两因素认证系统 [英] Two Factor Authentication System
问题描述
我正在尝试设计一个双因素身份验证系统(在 PHP 上),使用 SMS 作为第二个身份验证方法.这是一个测试项目,所以谁能帮我设计这个服务?
I'm trying to design a two factor authentication system (on PHP) using SMS as the second auth method. This is for a test project thus can anyone help me to design this service?
这将是一个基于网络的系统,以下是我目前所做的.
This will be an web based system and below is what i have done so far.
一旦客户端输入用户名和密码,网站就会向我们的服务器发送一个安全的 HTTP 请求,其中包含 MSISDN、一个 UID(用于识别会话)、他们的用户 ID 和密码.
Once the client enters the Username and Password the website will send a secure HTTP request to our server with the MSISDN, a UID (to identify the session), their UserID & PassWord.
我们的服务器会将请求添加到 MySQL 数据库,并使用代码、UID 和其他一些信息响应网站.
Our server will add the request to a MySQL DB and respond the website with a Code, UID and some other info.
我们的服务器将向客户端发送带有一次性密码的短信.
Our server will send the client a SMS with the one time password.
一旦客户端将 OTP 输入网站,该网站将向我们的服务器发送另一个带有加密 OTP 的 HTTPS 请求,我们将发送成功或失败代码作为响应.
Once the client enters the OTP into the website, the website will send another HTTPS request with the encrypted OTP to our server and we will send a success or fail code as the response.
这是我想到的流程.谁有更好的流量?或建议?
this is the flow i have thought about. Anyone have a better flow? or suggestions?
谢谢.
推荐答案
似乎是一种有效的机制.但是如果 SMS 设备不在服务区内呢?还是电池没电了?
Seems like a valid mechanism. But what if the SMS device is not in a service area? Or dead battery?
这篇关于两因素认证系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!