| With the rapid development of Internet,especially the concept of Internet plus speed up the Web application in various fields of society,and the Web login security as the primary part of an entire Web application system security,its role is crucial.The traditional Web login usually adopt static password,because static password is fixed,reusable in a certain time interval.Using a static password to implement identity authentication method is simple and easy to use and the static password have the characteristics of a certain security,therefore has been widely used.But along with the network complexity,diversification of means of attack,the static password technology security flaw is becoming more and more obvious.In order to solve the problem of static password security,and puts forward the OTP technology,namely one at a time of authentication.Each time a user login information to add dynamic factors,makes every time transfer the user password each are not identical,thus increasing the safety of the login process.But just depend on the OTP technology already cannot satisfy the needs of the login security,Web login security needs a complete security solution to solve the security problems existing in the login process.This article through to the Web security vulnerabilities that exist in the login process,conduct risk analysis,and combined with the market at present the existence of dynamic identity authentication scheme,put forward the Web login process is divided into six modules,respectively is:client authentication server module,user login module,transmission module,authentication module,password storage module and intelligent identification of user identity module.Each module corresponds to solve appear in different stages in the process of Web log on security issues.According to the various modules of vulnerability analysis and puts forward a kind of security requirements in the form of challenge/response authentication mechanism to implement the client authentication server,with the hash xor algorithm for password encryption,transmission,algorithm AES algorithm to encrypt password storage,intelligent identification with Web log mining user identity for secondary user authentication login security scheme.Among them in order to prevent the attacker by snooping or other ways to get fake user login password,take through the Web log mining to build intelligent identification of user identity function module.The module function according to user's daily behavior,intelligent identifying user login identity information.It analyzes the security problems existing in the login process modules,and gives the ways to solve these security problems.Realized the need for additional equipment meets the demands of general site safety requirements. |
PDF Full Text Request