CN106685940B - Password processing method and server - Google Patents
Password processing method and server Download PDFInfo
- Publication number
- CN106685940B CN106685940B CN201611177914.0A CN201611177914A CN106685940B CN 106685940 B CN106685940 B CN 106685940B CN 201611177914 A CN201611177914 A CN 201611177914A CN 106685940 B CN106685940 B CN 106685940B
- Authority
- CN
- China
- Prior art keywords
- password
- input
- frequency
- determining
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention discloses a password processing method, which presets a reference corresponding to an input time interval, and acquires password characteristics from an input password after receiving a network protocol message encapsulated with the input password; determining that the input password is correct when the password information is correct and the frequency information is within the reference. The invention uses the input frequency information as a basis for judging whether the password is correct or not, so that the judgment condition is increased in the password verification process, and the verification dimensionality is increased, thereby improving the safety and reliability of the password verification without increasing the password difficulty and strength, and further improving the safety and reliability of the system and the user experience. The invention also discloses a server.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method for processing a password. The invention also relates to a server.
Background
At present, an IPC (IP CAMERA, webcam) is a new generation CAMERA generated by combining a traditional CAMERA and a network technology, and is formed by combining a network coding module and an analog CAMERA, wherein the network coding module codes and compresses analog video signals acquired by the analog CAMERA into digital signals, so that the digital signals can be directly accessed to network switching and routing equipment, and an embedded chip is also arranged in the webcam and an embedded real-time operating system is adopted.
The video signal transmitted by IPC is compressed by the high-efficiency compression chip after being digitalized and then transmitted to the Web server through the network bus. Users on the network can directly watch the camera image on the Web server by using the browser, and authorized users can also control the action of a camera holder lens or operate system configuration. The network camera can simply realize monitoring, particularly remote monitoring, simpler construction and maintenance, better audio support, better alarm linkage support, more flexible video storage, richer product selection, higher definition video effect and more perfect monitoring management. In addition, IPC generally supports the standard protocols ONVIF and GB protocols.
Controls (Controls) are encapsulation of data and methods. The control may have its own properties and methods. Properties are simple visitors of control data, and methods are some simple and visible functions of the control.
A Keyboard (Keyboard) is a command and data input device used to operate equipment, and also refers to a set of function keys (e.g., typewriter, computer Keyboard) arranged to operate a machine or equipment through a system. The keyboard is the most common and main input device, and english letters, numbers, punctuations and the like can be input into the computer through the keyboard, so as to send commands, input data and the like to the computer.
C/S architecture (Client/Server, Server/Client architecture), i.e., Client and Server architecture. The software system architecture can fully utilize the advantages of hardware environments at two ends, and reasonably distributes tasks to a Client end and a Server end to realize the task, thereby reducing the communication overhead of the system. At present, most application software systems are of a two-layer structure in a Client/Server form, and because the existing software application systems are developing to distributed Web applications, the Web and the Client/Server applications can perform the same service processing, and different modules are applied to share a logic component; thus, both internal and external users can access new and existing application systems, and the new application system can be extended through logic in the existing application system.
B/S architecture (Browser/Server, Browser/Server mode), i.e., Browser and Server architecture. It is a kind of structure which changes or improves the C/S structure with the rise of Internet technology. Under the structure, the user work interface is realized by a WWW Browser, a few parts of business logic are realized at a front end (Browser), but the main business logic is realized at a Server end (Server), and a three-layer 3-tier structure is formed. The B/S structure is a network structure mode after WEB is started, and a WEB browser is the most main application software of a client.
HTTP (HyperText Transfer Protocol) is the most widely used network Protocol on the internet, and all WWW files must comply with this standard. As an object-oriented communication protocol belonging to the application layer, it allows to pass HTML documents from a WEB server to a browser of a client.
In the process of implementing the present invention, the inventor of the present application finds that in the existing monitoring scheme, most login passwords of the system are unified, for example, unified to admin, and if an illegal user decrypts the password, most IPC configurations can be modified at will, monitoring information is stolen, and illegal operations are performed by using the information. If the password intensity and difficulty are simply increased and a more complex password is set, the usability can be reduced, and the problem of password leakage caused by hacker attack cannot be solved, so that the user experience is greatly influenced.
Therefore, how to improve the existing password verification scheme is important to improve the security and reliability of password verification without increasing the password difficulty and strength, so as to improve the security and reliability of the system and the user experience.
Disclosure of Invention
The embodiment of the invention provides a password processing method and a server, which are used for solving the problem of poor safety and reliability of password verification in the prior art, and the input frequency information is also used as a basis for judging whether the password is correct or not, so that the judgment condition is increased in the password verification process, the verification dimensionality is increased, the safety and reliability of the password verification can be improved under the condition of not increasing the password difficulty and strength, and the safety and reliability of a system and the user experience are improved.
In order to achieve the above object, the present invention provides a cryptographic processing method, in which a reference corresponding to an input time interval is preset, the method comprising:
after receiving a network protocol message packaged with an input password, acquiring password characteristics from the input password, wherein the password characteristics comprise password information and frequency information;
determining that the input password is correct when the password information is correct and the frequency information is within the reference.
In some embodiments, before receiving the network protocol packet encapsulated with the input password, the present invention further includes:
recording and counting frequency information of the passwords input for many times, wherein the frequency information is a time interval of inputting the passwords;
and determining the average frequency of the frequency information by using a learning method, and determining the reference according to the average frequency.
In some embodiments, the determining the reference according to the average frequency specifically includes:
determining a floating threshold value of the frequency information by utilizing fluctuation variance;
after determining the average frequency, determining the baseline based on the average frequency and the floating threshold.
In some embodiments, the determining that the input password is correct includes:
after the password information in the password feature passes verification, verifying whether the frequency information in the password feature is within the reference or not;
and when the frequency information passes the verification, determining that the input password is correct.
In some embodiments, the invention further comprises:
and when judging whether the password information is correct and/or whether the frequency information is within the reference, if not, prohibiting the access of the current IP address, and returning an indication that the frequency is out of limit.
In addition, the present invention also provides a server including the above password processing method, including:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for acquiring password characteristics from an input password after receiving a network protocol message packaged with the input password, and the password characteristics comprise password information and frequency information;
a first determining module, configured to determine that the input password is correct when the password information is correct and the frequency information is within the reference.
In some embodiments, the present invention further comprises a second determining module for:
recording and counting frequency information of the passwords input for many times, wherein the frequency information is a time interval of inputting the passwords;
and determining the average frequency of the frequency information by using a learning method, and determining the reference according to the average frequency.
In some embodiments, the second determining module of the present invention determines the reference according to the average frequency, specifically:
determining a floating threshold value of the frequency information by utilizing fluctuation variance;
after determining the average frequency, determining the baseline based on the average frequency and the floating threshold.
In some embodiments, the determining, by the first determining module, that the input password is correct specifically includes:
after the password information in the password feature passes verification, verifying whether the frequency information in the password feature is within the reference or not;
and when the frequency information passes the verification, determining that the input password is correct.
In some embodiments, the first determining module of the present invention is further configured to:
and when judging whether the password information is correct and/or whether the frequency information is within the reference, if not, prohibiting the access of the current IP address, and returning an indication that the frequency is out of limit.
Compared with the prior art, the technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the invention discloses a password processing method and a server, wherein a reference corresponding to an input time interval is preset, and after a network protocol message encapsulating an input password is received, password characteristics are obtained from the input password; determining that the input password is correct when the password information is correct and the frequency information is within the reference. The invention uses the input frequency information as a basis for judging whether the password is correct or not, so that the judgment condition is increased in the password verification process, and the verification dimensionality is increased, thereby improving the safety and reliability of the password verification without increasing the password difficulty and strength, and further improving the safety and reliability of the system and the user experience.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a cryptographic processing method according to the present invention;
fig. 2 is a flowchart illustrating a cryptographic processing method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of determining a reference in a specific application scenario according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of determining whether a password is correct in a specific application scenario according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
As described in the background of the present invention, in the prior art, most initialization settings of passwords are consistent and simple, so if the security and reliability of password authentication needs to be improved, the strength and difficulty of password settings need to be improved, which reduces the usability of the password authentication, and in addition, the existing password authentication schemes are all aimed at verifying whether the password combination itself is correct, which still cannot eliminate the problem of password leakage caused by hacking, thereby resulting in the problems of reduced security and reliability of the system and poor user experience.
In view of the above problems in the prior art, the present application provides a password processing method, which records the password input frequency of the user, that is, the time interval of the password input, and uses the input frequency information as a basis for determining whether the password is correct, so as to increase the determination condition in the password verification process and increase the verification dimension, thereby improving the security and reliability of the password verification without increasing the password difficulty and strength, and further improving the security and reliability of the system and the user experience.
Based on the above inventive concept, before the specific steps of the scheme are executed, it is necessary to record and learn according to the input frequency characteristics of the user when inputting the password many times, to obtain a reference containing the frequency information of the password input by the user, and then to judge whether the password input by the user is correct by comparing with the reference.
As shown in fig. 1, a schematic flow chart of a cryptographic processing method proposed by the present invention is shown:
step S101, after receiving the network protocol message packaged with the input password, obtaining password characteristics from the input password.
As described in the background art, in the prior art, the problems of poor security and reliability of the system and poor user experience are caused due to the simple password setting and password verification method, and how to improve the password verification method on the premise of not improving the setting strength and difficulty of the password is considered in the present invention. The password and the time interval of password input are combined together to form password characteristics which serve as conditions for judging whether the password is correct or not, and password verification dimensionality is increased, so that the safety and reliability of password verification are improved under the condition that the password difficulty and strength are not increased, and the purposes of improving the safety and reliability of a system and user experience are further achieved.
In the embodiment of the present application, the password combination itself and the input frequency are encapsulated in the network protocol message, and after the server receives the message, the server obtains the password feature from the message, that is, obtains the password feature including the password information and the frequency information.
In some specific application scenarios, the network protocol message may be an HTTP message, an HTTPs message, or other network protocol messages capable of encapsulating the cryptographic characteristics, and the specific type of message to be used for encapsulation may be determined according to actual requirements, without affecting the protection scope of the present application.
Specifically, before receiving the network protocol packet encapsulating the input password, it is further required to count time interval information of the user when inputting the password, that is, frequency information of the input password, and generate a reference according to the frequency information, so that a subsequent comparison and judgment can be performed with the reference when receiving a new input password, where the process of specifically generating the reference is as follows: recording password characteristics of the password input for multiple times; counting frequency information in the password characteristics, wherein the frequency information is a time interval for inputting the password; and determining the average frequency of the frequency information by using a learning method, and determining a reference according to the average frequency. Therefore, the reference is determined by counting the frequency information recorded for a plurality of times, and the reference is obtained by counting after the same user inputs the passwords for a plurality of times, so that the reference is consistent with the time interval of inputting the passwords by the user, and when the illegal user inputs the same passwords, the time interval of inputting the passwords by the illegal user is inconsistent with the time interval of inputting the passwords by the user in the reference, so that the password input by the illegal user is determined to be incorrect.
Based on the above explanation about generating the reference, the reference is determined by the average frequency, therefore, the reference is composed of a plurality of determined values, in some specific implementation scenarios, since the time interval of each password input by the user may be fluctuated, that is, the input frequency is fluctuated, it is necessary to determine the fluctuation threshold of the frequency information by using the fluctuation variance; after the average frequency is determined, a reference is determined according to the average frequency and a floating threshold value, so that the floating threshold value is determined through the time interval of inputting the password each time, namely, a range threshold value which floats up and down is determined, then a reference which floats up and down is determined according to the average frequency and the floating threshold value, and therefore, when the frequency information input by a user is within the floating range of the reference, the input password is determined to be correct.
It should be noted that, in the preferred embodiment of the present invention, the frequency information is stored as a reference, but it is needless to say that the frequency information may be stored according to a specific use scenario, for example, a database, a reference table, or the like may be generated according to the frequency information, and all of them are within the scope of the present application.
In some implementation scenarios, a threshold for determining the number of times of password errors may be further set, and when determining whether the password information is correct and/or whether the frequency information is within the reference, if it is determined that the number of times exceeds the preset threshold, access to the current IP address is prohibited, and an indication that the number of times exceeds the limit is returned.
It should be noted that, whether the specific numerical value basis or the basis with the floating range is adopted as the reference standard, whether the input password is correct or not can be judged by comparing the frequency information with the reference standard, and the changes are all within the scope of the present application.
And step S102, when the password information is correct and the frequency information is in the reference, determining that the input password is correct.
This step is intended to perform password authentication by the acquired password characteristics, thereby determining whether the input password is correct. The following three cases are classified in the process of password authentication:
and in case one, the frequency information is verified, and when the frequency information is consistent with the reference or within the floating range of the reference, the password information is verified.
And in the second situation, the password information and the frequency information are simultaneously verified, and the password is determined to be correct after the password information and the frequency information are verified.
And thirdly, verifying the password information, verifying the frequency information after the password information is verified, and determining that the password is correct when the frequency information is consistent with the reference or within the floating range of the reference.
In the preferred embodiment of the present invention, a verification method of the third case is adopted, specifically, after the password information in the password feature passes verification, whether the frequency information in the password feature is within the reference is verified; and when the frequency information passes the verification, determining that the input password is correct.
Of course, in a preferred embodiment of the present invention, when determining whether the password information is correct and/or whether the frequency information is within the reference, if determining that the number of times of the determination is no exceeds a preset threshold, the access of the current IP address is prohibited, and an indication that the number of times of the determination exceeds the threshold is returned.
Therefore, compared with the prior art, the technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the invention discloses a password processing method, which presets a reference corresponding to an input time interval, and acquires password characteristics from an input password after receiving a network protocol message encapsulated with the input password; determining that the input password is correct when the password information is correct and the frequency information is within the reference. The invention uses the input frequency information as a basis for judging whether the password is correct or not, so that the judgment condition is increased in the password verification process, and the verification dimensionality is increased, thereby improving the safety and reliability of the password verification without increasing the password difficulty and strength, and further improving the safety and reliability of the system and the user experience.
It should be noted that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solution of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
As described above, in the existing application scenario, on one hand, since the setting of the password is simple, if the security and reliability of the password authentication needs to be improved, the strength and difficulty of the password setting need to be improved, which reduces the usability of the password authentication, and on the other hand, the existing password authentication schemes are all aimed at whether the password combination itself is correctly authenticated, which still cannot eliminate the problem of password leakage caused by hacking, and therefore, the problems existing in the prior art can cause poor security and reliability of the system, and at the same time, the user experience cannot be guaranteed.
In order to solve the above problems, the embodiment of the present invention provides a password processing method as shown in fig. 2, which is an improvement provided for a password authentication method, and the method includes the following steps:
And step 203, judging whether the password input frequency is reasonable or not. After the password is input correctly, the server side verifies the input frequency information reported by the control, if the input frequency is not consistent with the input frequency characteristics stored before, the current login user is considered to be an illegal user, the input frequency is prompted to be inconsistent, and the step 204 is skipped; and if the input frequency is consistent with the input frequency characteristics stored before, the current login user is considered to be a legal user, and the current user is allowed to login the equipment.
And step 204, verifying whether the error times exceed 5 times. The specific number of times of verification is set to 5 in the present invention, but may be set to more or less depending on the requirements of the usage scenario. If the sum of the times of password verification errors and the times of input frequency verification errors does not exceed 5 times, jumping to step 205, and allowing the user to log in again; if the sum of the number of password authentication errors and the number of input frequency authentication errors exceeds 5 times, the equipment is locked, and login is forbidden.
And step 205, prompting the user to input an error when the password is verified incorrectly and the frequency is verified incorrectly and the error is not more than 5 times, and inputting again.
And step 206, verifying the input password again according to the result of re-input in the step 205.
In the present invention, a reference needs to be determined in advance according to a time interval of a password input by a user for multiple times, so as to verify an input frequency with the reference subsequently, specifically, as shown in fig. 3, a flow diagram for determining the reference in a specific application scenario provided in the embodiment of the present invention is shown. It should be noted that the solution of the present invention is applicable to a monitoring system of a B/S architecture and a C/S architecture, and the following describes how to generate the reference in detail by taking the C/S architecture as an example.
1. And (3) starting a control learning recording function, and learning the frequency characteristics of password input of a legal operator, such as: the current device password is Ab123456, the control recording function is started when the control detects that the first character A is input, and the control counts the time interval At1 between two character inputs when the next character b is input on the keyboard and stores the time interval in the learning table. When the third character 1 is input, the time interval At2 from the last input to the current input is recorded, and by analogy, At3, At4, At5, At6 and At7, and after the user inputs the password of 8-bit characters, the control obtains a time table of input frequency.
2. The control prompts the user to repeatedly input the password 5 times or 10 times in the step 1 manner, so that the control collects 5 or 10 groups of data, taking 5 groups of data as an example, the frequency change is shown in table 1:
TABLE 1 frequency variation table
| At1 | At2 | At3 | At4 | At5 | At6 | At7 |
| Bt1 | Bt2 | Bt3 | Bt4 | Bt5 | Bt6 | Bt7 |
| Ct1 | Ct2 | Ct3 | Ct4 | Ct5 | Ct6 | Ct7 |
| Dt1 | Dt2 | Dt3 | Dt4 | Dt5 | Dt6 | Dt7 |
| Et1 | Et2 | Et3 | Et4 | Et5 | Et6 | Et7 |
After the control records the frequency input by the keyboard each time and sends the frequency to the server, the server averages the five groups of data to obtain the average input frequency of △ t1, △ t2, △ t3, △ t4, △ t5, △ t6 and △ t7 of every two characters.
3. After the server takes out the data average value, an upper floating threshold tx and a lower floating threshold tx are set, the floating threshold tx can be determined according to the recorded fluctuation variance of each group of input frequency, and finally, the server takes the value of the average value +/-tx as the reference of the subsequent input frequency judgment, as shown in fig. 2:
TABLE 2 input frequency decision reference
| △t1±tx | △t2±tx | △t3±tx | △t4±tx | △t5±tx | △t6±tx | △t7±tx |
After the reference is determined, when a network protocol message encapsulating an input password is received, the judgment can be performed according to the password itself and the time interval of inputting the password, as shown in fig. 4, a flow diagram for determining whether the password is correct in a specific application scenario provided by the embodiment of the present invention is provided, and in the process of frequency verification, the control is only responsible for collecting the password and the input frequency characteristics input by the current user and sending the contents to the management server. After receiving the information sent by the control, the video management server judges and verifies whether the current login person is a legal login person twice. It should be noted that the solution of the present invention is applicable to a monitoring system of a B/S architecture and a C/S architecture, and the following also takes the C/S architecture as an example to describe the present invention in detail:
1. the user logs in the current equipment, the password is input through a keyboard or an analog keyboard, the control records the current input password and the frequency characteristic when the password is input, and the client encapsulates the password and the input frequency characteristic into an HTTP message and sends the HTTP message to the server. It should be noted that, in the preferred embodiment of the present invention, the password is to be input and encapsulated in the HTTP message, and of course, the password may also be encapsulated in the HTTPs message, and the specific encapsulation mode may be determined according to a specific usage scenario.
2. The server side verifies the correctness of the current input password and the rationality of the input frequency:
1) the server receives the HTTP message, firstly analyzes whether the input password is correct after de-encapsulation, and if not, the server returns to the client to report an error and requires to input again; the re-input times exceed 5 times, the device is locked and is not allowed to log in, and the following frequency verification process is continued when the re-input times do not exceed 5 times.
2) If the input frequency is correct, whether the input frequency is in the frequency range of the reference is continuously analyzed, and if the input frequency is in the frequency range of the reference, the equipment is opened through detection, and login is allowed. If not, returning an error to the client, prompting that the input frequency is not reasonable, prompting to report the error by WEB, re-inputting, and continuing the following frequency verification process if the input frequency is not more than 5 times.
3. Re-inputting, if the number of password error and input frequency error exceeds 5, determining that the current login user is illegal, locking the device to disallow login, limiting the IP access, and disallowing the IP operator to access again
Therefore, compared with the prior art, the technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the invention discloses a password processing method and a server, wherein a reference corresponding to an input time interval is preset, and after a network protocol message encapsulating an input password is received, password characteristics are obtained from the input password; determining that the input password is correct when the password information is correct and the frequency information is within the reference. The invention uses the input frequency information as a basis for judging whether the password is correct or not, so that the judgment condition is increased in the password verification process, and the verification dimensionality is increased, thereby improving the safety and reliability of the password verification without increasing the password difficulty and strength, and further improving the safety and reliability of the system and the user experience.
Based on the same inventive concept as the method, an embodiment of the present application further provides a server, a schematic structural diagram of which is shown in fig. 5, and the server specifically includes:
a receiving module 51, configured to obtain a password feature from an input password after receiving a network protocol packet in which the input password is encapsulated, where the password feature includes password information and frequency information;
a first determining module 52, configured to determine that the input password is correct when the password information is correct and the frequency information is within the reference.
In some embodiments, the present invention further comprises a second determining module for:
recording and counting frequency information of the passwords input for many times, wherein the frequency information is a time interval of inputting the passwords;
and determining the average frequency of the frequency information by using a learning method, and determining the reference according to the average frequency.
In some embodiments, the second determining module of the present invention determines the reference according to the average frequency, specifically:
determining a floating threshold value of the frequency information by utilizing fluctuation variance;
after determining the average frequency, determining the baseline based on the average frequency and the floating threshold.
In some embodiments, the determining module 52 of the present invention determines that the input password is correct, specifically:
after the password information in the password feature passes verification, verifying whether the frequency information in the password feature is within the reference or not;
and when the frequency information passes the verification, determining that the input password is correct.
In some embodiments, the first determining module 52 of the present invention is further configured to:
and when judging whether the password information is correct and/or whether the frequency information is within the reference, if not, prohibiting the access of the current IP address, and returning an indication that the frequency is out of limit.
Therefore, compared with the prior art, the technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the invention discloses a password processing method and a server, wherein a reference corresponding to an input time interval is preset, and after a network protocol message encapsulating an input password is received, password characteristics are obtained from the input password; determining that the input password is correct when the password information is correct and the frequency information is within the reference. The invention uses the input frequency information as a basis for judging whether the password is correct or not, so that the judgment condition is increased in the password verification process, and the verification dimensionality is increased, thereby improving the safety and reliability of the password verification without increasing the password difficulty and strength, and further improving the safety and reliability of the system and the user experience.
In the embodiment of the present invention, each module may be integrated into one body, or may be separately deployed, and the modules are combined into one module, or may be further split into a plurality of sub-modules.
Through the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the embodiment of the present invention may be embodied in the form of a software product, where the software product may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network-side device, etc.) to execute the method described in each embodiment of the present invention.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to implement embodiments of the present invention.
Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The sequence numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the implementation scenarios.
The above disclosure is only a few specific implementation scenarios of the embodiments of the present invention, but the embodiments of the present invention are not limited thereto, and any variations that can be considered by those skilled in the art should fall within the scope of the business limitations of the embodiments of the present invention.
Claims (10)
1. A cryptographic processing method, wherein a reference corresponding to an input time interval is preset, the method comprising:
after receiving a network protocol message packaged with an input password, acquiring password characteristics from the input password, wherein the password characteristics comprise password information and frequency information, and the frequency information is a time interval between characters when the password is input;
determining that the input password is correct when the password information is correct and the frequency information is within the reference.
2. The cryptographic processing method of claim 1, wherein before receiving the network protocol packet encapsulating the input password, further comprising:
recording and counting frequency information of the passwords input for many times;
and determining the average frequency of the frequency information by using a learning method, and determining the reference according to the average frequency.
3. The cryptographic processing method of claim 2, wherein determining the reference based on the average frequency specifically comprises:
determining a floating threshold value of the frequency information by utilizing fluctuation variance;
after determining the average frequency, determining the baseline based on the average frequency and the floating threshold.
4. The method of claim 1, wherein determining that the input password is correct comprises:
after the password information in the password feature passes verification, verifying whether the frequency information in the password feature is within the reference or not;
and when the frequency information passes the verification, determining that the input password is correct.
5. The cryptographic processing method of claim 1 or 4, further comprising:
and when judging whether the password information is correct and/or whether the frequency information is within the reference, if not, prohibiting the access of the current IP address, and returning an indication that the frequency is out of limit.
6. A server for performing the cryptographic processing method of any one of claims 1 to 4, the server comprising:
the system comprises a receiving module, a processing module and a sending module, wherein the receiving module is used for acquiring password characteristics from an input password after receiving a network protocol message packaged with the input password, the password characteristics comprise password information and frequency information, and the frequency information is a time interval between characters when the password is input;
a first determining module, configured to determine that the input password is correct when the password information is correct and the frequency information is within the reference.
7. The server of claim 6, further comprising a second determination module to:
recording and counting frequency information of the passwords input for many times;
and determining the average frequency of the frequency information by using a learning method, and determining the reference according to the average frequency.
8. The server according to claim 7, wherein the second determining module determines the reference according to the average frequency, specifically:
determining a floating threshold value of the frequency information by using the fluctuation variance;
after determining the average frequency, determining the baseline based on the average frequency and the floating threshold.
9. The server according to claim 6, wherein the first determining module determines that the input password is correct, and specifically:
after the password information in the password feature passes verification, verifying whether the frequency information in the password feature is within the reference or not;
and when the frequency information passes the verification, determining that the input password is correct.
10. The server of claim 6 or 9, wherein the first determination module is further to:
and when judging whether the password information is correct and/or whether the frequency information is within the reference, if not, prohibiting the access of the current IP address, and returning an indication that the frequency is out of limit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611177914.0A CN106685940B (en) | 2016-12-19 | 2016-12-19 | Password processing method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611177914.0A CN106685940B (en) | 2016-12-19 | 2016-12-19 | Password processing method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106685940A CN106685940A (en) | 2017-05-17 |
| CN106685940B true CN106685940B (en) | 2020-06-19 |
Family
ID=58869853
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611177914.0A Active CN106685940B (en) | 2016-12-19 | 2016-12-19 | Password processing method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106685940B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395602A (en) * | 2017-07-28 | 2017-11-24 | 济南中维世纪科技有限公司 | The method that monitoring device manages remote connection unit |
| CN108400983A (en) * | 2018-02-23 | 2018-08-14 | 徐州道格信息科技有限公司 | A kind of high security network security controller of computer based on cloud system |
| CN110912858B (en) * | 2018-09-17 | 2021-12-28 | 浙江宇视科技有限公司 | Security monitoring method and device based on friendly password strategy |
| CN109359448B (en) * | 2018-10-16 | 2021-05-07 | 广州伊的家网络科技有限公司 | Internet mobile terminal safety office system |
| CN111447204B (en) * | 2020-03-24 | 2022-11-22 | 深信服科技股份有限公司 | Weak password detection method, device, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103150525A (en) * | 2013-01-31 | 2013-06-12 | 深圳市金立通信设备有限公司 | Password input method and password input terminal |
| CN104618360A (en) * | 2015-01-22 | 2015-05-13 | 盛科网络(苏州)有限公司 | Bypass authentication method and system based on 802.1X protocol |
| CN105260635A (en) * | 2015-08-31 | 2016-01-20 | 宇龙计算机通信科技(深圳)有限公司 | Identity verifying method and system based on fingerprint for mobile terminal |
| CN105678123A (en) * | 2014-11-18 | 2016-06-15 | 联发科技(新加坡)私人有限公司 | Equipment unlocking method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101604216B (en) * | 2008-06-10 | 2012-11-21 | 鸿富锦精密工业(深圳)有限公司 | Password protection method |
-
2016
- 2016-12-19 CN CN201611177914.0A patent/CN106685940B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103150525A (en) * | 2013-01-31 | 2013-06-12 | 深圳市金立通信设备有限公司 | Password input method and password input terminal |
| CN105678123A (en) * | 2014-11-18 | 2016-06-15 | 联发科技(新加坡)私人有限公司 | Equipment unlocking method and device |
| CN104618360A (en) * | 2015-01-22 | 2015-05-13 | 盛科网络(苏州)有限公司 | Bypass authentication method and system based on 802.1X protocol |
| CN105260635A (en) * | 2015-08-31 | 2016-01-20 | 宇龙计算机通信科技(深圳)有限公司 | Identity verifying method and system based on fingerprint for mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106685940A (en) | 2017-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106685940B (en) | Password processing method and server | |
| KR102307665B1 (en) | identity authentication | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
| US10552590B2 (en) | System and method for providing an authentication agent in a persistent authentication framework | |
| US9253175B1 (en) | Authentication of computing devices using augmented credentials to enable actions-per-group | |
| US8869258B2 (en) | Facilitating token request troubleshooting | |
| CN107948204A (en) | One key login method and system, relevant device and computer-readable recording medium | |
| CN105827573B (en) | System, method and the relevant apparatus of internet of things equipment strong authentication | |
| WO2015165423A1 (en) | Account login method, apparatus, and system | |
| CN109150907A (en) | Vehicle-mounted industrial personal computer login method, device, system, computer equipment and medium | |
| WO2019015516A1 (en) | Methods and apparatus for authentication of joint account login | |
| US10872136B2 (en) | Using an NP-complete problem to deter malicious clients | |
| CN103401883A (en) | Single sign-on method and system | |
| CN103825738A (en) | Registration information authentication method and device | |
| CN110012322B (en) | Method and system for initiating video networking service | |
| US11405367B1 (en) | Secure computer peripheral devices | |
| EP4211864A2 (en) | Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiatable resilient authorized access to secret data | |
| CN112039878B (en) | Equipment registration method and device, computer equipment and storage medium | |
| CN102571874B (en) | On-line audit method and device in distributed system | |
| CN113225351A (en) | Request processing method and device, storage medium and electronic equipment | |
| CN103176987A (en) | Method and device for controlling database access | |
| US20200186532A1 (en) | Secure Computing Platform | |
| CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
| CN112464213A (en) | Operating system access control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221107 Address after: 15 / F, Zhongchuang Plaza, 385 Hangtian Middle Road, national civil aerospace industrial base, Xi'an City, Shaanxi Province 710100 Patentee after: Xi'an Yu vision Mdt InfoTech Ltd. Address before: 2 / F, South Block, building 10, wanlun Science Park, 88 Jiangling Road, Binjiang District, Hangzhou City, Zhejiang Province, 310051 Patentee before: ZHEJIANG UNIVIEW TECHNOLOGIES Co.,Ltd. |