TW202314543A - Operating system login method, electronic equipment, and storage medium - Google Patents

Operating system login method, electronic equipment, and storage medium Download PDF

Info

Publication number
TW202314543A
TW202314543A TW110135018A TW110135018A TW202314543A TW 202314543 A TW202314543 A TW 202314543A TW 110135018 A TW110135018 A TW 110135018A TW 110135018 A TW110135018 A TW 110135018A TW 202314543 A TW202314543 A TW 202314543A
Authority
TW
Taiwan
Prior art keywords
character string
operating system
user terminal
account
public key
Prior art date
Application number
TW110135018A
Other languages
Chinese (zh)
Inventor
呂孝恆
Original Assignee
鴻海精密工業股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 鴻海精密工業股份有限公司 filed Critical 鴻海精密工業股份有限公司
Priority to TW110135018A priority Critical patent/TW202314543A/en
Publication of TW202314543A publication Critical patent/TW202314543A/en

Links

Images

Abstract

The present application provides an operating system login method, electronic equipment, and a storage medium. The operating system login method includes: in response to a login request of a user terminal, querying a distributed identity document corresponding to the login request from a blockchain; extracting a target public key from the distributed identity document; generating a first character string, and encrypting the first character string by using the target public key; sending the encrypted first character string to the user terminal; receiving a second character string sent by the user terminal, the second character string being a character string obtained by the user terminal using a private key to decrypt the encrypted first character string; determining whether to allow the user terminal to log into the operating system according to the first character string and the second character string. By utilizing this application, the security of users' personal information can be improved.

Description

作業系統登錄方法、電子設備及儲存介質Operating system login method, electronic device and storage medium

本發明涉及資訊安全領域,尤其涉及一種作業系統登錄方法、電子設備及儲存介質。The invention relates to the field of information security, in particular to an operating system login method, electronic equipment and a storage medium.

用戶在公共場所使用共用電腦時,由於共用電腦的管理員會在電腦中創建一組用戶帳號,並讓所有的用戶共用此帳號來操作共用電腦,導致用戶很容易將個人隱私資訊洩漏給他人。例如在共用電腦中登入網路郵箱,離開前未正確登出,使得個人隱私資訊暴露給後面的用戶。這種登錄電腦的方式,安全性低,極易造成資訊洩露。When a user uses a shared computer in a public place, since the administrator of the shared computer will create a group of user accounts on the computer and let all users share this account to operate the shared computer, it is easy for the user to leak personal private information to others. For example, if you log in to your webmail on a shared computer, but do not log out correctly before leaving, your private information will be exposed to subsequent users. This method of logging in to the computer has low security and can easily cause information leakage.

鑒於以上內容,有必要提供一種作業系統登錄方法、電子設備及儲存介質,能提高用戶個人資訊的安全性。In view of the above, it is necessary to provide an operating system login method, an electronic device and a storage medium, which can improve the security of the user's personal information.

本申請提供一種作業系統登錄方法,所述方法包括:回應於用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔;從所述分散式身份標識文檔中提取目標公開金鑰;生成第一字串,並利用所述目標公開金鑰加密所述第一字串;發送加密後的第一字串至用戶終端;接收所述用戶終端發送的第二字串,所述第二字串為所述用戶終端利用私密金鑰解密所述加密後的第一字串得到的字串;根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統。The present application provides an operating system login method, the method comprising: in response to a login request of a user terminal, querying the distributed identity document corresponding to the login request from the block chain; from the distributed identity document extracting the target public key; generating a first character string, and encrypting the first character string with the target public key; sending the encrypted first character string to the user terminal; receiving the second character string sent by the user terminal string, the second string is the string obtained by the user terminal using the private key to decrypt the encrypted first string; according to the first string and the second string, determine whether to allow the The user terminal logs into the operating system.

在一種可能的實現方式中,所述方法還包括:回應於所述用戶終端的註冊請求,生成並顯示帳號註冊QR碼;接收所述用戶終端透過掃描所述帳號註冊QR碼生成的第一帳號;將所述第一帳號寫入所述分散式身份標識文檔中。In a possible implementation, the method further includes: generating and displaying an account registration QR code in response to the registration request of the user terminal; receiving the first account number generated by the user terminal by scanning the account registration QR code ; Write the first account number into the distributed identity document.

在一種可能的實現方式中,所述方法還包括:接收所述用戶終端發送的公開金鑰,其中,所述公開金鑰為所述用戶終端對所述第一帳號進行加密得到的,所述公開金鑰與所述私密金鑰對應;將所述公開金鑰寫入所述分散式身份標識文檔中並與所述第一帳號進行關聯。In a possible implementation manner, the method further includes: receiving a public key sent by the user terminal, where the public key is obtained by encrypting the first account by the user terminal, the The public key corresponds to the private key; the public key is written into the distributed identity document and associated with the first account.

在一種可能的實現方式中,所述生成並顯示帳號註冊QR碼包括:調用分散式身份標識帳號註冊的API介面;根據所述API介面生成並顯示所述帳號註冊QR碼。In a possible implementation manner, the generating and displaying the account registration QR code includes: calling an API interface for account registration of the distributed identity identifier; generating and displaying the account registration QR code according to the API interface.

在一種可能的實現方式中,所述回應於用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔包括:顯示帳號登錄QR碼;接收所述用戶終端透過掃描所述帳號登錄QR碼生成的第二帳號;從區塊鏈中查詢與所述第二帳號對應的分散式身份標識文檔。In a possible implementation manner, in response to the login request of the user terminal, querying the distributed identity document corresponding to the login request from the block chain includes: displaying the account login QR code; Scanning the account to log in to the second account generated by the QR code; querying the distributed identity document corresponding to the second account from the block chain.

在一種可能的實現方式中,所述從所述分散式身份標識文檔中提取目標公開金鑰包括:遍歷所述分散式身份標識文檔;查找與所述第二帳號相同的第一帳號;將所述第一帳號對應的公開金鑰作為所述目標公開金鑰。In a possible implementation manner, the extracting the target public key from the distributed identity document includes: traversing the distributed identity document; finding the first account that is the same as the second account; The public key corresponding to the first account is used as the target public key.

在一種可能的實現方式中,所述利用所述目標公開金鑰加密所述第一字串包括:將所述目標公開金鑰作為加密金鑰;透過所述加密金鑰,利用非對稱加密演算法加密所述第一字串。In a possible implementation manner, the encrypting the first character string by using the target public key includes: using the target public key as an encryption key; using the encryption key to use an asymmetric encryption algorithm method to encrypt the first character string.

在一種可能的實現方式中,所述根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統包括:判斷所述第一字串與所述第二字串是否相同;若所述第一字串與所述第二字串相同,允許所述用戶終端登錄所述作業系統;若所述第一字串與所述第二字串不相同,禁止所述用戶終端登錄所述作業系統。In a possible implementation manner, the judging whether to allow the user terminal to log in to the operating system according to the first character string and the second character string includes: judging the first character string and the second Whether the character strings are the same; if the first character string is the same as the second character string, allow the user terminal to log in to the operating system; if the first character string is not the same as the second character string, prohibit The user terminal logs into the operating system.

本申請還提供一種電子設備,所述電子設備包括處理器和儲存器,所述處理器用於執行所述儲存器中儲存的電腦程式時實現所述的作業系統登錄方法。The present application also provides an electronic device, the electronic device includes a processor and a storage, and the processor is configured to implement the operating system login method when executing a computer program stored in the storage.

本申請還提供一種電腦可讀儲存介質,所述電腦可讀儲存介質上儲存有電腦程式,所述電腦程式被處理器執行時實現所述的作業系統登錄方法。The present application also provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the operating system login method is implemented.

本申請公開的作業系統登錄方法及相關設備,透過根據用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔,並從所述分散式身份標識文檔中提取目標公開金鑰,生成第一字串,並利用所述目標公開金鑰加密所述第一字串,加密完成後發送加密後的第一字串至用戶終端,透過所述用戶終端利用私密金鑰解密所述加密後的第一字串得到第二字串,並根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統。透過所述分散式身份標識文檔建立用戶帳號與所述公開金鑰之間的唯一對應關係既保證了用戶身份資訊的可靠性,又提高了用戶身份資訊和用戶運算元據的安全性。另外透過利用所述區塊鏈將資料儲存在相互之間具有優先關係的一系列資料區塊中,以去中心化方式提供資料儲存,提高了資料的安全性。The operating system login method and related equipment disclosed in this application query the decentralized identity document corresponding to the login request from the blockchain according to the login request of the user terminal, and extract the distributed identity document from the distributed identity document. The target public key generates a first string, and encrypts the first string with the target public key. After the encryption is completed, the encrypted first string is sent to the user terminal, and the private key is used through the user terminal. decrypting the encrypted first character string to obtain a second character string, and judging whether to allow the user terminal to log in to the operating system according to the first character string and the second character string. Establishing the unique corresponding relationship between the user account and the public key through the distributed identity document not only ensures the reliability of the user identity information, but also improves the security of the user identity information and user computing metadata. In addition, by using the block chain to store data in a series of data blocks that have a priority relationship among them, data storage is provided in a decentralized manner, thereby improving data security.

為了使本申請的目的、技術方案和優點更加清楚,下面結合附圖和具體實施例對本申請進行詳細描述。In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

請參閱圖1,圖1為本申請一實施例的電子設備的示意圖。參閱圖1所示,所述電子設備1包括,但不僅限於,儲存器11和至少一個處理器12上述元件之間可以透過匯流排(例如,圖1中所示的14)連接,也可以直接連接。Please refer to FIG. 1 , which is a schematic diagram of an electronic device according to an embodiment of the present application. Referring to FIG. 1, the electronic device 1 includes, but is not limited to, a storage 11 and at least one processor 12. The above-mentioned components can be connected through a bus (for example, 14 shown in FIG. 1 ), or can be directly connect.

所述電子設備1可以是電腦、手機、平板電腦、個人數位助理(Personal Digital Assistant,PDA)等安裝有應用程式的設備。本領域技術人員可以理解,所述示意圖1僅僅是電子設備1的示例,並不構成對電子設備1的限定,可以包括比圖示更多或更少的部件,或者組合某些部件,或者不同的部件,例如所述電子設備1還可以包括輸入輸出設備、網路接入設備、匯流排等。The electronic device 1 may be a computer, a mobile phone, a tablet computer, a personal digital assistant (Personal Digital Assistant, PDA) and other devices installed with applications. Those skilled in the art can understand that the schematic diagram 1 is only an example of the electronic device 1, and does not constitute a limitation to the electronic device 1, and may include more or less components than those shown in the figure, or combine certain components, or be different For example, the electronic device 1 may also include input and output devices, network access devices, bus bars, and the like.

如圖2所示,是本申請作業系統登錄方法的較佳實施例的流程圖。所述作業系統登錄方法應用在所述電子設備1中。根據不同的需求,該流程圖中步驟的順序可以改變,某些步驟可以省略。在本實施方式中,所述作業系統登錄方法包括:As shown in FIG. 2 , it is a flow chart of a preferred embodiment of the operating system login method of the present application. The operating system login method is applied in the electronic device 1 . According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted. In this implementation manner, the operating system login method includes:

S11、回應於用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔。S11. In response to the login request of the user terminal, query the distributed identity document corresponding to the login request from the blockchain.

在本實施方式中,分散式身份標識(Decentralized Identifiers,DID)是由字串組成的識別字,用來代表一個數位身份,不需要中央註冊機構就可以實現全球唯一性。通常,一個用戶實體可以擁有多個身份,每個身份被分配唯一的DID值,以及與之關聯的非對稱金鑰。其中所述非對稱金鑰包括公開金鑰和私密金鑰。不同的身份之間沒有關聯資訊,從而有效地保護了用戶個人資料的安全。In this embodiment, decentralized identifiers (Decentralized Identifiers, DID) are identification words composed of character strings, which are used to represent a digital identity, and global uniqueness can be achieved without a central registration authority. Usually, a user entity can have multiple identities, and each identity is assigned a unique DID value and an asymmetric key associated with it. Wherein the asymmetric key includes a public key and a private key. There is no associated information between different identities, which effectively protects the security of users' personal data.

在本實施方式中,所述DID是一種去中心化的可驗證的數位識別碼符,具有分散式、自主可控、跨鏈複用等特點。用戶實體可自主完成DID的註冊、解析、更新或者撤銷操作。所述DID具體解析為DID文檔,所述DID文檔包括DID的唯一標識碼,公開金鑰清單和公開金鑰的詳細資訊,以及DID用戶的其他屬性描述。其中所述DID的唯一標識碼為DID用戶帳號。In this embodiment, the DID is a decentralized and verifiable digital identifier, which has the characteristics of decentralization, autonomous controllability, and cross-chain multiplexing. User entities can independently complete DID registration, resolution, update or revocation operations. The DID is specifically resolved into a DID document, and the DID document includes the unique identification code of the DID, the public key list and detailed information of the public key, and other attribute descriptions of the DID user. The unique identification code of the DID is a DID user account.

在本實施方式中,所述回應於用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔包括:In this embodiment, in response to the login request of the user terminal, querying the distributed identity document corresponding to the login request from the blockchain includes:

(1)生成並顯示帳號登錄QR碼。具體實施時,用戶透過用戶終端發送登錄所述作業系統的請求,當接收到所述登錄請求時,調用分散式身份標識帳號登錄的第二API介面,並根據所述第一API介面生成並顯示所述帳號註冊QR碼。例如,所述第二API介面為{ "protocol": "http", "api_endpoint": "http://192.168.1.10:8080/user/login" }。(1) Generate and display the account login QR code. During specific implementation, the user sends a request to log in to the operating system through the user terminal, and when receiving the log-in request, calls the second API interface of the distributed identity identification account login, and generates and displays it according to the first API interface The account registration QR code. For example, the second API interface is { "protocol": "http", "api_endpoint": "http://192.168.1.10:8080/user/login" }.

(2)接收所述用戶終端透過掃描所述帳號登錄QR碼生成的第二帳號。具體實施時,用戶透過所述用戶終端掃描所述帳號登錄QR碼後,可以透過所述第二API介面輸入第二DID字串,並將所述第二DID字串作為所述第二帳號,其中所述第二帳號為用戶的登錄帳號,可以根據用戶的實際需求進行輸入。輸入完成後,所述用戶終端將所述第二帳號發送給所述作業系統。(2) receiving the second account number generated by the user terminal by scanning the account login QR code. During specific implementation, after scanning the account login QR code through the user terminal, the user can input a second DID string through the second API interface, and use the second DID string as the second account number, The second account is the login account of the user, which can be input according to the actual needs of the user. After the input is completed, the user terminal sends the second account number to the operating system.

(3)從區塊鏈中查詢與所述第二帳號對應的DID文檔。(3) Query the DID document corresponding to the second account from the blockchain.

在一些實施方式中,所述步驟S11之前,所述方法還包括:回應於所述用戶終端的註冊請求,生成並顯示帳號註冊QR碼;接收所述用戶終端透過掃描所述帳號註冊QR碼生成的第一帳號;將所述第一帳號寫入所述分散式身份標識文檔中。In some implementations, before the step S11, the method further includes: generating and displaying an account registration QR code in response to the registration request of the user terminal; receiving an account registration QR code generated by the user terminal by scanning the account registration QR code the first account number; write the first account number into the distributed identity document.

為了使用戶利用分散式身份登錄所述作業系統,需要用戶進行帳號註冊,並將用戶註冊的帳號儲存於所述DID文檔中。In order for a user to log into the operating system using a distributed identity, the user needs to register an account, and the account registered by the user is stored in the DID file.

具體實施時,用戶可以透過用戶終端向所述電子設備1發送DID帳號註冊請求,在接收到所述註冊請求後,可以根據用戶的註冊請求調用DID帳號註冊的第一API介面,根據所述第一API介面生成所述DID帳號註冊QR碼。用戶透過所述用戶終端掃描所述DID帳號註冊QR碼,所述QR碼將所述用戶終端連接到所述第一API介面。用戶可以在所述第一API介面上輸入第一DID字串,所述第一DID字串為用戶自行創建的用戶帳號,其中所述第一DID字串可以根據用戶的實際需求進行設定,將所述第一DID字串作為所述第一帳號。例如,用戶透過圖書館官網向所述圖書館中的共用電腦發送了DID帳號註冊請求,所述共用電腦在接收到所述DID帳號註冊請求後,生成圖書館DID帳號註冊QR碼,用戶掃描所述QR碼後進入所述圖書館共用電腦帳號註冊介面,並在所述介面中輸入did:example:123456789abcdefg作為所述第一帳號。在接收到所述第一帳號之後,將所述第一帳號寫入預先儲存在區塊鏈上的DID文檔中。During specific implementation, the user can send a DID account registration request to the electronic device 1 through the user terminal. After receiving the registration request, the first API interface for DID account registration can be called according to the user's registration request. An API interface generates the DID account registration QR code. The user scans the DID account registration QR code through the user terminal, and the QR code connects the user terminal to the first API interface. The user can input a first DID string on the first API interface, and the first DID string is a user account created by the user, wherein the first DID string can be set according to the actual needs of the user. The first DID string is used as the first account number. For example, the user sends a DID account registration request to the shared computer in the library through the official website of the library. After receiving the DID account registration request, the shared computer generates a library DID account registration QR code, and the user scans the QR code. Enter the library shared computer account registration interface after entering the QR code, and enter did:example:123456789abcdefg as the first account in the interface. After receiving the first account number, write the first account number into the DID file pre-stored on the block chain.

需要說明的是,區塊鏈透過將資料儲存在相互之間具有優先關係的一系列資料區塊中,以去中心化方式提供資料儲存,提高了資料的安全性。It should be noted that the blockchain provides data storage in a decentralized manner by storing data in a series of data blocks that have a priority relationship with each other, thereby improving data security.

透過建立所述DID文檔,並將用戶的DID帳號寫入所述DID文檔,保證了資料的安全性和不可篡改性。By creating the DID file and writing the user's DID account into the DID file, the security and non-tampering of the data are guaranteed.

在一些實施方式中,所述方法還包括:接收所述用戶終端發送的公開金鑰,其中,所述公開金鑰為所述用戶終端對所述第一帳號進行加密得到的,所述公開金鑰與所述私密金鑰對應;將所述公開金鑰寫入所述分散式身份標識文檔中並與所述第一帳號進行關聯。In some embodiments, the method further includes: receiving a public key sent by the user terminal, wherein the public key is obtained by encrypting the first account by the user terminal, and the public key The key corresponds to the private key; the public key is written into the distributed identity document and associated with the first account.

具體實施時,所述用戶終端透過非對稱加密演算法對所述第一帳號進行加密,所述非對稱演算法可以根據用戶的實際需求進行設定。所述用戶終端對所述第一帳號加密之後,得到一對與所述第一帳號對應的公開金鑰和私密金鑰。將所述公開金鑰寫入所述分散式身份標識文檔中並與所述第一帳號進行關聯。其中,所述私密金鑰用於對字串進行解密,由用戶儲存,無需傳輸給其他設備。所述公開金鑰用於對字串進行加密,可以對外公開。需要說明的是,當利用所述公開金鑰進行加密後,只有配對的私密金鑰才能進行解密。During specific implementation, the user terminal encrypts the first account through an asymmetric encryption algorithm, and the asymmetric algorithm can be set according to the actual needs of the user. After the user terminal encrypts the first account, a pair of public key and private key corresponding to the first account is obtained. Writing the public key into the distributed identity document and associating it with the first account. Wherein, the private key is used to decrypt the character string, which is stored by the user and does not need to be transmitted to other devices. The public key is used to encrypt the character string and can be made public. It should be noted that, after the public key is used for encryption, only the paired private key can be decrypted.

透過利用所述第一帳號生成配對的所述公開金鑰和所述私密金鑰,所述公開金鑰和所述私密金鑰形成了唯一對應的關係。基於這種唯一對應的關係,便於後續對用戶的身份進行認證。同時透過將所述公開金鑰寫入所述DID文檔,並於所述第一帳號建立關聯,使每一個用戶帳號對應於一個公開金鑰,保證了用戶身份資訊的可靠性。By using the first account to generate the paired public key and the private key, the public key and the private key form a unique corresponding relationship. Based on this unique corresponding relationship, it is convenient to subsequently authenticate the identity of the user. At the same time, by writing the public key into the DID file and establishing an association with the first account, each user account corresponds to a public key, which ensures the reliability of user identity information.

S12、從所述分散式身份標識文檔中提取目標公開金鑰。S12. Extract the target public key from the distributed identity document.

在本實施方式中,所述從所述分散式身份標識文檔中提取目標公開金鑰包括:遍歷所述分散式身份標識文檔;查找與所述第二帳號相同的第一帳號;將所述第一帳號對應的公開金鑰作為所述目標公開金鑰。In this embodiment, the extracting the target public key from the distributed identity document includes: traversing the distributed identity document; finding the first account that is the same as the second account; A public key corresponding to an account is used as the target public key.

在本實施方式中,由於用戶帳號、所述公開金鑰和所述私密金鑰之間建立了唯一的對應關係,因此可以透過查找所述第二帳號對應的唯一公開金鑰來判斷用戶是否有許可權登錄所述作業系統。In this embodiment, since a unique correspondence is established between the user account, the public key and the private key, it can be determined whether the user has Permissions to log into the operating system.

S13、生成第一字串,並利用所述目標公開金鑰加密所述第一字串。S13. Generate a first string, and use the target public key to encrypt the first string.

為了後續利用私密金鑰驗證登錄所述作業系統的用戶的身份,需要生成隨機的第一字串,並利用所述目標公開金鑰對所述第一字串進行加密。In order to subsequently use the private key to verify the identity of the user logging into the operating system, it is necessary to generate a random first character string and encrypt the first character string with the target public key.

在本實施方式中,所述第一字串為所述作業系統隨機生成的。In this embodiment, the first character string is randomly generated by the operating system.

在本實施方式中,所述利用所述目標公開金鑰加密所述第一字串包括:將所述目標公開金鑰作為加密金鑰;透過所述加密金鑰,利用非對稱加密演算法加密所述第一字串,其中,所述非對稱加密演算法可以根據用戶的實際需求進行設定,例如,橢圓曲線密碼編碼演算法(Elliptic Curves Cryptography,ECC)。In this implementation manner, the encrypting the first character string by using the target public key includes: using the target public key as an encryption key; using the encryption key to encrypt using an asymmetric encryption algorithm The first string, wherein the asymmetric encryption algorithm can be set according to the actual needs of the user, for example, Elliptic Curves Cryptography (Elliptic Curves Cryptography, ECC).

S14、發送加密後的第一字串至用戶終端。S14. Send the encrypted first character string to the user terminal.

在本實施方式中,由於所述私密金鑰是由所述用戶終端儲存的,因此需要將所述加密後的第一字串發送給所述用戶終端。In this embodiment, since the private key is stored by the user terminal, it is necessary to send the encrypted first string to the user terminal.

S15、接收所述用戶終端發送的第二字串,所述第二字串為所述用戶終端利用私密金鑰解密所述加密後的第一字串得到的字串。S15. Receive a second string sent by the user terminal, where the second string is a string obtained by the user terminal decrypting the encrypted first string using a private key.

在本實施方式中,所述用戶終端接收到所述加密後的第一字串後,將所述私密金鑰作為解密金鑰,並利用非對稱解密演算法對所述加密後的第一字串進行解密,得到所述第二字串。In this embodiment, after receiving the encrypted first character string, the user terminal uses the private key as a decryption key, and uses an asymmetric decryption algorithm to decrypt the encrypted first character string. The string is decrypted to obtain the second string.

S16、根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統。S16. Determine whether to allow the user terminal to log in to the operating system according to the first character string and the second character string.

在本實施方式中,可以透過比對所述第一字串和所述第二字串是否相同來判斷用戶身份是否合法。當所述第一字串和所述第二字串相同時,說明所述用戶終端的私密金鑰與所述目標公開金鑰是對應關係,也就是說所述私密金鑰與所述第二帳號是對應關係。當所述第一字串和所述第二字串不相同時,說明所述用戶終端的私密金鑰與所述目標公開金鑰不是對應關係,所述私密金鑰與所述第二帳號也不是對應關係,因此所述第二帳號不合法。In this embodiment, whether the user identity is legal can be determined by comparing whether the first character string is the same as the second character string. When the first character string is the same as the second character string, it means that the private key of the user terminal is corresponding to the target public key, that is to say, the private key and the second Account is a corresponding relationship. When the first character string is different from the second character string, it means that the private key of the user terminal does not correspond to the target public key, and the private key and the second account number also There is no corresponding relationship, so the second account is invalid.

在本實施方式中,所述根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統包括:判斷所述第一字串與所述第二字串是否相同;若所述第一字串與所述第二字串相同,允許所述用戶終端登錄所述作業系統;若所述第一字串與所述第二字串不相同,禁止所述用戶終端登錄所述作業系統。In this embodiment, the determining whether to allow the user terminal to log in to the operating system according to the first character string and the second character string includes: judging the first character string and the second character string Whether they are the same; if the first character string is the same as the second character string, allow the user terminal to log in to the operating system; if the first character string is not the same as the second character string, prohibit the The user terminal logs into the operating system.

透過建立用戶帳號、所述私密金鑰和所述公開金鑰的唯一對應關係,並利用所述對應關係對用戶身份進行驗證,可以防止用戶帳號被盜,同時也保證了用戶在所述作業系統上的操作內容的安全性。By establishing a unique correspondence between the user account, the private key, and the public key, and using the correspondence to verify the identity of the user, it is possible to prevent the user account from being stolen, and it also ensures that the user is in the operating system. The security of the operation content on the website.

請參見圖3,圖3是本申請實施例提供的一種作業系統登錄方法的資料流程圖。根據不同的需求,該資料流程圖中步驟的順序可以改變,某些步驟可以省略。所述作業系統登錄方法的執行主體可以是所述作業系統。Please refer to FIG. 3 . FIG. 3 is a data flow chart of an operating system login method provided by an embodiment of the present application. According to different requirements, the sequence of steps in the data flow chart can be changed, and some steps can be omitted. The execution subject of the operating system login method may be the operating system.

S301、所述作業系統生成並顯示帳號註冊QR碼。S301. The operating system generates and displays an account registration QR code.

S302、所述用戶終端識別所述帳號註冊QR碼,並生成所述第一帳號。S302. The user terminal identifies the account registration QR code, and generates the first account.

S303、所述用戶終端對所述第一帳號進行加密得到對應的公開金鑰和私密金鑰。S303. The user terminal encrypts the first account to obtain a corresponding public key and private key.

S304、所述用戶終端向所述作業系統發送所述第一帳號和所述公開金鑰。S304. The user terminal sends the first account and the public key to the operating system.

S305、所述作業系統將所述第一帳號和所述公開金鑰寫入區塊鏈中的DID文檔。S305. The operating system writes the first account number and the public key into a DID file in a blockchain.

S306、所述作業系統生成並顯示帳號登錄QR碼。S306. The operating system generates and displays an account login QR code.

S307、所述用戶終端識別所述帳號登錄QR碼,並生成所述第二帳號。S307. The user terminal identifies the account login QR code, and generates the second account.

S308、所述用戶終端向所述作業系統發送所述第二帳號。S308. The user terminal sends the second account to the operating system.

S309、所述作業系統從區塊鏈中的所述DID文檔中提取目標公開金鑰。S309. The operating system extracts the target public key from the DID file in the blockchain.

S310、所述作業系統生成第一字串,並利用所述目標公開金鑰加密所述第一字串。S310. The operating system generates a first string, and encrypts the first string with the target public key.

S311、所述用戶終端接收所述第一字串。S311. The user terminal receives the first character string.

S312、所述用戶終端透過所述私密金鑰對所述第一字串進行加密得到第二字串。S312. The user terminal encrypts the first character string through the private key to obtain a second character string.

S313、所述用戶終端向所述作業系統發送所述第二字串。S313. The user terminal sends the second character string to the operating system.

S314、所述作業系統判斷所述第一字串與所述第二字串是否相同。S314. The operating system determines whether the first character string is the same as the second character string.

S315、當所述第一字串與所述第二字串相同時,允許所述用戶終端登錄所述作業系統。S315. When the first character string is the same as the second character string, allow the user terminal to log in to the operating system.

S316、當所述第一字串與所述第二字串不相同時,禁止所述用戶終端登錄所述作業系統。S316. When the first character string is different from the second character string, prohibit the user terminal from logging into the operating system.

請繼續參閱圖1,本實施例中,所述儲存器11可以是電子設備1的內部儲存器,即內置於所述電子設備1的儲存器。在其他實施例中,所述儲存器11也可以是電子設備1的外部儲存器,即外接於所述電子設備1的儲存器。Please continue to refer to FIG. 1 , in this embodiment, the storage 11 may be an internal storage of the electronic device 1 , that is, a storage built in the electronic device 1 . In other embodiments, the storage 11 may also be an external storage of the electronic device 1 , that is, a storage external to the electronic device 1 .

在一些實施例中,所述儲存器11用於儲存程式碼和各種資料,並在電子設備1的運行過程中實現高速、自動地完成程式或資料的存取。In some embodiments, the storage 11 is used to store program codes and various data, and realize high-speed and automatic access to programs or data during the operation of the electronic device 1 .

所述儲存器11可以包括隨機存取儲存器,還可以包括非易失性儲存器,例如硬碟、儲存器、插接式硬碟、智慧儲存卡(Smart Media Card,SMC)、安全數位(Secure Digital,SD)卡、快閃儲存器卡(Flash Card)、至少一個磁碟儲存元件、快閃儲存器元件、或其他易失性固態儲存元件。The storage 11 may include a random access memory, and may also include a non-volatile storage, such as a hard disk, a memory, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital ( Secure Digital (SD) card, flash memory card (Flash Card), at least one magnetic disk storage element, flash memory element, or other volatile solid state storage elements.

在一實施例中,所述處理器12可以是中央處理單元(Central Processing Unit,CPU),還可以是其他通用處理器、數位訊號處理器 (Digital Signal Processor,DSP)、專用積體電路 (Application Specific Integrated Circuit,ASIC)、現場可程式設計閘陣列(Field-Programmable Gate Array,FPGA) 或者其他可程式設計邏輯元件、分立門或者電晶體邏輯元件、分立硬體元件等。通用處理器可以是微處理器或者所述處理器也可以是其它任何常規的處理器等。In one embodiment, the processor 12 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic components, discrete gate or transistor logic components, discrete hardware components, etc. The general-purpose processor may be a microprocessor, or the processor may be any other conventional processor and the like.

所述儲存器11中的程式碼和各種資料如果以軟體功能單元的形式實現並作為獨立的產品銷售或使用時,可以儲存在一個電腦可讀取儲存介質中。基於這樣的理解,本申請實現上述實施例方法中的全部或部分流程,例如實現作業系統登錄的方法中的步驟,也可以透過電腦程式13來指令相關的硬體來完成,所述的電腦程式13可儲存於一電腦可讀儲存介質中,所述電腦程式13在被處理器執行時,可實現上述各個方法實施例的步驟。其中,所述電腦程式13包括電腦程式代碼,所述電腦程式代碼可以為原始程式碼形式、物件代碼形式、可執行檔或某些中間形式等。所述電腦可讀介質可以包括:能夠攜帶所述電腦程式代碼的任何實體或裝置、記錄介質、隨身碟、移動硬碟、磁碟、光碟、電腦儲存器、唯讀記憶體(ROM,Read-Only Memory)等。If the program codes and various data in the storage 11 are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the present application implements all or part of the processes in the methods of the above-mentioned embodiments, for example, the steps in the method of realizing the operating system login can also be completed by instructing related hardware through the computer program 13, the computer program 13 may be stored in a computer-readable storage medium, and when the computer program 13 is executed by a processor, the steps of the above-mentioned various method embodiments may be realized. Wherein, the computer program 13 includes computer program code, and the computer program code may be in the form of original code, object code, executable file or some intermediate form. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, flash drive, mobile hard disk, magnetic disk, optical disk, computer storage, read-only memory (ROM, Read- Only Memory), etc.

可以理解的是,以上所描述的模組劃分,為一種邏輯功能劃分,實際實現時可以有另外的劃分方式。另外,在本申請各個實施例中的各功能模組可以集成在相同處理單元中,也可以是各個模組單獨物理存在,也可以兩個或兩個以上模組集成在相同單元中。上述集成的模組既可以採用硬體的形式實現,也可以採用硬體加軟體功能模組的形式實現。It can be understood that the module division described above is a logical function division, and there may be another division method in actual implementation. In addition, each functional module in each embodiment of the present application may be integrated into the same processing unit, or each module may exist separately physically, or two or more modules may be integrated into the same unit. The above-mentioned integrated modules can be implemented in the form of hardware, or in the form of hardware plus software function modules.

最後應說明的是,以上實施例僅用以說明本申請的技術方案而非限制,儘管參照較佳實施例對本申請進行了詳細說明,本領域的普通技術人員應當理解,可以對本申請的技術方案進行修改或等同替換,而不脫離本申請技術方案的精神和範圍。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application without limitation. Although the present application has been described in detail with reference to the preferred embodiments, those skilled in the art should understand that the technical solutions of the present application can be Make modifications or equivalent replacements without departing from the spirit and scope of the technical solutions of the present application.

1:電子設備 11:儲存器 12:處理器 13:電腦程式 14:匯流排 S11~S16:步驟 S301~S316:步驟 1: Electronic equipment 11: Storage 12: Processor 13: Computer program 14: busbar S11~S16: Steps S301~S316: Steps

為了更清楚地說明本申請實施例或習知技術中的技術方案,下面將對實施例或習知技術描述中所需要使用的附圖作簡單地介紹,顯而易見地,下面描述中的附圖僅僅是本申請的實施例,對於本領域普通技術人員來講,在不付出創造性勞動的前提下,還可以根據提供的附圖獲得其他的附圖。In order to more clearly illustrate the technical solutions in the embodiments of the present application or in the prior art, the accompanying drawings that need to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present application, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

圖1是本申請實現一種作業系統登錄方法的較佳實施例的電子設備的結構示意圖。FIG. 1 is a schematic structural diagram of an electronic device implementing a preferred embodiment of an operating system login method according to the present application.

圖2是本申請公開的一種作業系統登錄方法的較佳實施例的流程圖。Fig. 2 is a flow chart of a preferred embodiment of an operating system login method disclosed in this application.

圖3是本申請公開的一種作業系統登錄方法的資料流程圖。FIG. 3 is a data flow chart of an operating system login method disclosed in the present application.

S11~S16:步驟 S11~S16: Steps

Claims (10)

一種作業系統登錄方法,其中,所述作業系統登錄方法包括: 回應於用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔; 從所述分散式身份標識文檔中提取目標公開金鑰; 生成第一字串,並利用所述目標公開金鑰加密所述第一字串; 發送加密後的第一字串至用戶終端; 接收所述用戶終端發送的第二字串,所述第二字串為所述用戶終端利用私密金鑰解密所述加密後的第一字串得到的字串; 根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統。 An operating system login method, wherein the operating system login method includes: In response to the login request of the user terminal, query the decentralized identity document corresponding to the login request from the block chain; extracting a target public key from said decentralized identity document; generating a first string, and encrypting the first string with the target public key; Send the encrypted first character string to the user terminal; receiving a second string sent by the user terminal, where the second string is a string obtained by the user terminal decrypting the encrypted first string using a private key; and judging whether to allow the user terminal to log in to the operating system according to the first character string and the second character string. 如請求項1所述的作業系統登錄方法,其中,所述方法還包括: 回應於所述用戶終端的註冊請求,生成並顯示帳號註冊QR碼; 接收所述用戶終端透過掃描所述帳號註冊QR碼生成的第一帳號; 將所述第一帳號寫入所述分散式身份標識文檔中。 The operating system login method as described in claim 1, wherein the method further includes: generating and displaying an account registration QR code in response to the registration request of the user terminal; receiving the first account number generated by the user terminal by scanning the account registration QR code; Writing the first account number into the distributed identity document. 如請求項2所述的作業系統登錄方法,其中,所述方法還包括: 接收所述用戶終端發送的公開金鑰,其中,所述公開金鑰為所述用戶終端對所述第一帳號進行加密得到的,所述公開金鑰與所述私密金鑰對應; 將所述公開金鑰寫入所述分散式身份標識文檔中並與所述第一帳號進行關聯。 The operating system login method as described in claim 2, wherein the method further includes: receiving the public key sent by the user terminal, wherein the public key is obtained by encrypting the first account by the user terminal, and the public key corresponds to the private key; Writing the public key into the distributed identity document and associating it with the first account. 如請求項2所述的作業系統登錄方法,其中,所述生成並顯示帳號註冊QR碼包括: 調用分散式身份標識帳號註冊的API介面; 根據所述API介面生成並顯示所述帳號註冊QR碼。 The operating system login method as described in claim 2, wherein said generating and displaying the account registration QR code includes: Call the API interface for decentralized identity account registration; Generate and display the account registration QR code according to the API interface. 如請求項2所述的作業系統登錄方法,其中,所述回應於用戶終端的登錄請求,從區塊鏈中查詢與所述登錄請求對應的分散式身份標識文檔包括: 生成並顯示帳號登錄QR碼; 接收所述用戶終端透過掃描所述帳號登錄QR碼生成的第二帳號; 從區塊鏈中查詢與所述第二帳號對應的分散式身份標識文檔。 The operating system login method according to claim 2, wherein, in response to the login request of the user terminal, querying the distributed identity document corresponding to the login request from the blockchain includes: Generate and display account login QR code; receiving the second account number generated by the user terminal by scanning the account login QR code; Querying the distributed identity document corresponding to the second account from the block chain. 如請求項1至5中任意一項所述的作業系統登錄方法,其中,所述從所述分散式身份標識文檔中提取目標公開金鑰包括: 遍歷所述分散式身份標識文檔; 查找與所述第二帳號相同的第一帳號; 將所述第一帳號對應的公開金鑰作為所述目標公開金鑰。 The operating system login method according to any one of claim items 1 to 5, wherein said extracting the target public key from the distributed identity document includes: traversing the distributed identity document; Find a first account that is identical to the second account; The public key corresponding to the first account is used as the target public key. 如請求項1至5中任意一項所述的作業系統登錄方法,其中,所述利用所述目標公開金鑰加密所述第一字串包括: 將所述目標公開金鑰作為加密金鑰; 透過所述加密金鑰,利用非對稱加密演算法加密所述第一字串。 The operating system login method according to any one of claim items 1 to 5, wherein said encrypting said first character string with said target public key comprises: using the target public key as an encryption key; Encrypt the first character string with an asymmetric encryption algorithm through the encryption key. 如請求項1至5中任意一項所述的作業系統登錄方法,其中,所述根據所述第一字串和所述第二字串判斷是否允許所述用戶終端登錄所述作業系統包括: 判斷所述第一字串與所述第二字串是否相同; 若所述第一字串與所述第二字串相同,允許所述用戶終端登錄所述作業系統; 若所述第一字串與所述第二字串不相同,禁止所述用戶終端登錄所述作業系統。 The operating system login method according to any one of claim items 1 to 5, wherein the judging whether to allow the user terminal to log in to the operating system according to the first character string and the second character string includes: judging whether the first character string is the same as the second character string; If the first character string is the same as the second character string, allowing the user terminal to log in to the operating system; If the first character string is different from the second character string, the user terminal is prohibited from logging into the operating system. 一種電子設備,其中,所述電子設備包括處理器和儲存器,所述處理器用於執行儲存器中儲存的電腦程式以實現如請求項1至請求項8中任意一項所述的作業系統登錄方法。An electronic device, wherein the electronic device includes a processor and a memory, and the processor is used to execute a computer program stored in the memory to realize the operating system login as described in any one of claim 1 to claim 8 method. 一種電腦可讀儲存介質,其中,所述電腦可讀儲存介質儲存有至少一個指令,所述至少一個指令被處理器執行時實現如請求項1至請求項8中任意一項所述的作業系統登錄方法。A computer-readable storage medium, wherein the computer-readable storage medium stores at least one instruction, and when the at least one instruction is executed by a processor, the operating system as described in any one of claim 1 to claim 8 is implemented login method.
TW110135018A 2021-09-17 2021-09-17 Operating system login method, electronic equipment, and storage medium TW202314543A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110135018A TW202314543A (en) 2021-09-17 2021-09-17 Operating system login method, electronic equipment, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110135018A TW202314543A (en) 2021-09-17 2021-09-17 Operating system login method, electronic equipment, and storage medium

Publications (1)

Publication Number Publication Date
TW202314543A true TW202314543A (en) 2023-04-01

Family

ID=86943374

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110135018A TW202314543A (en) 2021-09-17 2021-09-17 Operating system login method, electronic equipment, and storage medium

Country Status (1)

Country Link
TW (1) TW202314543A (en)

Similar Documents

Publication Publication Date Title
US9686248B2 (en) Secure shared key sharing systems and methods
WO2020237868A1 (en) Data transmission method, electronic device, server and storage medium
US10116645B1 (en) Controlling use of encryption keys
US10284372B2 (en) Method and system for secure management of computer applications
WO2021013245A1 (en) Data key protection method and system, electronic device and storage medium
US9589159B2 (en) Creating secure communication channels between processing elements
KR20200027500A (en) Generate key certificates that provide device anonymity
WO2021219086A1 (en) Data transmission method and system based on blockchain
US10003467B1 (en) Controlling digital certificate use
CN109714176B (en) Password authentication method, device and storage medium
KR20120093375A (en) Content control method using certificate revocation lists
JP2005527900A (en) Inclusive verification of platform to data center
US7636441B2 (en) Method for secure key exchange
WO2023083007A1 (en) Internet of things device identity authentication method, apparatus and system, and storage medium
WO2022083324A1 (en) Message encryption method and device, message decryption method and device, and mobile terminal
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
TWI776404B (en) Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium
JP2014524628A (en) Authority-dependent platform secret to digitally sign
US11489674B2 (en) Method and network node for managing access to a blockchain
US20200242235A1 (en) Virus immune computer system and method
CN114221762A (en) Private key storage method, private key reading method, private key management device, private key management equipment and private key storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
WO2020000491A1 (en) File storage method and apparatus, and storage medium
CN114268447B (en) File transmission method and device, electronic equipment and computer readable medium
KR20240009957A (en) Systems and methods for secure Internet communications