Use USB Key (dongle) for Identity Authentication

First, you need to buy a Dongle device. It is a hardware device that looks like a USB flash disk! Here I use the ET99 product of Jianshi integrity company.

The company project needs to implement a function, that is, the customer uses a Dongle to log on, the customer does not want to enter any password or other things, just need to plug in a USB flash drive dongle to verify identity login! (Of course, if the USB flash drive is lost, it will be insecure.) At that time, I was assigned an ET99 device (similar to a USB flash drive) and an official website! Go to the official website to download the materials (API & DEMO & DOC). At that time, I had no idea at all. Just try it first! I just tried it out today and shared it with you!

 

Security of ET99:

1. Login users must enter their own user pin for verification before they can complete the calculation.
2. The user pin has a maximum number of retries. continuous input errors will be locked. This prevents invalid users from retrying after hardware is lost.
3. The key stored in the ET99 multi-function lock cannot be obtained by anyone.
4. You must have both the hardware and the user pin used to protect the hardware before logging on. There are hardware, no user pin or user pin, and no hardware, there is no way to log on. The security of logon users is greatly enhanced than that of traditional user names and passwords. (Similar to the Bank's U shield)
5. This protects the interests of system developers. Using hardware to log on, there is no problem of user name and password sharing

ET99 authentication method

Throughout the authentication process, ET99 adopts the impact response authentication method. When you need to verify the identity of a user on the network, the client sends a verification request to the server. After receiving this request, the server generates a random number and transmits it to the client over the network (this is an impact ). The client provides the received random number to ET99, where ET99 performs HMAC-MD5 operations with the random number and the key stored in ET99 and obtains a result as authentication evidence to the server (In response ). At the same time, the server also uses the random number and the customer key stored in the server database for HMAC-MD5 operations, if the server calculation result is the same as the response returned by the client, the client is regarded as a legal user.

How to start:

1. Copy FT_ET99_API.dll, ET99_MOD.dll, and ET99_FULL.dll to the system directory before running ET99 full-featured Active Control and ET99 webpage secure Active control (usually in the system32 directory in windows ), register the full-featured Active Control and webpage Active control. The command line is as follows: regsvr32 ET99_MOD.dll and regsvr32 ET99_FULL.dll.

2. initialize the device:

This step is not over yet. I thought it was over. I deployed the official et99_sample_csharp_bs sample program. Why can't I log in! Because no Key is written here!

The Key is written to the database and the ET99 device. We need to develop it here! (I was confused about what AspInit was doing )!

 

1. Implement the AspInit page function to write the key and user name to ET99 and database.

2. The first step is implemented. you can log on and try again.

3. Didn't I say that the PIN is 16 bits? Why do you enter four digits here? In this case, the customer is willing to remember the 16-bit PIN? You need to write a new PIN page! You have to enter a 16-bit PIN code when you modify the code for the first time!

4. It's always a success, isn't it? Isn't automatic logon required? Why do I need to click log on? This does not seem to work! Do other websites only remember the user name and password? It seems that you still need to click the login button! The boss said, "Let's do it first! ". Fortunately, this morning, I suddenly thought of the idea. After the user successfully logs on to the system for the first time, he writes the PID and PIN into the Cookie. When the user logs on to the system next time, he can directly obtain the PID and PIN from the Cookie, you can use JS to call the click () event of the logon button! However, many people say that cookies are insecure. Even if someone else obtains the value in the cookies, they will not be able to use the ET99 device! You must have a PID + PIN + ET99 device before you can successfully log on! In an episode, when performing automatic logon, the click () event of the logon button called by the onload event forms an endless loop and the onload is always clicking ()! Finally, declare a count variable in the foreground JS. After logging on to the background, modify the count value! This is the end!

Conclusion:

This is basically done this week! Many errors have also been encountered! Thank you! Especially for exception handling! (Of course, the exception handling in my program is also directly copying his code in the past ET99_API.cs), the official documentation also needs to be carefully read, at that time I just looked at it by the horse, the exceptions thrown by the program are unknown. For example, if you execute the preconditions required by some functions, the result preconditions are not executed. Of course, the program will go wrong! In addition, the winform program references ET99_MOD.dll, while the asp.net program references ET99_FULL.dll, which is also a DLL reference error and is always wrong!

Source program + official materials + ET99Tools (Which of the following is written by Ren Xiong above) download

Technorati tags: ET99, dongle, Jianshi integrity, USB key, identity authentication, Automatic Login