CN107995151B - Login verification method, device and system - Google Patents

Login verification method, device and system Download PDF

Info

Publication number
CN107995151B
CN107995151B CN201610957367.1A CN201610957367A CN107995151B CN 107995151 B CN107995151 B CN 107995151B CN 201610957367 A CN201610957367 A CN 201610957367A CN 107995151 B CN107995151 B CN 107995151B
Authority
CN
China
Prior art keywords
login
public key
user account
server
management terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610957367.1A
Other languages
Chinese (zh)
Other versions
CN107995151A (en
Inventor
李轶峰
袁丽娜
王亮
郭计伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610957367.1A priority Critical patent/CN107995151B/en
Publication of CN107995151A publication Critical patent/CN107995151A/en
Application granted granted Critical
Publication of CN107995151B publication Critical patent/CN107995151B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a login verification method, device and system, and belongs to the technical field of communication. The method comprises the following steps: the method comprises the steps that a management terminal obtains a first public key corresponding to a user account sent by a server, generates a first login private key according to a first internal parameter and the first public key, generates a verification code according to the first login private key, sends the user account and the verification code to the server, obtains a second public key corresponding to the user account sent by the management terminal, generates a second login private key according to a second internal parameter and the second public key, and performs login verification on the verification code according to the second login private key; wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed; in the communication process of the server and the management terminal, the public key is transmitted instead of directly transmitting the login private key, so that the login private key is not easy to intercept, and the reliability of login verification is improved.

Description

Login verification method, device and system
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a login verification method, a login verification device and a login verification system.
Background
With the advent of the information technology era, internet information storage has become quite popular, but problems such as potential safety hazards have emerged, so that Web (Web page) login security is widely concerned. In order to improve the security of the user when the user logs in the user account in the third-party website, the background server of the third-party website can perform login verification according to the login password input by the user and perform secondary verification according to the dynamic verification code input by the user.
The currently common practice of secondary verification is as follows: when a user inputs a user account and a login password in a third-party website and starts secondary verification, a background server of the third-party website generates a key corresponding to the user account and correspondingly stores the user account and the key; meanwhile, the background server displays the two-dimensional code generated according to the secret key on a third-party website, and the management terminal scans the two-dimensional code to obtain and store the secret key. When the second verification is carried out, the management terminal generates a dynamic verification code according to the stored secret key and the current timestamp, after the user inputs the dynamic verification code in the third-party website, the background server generates the dynamic verification code according to the stored secret key corresponding to the user account and the current timestamp, and when the background server detects that the dynamic verification code input by the user is the same as the generated dynamic verification code, the verification is determined to be passed; and when detecting that the dynamic verification code input by the user is not the same as the generated dynamic verification code, determining that the verification is not passed.
The secret key is displayed on a third-party website in a two-dimensional code form, and the two-dimensional code carrying the secret key is exposed to the internet, so that the secret key is easy to leak, and the dynamic verification code can be forged, so that the reliability of secondary verification is reduced.
Disclosure of Invention
In order to solve the problem that the reliability of secondary verification is reduced due to the fact that a management terminal acquires a secret key from a server and the secret key is easy to leak, the embodiment of the invention provides a login verification method, a login verification device and a login verification system. The technical scheme is as follows:
in a first aspect, a login verification method is provided, and the method includes:
the management terminal acquires a first public key which is sent by the server and corresponds to the user account; generating a first login private key according to the first internal parameter and the first public key; generating a verification code according to the first login private key; sending the user account and the verification code to a server;
the server receives a user account and an authentication code sent by the management terminal; acquiring a second public key corresponding to the user account sent by the management terminal; generating a second login private key according to the second internal parameter and the second public key; performing login verification on the verification code according to the second login private key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
In a second aspect, a login authentication method is provided, where the method is used in a management terminal, and the method includes:
acquiring a first public key which is sent by a server and corresponds to a user account;
generating a first login private key according to the first internal parameter and the first public key;
generating a verification code according to the first login private key;
the server is used for performing login verification on the verification code according to a second login private key corresponding to the user account, and the second login private key is obtained by the server according to a second internal parameter and a second public key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
In a third aspect, a login authentication method is provided, where the method is used in a management terminal, and the method includes:
receiving a user account and a verification code sent by a management terminal, wherein the verification code is obtained by a first login private key generated by the management terminal through a first internal parameter and a first public key;
acquiring a second public key corresponding to the user account sent by the management terminal;
generating a second login private key according to the second internal parameter and the second public key;
performing login verification on the verification code according to the second login private key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
In a fourth aspect, there is provided a login authentication apparatus for use in a management terminal, the apparatus comprising:
the acquisition module is used for acquiring a first public key which is sent by the server and corresponds to the user account;
the first generation module is used for generating a first login private key according to the first internal parameter and the first public key;
the second generation module is used for generating a verification code according to the first login private key;
the verification code sending module is used for sending the user account number and the verification code to the server, the server is used for performing login verification on the verification code according to a second login private key corresponding to the user account number, and the second login private key is obtained by the server according to a second internal parameter and a second public key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
In a fifth aspect, there is provided a login authentication apparatus, which is used in a server, the apparatus including:
the receiving module is used for receiving a user account and a verification code sent by the management terminal, wherein the verification code is obtained by a first login private key generated by the management terminal through a first internal parameter and a first public key;
the acquisition module is used for acquiring a second public key which is sent by the management terminal and corresponds to the user account;
the private key generation module is used for generating a second login private key according to the second internal parameter and the second public key;
the verification module is used for performing login verification on the verification code according to the second login private key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
In a sixth aspect, there is provided a login authentication system, the system comprising: a management terminal and a server;
the management terminal comprises the login authentication device provided in the fourth aspect;
the server comprises a login authentication device as provided in the fifth aspect above.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the management terminal and the server exchange public keys mutually, the server and the management terminal generate a login private key required for login verification of a user account according to the confidential internal parameters and the received public key respectively, the server and the management terminal transmit the public key in the communication process and do not directly transmit the login private key, so the login private key is not easy to intercept, and meanwhile, even if the public key is intercepted in the transmission process, because the server and the management terminal generate the login private key according to the public key, the two internal parameters used by the server and the management terminal are confidential, the possibility of obtaining the login private key according to cracking of the public key is low, therefore, the reliability of login verification is improved, and the safety of the user account is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1A is a schematic illustration of an implementation environment to which various embodiments of the invention relate;
FIG. 1B is a schematic illustration of another implementation environment to which various embodiments of the invention pertain;
FIG. 2 is a flow chart of a login authentication method according to an exemplary embodiment of the present invention;
FIG. 3 is a flowchart illustrating a login authentication method according to an exemplary embodiment of the present invention;
FIG. 4 is an interaction diagram illustrating a login authentication method according to an exemplary embodiment of the present invention;
FIG. 5 is a flow chart of a login authentication method according to another exemplary embodiment of the present invention;
FIG. 6 is a flow chart of a login authentication method according to another exemplary embodiment of the present invention;
fig. 7 is a block diagram of a login authentication device according to another exemplary embodiment of the present invention;
fig. 8 is a block diagram of a login authentication device according to another exemplary embodiment of the present invention;
fig. 9 is a schematic structural diagram of a management terminal according to another exemplary embodiment of the present invention;
fig. 10 is a schematic structural diagram of another exemplary server according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1A is a schematic diagram of an implementation environment in accordance with various embodiments of the invention, which may include: a management terminal 120 and a server 140.
An application program runs in the management terminal 120, for example, a web application program runs in a browser of the management terminal 120, and a user can log in a user account in the application program. The management terminal 120 is configured to manage a login private key used when performing login authentication on a user account logged in an application program. The management terminal 120 may manage login private keys used by a plurality of different user accounts, where the plurality of user accounts may be user accounts in the same application program or user accounts in different application programs. In general, a management client for managing the login private key of the user account is operated in the management terminal 120, and the management client manages the login private key.
Alternatively, the management terminal 120 is an electronic device such as a mobile phone, a tablet computer, an e-book reader, an MP3 player (Moving Picture Experts Group Audio Layer III, motion Picture Experts Group Audio Layer IV), an MP4 player, a desktop computer, and a portable computer.
The management terminal 120 may establish a communication connection with the server 140 through a wireless network or a wired network.
The server 140 is a server for providing login authentication service for the user account in the management terminal 120, and the server 140 may be one server, a server cluster composed of several servers, or a cloud computing service center.
In actual implementation, there may be one or more management terminals 120 connected to the server 140, and fig. 1A illustrates an example in which only one management terminal 120 is connected to the server 140.
It should be noted that fig. 1A illustrates that the user account is logged in the management terminal 120 as an example, but in actual implementation, the user terminal where the user account is located may also be different from the management terminal 120, for example, the user account is logged in a web application of a desktop computer, and the management terminal is a mobile phone. The user terminal 160 is also included in the above implementation environment, which may be as shown in fig. 1B.
FIG. 2 is a flow diagram illustrating a login authentication method in accordance with an exemplary embodiment. This embodiment is illustrated by applying the method to the implementation environment shown in fig. 1A or fig. 1B. The method may comprise the steps of:
step 201, the management terminal randomly generates a first internal parameter.
The first internal parameter is a parameter that is not disclosed to other terminals than the management terminal, and the first internal parameter is typically an integer.
Step 202, the management terminal generates a second public key according to the first internal parameter and the predetermined public parameter according to a predetermined algorithm.
The predetermined public parameter is a parameter which is pre-defined by the server and the management terminal and can be acquired, and the predetermined public parameter is generally a randomly generated integer.
Optionally, the predetermined algorithm is DH (english: Diffie-Hellman) key exchange algorithm, and the management terminal calculates K when generating the second public keya=gamod n, where KaIs a second public key, a is a first internal parameter, g and n are both predetermined public parameters, in general, n is a prime number, and g is an original root of n.
Step 203, the management terminal sends the second public key to the server.
Optionally, the management terminal sends the user account and the second public key to the server.
And when the terminal where the user account is located is a management terminal, the management terminal directly sends the second public key to the server.
When the user terminal where the user account is located is different from the management terminal, the management terminal acquires the user account from the user terminal and directly sends the user account and the second public key to the server; or the management terminal sends the second public key to the user terminal, and the user terminal forwards the user account and the second public key to the server.
Step 204, the server randomly generates a second internal parameter.
The second internal parameter is a parameter that is not disclosed to other terminals than the server, and the second internal parameter is typically an integer.
In step 205, the server generates a first public key according to a predetermined algorithm based on the second internal parameter and a predetermined public parameter.
The meaning of the predetermined algorithm and the predetermined public parameter in this step is the same as that of the predetermined algorithm and the predetermined public parameter in the above step 202, and the server calculates K when generating the first public keyb=gbmod n, where KbIs a first public key, b is a second internal parameter, and g and n are both predetermined public parameters.
In step 206, the server sends the first public key to the management terminal.
And when the terminal where the user account is located is the management terminal, the server directly returns the first public key to the management terminal after receiving the second public key sent by the management terminal.
When the user terminal where the user account is located is different from the management terminal, if the server receives a second public key sent by the management terminal, the server directly returns the first public key to the management terminal; and if the server receives the second public key sent by the user terminal, the server returns the first public key to the user terminal, and the user terminal forwards the first public key to the management terminal. In practical implementation, the user terminal may also display the first public key, and the management terminal obtains the first public key by receiving the input first public key, or the user terminal displays a graphic code carrying the first public key, and the management terminal obtains the first public key by scanning the graphic code.
Step 207, the management terminal obtains the first public key corresponding to the user account sent by the server.
Optionally, the management terminal receives the first public key sent by the server, or acquires the first public key sent by the server from the user terminal where the user account is located. In general, in step 203, the management terminal sends the user account and the second public key to the server, and the first public key received by the management terminal is the first public key corresponding to the user account.
And step 208, the management terminal generates a first login private key according to the first internal parameter and the first public key.
The management terminal generates a login private key from the first internal parameter and the first public key according to a predetermined algorithm, which is the same as the predetermined algorithm in step 202, and calculates the first login private key K1 ═ Kb amod n。
And step 209, the management terminal generates a verification code according to the first login private key.
Optionally, the management terminal generates the verification code according to the first login private key and the current time according to a predetermined encryption algorithm. Optionally, the predetermined encryption Algorithm is a hash Algorithm, an MD5 Algorithm (Message Digest Algorithm MD5, fifth edition of Message Digest Algorithm), a UUID (universal Unique Identifier) Algorithm, and the like.
Step 210, the management terminal sends the user account and the verification code to the server.
When the terminal where the user account is located is a management terminal, the management terminal directly sends the user account and the verification code to the server.
When the user terminal where the user account is located is different from the management terminal, the management terminal sends the verification code to the user terminal, and the user terminal forwards the user account and the verification code to the server; in actual implementation, the management terminal may also display the verification code, and the user inputs the verification code into the user terminal.
In step 211, the server receives the user account and the verification code sent by the management terminal.
In step 212, the server obtains a second public key corresponding to the user account sent by the management terminal.
After the step 203, after receiving the second public key and the user account sent by the management terminal, the server temporarily stores the corresponding relationship between the second public key and the user account, and after receiving the user account and the verification code sent by the management terminal, the server queries the second public key corresponding to the user account from the temporarily stored corresponding relationship.
In step 213, the server generates a second login private key according to the second internal parameter and the second public key.
ServiceThe server generates a second login private key according to a predetermined algorithm, which is the same as the predetermined algorithm in step 202, based on the second internal parameter and the second public key, and calculates a second login private key K2 ═ K when the server generates the second login private keya bmod n。
And step 214, the server performs login verification on the verification code according to the second login private key.
Optionally, the server generates the verification code according to a predetermined encryption algorithm based on the second login private key and the current time, where the predetermined encryption algorithm is the same as the predetermined encryption algorithm used by the management terminal in step 209. According to the rule of the modular operation, the first login private key K1 (K) calculated by the management terminal is Kb amod n=(gbmod n)amod n=(gb)amod n; and K2K calculated by the servera bmod n=(gamod n)bmod n=(ga)bmod n, so K1 is K2, and therefore the first login private key computed by the management terminal and the second login private key computed by the server should actually be the same. Therefore, when the verification code received by the server is the same as the generated verification code, the verification is determined to be passed; and when the verification code received by the server is not identical to the generated verification code, determining that the verification is not passed.
In summary, according to the login verification method provided by the embodiment of the present invention, the management terminal and the server exchange public keys with each other, and the management terminal and the server generate a login private key required for login verification of the user account according to the confidential internal parameters and the received public key, and since the server and the management terminal transmit the public key in the communication process and do not directly transmit the login private key, the login private key is not easily intercepted, and meanwhile, even if the public key is intercepted in the transmission process, because both the server and the management terminal generate the login private key according to the public key, both the two internal parameters are confidential, and the possibility of obtaining the login private key according to the decryption of the public key is low, thereby improving the reliability of login verification and improving the security of the user account.
In the above embodiment, when a hacker intercepts the firstWhen the public key, the second public key and the predetermined public parameter, that is, K is intercepteda、KbG and n, if a hacker wants to forge the login private key, it must be based on Ka、KbG and n determine a first internal parameter a and a second internal parameter b, e.g. according to KaG and n are determined as a, and then a and K are usedbThe first login private key is determined and for the prime number n, the discrete logarithm is less likely to be computed, and thus the hacker is less likely to determine a. Optionally, in order to further reduce the possibility of calculating the discrete logarithm of the prime number n, so as to further improve the safety, in an embodiment of the present invention, the first internal parameter is greater than the first threshold, the second internal parameter is greater than the second threshold, and both the first threshold and the second threshold are larger empirical values.
In an exemplary example, as shown in fig. 3, a user terminal where a user account is located is taken as a computer, and a management terminal is taken as a mobile phone used by a user. When a user logs in a website by using a user account and an account password in a computer and requests to start secondary verification, the computer sends information such as the user account, the account password, a website identifier and the like to a server, requests an identification code of the user account, and the server returns the identification code to the computer. The computer displays a two-dimensional code containing an identification code on a website page, a user scans the two-dimensional code by using a mobile phone to obtain the identification code and sends a second public key and the identification code to the server, the server returns a first public key to the mobile phone when receiving the second public key and the identification code, the mobile phone generates a first login private key according to the first public key and first internal parameters, generates a verification code according to the first login private key and the current moment, and displays the verification code.
The user inputs the verification code displayed on the mobile phone into the computer, the computer sends the identification code and the verification code of the user account to the server, the server acquires a second public key corresponding to the verification code, generates a second login private key according to the second public key and second internal parameters, and uses the second login private key to perform login verification on the verification code. An interaction diagram of the server, the user terminal where the user account is located, and the management terminal may also be shown in fig. 4.
Optionally, after the management terminal receives the first public key corresponding to the user account sent by the server, that is, after step 207, the management terminal may further store the corresponding relationship between the user account and the first public key; then, when the management terminal needs to obtain the first public key corresponding to the user account again, step 207 may be implemented as: the management terminal determines the first public key corresponding to the user account by inquiring the corresponding relation between the user account and the first public key, and the management terminal can directly acquire the first public key from the corresponding relation without receiving the first public key sent by the server again.
Or, after the management terminal generates the first login private key according to the received first public key, that is, after the step 208, the management terminal may further store the corresponding relationship between the user account and the first login private key; then when the management terminal needs to generate the verification code, the above steps 207 and 208 can be implemented instead as: the management terminal determines the first login private key corresponding to the user account by inquiring the corresponding relation between the user account and the first login private key, and the management terminal can directly obtain the first login private key from the corresponding relation without receiving the first public key sent by the server again or generating the first login private key again.
In both possible implementations, the step 204 and 206 are optional.
Optionally, after the server receives the second public key corresponding to the user account sent by the management terminal, that is, after step 212, the server may further store the corresponding relationship between the user account and the second public key; then, when the server needs to obtain the second public key corresponding to the user account again, the step 212 may be implemented as: the server determines the second public key corresponding to the user account by inquiring the corresponding relationship between the user account and the second public key, and the server can directly acquire the second public key from the corresponding relationship without receiving the second public key sent by the management terminal again.
Or, when the server generates the second login private key according to the received second public key, that is, after step 213, the server may further store the corresponding relationship between the user account and the second login private key; when the management terminal needs to generate the verification code, the above steps 212 and 213 can be implemented as: the server determines a second login private key corresponding to the user account by inquiring the corresponding relationship between the user account and the second login private key, and the server can directly obtain the second login private key from the corresponding relationship without receiving the second public key sent by the management terminal again or generating the second login private key again.
In both possible implementations, the above steps 201-203 are optional.
Optionally, in another optional embodiment based on the foregoing embodiment, the following step is further included after the step 214, as shown in fig. 5:
step 501, when the server determines that the login verification result is invalid, deleting the corresponding relation between the user account and the second public key; or deleting the corresponding relation between the user account and the second login private key.
Specifically, when the server stores the corresponding relationship between the user account and the second public key and the server determines that the login verification result is invalid, the server deletes the corresponding relationship between the user account and the second public key. And when the corresponding relation between the user account and the second login private key is stored in the server and the login verification result is determined to be failed by the server, deleting the corresponding relation between the user account and the second login private key by the server.
Optionally, when the result of the verification code login verification corresponding to the user account is failed for the first time, it indicates that an error occurs in the process of generating the second login private key, the server deletes the corresponding relationship, and re-executes the above steps 201 and 214 to generate the second login private key for login verification.
Optionally, when the authentication code corresponding to the user account is logged in by the server for the first time and the subsequent login authentication result is not passed, the server may not delete the corresponding relationship at this time because the received authentication code is not sent by the management terminal but sent by other illegally logged-in terminals.
Step 502, after the server performs login verification on the verification code, the server sends a verification result to the management terminal.
Step 502 and step 501 have no particular precedence order and are typically performed simultaneously.
Step 503, the management terminal receives the verification result sent by the server after login verification is performed on the verification code.
Step 504, when the management terminal determines that the verification result is used for indicating that the verification fails, the management terminal deletes the corresponding relation between the user account and the first public key; or deleting the corresponding relation between the user account and the first login private key.
Specifically, when the management terminal stores the corresponding relationship between the user account and the first public key and the management terminal determines that the verification result is used for indicating that the verification is failed, the management terminal deletes the corresponding relationship between the user account and the first public key. And when the corresponding relation between the user account and the first login private key is stored in the management terminal and the verification result is determined to indicate that the verification is failed, the management terminal deletes the corresponding relation between the user account and the first login private key.
Optionally, since different application programs may generally log in using the same user account, in order to distinguish user accounts in different application programs, in each of the above embodiments, the user account may be identified by a unique identification code corresponding to the user account, and in other optional embodiments, the method further includes the following steps, as shown in fig. 6:
step 601, the server receives a user account and an application program identifier sent by the management terminal.
The application program identifier is an identifier of an application program where a user account is located, when a user needs to log in a user account in a certain application program and inputs the user account and an account password in the application program, the management terminal sends the user account and the account password to the server, so that the server can perform first login verification on the account password. In addition, the user can also select to start the function of performing secondary login verification on the user account, or the application program defaults to start the function on all logged-in user accounts, and then the management terminal sends the application program identifier to the server in addition to the user account and the account password, so that the server performs secondary login verification on the user account of the application program.
The application identifier is used for uniquely identifying an application, and optionally, the application identifier is a package name of the application.
When the user terminal where the user account is located is different from the management terminal, the step can be realized that the server receives the user account and the application program identifier sent by the user terminal.
Step 602, the server generates an identification code according to the application program identifier and the user account.
Optionally, after receiving the application identifier, the user account, and the account password sent by the management terminal, the server performs first login verification according to the received user account and the received account password, which is not repeated herein for the method for performing first login verification on the server in this embodiment. When the first login verification passes, the server generates an identification code according to the application program identification and the user account; when the first login verification fails, the server may return an error response to the application program, and no further steps are performed.
Optionally, when the server generates the identification code corresponding to the user account, both the application program identifier and the user account are used as parameters, and the identification code corresponding to the user account in the application program is generated according to a predetermined encryption algorithm, and the identification code corresponding to the user account is used for uniquely identifying one user account in the application program. The identification codes corresponding to different user accounts are different, and the identification codes corresponding to the same user account in different application programs are also different. Optionally, the identification code is a series of serial numbers. The meaning of the predetermined encryption algorithm may refer to step 209, which is not described in detail in this embodiment.
After the server generates the identification code, the server may store the corresponding relationship between the application program identifier, the user account, and the identification code.
Step 603, the server sends the identification code to the management terminal.
Optionally, the server directly sends the identification code to the management terminal; and/or the server generates a graphic code according to the identification code and a predetermined graphic code generation rule, wherein the graphic code carries the identification code, the server sends the graphic code to the management terminal, and the management terminal obtains the identification code carried in the graphic code by analyzing the graphic code. The graphic code may be a two-dimensional code or other graphic codes capable of carrying data information, and the meaning of the graphic code and the graphic code generation rule are not described in detail in this embodiment.
After acquiring the identification code, the management terminal can temporarily store the identification code, or temporarily store the corresponding relationship between the user account and the identification code.
When the user terminal where the application program is located is different from the management terminal, the server may send the identification code to the user terminal, and the user terminal displays the identification code or displays a graphic code containing the identification code, so that the management terminal receives the identification code input by the user, or obtains the identification code by scanning the graphic code.
When the user terminal where the user account is located is different from the management terminal, the step can be realized in such a way that the server sends the identification code to the user terminal.
Step 604, the management terminal obtains an identification code corresponding to the user account.
When the terminal where the user account is located is a management terminal, the step is realized that the management terminal receives the identification code sent by the server.
When the user terminal where the application program is located is different from the management terminal, the step is realized in such a way that the management terminal acquires the identification code from the user terminal, and in practical implementation, the management terminal generally acquires the identification code corresponding to the user account by scanning a two-dimensional code displayed in the user terminal.
Step 605, the management terminal stores the corresponding relationship between the user account and the identification code.
Optionally, when the management terminal determines that the verification result is used to indicate that the verification passes, the management terminal stores the corresponding relationship between the user account and the identification code, and when the management terminal needs to send the verification code corresponding to the user account to the service later, the management terminal can directly send the identification code and the verification code of the user account without acquiring the identification code again.
In this embodiment, the management terminal sends the identification code and the second public key, and sends the identification code and the verification code to the server, and the management terminal stores the correspondence between the identification code and the first public key or the first login private key, and the server stores the correspondence between the identification code and the second public key or the second login private key.
It should be noted that, when the user terminal where the user account is located is different from the management terminal, the server may also send an authentication result to the user terminal after login authentication is performed, and the user terminal stores the corresponding relationship between the user account and the identification code when determining that the authentication result is used to indicate that authentication is passed.
Referring to fig. 7, a schematic structural diagram of a login authentication device according to an embodiment of the present invention is shown. The apparatus can be implemented as a management terminal in the implementation environment shown in fig. 1A or fig. 1B by software, hardware or a combination of both. The device includes:
an obtaining module 710, configured to perform step 207.
A first generating module 720, configured to perform the step 208.
A second generating module 730, configured to execute the step 209.
The verification code sending module 740 is configured to perform the step 210.
Optionally, the apparatus further comprises:
the storage module is used for storing the corresponding relation between the user account and the first public key; or storing the corresponding relation between the user account and the first login private key.
Optionally, the apparatus further comprises:
a receiving module, configured to perform step 503.
A deleting module, configured to perform step 504.
Optionally, the apparatus further comprises:
a third generating module, configured to execute step 201.
A fourth generating module, configured to execute the step 202.
A public key sending module, configured to execute step 203.
In summary, in the login verification apparatus provided in the embodiments of the present invention, the management terminal and the server exchange public keys with each other, and each of the management terminal and the server generates a login private key required for login verification of the user account according to the confidential internal parameters and the received public key.
Referring to fig. 8, a schematic structural diagram of a login authentication device according to an embodiment of the present invention is shown. The apparatus may be implemented as a server in the implementation environment shown in FIG. 1A or FIG. 1B by software, hardware, or a combination of both. The device includes:
a receiving module 810, configured to perform step 211.
An obtaining module 820, configured to perform the step 212.
Private key generation module 830 is configured to execute step 213.
A verification module 840 for performing the step 214.
Optionally, the apparatus further comprises:
the storage module is used for storing the corresponding relation between the user account and the second public key; or storing the corresponding relation between the user account and the second login private key.
Optionally, the apparatus further comprises:
and a deleting module, configured to execute step 501.
Optionally, the apparatus further comprises:
and a parameter generating module, configured to execute step 204.
A public key generating module, configured to execute step 205.
A sending module, configured to execute the step 206.
In summary, in the login verification apparatus provided in the embodiments of the present invention, the management terminal and the server exchange public keys with each other, and each of the management terminal and the server generates a login private key required for login verification of the user account according to the confidential internal parameters and the received public key.
Referring to fig. 9, a block diagram of a management terminal according to some embodiments of the present invention is shown. The terminal 900 is configured to implement the login authentication method provided in the above-described embodiment. Terminal 900 in the present invention may include one or more of the following components: a processor for executing computer program instructions to perform the various processes and methods, Random Access Memory (RAM) and Read Only Memory (ROM) for information and storing program instructions, memory for storing data and information, I/O devices, interfaces, antennas, and the like. Specifically, the method comprises the following steps:
the terminal 900 may include RF (Radio Frequency) circuit 910, memory 920, input unit 930, display unit 940, sensor 950, audio circuit 960, WiFi (wireless fidelity) module 970, processor 980, power supply 982, camera 9100, and the like. Those skilled in the art will appreciate that the terminal structure shown in fig. 9 does not constitute a limitation of the terminal, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The various components of terminal 900 are described in detail below with reference to fig. 9:
the RF circuit 910 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for receiving downlink information of a base station and then processing the received downlink information to the processor 980; in addition, the data for designing uplink is transmitted to the base station. Typically, the RF circuit includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, the RF circuit 910 may also communicate with networks and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for mobile communications), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), email, SMS (Short Messaging Service), and the like.
The memory 920 may be used to store software programs and modules, and the processor 980 may execute various functional applications and data processing of the terminal 900 by operating the software programs and modules stored in the memory 920. The memory 920 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal 900, and the like. Further, the memory 920 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 930 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the terminal 900. Specifically, the input unit 930 may include a touch panel 931 and other input devices 932. The touch panel 931, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 931 (e.g., a user's operation on or near the touch panel 931 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a preset program. Alternatively, the touch panel 931 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 980, and can receive and execute commands sent by the processor 980. In addition, the touch panel 931 may be implemented by various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 930 may include other input devices 932 in addition to the touch panel 931. In particular, other input devices 932 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 940 may be used to display information input by the user or information provided to the user and various menus of the terminal 900. The display unit 940 may include a display panel 941, and optionally, the display panel 941 may be configured in the form of an LCD (Liquid crystal display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch panel 931 may cover the display panel 941, and when the touch panel 931 detects a touch operation on or near the touch panel 931, the touch panel transmits the touch operation to the processor 980 to determine the type of the touch event, and then the processor 980 provides a corresponding visual output on the display panel 941 according to the type of the touch event. Although in fig. 9, the touch panel 931 and the display panel 941 are implemented as two independent components to implement the input and output functions of the terminal 900, in some embodiments, the touch panel 931 and the display panel 941 may be integrated to implement the input and output functions of the terminal 900.
The terminal 900 can also include at least one sensor 950, such as a gyroscope sensor, a magnetic induction sensor, an optical sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 941 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 941 and/or a backlight when the terminal 900 is moved to the ear. As one type of motion sensor, the acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the terminal posture (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, tapping), and the like; as for other sensors such as barometer, hygrometer, thermometer, infrared sensor, etc. that can be configured in the terminal 900, they will not be described herein.
Audio circuitry 960, speaker 961, microphone 962 may provide an audio interface between a user and terminal 900. The audio circuit 960 may transmit the electrical signal converted from the received audio data to the speaker 961, and convert the electrical signal into a sound signal for output by the speaker 961; on the other hand, the microphone 962 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the audio circuit 960, and outputs the audio data to the processor 980 for processing, and then transmits the audio data to another terminal via the RF circuit 910, or outputs the audio data to the memory 920 for further processing.
WiFi belongs to a short-distance wireless transmission technology, and the terminal 900 can help a user send and receive e-mails, browse webpages, access streaming media and the like through the WiFi module 970, which provides the user with wireless broadband internet access. Although fig. 9 shows WiFi module 970, it is understood that it does not belong to the essential constituents of terminal 900, and can be omitted entirely as needed within the scope of not changing the essence of the disclosure.
The processor 980 is a control center of the terminal 900, connects various parts of the entire terminal using various interfaces and lines, and performs various functions of the terminal 900 and processes data by running or executing software programs and/or modules stored in the memory 920 and calling data stored in the memory 920, thereby integrally monitoring the terminal. Alternatively, processor 980 may include one or more processing units; preferably, the processor 980 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 980.
Terminal 900 can also include a power supply 982 (e.g., a battery) for powering the various components, which can be logically coupled to processor 982 via a power management system that provides management of charging, discharging, and power consumption.
The camera 9100 generally consists of a lens, an image sensor, an interface, a digital signal processor, a CPU, a display screen, and the like. The lens is fixed above the image sensor, and the focusing can be changed by manually adjusting the lens; the image sensor is equivalent to the 'film' of a traditional camera and is the heart of a camera for acquiring images; the interface is used for connecting the camera with the terminal mainboard in a flat cable, board-to-board connector and spring connection mode, and sending the acquired image to the memory 920; the digital signal processor processes the acquired image through a mathematical operation, converts the acquired analog image into a digital image, and transmits the digital image to the memory 920 through an interface.
Although not shown, the terminal 900 may further include a bluetooth module or the like, which is not described in detail herein.
Referring to fig. 10, a structural framework diagram of a server according to an embodiment of the present invention is shown. Specifically, the method comprises the following steps: the server 1000 includes a Central Processing Unit (CPU)1001, a system memory 1004 including a random access memory (RAI)1002 and a read only memory (ROI)1003, and a system bus 1005 connecting the system memory 1004 and the central processing unit 1001. The server 1000 also includes a basic input/output system (I/O system) 1006, which facilitates the transfer of information between devices within the computer, and a mass storage device 1007, which stores an operating system 1013, application programs 1014, and other program modules 1015.
The basic input/output system 1006 includes a display 1008 for displaying information and an input device 1009, such as a mouse, keyboard, etc., for user input of information. Wherein the display 1008 and input device 1009 are connected to the central processing unit 1001 through an input-output controller 1010 connected to the system bus 1005. The basic input/output system 1006 may also include an input/output controller 1010 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, the input-output controller 1010 also provides output to a display screen, a printer, or other type of output device.
The mass storage device 1007 is connected to the central processing unit 1001 through a mass storage controller (not shown) connected to the system bus 1005. The mass storage device 1007 and its associated computer-readable media provide non-volatile storage for the server 1000. That is, the mass storage device 1007 may include a computer-readable medium (not shown) such as a hard disk or a CD-ROI drive.
Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAI, ROI, EPROI, eepri, flash or other solid state storage technologies, CD-ROI, DVD or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 1004 and mass storage device 1007 described above may be collectively referred to as memory.
The server 1000 may also operate as a remote computer connected to a network via a network, such as the internet, in accordance with various embodiments of the present invention. That is, the server 1000 may be connected to the network 1012 through the network interface unit 1011 connected to the system bus 1005, or the network interface unit 1011 may be used to connect to another type of network or a remote computer system (not shown).
The memory also includes one or more programs, the one or more programs are stored in the memory, and the one or more programs include a login authentication method for performing the login authentication method provided by the embodiment of the invention.
It should be noted that: in the login authentication device provided in the above embodiment, only the division of the above functional modules is taken as an example for login authentication, and in practical applications, the above function allocation may be completed by different functional modules as needed, that is, the internal structure of the management terminal or the server is divided into different functional modules to complete all or part of the above described functions. In addition, the embodiments of the login verification method and the login verification apparatus provided in the above embodiments belong to the same concept, and specific implementation processes thereof are described in the embodiments of the methods for details, and are not described herein again.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (24)

1. A login authentication method, the method comprising:
the management terminal acquires a first public key which is sent by the server and corresponds to the user account; generating a first login private key according to the first internal parameter and the first public key; generating a verification code according to the first login private key; sending the user account and the verification code to the server;
the server receives the user account and the verification code sent by the management terminal; acquiring a second public key which is sent by the management terminal and corresponds to the user account; generating a second login private key according to a second internal parameter and the second public key; performing login verification on the verification code according to the second login private key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
2. The method of claim 1, further comprising:
the management terminal randomly generates the first internal parameter;
the management terminal generates the second public key according to the first internal parameter and a preset public parameter according to a preset algorithm;
and the management terminal sends the second public key to the server.
3. The method of claim 1, further comprising:
the server randomly generates the second internal parameters;
the server generates the first public key according to a preset algorithm according to the second internal parameter and a preset public parameter;
and the server sends the first public key to the management terminal.
4. A login verification method is used in a management terminal, and comprises the following steps:
acquiring a first public key which is sent by a server and corresponds to a user account;
generating a first login private key according to the first internal parameter and the first public key;
generating a verification code according to the first login private key;
the user account and the verification code are sent to the server, the server is used for performing login verification on the verification code according to a second login private key corresponding to the user account, and the second login private key is obtained by the server according to a second internal parameter and a second public key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
5. The method of claim 4, wherein after obtaining the first public key corresponding to the user account sent by the server, further comprising:
storing the corresponding relation between the user account and the first public key; or storing the corresponding relation between the user account and the first login private key.
6. The method of claim 4, further comprising:
receiving a verification result sent by the server after login verification is carried out on the verification code;
when the verification result is determined to be used for indicating that the verification is not passed, deleting the corresponding relation between the user account and the first public key; or deleting the corresponding relation between the user account and the first login private key.
7. The method according to any one of claims 4 to 6, further comprising:
randomly generating the first internal parameter;
generating the second public key according to a preset algorithm according to the first internal parameter and a preset public parameter;
and sending the second public key to the server, wherein the server is used for generating the second login private key according to the second public key and a second internal parameter.
8. A login authentication method, wherein the method is used in a server, and the method comprises:
receiving a user account and a verification code sent by a management terminal, wherein the verification code is obtained by a first login private key generated by the management terminal through a first internal parameter and a first public key;
acquiring a second public key which is sent by the management terminal and corresponds to the user account;
generating a second login private key according to a second internal parameter and the second public key;
performing login verification on the verification code according to the second login private key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
9. The method of claim 8, wherein after obtaining the second public key corresponding to the user account sent by the management terminal, the method further comprises:
storing the corresponding relation between the user account and the second public key; or storing the corresponding relation between the user account and the second login private key.
10. The method of claim 8, further comprising:
when the login verification result is determined to be failed, deleting the corresponding relation between the user account and the second public key; or deleting the corresponding relation between the user account and the second login private key.
11. The method according to any one of claims 8 to 10, further comprising:
randomly generating the second internal parameters;
generating the first public key according to a predetermined algorithm according to the second internal parameter and a predetermined public parameter;
and sending the first public key to the management terminal, wherein the management terminal is used for generating the first login private key according to a first internal parameter and the first public key.
12. A login authentication apparatus, wherein the apparatus is used in a management terminal, the apparatus comprising:
the acquisition module is used for acquiring a first public key which is sent by the server and corresponds to the user account;
the first generation module is used for generating a first login private key according to a first internal parameter and the first public key;
the second generation module is used for generating a verification code according to the first login private key;
the verification code sending module is used for sending the user account and the verification code to the server, the server is used for performing login verification on the verification code according to a second login private key corresponding to the user account, and the second login private key is obtained by the server according to a second internal parameter and a second public key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
13. The apparatus of claim 12, further comprising:
the storage module is used for storing the corresponding relation between the user account and the first public key; or storing the corresponding relation between the user account and the first login private key.
14. The apparatus of claim 12, further comprising:
the receiving module is used for receiving a verification result sent by the server after login verification is carried out on the verification code;
the deleting module is used for deleting the corresponding relation between the user account and the first public key when the verification result is determined to indicate that the verification is not passed; or deleting the corresponding relation between the user account and the first login private key.
15. The apparatus of any one of claims 12 to 14, further comprising:
a third generation module, configured to randomly generate the first internal parameter;
a fourth generating module, configured to generate the second public key according to a predetermined algorithm and according to the first internal parameter and a predetermined public parameter;
and the public key sending module is used for sending the second public key to the server, and the server is used for generating the second login private key according to the second public key and a second internal parameter.
16. A login authentication apparatus, wherein the apparatus is used in a server, the apparatus comprising:
the system comprises a receiving module, a verification module and a verification module, wherein the receiving module is used for receiving a user account and a verification code sent by a management terminal, and the verification code is obtained by a first login private key generated by the management terminal through a first internal parameter and a first public key;
the acquisition module is used for acquiring a second public key which is sent by the management terminal and corresponds to the user account;
the private key generation module is used for generating a second login private key according to a second internal parameter and the second public key;
the verification module is used for performing login verification on the verification code according to the second login private key;
wherein the first internal parameter and the second internal parameter are parameters that are not externally disclosed.
17. The apparatus of claim 16, further comprising:
the storage module is used for storing the corresponding relation between the user account and the second public key; or storing the corresponding relation between the user account and the second login private key.
18. The apparatus of claim 16, further comprising:
the deleting module is used for deleting the corresponding relation between the user account and the second public key when the login verification result is determined to be failed; or deleting the corresponding relation between the user account and the second login private key.
19. The apparatus of any one of claims 16 to 18, further comprising:
the parameter generation module is used for randomly generating the second internal parameters;
the public key generating module is used for generating the first public key according to the second internal parameter and the preset public parameter according to a preset algorithm;
and the sending module is used for sending the first public key to the management terminal, and the management terminal is used for generating the first login private key according to the first internal parameter and the first public key.
20. A login verification system, the system comprising: a management terminal and a server;
the management terminal comprises a login authentication device according to any one of claims 12 to 15;
the server comprising a login authentication device according to any one of the claims 16 to 19.
21. A computer-readable storage medium storing one or more programs which are executed by a processor to implement the login authentication method according to any one of claims 4 to 7.
22. A computer-readable storage medium storing one or more programs which are executed by a central processing unit to implement the login authentication method according to any one of claims 8 to 11.
23. A management terminal, comprising a processor and a memory, wherein the memory stores one or more programs, and the one or more programs are executed by the processor to implement the login authentication method according to any one of claims 4 to 7.
24. A server, comprising a central processing unit and a memory, wherein the memory stores one or more programs, and wherein the one or more programs are executed by the central processing unit to implement the login authentication method according to any one of claims 8 to 11.
CN201610957367.1A 2016-10-27 2016-10-27 Login verification method, device and system Active CN107995151B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610957367.1A CN107995151B (en) 2016-10-27 2016-10-27 Login verification method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610957367.1A CN107995151B (en) 2016-10-27 2016-10-27 Login verification method, device and system

Publications (2)

Publication Number Publication Date
CN107995151A CN107995151A (en) 2018-05-04
CN107995151B true CN107995151B (en) 2020-02-21

Family

ID=62028585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610957367.1A Active CN107995151B (en) 2016-10-27 2016-10-27 Login verification method, device and system

Country Status (1)

Country Link
CN (1) CN107995151B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756343B (en) * 2019-01-31 2021-07-20 平安科技(深圳)有限公司 Authentication method and device for digital signature, computer equipment and storage medium
CN110120872B (en) * 2019-06-03 2020-02-11 卓尔智联(武汉)研究院有限公司 Interactive login verification device, method and computer readable storage medium
CN111600844A (en) * 2020-04-17 2020-08-28 丝链(常州)控股有限公司 Identity distribution and authentication method based on zero-knowledge proof
CN113346997B (en) * 2021-08-05 2021-11-02 北京紫光青藤微系统有限公司 Method and device for communication of Internet of things equipment, Internet of things equipment and server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7607012B2 (en) * 2003-10-01 2009-10-20 Nokia Corporation Method for securing a communication
CN101710859A (en) * 2009-11-17 2010-05-19 深圳国微技术有限公司 Authentication key agreement method
EP2211496A1 (en) * 2007-11-16 2010-07-28 China Iwncomm Co., Ltd. Key management method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1997269A4 (en) * 2006-03-22 2014-01-08 Lg Electronics Inc Asymmetric cryptography for wireless systems
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
CN101944216A (en) * 2009-07-07 2011-01-12 财团法人资讯工业策进会 Two-factor online transaction safety authentication method and system
US9576149B2 (en) * 2014-06-13 2017-02-21 BicDroid Inc. Methods, systems and computer program product for providing verification code recovery and remote authentication
CN105516195B (en) * 2016-01-19 2018-11-06 上海众人网络安全技术有限公司 A kind of security certification system and its authentication method based on application platform login

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7607012B2 (en) * 2003-10-01 2009-10-20 Nokia Corporation Method for securing a communication
EP2211496A1 (en) * 2007-11-16 2010-07-28 China Iwncomm Co., Ltd. Key management method
CN101710859A (en) * 2009-11-17 2010-05-19 深圳国微技术有限公司 Authentication key agreement method

Also Published As

Publication number Publication date
CN107995151A (en) 2018-05-04

Similar Documents

Publication Publication Date Title
US11057376B2 (en) Method, apparatus, and system for controlling intelligent device, and storage medium
CN105933904B (en) Network connection method and device
CN107040609B (en) Network request processing method and device
WO2015090248A1 (en) Server overload protection method and device
US20170316781A1 (en) Remote electronic service requesting and processing method, server, and terminal
WO2015158300A1 (en) Methods and terminals for generating and reading 2d barcode and servers
CN110417543B (en) Data encryption method, device and storage medium
CN111064713B (en) Node control method and related device in distributed system
CN107995151B (en) Login verification method, device and system
CN111478849B (en) Service access method, device and storage medium
CN103345602A (en) Client-side code integrality detection method, device and system
WO2018108123A1 (en) Identity authentication method, device and system
CN105227598B (en) Resource sharing method, device and system based on cloud storage
CN111049980A (en) Application sharing method, electronic equipment and computer readable storage medium
WO2017067369A1 (en) Method and device for encrypting picture, method and device for decrypting picture, and equipment
WO2018108062A1 (en) Method and device for identity verification, and storage medium
WO2016192511A1 (en) Method and apparatus for remotely deleting information
US11582179B2 (en) Information search method, terminal, network device, and system
CN108270764B (en) Application login method, server and mobile terminal
CN106020945B (en) Shortcut item adding method and device
CN109600340B (en) Operation authorization method, device, terminal and server
US20160119695A1 (en) Method, apparatus, and system for sending and playing multimedia information
CN107592289B (en) Password setting method and device
CN111209031B (en) Data acquisition method, device, terminal equipment and storage medium
CN113923005B (en) Method and system for writing data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant