CN107995151A - Login validation method, apparatus and system - Google Patents

Login validation method, apparatus and system Download PDF

Info

Publication number
CN107995151A
CN107995151A CN201610957367.1A CN201610957367A CN107995151A CN 107995151 A CN107995151 A CN 107995151A CN 201610957367 A CN201610957367 A CN 201610957367A CN 107995151 A CN107995151 A CN 107995151A
Authority
CN
China
Prior art keywords
public key
account number
server
user account
management terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610957367.1A
Other languages
Chinese (zh)
Other versions
CN107995151B (en
Inventor
李轶峰
袁丽娜
王亮
郭计伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610957367.1A priority Critical patent/CN107995151B/en
Publication of CN107995151A publication Critical patent/CN107995151A/en
Application granted granted Critical
Publication of CN107995151B publication Critical patent/CN107995151B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a kind of login validation method, apparatus and system, belong to field of communication technology.This method includes:Management terminal obtains the first public key corresponding with user account number that server is sent, private key is logged according to the first inner parameter and the first public key generation first, private key generation identifying code is logged according to first, user account number and identifying code are sent to server, server obtains the second public key corresponding with user account number that management terminal is sent, private key is logged according to the second inner parameter and the second public key generation second, log in private key according to second carries out login authentication to identifying code;Wherein, the first inner parameter and the second inner parameter are confidential parameters;Since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key, therefore, logs in private key and be not easy to be trapped, improve the reliability of login authentication.

Description

Login validation method, apparatus and system
Technical field
The present embodiments relate to field of communication technology, more particularly to a kind of login validation method, apparatus and system.
Background technology
With the arrival in Information technology epoch, storage information in internet is quite popularized, but the problems such as security risk Also emerge in an endless stream therewith so that Web (webpage) logs in safety by extensive concern.Stepped on to improve user in third party website Security during user account number is recorded, the background server of third party website according to login password input by user except can be stepped on Record verification, can also carry out secondary verification according to dynamic verification code input by user.
The way of currently used secondary verification is:When user inputs user account number and login password in third party website And when opening secondary verification, the background server of third party website can generate the corresponding key of the user's account number, and by user's account Number corresponding with key storage;Meanwhile background server shows the Quick Response Code generated according to the key on third party website, by pipe Reason terminal is obtained by scanning the Quick Response Code and stores key.When carrying out secondary verification, management terminal is according to the key of storage With current time stamp generate dynamic verification code, after user inputs dynamic verification code in third party website, background server according to The stored corresponding key of the user's account number and current time stamp generation dynamic verification code, when background server detects use When the dynamic verification code of family input is identical with the dynamic verification code generated, determine to be verified;It is input by user dynamic when detecting When state identifying code and the dynamic verification code of generation differ, determine that verification does not pass through.
Since key is to be shown in the form of Quick Response Code on third party website, and the Quick Response Code for carrying key is sudden and violent It is exposed under internet, causes key to be easy to reveal, dynamic verification code may also be forged, therefore, secondary verification Reliability reduces.
The content of the invention
Key is obtained to solve management terminal from server leakage easily occurs and cause secondary verification reliability to reduce The problem of, an embodiment of the present invention provides a kind of login validation method, apparatus and system.The technical solution is as follows:
First aspect, there is provided a kind of login validation method, this method include:
Management terminal obtains the first public key corresponding with user account number that server is sent;According to the first inner parameter and One public key generation first logs in private key;Private key generation identifying code is logged according to first;User account number and identifying code are sent to clothes Business device;
Server receives the user account number and identifying code that management terminal is sent;Obtain management terminal is sent and user account number Corresponding second public key;Private key is logged according to the second inner parameter and the second public key generation second;Private key pair is logged according to second Identifying code carries out login authentication;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
Second aspect, there is provided a kind of login validation method, this method are used in management terminal, and this method includes:
Obtain the first public key corresponding with user account number that server is sent;
Private key is logged according to the first inner parameter and the first public key generation first;
Private key generation identifying code is logged according to first;
User account number and identifying code are sent to server, server is used to log according to corresponding with user account number second Private key carries out identifying code login authentication, and the second login private key obtains for server according to the second inner parameter and the second public key acquisition Arrive;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
The third aspect, there is provided a kind of login validation method, this method are used in management terminal, and this method includes:
Receive user account number and identifying code that management terminal is sent, identifying code by management terminal by the first inner parameter and First login private key of the first public key generation acquires;
Obtain the second public key corresponding with user account number that management terminal is sent;
Private key is logged according to the second inner parameter and the second public key generation second;
Private key is logged according to second, and login authentication is carried out to identifying code;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
Fourth aspect, there is provided a kind of login authentication device, the device are used in management terminal, which includes:
Acquisition module, for obtaining the first public key corresponding with user account number of server transmission;
First generation module, for logging in private key according to the first inner parameter and the first public key generation first;
Second generation module, for logging in private key generation identifying code according to first;
Identifying code sending module, for sending user account number and identifying code to server, server be used for according to with Family account number corresponding second logs in private key and carries out login authentication to identifying code, and second to log in private key be server according to inside second Parameter and the second public key acquisition obtain;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
5th aspect, there is provided a kind of login authentication device, the device are used in server, which includes:
Receiving module, for receiving the user account number and identifying code of management terminal transmission, identifying code is passed through by management terminal First inner parameter and the first login private key of the first public key generation acquire;
Acquisition module, for obtaining the second public key corresponding with user account number of management terminal transmission;
Private key generation module, for logging in private key according to the second inner parameter and the second public key generation second;
Authentication module, login authentication is carried out for logging in private key according to second to identifying code;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
6th aspect, there is provided a kind of login authentication system, the system include:Management terminal and server;
Management terminal includes the login authentication device provided such as above-mentioned fourth aspect;
Server includes the login authentication device provided in terms of the such as the above-mentioned 5th.
The beneficial effect that technical solution provided in an embodiment of the present invention is brought is:
Public key intercoursed by management terminal and server, both each according to the inner parameter of secrecy and receive Public key generation carries out user account number login private key required during login authentication, due to server with management terminal in communication process In, transmission is public key, is not that direct transmission logs in private key, therefore, logs in private key and be not easy to be trapped, meanwhile, even if public Key is trapped in transmitting procedure, two inside according to used in public key generates login private key due to server and management terminal Parameter is secrecy, crack to obtain according to public key log in private key possibility it is also smaller, this improves login authentication can By property, the security of user account number is improved.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, without creative efforts, other can also be obtained according to these attached drawings Attached drawing.
Figure 1A is a kind of schematic diagram for implementation environment that each embodiment of the present invention is related to;
Figure 1B is the schematic diagram for another implementation environment that each embodiment of the present invention is related to;
Fig. 2 is a kind of flow chart for login validation method that the present invention one illustrates;
Fig. 3 is a kind of flow diagram for login validation method that the present invention one illustrates;
Fig. 4 is a kind of interaction schematic diagram for login validation method that the present invention one illustrates;
Fig. 5 is a kind of flow chart of login validation method shown in another exemplary of the present invention;
Fig. 6 is a kind of flow chart of login validation method shown in another exemplary of the present invention;
Fig. 7 is a kind of block diagram of login authentication device shown in another exemplary of the present invention;
Fig. 8 is a kind of block diagram of login authentication device shown in another exemplary of the present invention;
Fig. 9 is a kind of structure diagram of management terminal shown in another exemplary of the present invention;
Figure 10 is a kind of structure diagram of server shown in another exemplary of the present invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
Figure 1A is a kind of schematic diagram of implementation environment involved by each embodiment of the present invention, which can wrap Include:Management terminal 120 and server 140.
Operation has application program in management terminal 120, such as, being run in the browser of management terminal 120 has web application Program, user can in the application program login user account number.Management terminal 120 is used for the use to logging in the application Account number used login private key when carrying out login authentication in family is managed.Management terminal 120 can be to multiple and different use Log in private key used in the account number of family to be managed, the plurality of user account number can be user's account in same application program Number or different application programs in user account number.Under normal conditions, in management terminal 120 operation be useful for The management client that the login private key of family account number is managed, is managed by the management client to logging in private key.
Optionally, management terminal 120 is such as mobile phone, tablet computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio aspect 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio aspect 4) is broadcast Put the electronic equipment of device, desktop computer and portable computer etc.
Management terminal 120 can establish communication link by wireless network mode or cable network mode with server 140 Connect.
The user account number that server 140 is used in management terminal 120 provides the server of login authentication service, service Device 140 can be a server or the server cluster being made of some servers, or a cloud computing Service centre.
When actually realizing, the management terminal 120 being connected with server 140 can have one, it is possibility to have multiple, Figure 1A Only illustrated so that server 140 is connected with a management terminal 120 as an example.
It should be noted that Figure 1A is illustrated exemplified by being logged in user account number in management terminal 120, but in actual reality Now, the user terminal where user account number can also be different from management terminal 120, such as, should in the webpage of desktop computer With user account number is logged in program, management terminal is mobile phone.User terminal 160 is then further included in above-mentioned implementation environment, is implemented Environment can be as shown in Figure 1B.
Fig. 2 is a kind of flow chart of login validation method according to an exemplary embodiment.The present embodiment is with the party Method is applied to be illustrated in the implementation environment shown in above-mentioned Figure 1A or Figure 1B.This method can include following step Suddenly:
Step 201, management terminal generates the first inner parameter at random.
First inner parameter is Integer.
Step 202, management terminal is public according to the first inner parameter and predetermined open parameter generation second according to pre-defined algorithm Key.
Wherein, make a reservation for the parameter that open parameter is server and management terminal is made an appointment and can be got, make a reservation for The integer that open parameter is usually randomly generated.
Optionally, pre-defined algorithm is DH (English:Diffie-Hellman) Diffie-Hellman, management terminal is in generation the During two public keys, K is calculateda=gaMod n, wherein, KaIt is the second public key, a is the first inner parameter, and g and n are predetermined open ginseng Number, it is generally the case that n is typically prime number, and g is a primitive root of n.
Step 203, management terminal sends the second public key to server.
Optionally, management terminal sends user account number and the second public key to server.
When the terminal where user account number is management terminal, management terminal directly sends the second public key to server.
When the user terminal where user account number is different from management terminal, management terminal obtains user from user terminal Account number, server is sent directly to by user account number and the second public key;Alternatively, management terminal sends the second public key to user's end End, is forwarded by user terminal user account number and the second public key being forwarded to server.
Step 204, server generates the second inner parameter at random.
Wherein, the second inner parameter is parameter disclosed in the other-end outside server, the second inner parameter not to be led to It is often integer.
Step 205, server generates the first public key according to pre-defined algorithm according to the second inner parameter and predetermined open parameter.
The implication of pre-defined algorithm in this step and predetermined open parameter and the pre-defined algorithm in above-mentioned steps 202 and make a reservation for The implication of open parameter is identical, and server calculates K when generating the first public keyb=gbMod n, wherein, KbIt is the first public key, b It is the second inner parameter, g and n are predetermined open parameter.
Step 206, server sends the first public key to management terminal.
When the terminal where user account number is management terminal, server receives the second public key of management terminal transmission Afterwards, the first public key is directly returned into management terminal.
When the user terminal where user account number is different from management terminal, if server receives management terminal transmission Second public key, then server the first public key is directly returned into management terminal;If server receives the of user terminal transmission Two public keys, then server the first public key is returned into user terminal, the first public key is forwarded to management terminal by user terminal. When actually realizing, user terminal can also show the first public key, and management terminal is by receiving the first public key acquisition first inputted Public key, alternatively, user terminal displays carry the graphic code of the first public key, management terminal obtains the first public affairs by scanning figure shape code Key.
Step 207, management terminal obtains the first public key corresponding with user account number that server is sent.
Optionally, management terminal receives the first public key that server is sent, alternatively, from the user terminal where user account number Middle the first public key for obtaining server and sending.Under normal conditions, in above-mentioned steps 203, management terminal sends user to server Account number and the second public key, then the first public key that management terminal receives are the first public key corresponding with user account number.
Step 208, management terminal logs in private key according to the first inner parameter and the first public key generation first.
Management terminal logs in private key, the pre-defined algorithm according to pre-defined algorithm according to the first inner parameter and the generation of the first public key Identical with the pre-defined algorithm in step 202, management terminal calculates first and logs in private key K1=Kb a modn。
Step 209, management terminal logs in private key generation identifying code according to first.
Optionally, management terminal logs in private key according to predetermined cryptographic algorithm according to first and current time generates identifying code. Optionally, predetermined cryptographic algorithm is hash algorithm, MD5 algorithms (calculate by Message Digest AlgorithmMD5, eap-message digest Method the 5th edition), UUID (Universally Unique Identifier, general unique parsing code) algorithm etc..
Step 210, management terminal sends user account number and identifying code to server.
When the terminal where user account number is management terminal, management terminal directly by user account number and identifying code send to Server.
When the user terminal where user account number is different from management terminal, management terminal sends identifying code whole to user End, server is forwarded to by user terminal by user account number and identifying code;When actually realizing, management terminal can also show this Identifying code, is inputted identifying code in user terminal by user.
Step 211, server receives the user account number and identifying code that management terminal is sent.
Step 212, server obtains the second public key corresponding with user account number that management terminal is sent.
After above-mentioned steps 203, after server receives the second public key and user account number of management terminal transmission, meeting The correspondence of temporary second public key and user account number, when server receives the user account number and identifying code of management terminal transmission Afterwards, the second public key corresponding with user account number is inquired about from temporary correspondence.
Step 213, server logs in private key according to the second inner parameter and the second public key generation second.
Server logs in private key according to pre-defined algorithm according to the second inner parameter and the second public key generation second, the predetermined calculation Method is identical with the pre-defined algorithm in step 202, and server logs in private key in generation second, calculates second and logs in private key K2=Ka b mod n。
Step 214, server logs in private key according to second and carries out login authentication to identifying code.
Optionally, server logs in private key according to predetermined cryptographic algorithm according to second and current time generates identifying code, should Predetermined cryptographic algorithm is identical with the predetermined cryptographic algorithm that management terminal in step 209 uses.Due to the rule according to modulo operation, The first login private key K1=K that management terminal is calculatedb aMod n=(gb modn)aMod n=(gb)amod n;And take The K2=K that business device is calculateda bMod n=(ga mod n)bModn=(ga)bMod n, so, K1=K2, therefore, pipe It should be actually identical that the first login private key that reason terminal is calculated logs in private key with server is calculated second.Institute When the identifying code that server receives is identical with the identifying code generated, to determine to be verified;When what server received tests When card code and the identifying code of generation differ, determine that verification does not pass through.
In conclusion login validation method provided in an embodiment of the present invention, management terminal intercourses public key with server, Both are required when each carrying out login authentication to user account number according to the inner parameter of secrecy and the public key received generation to step on Private key is recorded, since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key, Therefore, private key is logged in be not easy to be trapped, meanwhile, even if public key is trapped in transmitting procedure, since server and management are whole End two inner parameters according to used in public key generates login private key are secrecy, are cracked to obtain login private key according to public key Possibility it is also smaller, this improves the reliability of login authentication, improve the security of user account number.
In the above-described embodiments, when hacker is truncated to the first public key, the second public key and predetermined open parameter, that is, It is truncated to Ka、Kb, g and n when, if hacker want forge log in private key, must be according to Ka、Kb, g and n determine the first inner parameter A and the second inner parameter b, such as, it is necessary to according to Ka, g and n determine a, further according to a and KbDetermine the first login private key, and for Prime number n, calculates that the possibility of its discrete logarithm is smaller, therefore hacker determines that the possibility of a is smaller.Optionally, in order into one Step reduces the possibility for the discrete logarithm for calculating prime number n, to further improve security, in the embodiment of the present invention first in Portion's parameter is more than first threshold, and the second inner parameter is more than second threshold, and first threshold and second threshold are larger experience Value, in addition, the predetermined open parameter in the embodiment of the present disclosure is also all higher than predetermined threshold value, which is also larger experience Value.
In an exemplary example, as shown in figure 3, using the user terminal where user account number as computer, management is eventually Exemplified by holding the mobile phone used for user.When user using user account number and account number cipher Website login and asks to open in computer During secondary verification, computer sends the information such as user account number, account number cipher and website logo to server, asks the mark of user account number Know code, server returns to identification code to computer.Computer shows the Quick Response Code for including identification code on Website page, and user uses hand Machine scans the Quick Response Code and obtains identification code, and the second public key and identification code are sent to server, and server is receiving second When public key and identification code, the first public key is returned to mobile phone, mobile phone is logged according to the first public key and the first inner parameter generation first Private key, and private key and current time generation identifying code are logged according to first, show the identifying code.
User inputs the identifying code shown on mobile phone in computer, and computer sends the identification code of user account number and identifying code To server, server obtains corresponding second public key of identifying code, is stepped on according to the second public key and the second inner parameter generation second Private key is recorded, login authentication is carried out to identifying code using the second login private key.User terminal where server, user account number with And the interaction schematic diagram of management terminal can also be as shown in Figure 4.
Optionally, after management terminal receives the first public key corresponding with user account number of server transmission, that is, After step 207, management terminal can be with user's account number storing and the correspondence of the first public key;Then when management terminal needs again During secondary acquisition corresponding first public key of user account number, above-mentioned steps 207 can be implemented as:Management terminal is by inquiring about user's account Number determine the first public key corresponding with user account number with the correspondence of the first public key, management terminal can be directly from correspondence The first public key of middle acquisition, the first public key without receiving server transmission again.
Alternatively, management terminal according to receive the first public key generation first log in private key after, that is, in above-mentioned steps After 208, management terminal can log in the correspondence of private key with user's account number storing and first;Then when management terminal needs to give birth to During into identifying code, above-mentioned steps 207 and step 208 can be implemented as by replacement:Management terminal by inquire about user account number with The correspondence of first login private key determines that corresponding with user account number first logs in private key, and management terminal can be directly from right It should be related to that middle acquisition first logs in private key, the first public key without receiving server transmission again, it is not required that secondary again Private key is logged in into first.
In the possible implementation of above two, above-mentioned steps 204-206 is optional.
Optionally, after server receives the second public key corresponding with user account number of management terminal transmission, that is, After above-mentioned steps 212, server can be with user's account number storing and the correspondence of the second public key;Then when server needs again During secondary acquisition corresponding second public key of user account number, above-mentioned steps 212 can be implemented as:Server is by inquiring about user account number The second public key corresponding with user account number is determined with the correspondence of the second public key, and server can be obtained directly from correspondence The second public key is taken, the second public key without receiving management terminal transmission again.
Alternatively, server according to receive the second public key generation second log in private key when, that is, in above-mentioned steps After 213, server can log in the correspondence of private key with user's account number storing and second;Then when management terminal needs to generate During identifying code, above-mentioned steps 212 and step 213 can be implemented as:Server logs in private by inquiring about user account number and second The correspondence of key determines that corresponding with user account number second logs in private key, and server can directly obtain the from correspondence Two log in private key, the second public key without receiving management terminal transmission again, it is not required that generate second again and log in private Key.
In the possible implementation of above two, above-mentioned steps 201-203 is optional.
Optionally, in based on other of above-described embodiment alternative embodiment, following step is further included after above-mentioned steps 214 Suddenly, as shown in Figure 5:
Step 501, server is obstructed out-of-date in definite login authentication result, deletes pair of user account number and the second public key It should be related to;Alternatively, deleting user account number and second logs in the correspondence of private key.
Specifically, when the correspondence that user account number and the second public key are stored with server, and server determines to log in Verification result is obstructed out-of-date, and server deletes the correspondence of user account number and the second public key.When being stored with use in server Family account number and the second correspondence for logging in private key, and server determines login authentication result to be obstructed out-of-date, server is deleted The correspondence of user account number and the second login private key.
Optionally, when server is for the first time obstructed out-of-date, table to the corresponding identifying code login authentication result of user account number Show during the login private key of generation second mistake occur, server deletes correspondence, and re-executes above-mentioned steps 201-214 generations second log in private key and carry out login authentication.
Optionally, when server for the first time to the corresponding identifying code login authentication result of user account number be by when, and after Continuous login authentication result is obstructed out-of-date, be probably at this time because the identifying code received is not that management terminal is sent, but What other terminals illegally logged in were sent, then server can not delete correspondence at this time.
Step 502, server sends verification result after login authentication is carried out to identifying code to management terminal.
Step 502 and the no specific sequencing of step 501, and be typically to perform at the same time.
Step 503, management terminal receives server in the verification result for identifying code send after login authentication.
Step 504, management terminal is used to indicate that verification is obstructed out-of-date in definite verification result, deletes user account number and first The correspondence of public key;Alternatively, deleting user account number and first logs in the correspondence of private key.
Specifically, when the correspondence that user account number and the first public key are stored with management terminal, and management terminal is true Determine verification result be used for indicate verification it is obstructed out-of-date, management terminal deletion user account number and the first public key correspondence.Work as pipe User account number and first is stored with reason terminal and logs in the correspondence of private key, and management terminal is used to refer in definite verification result Show that verification is obstructed out-of-date, management terminal deletes user account number and first and logs in the correspondence of private key.
Optionally, since different application programs can usually be logged in using same user account number, in order to User account number in different application programs is distinguished, can be corresponding by user account number in above-mentioned each embodiment Unique identification code is identified user account number, then in other alternative-embodiments, this method further includes following steps, such as Shown in Fig. 6:
Step 601, server receives user account number and the application program identification that management terminal is sent.
Application program identification is the mark of the application program where user account number, when user is needed in some application program During one user account number of middle login, when user account number and account number cipher are inputted in the application program, management terminal can be to service Device sends the user's account number and account number cipher, so that server carries out first time login authentication to account password.In addition, User is also an option that the function of opening and secondary login authentication is carried out to the user's account number, alternatively, application program acquiescence is to all The user account number of login opens the function, then management terminal is also sent except sending user account number and account number cipher to server Application program identification, so that server carries out second of login authentication to the user's account number of the application program.
Wherein, application program identification is used to uniquely identify an application program, and optionally, application program identification is application The bag name of program.
When the user terminal where user account number is different from management terminal, which can be implemented as server reception The user account number and application program identification that user terminal is sent.
Step 602, server generates identification code according to application program identification and user account number.
Optionally, server is after the application program identification of management terminal transmission, user account number and account number cipher is received, First time login authentication is carried out according to the user account number and account number cipher received, the present embodiment carries out server to test for the first time The method that card logs in does not repeat.When first time login authentication by when, server is according to application program identification and user account number Generate identification code;When first time login authentication is obstructed out-of-date, server can return to errored response to application program, no longer perform Subsequent step.
Optionally, server is equal by application program identification and user account number in the corresponding identification code of generation user account number As parameter, the identification code according to corresponding to predetermined cryptographic algorithm generates the user account number in the application program, user account number pair The identification code answered is used for a user account number in unique identification application.The corresponding identification code of different user account numbers is not Together, same user account number is also different in the different corresponding identification codes of application program.Optionally, which is a string sequence Number.Wherein, the implication of predetermined cryptographic algorithm may be referred to above-mentioned steps 209, and the present embodiment repeats no more this.
Server can store the corresponding pass of application program identification, user account number and identification code after identification code is generated System.
Step 603, server sends identification code to management terminal.
Optionally, server directly sends identification code to management terminal;And/or server according to the identification code according to Predetermined graphic code create-rule generation graphic code, carries identification code in the graphic code, server by the graphic code send to Management terminal, management terminal obtain the identification code carried in graphic code by parsing the graphic code.Wherein, graphic code can be two Code is tieed up, or other can carry the graphic code of data message, the present embodiment generates rule to the implication and graphic code of graphic code Do not repeat then.
Management terminal can keep in the identification code after identification code is got, alternatively, temporary user account number and identification code Correspondence.
When the user terminal where application program is different from management terminal, server can send identification code to use Family terminal, the user terminal displays identification code or display include the graphic code of the identification code, so that management terminal receives user The identification code of input, alternatively, getting identification code by scanning figure shape code.
When the user terminal where user account number is different from management terminal, which, which can be implemented as server, to mark Know code to be sent to the user terminal.
Step 604, management terminal obtains the corresponding identification code of user account number.
When the terminal where user account number is management terminal, which is implemented as management terminal and receives server transmission Identification code.
When the user terminal where application program is different from management terminal, which is implemented as management terminal from user Identification code is obtained in terminal, when actually realizing, management terminal is obtained typically by the Quick Response Code shown in scanning user terminal Take the corresponding identification code of user account number.
Step 605, the correspondence of management terminal user's account number storing and identification code.
Optionally, management terminal is when definite verification result is verified for instruction, user's account number storing and identification code Correspondence, when management terminal needs to send the corresponding identifying code of user account number to service backward, this can be directly transmitted The identification code and identifying code of user account number, without obtaining identification code again.
Then in the present embodiment, management terminal sends identification code and the second public key to server, and send identification code with Identifying code, and management terminal storage identification code and the first public key or the first correspondence for logging in private key, server storage mark Know the correspondence of code and the second public key or the second login private key.
It should be noted that when the user terminal where user account number is different from management terminal, server is being stepped on After record verification, verification result can also be sent to user terminal, user terminal is verified in definite verification result for instruction When, the correspondence of user's account number storing and identification code.
Fig. 7 is refer to, it illustrates the structure diagram of the login authentication device provided in one embodiment of the invention.Should Device can be whole by the management being implemented in combination with becoming in the implementation environment shown in Figure 1A or Figure 1B of software, hardware or both End.The device includes:
Acquisition module 710, for performing above-mentioned steps 207.
First generation module 720, for performing above-mentioned steps 208.
Second generation module 730, for performing above-mentioned steps 209.
Identifying code sending module 740, for performing above-mentioned steps 210.
Optionally, which further includes:
Memory module, for user's account number storing and the correspondence of the first public key;Alternatively, user's account number storing and first Log in the correspondence of private key.
Optionally, which further includes:
Receiving module, for performing above-mentioned steps 503.
Removing module, for performing above-mentioned steps 504.
Optionally, which further includes:
3rd generation module, for performing above-mentioned steps 201.
4th generation module, for performing above-mentioned steps 202.
Public key sending module, for performing above-mentioned steps 203.
In conclusion login authentication device provided in an embodiment of the present invention, management terminal intercourses public key with server, Both are required when each carrying out login authentication to user account number according to the inner parameter of secrecy and the public key received generation to step on Private key is recorded, since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key, Therefore, private key is logged in be not easy to be trapped, meanwhile, even if public key is trapped in transmitting procedure, since server and management are whole End two inner parameters according to used in public key generates login private key are secrecy, are cracked to obtain login private key according to public key Possibility it is also smaller, this improves the reliability of login authentication, improve the security of user account number.
Fig. 8 is refer to, it illustrates the structure diagram of the login authentication device provided in one embodiment of the invention.Should Device can be implemented in combination with as the server in the implementation environment shown in Figure 1A or Figure 1B by software, hardware or both. The device includes:
Receiving module 810, for performing above-mentioned steps 211.
Acquisition module 820, for performing above-mentioned steps 212.
Private key generation module 830, for performing above-mentioned steps 213.
Authentication module 840, for performing above-mentioned steps 214.
Optionally, which further includes:
Memory module, for user's account number storing and the correspondence of the second public key;Alternatively, user's account number storing and second Log in the correspondence of private key.
Optionally, which further includes:
Removing module, for performing above-mentioned steps 501.
Optionally, which further includes:
Parameter generation module, for performing above-mentioned steps 204.
Public key generation module, for performing above-mentioned steps 205.
Sending module, for performing above-mentioned steps 206.
In conclusion login authentication device provided in an embodiment of the present invention, management terminal intercourses public key with server, Both are required when each carrying out login authentication to user account number according to the inner parameter of secrecy and the public key received generation to step on Private key is recorded, since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key, Therefore, private key is logged in be not easy to be trapped, meanwhile, even if public key is trapped in transmitting procedure, since server and management are whole End two inner parameters according to used in public key generates login private key are secrecy, are cracked to obtain login private key according to public key Possibility it is also smaller, this improves the reliability of login authentication, improve the security of user account number.
Shown in Figure 9, it illustrates the block diagram of the management terminal provided in section Example of the present invention.Should Terminal 900 is used for the login validation method for implementing above-described embodiment offer.Terminal 900 in the present invention can include one or more A following part:For performing computer program instructions to complete the processor of various flows and method, for information and Storage program instruction random access memory (RAM) and read-only storage (ROM), for storing the memory of data and information, I/O equipment, interface, antenna etc..Specifically:
Terminal 900 can include RF (Radio Frequency, radio frequency) circuit 910, memory 920, input unit 930, Display unit 940, sensor 950, voicefrequency circuit 960, WiFi (wireless fidelity, Wireless Fidelity) module 970, place Manage the components such as device 980, power supply 982, camera 9100.It will be understood by those skilled in the art that the terminal structure shown in Fig. 9 is simultaneously The not restriction of structure paired terminal, can include than illustrating more or fewer components, either combine some components or different Component is arranged.
Each component parts of terminal 900 is specifically introduced with reference to Fig. 9:
RF circuits 910 can be used for receive and send messages or communication process in, the reception and transmission of signal, especially, by base station After downlink information receives, handled to processor 980;In addition, the data sending of uplink will be designed to base station.In general, RF circuit bags Include but be not limited to antenna, at least one amplifier, transceiver, coupler, LNA (Low Noise Amplifier, low noise Amplifier), duplexer etc..In addition, RF circuits 910 can also be communicated by wireless communication with network and other equipment.The nothing Line communication can use any communication standard or agreement, include but not limited to GSM (Global System of Mobile Communication, global system for mobile communications), GPRS (General Packet Radio Service, general packet without Line service), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband CodeDivision Multiple Access, wideband code division multiple access), LTE (Long Term Evolution, Long Term Evolution), Email, SMS (Short Messaging Service, Short Message Service) etc..
Memory 920 can be used for storage software program and module, and processor 980 is stored in memory 920 by operation Software program and module, so as to perform various function application and the data processing of terminal 900.Memory 920 can be main Including storing program area and storage data field, wherein, storing program area can storage program area, needed at least one function should With program (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored uses institute according to terminal 900 Data (such as voice data, phone directory etc.) of establishment etc..In addition, memory 920 can include high-speed random access memory, It can also include nonvolatile memory, a for example, at least disk memory, flush memory device or other volatile solid-states are deposited Memory device.
Input unit 930 can be used for the numeral or character information for receiving input, and produce the user setting with terminal 900 And the key signals input that function control is related.Specifically, input unit 930 may include contact panel 931 and other inputs Equipment 932.Contact panel 931, also referred to as touch-screen, collect user on it or neighbouring touch operation (for example user makes With the operation of any suitable object such as finger, stylus or annex on contact panel 931 or near contact panel 931), and Corresponding attachment device is driven according to formula set in advance.Optionally, contact panel 931 may include touch detecting apparatus and touch Touch two parts of controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect the letter that touch operation is brought Number, transmit a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into Contact coordinate, then processor 980 is given, and the order that processor 980 is sent can be received and performed.Furthermore, it is possible to using The polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave realize contact panel 931.It is defeated except contact panel 931 Other input equipments 932 can also be included by entering unit 930.Specifically, other input equipments 932 can include but is not limited to physics One or more in keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operation lever etc..
Display unit 940 is available for the information and terminal 900 for showing by information input by user or being supplied to user Various menus.Display unit 940 may include display panel 941, optionally, can use LCD (Liquid Crystal Display, liquid crystal display), the form such as OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) comes Configure display panel 941.Further, contact panel 931 can cover display panel 941, when contact panel 931 is detected at it On or near touch operation after, send to processor 980 with determine touch event type, be followed by subsequent processing device 980 according to touch The type for touching event provides corresponding visual output on display panel 941.Although in fig.9, contact panel 931 and display surface Plate 941 is the component independent as two to realize the input of terminal 900 and input function, but in certain embodiments, can That terminal 900 is realized so that contact panel 931 and display panel 941 is integrated outputs and inputs function.
Terminal 900 may also include at least one sensor 950, such as gyro sensor, magnetic induction sensor, light sensing Device, motion sensor and other sensors.Specifically, optical sensor may include ambient light sensor and proximity sensor, its In, ambient light sensor can adjust the brightness of display panel 941 according to the light and shade of ambient light, and proximity sensor can be in terminal 900 when being moved in one's ear, closes display panel 941 and/or backlight.As one kind of motion sensor, acceleration transducer can The size of (generally three axis) acceleration is detected in all directions, size and the direction of gravity are can detect that when static, can be used for The application (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating) of identification terminal posture, Vibration identification correlation function (such as pedometer, percussion) etc.;The barometer that can also configure as terminal 900, hygrometer, thermometer, infrared ray sensor etc. Other sensors, details are not described herein.
Voicefrequency circuit 960, loudspeaker 961, microphone 962 can provide the audio interface between user and terminal 900.Audio The transformed electric signal of the voice data received can be transferred to loudspeaker 961, sound is converted to by loudspeaker 961 by circuit 960 Sound signal exports;On the other hand, the voice signal of collection is converted to electric signal by microphone 962, after being received by voicefrequency circuit 960 Voice data is converted to, then after voice data output processor 980 is handled, through RF circuits 910 to be sent to such as another end End, or voice data is exported to memory 920 further to handle.
WiFi belongs to short range wireless transmission technology, and terminal 900 can help user's transceiver electronics by WiFi module 970 Mail, browse webpage and access streaming video etc., it has provided wireless broadband internet to the user and has accessed.Although Fig. 9 is shown WiFi module 970, but it is understood that, it is simultaneously not belonging to must be configured into for terminal 900, can exist as needed completely Do not change in the scope of disclosed essence and omit.
Processor 980 is the control centre of terminal 900, utilizes various interfaces and each portion of the whole terminal of connection Point, by running or performing the software program and/or module that are stored in memory 920, and call and be stored in memory 920 Interior data, perform the various functions and processing data of terminal 900, so as to carry out integral monitoring to terminal.Optionally, processor 980 may include one or more processing units;Preferably, processor 980 can integrate application processor and modem processor, Wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor mainly handles nothing Line communicates.It is understood that above-mentioned modem processor can not also be integrated into processor 980.
Terminal 900 further includes the power supply 982 (such as battery) to all parts power supply, it is preferred that power supply can pass through electricity Management system and processor 982 are logically contiguous, so as to realize management charging, electric discharge and power consumption by power-supply management system The functions such as management.
Camera 9100 is generally by groups such as camera lens, imaging sensor, interface, digital signal processor, CPU, display screens Into.Wherein, camera lens is fixed on the top of imaging sensor, can manually adjust camera lens and be focused on to change;Imaging sensor It is the heart of camera collection image equivalent to " film " of traditional camera;Interface is used for camera using winding displacement, plate to plate Connector, spring connection mode are connected with terminal mainboard, and the image of collection is sent to the memory 920;Digital signal Processor is handled the image of collection by mathematical operation, and the analog image of collection is converted to digital picture and by connecing Mouth is sent to memory 920.
Although being not shown, terminal 900 can also be including bluetooth module etc., and details are not described herein.
0 is please referred to Fig.1, it illustrates the structural framing figure of server provided by one embodiment of the present invention.Specifically: The server 1000 includes central processing unit (CPU) 1001 including random access memory (RAI) 1002 and read-only storage The system storage 1004 of device (ROI) 1003, and the system of connection system storage 1004 and central processing unit 1001 are total Line 1005.The server 1000 further includes the basic input/output of transmission information between each device helped in computer System (I/O systems) 1006, and the great Rong for storage program area 1013, application program 1010 and other program modules 1010 Measure storage device 1007.
The basic input/output 1006 includes the display 1008 for showing information and is inputted for user The input equipment 1009 of such as mouse, keyboard etc of information.Wherein described display 1008 and input equipment 1009 all pass through The input and output controller 1010 for being connected to system bus 1005 is connected to central processing unit 1001.The basic input/defeated Going out system 1006 can also touch including input and output controller 1010 for receiving and handling from keyboard, mouse or electronics Control the input of multiple other equipments such as pen.Similarly, input and output controller 1010 also provide output to display screen, printer or Other kinds of output equipment.
The mass-memory unit 1007 (is not shown by being connected to the bulk memory controller of system bus 1005 Go out) it is connected to central processing unit 1001.The mass-memory unit 1007 and its associated computer-readable medium are Server 1000 provides non-volatile memories.That is, the mass-memory unit 1007 can include such as hard disk or The computer-readable medium (not shown) of person's CD-ROI drivers etc.
Without loss of generality, the computer-readable medium can include computer storage media and communication media.Computer Storage medium is included for information such as storage computer-readable instruction, data structure, program module or other data The volatile and non-volatile of any method or technique realization, removable and irremovable medium.Computer-readable storage medium includes RAI, ROI, EPROI, EEPROI, flash memory or other solid-state storages its technologies, CD-ROI, DVD or other optical storages, tape Box, tape, disk storage or other magnetic storage apparatus.Certainly, skilled person will appreciate that the computer-readable storage medium It is not limited to above-mentioned several.Above-mentioned system storage 1004 and mass-memory unit 1007 may be collectively referred to as memory.
According to various embodiments of the present invention, the server 1000 can also be arrived by network connections such as internets Remote computer operation on network.Namely server 1000 can be connect by the network being connected on the system bus 1005 Mouth unit 1011 is connected to network 1012, in other words, can also be connected to using Network Interface Unit 1011 other kinds of Network or remote computer system (not shown).
The memory further includes one or more than one program, the one or more programs are stored in In memory, the one or more programs, which include, to be used to carry out the network type side of determining provided in an embodiment of the present invention Method.
It should be noted that:The login authentication device that above-described embodiment provides is when carrying out login authentication, only with above-mentioned each The division progress of function module, can be as needed and by above-mentioned function distribution by different work(for example, in practical application Energy module is completed, i.e., the internal structure of management terminal terminal or server is divided into different function modules, more than completion The all or part of function of description.In addition, login validation method and login authentication device embodiment that above-described embodiment provides Belong to same design, its specific implementation process refers to embodiment of the method, and which is not described herein again.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment To complete, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent replacement, improvement and so on, should all be included in the protection scope of the present invention.

Claims (20)

  1. A kind of 1. login validation method, it is characterised in that the described method includes:
    Management terminal obtains the first public key corresponding with user account number that server is sent;According to the first inner parameter and described One public key generation first logs in private key;Private key generation identifying code is logged according to described first;By the user account number and described test Card code is sent to the server;
    The server receives the user account number and the identifying code that the management terminal is sent;Obtain the management terminal The second public key corresponding with the user account number sent;Logged according to the second inner parameter and second public key generation second Private key;Private key is logged according to described second, and login authentication is carried out to the identifying code;
    Wherein, first inner parameter and second inner parameter are confidential parameters.
  2. 2. according to the method described in claim 1, it is characterized in that, the method further includes:
    The management terminal generates first inner parameter at random;
    The management terminal is public according to first inner parameter and predetermined open parameter generation described second according to pre-defined algorithm Key;
    The management terminal sends second public key to the server.
  3. 3. according to the method described in claim 1, it is characterized in that, the method further includes:
    The server generates second inner parameter at random;
    The server generates first public key according to pre-defined algorithm according to second inner parameter and predetermined open parameter;
    The server sends first public key to the management terminal.
  4. A kind of 4. login validation method, it is characterised in that the method is used in management terminal, the described method includes:
    Obtain the first public key corresponding with user account number that server is sent;
    Private key is logged according to the first inner parameter and first public key generation first;
    Private key generation identifying code is logged according to described first;
    The user account number and the identifying code are sent to the server, the server and are used for basis and user's account Number corresponding second, which logs in private key, carries out the identifying code login authentication, described second log in private key for the server according to Second inner parameter and the second public key acquisition obtain;
    Wherein, first inner parameter and second inner parameter are confidential parameters.
  5. 5. according to the method described in claim 4, it is characterized in that, described obtain the corresponding with user account number of server transmission After first public key, further include:
    Store the correspondence of the user account number and first public key;Alternatively, store the user account number and described first Log in the correspondence of private key.
  6. 6. according to the method described in claim 4, it is characterized in that, the method further includes:
    The server is received in the verification result for the identifying code send after login authentication;
    It is used to indicate that verification is obstructed out-of-date in the definite verification result, deletes pair of the user account number and first public key It should be related to;Alternatively, delete the user account number and the described first correspondence for logging in private key.
  7. 7. according to any method of claim 4 to 6, it is characterised in that the method further includes:
    First inner parameter is generated at random;
    Second public key is generated according to first inner parameter and predetermined open parameter according to pre-defined algorithm;
    Second public key is sent to the server, the server is used to be joined according to second public key and the second inside Number generation described second logs in private key.
  8. A kind of 8. login validation method, it is characterised in that the method is used in server, the described method includes:
    User account number and identifying code that management terminal is sent are received, the identifying code is joined by the management terminal by the first inside Number and the first login private key of the first public key generation acquire;
    Obtain the second public key corresponding with the user account number that the management terminal is sent;
    Private key is logged according to the second inner parameter and second public key generation second;
    Private key is logged according to described second, and login authentication is carried out to the identifying code;
    Wherein, first inner parameter and second inner parameter are confidential parameters.
  9. 9. according to the method described in claim 8, it is characterized in that, described to obtain the management terminal sending with the user After corresponding second public key of account number, further include:
    Store the correspondence of the user account number and second public key;Alternatively, store the user account number and described second Log in the correspondence of private key.
  10. 10. according to the method described in claim 8, it is characterized in that, the method further includes:
    It is obstructed out-of-date in definite login authentication result, deletes the correspondence of the user account number and second public key;Or Person, deletes the user account number and the described second correspondence for logging in private key.
  11. 11. according to any method of claim 8 to 10, it is characterised in that the method further includes:
    Second inner parameter is generated at random;
    First public key is generated according to second inner parameter and predetermined open parameter according to pre-defined algorithm;
    First public key is sent to the management terminal, the management terminal is used for according to the first inner parameter and described the One public key generation described first logs in private key.
  12. 12. a kind of login authentication device, it is characterised in that described device is used in management terminal, and described device includes:
    Acquisition module, for obtaining the first public key corresponding with user account number of server transmission;
    First generation module, for logging in private key according to the first inner parameter and first public key generation first;
    Second generation module, for logging in private key generation identifying code according to described first;
    Identifying code sending module, for sending the user account number and the identifying code to the server, the server Login authentication is carried out to the identifying code for logging in private key according to corresponding with the user account number second, described second logs in Private key obtains for the server according to the second inner parameter and the second public key acquisition;
    Wherein, first inner parameter and second inner parameter are confidential parameters.
  13. 13. device according to claim 12, it is characterised in that described device further includes:
    Memory module, for storing the correspondence of the user account number and first public key;Alternatively, store user's account Number with described first log in private key correspondence.
  14. 14. device according to claim 12, it is characterised in that described device further includes:
    Receiving module, for receiving the server in the verification result for the identifying code send after login authentication;
    Removing module, for being used to indicate that verification is obstructed out-of-date in the definite verification result, deletes the user account number and institute State the correspondence of the first public key;Alternatively, delete the user account number and the described first correspondence for logging in private key.
  15. 15. according to any device of claim 12 to 14, it is characterised in that described device further includes:
    3rd generation module, for generating first inner parameter at random;
    4th generation module, for according to pre-defined algorithm according to first inner parameter and the generation of predetermined open parameter described the Two public keys;
    Public key sending module, for sending second public key to the server, the server is used for according to described the Two public keys and the second inner parameter generation described second log in private key.
  16. 16. a kind of login authentication device, it is characterised in that described device is used in server, and described device includes:
    Receiving module, for receiving the user account number and identifying code of management terminal transmission, the identifying code is by the management terminal The the first login private key generated by the first inner parameter and the first public key acquires;
    Acquisition module, the second public key corresponding with the user account number sent for obtaining the management terminal;
    Private key generation module, for logging in private key according to the second inner parameter and second public key generation second;
    Authentication module, login authentication is carried out for logging in private key according to described second to the identifying code;
    Wherein, first inner parameter and second inner parameter are confidential parameters.
  17. 17. device according to claim 16, it is characterised in that described device further includes:
    Memory module, for storing the correspondence of the user account number and second public key;Alternatively, store user's account Number with described second log in private key correspondence.
  18. 18. device according to claim 16, it is characterised in that described device further includes:
    Removing module, for being obstructed out-of-date in definite login authentication result, deletes the user account number and second public key Correspondence;Alternatively, delete the user account number and the described second correspondence for logging in private key.
  19. 19. according to any device of claim 16 to 18, it is characterised in that described device further includes:
    Parameter generation module, for generating second inner parameter at random;
    Public key generation module, for according to pre-defined algorithm according to second inner parameter and the generation of predetermined open parameter described the One public key;
    Sending module, for sending first public key to the management terminal, the management terminal is used for according in first Portion's parameter and first public key generation described first log in private key.
  20. A kind of 20. login authentication system, it is characterised in that the system comprises:Management terminal and server;
    The management terminal includes the login authentication device as described in the claims 12 to 15 are any;
    The server includes the login authentication device as described in the claims 16 to 19 are any.
CN201610957367.1A 2016-10-27 2016-10-27 Login verification method, device and system Active CN107995151B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610957367.1A CN107995151B (en) 2016-10-27 2016-10-27 Login verification method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610957367.1A CN107995151B (en) 2016-10-27 2016-10-27 Login verification method, device and system

Publications (2)

Publication Number Publication Date
CN107995151A true CN107995151A (en) 2018-05-04
CN107995151B CN107995151B (en) 2020-02-21

Family

ID=62028585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610957367.1A Active CN107995151B (en) 2016-10-27 2016-10-27 Login verification method, device and system

Country Status (1)

Country Link
CN (1) CN107995151B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756343A (en) * 2019-01-31 2019-05-14 平安科技(深圳)有限公司 Authentication method, device, computer equipment and the storage medium of digital signature
CN110120872A (en) * 2019-06-03 2019-08-13 卓尔智联(武汉)研究院有限公司 Interactive logon verifies device, method and computer readable storage medium
CN111600844A (en) * 2020-04-17 2020-08-28 丝链(常州)控股有限公司 Identity distribution and authentication method based on zero-knowledge proof
CN113346997A (en) * 2021-08-05 2021-09-03 北京紫光青藤微系统有限公司 Method and device for communication of Internet of things equipment, Internet of things equipment and server

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
US7607012B2 (en) * 2003-10-01 2009-10-20 Nokia Corporation Method for securing a communication
CN101710859A (en) * 2009-11-17 2010-05-19 深圳国微技术有限公司 Authentication key agreement method
EP2211496A1 (en) * 2007-11-16 2010-07-28 China Iwncomm Co., Ltd. Key management method
US20100293372A1 (en) * 2006-03-22 2010-11-18 Patrick Fischer Asymmetric cryptography for wireless systems
CN101944216A (en) * 2009-07-07 2011-01-12 财团法人资讯工业策进会 Two-factor online transaction safety authentication method and system
US20150363607A1 (en) * 2014-06-13 2015-12-17 Bicdroid Inc Methods, systems and computer program product for providing encryption on a plurality of devices
CN105516195A (en) * 2016-01-19 2016-04-20 上海众人网络安全技术有限公司 Security authentication system and security authentication method based on application platform login

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7607012B2 (en) * 2003-10-01 2009-10-20 Nokia Corporation Method for securing a communication
US20100293372A1 (en) * 2006-03-22 2010-11-18 Patrick Fischer Asymmetric cryptography for wireless systems
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
EP2211496A1 (en) * 2007-11-16 2010-07-28 China Iwncomm Co., Ltd. Key management method
CN101944216A (en) * 2009-07-07 2011-01-12 财团法人资讯工业策进会 Two-factor online transaction safety authentication method and system
CN101710859A (en) * 2009-11-17 2010-05-19 深圳国微技术有限公司 Authentication key agreement method
US20150363607A1 (en) * 2014-06-13 2015-12-17 Bicdroid Inc Methods, systems and computer program product for providing encryption on a plurality of devices
CN105516195A (en) * 2016-01-19 2016-04-20 上海众人网络安全技术有限公司 Security authentication system and security authentication method based on application platform login

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LI XIN,WU XU-DONG: "CPK Unified Identity Based Secure Remote Access System for Mobile Terminal", 《2012 FIFTH INTERNATIONAL SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE AND DESIGN》 *
汤阳: "防非法登录的验证码技术的设计与实现", 《数字技术与应用》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756343A (en) * 2019-01-31 2019-05-14 平安科技(深圳)有限公司 Authentication method, device, computer equipment and the storage medium of digital signature
CN109756343B (en) * 2019-01-31 2021-07-20 平安科技(深圳)有限公司 Authentication method and device for digital signature, computer equipment and storage medium
CN110120872A (en) * 2019-06-03 2019-08-13 卓尔智联(武汉)研究院有限公司 Interactive logon verifies device, method and computer readable storage medium
CN110120872B (en) * 2019-06-03 2020-02-11 卓尔智联(武汉)研究院有限公司 Interactive login verification device, method and computer readable storage medium
CN111600844A (en) * 2020-04-17 2020-08-28 丝链(常州)控股有限公司 Identity distribution and authentication method based on zero-knowledge proof
CN113346997A (en) * 2021-08-05 2021-09-03 北京紫光青藤微系统有限公司 Method and device for communication of Internet of things equipment, Internet of things equipment and server
CN113346997B (en) * 2021-08-05 2021-11-02 北京紫光青藤微系统有限公司 Method and device for communication of Internet of things equipment, Internet of things equipment and server

Also Published As

Publication number Publication date
CN107995151B (en) 2020-02-21

Similar Documents

Publication Publication Date Title
EP3200487B1 (en) Message processing method and apparatus
CN106789089B (en) The method, apparatus and system and server of management certificate
CN104796385B (en) Terminal binding method, apparatus and system
CN104821937B (en) Token acquisition methods, apparatus and system
CN104836664B (en) A kind of methods, devices and systems executing business processing
CN104580167B (en) A kind of methods, devices and systems transmitting data
CN104468464B (en) verification method, device and system
CN107070909A (en) Method for sending information, message receiving method, apparatus and system
CN105024984B (en) Authority setting method, apparatus and system
WO2017185711A1 (en) Method, apparatus and system for controlling smart device, and storage medium
CN110417543B (en) Data encryption method, device and storage medium
CN104426963B (en) The method and terminal of associated terminal
CN104901805B (en) A kind of identification authentication methods, devices and systems
CN106375478B (en) A kind of synchronous method of mobile terminal data, apparatus and system
CN104376353A (en) Two-dimension code generating method, terminal and server and two-dimension code reading method, terminal and server
CN103345602A (en) Client-side code integrality detection method, device and system
CN108234124A (en) Auth method, device and system
CN104901806B (en) A kind of virtual resource processing method, device and system
CN106331372A (en) Data transmission method and mobile terminal
CN109257336A (en) It is a kind of based on the encrypted message processing method of block chain, terminal device
CN107995151A (en) Login validation method, apparatus and system
CN107145794A (en) A kind of data processing method and device and mobile terminal
WO2016192511A1 (en) Method and apparatus for remotely deleting information
CN109743696A (en) Identifying code encryption method, system and readable storage medium storing program for executing
CN107154935A (en) service request method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant