CN109347795B - Login verification method, device, system, equipment and medium - Google Patents

Login verification method, device, system, equipment and medium Download PDF

Info

Publication number
CN109347795B
CN109347795B CN201811053188.0A CN201811053188A CN109347795B CN 109347795 B CN109347795 B CN 109347795B CN 201811053188 A CN201811053188 A CN 201811053188A CN 109347795 B CN109347795 B CN 109347795B
Authority
CN
China
Prior art keywords
login
server
client
service module
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811053188.0A
Other languages
Chinese (zh)
Other versions
CN109347795A (en
Inventor
陈勇辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Shiyuan Electronics Thecnology Co Ltd
Guangzhou Shirui Electronics Co Ltd
Original Assignee
Guangzhou Shiyuan Electronics Thecnology Co Ltd
Guangzhou Shirui Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Shiyuan Electronics Thecnology Co Ltd, Guangzhou Shirui Electronics Co Ltd filed Critical Guangzhou Shiyuan Electronics Thecnology Co Ltd
Priority to CN201811053188.0A priority Critical patent/CN109347795B/en
Publication of CN109347795A publication Critical patent/CN109347795A/en
Application granted granted Critical
Publication of CN109347795B publication Critical patent/CN109347795B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

The invention provides a login verification method, a device, a system, equipment and a medium, wherein the method is applied to network equipment between a client terminal and a server, and the network equipment comprises a routing service module; the method comprises the following steps: receiving a login request of a client; the login request carries login information and is forwarded by the routing service module when a route between the routing service module and the server is in an offline mode; encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified; verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client; and if the access token is matched with the access token, controlling the routing service module to send the access token pre-stored corresponding to the client. By implementing the embodiment of the invention, even if the availability of the network between the client terminal and the server is poor, the client can be helped to complete login verification and login safely.

Description

Login verification method, device, system, equipment and medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a login authentication method, device, system, device, and medium.
Background
In some scenarios, due to the network between the client terminal and the server, after the client sends the login request, the server is difficult to complete login verification, so that the client of the client terminal cannot log in the server, and the server cannot provide the client with the required service, thereby causing service interruption.
For example, in a classroom interactive teaching scene, due to the reasons of small network bandwidth, network segment crossing, network disconnection and the like, the usability of a network between a client terminal and a server is poor, after a teacher-type client and a student-type client send login requests, a server is difficult to complete login verification, so that the teacher-type client and the student-type client cannot log in the server, the server cannot provide teaching interactive service for the teacher-type client and the student-type client, and classroom interaction is interrupted.
Disclosure of Invention
In view of this, embodiments of the present invention provide a login authentication method, device, system, device, and medium to solve the problem that a client cannot log in a server due to a network between a client terminal and a server.
According to a first aspect of the present invention, a login authentication method is provided, which is applied to a network device between a client terminal and a server, wherein the network device comprises a routing service module; the method comprises the following steps:
receiving a login request of a client; the login request carries login information and is forwarded by the routing service module when a route between the routing service module and the server is in an offline mode;
encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified;
verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client;
and if the access token is matched with the access token, controlling the routing service module to send the access token pre-stored corresponding to the client.
In one embodiment, the encryption algorithm comprises an MD5 encryption algorithm.
In one embodiment, encrypting the login information by using a predetermined encryption algorithm to generate a ciphertext to be verified includes:
obtaining an access token prestored corresponding to the client;
forming information to be encrypted by the acquired access token and the login information;
and encrypting the information to be encrypted by adopting the MD5 encryption algorithm to generate the ciphertext to be verified.
In one embodiment, the information to be encrypted is composed of the obtained access token, the login information and the random number by adopting a mixing mode of adding salt and the random number.
In one embodiment, the login information includes a login account and a login password encrypted according to the encryption algorithm.
In one embodiment, the method further comprises the steps of:
confirming whether a network between the routing service module and the server is available;
if the network is available and the ciphertext to be checked is not matched with the reference ciphertext, controlling the routing service module to send the login request to the server;
receiving an access token and a reference ciphertext returned after the server successfully verifies the login information; the reference ciphertext is a result of encrypting the login information according to the encryption algorithm;
controlling the routing service module to send the received access token to the client, and replacing the access token and the reference ciphertext which are originally prestored corresponding to the client with the received access token and the reference ciphertext;
and if the network is unavailable and the ciphertext to be checked is not matched with the reference ciphertext, controlling the routing service module to send a prompt that the login information is wrong or the login information before modification is input to the client.
In one embodiment, if the network is available and the ciphertext to be checked is matched with the reference ciphertext, before controlling the routing service module to send the access token pre-stored corresponding to the client, the method further includes the following steps:
controlling the routing service module to send a request for judging whether the access token is valid to the server;
receiving a judgment result returned by the server;
if the judgment result shows that the access token is valid, executing a step of controlling the routing service module to send the access token prestored corresponding to the client;
and if the judgment result shows that the login request is invalid, executing a step of controlling the routing service module to send the login request to the server.
In one embodiment, before controlling the routing service module to send the login information to the server, the method further includes the following steps:
controlling the routing service module to send a request for judging whether the access token is valid to the server;
receiving a judgment result returned by the server;
if the judgment result shows that the login information is valid, controlling the routing service module to send a prompt for inputting correct login information to the client;
and if the judgment result shows that the login request is invalid, executing a step of controlling the routing service module to send the login request to the server.
In one embodiment, the method comprises the steps of:
receiving an access token and a reference ciphertext returned by the server after the login information is successfully verified in response to the login request; the login request responded by the server is directly sent to the server by the routing service module when the route between the server and the routing service module is in a non-offline mode;
and storing the received access token and the reference ciphertext corresponding to the client.
According to a second aspect of the present invention, there is provided a login authentication apparatus for a network device between a client terminal and a server, the network device comprising a routing service module; the device comprises:
the request receiving module is used for receiving a login request of a client; the login request carries login information and is forwarded by the routing service module when a route between the routing service module and the server is in an offline mode;
the information encryption module is used for encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified;
the information verification module is used for verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client;
and the token sending module is used for controlling the routing service module to send the access token prestored corresponding to the client when the ciphertext to be verified is matched with the reference ciphertext.
According to a third aspect of the present invention, there is provided a network device for connecting a client terminal and a server, comprising a routing service module, the network device further comprising:
a processor;
a memory storing processor-executable instructions;
wherein the processor is coupled to the memory for reading program instructions stored by the memory and, in response, performing operations in the method as described above.
According to a fourth aspect of the invention, there is provided one or more machine-readable storage media having instructions stored thereon which, when executed by one or more processors, perform operations in a method as described above.
When the embodiment provided by the invention is implemented, after a login request sent by a routing service module when a route between the routing service module and a server is in an off-line mode is received, the login information is encrypted by adopting a preset encryption algorithm to generate a ciphertext to be verified; and verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client side, and sending a corresponding pre-stored access token to the client side when the ciphertext to be verified is matched with the reference ciphertext pre-stored corresponding to the client side. When the routing between the network equipment and the server is in an offline mode due to network reasons or other reasons, the network equipment with the service providing function and the routing function can continue to provide offline login verification service for the client, and after login information is successfully verified offline, an access token is returned to the client. Therefore, even if the usability of the network between the client terminal and the server is poor, the method and the system can help the client to complete safe login verification and login, and further effectively reduce the occurrence rate of service interruption.
Drawings
FIG. 1 is a schematic diagram of a network environment shown in an exemplary embodiment of the invention;
FIG. 2 is a schematic diagram illustrating a login authentication method in accordance with an illustrative embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a login authentication method in accordance with another exemplary embodiment of the present invention;
FIG. 4 is a schematic diagram of a network environment shown in another exemplary embodiment of the present invention;
FIG. 5 is an interaction diagram illustrating a login authentication method in accordance with an exemplary embodiment of the present invention;
fig. 6 is a block diagram illustrating a login authentication apparatus according to an exemplary embodiment of the present invention;
fig. 7 is a hardware configuration diagram of a network device according to an exemplary embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Under intelligent teaching, enterprise meeting or other scenes involving interaction of a client and a server, when faults such as small network bandwidth, network segment crossing, network disconnection and the like occur between the client terminal and the server, the usability of the network between the client terminal and the server is easy to be poor, if the client sends a login request under the condition, the server is difficult to complete login verification, the client cannot log in the server, the server cannot provide corresponding service for the client, and further service interruption is caused. The designer of the scheme of the invention provides a login verification method in order to solve the problem that a client cannot log in a server when the usability of a network between a client terminal and the server is poor, the method can be applied to network equipment between the client terminal and the server, and the network equipment comprises a routing service module; the login request of the client forwarded by the routing service module when the route between the routing service module and the server is in an off-line mode can be received; encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified; verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client; and if the access token is matched with the access token, controlling the routing service module to send the access token pre-stored corresponding to the client.
According to the login authentication method, through the network equipment with both the service providing function and the routing function, when the routing between the network equipment and the server is in an offline mode due to network reasons or other reasons, the offline login authentication service can be continuously provided for the client, and after login information is successfully verified offline, an access token is returned to the client. Therefore, even if the usability of the network between the client terminal and the server is poor, the method and the system can help the client to complete safe login verification and login, and further effectively reduce the occurrence rate of service interruption. The following first introduces a network environment that can implement login authentication in the present case:
fig. 1 is a network environment according to an embodiment of the present invention, and as shown in fig. 1, the network environment may be a device in a system for implementing login authentication according to the present invention, and the system may include a network device 130 and a server 140, where the network device 130 and the server 140 are connected through a network, and the network may be a wired or wireless network.
The network device 130 has both a service providing function and a routing function, and the specific services provided by the network device include login authentication service and other application services, which can be determined by specific application scenarios, for example, an intelligent teaching scenario, and the application services provided by the network device are teaching services.
The network device 130 provides the login authentication service and the education service for the client under the condition that the routing between the network device and the server 140 is not available physically or disabled logically (in an offline mode), and a routing service module and a first service terminal are installed in the network device.
The routing service module may send the client's request to the first service while the route with the server 140 is in an offline mode. When the request of the client is a login request, the first server can receive the login request of the client; encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified; verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client; and if the access token is matched with the access token, controlling the routing service module to send the access token pre-stored corresponding to the client.
When the request of the client is an application service request, the request is generally sent after the client successfully logs in, and the first server can respond to the application service request, make corresponding application service processing and return application service data.
First, it should be noted that, after the login information of the client is successfully verified in advance for the server 140 corresponding to the reference ciphertext pre-stored by the client, the login information is encrypted by using the encryption algorithm to obtain a result, the server 140 sends the encryption result and the access token to the routing service module, the routing service module sends the access token to the client, and the encryption result and the access token are sent to the first service for storage. The specific storage may be performed in response to a login account or ID of the client.
It should also be noted that in some cases, the offline mode may be determined by a physical failure of the network. Such as: when the network between the network device 130 and the server 140 is in a disconnected state (disconnected network) or in a weak network state (e.g., network bandwidth is small), the routing with the server 140 is in an offline mode.
In other cases, the offline mode may be determined by a logical reason. Such as: the manual switching by the user results in the network being disabled, in which case the network between the network device 130 and the server 140 is available after receiving the offline mode request of the user, but the route with the server 140 is in the offline mode when the offline mode request is disabled, the offline mode request may be sent by the user through a client, and the client sent here may be a client with management function, such as a teacher-type client in an intelligent teaching scenario. In other cases, the routing with the server 140 may be in the offline mode for other reasons, which is not limited by the embodiment of the present invention.
In addition to the above offline mode, the embodiment of the present invention may also predefine a non-offline mode or a networking mode, where the non-offline mode or the networking mode refers to: routing between the routing service module and the server 140 is physically available and logically not disabled.
When the route between the routing service module and the server 140 is in a non-offline mode or a networking mode, or is not in an offline mode, the routing service module may directly send a login request of the client to the server 140, the server 140 verifies whether login information in the login request matches login information pre-stored in the corresponding client, if so, an access token pre-stored in the corresponding client is returned to the routing service module, and the routing service module forwards the access token to the client, so that the client successfully logs in and sends an application service request.
In one example, after successfully verifying the login information, the server 140 provides the login verification service to the client in the offline mode in order to facilitate the first server in the network device 130. The encryption algorithm can be used for encrypting the login information to obtain a reference ciphertext, the reference ciphertext and the access token are sent to the routing service module, the routing service module sends the access token to the client, and the reference ciphertext and the access token are sent to the first service end to be stored. The specific storage may be performed in response to a login account or ID of the client. In other examples, the first server may also request the server 140 to synchronize the reference ciphertext and the access token through the routing service module. In other examples, in order to provide the login authentication service for the client in the offline mode, other implementation manners may also be adopted, and the embodiment of the present invention is not limited thereto.
In order to implement the above function, the network device 130 according to the embodiment of the present invention connects one end to the client device 110 (which may also be referred to as a client terminal/user terminal) in the local area network, and connects the other end to the server 140 through the network. The client device may be at least one of a smartphone, a laptop, a desktop, a tablet, a Personal Digital Assistant (PDA), a smart interactive tablet, and the like.
In some examples, network device 130 is an intelligent router. In other examples, the network device 130 may also be other devices having both a service providing function and a routing function, which is not limited in this embodiment of the present invention.
In order to implement the above functions, the server 140 according to the embodiment of the present invention may be composed of one server or multiple servers, and is equipped with an application program for providing support for the network device 130 and the client device connected to the network device 130, and establishing a network connection channel; a service program (a second service end) for providing service for the client in the client device is also installed; other applications may also be provided, such as a commercially available hypertext transfer protocol (HTTP) server application, or a secure socket layer hypertext transfer protocol (HTTPs) server application.
In some examples, the second server in the server 140 provides login authentication, login, data synchronization and other application services for the client through a cloud service, and the first server in the network device 130 provides login authentication, login and other application services for the client through a micro cloud service.
Aiming at the process of providing login verification for the client in the network environment shown in fig. 1, the embodiment of the invention provides the following solution to solve the problem that the client cannot log in the server due to the network reason between the client terminal and the server.
Referring to fig. 2, fig. 2 is a flowchart illustrating a login authentication method according to an exemplary embodiment of the present invention, where the embodiment may be applied to a network device between a client terminal and a server, the network device includes a routing service module, and the method may include the following steps S201 to S204:
step S201, receiving a login request of a client; the login request carries login information, and the route service module forwards the login request when the route between the route service module and the server is in an offline mode.
Step S202, a preset encryption algorithm is adopted to encrypt the login information, and a ciphertext to be verified is generated.
And S203, verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client.
And step S204, if the access token is matched with the access token, controlling the routing service module to send the access token pre-stored corresponding to the client.
Technical features related to the embodiment of the present invention, such as a network device, a login request, an offline mode, a client, a routing service module, and the like, may refer to the description of the embodiment related to fig. 1, and are not described herein again.
The login information included in the received login request may include, for example, a login account and a login password. In another example, to prevent the login password from leaking, a login account and an encrypted login password may be included. The encryption algorithm for encrypting the login password may be the same as the encryption algorithm for encrypting the login information.
In order to secure the security of the login password and the reference ciphertext stored by the first server, the client may perform irreversible encryption using the MD5 encryption algorithm when encrypting the login password in the login request or encrypting the login information by the server 140 shown in fig. 1. Correspondingly, after receiving the login request of the client, the first service end may encrypt the login information carried in the login request by using an MD5 encryption algorithm to generate a ciphertext to be verified.
If the process of the server 140 transmitting data to the network device 130 is safe enough, in order to facilitate a first service end in the network device 130, a login verification service is provided for the client in an offline mode, the server 140 may also directly send an access token and unencrypted login information to a routing service module in the network device 130, the routing service module forwards the access token and unencrypted login information to the first service end, the first service end encrypts the received login information by using the encryption algorithm, generates a reference ciphertext, and stores the access token and the reference ciphertext corresponding to the client. The encryption algorithm employed here may also be the MD5 encryption algorithm.
When the MD5 encryption algorithm is used for encryption, only the login information may be encrypted, in one example. In another example, the encryption of the login information may also be implemented by:
obtaining an access token prestored corresponding to the client;
forming information to be encrypted by the acquired access token and the login information;
and encrypting the information to be encrypted by adopting the MD5 encryption algorithm to generate the ciphertext to be verified.
When the obtained access token and the login information form information to be encrypted, the information to be encrypted can be realized in a plurality of ways, which are described as follows:
in a first mode, the access token may constitute the information to be encrypted together with all the characters contained in the login information. In an example, when the obtained access token and the login information are combined to form information to be encrypted, the login information and the access token may be directly sequenced in a certain order to form a new character string, so as to form the information to be encrypted. The order mentioned here may be the order of access token + login information, or the order of login information + access token.
In the second mode, the access token and all characters of the login information can form information to be encrypted, and part of characters in the login information form another information to be encrypted. In one example, when the login information includes a login account and a login password, the access token, the login account and the login password constitute information to be encrypted, and the login account constitutes another information to be encrypted. In another example, when the login information includes a login account and an encrypted login password, the access token, the login account and the encrypted login password constitute information to be encrypted, and the login account constitutes another information to be encrypted.
And in the third mode, the access token and part of characters of the login information can form information to be encrypted, and the rest characters of the login information form another information to be encrypted. In one example, when the login information includes a login account and a login password, the access token and the login password constitute information to be encrypted, and the login account constitutes another information to be encrypted. In another example, when the login information includes a login account and an encrypted login password, the access token and the encrypted login password constitute information to be encrypted, and the login account constitutes another information to be encrypted.
And in the fourth mode, the access token can also form different types of information to be encrypted with characters of different parts of the login information respectively. In one example, when the login information includes a login account and a login password, the access token and the login account form information to be encrypted, and the access token and the login password form another information to be encrypted.
In a fifth mode, in order to further improve the reliability of encryption, a mode of adding salt and mixing random numbers may be adopted, the obtained access token, the login information and the random numbers form the information to be encrypted, and then the information to be encrypted is encrypted by adopting an MD5 encryption algorithm. The corresponding encryption formula is MD5(password + username + token + salt), where salt represents a random number, token represents an access token, username represents a login account, and password represents a login password or an encrypted login password.
In addition, the above modes can be combined to form different information to be encrypted.
The following describes a process of encrypting login information by using an MD5 encryption algorithm in combination with specific examples:
in this example, the storage area of the first server stores the login information and the access token corresponding to the client according to the field id, the username, the password, and the token. Wherein id represents the client number, and the corresponding storage can be Arabic numerals; the username represents a login account of the client, and correspondingly stored is MD5(username), which represents an MD5 encryption result of the login account, wherein the login account is information to be encrypted; password represents the login password of the client, and correspondingly stores MD5(username + MD5(password) + token), represents a string consisting of the MD5 encryption result of the login account and the login password and the access token, and represents an MD5 encryption result, and the string consisting of the MD5 encryption result of the login account and the login password and the access token is another piece of information to be encrypted; token represents the access token required by the client to access the server and may be a 32-bit character string.
For example, when the login account is chenyonghui, the login password is 123456, and the access token is 41cbbb77e382a1573ff5150508164e14, the server 140 encrypts the login information according to the following target program to obtain the content (reference ciphertext) stored by the username and password in a corresponding manner:
MD5(username):
MD5(chenyonghui)=a4a4981f39c84226ad57ed3764042c8a;
MD5(password):
MD5(123456)= e10adc3949ba59abbe56e057f20f883e;
MD5(username+MD5(password)+token):
MD5(chenyonghuie10adc3949ba59abbe56e057f20f883e41cbbb77e382a1573ff5150508164e14)= 5c7724917eaf32d42ff31094b8b06a04;
in practical applications, after receiving the login request or the login information update request sent by the routing service module, the server 140 may encrypt the login information after successful verification according to the target program to generate a reference ciphertext, and send the reference ciphertext and the access token to the routing service module of the network device 130, where the routing service module forwards the access token and the reference ciphertext to the first service end, and the content (reference ciphertext) that the first service end finally stores corresponding to the client ID is as follows:
username corresponds to a4a4981f39c84226ad57ed3764042c8 a;
password corresponds to 5c7724917eaf32d42ff31094b8b06a 04;
token corresponds to 41cbbb77e382a1573ff5150508164e 14.
If the routing service module receives the access token and the reference ciphertext after sending the login request, the routing service module needs to send the access token to the client.
In addition, the first service end can also encrypt the login information or the information to be encrypted generated in any one of the above manners by adopting the target program to generate a ciphertext to be checked, and then verify whether the ciphertext to be checked is matched with the reference ciphertext stored by the corresponding client.
In the verification process, if the ciphertext to be verified is consistent with the reference ciphertext, the ciphertext to be verified is matched with the reference ciphertext, under the condition, the login verification can be determined to be successful, and the routing service module is controlled to send the access token to the client to complete the login of the client. If the cipher text to be checked is not consistent with the reference cipher text, the cipher text to be checked is not matched with the reference cipher text, under the condition, the login failure can be determined, and the routing module is controlled to send a notification of the login failure to the client side or input a prompt of correct login information. When controlling the routing service module, the routing service module may send an access token whose destination address is the client to the routing service module, or may adopt another method.
However, in some cases, the first server verifies that the ciphertext to be verified matches the reference ciphertext, and does not access the server or the first server through the access token on behalf of the client. For example, the user modifies the login password of the client in different places, the modified login password is not synchronized to the first service end, and the client still inputs the old password before modification when logging in locally; as another example, a server exception results in the access token failing. In these cases, the authentication ciphertext matches the reference ciphertext, and even if the access token is sent to the client, it is difficult for the client to access the relevant content of the server or the first service side by means of the access token.
In other cases, the first server verifies that the ciphertext to be checked is not matched with the reference ciphertext, and the login information input by the client is not represented to be wrong. For example, the user modifies the login password of the client in a different place, the modified login password is not synchronized to the first service end, the client inputs the modified new password when logging in locally, in this case, the verification ciphertext is matched with the reference ciphertext, but the login information input by the user is correct, and the verification is passed theoretically and the login is successful.
In view of the above situations, the embodiment of the present invention may further determine whether a network between the routing service module and the server is available, and then perform different operation steps according to different situations according to the determination result, so as to complete the login of the client and provide an effective access token for subsequent access, or find an exact reason when the login authentication fails, so as to achieve successful login as soon as possible. When the network is confirmed, the network connection may be detected to be normal, the network speed may reach the standard, or other conventional methods may be adopted, which are not described herein again.
The following describes operations after confirming whether the network between the routing service module and the server is available, with reference to different situations:
in case one, if the network is available and the ciphertext to be checked does not match the reference ciphertext, the embodiment of the present invention may:
controls the routing service module to send the login request to the server 140.
Receiving an access token and a reference ciphertext returned by the server 140 after the login information is successfully verified; the reference ciphertext is a result of encrypting the login information according to the encryption algorithm, and the technical content related to encryption may refer to the foregoing embodiment, which is not described herein again.
And controlling the routing service module to send the received access token to the client, and replacing the access token and the reference ciphertext which are pre-stored corresponding to the client originally with the received access token and the reference ciphertext.
In this case, by sending a login request to the server 140, the reason causing the failure of the first server to verify the login information may be determined, and if the server is successfully verified, the user modifies the login information in a different place, but does not synchronize the corresponding reference ciphertext and the access token to the network device 130, and the login information may be synchronized to the network device 130 through the foregoing operations; if the server 140 fails to verify, the client inputs the wrong login information, and the server 140 may send a prompt that the password is input incorrectly to the routing service module, and the routing service module forwards the prompt to the client.
In other examples, to determine the reason causing the failure of the first server to verify the login information, the routing service module may further send an access token to the server 140 before controlling the routing service module to send the login information to the server 140, so as to reduce the amount of transmitted data, which is specifically implemented by the following operations:
controls the routing service module to send a request to the server 140 to determine whether the access token is valid.
And receiving a judgment result returned by the server 140, wherein the judgment result is forwarded by the routing service module.
And if the judgment result shows that the login information is valid, controlling the routing service module to send a prompt for inputting correct login information to the client.
If the judgment result indicates invalidity, the step of controlling the routing service module to send the login request to the server 140 is executed.
In this example, if the server 140 verifies that the access token of the first server is valid, the client inputs the wrong login information, and the server 140 may send a prompt indicating that the password is input incorrectly to the routing service module, and forward the prompt to the client by the routing service module; if the server 140 verifies that the access token of the first server is invalid, the user has modified the login information offsite, but the corresponding reference ciphertext and the access token are not synchronized to the network device 130, which may be synchronized to the network device 120 by the aforementioned operations.
In addition, in order to ensure that the client updates the login information in a different place, the reference ciphertext and the access token corresponding to the updated login information can be synchronized to the first service end of the network device 130 in time. In one example, the first server may start a thread that asynchronously monitors the data change of the server, and after monitoring the login information change, requests the server 140 to send the reference ciphertext and the access token corresponding to the changed login information. In another example, the server 140 may actively notify the network device 130 that the login information of the client is changed after the login information of the client is changed, or directly send the corresponding reference cryptogram and the access token to the network device 130, so as to synchronize to the first server.
And in the second case, if the network is unavailable and the ciphertext to be verified is not matched with the reference ciphertext, further verification is difficult to be performed through the server 140, and the routing service module can be controlled to send a prompt that the login information is wrong or the login information before modification is input to the client.
In some examples, the number of times of prompting of the same client may be recorded, and if the recorded number of times of prompting exceeds 3 times, the client is prompted to request a client having a function of managing the network device, the login information is reset, a reference ciphertext and an access token are generated at the first service end corresponding to the reset login information, and the reference ciphertext and the access token stored at the original corresponding client are replaced. The reset login information and access token are then synchronized to the server 140 when the network between the routing service module and the server 140 is available.
In case that the network is available and the ciphertext to be checked is matched with the reference ciphertext, in order to ensure that a subsequent client can successfully access the first server or the server through the access token, the embodiment of the present invention may perform the following operations before controlling the routing service module to send the access token pre-stored by the client to the client:
and controlling the routing service module to send a request for judging whether the access token is valid to the server.
And receiving a judgment result returned by the server.
And if the judgment result shows that the access token is valid, controlling the routing service module to send the access token prestored corresponding to the client.
And if the judgment result shows that the login request is invalid, executing a step of controlling the routing service module to send the login request to the server.
The login information input by the client is effectively represented to be correct, and the access token is effective; the invalidity indicates that the server side is abnormal, the access token is invalid, or the login information is updated in different places, the corresponding reference ciphertext and the corresponding access token are not updated to the network equipment 130, the old password input by the client side directly returns the access token stored by the first server side to the client side, the client side is difficult to perform effective access by virtue of the access token, the reference ciphertext and the access token corresponding to the updated login information can be synchronized to the network equipment through the operation, and the access token corresponding to the updated login information is returned to the client side.
According to the embodiment, when the route between the route service module and the server is in the off-line mode, the received route service module encrypts the login information by adopting a preset encryption algorithm after sending the login request, and generates a ciphertext to be verified; and verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client side, and sending a corresponding pre-stored access token to the client side when the ciphertext to be verified is matched with the reference ciphertext pre-stored corresponding to the client side. When the routing between the network equipment and the server is in an offline mode due to network reasons or other reasons, the network equipment with the service providing function and the routing function can continue to provide offline login verification service for the client, and after login information is successfully verified offline, an access token is returned to the client. Therefore, even if the usability of the network between the client terminal and the server is poor, the method and the system can help the client to complete safe login verification and login, and further effectively reduce the occurrence rate of service interruption.
The network reason mentioned here may refer to that the network between the network device and the server is in a disconnected state or a weak network state. The weak network state may refer to at least one of a bandwidth being smaller than a predetermined bandwidth, a delay being larger than a predetermined delay value, and a packet loss rate being higher than a predetermined packet loss threshold.
In addition, the embodiment of the invention can also continuously provide login verification for the client when the route between the network equipment and the server is unavailable due to other reasons, thereby effectively reducing the occurrence rate of service interruption. For other reasons mentioned herein, such as human reasons, the client user forces the network between the network device and the server to be disabled, and the routing between the network device and the server is in the offline mode after the network between the network device and the server is disabled by the user's request for the offline mode.
As can be seen from the above example, the routing may be switched between the offline mode and the non-offline mode due to an artificial reason, and therefore, the routing may be frequently switched between the offline mode and the non-offline mode in a short time, in order to perform corresponding processing immediately after the mode switching, the routing service module may, after receiving the login request, directly send the login request of the client to the server when confirming that the routing between the network device and the server is in the non-offline mode, then receive the login information that is successfully verified by the server in response to the login request, then send the access token and the reference ciphertext, forward the access token and the base station ciphertext to the first service end, and after receiving by the first service end, store the received access token and the reference ciphertext corresponding to the client. Synchronously or asynchronously, forwards the access token to the client.
In addition, after the client modifies/updates the login information in different places, offline login verification and login can be realized locally through a preset mode.
In some scenarios, after sending the access token to the client, the client may further send an application service request carrying the access token to the network device 130, and the network device 130 may send the application service request to the first service end and process the application service request by the first service end when the route between the network device 130 and the server 140 is in the offline mode, which may be specifically shown in fig. 3, where the method shown in fig. 3 may include the following steps S301 to S307:
step S301, receiving a login request of a client; the login request carries login information, and the route service module forwards the login request when the route between the route service module and the server is in an offline mode.
Step S302, a preset encryption algorithm is adopted to encrypt the login information, and a ciphertext to be verified is generated.
And step S303, verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client.
And step S304, if the access token is matched with the access token, controlling the routing service module to send the access token pre-stored corresponding to the client.
Step S305, receiving an application service request of a client; and the application service request carries the access token and is forwarded by the routing service module when the route between the application service request and the server is in an offline mode.
And S306, responding to the application service request to perform corresponding processing to generate application service data.
Step S307, controlling the routing service module to send the application service data to the client.
Technical features related to the embodiment of the present invention, such as the network device, the client, the routing service module, and the first service end, may refer to the description of the embodiment related to fig. 1 and fig. 2, and are not described herein again.
The application service data of the embodiment of the invention is determined by the application service request and is related to a specific application scene. After the routing service module sends the application service data provided by the first service end responding to the application service request to the corresponding client, in order to ensure the data consistency between the second service end and the first service end in the non-offline mode and further reduce the service data error, the embodiment of the invention needs to synchronize the related data of the first service end and the second service end.
In an example, in the embodiment of the present invention, when the application service request may cause data of the first service end to be updated, the first service end may store the update description information corresponding to the updated data; and when the data synchronization condition is met, synchronizing the updated data to a second server side in the server corresponding to the updating description information. The data updating of the first server may include deletion, addition, replacement, and the like of data.
According to the embodiment, in the offline mode, the application service request is sent to the first server side for response processing, so that the required service can be continuously provided for the client side when the routing between the network equipment and the server is unavailable due to network reasons, and the service interruption rate is effectively reduced.
The network reason mentioned here may refer to that the network between the network device and the server is in a disconnected state or a weak network state. The weak network state may refer to at least one of a bandwidth being smaller than a predetermined bandwidth, a delay being larger than a predetermined delay value, and a packet loss rate being higher than a predetermined packet loss threshold.
The embodiment of the invention can also continuously provide the required teaching service for the client when the route between the network equipment and the server is unavailable due to other reasons, thereby effectively reducing the interruption rate of the teaching service. For other reasons mentioned herein, such as human reasons, the client user forces the network between the network device and the server to be disabled, and the routing between the network device and the server is in the offline mode after the network between the network device and the server is disabled by the user's request for the offline mode.
In addition, the routing service module in the embodiment of the present invention may further determine whether the routing between the network device and the server is in the offline mode after receiving the application service request, and when the routing is not in the offline mode, send the application service request to the second server in the server, receive application service data returned by the second server in response to the application service request, and send the received service data to the corresponding client.
After the routing service module sends the application service data returned by the second service end in response to the teaching service request to the corresponding client, in order to ensure the data consistency between the second service end in the server and the first service end in the network device in the offline mode and further avoid the error of the service data, the embodiment of the invention needs to synchronize the related data of the second service end and the first service end.
In an example, in the embodiment of the present invention, after sending, to a corresponding client, application service data returned by a second server in response to the application service request, a routing service module may receive, under a condition that the application service request may cause data update of the second server, synchronization data sent by the second server; and synchronizing the updated data to the first service end corresponding to the updating description information. The synchronization data includes updated data and corresponding update description information, and the updated data is caused by the application service request.
The application service and the application service data provided by the first server or the second server for the client depend on specific application scenes, for example, the application is applied to training course scenes set by training institutions, and the provided application service and the application service data are related to training courses and can comprise client login, training courseware downloading, training student information acquisition, training examination and test, test result approval, training result publishing and the like. For example, the method is applied to a course teaching scene of a school institution, and the provided application service and application service data are related to classroom teaching and can comprise client login, course data downloading, classroom interaction, student information acquisition, student grouping, student comment uploading and the like. Next, a network environment for implementing login verification will be described by taking a course teaching scenario applied to a school institution as an example, and specifically refer to fig. 4.
As shown in fig. 4, in the course teaching scenario, the network environment may include a network device 430 and a server 440, and further include a teaching terminal 420 and more than one student terminal 410 ( terminals 410a, 410b, 410c …) respectively connected to the network device 430.
The student terminal 410 is operated by a student, is equipped with a student client, and may be at least one of a smartphone, a laptop, a desktop computer, a tablet computer, a Personal Digital Assistant (PDA), a mobile terminal device, and other computer devices.
The teaching terminal 420 is operated by a teacher, is provided with a teacher-type client, and can have a display function, wherein the display function can be realized by loading a display device, and the display device can be a display device only having a display capability, such as an LED display screen; but also display devices with interactive capabilities such as touch-sensitive display screens, smart interactive tablets, etc. The tutorial terminal 420 may also have network connectivity, data processing capabilities, camera capabilities, storage capabilities, and the like. For the capability of the receiving teaching terminal 420 that needs to be provided in an actual scene, corresponding hardware or software (for example, hardware such as a CPU chip, an MCU chip, a camera, a GPU chip, a temporary memory, a permanent memory, a WiFi chip, and software such as Office, Photoshop, and instant messaging) may be configured for the teaching terminal 420.
In practical applications, a login request and a teaching service provision request may be sent to the network device 430 via the connection between the student terminal 410/teaching terminal 420 and the network device 430, the student-type client and/or the teacher-type client.
When the route between the network device 430 and the server 440 is in the offline mode, the network device responds to the login request or the teaching service providing request through the first server installed therein, and sends the access token or teaching service data to the corresponding one of the teaching terminal 420 and the student terminal 410 through the routing service module installed therein. The corresponding terminal is determined by the teaching service request. For example, the teaching service request is a courseware downloading request, and the corresponding terminal is a terminal sending the request; for example, the teaching service request is a request for drawing a student answer, and after the first service end draws a student who has answered the question, the question to be answered is sent to the student terminal 410 operated by the student who has drawn the question.
Network device 430 sends a login request or a tutorial service provision request to server 140 if the route to server 440 is in a non-offline mode.
The server 440 responds to the login request or the teaching service providing request through the second server installed therein.
The routing service module of the network device 430 receives the returned access token or teaching service data and transmits the access token or teaching service data to the corresponding one of the teaching terminal 420 and the student terminals 410. The corresponding terminal mentioned here is as described above, and is not described here again.
In addition, in order to ensure the consistency of the data of the service end in different modes and further reduce the error of the service data, the embodiment of the present invention needs to synchronize the related data of the first service end and the second service end. Reference may be made to the foregoing embodiments, and details are not repeated herein.
In other scenarios, the intelligent interactive flat panel according to the embodiment of the present invention may be an integrated device that integrates one or more functions of a projector, an electronic whiteboard, a curtain, a sound, a television, a video conference terminal, and the like.
The smart interactive tablet may also establish a data connection with at least one external device. Among these, external devices include, but are not limited to: smart phones, USB flash drives, laptops, desktop computers, tablet computers, Personal Digital Assistants (PDAs), and the like.
The communication mode of the data connection between the external device and the smart interactive tablet 110 includes, but is not limited to, a USB connection, an internet, a local area network, a bluetooth, a Wi-Fi protocol (Wi-Fi) or a ZigBee protocol (ZigBee), and the embodiment of the present invention is not limited thereto.
Further, when data interaction occurs between at least one external device and the intelligent interaction panel, screen projection data are sent to the intelligent interaction panel so that the intelligent interaction panel displays screen projection contents of the screen projection data, the external device is provided with a screen projection client, generally speaking, one or more screen projection clients can be provided and are set according to specific application scenes, and the embodiment is not limited.
The following describes an interaction process of the login authentication method with reference to the teaching terminal, the student terminal, the second server in the server, and the routing service module and the first server in the network device in fig. 4, and specifically refers to fig. 5.
In a classroom teaching scene, a teacher and students can respectively send login requests to network equipment through a teacher-type client in a teaching terminal and a student-type client in a student terminal (steps S501 and S502), after the network equipment receives a teaching service request, a routing service module in the network equipment determines a mode of routing with a server, in an offline mode, the route of the login request points to a first client, and in a non-offline mode, the route of the login request points to the server.
Therefore, when the routing service module determines that the routing is in the offline mode, the received login request is sent to the first server (step S503), the first server responds to the login request, encrypts login information in the login request by using a predetermined encryption algorithm to generate a ciphertext to be checked (step S504), and verifies whether the ciphertext to be checked is matched with a reference ciphertext pre-stored corresponding to the client (step S505); and if the matching is performed, sending an access token pre-stored corresponding to the client to the routing service module (step S506).
The routing service module sends the access token to the teaching terminal and the student terminal (step S507).
When the routing service module determines that the routing is not in the offline mode, the received login request is sent to the server (step S508), the second server side in the server responds to the login request, verifies whether the login information is matched with the login information prestored corresponding to the client side (step S509), and when the login information is matched with the login information prestored corresponding to the client side, the login information in the login request is encrypted by adopting a preset encryption algorithm to generate a ciphertext to be checked (step S510), and the reference ciphertext and an access token prestored corresponding to the client side are sent to the routing service module (step S511).
The routing service module sends the access token to the teaching terminal and the student terminal (step S512), and sends the access token and the reference ciphertext to the first server (step S513).
The first server stores the reference ciphertext and the access token corresponding to the client (S514).
In other embodiments, in combination with other scenarios, the teaching terminal and the student terminal may be other types of client devices, which are not described herein again.
Corresponding to the embodiments of the method described above, the invention also provides embodiments of the apparatus.
Referring to fig. 6, fig. 6 is a block diagram of a login authentication apparatus according to an exemplary embodiment of the present invention, which may be applied to a network device between a client terminal and a server, where the network device includes a routing service module; the device includes: a request receiving module 610, an information encrypting module 620, an information verifying module 630 and a token sending module.
The request receiving module 610 is configured to receive a login request of a client; the login request carries login information, and the route service module forwards the login request when the route between the route service module and the server is in an offline mode.
And the information encryption module 620 is configured to encrypt the login information by using a predetermined encryption algorithm to generate a ciphertext to be verified.
And the information verification module 630 is configured to verify whether the ciphertext to be verified matches with a reference ciphertext pre-stored in the client.
And the token sending module 640 is configured to control the routing service module to send, to the client, an access token pre-stored corresponding to the client when the ciphertext to be verified matches the reference ciphertext.
In one example, the encryption algorithm includes an MD5 encryption algorithm.
By way of example, the information encryption module 620 is configured to:
obtaining an access token prestored corresponding to the client;
forming information to be encrypted by the acquired access token and the login information;
and encrypting the information to be encrypted by adopting the MD5 encryption algorithm to generate the ciphertext to be verified.
As an example, the information encryption module 620 may be further configured to:
and forming the information to be encrypted by the acquired access token, the login information and the random number in a mixed mode of salt addition and random number.
As an example, the login information includes a login account and a login password encrypted according to the encryption algorithm.
In another example, the login authentication apparatus according to the embodiment of the present invention may further include:
a network confirmation module for confirming whether the network between the routing service module and the server is available;
the first control module is used for controlling the routing service module to send the login request to the server when the network is available and the ciphertext to be checked is not matched with the reference ciphertext;
the first receiving module is used for receiving an access token and a reference ciphertext returned by the server after the login information is successfully verified; the reference ciphertext is a result of encrypting the login information according to the encryption algorithm;
the second control module is used for controlling the routing service module to send the received access token to the client;
the first storage module is used for replacing the access token and the reference ciphertext which are pre-stored corresponding to the client originally by the received access token and the reference ciphertext;
and the third control module is used for controlling the routing service module to send a prompt that the login information is wrong or the login information before modification is input to the client when the network is unavailable and the ciphertext to be verified is not matched with the reference ciphertext.
In another example, the login authentication apparatus according to the embodiment of the present invention may further include:
the fourth control module is used for controlling the routing service module to send a request for judging whether the access token is valid to the server when the network is available and the ciphertext to be checked is matched with the reference ciphertext;
the second receiving module is used for receiving the judgment result returned by the server;
the fifth control module is used for controlling the routing service module to send an access token prestored corresponding to the client when the judgment result shows that the access token is valid;
and the sixth control module is used for controlling the routing service module to send the login request to the server when the judgment result shows that the login request is invalid.
In another example, the login authentication apparatus according to the embodiment of the present invention may further include:
a seventh control module, configured to control the routing service module to send, to the server, a request for determining whether the access token is valid before controlling the routing service module to send the login information to the server;
the third receiving module is used for receiving the judgment result returned by the server;
the eighth control module is configured to control the routing service module to send a prompt for inputting correct login information to the client when the determination result indicates validity;
and the ninth control module is used for controlling the routing service module to send the login request to the server when the judgment result shows that the login request is invalid.
In another example, the login authentication apparatus according to the embodiment of the present invention may further include:
the fourth receiving module is used for receiving the access token and the reference ciphertext returned by the server after the login information is successfully verified in response to the login request; the login request responded by the server is directly sent to the server by the routing service module when the route between the server and the routing service module is in a non-offline mode;
and the second storage module is used for storing the received access token and the reference ciphertext corresponding to the client.
The implementation process of the functions and actions of each unit (or module) in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units or modules described as separate parts may or may not be physically separate, and the parts displayed as the units or modules may or may not be physical units or modules, may be located in one place, or may be distributed on a plurality of network units or modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
The embodiment of the login verification device can be applied to network equipment. In particular, it may be implemented by a computer chip or entity, or by an article of manufacture having some functionality. In a typical implementation, a network device for connecting a client terminal and a server includes a routing service module. The network device may be in the form of an intelligent router or other network device.
The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in a readable storage medium such as a nonvolatile memory into a memory for operation through a processor of a network device where the software implementation is located. From a hardware aspect, as shown in fig. 7, it is a hardware structure diagram of a network device where the login authentication apparatus of the present invention is located, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 7, the network device where the apparatus is located in the embodiment may also include other hardware according to the actual function of the network device, which is not described again. Wherein the memory and non-volatile storage are computer-readable storage, the storage of the network device may store program instructions executable by the processor; the processor may be coupled to the memory for reading the program instructions stored on the storage medium and in response performing the operations of the login authentication method in any of the above embodiments.
In other embodiments, the operations performed by the processor may refer to the description related to the embodiments of the login verification method described above, which is not described herein again.
In addition, an embodiment of the present invention further provides a machine-readable storage medium, where the machine-readable storage medium stores program instructions, and the program instructions include instructions corresponding to the steps of the login authentication method described above. When executed by one or more processors, cause the processors to perform the operations of the login authentication method described above.
Embodiments of the invention may take the form of a computer program product embodied on one or more readable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having program code embodied therein. Computer-usable readable storage media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of machine-readable storage media include, but are not limited to: phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technologies, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium, may be used to store information that may be accessed by a computing device.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (11)

1. A login authentication method is characterized in that the login authentication method is applied to network equipment between a client terminal and a server, and the network equipment comprises a routing service module; the method comprises the following steps:
receiving a login request of a client; the login request carries login information and is forwarded by the routing service module when a route between the routing service module and the server is in an offline mode;
encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified;
verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client;
confirming whether a network between the routing service module and the server is available;
if the network is available and the ciphertext to be checked is matched with the reference ciphertext, controlling the routing service module to send a request for judging whether the access token is valid to the server;
receiving a judgment result returned by the server;
if the judgment result shows that the access token is valid, controlling the routing service module to send the access token prestored corresponding to the client;
if the judgment result shows that the login request is invalid, controlling the routing service module to send the login request to the server;
and if the network is unavailable and the ciphertext to be checked is not matched with the reference ciphertext, controlling the routing service module to send a prompt that the login information is wrong or the login information before modification is input to the client.
2. The method of claim 1, wherein the encryption algorithm comprises an MD5 encryption algorithm.
3. The method of claim 2, wherein encrypting the login information using a predetermined encryption algorithm to generate a ciphertext to be verified comprises:
obtaining an access token prestored corresponding to the client;
forming information to be encrypted by the acquired access token and the login information;
and encrypting the information to be encrypted by adopting the MD5 encryption algorithm to generate the ciphertext to be verified.
4. The method according to claim 3, wherein the information to be encrypted is composed of the obtained access token, the login information and the random number by means of mixing salt and the random number.
5. The method of claim 4, wherein the login information comprises a login account and a login password encrypted according to the encryption algorithm.
6. The method according to claim 1, characterized in that the method further comprises the steps of:
if the network is available and the ciphertext to be checked is not matched with the reference ciphertext, controlling the routing service module to send the login request to the server;
receiving an access token and a reference ciphertext returned after the server successfully verifies the login information; the reference ciphertext is a result of encrypting the login information according to the encryption algorithm;
and controlling the routing service module to send the received access token to the client, and replacing the access token and the reference ciphertext which are pre-stored corresponding to the client originally with the received access token and the reference ciphertext.
7. The method according to claim 6, wherein before controlling the routing service module to send the login information to the server, the method further comprises:
controlling the routing service module to send a request for judging whether the access token is valid to the server;
receiving a judgment result returned by the server;
if the judgment result shows that the login information is valid, controlling the routing service module to send a prompt for inputting correct login information to the client;
and if the judgment result shows that the login request is invalid, executing a step of controlling the routing service module to send the login request to the server.
8. Method according to any one of claims 1 to 7, characterized in that it comprises the following steps:
receiving an access token and a reference ciphertext returned by the server after the login information is successfully verified in response to the login request; the login request responded by the server is directly sent to the server by the routing service module when the route between the server and the routing service module is in a non-offline mode;
and storing the received access token and the reference ciphertext corresponding to the client.
9. A login verification device is characterized in that the login verification device is applied to network equipment between a client terminal and a server, and the network equipment comprises a routing service module; the device comprises:
the request receiving module is used for receiving a login request of a client; the login request carries login information and is forwarded by the routing service module when a route between the routing service module and the server is in an offline mode;
the information encryption module is used for encrypting the login information by adopting a preset encryption algorithm to generate a ciphertext to be verified;
the information verification module is used for verifying whether the ciphertext to be verified is matched with a reference ciphertext pre-stored corresponding to the client; and for confirming whether a network between the routing service module and the server is available;
the token sending module is used for controlling the routing service module to send a request for judging whether an access token is valid or not to the server and receiving a judgment result returned by the server when the network is available and the ciphertext to be verified is matched with the reference ciphertext, and controlling the routing service module to send the access token prestored corresponding to the client if the judgment result shows that the access token is valid; if the judgment result shows that the login request is invalid, controlling the routing service module to send the login request to the server; and if the network is unavailable and the ciphertext to be checked is not matched with the reference ciphertext, controlling the routing service module to send a prompt that the login information is wrong or the login information before modification is input to the client.
10. A network device, for connecting a client terminal and a server, comprising a routing service module, the network device further comprising:
a processor;
a memory storing processor-executable instructions;
wherein the processor is coupled to the memory for reading program instructions stored by the memory and, in response, performing operations in the method of any of claims 1-8.
11. One or more machine-readable storage media having instructions stored thereon, which when executed by one or more processors perform the operations of any one of the methods recited in claims 1-8.
CN201811053188.0A 2018-09-10 2018-09-10 Login verification method, device, system, equipment and medium Active CN109347795B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811053188.0A CN109347795B (en) 2018-09-10 2018-09-10 Login verification method, device, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811053188.0A CN109347795B (en) 2018-09-10 2018-09-10 Login verification method, device, system, equipment and medium

Publications (2)

Publication Number Publication Date
CN109347795A CN109347795A (en) 2019-02-15
CN109347795B true CN109347795B (en) 2021-11-16

Family

ID=65305222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811053188.0A Active CN109347795B (en) 2018-09-10 2018-09-10 Login verification method, device, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN109347795B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016928B (en) * 2019-05-31 2024-01-16 华控清交信息科技(北京)有限公司 Payment method and device and payment device
CN110765174A (en) * 2019-09-23 2020-02-07 南京泰治自动化技术有限公司 SPC data acquisition method and system based on offline
CN111314346A (en) * 2020-02-19 2020-06-19 中国第一汽车股份有限公司 Account login method and device and vehicle
CN114650147A (en) * 2020-12-02 2022-06-21 成都鼎桥通信技术有限公司 Login method and device
CN112699350B (en) * 2020-12-30 2024-02-27 中国邮政储蓄银行股份有限公司 Login verification method and device
CN114765548B (en) * 2020-12-30 2023-09-05 成都鼎桥通信技术有限公司 Target service processing method and device
CN113595743B (en) * 2021-08-04 2022-10-21 中国银行股份有限公司 Authorization token processing method and device
CN114244530A (en) * 2021-12-16 2022-03-25 中国电信股份有限公司 Resource access method and device, electronic equipment and computer readable storage medium
CN114615011A (en) * 2022-01-19 2022-06-10 禅境科技股份有限公司 Network pedigree privatization service method and device
CN115809276A (en) * 2022-12-20 2023-03-17 镁佳(北京)科技有限公司 Vehicle personalized configuration management method, device, server and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1633112A1 (en) * 2004-09-03 2006-03-08 Microsoft Corporation A system and method for erasure coding of streaming media
CN101500235A (en) * 2009-02-26 2009-08-05 深圳市戴文科技有限公司 Off-line authentication method, off-line authentication system and mobile terminal
CN101651546A (en) * 2009-09-11 2010-02-17 福建天晴在线互动科技有限公司 Method for off-line generation of dynamic password and debarkation authentication and synchronization of server
CN102739658A (en) * 2012-06-16 2012-10-17 华南师范大学 Offline verification method for single sign on
CN105049407A (en) * 2015-05-28 2015-11-11 深圳市永兴元科技有限公司 Login method and login device
CN105099707A (en) * 2015-08-27 2015-11-25 赛肯(北京)科技有限公司 Offline authentication method, server and system
CN105450582A (en) * 2014-06-24 2016-03-30 华为技术有限公司 Business processing method, terminal, server and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1633112A1 (en) * 2004-09-03 2006-03-08 Microsoft Corporation A system and method for erasure coding of streaming media
CN101500235A (en) * 2009-02-26 2009-08-05 深圳市戴文科技有限公司 Off-line authentication method, off-line authentication system and mobile terminal
CN101651546A (en) * 2009-09-11 2010-02-17 福建天晴在线互动科技有限公司 Method for off-line generation of dynamic password and debarkation authentication and synchronization of server
CN102739658A (en) * 2012-06-16 2012-10-17 华南师范大学 Offline verification method for single sign on
CN105450582A (en) * 2014-06-24 2016-03-30 华为技术有限公司 Business processing method, terminal, server and system
CN105049407A (en) * 2015-05-28 2015-11-11 深圳市永兴元科技有限公司 Login method and login device
CN105099707A (en) * 2015-08-27 2015-11-25 赛肯(北京)科技有限公司 Offline authentication method, server and system

Also Published As

Publication number Publication date
CN109347795A (en) 2019-02-15

Similar Documents

Publication Publication Date Title
CN109347795B (en) Login verification method, device, system, equipment and medium
US20200228973A1 (en) Secure telecommunications
US9967245B2 (en) User authentication using unique hidden identifiers
US10164949B2 (en) Method and system for encrypted communications
CN105264864B (en) Session Hand-off to during alternative equipment keep videoconference session continuity
US11233791B2 (en) Methods, systems, and media for authentication of user devices to a display device
CN107431708B (en) Session transfer between resources
US10242217B1 (en) Secure file transfer
US11855975B2 (en) Conversation merging for electronic devices
US20140129683A1 (en) Shared access to a remotely running application
US10129229B1 (en) Peer validation
KR20150054828A (en) Securely handling server certificate errors in synchronization communication
US10855846B1 (en) Encrypting multiple party calls
US9985947B1 (en) Method and system for communication of devices using dynamic routes encoded in security tokens and a dynamic optical label
CN105391673A (en) Safe access method and device
US20220247730A1 (en) Electronic conferencing
KR101368780B1 (en) Multi communication service system and multi communication service method
US9213804B2 (en) Securing displayed information
CN110063089B (en) Computing system, method and storage medium for transmitting content
EP4260539A1 (en) Electronic conferencing
CN114760346A (en) Equipment switching method, device and system and electronic equipment
JP2017091261A (en) Device, program, and system
US11594146B2 (en) Agent for online training in an offline environment
CN116918314A (en) electronic conference
CN116155520A (en) Automatic authentication method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant