind the saved access ID, and the mobile terminal saves the address and VPN user/password (if any) connected to the management server;

管理服务器发现此时已经有以访问ID32309登陆的移动终端,向移动终端发送响应消息“用户将在PC客户端登陆”;The management server finds that there is already a mobile terminal logged in with the access ID 32309 at this time, and sends a response message "The user will log in on the PC client" to the mobile terminal;

移动终端显示“用户将在PC客户端登陆”,并提示输入指纹授权;The mobile terminal displays "User will log in on the PC client" and prompts to enter fingerprint authorization;

用户输入指纹后,移动终端向管理服务器发送携带访问ID32309和IMEI的授权信息,管理服务器收到后,查询与保存的记录一致就认为授权通过;After the user enters the fingerprint, the mobile terminal sends the authorization information carrying access ID32309 and IMEI to the management server. After the management server receives it, if the query is consistent with the saved record, the authorization is considered to be passed;

PC浏览器向管理服务器查询是否已经获得授权,得知授权通过,跳转至登录成功界面。The PC browser inquires from the management server whether the authorization has been obtained, and upon learning that the authorization is passed, jumps to the login success interface.

需要说明的是,后续用户再次在同一PC登录,直接采用已保存的访问ID 32309访问管理服务器,而第二客户端通过扫描二维码,并通过指纹确认,向管理服务器发送携带访问ID 32309的访问,管理服务器查询发现有对应的绑定关系,对第二客户端进行响应,第二客户端通过指纹进行确认,发送授权消息进行授权,管理服务器收到授权消息后,完成授权。因此在后续的登录中,移动终端通过指纹确认即可完成第一客户端的登录。It should be noted that the subsequent user logs in on the same PC again and directly uses the saved access ID 32309 to access the management server, while the second client scans the QR code and confirms it with a fingerprint, and sends a password carrying the access ID 32309 to the management server. Access, the management server queries and finds that there is a corresponding binding relationship, and responds to the second client. The second client confirms through fingerprints, sends an authorization message for authorization, and the management server completes the authorization after receiving the authorization message. Therefore, in the subsequent login, the mobile terminal can complete the login of the first client through fingerprint confirmation.

并且在后续的登录过程中,不需要移动终端完成与监控服务器的监控业务连接,只需发送访问并接收响应即可,不需要输入监控用户名和密码,在不建立监控连接的情况下实现对第一客户端的登录确认,实现过程快。And in the subsequent login process, the mobile terminal does not need to complete the monitoring service connection with the monitoring server, only needs to send the access and receive the response, and does not need to enter the monitoring user name and password. A client's login confirmation, the implementation process is fast.

后续用户在另一PC登陆,此时PC客户端访问ID将发生变化。此时需要移动终端扫描二维码,再次实现重新绑定后完成同样的处理过程,实现登录,这里不再赘述。Subsequent users log in on another PC, and the PC client access ID will change at this time. At this time, the mobile terminal needs to scan the QR code, and then complete the same process after rebinding again to realize the login, which will not be repeated here.

本实施例身份验证系统,还可以在用户从PC离开之后,想起忘记关闭重要视频,可以由移动终端发起注销PC端登录的请求。In the identity verification system of this embodiment, after the user leaves the PC and remembers that he forgot to close the important video, the mobile terminal can initiate a request to log out of the PC terminal.

为此,本实施例管理服务器还用于记录第一客户端的访问ID及登录状态作为使用痕迹,将第一客户端的访问ID及管理使用痕迹的管理服务器IP地址和端口号发给第二客户端,第二客户端保留第一客户端的访问ID及管理使用痕迹的管理服务器IP地址和端口号。For this reason, the management server of this embodiment is also used to record the access ID and login status of the first client as usage traces, and send the management server IP address and port number of the first client's access ID and management usage traces to the second client , the second client retains the access ID of the first client and the IP address and port number of the management server used to manage traces.

当需要通过第二客户端来关闭第一客户端的连接时,向管理服务器发送断开连接请求,将所述访问ID发送给管理使用痕迹的管理服务器IP地址和端口号,管理服务器收到携带访问ID的断开连接请求后,终止与对应第一客户端的所有业务。When it is necessary to close the connection of the first client by the second client, a disconnection request is sent to the management server, and the access ID is sent to the management server IP address and port number for managing usage traces, and the management server receives the port access After the disconnection request of the ID, all services with the corresponding first client end are terminated.

通常VPN对管理服务器的开销比较大,因此本实施例的第二客户端还在登录成功后,主动断开VPN连接。或者管理服务器端主动断开与第二客户端的VPN连接,以减少VPN对服务器的开销。Usually, the overhead of the VPN on the management server is relatively large, so the second client in this embodiment actively disconnects the VPN connection after successfully logging in. Or the management server actively disconnects the VPN connection with the second client, so as to reduce the overhead of the VPN on the server.

以上实施例仅用以说明本发明的技术方案而非对其进行限制,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员当可根据本发明作出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。The above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and changes according to the present invention. deformation, but these corresponding changes and deformations should belong to the scope of protection of the appended claims of the present invention.

Claims (7)

1. a kind of authentication system is applied to video surveillance network, including management server and client, which is characterized in that The client includes the first client and the second client, in which:
First client, the condition code for carrying itself accesses management server, according to the feedback letter of management server Breath, shows corresponding graphic code, which includes the access ID that is generated according to described document information of management server, and to management Server inquires whether access ID has been authorized, and management server is directly logged in after being authorized;
Second client, the graphic code shown for scanning the first client, carry the second client condition code and Access ID connection management server in the graphic code, in the management server without access ID, the second client features When code and the binding relationship of monitoring user name, user's input monitoring username and password is prompted, initiates to log in management server, The binding for recording access ID, the second client features code and monitoring user name in the management server after being verified is closed System, and the binding relationship of subscriber identity information Yu access ID is established on a second client;Existing in the management server should When accessing ID, the second client features code and monitoring the binding relationship of user name, the response message of management server is received, according to Prompt input subscriber identity information sends the authorization letter for carrying access ID and the second client features code to management server Breath;
Management server, for inquiring whether itself has when receiving the second client carrying condition code and accessing the connection of ID There are access ID, condition code and the binding relationship for monitoring user name, when there are the binding relationship, send and ring to the second client Answer message, after the authorization message for receiving the second client, judge authorization message whether access ID with record, the second client Condition code is consistent with the monitoring binding relationship of user name, and the first client is authorized to log in if consistent;It is tied up if there is no this Determine relationship, then notifies that the second client input monitoring username and password is logged in, after being verified, record access ID, The binding relationship of second client features code and monitoring user name;
The access ID that first client is also used to record management server return takes in secondary access management server Management server is accessed with access ID, and shows that the graphic code with access ID supplies the second client scan.
2. authentication system according to claim 1, which is characterized in that the management server is also used to receive first Client carry access ID access, after the authorization message for receiving the second client, judge authorization message whether with record It is consistent with the monitoring binding relationship of user name to access ID, the second client features code, authorizes the first client to step on if consistent Record.
3. authentication system according to claim 1, which is characterized in that first client is also used to take in management When business device does not obtain the authorization of the second client, input VPN username and password carries out VPN connection;It is obtained in management server To the second client authorization when, directly according to management server return VPN username and password carry out VPN connection.
4. authentication system according to claim 3, which is characterized in that the graphic code also includes management server Management server address after location, VPN user name and password, VPN dialing.
5. authentication system according to claim 4, which is characterized in that second client is also used to according to figure The VPN user name and password for including in code carry out VPN dialing, establish VPN with management server and connect.
6. authentication system according to claim 1, which is characterized in that the management server is also used to record first The access ID and logging state of client, which are used as, uses trace, and the access ID of the first client and management are used to the management of trace Server ip address and port numbers issue the second client, and the second client retains the access ID of the first client and management uses The management server IP address and port numbers of trace.
7. authentication system according to claim 6, which is characterized in that second client is also used to management service Device transmission disconnects request, and the access ID is sent to the management server IP address and port numbers that management uses trace, The management server receive carry access ID disconnect request after, terminate and all business of corresponding first client.
CN201610269359.8A 2016-04-26 2016-04-26 an authentication system Active CN105827624B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610269359.8A CN105827624B (en) 2016-04-26 2016-04-26 an authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610269359.8A CN105827624B (en) 2016-04-26 2016-04-26 an authentication system

Publications (2)

Publication Number Publication Date
CN105827624A CN105827624A (en) 2016-08-03
CN105827624B true CN105827624B (en) 2019-10-18

Family

ID=56527640

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610269359.8A Active CN105827624B (en) 2016-04-26 2016-04-26 an authentication system

Country Status (1)

Country Link
CN (1) CN105827624B (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160224973A1 (en) 2015-02-01 2016-08-04 Apple Inc. User interface for payments
CN108206851B (en) * 2016-12-20 2021-04-27 英业达科技有限公司 Cross-platform download system and method based on two-dimensional barcode
CN106790168B (en) * 2016-12-29 2020-09-22 苏州浪潮智能科技有限公司 A communication preprocessing method, client and server
CN108322366B (en) * 2017-01-17 2021-10-01 阿里巴巴集团控股有限公司 Method, device and system for accessing a network
US10637872B2 (en) * 2017-02-23 2020-04-28 Synamedia Limited Behavior-based authentication
CN107528842A (en) * 2017-08-21 2017-12-29 合肥丹朋科技有限公司 Website method for generating cipher code and device
CN108055259B (en) * 2017-12-08 2021-01-05 锐捷网络股份有限公司 Account management method and device
EP4274286A3 (en) * 2018-01-22 2023-12-27 Apple Inc. Secure login with authentication based on a visual representation of data
CN108390892B (en) * 2018-03-31 2020-10-09 深圳忆联信息系统有限公司 Control method and device for security access of remote storage system
EP4264460B1 (en) 2021-01-25 2025-12-24 Apple Inc. Implementation of biometric authentication
US12316772B2 (en) 2021-03-15 2025-05-27 Synamedia Limited Home context-aware authentication
US12216754B2 (en) 2021-05-10 2025-02-04 Apple Inc. User interfaces for authenticating to perform secure operations
US12189756B2 (en) 2021-06-06 2025-01-07 Apple Inc. User interfaces for managing passwords
US12277205B2 (en) 2021-09-20 2025-04-15 Apple Inc. User interfaces for digital identification
CN115865562A (en) * 2022-11-30 2023-03-28 浪潮通用软件有限公司 Method, device and medium for integrating VPN (virtual private network) by application program under multi-tenant architecture
US12608079B2 (en) 2023-04-20 2026-04-21 Apple Inc. Devices, methods, and graphical user interfaces for user enrollment and authentication
CN119520130B (en) * 2024-11-26 2025-11-18 佰倬信息科技有限责任公司 A dynamic adaptive identity authentication integrated controller

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023919A (en) * 2012-12-26 2013-04-03 百度在线网络技术(北京)有限公司 Two-dimensional code based login control method and two-dimensional code based login control system
CN104283896A (en) * 2014-10-28 2015-01-14 用友软件股份有限公司 Login method, login system and terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102377737B (en) * 2010-08-10 2016-02-10 中兴通讯股份有限公司 The system and method for the interactive email access protocol server of a kind of many account access
CN103516674B (en) * 2012-06-21 2016-10-12 棣南股份有限公司 Quickly and the method for network device online and control device
CN103516514B (en) * 2012-06-21 2016-10-12 棣南股份有限公司 The establishing method of account access rights and control device
CN103427995B (en) * 2013-08-02 2017-01-25 北京星网锐捷网络技术有限公司 User authentication method, SSL (security socket layer) VPN (virtual private network) server and SSL VPN system
CN105515846B (en) * 2015-12-01 2019-10-18 浙江宇视科技有限公司 Client-based NVR configuration method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023919A (en) * 2012-12-26 2013-04-03 百度在线网络技术(北京)有限公司 Two-dimensional code based login control method and two-dimensional code based login control system
CN104283896A (en) * 2014-10-28 2015-01-14 用友软件股份有限公司 Login method, login system and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
扫码登录是如何实现的?;耗子吴;《URL:http://www.jianshu.com/p/7f072ac61763》;20150823;正文,图"微信扫码界面"、图"扫码登录完整流程" *

Also Published As

Publication number Publication date
CN105827624A (en) 2016-08-03

Similar Documents

Publication Publication Date Title
CN105827624B (en) an authentication system
US12255882B2 (en) Secure web container for a secure online user environment
US11838324B2 (en) Secure web container for a secure online user environment
CN103609090B (en) Identity login method and equipment
US8862097B2 (en) Secure transaction authentication
US9781105B2 (en) Fallback identity authentication techniques
EP3691215A1 (en) Access token management method, terminal and server
US20100197293A1 (en) Remote computer access authentication using a mobile device
CN101127625B (en) A system and method for authorizing access request
KR101451359B1 (en) User account recovery
DK2924944T3 (en) Presence authentication
CN103597806A (en) Strong authentication by submitting numbers
CN105392136A (en) Method and device for access to router based on two-dimensional code
CN103581184A (en) Method and system for mobile terminal to get access to intranet server
CN110336870A (en) Method, device, system and storage medium for establishing remote office operation and maintenance channel
KR20130093838A (en) Method for auto log-in and system for the same
JP2007264835A (en) Authentication method and system
CN109460647B (en) Multi-device secure login method
CN103138935B (en) An Identity Authentication System Based on Telecom Operators
WO2023198208A1 (en) Verification information sending method, electronic device and medium
JP2011192129A (en) Log-in authentication system using portable telephone terminal
WO2016190811A1 (en) Seamless unique user identification and management
WO2015151251A1 (en) Network service providing device, network service providing method, and program
KR20130076949A (en) Device authentication method by login session passing
CN110831003B (en) Authentication method and system based on WLAN flexible access network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant