CN107995151A - Login validation method, apparatus and system - Google Patents
Login validation method, apparatus and system Download PDFInfo
- Publication number
- CN107995151A CN107995151A CN201610957367.1A CN201610957367A CN107995151A CN 107995151 A CN107995151 A CN 107995151A CN 201610957367 A CN201610957367 A CN 201610957367A CN 107995151 A CN107995151 A CN 107995151A
- Authority
- CN
- China
- Prior art keywords
- public key
- account number
- server
- user account
- management terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of login validation method, apparatus and system, belong to field of communication technology.This method includes:Management terminal obtains the first public key corresponding with user account number that server is sent, private key is logged according to the first inner parameter and the first public key generation first, private key generation identifying code is logged according to first, user account number and identifying code are sent to server, server obtains the second public key corresponding with user account number that management terminal is sent, private key is logged according to the second inner parameter and the second public key generation second, log in private key according to second carries out login authentication to identifying code;Wherein, the first inner parameter and the second inner parameter are confidential parameters;Since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key, therefore, logs in private key and be not easy to be trapped, improve the reliability of login authentication.
Description
Technical field
The present embodiments relate to field of communication technology, more particularly to a kind of login validation method, apparatus and system.
Background technology
With the arrival in Information technology epoch, storage information in internet is quite popularized, but the problems such as security risk
Also emerge in an endless stream therewith so that Web (webpage) logs in safety by extensive concern.Stepped on to improve user in third party website
Security during user account number is recorded, the background server of third party website according to login password input by user except can be stepped on
Record verification, can also carry out secondary verification according to dynamic verification code input by user.
The way of currently used secondary verification is:When user inputs user account number and login password in third party website
And when opening secondary verification, the background server of third party website can generate the corresponding key of the user's account number, and by user's account
Number corresponding with key storage;Meanwhile background server shows the Quick Response Code generated according to the key on third party website, by pipe
Reason terminal is obtained by scanning the Quick Response Code and stores key.When carrying out secondary verification, management terminal is according to the key of storage
With current time stamp generate dynamic verification code, after user inputs dynamic verification code in third party website, background server according to
The stored corresponding key of the user's account number and current time stamp generation dynamic verification code, when background server detects use
When the dynamic verification code of family input is identical with the dynamic verification code generated, determine to be verified;It is input by user dynamic when detecting
When state identifying code and the dynamic verification code of generation differ, determine that verification does not pass through.
Since key is to be shown in the form of Quick Response Code on third party website, and the Quick Response Code for carrying key is sudden and violent
It is exposed under internet, causes key to be easy to reveal, dynamic verification code may also be forged, therefore, secondary verification
Reliability reduces.
The content of the invention
Key is obtained to solve management terminal from server leakage easily occurs and cause secondary verification reliability to reduce
The problem of, an embodiment of the present invention provides a kind of login validation method, apparatus and system.The technical solution is as follows:
First aspect, there is provided a kind of login validation method, this method include:
Management terminal obtains the first public key corresponding with user account number that server is sent;According to the first inner parameter and
One public key generation first logs in private key;Private key generation identifying code is logged according to first;User account number and identifying code are sent to clothes
Business device;
Server receives the user account number and identifying code that management terminal is sent;Obtain management terminal is sent and user account number
Corresponding second public key;Private key is logged according to the second inner parameter and the second public key generation second;Private key pair is logged according to second
Identifying code carries out login authentication;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
Second aspect, there is provided a kind of login validation method, this method are used in management terminal, and this method includes:
Obtain the first public key corresponding with user account number that server is sent;
Private key is logged according to the first inner parameter and the first public key generation first;
Private key generation identifying code is logged according to first;
User account number and identifying code are sent to server, server is used to log according to corresponding with user account number second
Private key carries out identifying code login authentication, and the second login private key obtains for server according to the second inner parameter and the second public key acquisition
Arrive;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
The third aspect, there is provided a kind of login validation method, this method are used in management terminal, and this method includes:
Receive user account number and identifying code that management terminal is sent, identifying code by management terminal by the first inner parameter and
First login private key of the first public key generation acquires;
Obtain the second public key corresponding with user account number that management terminal is sent;
Private key is logged according to the second inner parameter and the second public key generation second;
Private key is logged according to second, and login authentication is carried out to identifying code;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
Fourth aspect, there is provided a kind of login authentication device, the device are used in management terminal, which includes:
Acquisition module, for obtaining the first public key corresponding with user account number of server transmission;
First generation module, for logging in private key according to the first inner parameter and the first public key generation first;
Second generation module, for logging in private key generation identifying code according to first;
Identifying code sending module, for sending user account number and identifying code to server, server be used for according to with
Family account number corresponding second logs in private key and carries out login authentication to identifying code, and second to log in private key be server according to inside second
Parameter and the second public key acquisition obtain;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
5th aspect, there is provided a kind of login authentication device, the device are used in server, which includes:
Receiving module, for receiving the user account number and identifying code of management terminal transmission, identifying code is passed through by management terminal
First inner parameter and the first login private key of the first public key generation acquire;
Acquisition module, for obtaining the second public key corresponding with user account number of management terminal transmission;
Private key generation module, for logging in private key according to the second inner parameter and the second public key generation second;
Authentication module, login authentication is carried out for logging in private key according to second to identifying code;
Wherein, the first inner parameter and the second inner parameter are confidential parameters.
6th aspect, there is provided a kind of login authentication system, the system include:Management terminal and server;
Management terminal includes the login authentication device provided such as above-mentioned fourth aspect;
Server includes the login authentication device provided in terms of the such as the above-mentioned 5th.
The beneficial effect that technical solution provided in an embodiment of the present invention is brought is:
Public key intercoursed by management terminal and server, both each according to the inner parameter of secrecy and receive
Public key generation carries out user account number login private key required during login authentication, due to server with management terminal in communication process
In, transmission is public key, is not that direct transmission logs in private key, therefore, logs in private key and be not easy to be trapped, meanwhile, even if public
Key is trapped in transmitting procedure, two inside according to used in public key generates login private key due to server and management terminal
Parameter is secrecy, crack to obtain according to public key log in private key possibility it is also smaller, this improves login authentication can
By property, the security of user account number is improved.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for
For those of ordinary skill in the art, without creative efforts, other can also be obtained according to these attached drawings
Attached drawing.
Figure 1A is a kind of schematic diagram for implementation environment that each embodiment of the present invention is related to;
Figure 1B is the schematic diagram for another implementation environment that each embodiment of the present invention is related to;
Fig. 2 is a kind of flow chart for login validation method that the present invention one illustrates;
Fig. 3 is a kind of flow diagram for login validation method that the present invention one illustrates;
Fig. 4 is a kind of interaction schematic diagram for login validation method that the present invention one illustrates;
Fig. 5 is a kind of flow chart of login validation method shown in another exemplary of the present invention;
Fig. 6 is a kind of flow chart of login validation method shown in another exemplary of the present invention;
Fig. 7 is a kind of block diagram of login authentication device shown in another exemplary of the present invention;
Fig. 8 is a kind of block diagram of login authentication device shown in another exemplary of the present invention;
Fig. 9 is a kind of structure diagram of management terminal shown in another exemplary of the present invention;
Figure 10 is a kind of structure diagram of server shown in another exemplary of the present invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Figure 1A is a kind of schematic diagram of implementation environment involved by each embodiment of the present invention, which can wrap
Include:Management terminal 120 and server 140.
Operation has application program in management terminal 120, such as, being run in the browser of management terminal 120 has web application
Program, user can in the application program login user account number.Management terminal 120 is used for the use to logging in the application
Account number used login private key when carrying out login authentication in family is managed.Management terminal 120 can be to multiple and different use
Log in private key used in the account number of family to be managed, the plurality of user account number can be user's account in same application program
Number or different application programs in user account number.Under normal conditions, in management terminal 120 operation be useful for
The management client that the login private key of family account number is managed, is managed by the management client to logging in private key.
Optionally, management terminal 120 is such as mobile phone, tablet computer, E-book reader, MP3 player (Moving
Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio aspect 3), MP4
(Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio aspect 4) is broadcast
Put the electronic equipment of device, desktop computer and portable computer etc.
Management terminal 120 can establish communication link by wireless network mode or cable network mode with server 140
Connect.
The user account number that server 140 is used in management terminal 120 provides the server of login authentication service, service
Device 140 can be a server or the server cluster being made of some servers, or a cloud computing
Service centre.
When actually realizing, the management terminal 120 being connected with server 140 can have one, it is possibility to have multiple, Figure 1A
Only illustrated so that server 140 is connected with a management terminal 120 as an example.
It should be noted that Figure 1A is illustrated exemplified by being logged in user account number in management terminal 120, but in actual reality
Now, the user terminal where user account number can also be different from management terminal 120, such as, should in the webpage of desktop computer
With user account number is logged in program, management terminal is mobile phone.User terminal 160 is then further included in above-mentioned implementation environment, is implemented
Environment can be as shown in Figure 1B.
Fig. 2 is a kind of flow chart of login validation method according to an exemplary embodiment.The present embodiment is with the party
Method is applied to be illustrated in the implementation environment shown in above-mentioned Figure 1A or Figure 1B.This method can include following step
Suddenly:
Step 201, management terminal generates the first inner parameter at random.
First inner parameter is
Integer.
Step 202, management terminal is public according to the first inner parameter and predetermined open parameter generation second according to pre-defined algorithm
Key.
Wherein, make a reservation for the parameter that open parameter is server and management terminal is made an appointment and can be got, make a reservation for
The integer that open parameter is usually randomly generated.
Optionally, pre-defined algorithm is DH (English:Diffie-Hellman) Diffie-Hellman, management terminal is in generation the
During two public keys, K is calculateda=gaMod n, wherein, KaIt is the second public key, a is the first inner parameter, and g and n are predetermined open ginseng
Number, it is generally the case that n is typically prime number, and g is a primitive root of n.
Step 203, management terminal sends the second public key to server.
Optionally, management terminal sends user account number and the second public key to server.
When the terminal where user account number is management terminal, management terminal directly sends the second public key to server.
When the user terminal where user account number is different from management terminal, management terminal obtains user from user terminal
Account number, server is sent directly to by user account number and the second public key;Alternatively, management terminal sends the second public key to user's end
End, is forwarded by user terminal user account number and the second public key being forwarded to server.
Step 204, server generates the second inner parameter at random.
Wherein, the second inner parameter is parameter disclosed in the other-end outside server, the second inner parameter not to be led to
It is often integer.
Step 205, server generates the first public key according to pre-defined algorithm according to the second inner parameter and predetermined open parameter.
The implication of pre-defined algorithm in this step and predetermined open parameter and the pre-defined algorithm in above-mentioned steps 202 and make a reservation for
The implication of open parameter is identical, and server calculates K when generating the first public keyb=gbMod n, wherein, KbIt is the first public key, b
It is the second inner parameter, g and n are predetermined open parameter.
Step 206, server sends the first public key to management terminal.
When the terminal where user account number is management terminal, server receives the second public key of management terminal transmission
Afterwards, the first public key is directly returned into management terminal.
When the user terminal where user account number is different from management terminal, if server receives management terminal transmission
Second public key, then server the first public key is directly returned into management terminal;If server receives the of user terminal transmission
Two public keys, then server the first public key is returned into user terminal, the first public key is forwarded to management terminal by user terminal.
When actually realizing, user terminal can also show the first public key, and management terminal is by receiving the first public key acquisition first inputted
Public key, alternatively, user terminal displays carry the graphic code of the first public key, management terminal obtains the first public affairs by scanning figure shape code
Key.
Step 207, management terminal obtains the first public key corresponding with user account number that server is sent.
Optionally, management terminal receives the first public key that server is sent, alternatively, from the user terminal where user account number
Middle the first public key for obtaining server and sending.Under normal conditions, in above-mentioned steps 203, management terminal sends user to server
Account number and the second public key, then the first public key that management terminal receives are the first public key corresponding with user account number.
Step 208, management terminal logs in private key according to the first inner parameter and the first public key generation first.
Management terminal logs in private key, the pre-defined algorithm according to pre-defined algorithm according to the first inner parameter and the generation of the first public key
Identical with the pre-defined algorithm in step 202, management terminal calculates first and logs in private key K1=Kb a modn。
Step 209, management terminal logs in private key generation identifying code according to first.
Optionally, management terminal logs in private key according to predetermined cryptographic algorithm according to first and current time generates identifying code.
Optionally, predetermined cryptographic algorithm is hash algorithm, MD5 algorithms (calculate by Message Digest AlgorithmMD5, eap-message digest
Method the 5th edition), UUID (Universally Unique Identifier, general unique parsing code) algorithm etc..
Step 210, management terminal sends user account number and identifying code to server.
When the terminal where user account number is management terminal, management terminal directly by user account number and identifying code send to
Server.
When the user terminal where user account number is different from management terminal, management terminal sends identifying code whole to user
End, server is forwarded to by user terminal by user account number and identifying code;When actually realizing, management terminal can also show this
Identifying code, is inputted identifying code in user terminal by user.
Step 211, server receives the user account number and identifying code that management terminal is sent.
Step 212, server obtains the second public key corresponding with user account number that management terminal is sent.
After above-mentioned steps 203, after server receives the second public key and user account number of management terminal transmission, meeting
The correspondence of temporary second public key and user account number, when server receives the user account number and identifying code of management terminal transmission
Afterwards, the second public key corresponding with user account number is inquired about from temporary correspondence.
Step 213, server logs in private key according to the second inner parameter and the second public key generation second.
Server logs in private key according to pre-defined algorithm according to the second inner parameter and the second public key generation second, the predetermined calculation
Method is identical with the pre-defined algorithm in step 202, and server logs in private key in generation second, calculates second and logs in private key K2=Ka b
mod n。
Step 214, server logs in private key according to second and carries out login authentication to identifying code.
Optionally, server logs in private key according to predetermined cryptographic algorithm according to second and current time generates identifying code, should
Predetermined cryptographic algorithm is identical with the predetermined cryptographic algorithm that management terminal in step 209 uses.Due to the rule according to modulo operation,
The first login private key K1=K that management terminal is calculatedb aMod n=(gb modn)aMod n=(gb)amod n;And take
The K2=K that business device is calculateda bMod n=(ga mod n)bModn=(ga)bMod n, so, K1=K2, therefore, pipe
It should be actually identical that the first login private key that reason terminal is calculated logs in private key with server is calculated second.Institute
When the identifying code that server receives is identical with the identifying code generated, to determine to be verified;When what server received tests
When card code and the identifying code of generation differ, determine that verification does not pass through.
In conclusion login validation method provided in an embodiment of the present invention, management terminal intercourses public key with server,
Both are required when each carrying out login authentication to user account number according to the inner parameter of secrecy and the public key received generation to step on
Private key is recorded, since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key,
Therefore, private key is logged in be not easy to be trapped, meanwhile, even if public key is trapped in transmitting procedure, since server and management are whole
End two inner parameters according to used in public key generates login private key are secrecy, are cracked to obtain login private key according to public key
Possibility it is also smaller, this improves the reliability of login authentication, improve the security of user account number.
In the above-described embodiments, when hacker is truncated to the first public key, the second public key and predetermined open parameter, that is,
It is truncated to Ka、Kb, g and n when, if hacker want forge log in private key, must be according to Ka、Kb, g and n determine the first inner parameter
A and the second inner parameter b, such as, it is necessary to according to Ka, g and n determine a, further according to a and KbDetermine the first login private key, and for
Prime number n, calculates that the possibility of its discrete logarithm is smaller, therefore hacker determines that the possibility of a is smaller.Optionally, in order into one
Step reduces the possibility for the discrete logarithm for calculating prime number n, to further improve security, in the embodiment of the present invention first in
Portion's parameter is more than first threshold, and the second inner parameter is more than second threshold, and first threshold and second threshold are larger experience
Value, in addition, the predetermined open parameter in the embodiment of the present disclosure is also all higher than predetermined threshold value, which is also larger experience
Value.
In an exemplary example, as shown in figure 3, using the user terminal where user account number as computer, management is eventually
Exemplified by holding the mobile phone used for user.When user using user account number and account number cipher Website login and asks to open in computer
During secondary verification, computer sends the information such as user account number, account number cipher and website logo to server, asks the mark of user account number
Know code, server returns to identification code to computer.Computer shows the Quick Response Code for including identification code on Website page, and user uses hand
Machine scans the Quick Response Code and obtains identification code, and the second public key and identification code are sent to server, and server is receiving second
When public key and identification code, the first public key is returned to mobile phone, mobile phone is logged according to the first public key and the first inner parameter generation first
Private key, and private key and current time generation identifying code are logged according to first, show the identifying code.
User inputs the identifying code shown on mobile phone in computer, and computer sends the identification code of user account number and identifying code
To server, server obtains corresponding second public key of identifying code, is stepped on according to the second public key and the second inner parameter generation second
Private key is recorded, login authentication is carried out to identifying code using the second login private key.User terminal where server, user account number with
And the interaction schematic diagram of management terminal can also be as shown in Figure 4.
Optionally, after management terminal receives the first public key corresponding with user account number of server transmission, that is,
After step 207, management terminal can be with user's account number storing and the correspondence of the first public key;Then when management terminal needs again
During secondary acquisition corresponding first public key of user account number, above-mentioned steps 207 can be implemented as:Management terminal is by inquiring about user's account
Number determine the first public key corresponding with user account number with the correspondence of the first public key, management terminal can be directly from correspondence
The first public key of middle acquisition, the first public key without receiving server transmission again.
Alternatively, management terminal according to receive the first public key generation first log in private key after, that is, in above-mentioned steps
After 208, management terminal can log in the correspondence of private key with user's account number storing and first;Then when management terminal needs to give birth to
During into identifying code, above-mentioned steps 207 and step 208 can be implemented as by replacement:Management terminal by inquire about user account number with
The correspondence of first login private key determines that corresponding with user account number first logs in private key, and management terminal can be directly from right
It should be related to that middle acquisition first logs in private key, the first public key without receiving server transmission again, it is not required that secondary again
Private key is logged in into first.
In the possible implementation of above two, above-mentioned steps 204-206 is optional.
Optionally, after server receives the second public key corresponding with user account number of management terminal transmission, that is,
After above-mentioned steps 212, server can be with user's account number storing and the correspondence of the second public key;Then when server needs again
During secondary acquisition corresponding second public key of user account number, above-mentioned steps 212 can be implemented as:Server is by inquiring about user account number
The second public key corresponding with user account number is determined with the correspondence of the second public key, and server can be obtained directly from correspondence
The second public key is taken, the second public key without receiving management terminal transmission again.
Alternatively, server according to receive the second public key generation second log in private key when, that is, in above-mentioned steps
After 213, server can log in the correspondence of private key with user's account number storing and second;Then when management terminal needs to generate
During identifying code, above-mentioned steps 212 and step 213 can be implemented as:Server logs in private by inquiring about user account number and second
The correspondence of key determines that corresponding with user account number second logs in private key, and server can directly obtain the from correspondence
Two log in private key, the second public key without receiving management terminal transmission again, it is not required that generate second again and log in private
Key.
In the possible implementation of above two, above-mentioned steps 201-203 is optional.
Optionally, in based on other of above-described embodiment alternative embodiment, following step is further included after above-mentioned steps 214
Suddenly, as shown in Figure 5:
Step 501, server is obstructed out-of-date in definite login authentication result, deletes pair of user account number and the second public key
It should be related to;Alternatively, deleting user account number and second logs in the correspondence of private key.
Specifically, when the correspondence that user account number and the second public key are stored with server, and server determines to log in
Verification result is obstructed out-of-date, and server deletes the correspondence of user account number and the second public key.When being stored with use in server
Family account number and the second correspondence for logging in private key, and server determines login authentication result to be obstructed out-of-date, server is deleted
The correspondence of user account number and the second login private key.
Optionally, when server is for the first time obstructed out-of-date, table to the corresponding identifying code login authentication result of user account number
Show during the login private key of generation second mistake occur, server deletes correspondence, and re-executes above-mentioned steps
201-214 generations second log in private key and carry out login authentication.
Optionally, when server for the first time to the corresponding identifying code login authentication result of user account number be by when, and after
Continuous login authentication result is obstructed out-of-date, be probably at this time because the identifying code received is not that management terminal is sent, but
What other terminals illegally logged in were sent, then server can not delete correspondence at this time.
Step 502, server sends verification result after login authentication is carried out to identifying code to management terminal.
Step 502 and the no specific sequencing of step 501, and be typically to perform at the same time.
Step 503, management terminal receives server in the verification result for identifying code send after login authentication.
Step 504, management terminal is used to indicate that verification is obstructed out-of-date in definite verification result, deletes user account number and first
The correspondence of public key;Alternatively, deleting user account number and first logs in the correspondence of private key.
Specifically, when the correspondence that user account number and the first public key are stored with management terminal, and management terminal is true
Determine verification result be used for indicate verification it is obstructed out-of-date, management terminal deletion user account number and the first public key correspondence.Work as pipe
User account number and first is stored with reason terminal and logs in the correspondence of private key, and management terminal is used to refer in definite verification result
Show that verification is obstructed out-of-date, management terminal deletes user account number and first and logs in the correspondence of private key.
Optionally, since different application programs can usually be logged in using same user account number, in order to
User account number in different application programs is distinguished, can be corresponding by user account number in above-mentioned each embodiment
Unique identification code is identified user account number, then in other alternative-embodiments, this method further includes following steps, such as
Shown in Fig. 6:
Step 601, server receives user account number and the application program identification that management terminal is sent.
Application program identification is the mark of the application program where user account number, when user is needed in some application program
During one user account number of middle login, when user account number and account number cipher are inputted in the application program, management terminal can be to service
Device sends the user's account number and account number cipher, so that server carries out first time login authentication to account password.In addition,
User is also an option that the function of opening and secondary login authentication is carried out to the user's account number, alternatively, application program acquiescence is to all
The user account number of login opens the function, then management terminal is also sent except sending user account number and account number cipher to server
Application program identification, so that server carries out second of login authentication to the user's account number of the application program.
Wherein, application program identification is used to uniquely identify an application program, and optionally, application program identification is application
The bag name of program.
When the user terminal where user account number is different from management terminal, which can be implemented as server reception
The user account number and application program identification that user terminal is sent.
Step 602, server generates identification code according to application program identification and user account number.
Optionally, server is after the application program identification of management terminal transmission, user account number and account number cipher is received,
First time login authentication is carried out according to the user account number and account number cipher received, the present embodiment carries out server to test for the first time
The method that card logs in does not repeat.When first time login authentication by when, server is according to application program identification and user account number
Generate identification code;When first time login authentication is obstructed out-of-date, server can return to errored response to application program, no longer perform
Subsequent step.
Optionally, server is equal by application program identification and user account number in the corresponding identification code of generation user account number
As parameter, the identification code according to corresponding to predetermined cryptographic algorithm generates the user account number in the application program, user account number pair
The identification code answered is used for a user account number in unique identification application.The corresponding identification code of different user account numbers is not
Together, same user account number is also different in the different corresponding identification codes of application program.Optionally, which is a string sequence
Number.Wherein, the implication of predetermined cryptographic algorithm may be referred to above-mentioned steps 209, and the present embodiment repeats no more this.
Server can store the corresponding pass of application program identification, user account number and identification code after identification code is generated
System.
Step 603, server sends identification code to management terminal.
Optionally, server directly sends identification code to management terminal;And/or server according to the identification code according to
Predetermined graphic code create-rule generation graphic code, carries identification code in the graphic code, server by the graphic code send to
Management terminal, management terminal obtain the identification code carried in graphic code by parsing the graphic code.Wherein, graphic code can be two
Code is tieed up, or other can carry the graphic code of data message, the present embodiment generates rule to the implication and graphic code of graphic code
Do not repeat then.
Management terminal can keep in the identification code after identification code is got, alternatively, temporary user account number and identification code
Correspondence.
When the user terminal where application program is different from management terminal, server can send identification code to use
Family terminal, the user terminal displays identification code or display include the graphic code of the identification code, so that management terminal receives user
The identification code of input, alternatively, getting identification code by scanning figure shape code.
When the user terminal where user account number is different from management terminal, which, which can be implemented as server, to mark
Know code to be sent to the user terminal.
Step 604, management terminal obtains the corresponding identification code of user account number.
When the terminal where user account number is management terminal, which is implemented as management terminal and receives server transmission
Identification code.
When the user terminal where application program is different from management terminal, which is implemented as management terminal from user
Identification code is obtained in terminal, when actually realizing, management terminal is obtained typically by the Quick Response Code shown in scanning user terminal
Take the corresponding identification code of user account number.
Step 605, the correspondence of management terminal user's account number storing and identification code.
Optionally, management terminal is when definite verification result is verified for instruction, user's account number storing and identification code
Correspondence, when management terminal needs to send the corresponding identifying code of user account number to service backward, this can be directly transmitted
The identification code and identifying code of user account number, without obtaining identification code again.
Then in the present embodiment, management terminal sends identification code and the second public key to server, and send identification code with
Identifying code, and management terminal storage identification code and the first public key or the first correspondence for logging in private key, server storage mark
Know the correspondence of code and the second public key or the second login private key.
It should be noted that when the user terminal where user account number is different from management terminal, server is being stepped on
After record verification, verification result can also be sent to user terminal, user terminal is verified in definite verification result for instruction
When, the correspondence of user's account number storing and identification code.
Fig. 7 is refer to, it illustrates the structure diagram of the login authentication device provided in one embodiment of the invention.Should
Device can be whole by the management being implemented in combination with becoming in the implementation environment shown in Figure 1A or Figure 1B of software, hardware or both
End.The device includes:
Acquisition module 710, for performing above-mentioned steps 207.
First generation module 720, for performing above-mentioned steps 208.
Second generation module 730, for performing above-mentioned steps 209.
Identifying code sending module 740, for performing above-mentioned steps 210.
Optionally, which further includes:
Memory module, for user's account number storing and the correspondence of the first public key;Alternatively, user's account number storing and first
Log in the correspondence of private key.
Optionally, which further includes:
Receiving module, for performing above-mentioned steps 503.
Removing module, for performing above-mentioned steps 504.
Optionally, which further includes:
3rd generation module, for performing above-mentioned steps 201.
4th generation module, for performing above-mentioned steps 202.
Public key sending module, for performing above-mentioned steps 203.
In conclusion login authentication device provided in an embodiment of the present invention, management terminal intercourses public key with server,
Both are required when each carrying out login authentication to user account number according to the inner parameter of secrecy and the public key received generation to step on
Private key is recorded, since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key,
Therefore, private key is logged in be not easy to be trapped, meanwhile, even if public key is trapped in transmitting procedure, since server and management are whole
End two inner parameters according to used in public key generates login private key are secrecy, are cracked to obtain login private key according to public key
Possibility it is also smaller, this improves the reliability of login authentication, improve the security of user account number.
Fig. 8 is refer to, it illustrates the structure diagram of the login authentication device provided in one embodiment of the invention.Should
Device can be implemented in combination with as the server in the implementation environment shown in Figure 1A or Figure 1B by software, hardware or both.
The device includes:
Receiving module 810, for performing above-mentioned steps 211.
Acquisition module 820, for performing above-mentioned steps 212.
Private key generation module 830, for performing above-mentioned steps 213.
Authentication module 840, for performing above-mentioned steps 214.
Optionally, which further includes:
Memory module, for user's account number storing and the correspondence of the second public key;Alternatively, user's account number storing and second
Log in the correspondence of private key.
Optionally, which further includes:
Removing module, for performing above-mentioned steps 501.
Optionally, which further includes:
Parameter generation module, for performing above-mentioned steps 204.
Public key generation module, for performing above-mentioned steps 205.
Sending module, for performing above-mentioned steps 206.
In conclusion login authentication device provided in an embodiment of the present invention, management terminal intercourses public key with server,
Both are required when each carrying out login authentication to user account number according to the inner parameter of secrecy and the public key received generation to step on
Private key is recorded, since server and management terminal are in communication process, transmission is public key, is not that direct transmission logs in private key,
Therefore, private key is logged in be not easy to be trapped, meanwhile, even if public key is trapped in transmitting procedure, since server and management are whole
End two inner parameters according to used in public key generates login private key are secrecy, are cracked to obtain login private key according to public key
Possibility it is also smaller, this improves the reliability of login authentication, improve the security of user account number.
Shown in Figure 9, it illustrates the block diagram of the management terminal provided in section Example of the present invention.Should
Terminal 900 is used for the login validation method for implementing above-described embodiment offer.Terminal 900 in the present invention can include one or more
A following part:For performing computer program instructions to complete the processor of various flows and method, for information and
Storage program instruction random access memory (RAM) and read-only storage (ROM), for storing the memory of data and information,
I/O equipment, interface, antenna etc..Specifically:
Terminal 900 can include RF (Radio Frequency, radio frequency) circuit 910, memory 920, input unit 930,
Display unit 940, sensor 950, voicefrequency circuit 960, WiFi (wireless fidelity, Wireless Fidelity) module 970, place
Manage the components such as device 980, power supply 982, camera 9100.It will be understood by those skilled in the art that the terminal structure shown in Fig. 9 is simultaneously
The not restriction of structure paired terminal, can include than illustrating more or fewer components, either combine some components or different
Component is arranged.
Each component parts of terminal 900 is specifically introduced with reference to Fig. 9:
RF circuits 910 can be used for receive and send messages or communication process in, the reception and transmission of signal, especially, by base station
After downlink information receives, handled to processor 980;In addition, the data sending of uplink will be designed to base station.In general, RF circuit bags
Include but be not limited to antenna, at least one amplifier, transceiver, coupler, LNA (Low Noise Amplifier, low noise
Amplifier), duplexer etc..In addition, RF circuits 910 can also be communicated by wireless communication with network and other equipment.The nothing
Line communication can use any communication standard or agreement, include but not limited to GSM (Global System of Mobile
Communication, global system for mobile communications), GPRS (General Packet Radio Service, general packet without
Line service), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband
CodeDivision Multiple Access, wideband code division multiple access), LTE (Long Term Evolution, Long Term Evolution),
Email, SMS (Short Messaging Service, Short Message Service) etc..
Memory 920 can be used for storage software program and module, and processor 980 is stored in memory 920 by operation
Software program and module, so as to perform various function application and the data processing of terminal 900.Memory 920 can be main
Including storing program area and storage data field, wherein, storing program area can storage program area, needed at least one function should
With program (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored uses institute according to terminal 900
Data (such as voice data, phone directory etc.) of establishment etc..In addition, memory 920 can include high-speed random access memory,
It can also include nonvolatile memory, a for example, at least disk memory, flush memory device or other volatile solid-states are deposited
Memory device.
Input unit 930 can be used for the numeral or character information for receiving input, and produce the user setting with terminal 900
And the key signals input that function control is related.Specifically, input unit 930 may include contact panel 931 and other inputs
Equipment 932.Contact panel 931, also referred to as touch-screen, collect user on it or neighbouring touch operation (for example user makes
With the operation of any suitable object such as finger, stylus or annex on contact panel 931 or near contact panel 931), and
Corresponding attachment device is driven according to formula set in advance.Optionally, contact panel 931 may include touch detecting apparatus and touch
Touch two parts of controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect the letter that touch operation is brought
Number, transmit a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and is converted into
Contact coordinate, then processor 980 is given, and the order that processor 980 is sent can be received and performed.Furthermore, it is possible to using
The polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave realize contact panel 931.It is defeated except contact panel 931
Other input equipments 932 can also be included by entering unit 930.Specifically, other input equipments 932 can include but is not limited to physics
One or more in keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operation lever etc..
Display unit 940 is available for the information and terminal 900 for showing by information input by user or being supplied to user
Various menus.Display unit 940 may include display panel 941, optionally, can use LCD (Liquid Crystal
Display, liquid crystal display), the form such as OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) comes
Configure display panel 941.Further, contact panel 931 can cover display panel 941, when contact panel 931 is detected at it
On or near touch operation after, send to processor 980 with determine touch event type, be followed by subsequent processing device 980 according to touch
The type for touching event provides corresponding visual output on display panel 941.Although in fig.9, contact panel 931 and display surface
Plate 941 is the component independent as two to realize the input of terminal 900 and input function, but in certain embodiments, can
That terminal 900 is realized so that contact panel 931 and display panel 941 is integrated outputs and inputs function.
Terminal 900 may also include at least one sensor 950, such as gyro sensor, magnetic induction sensor, light sensing
Device, motion sensor and other sensors.Specifically, optical sensor may include ambient light sensor and proximity sensor, its
In, ambient light sensor can adjust the brightness of display panel 941 according to the light and shade of ambient light, and proximity sensor can be in terminal
900 when being moved in one's ear, closes display panel 941 and/or backlight.As one kind of motion sensor, acceleration transducer can
The size of (generally three axis) acceleration is detected in all directions, size and the direction of gravity are can detect that when static, can be used for
The application (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating) of identification terminal posture, Vibration identification correlation function
(such as pedometer, percussion) etc.;The barometer that can also configure as terminal 900, hygrometer, thermometer, infrared ray sensor etc.
Other sensors, details are not described herein.
Voicefrequency circuit 960, loudspeaker 961, microphone 962 can provide the audio interface between user and terminal 900.Audio
The transformed electric signal of the voice data received can be transferred to loudspeaker 961, sound is converted to by loudspeaker 961 by circuit 960
Sound signal exports;On the other hand, the voice signal of collection is converted to electric signal by microphone 962, after being received by voicefrequency circuit 960
Voice data is converted to, then after voice data output processor 980 is handled, through RF circuits 910 to be sent to such as another end
End, or voice data is exported to memory 920 further to handle.
WiFi belongs to short range wireless transmission technology, and terminal 900 can help user's transceiver electronics by WiFi module 970
Mail, browse webpage and access streaming video etc., it has provided wireless broadband internet to the user and has accessed.Although Fig. 9 is shown
WiFi module 970, but it is understood that, it is simultaneously not belonging to must be configured into for terminal 900, can exist as needed completely
Do not change in the scope of disclosed essence and omit.
Processor 980 is the control centre of terminal 900, utilizes various interfaces and each portion of the whole terminal of connection
Point, by running or performing the software program and/or module that are stored in memory 920, and call and be stored in memory 920
Interior data, perform the various functions and processing data of terminal 900, so as to carry out integral monitoring to terminal.Optionally, processor
980 may include one or more processing units;Preferably, processor 980 can integrate application processor and modem processor,
Wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor mainly handles nothing
Line communicates.It is understood that above-mentioned modem processor can not also be integrated into processor 980.
Terminal 900 further includes the power supply 982 (such as battery) to all parts power supply, it is preferred that power supply can pass through electricity
Management system and processor 982 are logically contiguous, so as to realize management charging, electric discharge and power consumption by power-supply management system
The functions such as management.
Camera 9100 is generally by groups such as camera lens, imaging sensor, interface, digital signal processor, CPU, display screens
Into.Wherein, camera lens is fixed on the top of imaging sensor, can manually adjust camera lens and be focused on to change;Imaging sensor
It is the heart of camera collection image equivalent to " film " of traditional camera;Interface is used for camera using winding displacement, plate to plate
Connector, spring connection mode are connected with terminal mainboard, and the image of collection is sent to the memory 920;Digital signal
Processor is handled the image of collection by mathematical operation, and the analog image of collection is converted to digital picture and by connecing
Mouth is sent to memory 920.
Although being not shown, terminal 900 can also be including bluetooth module etc., and details are not described herein.
0 is please referred to Fig.1, it illustrates the structural framing figure of server provided by one embodiment of the present invention.Specifically:
The server 1000 includes central processing unit (CPU) 1001 including random access memory (RAI) 1002 and read-only storage
The system storage 1004 of device (ROI) 1003, and the system of connection system storage 1004 and central processing unit 1001 are total
Line 1005.The server 1000 further includes the basic input/output of transmission information between each device helped in computer
System (I/O systems) 1006, and the great Rong for storage program area 1013, application program 1010 and other program modules 1010
Measure storage device 1007.
The basic input/output 1006 includes the display 1008 for showing information and is inputted for user
The input equipment 1009 of such as mouse, keyboard etc of information.Wherein described display 1008 and input equipment 1009 all pass through
The input and output controller 1010 for being connected to system bus 1005 is connected to central processing unit 1001.The basic input/defeated
Going out system 1006 can also touch including input and output controller 1010 for receiving and handling from keyboard, mouse or electronics
Control the input of multiple other equipments such as pen.Similarly, input and output controller 1010 also provide output to display screen, printer or
Other kinds of output equipment.
The mass-memory unit 1007 (is not shown by being connected to the bulk memory controller of system bus 1005
Go out) it is connected to central processing unit 1001.The mass-memory unit 1007 and its associated computer-readable medium are
Server 1000 provides non-volatile memories.That is, the mass-memory unit 1007 can include such as hard disk or
The computer-readable medium (not shown) of person's CD-ROI drivers etc.
Without loss of generality, the computer-readable medium can include computer storage media and communication media.Computer
Storage medium is included for information such as storage computer-readable instruction, data structure, program module or other data
The volatile and non-volatile of any method or technique realization, removable and irremovable medium.Computer-readable storage medium includes
RAI, ROI, EPROI, EEPROI, flash memory or other solid-state storages its technologies, CD-ROI, DVD or other optical storages, tape
Box, tape, disk storage or other magnetic storage apparatus.Certainly, skilled person will appreciate that the computer-readable storage medium
It is not limited to above-mentioned several.Above-mentioned system storage 1004 and mass-memory unit 1007 may be collectively referred to as memory.
According to various embodiments of the present invention, the server 1000 can also be arrived by network connections such as internets
Remote computer operation on network.Namely server 1000 can be connect by the network being connected on the system bus 1005
Mouth unit 1011 is connected to network 1012, in other words, can also be connected to using Network Interface Unit 1011 other kinds of
Network or remote computer system (not shown).
The memory further includes one or more than one program, the one or more programs are stored in
In memory, the one or more programs, which include, to be used to carry out the network type side of determining provided in an embodiment of the present invention
Method.
It should be noted that:The login authentication device that above-described embodiment provides is when carrying out login authentication, only with above-mentioned each
The division progress of function module, can be as needed and by above-mentioned function distribution by different work(for example, in practical application
Energy module is completed, i.e., the internal structure of management terminal terminal or server is divided into different function modules, more than completion
The all or part of function of description.In addition, login validation method and login authentication device embodiment that above-described embodiment provides
Belong to same design, its specific implementation process refers to embodiment of the method, and which is not described herein again.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment
To complete, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent replacement, improvement and so on, should all be included in the protection scope of the present invention.
Claims (20)
- A kind of 1. login validation method, it is characterised in that the described method includes:Management terminal obtains the first public key corresponding with user account number that server is sent;According to the first inner parameter and described One public key generation first logs in private key;Private key generation identifying code is logged according to described first;By the user account number and described test Card code is sent to the server;The server receives the user account number and the identifying code that the management terminal is sent;Obtain the management terminal The second public key corresponding with the user account number sent;Logged according to the second inner parameter and second public key generation second Private key;Private key is logged according to described second, and login authentication is carried out to the identifying code;Wherein, first inner parameter and second inner parameter are confidential parameters.
- 2. according to the method described in claim 1, it is characterized in that, the method further includes:The management terminal generates first inner parameter at random;The management terminal is public according to first inner parameter and predetermined open parameter generation described second according to pre-defined algorithm Key;The management terminal sends second public key to the server.
- 3. according to the method described in claim 1, it is characterized in that, the method further includes:The server generates second inner parameter at random;The server generates first public key according to pre-defined algorithm according to second inner parameter and predetermined open parameter;The server sends first public key to the management terminal.
- A kind of 4. login validation method, it is characterised in that the method is used in management terminal, the described method includes:Obtain the first public key corresponding with user account number that server is sent;Private key is logged according to the first inner parameter and first public key generation first;Private key generation identifying code is logged according to described first;The user account number and the identifying code are sent to the server, the server and are used for basis and user's account Number corresponding second, which logs in private key, carries out the identifying code login authentication, described second log in private key for the server according to Second inner parameter and the second public key acquisition obtain;Wherein, first inner parameter and second inner parameter are confidential parameters.
- 5. according to the method described in claim 4, it is characterized in that, described obtain the corresponding with user account number of server transmission After first public key, further include:Store the correspondence of the user account number and first public key;Alternatively, store the user account number and described first Log in the correspondence of private key.
- 6. according to the method described in claim 4, it is characterized in that, the method further includes:The server is received in the verification result for the identifying code send after login authentication;It is used to indicate that verification is obstructed out-of-date in the definite verification result, deletes pair of the user account number and first public key It should be related to;Alternatively, delete the user account number and the described first correspondence for logging in private key.
- 7. according to any method of claim 4 to 6, it is characterised in that the method further includes:First inner parameter is generated at random;Second public key is generated according to first inner parameter and predetermined open parameter according to pre-defined algorithm;Second public key is sent to the server, the server is used to be joined according to second public key and the second inside Number generation described second logs in private key.
- A kind of 8. login validation method, it is characterised in that the method is used in server, the described method includes:User account number and identifying code that management terminal is sent are received, the identifying code is joined by the management terminal by the first inside Number and the first login private key of the first public key generation acquire;Obtain the second public key corresponding with the user account number that the management terminal is sent;Private key is logged according to the second inner parameter and second public key generation second;Private key is logged according to described second, and login authentication is carried out to the identifying code;Wherein, first inner parameter and second inner parameter are confidential parameters.
- 9. according to the method described in claim 8, it is characterized in that, described to obtain the management terminal sending with the user After corresponding second public key of account number, further include:Store the correspondence of the user account number and second public key;Alternatively, store the user account number and described second Log in the correspondence of private key.
- 10. according to the method described in claim 8, it is characterized in that, the method further includes:It is obstructed out-of-date in definite login authentication result, deletes the correspondence of the user account number and second public key;Or Person, deletes the user account number and the described second correspondence for logging in private key.
- 11. according to any method of claim 8 to 10, it is characterised in that the method further includes:Second inner parameter is generated at random;First public key is generated according to second inner parameter and predetermined open parameter according to pre-defined algorithm;First public key is sent to the management terminal, the management terminal is used for according to the first inner parameter and described the One public key generation described first logs in private key.
- 12. a kind of login authentication device, it is characterised in that described device is used in management terminal, and described device includes:Acquisition module, for obtaining the first public key corresponding with user account number of server transmission;First generation module, for logging in private key according to the first inner parameter and first public key generation first;Second generation module, for logging in private key generation identifying code according to described first;Identifying code sending module, for sending the user account number and the identifying code to the server, the server Login authentication is carried out to the identifying code for logging in private key according to corresponding with the user account number second, described second logs in Private key obtains for the server according to the second inner parameter and the second public key acquisition;Wherein, first inner parameter and second inner parameter are confidential parameters.
- 13. device according to claim 12, it is characterised in that described device further includes:Memory module, for storing the correspondence of the user account number and first public key;Alternatively, store user's account Number with described first log in private key correspondence.
- 14. device according to claim 12, it is characterised in that described device further includes:Receiving module, for receiving the server in the verification result for the identifying code send after login authentication;Removing module, for being used to indicate that verification is obstructed out-of-date in the definite verification result, deletes the user account number and institute State the correspondence of the first public key;Alternatively, delete the user account number and the described first correspondence for logging in private key.
- 15. according to any device of claim 12 to 14, it is characterised in that described device further includes:3rd generation module, for generating first inner parameter at random;4th generation module, for according to pre-defined algorithm according to first inner parameter and the generation of predetermined open parameter described the Two public keys;Public key sending module, for sending second public key to the server, the server is used for according to described the Two public keys and the second inner parameter generation described second log in private key.
- 16. a kind of login authentication device, it is characterised in that described device is used in server, and described device includes:Receiving module, for receiving the user account number and identifying code of management terminal transmission, the identifying code is by the management terminal The the first login private key generated by the first inner parameter and the first public key acquires;Acquisition module, the second public key corresponding with the user account number sent for obtaining the management terminal;Private key generation module, for logging in private key according to the second inner parameter and second public key generation second;Authentication module, login authentication is carried out for logging in private key according to described second to the identifying code;Wherein, first inner parameter and second inner parameter are confidential parameters.
- 17. device according to claim 16, it is characterised in that described device further includes:Memory module, for storing the correspondence of the user account number and second public key;Alternatively, store user's account Number with described second log in private key correspondence.
- 18. device according to claim 16, it is characterised in that described device further includes:Removing module, for being obstructed out-of-date in definite login authentication result, deletes the user account number and second public key Correspondence;Alternatively, delete the user account number and the described second correspondence for logging in private key.
- 19. according to any device of claim 16 to 18, it is characterised in that described device further includes:Parameter generation module, for generating second inner parameter at random;Public key generation module, for according to pre-defined algorithm according to second inner parameter and the generation of predetermined open parameter described the One public key;Sending module, for sending first public key to the management terminal, the management terminal is used for according in first Portion's parameter and first public key generation described first log in private key.
- A kind of 20. login authentication system, it is characterised in that the system comprises:Management terminal and server;The management terminal includes the login authentication device as described in the claims 12 to 15 are any;The server includes the login authentication device as described in the claims 16 to 19 are any.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610957367.1A CN107995151B (en) | 2016-10-27 | 2016-10-27 | Login verification method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610957367.1A CN107995151B (en) | 2016-10-27 | 2016-10-27 | Login verification method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107995151A true CN107995151A (en) | 2018-05-04 |
CN107995151B CN107995151B (en) | 2020-02-21 |
Family
ID=62028585
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610957367.1A Active CN107995151B (en) | 2016-10-27 | 2016-10-27 | Login verification method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107995151B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
CN110120872A (en) * | 2019-06-03 | 2019-08-13 | 卓尔智联(武汉)研究院有限公司 | Interactive logon verifies device, method and computer readable storage medium |
CN111600844A (en) * | 2020-04-17 | 2020-08-28 | 丝链(常州)控股有限公司 | Identity distribution and authentication method based on zero-knowledge proof |
CN113346997A (en) * | 2021-08-05 | 2021-09-03 | 北京紫光青藤微系统有限公司 | Method and device for communication of Internet of things equipment, Internet of things equipment and server |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101123501A (en) * | 2006-08-08 | 2008-02-13 | 西安电子科技大学 | A WAPI authentication and secret key negotiation method and system |
US7607012B2 (en) * | 2003-10-01 | 2009-10-20 | Nokia Corporation | Method for securing a communication |
CN101710859A (en) * | 2009-11-17 | 2010-05-19 | 深圳国微技术有限公司 | Authentication key agreement method |
EP2211496A1 (en) * | 2007-11-16 | 2010-07-28 | China Iwncomm Co., Ltd. | Key management method |
US20100293372A1 (en) * | 2006-03-22 | 2010-11-18 | Patrick Fischer | Asymmetric cryptography for wireless systems |
CN101944216A (en) * | 2009-07-07 | 2011-01-12 | 财团法人资讯工业策进会 | Two-factor online transaction safety authentication method and system |
US20150363607A1 (en) * | 2014-06-13 | 2015-12-17 | Bicdroid Inc | Methods, systems and computer program product for providing encryption on a plurality of devices |
CN105516195A (en) * | 2016-01-19 | 2016-04-20 | 上海众人网络安全技术有限公司 | Security authentication system and security authentication method based on application platform login |
-
2016
- 2016-10-27 CN CN201610957367.1A patent/CN107995151B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7607012B2 (en) * | 2003-10-01 | 2009-10-20 | Nokia Corporation | Method for securing a communication |
US20100293372A1 (en) * | 2006-03-22 | 2010-11-18 | Patrick Fischer | Asymmetric cryptography for wireless systems |
CN101123501A (en) * | 2006-08-08 | 2008-02-13 | 西安电子科技大学 | A WAPI authentication and secret key negotiation method and system |
EP2211496A1 (en) * | 2007-11-16 | 2010-07-28 | China Iwncomm Co., Ltd. | Key management method |
CN101944216A (en) * | 2009-07-07 | 2011-01-12 | 财团法人资讯工业策进会 | Two-factor online transaction safety authentication method and system |
CN101710859A (en) * | 2009-11-17 | 2010-05-19 | 深圳国微技术有限公司 | Authentication key agreement method |
US20150363607A1 (en) * | 2014-06-13 | 2015-12-17 | Bicdroid Inc | Methods, systems and computer program product for providing encryption on a plurality of devices |
CN105516195A (en) * | 2016-01-19 | 2016-04-20 | 上海众人网络安全技术有限公司 | Security authentication system and security authentication method based on application platform login |
Non-Patent Citations (2)
Title |
---|
LI XIN,WU XU-DONG: "CPK Unified Identity Based Secure Remote Access System for Mobile Terminal", 《2012 FIFTH INTERNATIONAL SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE AND DESIGN》 * |
汤阳: "防非法登录的验证码技术的设计与实现", 《数字技术与应用》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
CN109756343B (en) * | 2019-01-31 | 2021-07-20 | 平安科技(深圳)有限公司 | Authentication method and device for digital signature, computer equipment and storage medium |
CN110120872A (en) * | 2019-06-03 | 2019-08-13 | 卓尔智联(武汉)研究院有限公司 | Interactive logon verifies device, method and computer readable storage medium |
CN110120872B (en) * | 2019-06-03 | 2020-02-11 | 卓尔智联(武汉)研究院有限公司 | Interactive login verification device, method and computer readable storage medium |
CN111600844A (en) * | 2020-04-17 | 2020-08-28 | 丝链(常州)控股有限公司 | Identity distribution and authentication method based on zero-knowledge proof |
CN113346997A (en) * | 2021-08-05 | 2021-09-03 | 北京紫光青藤微系统有限公司 | Method and device for communication of Internet of things equipment, Internet of things equipment and server |
CN113346997B (en) * | 2021-08-05 | 2021-11-02 | 北京紫光青藤微系统有限公司 | Method and device for communication of Internet of things equipment, Internet of things equipment and server |
Also Published As
Publication number | Publication date |
---|---|
CN107995151B (en) | 2020-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3200487B1 (en) | Message processing method and apparatus | |
CN106789089B (en) | The method, apparatus and system and server of management certificate | |
CN104796385B (en) | Terminal binding method, apparatus and system | |
CN104821937B (en) | Token acquisition methods, apparatus and system | |
CN104836664B (en) | A kind of methods, devices and systems executing business processing | |
CN104580167B (en) | A kind of methods, devices and systems transmitting data | |
CN104468464B (en) | verification method, device and system | |
CN107070909A (en) | Method for sending information, message receiving method, apparatus and system | |
CN105024984B (en) | Authority setting method, apparatus and system | |
WO2017185711A1 (en) | Method, apparatus and system for controlling smart device, and storage medium | |
CN110417543B (en) | Data encryption method, device and storage medium | |
CN104426963B (en) | The method and terminal of associated terminal | |
CN104901805B (en) | A kind of identification authentication methods, devices and systems | |
CN106375478B (en) | A kind of synchronous method of mobile terminal data, apparatus and system | |
CN104376353A (en) | Two-dimension code generating method, terminal and server and two-dimension code reading method, terminal and server | |
CN103345602A (en) | Client-side code integrality detection method, device and system | |
CN108234124A (en) | Auth method, device and system | |
CN104901806B (en) | A kind of virtual resource processing method, device and system | |
CN106331372A (en) | Data transmission method and mobile terminal | |
CN109257336A (en) | It is a kind of based on the encrypted message processing method of block chain, terminal device | |
CN107995151A (en) | Login validation method, apparatus and system | |
CN107145794A (en) | A kind of data processing method and device and mobile terminal | |
WO2016192511A1 (en) | Method and apparatus for remotely deleting information | |
CN109743696A (en) | Identifying code encryption method, system and readable storage medium storing program for executing | |
CN107154935A (en) | service request method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |