CN103428221B - Safe login method, system and device to Mobile solution - Google Patents
Safe login method, system and device to Mobile solution Download PDFInfo
- Publication number
- CN103428221B CN103428221B CN201310376242.6A CN201310376242A CN103428221B CN 103428221 B CN103428221 B CN 103428221B CN 201310376242 A CN201310376242 A CN 201310376242A CN 103428221 B CN103428221 B CN 103428221B
- Authority
- CN
- China
- Prior art keywords
- cloud server
- encryption
- encryption key
- user
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention proposes a kind of safe login method for Mobile solution, comprises the following steps:Mobile solution in cloud server and mobile terminal is encrypted key agreement, and preserves encryption key in server and mobile terminal beyond the clouds respectively;Cloud server receives the login authentication request that Mobile solution sends, wherein, login authentication request includes user name and the first encryption string, and the first encryption string is included by encryption key to the information after user cipher encryption;Cloud server is decrypted to obtain user cipher to the first encryption string according to encryption key;Cloud server carries out login authentication to mobile terminal according to user cipher.The present invention passes through encrypted key exchange, it is ensured that the security of login system on Mobile solution, protects privacy of user.The invention also discloses a kind of a kind of Security Login System and cloud server for Mobile solution.
Description
Technical field
The present invention relates to mobile interchange technical field, more particularly to a kind of safe login method to Mobile solution, system
And device.
Background technology
The development of internet growth also along with network security threats.Service in many websites need User logs in it
Can just use afterwards, in login process, need to transmit the account and password of user.Many hackers are by intercepting the user transmitted
Log-on message, maliciously steals user account and password, has threatened the personal account number safety of user.
General traditional login system when submitting to User logs in ask, in order to ensure user cipher safe transmission, typically
Https agreements can such as be adopted using the data transmission mechanism based on ssl protocol.
Under mobile network at home, following fatal problem occurs using https agreements:
(1), the gateway of some mobile operator does not support https agreements, such as CMWAP gateways earlier.
(2), as the transmission speed of mobile network itself is slower, https agreements are added and there are three SSL handshake process
And https certificate checking procedures, and certification authentication mechanism is all abroad, these result in
Https agreements occur the very slow problem of response speed.
In order to avoid causing Consumer's Experience drastically to deteriorate because of the problems referred to above, many Mobile solutions are submitting User logs in request to
When all directly use http agreements.But if respective encrypted process is not done to user cipher, http agreements, Yong Humi are directly used
Code is easy to be got by the operation such as network packet capturing by hacker, causes user profile to reveal, threatens user information safety.In order to
The problem is solved, great majority can be before logging request be sent, first in client by pre- using the Mobile solution of http agreements
If fixed key the password of user input done symmetrically or non-symmetrically encrypt, then the password after encryption is sent to service
End, after service end receives the password of encryption, obtains the password of user input by same fixed key decryption, by with clothes
User's original password that business end preserves is relatively verifying the validity of user cipher.This mode improves use to a certain extent
The security of family password, but in fact, the login system is still not safe enough, reason is as follows:
(1) if, client encryption user cipher when use symmetric encipherment algorithm, hacker can be by reverse work
Journey decompiling client-side program, knows AES details and default fixed key, serves, hacker is obtained by network packet capturing
During the user cipher that must be encrypted, the real password of user can be obtained according to corresponding decipherment algorithm.
(2) if, client encryption user cipher when use rivest, shamir, adelman, hacker cannot utilize (one)
In method obtain the real password of user.But, hacker can be by Replay Attack means, the use that will be obtained during network packet capturing
The password of name in an account book and encryption sends to service end again and is logged in, and obtains the subscriber sign-in conversation information that service end is returned, takes
Obtain all operations power of user account.In the same manner, client adopt symmetric encipherment algorithm when, hacker can also by this means come
Realize logging in the account of victim.
The main cause that the problems referred to above occur is client when carrying out user cipher and encrypting, and the key for being adopted is fixed
It is constant, permanent effective.Therefore the easily stolen use of account information so that user profile is revealed, and user account is compromised.
The content of the invention
It is contemplated that at least solving one of technical problem present in prior art.
For this purpose, it is an object of the present invention to propose a kind of safe login method for Mobile solution, by encryption
Key agreement, it is ensured that the security of login system on Mobile solution, protects privacy of user.
Second object of the present invention is to propose a kind of Security Login System for Mobile solution.
Third object of the present invention is to propose a kind of cloud server.
To reach above-mentioned purpose, the embodiment of first aspect present invention proposes a kind of secure log for Mobile solution
Method, comprises the following steps:Cloud server is encrypted key agreement with the Mobile solution in mobile terminal, and respectively in institute
Encryption key is preserved in stating cloud server and mobile terminal;The cloud server receives the login that the Mobile solution sends
Checking request, wherein, the login authentication request includes user name and the first encryption string, and the first encryption string is included by institute
Encryption key is stated to the information after user cipher encryption;The cloud server is encrypted to described first according to the encryption key
String is decrypted to obtain the user cipher;The cloud server is carried out to the mobile terminal according to the user cipher
Login authentication.
Safe login method for Mobile solution according to embodiments of the present invention, encryption key are stored in cloud through consultation
In end server and mobile terminal, encryption and decryption is realized by encryption key.The encryption key of negotiation can personalize, even if
Encrypted password is maliciously obtained cannot also obtain key so that request is sent using http agreements it is also ensured that mobile
Using the security of upper login system, privacy of user is protected.
In one embodiment of the invention, the first encryption string is also included by the encryption key to current time
Information after encryption.
In one embodiment of the invention, also include:The cloud server is according to the encryption key to described
One encryption string is decrypted to obtain the current time;The cloud server is determined whether according to the current time
Effect;When the cloud server judges invalid, error message is returned to the mobile terminal.When logging in every time, password encryption
The content of string is effective in the configurable scope of time interval length, can prevent Replay Attack to a certain extent.
In one embodiment of the invention, the Mobile solution in the cloud server and mobile terminal is encrypted close
Key is consulted to further include:Be stored with the cloud server and mobile terminal default encryption key;The cloud server
When the mobile terminal is logged in for the first time, key association is encrypted by the default encryption key and the mobile terminal
Business.
The embodiment of second aspect present invention proposes a kind of Security Login System for Mobile solution, including mobile whole
End and cloud server.
Wherein, preserve the encryption key after consulting in the cloud server and mobile terminal respectively, wherein, the shifting
Dynamic terminal for sending login authentication request to the cloud server, wherein, login authentication request include user name with
First encryption string, the first encryption string are included by the encryption key to the information after user cipher encryption;The high in the clouds
Server is decrypted to obtain the user cipher, and according to institute for encrypting string to described first according to the encryption key
Stating user cipher carries out login authentication to the mobile terminal.
Security Login System for Mobile solution according to embodiments of the present invention, encryption key are stored in cloud through consultation
In end server and mobile terminal, encryption and decryption is realized by encryption key.The encryption key of negotiation can personalize, even if
Encrypted password is maliciously obtained cannot also obtain key so that request is sent using http agreements it is also ensured that mobile
Using the security of upper login system, privacy of user is protected.
In one embodiment of the invention, the first encryption string is also included by the encryption key to current time
Information after encryption.
In one embodiment of the invention, the cloud server, is additionally operable to according to the encryption key to described
One encryption string is decrypted to obtain the current time, and is judged whether effectively according to the current time, and is being judged
When invalid, error message is returned to the mobile terminal.When logging in every time, the content of password encryption string can in time interval length
In the range of configuration effectively, Replay Attack can be prevented to a certain extent.
In one embodiment of the invention, be stored with the cloud server and mobile terminal default encryption key,
The cloud server is entered by the default encryption key and the mobile terminal when the mobile terminal is logged in for the first time
Row encrypted key exchange.
The embodiment of third aspect present invention proposes a kind of cloud server, in the cloud server and mobile terminal
The encryption key after consulting is preserved respectively, wherein, the cloud server includes login authentication request receiving module, decryption mould
Block and login authentication module.
Wherein, login authentication request receiving module is used to receive the login authentication request that the Mobile solution sends, wherein,
Login authentication request includes user name and the first encryption string, described first encrypt string include by the encryption key to
Information after the password encryption of family;Deciphering module is decrypted to obtain for string is encrypted to described first according to the encryption key
The user cipher;Login authentication module is for carrying out login authentication to the mobile terminal according to the user cipher.
Cloud server according to embodiments of the present invention, encryption key is stored in cloud server through consultation and movement is whole
In end, encryption and decryption is realized by encryption key.The encryption key of negotiation can personalize, even if encrypted password is disliked
Meaning is obtained and cannot also obtain key so that is sent using http agreements and is asked the login system it is also ensured that on Mobile solution
Security, protect privacy of user.
In one embodiment of the invention, the first encryption string is also included by the encryption key to current time
Information after encryption.
In one embodiment of the invention, the deciphering module according to the encryption key to described first encryption go here and there into
Row is decrypted to obtain the current time.
In one embodiment of the invention, the login authentication module judges whether effectively according to the current time,
When the cloud server judges invalid, error message is returned to the mobile terminal.When logging in every time, password encryption string
Content is effective in the configurable scope of time interval length, can prevent Replay Attack to a certain extent.
In one embodiment of the invention, be stored with the cloud server and mobile terminal default encryption key,
The cloud server is entered by the default encryption key and the mobile terminal when the mobile terminal is logged in for the first time
Row encrypted key exchange.
The additional aspect and advantage of the present invention will be set forth in part in the description, and partly will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Description of the drawings
The above-mentioned and/or additional aspect and advantage of the present invention will become from the description with reference to accompanying drawings below to embodiment
It is substantially and easy to understand, wherein:
Fig. 1 is the flow chart of the safe login method for Mobile solution according to embodiments of the present invention;
Fig. 2 is the schematic flow sheet of encrypted key exchange according to embodiments of the present invention;
Fig. 3 is the schematic flow sheet of secure log according to embodiments of the present invention;
Fig. 4 is the structural representation of the Security Login System for Mobile solution according to embodiments of the present invention;With
Fig. 5 is the structural representation of cloud server according to embodiments of the present invention.
Specific embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from start to finish
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not considered as limiting the invention.
The safe login method for Mobile solution according to embodiments of the present invention is described below with reference to Fig. 1, including it is following
Step:
Step S110:Cloud server is encrypted key agreement with the Mobile solution in mobile terminal, and respectively in cloud
Encryption key is preserved in end server and mobile terminal.
Wherein, the Mobile solution in cloud server and mobile terminal is encrypted key agreement and further includes:
Step S111:Be stored with cloud server and mobile terminal default encryption key.
Step S112:Cloud server when mobile terminal is logged in for the first time, by default encryption key and mobile terminal
It is encrypted key agreement.
Step S120:Cloud server receives the login authentication request that Mobile solution sends, wherein, login authentication request bag
User name and the first encryption string are included, the first encryption string is included by encryption key to the information after user cipher encryption.
Wherein, the first encryption string is also included by encryption key to the information after current time encryption.
Step S130:Cloud server is decrypted to obtain user cipher to the first encryption string according to encryption key.
Step S140:Cloud server carries out login authentication to mobile terminal according to user cipher.
In one embodiment of the invention, also include:
Step S151:Cloud server is decrypted to obtain current time to the first encryption string according to encryption key.
Step S152:Cloud server judges whether effectively according to current time.
Step S153:When cloud server judges invalid, error message is returned to mobile terminal.
This method complete skill is realized illustrating below by taking Fig. 2 and Fig. 3 as an example, it is to be understood that following realizations
Method is merely for example purpose, embodiments in accordance with the present invention not limited to this.
This method includes encrypted key exchange and logs in two subprocess.
First, cloud server is encrypted key agreement with the Mobile solution in mobile terminal, and takes beyond the clouds respectively
Encryption key is preserved in business device and mobile terminal.
Be stored with cloud server and mobile terminal default encryption key.
When cloud server is logged in for the first time in mobile terminal, it is encrypted by default encryption key and mobile terminal
Key agreement.
Specifically, as shown in Fig. 2 user can also arrange encryption key, comprise the steps:
Step S210:User logs in Mobile solution, into the interface for arranging encryption key.
Step S220:Mobile solution in mobile terminal sends the encryption key of user input to cloud server.
Step S230:Login sessions acquisition of information user account information of the cloud server according to active user.
Step S240:Cloud server is carried out the user encryption key for receiving as a part for user account information
Preserve, and corresponding response message is returned to mobile terminal.
Step S250:The encryption key of user input is cached to respective storage medium by the Mobile solution in mobile terminal
In.
After Mobile solution key agreement preservation in cloud server and mobile terminal, user can be answered by mobile
With being logged in, flow process is as shown in Figure 3.
Step S310:User submits logging request to.
Step S311:Mobile solution reads the encryption key being buffered in mobile terminal respective storage medium.If encryption
Key is not present, then using default default encryption key as encryption key
Step S312:The information such as user cipher and current network time are done symmetrical adding according to encryption key by Mobile solution
It is close, obtain the first encryption string.
Step S313:Mobile solution submits to login authentication request, login authentication request to include user name to cloud server
The information such as string are encrypted with first.
Step S320:Cloud server reads the corresponding user account information of user name from database, wherein, user's account
Decodement and the encryption key for pre-setting that number information includes user.
Step S321:Cloud server judges that user account whether there is.
Step S322_1:If it does not, returning error message.And execution step S330..
Step S330:Mobile solution is directed to error message, carries out relative users prompting process, and guiding user re-enters use
Name in an account book, password.
Step S322:If it does, if user does not have predetermined encryption key, cloud server is judged with default acquiescence
Encryption key of the encryption key as user.Wherein, default encryption key and default default encryption key phase on mobile terminal
Together.
Step S323:Cloud server judges to be decrypted the first encryption string according to encryption key, obtains user input
Password and mobile terminal provide network time value.
Step S324:The user cipher for obtaining is decrypted in cloud server checking
It is no identical.
Step S325_1:If it is different, cloud server returns error message.Skip to step S330.
Step S325:If identical, cloud server current time judges whether effectively.Specifically, cloud server inspection
The difference for decrypting the network time and present system time stamp for obtaining is looked into whether in default threshold values, if in threshold values is
Effectively.
Step S326_1:If it is determined that invalid, cloud server returns error message.Skip to step S330.
Step S327:If effectively, cloud server generates the login sessions letter of user according to the user account information
Cease and be returned to mobile terminal.
Step S340:Mobile solution in mobile terminal receives login sessions information, completes the respective handling after logging in.
Wherein, current network time can be obtained from network time server by Network Time Protocol by mobile terminal, it is also possible to
Returned with content of pages together when User logs in interface is returned to by cloud server, or can sent by mobile terminal
Before logging request bag, obtained by the network interaction with cloud server.Present system time stamp acquired in cloud server
Typically with network time synchronization.
Further, since when logging in every time, all containing timestamp, and the timestamp in password encryption string content only certain
In time, i.e., in the configurable scope of time interval length effectively, so Replay Attack can be prevented to a certain extent.Even if
It is played out also being difficult to the verification by cloud server, so as to cannot Successful login.Also, due to the encryption key of each user
It is all different, even if hacker obtains AES by reverse-engineering, also the password encryption string that packet capturing is obtained cannot be decrypted
Obtain the password of user.Further, even if hacker has known AES, and by other means obtain the close of user
Code, as long as he cannot obtain the encryption key of user, also cannot login user account.In theory, encryption key only have user,
The mobile terminal and cloud server of user could be obtained.Therefore, security of the invention is relatively very high.
Safe login method for Mobile solution according to embodiments of the present invention, based on user-defined encryption key
Carry out secure log so that request is sent using http agreements it is also ensured that the safety of login system on Mobile solution
Property, protect privacy of user.
The Security Login System 100 for Mobile solution according to embodiments of the present invention is described below with reference to Fig. 4, including shifting
Dynamic terminal 110 and cloud server 120, wherein, preserved in cloud server 120 and mobile terminal 1 10 respectively after consulting
Encryption key, wherein,
Mobile terminal 1 10 is asked for sending login authentication to cloud server 120, wherein, login authentication request includes
User name and the first encryption string, the first encryption string are included by encryption key to the information after user cipher encryption;Cloud service
Device 120 is decrypted to obtain user cipher, and according to user cipher to movement for encrypting string to first according to encryption key
Terminal 110 carries out login authentication.
First encryption string is also included by encryption key to the information after current time encryption.
Cloud server 120 is additionally operable to be decrypted to obtain current time the first encryption string according to encryption key, and
Judge whether effectively, and when judging invalid, to return error message to mobile terminal 1 10 according to current time.
Be stored with cloud server 120 and mobile terminal 1 10 default encryption key, and cloud server 120 is mobile whole
When end 110 logs in for the first time, key agreement is encrypted by default encryption key and mobile terminal 1 10.
Below the system complete skill is realized illustrating, it is to be understood that following implementation methods are merely for example
Purpose, embodiments in accordance with the present invention not limited to this.
The system includes encrypted key exchange and logs in two subprocess.
First, cloud server 120 is encrypted key agreement with the Mobile solution in mobile terminal 1 10, and exists respectively
Encryption key is preserved in cloud server 120 and mobile terminal 1 10.
Be stored with cloud server 120 and mobile terminal 1 10 default encryption key.
When cloud server 120 is logged in for the first time in mobile terminal 1 10, by default encryption key and mobile terminal
110 are encrypted key agreement.
Specifically, user can also arrange encryption key, including:User logs in Mobile solution, into setting encryption key
Interface;Mobile solution in mobile terminal 1 10 sends the encryption key of user input to cloud server 120;High in the clouds takes
Login sessions acquisition of information user account information of the business device 120 according to active user;Cloud server 120 is by the user for receiving
Encryption key is preserved as a part for user account information, and returns corresponding response message to mobile terminal 1 10;Move
Mobile solution in dynamic terminal 110 is cached to the encryption key of user input in respective storage medium.
After Mobile solution key agreement preservation in cloud server 120 and mobile terminal 1 10, user can pass through
Mobile solution is logged in, including:
Step S410:User submits logging request to.Mobile solution reads and is buffered in 10 respective storage medium of mobile terminal 1
Encryption key.If encryption key is not present, using default default encryption key as encryption key.Mobile solution according to
The information such as user cipher and current network time are done symmetric cryptography by encryption key, obtain the first encryption string.Mobile solution is to cloud
End server 120 submits to login authentication request, login authentication request to include the information such as user name and the first encryption string.
Step S420:Cloud server 120 reads the corresponding user account information of user name from database, wherein, use
Decodement and the encryption key for pre-setting that family account information includes user.
Step S421:Cloud server 120 judges that user account whether there is.
Step S422:If it does, if user does not have predetermined encryption key, cloud server 120 is judged with default
Encryption key of the default encryption key as user.Wherein, default encryption key and default default encryption in mobile terminal 1 10
Key is identical.
Step S422_1:If it does not, returning error message.And execution step S430..
Step S430:Mobile solution is directed to error message, carries out relative users prompting process, and guiding user re-enters use
Name in an account book, password.
Step S423:Cloud server 120 judges to be decrypted the first encryption string according to encryption key, obtains user defeated
The network time value that the password for entering and mobile terminal 1 10 are provided.User cipher and use that the checking decryption of cloud server 120 is obtained
Whether the decodement in the account information of family is identical.
Step S424_1:If it is different, cloud server 120 returns error message.Skip to step S430.
Step S424:If identical, 120 current time of cloud server judges whether effectively.Specifically, cloud server
120 check the difference for decrypting the network time and present system time stamp for obtaining whether in default threshold values, if in threshold values
It is then inside effective.
Step S425_1:If it is determined that invalid, cloud server 120 returns error message.Skip to step S330.
Step S425:If effectively, cloud server 120 generates the login sessions of user according to the user account information
Information is simultaneously returned to mobile terminal 1 10.
Step S440:Mobile solution in mobile terminal 1 10 receives login sessions information, completes the corresponding position after logging in
Reason.
Wherein, current network time can be obtained from network time server by Network Time Protocol by mobile terminal 1 10,
Can be returned with content of pages together when User logs in interface is returned to by cloud server 120, or can be by mobile whole
End 110 is obtained by the network interaction with cloud server 120 before logging request bag is sent.Acquired in cloud server 120
Present system time stamp typically with network time synchronization.
Further, since when logging in every time, all containing timestamp, and the timestamp in password encryption string content only certain
In time, i.e., in the configurable scope of time interval length effectively, so Replay Attack can be prevented to a certain extent.Even if
It is played out also being difficult to the verification by cloud server 120, so as to cannot Successful login.Also, due to the encryption of each user
Key is all different, even if hacker obtains AES by reverse-engineering, also the password encryption string that packet capturing is obtained cannot be carried out
Decryption obtains the password of user.Further, even if hacker has known AES, and by other means obtain user's
Password, as long as he cannot obtain the encryption key of user, also cannot login user account.In theory, encryption key is only used
Family, the mobile terminal 1 10 of user and cloud server 120 could be obtained.Therefore, security of the invention is relatively very high.
Security Login System for Mobile solution according to embodiments of the present invention, based on user-defined encryption key
Carry out secure log so that request is sent using http agreements it is also ensured that the safety of login system on Mobile solution
Property, protect privacy of user.
Cloud server 200 according to embodiments of the present invention is described below with reference to Fig. 5, in cloud server and mobile terminal
The encryption key after consulting is preserved respectively, wherein, cloud server 200 includes login authentication request receiving module 210, decryption
Module 220 and login authentication module 230.
Wherein, login authentication request receiving module 210 is used for the login authentication request for receiving Mobile solution transmission, wherein,
Login authentication request includes user name and the first encryption string, and the first encryption string is included after encryption key is to user cipher encryption
Information;Deciphering module 220 is decrypted to obtain user cipher for encrypting string to first according to encryption key;Login authentication
Module 230 is for carrying out login authentication to mobile terminal according to user cipher.
Wherein, the first encryption string is also included by encryption key to the information after current time encryption.
Deciphering module 220 is decrypted to obtain current time to the first encryption string according to encryption key.
Login authentication module 230 judges whether effectively according to current time, when cloud server judges invalid, to movement
Terminal returns error message.
Be stored with cloud server and mobile terminal default encryption key, and cloud server is stepped on for the first time in mobile terminal
During record, key agreement is encrypted by default encryption key and mobile terminal.
Below the complete skill of this cloud server is realized illustrating, it is to be understood that it is following realize merely for
Example purpose, embodiments in accordance with the present invention not limited to this.
This cloud server participates in encrypted key exchange in the technical program and logs in two subprocess.
First, cloud server is encrypted key agreement with the Mobile solution in mobile terminal, and takes beyond the clouds respectively
Encryption key is preserved in business device and mobile terminal.
Be stored with cloud server and mobile terminal default encryption key.
When cloud server is logged in for the first time in mobile terminal, it is encrypted by default encryption key and mobile terminal
Key agreement.
User can also arrange encryption key, including:User logs in Mobile solution, into the interface for arranging encryption key;
Mobile solution in mobile terminal sends the encryption key of user input to cloud server;Cloud server is according to current use
The login sessions acquisition of information user account information at family;Cloud server is using the user encryption key for receiving as user account
A part for information is preserved, and returns corresponding response message to mobile terminal:Mobile solution in mobile terminal will be used
The encryption key of family input is cached in respective storage medium.
After Mobile solution key agreement preservation in cloud server and mobile terminal, user can be answered by mobile
With being logged in, including:
User submits logging request to.Mobile solution reads the encryption key being buffered in mobile terminal respective storage medium.
If encryption key is not present, using default default encryption key as encryption key.Mobile solution will according to encryption key
The information such as user cipher and current network time does symmetric cryptography, obtains the first encryption string.Mobile solution is carried to cloud server
Login authentication request, login authentication request is handed over to include the information such as user name and the first encryption string.
Login authentication request receiving module 210 receives the login authentication request that Mobile solution sends.Cloud server 200 from
The corresponding user account information of user name is read in database, wherein, user account information includes the decodement of user and pre-
The encryption key for first arranging.Cloud server 200 judges that user account whether there is.If it does not, returning error message.Such as
Fruit is present, if user does not have predetermined encryption key, using default default encryption key as the encryption key of user.Wherein,
Default encryption key is identical with default default encryption key on mobile terminal.
Deciphering module 220 is decrypted to the first encryption string according to encryption key, obtains password and the movement of user input
The network time value that terminal is provided.
Login authentication module 230 judges to decrypt decodement in the user cipher that obtains and user account information whether phase
Together.If it is different, login authentication module 230 returns error message.If identical, login authentication module 230 judges current time
Judge whether effectively.Specifically, login authentication module 230 checks the difference for decrypting the network time and present system time stamp for obtaining
Whether value, in default threshold values, is effective if in threshold values.If it is determined that invalid, login authentication module 230 returns mistake
False information.If effectively, login authentication module 230 generates the login sessions information of user according to the user account information and incites somebody to action
Which returns to mobile terminal.
Mobile solution in mobile terminal receives login sessions information, completes the respective handling after logging in.Mobile solution pin
To error message, relative users prompting process is carried out, guiding user re-enters user name, password.
Wherein, current network time can be obtained from network time server by Network Time Protocol by mobile terminal, it is also possible to
Returned with content of pages together when User logs in interface is returned to by cloud server, or can sent by mobile terminal
Before logging request bag, obtained by the network interaction with cloud server.Present system time stamp acquired in cloud server
Typically with network time synchronization.
Further, since when logging in every time, all containing timestamp, and the timestamp in password encryption string content only certain
In time, i.e., in the configurable scope of time interval length effectively, so Replay Attack can be prevented to a certain extent.Even if
It is played out also being difficult to the verification by cloud server, so as to cannot Successful login.Also, due to the encryption key of each user
It is all different, even if hacker obtains AES by reverse-engineering, also the password encryption string that packet capturing is obtained cannot be decrypted
Obtain the password of user.Further, even if hacker has known AES, and by other means obtain the close of user
Code, as long as he cannot obtain the encryption key of user, also cannot login user account.In theory, encryption key only have user,
The mobile terminal and cloud server of user could be obtained.Therefore, security of the invention is relatively very high.
Cloud server according to embodiments of the present invention, carries out secure log based on user-defined encryption key, makes
Http agreements must be adopted to send request it is also ensured that the security of login system on Mobile solution, protects user hidden
It is private.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
Example ", or the description of " some examples " etc. mean specific features with reference to the embodiment or example description, structure, material or spy
Point is contained at least one embodiment or example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Identical embodiment or example are referred to necessarily.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
Understanding can carry out various changes, modification, replacement to these embodiments without departing from the principles and spirit of the present invention
And modification, the scope of the present invention is by claims and its is equal to limit.
Claims (10)
1. a kind of safe login method for Mobile solution, it is characterised in that comprise the following steps:
Mobile solution in cloud server and mobile terminal is encrypted key agreement, and respectively in the cloud server and
Encryption key is preserved in mobile terminal, wherein in Mobile solution described in User logs in, into the boundary for arranging the encryption key
Face, the mobile terminal receive the encryption key that the user is input in the interface, and by the encryption key send to
The cloud server, login sessions acquisition of information user account information of the cloud server according to the user are described
The encryption key for receiving is preserved by cloud server as a part for the user account information, and returns phase
The encryption key is cached to phase to the mobile terminal, the Mobile solution in the mobile terminal by the response message answered
In answering storage medium;
The cloud server receives the login authentication request that the Mobile solution sends, wherein, the login authentication request bag
User name and the first encryption string are included, the first encryption string is included by the encryption key to the letter after user cipher encryption
Breath;
The cloud server is decrypted to obtain the user cipher to the described first encryption string according to the encryption key;
And
The cloud server carries out login authentication to the mobile terminal according to the user cipher.
2. the method for claim 1, it is characterised in that the first encryption string is also included by the encryption key pair
Information after current time encryption.
3. method as claimed in claim 2, it is characterised in that also include:
The cloud server is decrypted to obtain the current time to the described first encryption string according to the encryption key;
And
The cloud server judges whether effectively according to the current time;
When the cloud server judges invalid, error message is returned to the mobile terminal.
4. a kind of Security Login System for Mobile solution, it is characterised in that including mobile terminal and cloud server, its
In, in Mobile solution described in User logs in, into the interface for arranging encryption key, the mobile terminal receives the user and exists
The encryption key being input in the interface, and the encryption key is sent to the cloud server, the cloud server
According to the login sessions acquisition of information user account information of the user, the cloud server will be the encryption for receiving close
Key is preserved as a part for the user account information, and returns corresponding response message to the mobile terminal, institute
The Mobile solution stated in mobile terminal is cached to the encryption key in respective storage medium, wherein,
The mobile terminal, for sending login authentication request to the cloud server, wherein, the login authentication request bag
User name and the first encryption string are included, the first encryption string is included by the encryption key to the letter after user cipher encryption
Breath;
The cloud server, for being decrypted to obtain the user to the described first encryption string according to the encryption key
Password, and login authentication is carried out to the mobile terminal according to the user cipher.
5. Security Login System as claimed in claim 4, it is characterised in that the first encryption string also include by described plus
Key is to the information after current time encryption.
6. Security Login System as claimed in claim 5, it is characterised in that the cloud server, is additionally operable to according to described
Encryption key is decrypted to the described first encryption string to obtain the current time, and is judged whether according to the current time
Effectively, and when judging invalid, error message is returned to the mobile terminal.
7. a kind of cloud server, it is characterised in that in User logs in Mobile solution, into the interface for arranging encryption key,
Mobile terminal receives the encryption key that the user is input in the interface, and the encryption key is sent to cloud service
Device, login sessions acquisition of information user account information of the cloud server according to the user, the cloud server will
The encryption key for receiving is preserved as a part for the user account information, and returns corresponding response message
To the mobile terminal, the encryption key is cached to respective storage medium by the Mobile solution in the mobile terminal
In, wherein, the cloud server includes:
Login authentication request receiving module, for receiving the login authentication request that the Mobile solution sends, wherein, the login
Checking request includes user name and the first encryption string, and the first encryption string includes adding user cipher by the encryption key
Information after close;
Deciphering module, for being decrypted to obtain the user cipher to the described first encryption string according to the encryption key;
And
Login authentication module, for carrying out login authentication to the mobile terminal according to the user cipher.
8. cloud server as claimed in claim 7, it is characterised in that the first encryption string is also included by the encryption
Key is to the information after current time encryption.
9. cloud server as claimed in claim 8, it is characterised in that the deciphering module is according to the encryption key to institute
State the first encryption string to be decrypted to obtain the current time.
10. cloud server as claimed in claim 9, it is characterised in that the login authentication module according to it is described current when
Between judge whether effectively, when the cloud server judges invalid, to mobile terminal return error message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310376242.6A CN103428221B (en) | 2013-08-26 | 2013-08-26 | Safe login method, system and device to Mobile solution |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310376242.6A CN103428221B (en) | 2013-08-26 | 2013-08-26 | Safe login method, system and device to Mobile solution |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428221A CN103428221A (en) | 2013-12-04 |
| CN103428221B true CN103428221B (en) | 2017-04-05 |
Family
ID=49652397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310376242.6A Active CN103428221B (en) | 2013-08-26 | 2013-08-26 | Safe login method, system and device to Mobile solution |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103428221B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105338525B (en) * | 2014-05-29 | 2019-02-15 | 广州爱九游信息技术有限公司 | Log in access processing method, apparatus and system |
| CN105142139B (en) * | 2014-05-30 | 2019-02-12 | 北京奇虎科技有限公司 | The acquisition methods and device of verification information |
| CN104767766B (en) * | 2015-05-08 | 2018-03-27 | 广州视源电子科技股份有限公司 | A kind of Web Service interfaces verification method, Web Service servers, client |
| TWI540456B (en) * | 2015-07-15 | 2016-07-01 | 緯創資通股份有限公司 | Methods for securing an account-management application and apparatuses using the same |
| CN106375267A (en) * | 2015-07-22 | 2017-02-01 | 无锡天脉聚源传媒科技有限公司 | Account login method and apparatus |
| CN108092937B (en) * | 2016-11-23 | 2021-04-20 | 厦门雅迅网络股份有限公司 | Method and system for preventing unauthorized access of Web system |
| CN108075880A (en) * | 2017-11-28 | 2018-05-25 | 珠海金山网络游戏科技有限公司 | A kind of network game server logs in security system and method |
| CN108737087B (en) * | 2018-04-17 | 2021-04-27 | 厦门市美亚柏科信息股份有限公司 | Protection method for mailbox account password and computer readable storage medium |
| CN112771826B (en) * | 2018-11-05 | 2023-01-10 | 深圳市欢太科技有限公司 | Application program login method, application program login device and mobile terminal |
| CN109889763B (en) * | 2019-03-20 | 2020-12-25 | 苏州科达科技股份有限公司 | Call establishment method, device and storage medium of conference television system |
| CN110445768B (en) * | 2019-07-18 | 2021-11-09 | 创新先进技术有限公司 | Login method and device and electronic equipment |
| CN110971593B (en) * | 2019-11-19 | 2022-04-08 | 许昌许继软件技术有限公司 | Database secure network access method |
| CN111181952A (en) * | 2019-12-26 | 2020-05-19 | 紫光云(南京)数字技术有限公司 | Password protection method and device of mobile application program and computer storage medium |
| CN111193740B (en) * | 2019-12-31 | 2023-03-14 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
| CN113651326A (en) * | 2021-08-31 | 2021-11-16 | 重庆长风化学工业有限公司 | Platform system for generating phosgene |
| CN113656790A (en) * | 2021-08-31 | 2021-11-16 | 重庆长风化学工业有限公司 | Control method for generating phosgene platform system |
| CN113672011A (en) * | 2021-08-31 | 2021-11-19 | 重庆长风化学工业有限公司 | Safe phosgene control method for system cloud platform |
| CN114900338B (en) * | 2022-04-20 | 2023-07-21 | 岚图汽车科技有限公司 | Encryption and decryption method, device, equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197677A (en) * | 2007-12-27 | 2008-06-11 | 腾讯科技(深圳)有限公司 | Internet product login method and apparatus supporting extra parameter login |
| CN102118392A (en) * | 2011-01-18 | 2011-07-06 | 南京朗睿软件科技有限公司 | Encryption/decryption method and system for data transmission |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN102882858A (en) * | 2012-09-13 | 2013-01-16 | 江苏乐买到网络科技有限公司 | External data transmission method for cloud computing system |
| CN103152401A (en) * | 2013-02-07 | 2013-06-12 | 百度在线网络技术(北京)有限公司 | Mobile terminal, login method and system through mobile terminal, and cloud server |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001011817A2 (en) * | 1999-08-06 | 2001-02-15 | Sarnoff Corporation | Network user authentication protocol |
| US20020178366A1 (en) * | 2001-05-24 | 2002-11-28 | Amiran Ofir | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server |
| CN101594233B (en) * | 2009-06-26 | 2012-01-04 | 成都市华为赛门铁克科技有限公司 | Method for uploading information, method for receiving information, equipment and communication system |
-
2013
- 2013-08-26 CN CN201310376242.6A patent/CN103428221B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197677A (en) * | 2007-12-27 | 2008-06-11 | 腾讯科技(深圳)有限公司 | Internet product login method and apparatus supporting extra parameter login |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN102118392A (en) * | 2011-01-18 | 2011-07-06 | 南京朗睿软件科技有限公司 | Encryption/decryption method and system for data transmission |
| CN102882858A (en) * | 2012-09-13 | 2013-01-16 | 江苏乐买到网络科技有限公司 | External data transmission method for cloud computing system |
| CN103152401A (en) * | 2013-02-07 | 2013-06-12 | 百度在线网络技术(北京)有限公司 | Mobile terminal, login method and system through mobile terminal, and cloud server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103428221A (en) | 2013-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103428221B (en) | Safe login method, system and device to Mobile solution | |
| US8763097B2 (en) | System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication | |
| CN104702611B (en) | A kind of device and method for protecting Secure Socket Layer session key | |
| US9935925B2 (en) | Method for establishing a cryptographically protected communication channel | |
| CN102082796B (en) | Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol) | |
| CN105721502A (en) | Authorized access method for browser client and server | |
| US7689211B2 (en) | Secure login method for establishing a wireless local area network connection, and wireless local area network system | |
| US11736304B2 (en) | Secure authentication of remote equipment | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| US9444807B2 (en) | Secure non-geospatially derived device presence information | |
| CN103391292A (en) | Mobile-application-oriented safe login method, system and device | |
| CN102638459A (en) | Authentication information transmission system, authentication information transmission service platform and authentication information transmission method | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| Nyamtiga et al. | Enhanced security model for mobile banking systems in Tanzania | |
| CN103327034A (en) | Safe login method, system and device | |
| CN104243452B (en) | A kind of cloud computing access control method and system | |
| CN102404337A (en) | Data encryption method and device | |
| CN106657085A (en) | Data processing method and device and encryption device | |
| CN104168565A (en) | Method for controlling safe communication of intelligent terminal under undependable wireless network environment | |
| KR101541165B1 (en) | Mobile message encryption method, computer readable recording medium recording program performing the method and download server storing the method | |
| Zhang et al. | Is Today's End-to-End Communication Security Enough for 5G and Its Beyond? | |
| Fahl et al. | Trustsplit: usable confidentiality for social network messaging | |
| JP2014527786A (en) | Communication system for authentication by fingerprint information and use thereof | |
| CN104243291A (en) | Instant messaging method and system thereof capable of guaranteeing safety of user communication content | |
| CN108701195B (en) | Data security protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |