CN107455003B - User identity authentication method and server - Google Patents
User identity authentication method and server Download PDFInfo
- Publication number
- CN107455003B CN107455003B CN201680003623.1A CN201680003623A CN107455003B CN 107455003 B CN107455003 B CN 107455003B CN 201680003623 A CN201680003623 A CN 201680003623A CN 107455003 B CN107455003 B CN 107455003B
- Authority
- CN
- China
- Prior art keywords
- data
- server
- user
- client
- user password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000006870 function Effects 0.000 claims description 37
- 238000012545 processing Methods 0.000 claims description 25
- 239000006185 dispersion Substances 0.000 claims description 14
- 238000004891 communication Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
A user identity authentication method and a server are used for solving the potential safety hazard existing in the prior art when the user identity is authenticated, and effectively improving the safety of the personal privacy of the user. The method comprises the following steps: when a first server receives a user account and a first user password which are sent by a client and logged on the client, the first server generates first data by using the first user password (503); the first server acquires N second data corresponding to the user account from at least one second server according to the user account, and generates third data (504) from the N second data, wherein N is an integer greater than 1; when the first data matches the third data, the first server determines that user identity authentication is passed (506).
Description
Technical Field
The invention relates to the field of communication, in particular to a user identity authentication method and a server.
Background
When a client registers a certain service, a server corresponding to the service stores a user account and a user password, and subsequently when the client logs in the service, the server acquires the user account and the user password and compares the user account and the user password with the user account and the user password stored by the server so as to verify the user password and verify the validity of the user identity. If the server is unsafe in the process of verifying the user password or the user password stored in the server has potential safety hazards, the user password is leaked.
At present, a server is adopted to store a one-way hash value generated based on a user password and a random SALT value SALT, and the user password is verified. The method specifically comprises a registration stage and a verification stage:
a registration stage: as shown in fig. 1, a client sends a user account and a user password registered by the client through a security Transport Layer (TLS) channel, a server generates a random SALT value SALT, and calculates a corresponding one-way hash value H according to the user password and the random SALT value, that is: PBKDF2 (SALT) and saves the triplet < username, H, SATL > in the database.
A verification stage: as shown in fig. 2, the client sends the user account and the user password registered by the client through the TLS channel, the server calculates H ═ PBKDF2 (SALT) according to the given random SALT value SALT and the user password, compares the calculated H ═ PBKDF2 (SALT) with H stored in the database, and if H ═ H', the authentication is passed.
However, the server maintains < username, H, SALT >, where H is a one-way hash value generated based on the user password and the random SALT value SALT. One-way hashing is a public function, and given an input, a corresponding one-way hash value can be calculated. If the server information is leaked, the attacker obtains the storage result of the server, and can execute offline exhaustive attack, which specifically comprises the following steps: and exhausting the password according to the acquired random SALT value SALT, calculating a corresponding one-way hash value, and comparing whether the one-way hash value is consistent with H stored in a database. If the password is consistent with the password, the correct user password is exhausted, and the password leakage caused by the attack can cause serious damage to the personal privacy of the user.
Disclosure of Invention
The invention aims to provide a user identity authentication method and a server, which are used for solving the potential safety hazard existing in the prior art during user identity authentication and effectively improving the safety of personal privacy of a user.
A first aspect provides a user identity authentication method, including: when a first server receives a user account and a first user password which are sent by a client and are logged in the client, the first server generates first data by using the first user password; the first server acquires N second data corresponding to the user account from at least one second server according to the user account, and generates third data from the N second data, wherein N is an integer greater than 1; when the first data is matched with the third data, the first server determines that the user identity authentication is passed.
Different from the prior art, the first server does not need to store related data of a user password matched with the user account, personal privacy exposure of a user can be avoided after the related data corresponding to the user password stored by the first server is lost or after the related data corresponding to the user password stored by the first server is cracked by illegal molecules, and N second data corresponding to the user account are dispersedly stored by at least one second server, wherein third data generated by the N second data are data corresponding to the user password matched with the user account. Therefore, when the first server receives a user account and a first user password logged in the client, first data is generated through the first user password, whether the first data is the same as the third data is judged, and whether the user identity authentication is passed is further determined, that is: and when the first data is the same as the third data or the first data and the third data meet a certain functional relationship, determining that the user identity authentication passes, otherwise, determining that the user identity authentication does not pass. Therefore, the N second data are dispersedly stored by the at least one second server, and the third data generated by the N second data are used for user identity authentication, so that potential safety hazards existing when the user identity authentication is carried out only through the data corresponding to the user password matched with the user account and stored by the first server are avoided, and the personal privacy safety of the user is effectively improved.
With reference to the first aspect, in some possible implementations, before the first server receives a user account and a first user password, which are sent by a client and logged in to the client, the method further includes: when the first server receives a user account and a second user password which are sent by the client and registered on the client, the first server generates the third data by using the second user password; the first server generates the N second data from the third data and sends the N second data to the at least one second server.
It can be seen that, before a user account and a first user password are logged in on a client, when a user account and a second user password registered on the client are received, correspondingly, third data is generated by using the second password, the third data is generated into N second data, and the N second data are dispersedly stored in at least one second server, so that potential safety hazards caused by storing relevant data corresponding to the user password only in one first server are avoided, for example: after the related data corresponding to the user password stored in the first server is lost or after the related data corresponding to the user password stored in the first server is cracked by illegal molecules, the personal privacy of the user may be exposed. In addition, the second data is stored in at least one second server, so that the difficulty of stealing the user password by illegal persons is increased, and the security of the personal privacy of the user is effectively improved.
In other possible implementations, the generating the N second data into the third data includes: the first server merges the N second data through a merging function to generate the third data; or generating the third data from the N second data in a user-defined mode.
In practical applications, the N second data may be combined by some combination functions to generate the third data, and the expressions of the combination functions may be various, for example: h (x1, x2, …, xN) ═ y, N ≧ 2, where (x1, x2, …, xN) are N second data, y is third data, of course, in practical application, it may also be other merging functions, and this is not limited specifically here. In addition, the N second data may be generated into third data in a user-defined manner, so as to increase user experience, and there are various specific user-defined manners, for example: and generating the third data into N second data in advance according to a user-defined mode, otherwise, generating the third data from the N second data according to the same user-defined mode, which is not specifically limited here.
In other possible implementations, the generating, by the first server, the N second data from the third data includes: the first server disperses the third data through a dispersion function to generate the N pieces of second data, wherein the dispersion function is matched with the merging function; or the third data are scattered to generate the N second data in a user-defined mode.
In practical applications, the N second data may be generated by scattering the third data through some scattering function, where the purpose of matching the scattering function with the merging function is to verify the user password, for example: the dispersion function is H' (y) ═ y (x1, x2, …, xN), where (x1, x2, …, xN) is the N second data, y is the third data, and the corresponding merge function is H (x1, x2, …, xN) ═ y.
In addition, the N second data may be generated by dispersing the third data in a user-defined manner, and further, the user-defined manner is locally stored, which is convenient for subsequent verification of the user password, for example: and generating the N second data in a dispersing way by the third data in a user-defined way, and acquiring the N second data to generate the third data in a user-defined way subsequently. Therefore, a plurality of user-defined modes are provided, and the user experience is effectively increased.
A second aspect provides a server for user identity authentication, comprising: the receiving module is used for receiving a user account and a first user password which are sent by a client and are logged on the client; the processing module is used for generating first data by utilizing a first user password when the receiving module receives the user account and the first user password which are sent by the client and are logged on the client; the processing module is further configured to obtain, according to the user account, N second data corresponding to the user account from at least one second server, and generate third data from the N second data, where N is an integer greater than 1; the processing module is further configured to determine that the user identity authentication is passed when the first data matches the third data.
Different from the prior art, the first server does not need to store related data of a user password matched with the user account, personal privacy exposure of a user can be avoided after the related data corresponding to the user password stored by the first server is lost or after the related data corresponding to the user password stored by the first server is cracked by illegal molecules, and N second data corresponding to the user account are dispersedly stored by at least one second server, wherein third data generated by the N second data are data corresponding to the user password matched with the user account. Therefore, when the receiving module of the first server receives the user account and the first user password logged in the client, the processing module of the first server generates first data through the first user password, and determines whether the first data is the same as the third data, so as to determine whether the user identity authentication passes, that is: and if the first data is the same as the third data, determining that the user identity authentication passes, otherwise, not passing the authentication. Therefore, the N second data are dispersedly stored by the at least one second server, and the third data generated by the N second data are used for user identity authentication, so that potential safety hazards existing when the user identity authentication is carried out only through the data corresponding to the user password matched with the user account and stored by the first server are avoided, and the personal privacy safety of the user is effectively improved.
With reference to the second aspect, in some possible implementations, the server further includes: the processing module is further configured to, before the receiving module receives a user account and a first user password that are sent by a client and are logged in the client, generate, by using the second user password, the third data when the receiving module receives the user account and the second user password that are sent by the client and are registered on the client, and generate, by using the second user password, the N second data from the third data; a sending module, configured to send the N second data to the at least one second server.
It can be seen that, before a user account and a first user password are logged in on a client, when a receiving module receives a user account and a second user password registered on the client, correspondingly, a processing module generates third data by using the second password, and generates the third data into N second data, and a sending module sends the N second data to at least one second server and performs dispersed storage, so as to avoid a potential safety hazard caused by storing relevant data corresponding to the user password only in one first server, for example: after the related data corresponding to the user password stored in the first server is lost or after the related data corresponding to the user password stored in the first server is cracked by illegal molecules, the personal privacy of the user may be exposed. In addition, the second data is stored in at least one second server, so that the difficulty of stealing the user password by illegal persons is increased, and the security of the personal privacy of the user is effectively improved.
A third aspect provides a server comprising: one or more processors, a memory, a bus system, and a transceiver, the one or more processors, the memory, and the transceiver being connected by the bus system; wherein the memory stores one or more programs comprising instructions which, when executed by the server, cause the server to perform the method of the first aspect or any of its possible implementations.
Different from the prior art, the first server does not need to store related data of a user password matched with the user account, personal privacy exposure of a user can be avoided after the related data corresponding to the user password stored by the first server is lost or after the related data corresponding to the user password stored by the first server is cracked by illegal molecules, and N second data corresponding to the user account are dispersedly stored by at least one second server, wherein third data generated by the N second data are data corresponding to the user password matched with the user account. Therefore, when the first server receives a user account and a first user password logged in the client, first data is generated through the first user password, whether the first data is the same as the third data is judged, and whether the user identity authentication is passed is further determined, that is: and if the first data is the same as the third data, determining that the user identity authentication passes, otherwise, not passing the authentication. Therefore, the N second data are dispersedly stored by the at least one second server, and the third data generated by the N second data are used for user identity authentication, so that potential safety hazards existing when the user identity authentication is carried out only through the data corresponding to the user password matched with the user account and stored by the first server are avoided, and the personal privacy safety of the user is effectively improved.
Drawings
FIG. 1 is a diagram of one embodiment of a prior art user identity registration;
FIG. 2 is a diagram illustrating one embodiment of user authentication in the prior art;
FIG. 3 is a schematic diagram of a server according to an embodiment of the present invention;
FIG. 4 is a diagram of an embodiment of a user identity authentication application scenario in an embodiment of the present invention;
FIG. 5 is a diagram of an embodiment of a method for authenticating a user according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of another structure of a server according to an embodiment of the present invention;
fig. 7 is another schematic structural diagram of a server in the embodiment of the present invention.
Detailed Description
The embodiment of the invention discloses a user identity authentication method and a server, which are used for solving the potential safety hazard existing in the prior art during user identity authentication and effectively improving the safety of personal privacy of a user.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, are used for distinguishing between different objects and not necessarily for describing a particular sequential or chronological order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
As shown in fig. 3, the server 300 according to the present invention includes a communication unit 301, an input unit 302, an output unit 303, a processor 304, a storage unit 305, and a peripheral interface 306, which are connected by one or more buses. The communication unit 301 is configured to establish a communication channel, so that the server performs voice communication, text communication, data communication, and the like with the client through the communication channel, where the client is not limited to a mobile phone, a mobile computer, a tablet computer, a Personal Digital Assistant (abbreviated as PDA), a media player, a smart television, a wearable device (e.g., a smart watch or smart glasses, and the like), and a combination of two or more of the foregoing items; the input unit 302 is used for realizing the interaction between the client and the server and/or inputting information into the server; the processor 304 is a control center of the server, connects various parts of the entire server by using various interfaces and lines, and executes various functions of the server and/or processes data by operating or executing software programs and/or modules stored in the storage unit and calling data stored in the storage unit; the output unit 303 is used for outputting data of the processor; the storage unit 305 may be used to store software programs and modules; the peripheral interface 306 is used to connect clients.
The client, also called user end, corresponds to the server, and provides local service application programs for the client, except some application programs which only run locally, some application programs are generally installed on a common client, and the application programs need the client and the server to run in a mutual cooperation mode. With the development of the internet, more common clients include web browsers, e-mail clients, and client software. For these applications, a corresponding server or service program in the network is required to provide the corresponding service, for example: database services, email services, and the like. Therefore, a specific communication connection needs to be established between the client and the server to ensure the normal operation of the application program.
Before the embodiment of the present invention is introduced, a scenario in which the technical solution of the present invention is applied is introduced, as shown in fig. 4, a user account and a user password are logged in a client, a first server (e.g., a central server) receives the user account and the user password sent by the client, and obtains a random SALT value SALT pre-stored by the server, where the random SALT value is data randomly generated when the client initially registers the user account and the user password, the first server calculates a one-way hash value H through the random SALT value and the user password, further obtains distributed values respectively stored by a plurality of second servers (e.g., sub-servers), and calculates H 'through the plurality of distributed values, and determines that the user identity authentication passes when H' is further determined, otherwise, the authentication fails.
Referring to fig. 5, an embodiment of a user identity authentication method according to an embodiment of the present invention is schematically illustrated, and a specific process is as follows:
In some possible implementation manners, when the first server receives a user account and a second user password which are sent by the client and registered at the client, the first server allocates fourth data for generating the third data, and locally stores the fourth data; the first server generates the third data using the fourth data and the second user password.
In practical application, when a user account and a second user password are registered on a client, the first server receives the user account and the second user password and stores the user account and the second user password locally, and login verification is performed according to the user account and the second user password subsequently. The second user password is a user password matched with the user account and has uniqueness, and the second user password can be set by user self-definition or client default, and is not specifically limited here. In order to increase the security of the user password, when the first server receives the user account and the second user password which are sent by the client and registered at the client, the first server allocates fourth data for generating the third data, where the fourth data is random data, for example: and generating a one-way hash value H by the random SALT value SALT and the second user password, namely: PBKDF2 (SALT) and locally saves the triplet < username, H, SATL >.
In some possible implementations, the first server disperses the third data by a dispersion function to generate the N second data, where the dispersion function is matched with the merge function; or the third data are scattered to generate the N second data in a user-defined mode.
In practical application, given the third data (e.g. H) of the input value and the number N to be dispersed, H is further split into N second data by a dispersion function, wherein after the N second data are combined by a combination function, the relevant reference data of H can be recovered, and the reference data may be H itself or may have a mapping relationship with H, which is not specifically limited herein. It should be noted that, the combination of (less than N) of the N second data cannot reveal the relevant data of H. Specifically, the application process of the dispersion function is as follows: let p be the system global modulus, g be the system global generator, x be the second data sequence number, f (x) ═ H + a1x + a2x2+ … + aN-1xN-1mod p, where a1, …, aN-1 are coefficients of a dispersion function, the H dispersion is N second data, Ii (1 ≦ i ≦ N) is the second data value, that is: i1 ═ gf (1) mod p, I2 ═ gf (2) modp, …, IN ═ gf (N) mod p, and transmits the N second data to at least one second server, preferably, the N second data are dispersedly transmitted to N second servers, namely: each second server stores a second data.
In addition, the N second data are generated by dispersing the third data in a user-defined manner, for example: according to the user-defined mode, each second server stores one second data, and the second data stored by each second server are collected to restore the third data.
In some possible implementations, the first server obtains the fourth data;
the first server generates the first data using the fourth data and the first user password.
In practical applications, the first server obtains the fourth data from local, that is: the random SALT is used to generate the first data using the random SALT and the first user password in the same manner as the third data is generated.
In some possible implementations, the first server merges the N second data by a merge function to generate the third data; or generating the third data from the N second data in a user-defined mode.
In practical application, N second data are input to generate third data (for example, H'), where xi (1. ltoreq. i.ltoreq.N) is the second data number, xj (1. ltoreq. j.ltoreq.N) is the second data number, and Ii (1. ltoreq. i.ltoreq.N) is the second data value. The application process of the merge function corresponding to the dispersion function of the previous case is as follows:
in practical applications, it is verified whether H ' matches H by determining whether H ' satisfies the functional relationship of H ' ═ gH mod p.
In addition, the N second data may be generated into third data in a user-defined manner, so as to increase user experience, and there are various specific user-defined manners, for example: and generating the third data into N second data in advance according to a user-defined mode, otherwise, generating the third data from the N second data according to the same user-defined mode, which is not specifically limited here.
When the first server judges that the first data is matched with the third data, it is determined that the user identity authentication is passed, otherwise, it is determined that the user identity authentication is not passed, wherein the matching of the first data and the third data means that the first data and the third data are equal or that the first data and the third data satisfy a certain functional relationship, and the method is not particularly limited herein.
Therefore, the first server does not need to store the related data of the user password matched with the user account, personal privacy exposure of the user can be avoided after the related data corresponding to the user password stored by the first server is lost or the related data corresponding to the user password stored by the first server is cracked by illegal molecules, but N second data corresponding to the user account are dispersedly stored by at least one second server, wherein third data generated by the N second data are data corresponding to the user password matched with the user account. Therefore, when the first server receives a user account and a first user password logged in the client, first data is generated through the first user password, whether the first data is the same as the third data is judged, and whether the user identity authentication is passed is further determined, that is: and if the first data is the same as the third data, determining that the user identity authentication passes, otherwise, not passing the authentication. Therefore, the N second data are dispersedly stored by the at least one second server, and the third data generated by the N second data are used for user identity authentication, so that potential safety hazards existing when the user identity authentication is carried out only through the data corresponding to the user password matched with the user account and stored by the first server are avoided, and the personal privacy safety of the user is effectively improved.
To facilitate a better understanding of the above-described related methods of embodiments of the present invention, the following also provides related apparatus for cooperating with the above-described methods.
Referring to fig. 6, a schematic structural diagram of a server 600 according to an embodiment of the present invention, where the server is used for user identity authentication, and the server includes a receiving module 601, a processing module 602, and a sending module 603.
A receiving module 601, configured to receive a user account and a first user password that are sent by a client and are logged in the client;
the processing module 602 is configured to, when the receiving module 601 receives a user account and a first user password, which are sent by a client and logged in the client, generate first data by using the first user password;
in some possible implementations, the first server obtains the fourth data; the first server generates the first data using the fourth data and the first user password.
The processing module 602 is further configured to obtain, according to the user account, N second data corresponding to the user account from at least one second server, and generate third data from the N second data, where N is an integer greater than 1;
in some possible implementations, the first server merges the N second data by a merge function to generate the third data; or generating the third data from the N second data in a user-defined mode.
The processing module 602 is further configured to determine that the user identity authentication is passed when the first data matches the third data.
The processing module 602 is further configured to, before the receiving module 601 receives a user account and a first user password that are sent by a client and logged in the client, when the receiving module 601 receives a user account and a second user password that are sent by the client and registered on the client, generate the third data by using the second user password, and generate the N second data from the third data;
in some possible implementation manners, the processing module 602 is further configured to, when the receiving module 601 receives a user account and a second user password, which are sent by the client and registered at the client, allocate fourth data used for generating the third data, and locally store the fourth data;
the processing module 602 is specifically configured to generate the third data by using the fourth data and the second user password.
In some possible implementations, the processing module 602 is specifically configured to scatter the third data by a scatter function to generate the N second data; or generating the N pieces of second data by dispersing the third data in a user-defined mode, wherein the dispersion function is matched with the combination function.
A sending module 603, configured to send the N second data to the at least one second server.
Different from the prior art, the first server does not need to store related data of a user password matched with the user account, personal privacy exposure of a user can be avoided after the related data corresponding to the user password stored by the first server is lost or after the related data corresponding to the user password stored by the first server is cracked by illegal molecules, and N second data corresponding to the user account are dispersedly stored by at least one second server, wherein third data generated by the N second data are data corresponding to the user password matched with the user account. Therefore, when the receiving module of the first server receives the user account and the first user password logged in the client, the processing module of the first server generates first data through the first user password, and determines whether the first data is the same as the third data, so as to determine whether the user identity authentication passes, that is: and if the first data is the same as the third data, determining that the user identity authentication passes, otherwise, not passing the authentication. Therefore, the N second data are dispersedly stored by the at least one second server, and the third data generated by the N second data are used for user identity authentication, so that potential safety hazards existing when the user identity authentication is carried out only through the data corresponding to the user password matched with the user account and stored by the first server are avoided, and the personal privacy safety of the user is effectively improved.
The embodiment shown in fig. 6 describes a specific structure of the server from the perspective of the functional modules, and the following describes a specific structure of the server from the perspective of the hardware in conjunction with the embodiment of fig. 7: a server 700, comprising: one or more processors 701, a memory 702, a bus system 703 and a transceiver 704, the one or more processors 701, the memory 702 and the transceiver 703 being connected by the bus system 704;
wherein the memory 702 stores one or more programs 705, the one or more programs 705 comprising instructions that when executed by the server cause the server to perform the method as shown in figure 5.
In the embodiment of the invention, the first server does not need to store the related data of the user password matched with the user account, so that the personal privacy of the user can be prevented from being exposed after the related data corresponding to the user password stored by the first server is lost or after the related data corresponding to the user password stored by the first server is cracked by illegal molecules, but N second data corresponding to the user account are dispersedly stored by at least one second server, wherein the third data generated by the N second data is the data corresponding to the user password matched with the user account. Therefore, when the first server receives a user account and a first user password logged in the client, first data is generated through the first user password, whether the first data is the same as the third data is judged, and whether the user identity authentication is passed is further determined, that is: and if the first data is the same as the third data, determining that the user identity authentication passes, otherwise, not passing the authentication. Therefore, the N second data are dispersedly stored by the at least one second server, and the third data generated by the N second data are used for user identity authentication, so that potential safety hazards existing when the user identity authentication is carried out only through the data corresponding to the user password matched with the user account and stored by the first server are avoided, and the personal privacy safety of the user is effectively improved.
It should be noted that the function of the server in the present invention can be specifically implemented according to the method in the embodiment shown in fig. 5, and the specific implementation process thereof can refer to the related description in the embodiment of the method shown in fig. 5, which is not described herein again, and the server executes the method in the embodiment shown in fig. 5 to obtain the technical effect obtained by the embodiment of the method.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The user identity authentication method and the server provided by the invention are described in detail, a specific example is applied in the text to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (7)
1. A user identity authentication method is characterized by comprising the following steps:
when a first server receives a user account and a second user password which are sent by a client and registered on the client, the first server generates third data by using the second user password;
the first server generates N second data from the third data and sends the N second data to at least one second server; the third data is embodied by all of the second data;
when a first server receives a user account and a first user password which are sent by a client and are logged in the client, the first server generates first data by using the first user password;
the first server acquires N second data corresponding to the user account from at least one second server according to the user account, and generates third data from the N second data, wherein N is an integer greater than 1;
when the first data is matched with the third data, the first server determines that the user identity authentication is passed;
the generating the N second data into third data comprises:
the first server merges the N second data through a merging function to generate third data;
the first server generating the third data into the N second data includes:
and the first server disperses the third data through a dispersion function to generate the N pieces of second data, wherein the dispersion function is matched with the merging function.
2. The method of claim 1, wherein when the first server receives a user account and a second user password registered at the client, which are sent by the client, the method further comprises:
the first server distributes fourth data used for generating the third data and locally stores the fourth data;
the first server generating the third data using the second user password comprises:
the first server generates the third data using the fourth data and the second user password.
3. The method of claim 2, wherein the first server generating first data using the first user password comprises:
the first server acquires the fourth data;
the first server generates the first data using the fourth data and the first user password.
4. A server for user authentication, the server comprising:
the receiving module is used for receiving a user account and a first user password which are sent by a client and are logged on the client;
the processing module is used for generating first data by utilizing a first user password when a receiving module receives the user account and the first user password which are sent by a client and are logged on the client;
the processing module is further configured to acquire N second data corresponding to the user account from at least one second server according to the user account, and generate third data from the N second data, where N is an integer greater than 1;
the processing module is further configured to determine that the user identity authentication passes when the first data matches the third data;
the processing module is further configured to, before the receiving module receives a user account and a first user password which are sent by a client and logged in the client, generate, by using the second user password, the third data when the receiving module receives the user account and the second user password which are sent by the client and registered on the client, and generate the N second data from the third data;
a sending module, configured to send the N second data to the at least one second server;
the processing module is specifically configured to merge the N second data through a merge function to generate the third data;
the processing module is specifically configured to scatter the third data by using a scatter function to generate the N second data; wherein the dispersion function matches the merge function.
5. The server according to claim 4, comprising:
the processing module is further configured to, when the receiving module receives a user account and a second user password, which are sent by the client and registered at the client, allocate fourth data for generating the third data, and locally store the fourth data;
the processing module is specifically configured to generate the third data by using the fourth data and the second user password.
6. The server according to claim 5,
the processing module is specifically configured to obtain the fourth data; generating the first data using the fourth data and the first user password.
7. A server, comprising: one or more processors, a memory, a bus system, and a transceiver, the one or more processors, the memory, and the transceiver being connected by the bus system;
wherein the memory stores one or more programs therein, the one or more programs comprising instructions, which when executed by the server, cause the server to perform the method of any of claims 1-3.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2016/072182 WO2017128044A1 (en) | 2016-01-26 | 2016-01-26 | User identity authentication method and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107455003A CN107455003A (en) | 2017-12-08 |
CN107455003B true CN107455003B (en) | 2020-09-18 |
Family
ID=59397021
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201680003623.1A Active CN107455003B (en) | 2016-01-26 | 2016-01-26 | User identity authentication method and server |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107455003B (en) |
WO (1) | WO2017128044A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109960915A (en) * | 2017-12-22 | 2019-07-02 | 苏州迈瑞微电子有限公司 | A kind of identity authentication method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103997504A (en) * | 2014-06-13 | 2014-08-20 | 谭知微 | Identity authentication system and method |
CN104468579A (en) * | 2014-12-10 | 2015-03-25 | 北京众享比特科技有限公司 | Authentication system suitable for distributed storage |
CN104468580A (en) * | 2014-12-10 | 2015-03-25 | 北京众享比特科技有限公司 | Authentication method suitable for distributed storage |
CN104486314A (en) * | 2014-12-05 | 2015-04-01 | 北京众享比特科技有限公司 | Identity authentication system and identity authentication method based on peer-to-peer network |
CN104683301A (en) * | 2013-11-28 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Password saving method and password saving device |
-
2016
- 2016-01-26 CN CN201680003623.1A patent/CN107455003B/en active Active
- 2016-01-26 WO PCT/CN2016/072182 patent/WO2017128044A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104683301A (en) * | 2013-11-28 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Password saving method and password saving device |
CN103997504A (en) * | 2014-06-13 | 2014-08-20 | 谭知微 | Identity authentication system and method |
CN104486314A (en) * | 2014-12-05 | 2015-04-01 | 北京众享比特科技有限公司 | Identity authentication system and identity authentication method based on peer-to-peer network |
CN104468579A (en) * | 2014-12-10 | 2015-03-25 | 北京众享比特科技有限公司 | Authentication system suitable for distributed storage |
CN104468580A (en) * | 2014-12-10 | 2015-03-25 | 北京众享比特科技有限公司 | Authentication method suitable for distributed storage |
Also Published As
Publication number | Publication date |
---|---|
WO2017128044A1 (en) | 2017-08-03 |
CN107455003A (en) | 2017-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11711219B1 (en) | PKI-based user authentication for web services using blockchain | |
US10389531B2 (en) | Authentication system and authentication method | |
US9838205B2 (en) | Network authentication method for secure electronic transactions | |
CN105007279B (en) | Authentication method and Verification System | |
US8261086B2 (en) | Computer and method for sending security information for authentication | |
CN106470184B (en) | Security authentication method, device and system | |
CN110099048B (en) | Cloud storage method and equipment | |
GB2509045A (en) | Generating a device identifier by receiving a token from a server, signing a request including the token with a private key and verifying the request | |
CN109981576B (en) | Key migration method and device | |
CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
CN110958119A (en) | Identity verification method and device | |
EP2875460A1 (en) | Anti-cloning system and method | |
CN111405036A (en) | Service access method, device, related equipment and computer readable storage medium | |
US20210241270A1 (en) | System and method of blockchain transaction verification | |
CN111784887A (en) | Authorization releasing method, device and system for user access | |
US20170230416A1 (en) | System and methods for preventing phishing attack using dynamic identifier | |
CN114244530A (en) | Resource access method and device, electronic equipment and computer readable storage medium | |
CN110753029B (en) | Identity verification method and biological identification platform | |
CN108449568A (en) | Identity identifying method and device for video conference | |
CN103368918A (en) | Method, device and system for dynamic password authentication | |
CN105429978B (en) | Data access method, equipment and system | |
CN112753031A (en) | Media content control | |
CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration | |
CN112751878B (en) | Page request processing method and device | |
CN117336092A (en) | Client login method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |