TWI746504B - Method and device for realizing synchronization of session identification - Google Patents
Method and device for realizing synchronization of session identification Download PDFInfo
- Publication number
- TWI746504B TWI746504B TW106102235A TW106102235A TWI746504B TW I746504 B TWI746504 B TW I746504B TW 106102235 A TW106102235 A TW 106102235A TW 106102235 A TW106102235 A TW 106102235A TW I746504 B TWI746504 B TW I746504B
- Authority
- TW
- Taiwan
- Prior art keywords
- terminal
- server
- session identifier
- module
- verification
- Prior art date
Links
Images
Abstract
本發明提供一種實現會話標識同步的方法及裝置,該方法包括:向伺服器發起登錄應用程式的第一請求,第一請求中攜帶有第一會話標識,第一會話標識為應用程式的登錄帳號和原密碼產生的,原密碼為登錄帳號對應的修改前的登錄密碼;如果伺服器確定第一會話標識無效,對終端的使用者進行合法性驗證,將得到的驗證結果發送至伺服器,以供伺服器對驗證結果進行校驗;如果伺服器驗證通過驗證結果,接收來自伺服器的第二會話標識並保存至終端,第二會話標識為登錄帳號和新密碼產生的,新密碼為登錄帳號對應的修改後的登錄密碼。在本發明的技術方案可以避免使用終端的使用者重新輸入新密碼登錄應用程式,大大提高使用者登錄應用程式的體驗。 The present invention provides a method and device for realizing session identification synchronization. The method includes: initiating a first request to log in an application program to a server, the first request carries a first session identification, and the first session identification is the login account of the application program Generated from the original password, the original password is the login password before the modification corresponding to the login account; if the server determines that the first session ID is invalid, it verifies the legality of the terminal user, and sends the obtained verification result to the server. For the server to verify the verification result; if the server passes the verification result, the second session ID from the server is received and saved to the terminal. The second session ID is generated by the login account and the new password, and the new password is the login account The corresponding modified login password. The technical solution of the present invention can prevent the user who uses the terminal from re-entering a new password to log in to the application, and greatly improves the user's experience in logging in to the application.
Description
本發明關於網路安全技術領域,尤其關於一種實現會話標識同步的方法及裝置。 The present invention relates to the field of network security technology, in particular to a method and device for realizing session identification synchronization.
隨著嵌入式技術和終端技術的不斷發展,越來越多的終端設備應用到了人們的日常工作生活中。而安裝在終端設備上的應用程式也被設計為多種版本,以適用於不同的作業系統,例如,Windows、Linux、Android、iOS等。當使用者在不同的終端設備上使用自己的帳戶存取應用程式時,會面臨帳戶身份驗證的問題。為了使使用者避免反復地輸入身份驗證資訊,很多應用程式增加了記住密碼的功能。然而,當同一使用者在其中一台終端設備上重置應用程式的密碼後,使用者需要通過其它終端設備登錄應用程式時,其它終端設備之前所記錄的密碼已經無效,使用者需要輸入該應用程式的新密碼。在一些場合下,使用者並不方便通過其它終端設備輸入新密碼,例如,對於正在進行其他工作的使用者而言,在雙手被佔用過程中通過終端設備輸入新密碼會對安全生產帶來一定風險。 With the continuous development of embedded technology and terminal technology, more and more terminal devices are applied to people's daily work and life. The applications installed on the terminal devices are also designed in multiple versions to be suitable for different operating systems, such as Windows, Linux, Android, iOS, etc. When users use their own accounts to access applications on different terminal devices, they will face the problem of account authentication. In order to prevent users from repeatedly entering authentication information, many applications have added the function of remembering passwords. However, when the same user resets the password of the application on one of the terminal devices, when the user needs to log in to the application through other terminal devices, the passwords previously recorded by the other terminal devices are no longer valid, and the user needs to enter the application The new password for the program. In some situations, it is not convenient for users to input new passwords through other terminal devices. For example, for users who are doing other tasks, inputting new passwords through terminal devices while their hands are occupied will bring about safety in production. Certain risks.
有鑑於此,本發明提供一種新的技術方案,可以使使用者在其它終端登錄應用程式時不需要重新輸入新密碼並確保登錄應用程式的安全性。 In view of this, the present invention provides a new technical solution, which can enable users to log in to applications in other terminals without re-entering a new password and ensure the security of logging in to applications.
為實現上述目的,本發明提供技術方案如下:根據本發明的第一方面,提出了一種實現密碼同步的方法,包括:向伺服器發起登錄應用程式的第一請求,所述第一請求中攜帶有第一會話標識,所述第一會話標識為所述應用程式的登錄帳號和原密碼產生的,所述原密碼為所述登錄帳號對應的修改前的登錄密碼;如果所述伺服器確定所述第一會話標識無效,對所述終端的使用者進行合法性驗證,將得到的驗證結果發送至所述伺服器,以供所述伺服器對所述驗證結果進行校驗;如果所述伺服器驗證通過所述驗證結果,接收來自所述伺服器的第二會話標識並保存至所述終端,所述第二會話標識為所述登錄帳號和新密碼產生的,所述新密碼為所述登錄帳號對應的修改後的登錄密碼。 In order to achieve the above objective, the present invention provides technical solutions as follows: According to the first aspect of the present invention, a method for realizing password synchronization is proposed, which includes: initiating a first request to a server to log in to an application, and the first request carries There is a first session identifier, the first session identifier is generated by the login account and the original password of the application program, and the original password is the login password before modification corresponding to the login account; if the server determines that all If the first session identifier is invalid, the user of the terminal is verified for legality, and the obtained verification result is sent to the server for the server to verify the verification result; if the server Server verification through the verification result, receives a second session identifier from the server and saves it to the terminal, the second session identifier is generated by the login account and a new password, and the new password is the The modified login password corresponding to the login account.
根據本發明的第二方面,提出了一種實現密碼同步的方法,包括:在終端發起登錄應用程式的第一請求時,對所述第一請求中攜帶的第一會話標識的有效性進行驗證,所述第一會話標識為所述應用程式的登錄帳號和原密碼產生的,所 述原密碼為所述登錄帳號對應的修改前的登錄密碼;如果所述第一會話標識驗證無效,指示所述終端對所述終端的使用者進行合法性驗證;接收來自所述終端的對所述使用者進行合法性驗證的驗證結果;如果所述伺服器驗證通過所述驗證結果,將第二會話標識發送至所述終端,所述第二會話標識為所述登錄帳號和新密碼產生的,所述新密碼為所述登錄帳號對應的修改後的登錄密碼。 According to a second aspect of the present invention, a method for implementing password synchronization is proposed, which includes: when a terminal initiates a first request to log in to an application, verifying the validity of the first session identifier carried in the first request, The first session identifier is generated by the login account and original password of the application, and the original password is the login password before modification corresponding to the login account; if the verification of the first session identifier is invalid, instruct the The terminal performs legality verification on the user of the terminal; receives the verification result of the legality verification of the user from the terminal; if the server verifies the verification result, the second session identifier is sent To the terminal, the second session identifier is generated by the login account and a new password, and the new password is a modified login password corresponding to the login account.
根據本發明的協力廠商面,提出了一種實現密碼同步的裝置,包括:第一發送模組,用於向伺服器發起登錄應用程式的第一請求,所述第一請求中攜帶有第一會話標識,所述第一會話標識為所述應用程式的登錄帳號和原密碼產生的,所述原密碼為所述登錄帳號對應的修改前的登錄密碼;第一驗證模組,用於如果所述伺服器確定所述第一發送模組發送的所述第一會話標識無效,對所述終端的使用者進行合法性驗證,將得到的驗證結果發送至所述伺服器,以供所述伺服器對所述驗證結果進行校驗;第一接收模組,用於如果所述伺服器驗證通過所述第一驗證模組得到的所述驗證結果,接收來自所述伺服器的第二會話標識並保存至所述終端,所述第二會話標識為所述登錄帳號和新密碼產生的,所述新密碼為所述登錄帳號對應的修改後的登錄密碼。 According to the third party aspect of the present invention, a device for realizing password synchronization is proposed, which includes: a first sending module for initiating a first request for logging in an application to a server, and the first request carries the first session ID, the first session ID is generated by the login account and original password of the application, and the original password is the login password before modification corresponding to the login account; the first authentication module is used for The server determines that the first session identifier sent by the first sending module is invalid, performs legality verification on the user of the terminal, and sends the obtained verification result to the server for the server Verify the verification result; the first receiving module is configured to receive the second session identifier from the server if the server verifies the verification result obtained by the first verification module and Saved to the terminal, the second session identifier is generated by the login account and a new password, and the new password is a modified login password corresponding to the login account.
根據本發明的第四方面,提出了一種實現密碼同步的裝置,包括:第二驗證模組,用於在終端發起登錄應用程式的第一請求時,對所述第一請求中攜帶的第一會話標識的有效性進行驗證,所述第一會話標識為所述應用程式的登錄帳號和原密碼產生的,所述原密碼為所述登錄帳號對應的修改前的登錄密碼;指示模組,用於如果所述第二驗證模組驗證所述第一會話標識驗證無效,指示所述終端對所述終端的使用者進行合法性驗證;第三接收模組,用於接收來自所述終端根據指示模組指示的對所述使用者進行合法性驗證的驗證結果;第三發送模組,用於如果所述伺服器驗證通過所述第三接收模組接收到的所述驗證結果,將第二會話標識發送至所述終端,所述第二會話標識為所述登錄帳號和新密碼產生的,所述新密碼為所述登錄帳號對應的修改後的登錄密碼。 According to the fourth aspect of the present invention, a device for realizing password synchronization is proposed, including: a second verification module, which is used to respond to the first request carried in the first request when the terminal initiates the first request to log in to the application program. The validity of the session identifier is verified. The first session identifier is generated by the login account and original password of the application program, and the original password is the login password before modification corresponding to the login account; the instruction module uses If the second verification module verifies that the first session identifier verification is invalid, instruct the terminal to verify the validity of the user of the terminal; and the third receiving module is configured to receive instructions from the terminal The verification result of the legality verification of the user indicated by the module; the third sending module is used to send the second verification result if the server verifies the verification result received by the third receiving module The session identifier is sent to the terminal, the second session identifier is generated by the login account and a new password, and the new password is a modified login password corresponding to the login account.
由以上技術方案可見,本發明可以使使用者通過第二會話標識登錄到應用程式,避免使用終端的使用者重新輸入新密碼登錄應用程式,大大提高了使用者登錄應用程式的體驗;當大量的使用者需要重置應用程式的登錄密碼後,通過在終端側對使用者進行合法性驗證,可以減輕伺服器關於驗證使用者合法性的負載,避免伺服器的資源浪費。 It can be seen from the above technical solutions that the present invention can enable the user to log in to the application through the second session identifier, avoid the user who uses the terminal to re-enter a new password to log in to the application, and greatly improve the user’s experience of logging in to the application; After the user needs to reset the login password of the application, by verifying the user's legitimacy on the terminal side, the server's load on verifying the user's legitimacy can be reduced and the server's resource waste can be avoided.
101‧‧‧步驟 101‧‧‧Step
102‧‧‧步驟 102‧‧‧Step
103‧‧‧步驟 103‧‧‧Step
104‧‧‧步驟 104‧‧‧Step
105‧‧‧步驟 105‧‧‧Step
106‧‧‧步驟 106‧‧‧Step
107‧‧‧步驟 107‧‧‧Step
201‧‧‧步驟 201‧‧‧Step
202‧‧‧步驟 202‧‧‧Step
203‧‧‧步驟 203‧‧‧Step
301‧‧‧步驟 301‧‧‧Step
302‧‧‧步驟 302‧‧‧Step
311‧‧‧步驟 311‧‧‧Step
312‧‧‧步驟 312‧‧‧Step
313‧‧‧步驟 313‧‧‧Step
314‧‧‧步驟 314‧‧‧Step
401‧‧‧步驟 401‧‧‧Step
402‧‧‧步驟 402‧‧‧Step
403‧‧‧步驟 403‧‧‧Step
404‧‧‧步驟 404‧‧‧Step
501‧‧‧步驟 501‧‧‧Step
502‧‧‧步驟 502‧‧‧Step
503‧‧‧步驟 503‧‧‧Step
601‧‧‧步驟 601‧‧‧Step
602‧‧‧步驟 602‧‧‧Step
603‧‧‧步驟 603‧‧‧Step
604‧‧‧步驟 604‧‧‧Step
701‧‧‧步驟 701‧‧‧Step
702‧‧‧步驟 702‧‧‧Step
801‧‧‧步驟 801‧‧‧Step
802‧‧‧步驟 802‧‧‧step
803‧‧‧步驟 803‧‧‧Step
111‧‧‧第一發送模組 111‧‧‧First sending module
112‧‧‧第一驗證模組 112‧‧‧First verification module
113‧‧‧第一接收模組 113‧‧‧First receiving module
1121‧‧‧特徵採集單元 1121‧‧‧Feature Collection Unit
1122‧‧‧認證單元 1122‧‧‧Authentication Unit
1123‧‧‧提示單元 1123‧‧‧Reminder unit
114‧‧‧第一產生模組 114‧‧‧First Generation Module
115‧‧‧第一加密模組 115‧‧‧The first encryption module
116‧‧‧第二產生模組 116‧‧‧Second Generation Module
117‧‧‧第二發送模組 117‧‧‧Second sending module
118‧‧‧第二接收模組 118‧‧‧Second receiving module
119‧‧‧第一解密模組 119‧‧‧First decryption module
120‧‧‧第一確定模組 120‧‧‧First Confirmation Module
121‧‧‧第二確定模組 121‧‧‧Second Confirmation Module
122‧‧‧提示模組 122‧‧‧Reminder Module
131‧‧‧第二驗證模組 131‧‧‧Second verification module
132‧‧‧指示模組 132‧‧‧Indicating Module
133‧‧‧第三接收模組 133‧‧‧Third receiving module
134‧‧‧第三發送模組 134‧‧‧Third Sending Module
135‧‧‧第二解密模組 135‧‧‧Second decryption module
136‧‧‧第三驗證模組 136‧‧‧The third verification module
137‧‧‧第三產生模組 137‧‧‧Third Generation Module
138‧‧‧第二加密模組 138‧‧‧Second Encryption Module
139‧‧‧第四發送模組 139‧‧‧Fourth Sending Module
140‧‧‧第三確定模組 140‧‧‧Third Confirmation Module
141‧‧‧第一控制模組 141‧‧‧The first control module
142‧‧‧第二控制模組 142‧‧‧Second control module
圖1為通過第一終端修改應用程式的登錄密碼的流程示意圖;圖2為根據本發明的一示例性實施例一示出的實現會話標識同步的方法的流程示意圖;圖3A為根據本發明的一示例性實施例二示出的實現會話標識同步的方法的流程示意圖;圖3B為圖3A中如何在終端與伺服器之間同步密鑰的流程圖;圖4為根據本發明的一示例性實施例三示出的實現會話標識同步的方法的流程示意圖;圖5為根據本發明的一示例性實施例四示出的實現會話標識同步的方法的流程示意圖;圖6為根據本發明的又一示例性實施例一示出的實現會話標識同步的方法的流程示意圖;圖7為根據本發明的又一示例性實施例二示出的實現會話標識同步的方法的流程示意圖;圖8為根據本發明的又一示例性實施例三示出的實現會話標識同步的方法的流程示意圖;圖9示出了根據本發明的一示例性實施例的終端的結構示意;圖10示出了根據本發明的一示例性實施例的伺服器的結構示意圖; 圖11示出了根據本發明的一示例性實施例一的實現會話標識同步的裝置的結構示意圖;圖12示出了根據本發明的一示例性實施例二的實現會話標識同步的裝置的結構示意圖;圖13示出了根據本發明的一示例性實施例三的實現會話標識同步的裝置的結構示意圖;圖14示出了根據本發明的一示例性實施例四的實現會話標識同步的裝置的結構示意圖。 Fig. 1 is a schematic flow chart of modifying the login password of an application program through a first terminal; Fig. 2 is a schematic flow chart of a method for realizing session identification synchronization according to an exemplary embodiment of the present invention; Fig. 3A is a schematic diagram of a method according to the present invention An exemplary embodiment 2 shows a schematic flowchart of a method for implementing session identification synchronization; FIG. 3B is a flowchart of how to synchronize keys between a terminal and a server in FIG. 3A; FIG. 4 is an exemplary method according to the present invention Embodiment 3 shows a schematic flow diagram of the method for achieving session identification synchronization; FIG. 5 is a flow diagram of the method for achieving session identification synchronization shown according to an exemplary embodiment of the present invention; FIG. 6 is another flow diagram according to the present invention. A schematic flowchart of a method for implementing session identification synchronization shown in an exemplary embodiment; FIG. 7 is a schematic flowchart of a method for implementing session identification synchronization shown in another exemplary embodiment of the present invention; FIG. Another exemplary embodiment 3 of the present invention shows a schematic flowchart of a method for implementing session identification synchronization; FIG. 9 shows a schematic structural diagram of a terminal according to an exemplary embodiment of the present invention; A schematic structural diagram of a server according to an exemplary embodiment of the present invention; Fig. 11 shows a schematic structural diagram of an apparatus for realizing session identification synchronization according to an exemplary embodiment 1 of the present invention; Fig. 12 shows a schematic diagram of a device according to the present invention A schematic structural diagram of an apparatus for realizing session identification synchronization according to exemplary embodiment two; FIG. 13 shows a schematic structural diagram of an apparatus for realizing session identification synchronization according to an exemplary embodiment 3 of the present invention; FIG. 14 shows a schematic diagram according to the present invention A schematic structural diagram of an apparatus for realizing session identification synchronization in an exemplary embodiment 4 of FIG.
這裡將詳細地對示例性實施例進行說明,其示例表示在圖式中。下面的描述涉及圖式時,除非另有表示,不同圖式中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本發明相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本發明的一些方面相一致的裝置和方法的例子。 The exemplary embodiments will be described in detail here, and examples thereof are shown in the drawings. When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with the present invention. On the contrary, they are merely examples of devices and methods consistent with some aspects of the present invention as detailed in the scope of the appended application.
在本發明使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本發明。在本發明和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“及/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。 The terms used in the present invention are only for the purpose of describing specific embodiments, and are not intended to limit the present invention. The singular forms of "a", "said" and "the" used in the scope of the present invention and the appended applications are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.
應當理解,儘管在本發明可能採用術語第一、第二、第三等來描述各種資訊,但這些資訊不應限於這些術語。 這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本發明範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在......時”或“當......時”或“回應於確定”。 It should be understood that although the terms first, second, third, etc. may be used in the present invention to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of the present invention, the first information can also be referred to as second information, and similarly, the second information can also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to certainty".
圖1為通過第一終端修改應用程式的登錄密碼的流程示意圖;其中,第一終端與第二終端在修改原密碼之前均以通過記住密碼功能的方式避免重在每次登錄應用程式時均需要輸入登錄密碼,如果使用者通過第一終端修改了應用程式的原密碼,由於登錄密碼已經修改,第二終端仍採用已記錄的原密碼登錄應用程式出現登錄失敗,如圖1所示,包括如下步驟:步驟101中,第一終端向服務端發起修改密碼請求,並向伺服器提交修改密碼所需要的資訊,例如,登錄帳號、原密碼、新密碼等。 Figure 1 is a schematic diagram of the process of modifying the login password of the application through the first terminal; where the first terminal and the second terminal both use the password-remembering function before modifying the original password to avoid paying attention to the application each time they log in to the application. You need to enter the login password. If the user modifies the original password of the application through the first terminal, because the login password has been modified, the second terminal still uses the recorded original password to log in to the application and the login fails, as shown in Figure 1, including The steps are as follows: In step 101, the first terminal initiates a password modification request to the server, and submits the information required to modify the password to the server, for example, login account, original password, new password, etc.
步驟102中,服務端對提交的資訊進行校驗,驗證原密碼是否正確,如原密碼不正確,重新執行步驟101,提示使用者通過第一終端重新向伺服器發起修改密碼請求;如原密碼正確,執行步驟103。 In step 102, the server verifies the submitted information to verify whether the original password is correct. If the original password is incorrect, perform step 101 again, prompting the user to re-initiate a password modification request to the server through the first terminal; for example, the original password If correct, go to step 103.
步驟103中,服務端將新密碼儲存至後臺資料庫,並根據登錄帳號和新密碼產生新會話標識,將根據登錄帳號和原密碼產生的原會話標識設置為無效。 In step 103, the server stores the new password in the background database, generates a new session identifier according to the login account and the new password, and sets the original session identifier generated according to the login account and the original password to be invalid.
步驟104,將新會話標識返回給第一終端。 Step 104: Return the new session identifier to the first terminal.
步驟105中,第一終端接收到服務端返回的新會話標 識,將新會話標識儲存到第一終端的本地安全空間中,完成第一終端的修改應用程式的密碼過程。 In step 105, the first terminal receives the new session identifier returned by the server, stores the new session identifier in the local secure space of the first terminal, and completes the process of modifying the password of the application program of the first terminal.
步驟106中,在伺服器更改密碼後,第二終端通過原會話標識向伺服器發起登錄請求,其中,第二終端在首次登錄應用程式後會通過記住密碼的方式將原會話標識記錄在第二終端上。 In step 106, after the server changes the password, the second terminal initiates a login request to the server through the original session ID, where the second terminal records the original session ID in the first session by remembering the password after logging in to the application for the first time. On the second terminal.
步驟107中,伺服器對第二終端的原會話標識進行驗證,確認所採用的原會話標識已失效,向第二終端反饋重新輸入密碼請求,在此情形下,第二終端需要重新輸入修該後的新密碼,當使用者的雙手被佔用時,通過第二終端輸入新密碼會帶來一定的安全風險。 In step 107, the server verifies the original session ID of the second terminal, confirms that the original session ID used is invalid, and feeds back a password re-input request to the second terminal. In this case, the second terminal needs to re-enter the password to modify the ID. After the new password, when the user's hands are occupied, entering the new password through the second terminal will bring certain security risks.
有鑑於此,本發明通過下述實施例可以在第一終端修改登錄密碼後,第二終端不需要輸入新的登錄密碼即可登錄到伺服器,從而解決現有技術中使用者需要通過第二終端登錄應用程式時,重新輸入新密碼才能登錄到提供該應用程式的伺服器的缺陷。 In view of this, the present invention can use the following embodiments to modify the login password at the first terminal, and the second terminal does not need to enter a new login password to log in to the server, thereby solving the need for users to pass through the second terminal in the prior art. When logging in to an application, re-enter the new password to log in to the server that provides the application.
為對本發明進行進一步說明,提供下列實施例:圖2為根據本發明的一示例性實施例一示出的實現會話標識同步的方法的流程示意圖;方法所應用的終端為上述圖1所示的第二終端,如圖2所示,包括如下步驟:步驟201,向伺服器發起登錄應用程式的第一請求,第一請求中攜帶有第一會話標識,第一會話標識為應用程式的登錄帳號和原密碼產生的,原密碼為登錄帳號對應的修改前的登錄密碼; 在一實施例中,終端可以在首次登錄應用程式時,通過記錄登錄密碼的方式直接向伺服器發送第一會話標識對應的字串,可以通過將第一會話標識記錄到第一終端的本地。當終端再此登錄應用程式時,通過已記錄的第一會話標識的方式登錄到應用程式,從而可以使使用者避免重新輸入登錄密碼的操作。在一實施例中,第一會話標識的產生方法可以由伺服器端來確定,可以通過md5、sha1等雜湊演算法根據使用者的登錄帳號、原密碼產生第一會話標識,例如,根據登錄帳號和原密碼分別為zhangxiao和zx098,登錄時間戳記為20151026,通過md5演算法對上述登錄帳號、原密碼以及時間戳記進行MD4演算法的算列運算,得到第一會話標識3EC3E3D381B9CF4359F4C1CB02CDF64。 In order to further explain the present invention, the following embodiments are provided: FIG. 2 is a schematic flowchart of a method for realizing session identification synchronization according to an exemplary embodiment 1 of the present invention; the terminal applied by the method is the terminal shown in FIG. 1 above. The second terminal, as shown in FIG. 2, includes the following steps: Step 201, initiating a first request to the server to log in to the application, the first request carries a first session identifier, and the first session identifier is the login account of the application Generated from the original password, the original password is the login password before modification corresponding to the login account; in one embodiment, the terminal may directly send the first session identification corresponding to the server by recording the login password when logging in to the application for the first time The character string of can be recorded locally on the first terminal by recording the first session identifier. When the terminal logs in to the application program again, it logs in to the application program by means of the recorded first session identifier, so that the user can avoid the operation of re-entering the login password. In an embodiment, the method for generating the first session identifier can be determined by the server side, and the first session identifier can be generated according to the user's login account and original password through a hash algorithm such as md5 and sha1, for example, according to the login account The original passwords are zhangxiao and zx098, and the login time stamp is 20151026. The MD4 algorithm is performed on the above login account, original password, and time stamp through the md5 algorithm to obtain the first session identifier 3EC3E3D381B9CF4359F4C1CB02CDF64.
步驟202,如果伺服器確定第一會話標識無效,對終端的使用者進行合法性驗證,將得到的驗證結果發送至伺服器,以供伺服器對驗證結果進行校驗;在一實施例中,可以通過終端的使用者的生物特徵進行合法性驗證,例如,通過使用者的指紋、虹膜、人臉等生物特徵對使用者進行終端側的本地合法性驗證。在一實施例中,還可以在終端向伺服器發送驗證結果之前,通過伺服器的對稱密鑰對驗證結果以及該驗證結果對應的亂數進行加密,將加密後的驗證結果發送至伺服器,從而確保驗證結果不會在傳輸過程中被非法截獲後篡改,確保終端與伺服器之間傳輸驗證結果的安全性。 Step 202: If the server determines that the first session identifier is invalid, it verifies the validity of the terminal user, and sends the obtained verification result to the server for the server to verify the verification result; in one embodiment, The legality verification can be performed through the biological characteristics of the user of the terminal, for example, the local legality verification on the terminal side is performed on the user through the biological characteristics of the user's fingerprint, iris, and face. In an embodiment, before the terminal sends the verification result to the server, the verification result and the random number corresponding to the verification result may be encrypted by the server's symmetric key, and the encrypted verification result may be sent to the server. This ensures that the verification result will not be tampered with after being illegally intercepted during the transmission process, and the security of the verification result transmission between the terminal and the server is ensured.
步驟203,如果伺服器驗證通過驗證結果,接收來自伺服器的第二會話標識並保存至終端,第二會話標識為登錄帳號和新密碼產生的,新密碼為登錄帳號對應的修改後的登錄密碼。 Step 203: If the server passes the verification result, the second session identifier from the server is received and saved to the terminal. The second session identifier is generated by the login account and the new password, and the new password is the modified login password corresponding to the login account. .
在一實施例中,為了避免第二會話標識在傳輸過程中被非法使用者截獲後篡改,可以採用終端的公鑰對第二會話標識進行加密,終端接收到加密後的第二會話標識後,通過終端的私鑰對加密後的第二會話標識進行解密,從而得到第二會話標識。在一實施例中,第二會話標識的產生方法可以參上上述第一會話標識的產生方式得到,例如,當使用者通過上述圖1所示實施例的第一終端將登錄密碼改為zhangxiao後,通過與上述第一會話標識相同的散列運算,即可得到第二會話標識2EF430338DF56A6FE40819CBF75982A9。 In one embodiment, in order to prevent the second session identifier from being intercepted and tampered with by unauthorized users during the transmission process, the public key of the terminal may be used to encrypt the second session identifier. After the terminal receives the encrypted second session identifier, The encrypted second session identifier is decrypted by the private key of the terminal, thereby obtaining the second session identifier. In one embodiment, the method for generating the second session identifier can be obtained by referring to the method for generating the first session identifier. For example, when the user changes the login password to zhangxiao through the first terminal of the embodiment shown in FIG. , Through the same hash operation as the above-mentioned first session identifier, the second session identifier 2EF430338DF56A6FE40819CBF75982A9 can be obtained.
通過上述步驟201-步驟203,可以使使用者通過第二會話標識登錄到應用程式,避免使用終端的使用者重新輸入新密碼登錄應用程式,大大提高了使用者登錄應用程式的體驗;當大量的使用者需要重置應用程式的登錄密碼後,通過在終端側對使用者進行合法性驗證,可以減輕伺服器關於驗證使用者合法性的負載,避免伺服器的資源浪費。 Through the
圖3A為根據本發明的一示例性實施例二示出的實現會話標識同步的方法的流程示意圖,圖3B為圖3A中如何在終端與伺服器之間同步密鑰的流程圖;如圖3A所 示,包括如下步驟:步驟301,通過散列演算法產生驗證結果對應的驗證字串的亂數;在一實施例中,終端與伺服器可以約定相同的散列演算法,從而可以確保終端和伺服器能夠根據散列演算法產生相同的亂數。在一實施例中,驗證結果中的驗證字串例如可以為:“001”和“000”,其中,“001”表示通過驗證,“000”表示未通過驗證。 Fig. 3A is a schematic flowchart of a method for implementing session identification synchronization according to an exemplary embodiment 2 of the present invention. Fig. 3B is a flowchart of how to synchronize a key between a terminal and a server in Fig. 3A; Fig. 3A As shown, it includes the following steps: Step 301, generating random numbers of the verification string corresponding to the verification result through a hashing algorithm; in one embodiment, the terminal and the server can agree on the same hashing algorithm to ensure that the terminal And the server can generate the same random number according to the hashing algorithm. In an embodiment, the verification string in the verification result may be, for example, "001" and "000", where "001" indicates that the verification is passed, and "000" indicates that the verification is not passed.
步驟302,通過伺服器的對稱密鑰對驗證字串和亂數進行加密,得到加密後的驗證結果。 Step 302: Encrypt the verification string and the random number by the symmetric key of the server to obtain the encrypted verification result.
在一實施例中,終端如何獲取到伺服器的對稱秘鑰的,請參見圖3B所示流程。如圖3B所示,伺服器和終端的密鑰同步包括如下步驟:步驟311,根據非對稱加密演算法產生終端的公鑰和私鑰;在一實施例中,非對稱加密演算法例如可以為RSA、背包演算法、Elgamal、D-H、橢圓曲線加密演算法(ECC)等,本實施例不對非對稱加密演算法進行限制,只要能夠根據非對稱加密演算法產生公鑰和私鑰的秘鑰對即可。 In one embodiment, how the terminal obtains the symmetric secret key of the server, please refer to the process shown in FIG. 3B. As shown in FIG. 3B, the key synchronization between the server and the terminal includes the following steps: Step 311, the public key and the private key of the terminal are generated according to the asymmetric encryption algorithm; in one embodiment, the asymmetric encryption algorithm may be, for example, RSA, knapsack algorithm, Elgamal, DH, elliptic curve encryption algorithm (ECC), etc., this embodiment does not limit the asymmetric encryption algorithm, as long as the key pair of the public key and the private key can be generated according to the asymmetric encryption algorithm Can.
步驟312,將終端的公鑰發送給伺服器;步驟313,接收伺服器通過終端的公鑰已經加密的伺服器的對稱密鑰;在一實施例中,伺服器產生其對稱密鑰,通過終端的 公鑰對其對稱密鑰進行加密,並將加密後的對稱秘鑰發送給終端。此外,伺服器還可以通過對稱密鑰對修改後的新密碼進行加密,並儲存,從而可以防止使用者通過上述圖1所示的第一終端修改後的新密碼被洩露帶來的風險。
步驟314,通過終端的私鑰對加密後的對稱密鑰進行解密,得到伺服器的對稱密鑰。 Step 314: Decrypt the encrypted symmetric key using the private key of the terminal to obtain the symmetric key of the server.
通過上述步驟311-步驟314,可以使伺服器獲取到終端的公鑰,終端獲取到伺服器的對稱密鑰,實現了伺服器的對稱密鑰與終端的私鑰的密鑰同步過程。 Through the above steps 311-314, the server can obtain the public key of the terminal, and the terminal can obtain the symmetric key of the server, which realizes the key synchronization process between the symmetric key of the server and the private key of the terminal.
本實施例中,通過對稱加密技術可以確保驗證結果的機密性,防止驗證結果被非法使用者篡改,通過亂數可以防止加密後的資料被重放利用。 In this embodiment, the confidentiality of the verification result can be ensured by the symmetric encryption technology, and the verification result can be prevented from being tampered with by unauthorized users, and the encrypted data can be prevented from being replayed and utilized by random numbers.
圖4為根據本發明的一示例性實施例三示出的實現會話標識同步的方法的流程示意圖;本實施例以終端如何對使用者進行本地合法性驗證為例進行示例性說明,如圖4所示,包括如下步驟:步驟401,在應用程式的登錄介面通過生物感測器採集終端的使用者的生物特徵;在一實施例中,生物特徵可以為使用者的指紋、虹膜、人臉等生物特徵。如果生物特徵為指紋,則可以在應用程式的當前登錄介面獲取使用者的指紋,從而可以避免使用者需要退出應用程式當前所呈現的登錄介面,實現在登錄介面直接進行指紋識別的操作,簡化了對使用者進行本地合法性驗證的步驟。 FIG. 4 is a schematic flowchart of a method for realizing session identification synchronization according to an exemplary embodiment 3 of the present invention; this embodiment uses how the terminal performs local legality verification on the user as an example to illustrate, as shown in FIG. 4 As shown, it includes the following steps: Step 401, collect the biometric characteristics of the terminal user through the biosensor on the login interface of the application; in one embodiment, the biometric characteristics may be the user's fingerprint, iris, face, etc. Biological characteristics. If the biometric feature is a fingerprint, the user's fingerprint can be obtained from the current login interface of the application, which prevents the user from having to log out of the login interface currently presented by the application, and realizes the direct fingerprint recognition operation on the login interface, which simplifies Steps to verify the user's local legality.
步驟402,對生物特徵進行認證,認證是否通過,如果生物特徵認證通過,執行步驟403,如果生物特徵認證未通過,執行步驟404;步驟403,如果生物特徵認證通過,確定終端的使用者為合法使用者;在一實施例中,生物特徵的認證可以參見現有技術中的相關描述,本實施例不再詳述。
步驟404,如果生物特徵認證未通過,在應用程式的登錄介面提示通過登錄帳號和登錄密碼登錄應用程式。 In
本實施例,當同一個應用程式有大量使用者均通過其中一個終端重置登錄密碼並通過其它終端登錄該應用程式時,本實施例通過終端基於本地的身份認證機制可以優化伺服器側的負載,避免攻擊者對伺服器進行分散式阻斷服務(DDOS)攻擊。 In this embodiment, when a large number of users of the same application reset the login password through one of the terminals and log in to the application through other terminals, this embodiment can optimize the load on the server side through the terminal's local identity authentication mechanism. , To prevent attackers from carrying out distributed denial of service (DDOS) attacks on the server.
圖5為根據本發明的一示例性實施例四示出的實現會話標識同步的方法的流程示意圖;終端在通過上述實施例獲取到第二會話標識並保存之後,伺服器為了確保使用者登錄的安全,可以設定第二會話標識的有效期限,從而通過第二會話標識的有效期限限制使用者登錄應用程式的期限,如圖5所示,包括如下步驟:步驟501,確定第二會話標識是否在有效期限內,如果第二會話標識在有效期限內,執行步驟502,如果第二會話標識已超出有效期限內,執行步驟503;步驟502,如果第二會話標識在有效期限內,通過第 二會話標識登錄應用程式;步驟503,如果第二會話標識已超出有效期限內,提示使用者通過登錄帳號和登錄帳號的有效登錄密碼登錄應用程式。 Fig. 5 is a schematic flowchart of a method for implementing session identification synchronization according to an exemplary embodiment 4 of the present invention; after the terminal obtains and saves the second session identification through the above-mentioned embodiment, the server ensures that the user logs in Security, the validity period of the second session identifier can be set, so that the period of time for the user to log in to the application is restricted by the validity period of the second session identifier, as shown in Figure 5, including the following steps: Step 501, determine whether the second session identifier Within the validity period, if the second session ID is within the validity period, go to step 502, if the second session ID has exceeded the validity period, go to step 503;
在一實施例中,有效期限可以從伺服器出獲取到,例如,使用者通過第一終端重置了新密碼,伺服器通過新密碼產生第二會話標識的時間為2015年10月10日12時12分,有效期限為一個月,終端可以從伺服器處獲取到第二會話標識的產生時間和有效期限,從而根據第二會話標識來確定使用者是否可以直接通過第二會話標識登錄應用程式,如果第二會話標識已經超出1個月,可以在應用程式的登錄介面提示使用者需要通過登錄帳號和登錄登錄帳號的有效登錄密碼登錄應用程式。 In one embodiment, the expiration date can be obtained from the server. For example, the user resets the new password through the first terminal, and the time when the server generates the second session identifier through the new password is October 10, 2015. At 12 minutes, the validity period is one month. The terminal can obtain the generation time and validity period of the second session identifier from the server, so as to determine whether the user can directly log in to the application through the second session identifier according to the second session identifier , If the second session ID has exceeded 1 month, you can prompt the user to log in to the application with the login account and the valid login password of the login account on the login interface of the application.
本實施例中,通過設定第二會話標識的有效期限限制使用者的登錄行為,從而可以避免當非法使用者獲取到第二會話標識後非法登錄應用程式,確保使用者登錄應用程式的安全性。 In this embodiment, the user's login behavior is restricted by setting the validity period of the second session identifier, thereby preventing illegal users from logging in to the application after obtaining the second session identifier, and ensuring the security of the user logging in to the application.
圖6為根據本發明的又一示例性實施例一示出的實現會話標識同步的方法的流程示意圖;為了與上述圖1所示實施例的描述相一致,以方法應用在伺服器上為例進行示例性說明,如圖6所示,包括如下步驟:步驟601,在終端發起登錄應用程式的第一請求時,對第一請求中攜帶的第一會話標識的有效性進行驗證,第一會話標識為應用程式的登錄帳號和原密碼產生的,原密 碼為登錄帳號對應的修改前的登錄密碼;在一實施例中,可以將第一會話標識與伺服器已儲存的有效的會話標識進行比較,如果第一會話標識與已儲存的有效的會話標識相同,則確定第一會話標識有效,如果第一會話標識與已儲存的有效的會話標識不相同,則確定第一會話標識無效。 FIG. 6 is a schematic flowchart of a method for realizing session identification synchronization according to another exemplary embodiment 1 of the present invention; in order to be consistent with the description of the embodiment shown in FIG. 1, the method is applied on a server as an example For an exemplary description, as shown in FIG. 6, it includes the following steps: Step 601, when the terminal initiates a first request to log in to the application, the validity of the first session identifier carried in the first request is verified, and the first session The identifier is generated by the login account of the application and the original password, and the original password is the login password before modification corresponding to the login account; in one embodiment, the first session identifier may be compared with the valid session identifier stored in the server If the first session identifier is the same as the stored valid session identifier, it is determined that the first session identifier is valid, and if the first session identifier is not the same as the stored valid session identifier, it is determined that the first session identifier is invalid.
步驟602,如果第一會話標識驗證無效,指示終端對終端的使用者進行合法性驗證;在一實施例中,終端的使用者進行合法性驗證的方式可以參見上述實施例的相關描述,此處不再詳述。 Step 602: If the verification of the first session identifier is invalid, instruct the terminal to verify the legality of the user of the terminal; in one embodiment, the method for the user of the terminal to verify the legality can refer to the relevant description of the above-mentioned embodiment, here No more details.
步驟603,接收來自終端的對使用者進行合法性驗證的驗證結果;在一實施例中,如果終端向伺服器發送驗證結果之前,通過伺服器的對稱密鑰對驗證結果以及該驗證結果對應的亂數進行加密,將加密後的驗證結果發送至伺服器,此時伺服器還需要通過對稱密鑰對加密後的驗證結果進行結果。 Step 603: Receive the verification result of the user's legality verification from the terminal; in one embodiment, if the terminal sends the verification result to the server, the verification result and the verification result corresponding to the verification result are paired by the server's symmetric key. The random number is encrypted, and the encrypted verification result is sent to the server. At this time, the server also needs to use the symmetric key to perform the result of the encrypted verification result.
步驟604,如果伺服器驗證通過驗證結果,將第二會話標識發送至終端,第二會話標識為登錄帳號和新密碼產生的,新密碼為登錄帳號對應的修改後的登錄密碼。 Step 604: If the server passes the verification result, the second session identifier is sent to the terminal. The second session identifier is generated by the login account and the new password, and the new password is the modified login password corresponding to the login account.
通過上述步驟601-步驟604,可以使合法的使用者登錄到伺服器,並使合法的使用者獲取到第二會話標識,避免合法的使用者使用終端時重新輸入新密碼登錄應用程式,大大提高了使用者登錄應用程式的體驗;當大量的使 用者需要重置應用程式的登錄密碼後,通過指示終端側對使用者進行合法性驗證,可以減輕伺服器關於驗證使用者合法性的負載,避免伺服器的資源浪費。 Through the above steps 601-604, a legal user can log in to the server, and the legal user can obtain the second session ID, which prevents the legal user from re-entering the new password to log in to the application when using the terminal, which greatly improves This improves the user’s experience of logging in to the application; when a large number of users need to reset the application’s login password, by instructing the terminal to verify the user’s legitimacy, the server’s load on verifying the user’s legitimacy can be reduced and avoided The server's resources are wasted.
圖7為根據本發明的又一示例性實施例二示出的實現會話標識同步的方法的流程示意圖;如圖7所示,包括如下步驟:步驟701,如果終端已經採用伺服器的對稱密鑰對驗證結果進行加密,通過伺服器的對稱密鑰對加密後的驗證結果進行解密,得到驗證結果對應的驗證字串和亂數;步驟702,對驗證字串和亂數進行驗證,如果對驗證字串和亂數驗證通過,將第二會話標識發送至終端。 FIG. 7 is a schematic flowchart of a method for realizing session identification synchronization according to another exemplary embodiment 2 of the present invention; as shown in FIG. 7, it includes the following steps: Step 701, if the terminal has already used the symmetric key of the server The verification result is encrypted, and the encrypted verification result is decrypted by the server's symmetric key to obtain the verification string and random number corresponding to the verification result;
在一實施例中,終端與伺服器可以約定相同的散列演算法,從而可以確保終端和伺服器能夠根據散列演算法產生相同的亂數,進而通過亂數對驗證結果進行雙重驗證。在一實施例中,驗證結果中的驗證字串例如可以為:“001”和“000”,其中,“001”表示通過驗證,“000”表示未通過驗證。在一實施例中,可以通過終端的公鑰對第二會話標識進行加密,從而可以確保第二會話標識在傳輸過程中的安全性。 In an embodiment, the terminal and the server can agree on the same hash algorithm, so that it can be ensured that the terminal and the server can generate the same random number according to the hash algorithm, and then double-verify the verification result through the random number. In an embodiment, the verification string in the verification result may be, for example, "001" and "000", where "001" indicates that the verification is passed, and "000" indicates that the verification is not passed. In an embodiment, the second session identifier may be encrypted by the public key of the terminal, so as to ensure the security of the second session identifier during the transmission process.
關於終端如何獲取到伺服器的對稱秘鑰的以及伺服器時如何獲取到終端的公鑰的,請參見上述圖3B的描述,在此不再詳述。 Regarding how the terminal obtains the symmetric secret key of the server and how the server obtains the public key of the terminal, please refer to the description of FIG. 3B above, which will not be described in detail here.
本實施例中,通過對稱加密技術可以確保驗證結果的機密性,防止驗證結果被非法使用者篡改,通過亂數可以 防止加密後的資料被重放利用。 In this embodiment, symmetric encryption technology can ensure the confidentiality of the verification result, prevent the verification result from being tampered with by unauthorized users, and prevent the encrypted data from being replayed and used by random numbers.
圖8為根據本發明的又一示例性實施例三示出的實現會話標識同步的方法的流程示意圖;伺服器在通過上述實施例產生第二會話標識並保存之後,伺服器為了確保使用者登錄的安全,可以設定第二會話標識的有效期限,從而通過第二會話標識的有效期限限制使用者登錄應用程式的期限,如圖8所示,包括如下步驟:步驟801,確定第二會話標識是否在有效期限內,如果第二會話標識在有效期限內,執行步驟802,如果第二會話標識已超出有效期限內,執行步驟803;步驟802,如果第二會話標識在有效期限內,允許使用者通過第二會話標識登錄應用程式;步驟803,如果第二會話標識已超出有效期限內,禁止使用者通過第二會話標識登錄應用程式。 FIG. 8 is a schematic flowchart of a method for realizing session identifier synchronization according to another exemplary embodiment 3 of the present invention; after the server generates and saves the second session identifier through the above-mentioned embodiment, the server ensures that the user logs in For security, the validity period of the second session identifier can be set, so as to limit the period of time for the user to log in to the application through the validity period of the second session identifier. Within the validity period, if the second session ID is within the validity period, go to step 802, if the second session ID has exceeded the validity period, go to step 803;
在一實施例中,伺服器可以根據使用者所設置的期限來確定第二會話標識的有效期限,例如,使用者通過第一終端重置了新密碼以及有效期限為一個月,伺服器通過新密碼產生第二會話標識的時間為2015年10月10日12時12分,伺服器可以確定第二會話標識的有效期至2015年11月10日12時12分,當使用者在此期限內可以通過第二會話標識直接登錄應用程式,超過改期限時,可以禁止使用者通過第二會話標識登錄應用程式。 In one embodiment, the server may determine the validity period of the second session identifier according to the period set by the user. For example, the user resets the new password through the first terminal and the validity period is one month, and the server passes the new The password generated the second session ID at 12:12, October 10, 2015. The server can determine the validity period of the second session ID until 12:12, November 10, 2015. When the user can Directly log in to the application through the second session identifier, and when the time limit expires, the user may be prohibited from logging in to the application through the second session identifier.
本實施例中,通過設定第二會話標識的有效期限限制使用者的登錄行為,從而可以避免當非法使用者獲取到第 二會話標識後非法登錄應用程式,確保使用者登錄應用程式的安全性。 In this embodiment, the user's login behavior is restricted by setting the validity period of the second session identifier, thereby preventing illegal users from illegally logging in to the application after obtaining the second session identifier, and ensuring the security of the user's login to the application.
作為一個示例性場景,當使用者通過手機重置應用程式的登錄密碼後,如果使用者通過車載終端登錄該應用程式,車載終端在使用者重置登錄密碼之前已經記錄了已無效的第一會話標識,由於伺服器已經將第一會話標識設置為無效,因此使用者不能通過車載終端登錄到該應用程式,由於使用者處於駕駛中,因此使用者此時不方便輸入新密碼,通過上述實施例對使用者進行生物特徵驗證,在確定使用者為車載終端的合法使用者時,則可以通過車載終端向伺服器獲取第二會話標識,進而通過第二會話標識登錄應用程式,從而可以降低使用者在駕駛過程中的風險。 As an exemplary scenario, after the user resets the login password of the application through the mobile phone, if the user logs in the application through the vehicle-mounted terminal, the vehicle-mounted terminal has recorded the invalid first session before the user resets the login password ID. Since the server has set the first session ID to be invalid, the user cannot log in to the application through the vehicle-mounted terminal. Because the user is driving, it is not convenient for the user to enter a new password at this time. Perform biometric verification on the user. When it is determined that the user is a legal user of the vehicle-mounted terminal, the second session identifier can be obtained from the server through the vehicle-mounted terminal, and then the application can be logged in through the second session identifier, which can reduce the number of users Risks during driving.
對應於上述的實現會話標識同步的方法,本發明還提出了圖9所示的根據本發明的一示例性實施例的終端的示意結構圖。請參考圖9,在硬體層面,該終端包括處理器、內部匯流排、網路介面、記憶體以及非易失性記憶體,當然還可能包括其他業務所需要的硬體。處理器從非易失性記憶體中讀取對應的電腦程式到記憶體中然後運行,在邏輯層面上形成實現會話標識同步的裝置。當然,除了軟體實現方式之外,本發明並不排除其他實現方式,比如邏輯裝置抑或軟硬體結合的方式等等,也就是說以下處理流程的執行主體並不限定於各個邏輯單元,也可以是硬體或邏輯裝置。 Corresponding to the foregoing method for realizing session identification synchronization, the present invention also proposes a schematic structural diagram of a terminal according to an exemplary embodiment of the present invention shown in FIG. 9. Please refer to Figure 9. At the hardware level, the terminal includes a processor, internal bus, network interface, memory, and non-volatile memory. Of course, it may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form a device that realizes the synchronization of the session identification on the logical level. Of course, in addition to the software implementation, the present invention does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also Is a hardware or logic device.
對應於上述的實現會話標識同步的方法,本發明還提出了圖10所示的根據本發明的一示例性實施例的伺服器的示意結構圖。請參考圖10,在硬體層面,該伺服器包括處理器、內部匯流排、網路介面、記憶體以及非易失性記憶體,當然還可能包括其他業務所需要的硬體。處理器從非易失性記憶體中讀取對應的電腦程式到記憶體中然後運行,在邏輯層面上形成實現會話標識同步的裝置。當然,除了軟體實現方式之外,本發明並不排除其他實現方式,比如邏輯裝置抑或軟硬體結合的方式等等,也就是說以下處理流程的執行主體並不限定於各個邏輯單元,也可以是硬體或邏輯裝置。 Corresponding to the foregoing method for realizing session identification synchronization, the present invention also proposes a schematic structural diagram of a server according to an exemplary embodiment of the present invention shown in FIG. 10. Please refer to Figure 10. At the hardware level, the server includes a processor, internal bus, network interface, memory, and non-volatile memory, and of course, it may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form a device that realizes the synchronization of the session identification on the logical level. Of course, in addition to the software implementation, the present invention does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also Is a hardware or logic device.
圖11示出了根據本發明的一示例性實施例一的實現會話標識同步的裝置的結構示意圖;如圖11所示,該實現會話標識同步的裝置可以包括:第一發送模組111、第一驗證模組112、第一接收模組113。其中:第一發送模組111,用於向伺服器發起登錄應用程式的第一請求,第一請求中攜帶有第一會話標識,第一會話標識為應用程式的登錄帳號和原密碼產生的,原密碼為登錄帳號對應的修改前的登錄密碼;第一驗證模組112,用於如果伺服器確定第一發送模組111發送的第一會話標識無效,對終端的使用者進行合法性驗證,將得到的驗證結果發送至伺服器,以供伺服器對驗證結果進行校驗;第一接收模組113,用於如果伺服器驗證通過第一驗 證模組112得到的驗證結果,接收來自伺服器的第二會話標識並保存至終端,第二會話標識為登錄帳號和新密碼產生的,新密碼為登錄帳號對應的修改後的登錄密碼。 FIG. 11 shows a schematic structural diagram of an apparatus for realizing session identification synchronization according to an exemplary embodiment of the present invention; as shown in FIG. 11, the apparatus for realizing session identification synchronization may include: a
圖12示出了根據本發明的一示例性實施例二的實現會話標識同步的裝置的結構示意圖;如圖12所示,在上述圖11所示實施例的基礎上,在一實施例中,裝置還可包括:第一產生模組114,用於通過散列演算法產生第一驗證模組112得到的驗證結果對應的驗證字串的亂數;第一加密模組115,用於通過伺服器的對稱密鑰對第一驗證模組112得到的驗證字串和第一產生模組114產生的亂數進行加密,得到加密後的驗證結果。 FIG. 12 shows a schematic structural diagram of an apparatus for realizing session identification synchronization according to an exemplary embodiment 2 of the present invention; as shown in FIG. 12, based on the embodiment shown in FIG. 11, in an embodiment, The device may further include: a
在一實施例中,裝置還可包括:第二產生模組116,用於根據非對稱加密演算法產生終端的公鑰和私鑰;第二發送模組117,用於將第二產生模組116產生的終端的公鑰發送給伺服器;第二接收模組118,用於接收伺服器通過第二發送模組117發送的終端的公鑰已經加密的伺服器的對稱密鑰;第一解密模組119,用於通過第二產生模組118產生的終端的私鑰對加密後的對稱密鑰進行解密,得到伺服器的對稱密鑰。 In an embodiment, the device may further include: a
在一實施例中,第一驗證模組112可包括:特徵採集單元1121,用於在應用程式的登錄介面通 過生物感測器採集終端的使用者的生物特徵;認證單元1122,用於對特徵採集單元1121採集的生物特徵進行認證;第一確定單元,用於如果認證單元1122認證生物特徵通過,確定終端的使用者為合法使用者;提示單元1123,用於如果認證單元1122認證生物特徵未通過,在應用程式的登錄介面提示通過登錄帳號和登錄密碼登錄應用程式。 In an embodiment, the
在一實施例中,裝置還可包括:第一確定模組120,用於確定第一接收模組113接收到的第二會話標識是否在有效期限內;第二確定模組121,用於如果第一確定模組120確定第二會話標識在有效期限內,確定通過第二會話標識登錄應用程式;提示模組122,用於如果第一確定模組120確定第二會話標識已超出有效期限內,提示使用者通過登錄帳號和登錄帳號的有效登錄密碼登錄應用程式。 In an embodiment, the device may further include: a first determining
圖13示出了根據本發明的一示例性實施例三的實現會話標識同步的裝置的結構示意圖;如圖13所示,實現會話標識同步的裝置可以包括:第二驗證模組131、指示模組132、第三接收模組133、第三發送模組134。其中:第二驗證模組131,用於在終端發起登錄應用程式的第一請求時,對第一請求中攜帶的第一會話標識的有效性 進行驗證,第一會話標識為應用程式的登錄帳號和原密碼產生的,原密碼為登錄帳號對應的修改前的登錄密碼;指示模組132,用於如果第二驗證模組131驗證第一會話標識驗證無效,指示終端對終端的使用者進行合法性驗證;第三接收模組133,用於接收來自終端根據指示模組132指示的對使用者進行合法性驗證的驗證結果;第三發送模組134,用於如果伺服器驗證通過第三接收模133塊接收到的驗證結果,將第二會話標識發送至終端,第二會話標識為登錄帳號和新密碼產生的,新密碼為登錄帳號對應的修改後的登錄密碼。 FIG. 13 shows a schematic structural diagram of an apparatus for realizing session identification synchronization according to an exemplary embodiment 3 of the present invention; as shown in FIG. 13, the apparatus for realizing session identification synchronization may include: a
圖14示出了根據本發明的一示例性實施例四的實現會話標識同步的裝置的結構示意圖;如圖14所示,在上述圖13所示實施例的基礎上,在一實施例中,裝置還可包括:第二解密模組135,用於如果終端已經採用伺服器的對稱密鑰對第三接收模組133接收到的驗證結果進行加密,通過伺服器的對稱密鑰對加密後的驗證結果進行解密,得到驗證結果對應的驗證字串和亂數;第三驗證模組136,用於對第二解密模組135解密後的驗證字串和亂數進行驗證,如果對驗證字串和亂數驗證通過,第三發送模組134執行將第二會話標識發送至終端的步驟。 FIG. 14 shows a schematic structural diagram of an apparatus for realizing session identification synchronization according to an exemplary embodiment 4 of the present invention; as shown in FIG. 14, on the basis of the embodiment shown in FIG. 13, in an embodiment, The device may further include: a
在一實施例中於,裝置還可包括: 第三產生模組137,用於根據對稱加密演算法產生伺服器的對稱密鑰,以供第二解密模組135通過伺服器的對稱密鑰對加密後的驗證結果進行解密;第二加密模組138,用於通過終端的公鑰對第三產生模組137產生的對稱式密鑰密碼編譯;第四發送模組139,用於將第二加密模組138加密後的對稱密鑰發送給終端,以供終端通過公鑰對應的私鑰對加密後的對稱密鑰進行解密,得到伺服器的對稱密鑰。 In one embodiment, the device may further include: a
在一實施例中,裝置還可包括:第三確定模組140,用於確定第三發送模組134發送的第二會話標識是否在有效期限內;第一控制模組141,用於如果第三確定模組140確定第二會話標識在有效期限內,允許使用者通過第二會話標識登錄應用程式;第二控制模組142,用於如果第三確定模組140確定第二會話標識已超出有效期限內,禁止使用者通過第二會話標識登錄應用程式上述實施例可見,當使用者在第一終端修改應用程式的登錄密碼後,使用者通過第二終端登錄應用程式時,可以使同一使用者在不同與第一終端的第二終端登錄應用程式時,避免通過輸入修改後的登錄密碼的方式登錄應用程式,從而可以改善使用者的體驗並確保登錄的安全性。 In an embodiment, the device may further include: a third determining
所屬技術領域中具有通常知識者在考慮說明書及實踐這裡揭露的發明後,將容易想到本發明的其它實施方案。 本發明旨在涵蓋本發明的任何變型、用途或者適應性變化,這些變型、用途或者適應性變化遵循本發明的一般性原理並包括本發明未揭露的所屬技術領域中的通常知識或慣用技術手段。說明書和實施例僅被視為示例性的,本發明的真正範圍和精神由下面的申請專利範圍指出。 Those with ordinary knowledge in the technical field will easily think of other embodiments of the present invention after considering the specification and practicing the invention disclosed herein. The present invention is intended to cover any variations, uses, or adaptive changes of the present invention. These variations, uses, or adaptive changes follow the general principles of the present invention and include common knowledge or conventional technical means in the technical field not disclosed by the present invention. . The specification and embodiments are only regarded as exemplary, and the true scope and spirit of the present invention are pointed out by the following patent application scope.
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個......”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。 It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
以上所述僅為本發明的較佳實施例而已,並不用以限制本發明,凡在本發明的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本發明保護的範圍之內。 The above are only the preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the present invention Within the scope of protection.
Claims (14)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106102235A TWI746504B (en) | 2017-01-20 | 2017-01-20 | Method and device for realizing synchronization of session identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106102235A TWI746504B (en) | 2017-01-20 | 2017-01-20 | Method and device for realizing synchronization of session identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201828143A TW201828143A (en) | 2018-08-01 |
| TWI746504B true TWI746504B (en) | 2021-11-21 |
Family
ID=63960560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW106102235A TWI746504B (en) | 2017-01-20 | 2017-01-20 | Method and device for realizing synchronization of session identification |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI746504B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102542444A (en) * | 2011-12-22 | 2012-07-04 | 大唐微电子技术有限公司 | Method, device and system for carrying out identity verification of mobile payment |
| TW201313052A (en) * | 2011-06-02 | 2013-03-16 | Interdigital Patent Holdings | Methods, apparatus, and systems for managing converged gateway communications |
| CN103618604A (en) * | 2013-11-26 | 2014-03-05 | 中国联合网络通信集团有限公司 | Identity authentication method and system |
| WO2015199586A1 (en) * | 2014-06-23 | 2015-12-30 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and apparatuses for enabling an establishment of a second secure session over a communication network |
| US20160063479A1 (en) * | 2013-05-31 | 2016-03-03 | Huawei Technologies Co., Ltd. | Transfer information processing method and device |
-
2017
- 2017-01-20 TW TW106102235A patent/TWI746504B/en active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201313052A (en) * | 2011-06-02 | 2013-03-16 | Interdigital Patent Holdings | Methods, apparatus, and systems for managing converged gateway communications |
| CN102542444A (en) * | 2011-12-22 | 2012-07-04 | 大唐微电子技术有限公司 | Method, device and system for carrying out identity verification of mobile payment |
| US20160063479A1 (en) * | 2013-05-31 | 2016-03-03 | Huawei Technologies Co., Ltd. | Transfer information processing method and device |
| CN103618604A (en) * | 2013-11-26 | 2014-03-05 | 中国联合网络通信集团有限公司 | Identity authentication method and system |
| WO2015199586A1 (en) * | 2014-06-23 | 2015-12-30 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and apparatuses for enabling an establishment of a second secure session over a communication network |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201828143A (en) | 2018-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3373510B1 (en) | Method and device for realizing session identifier synchronization | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| CN106797311B (en) | System, method and storage medium for secure password generation | |
| US20190281028A1 (en) | System and method for decentralized authentication using a distributed transaction-based state machine | |
| US8112787B2 (en) | System and method for securing a credential via user and server verification | |
| US10348706B2 (en) | Assuring external accessibility for devices on a network | |
| WO2019020051A1 (en) | Method and apparatus for security authentication | |
| US20160125180A1 (en) | Near Field Communication Authentication Mechanism | |
| US10771467B1 (en) | External accessibility for computing devices | |
| JP2018521417A (en) | Safety verification method based on biometric features, client terminal, and server | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN110659467A (en) | Remote user identity authentication method, device, system, terminal and server | |
| US10579809B2 (en) | National identification number based authentication and content delivery | |
| TW201426383A (en) | System and method for identifying users | |
| WO2021190197A1 (en) | Method and apparatus for authenticating biometric payment device, computer device and storage medium | |
| KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
| CN108737376A (en) | A kind of double factor authentication method and system based on fingerprint and digital certificate | |
| TW202207667A (en) | Authentication and validation procedure for improved security in communications systems | |
| WO2014187208A1 (en) | Method and system for backing up private key in electronic signature token | |
| TWI746504B (en) | Method and device for realizing synchronization of session identification | |
| CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
| Kumari et al. | Hacking resistance protocol for securing passwords using personal device | |
| CN110225011B (en) | Authentication method and device for user node and computer readable storage medium | |
| AU2017412654B2 (en) | Assuring external accessibility for devices on a network | |
| KR101737925B1 (en) | Method and system for authenticating user based on challenge-response |