CN109462602A - Log-on message storage method, login validation method, device, equipment and medium - Google Patents
Log-on message storage method, login validation method, device, equipment and medium Download PDFInfo
- Publication number
- CN109462602A CN109462602A CN201811527514.7A CN201811527514A CN109462602A CN 109462602 A CN109462602 A CN 109462602A CN 201811527514 A CN201811527514 A CN 201811527514A CN 109462602 A CN109462602 A CN 109462602A
- Authority
- CN
- China
- Prior art keywords
- information
- storage
- log
- random
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of log-on message storage method, login validation method, device, equipment and media, in log-on message storage method, getting the logging request including entry address information, and according to log-on message generate locally store information after, generate random string, character string, log-on message and entry address information it will be associated storage at any time again, and obtain database stores information;Encrypt locally store information, and mark of the entry address information as encrypted locally store information, the locally store information encrypted are added, then random string is added in the locally store information encrypted, and in being stored in and being locally stored, target storage information is obtained.By encrypting to the locally store information comprising log-on message, the safety of log-on message storage can be improved.
Description
Technical field
The present invention relates to information security field more particularly to a kind of log-on message storage methods, login validation method, dress
It sets, equipment and medium.
Background technique
Nowadays, with the continuous development of the network information technology, the safety of personal information seems ever more important.In user
When Website login, many websites in order to facilitate user browsing, using the sheet that the personal log-on message of user is saved to user
In ground storage, avoids user and repeatedly input username and password, improve the user experience of user.But in being locally stored
Personal log-on message be often in plain text save, i.e., the personal log-on message of user is not subject to any technical treatment and directly protected
It deposits.Doing so bring user is personal log-on message disclosure risk.There is also part malicious attackers will modify user's
Permission, so that the user that script is common permission is modified to administrator right, to locally store information deception occur.
Summary of the invention
The embodiment of the present invention provides a kind of log-on message storage method, device, equipment and medium, is deposited with solving log-on message
Store up the not high problem of safety.
The embodiment of the present invention provides a kind of login validation method, device, equipment and medium, to solve login authentication safety
Not high problem.
A kind of log-on message storage method, comprising:
Logging request is obtained, and locally store information, the login are generated according to the log-on message in the logging request
Request further includes entry address information;
The logging request is responded, random string is generated using random function;
The log-on message, the entry address information and the random string are associated storage, obtain data
Library stores information;
The locally store information is encrypted, and adds the entry address information as encrypted and described letter is locally stored
The mark of breath, the locally store information encrypted;
The random string is added in the locally store information encrypted, and the local encrypted is deposited
Information preservation is stored up in being locally stored, obtains target storage information.
A kind of login authentication device, comprising:
Logging request obtains module, generates for obtaining logging request, and according to the log-on message in the logging request
Locally store information, the logging request further include entry address information;
Random string generation module generates random string using random function for responding logging request;
Database storage module, for by the log-on message, the entry address information and the random string into
Row associated storage, obtains database stores information;
Data encryption module for encrypting the locally store information, and adds the entry address information as encryption
The mark of the locally store information afterwards, the locally store information encrypted;
Module is locally stored, for adding the random string in the locally store information encrypted, and will
The locally store information encrypted, which is stored in, to be locally stored, and target storage information is obtained.
A kind of login validation method, comprising:
Login authentication request is obtained, the login authentication request includes verification address information;
Target storage information and the database stores information are obtained according to the verification address information, wherein the mesh
Mark storage information and the database stores information are obtained using the described in any item log-on message storage methods of claim 1-3
It arrives;
Target storage information is decrypted;
If the target stores information successful decryption, the storage information after being decrypted;
The storage information after the decryption is verified according to the database stores information;
If the storage information checking after the decryption passes through, the login authentication request passes through.
A kind of login authentication device, comprising:
Login authentication request module, for obtaining login authentication request, the login authentication request includes verification ground
Location information;
Check information obtains module, for obtaining target storage information and the database according to the verification address information
Store information, wherein the target stores information and the database stores information is using above-mentioned log-on message storage method
It obtains;
Information deciphering module, for target storage information to be decrypted;
Data obtaining module is decrypted, the storage letter if storing information successful decryption for the target, after being decrypted
Breath;
Correction verification module is logged in, for carrying out school to the storage information after the decryption according to the database stores information
It tests;
Judgment module is verified, if the storage information checking for after the decryption passes through, the login authentication request is logical
It crosses.
A kind of computer equipment, including memory, processor and storage are in the memory and can be in the processing
The computer program run on device, the processor realize above-mentioned log-on message storage method when executing the computer program
The step of step or the processor realize above-mentioned login validation method when executing the computer program.
A kind of computer readable storage medium, the computer-readable recording medium storage have computer program, the meter
The step of calculation machine program realizes above-mentioned log-on message storage method when being executed by processor or the computer program are processed
The step of device realizes above-mentioned login validation method when executing.
Above-mentioned log-on message storage method, device, computer equipment and storage medium are believed getting including entry address
After the logging request of breath, locally store information is generated according to the log-on message in logging request, then responds logging request, using with
Machine function generates random string, then character string, log-on message and entry address information will be associated storage at any time, is counted
Information is stored according to library;Locally store information is encrypted, and adds mark of the entry address information as encrypted locally store information
Know, the locally store information encrypted, then random string is added in the locally store information encrypted, and saves
In being locally stored, target storage information is obtained.By being encrypted to the locally store information comprising log-on message, Ke Yiti
The safety of high log-on message storage.
Above-mentioned login validation method, device, computer equipment and storage medium are being got comprising verification address information
After login authentication request, target storage information and database stores information are obtained according to verification address information, then store to target
Information is decrypted, the storage information if successful decryption, after being decrypted;Further according to database stores information to decryption after
Storage information verified, if decryption after storage information checking pass through, login authentication request pass through.It is decrypted by verification
Whether storage information afterwards and the log-on message in database stores information and random string correspond to, Lai Tigao login authentication
Safety.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without any creative labor, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is log-on message storage method or the signal of an application environment of login validation method in one embodiment of the invention
Figure;
Fig. 2 is an exemplary diagram of log-on message storage method in one embodiment of the invention;
Fig. 3 is another exemplary diagram of log-on message storage method in one embodiment of the invention;
Fig. 4 is another exemplary diagram of log-on message storage method in one embodiment of the invention;
Fig. 5 is a functional block diagram of log-on message storage device in one embodiment of the invention;
Fig. 6 is an exemplary diagram of login validation method in one embodiment of the invention;
Fig. 7 is another exemplary diagram of login validation method in one embodiment of the invention;
Fig. 8 is a functional block diagram of login authentication device in one embodiment of the invention;
Fig. 9 is a schematic diagram of computer equipment in one embodiment of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
Log-on message storage method provided in an embodiment of the present invention, can be applicable in the application environment such as Fig. 1, wherein visitor
Family end (computer equipment) is communicated by network with server-side.Computer equipment issue logging request after, server-side according to
Logging request obtains entry address information and log-on message, generates a random string, and database is obtained after processing
It stores information and target stores information.Wherein, client (computer equipment) can be, but not limited to various personal computers, notes
This computer, smart phone, tablet computer and portable wearable device.Server-side can be either multiple with independent server
The server cluster of server composition is realized.
In one embodiment, it as shown in Fig. 2, providing a kind of log-on message storage method, applies in Fig. 1 in this way
It is illustrated, includes the following steps: for server-side
S10: logging request is obtained, and locally store information, logging request are generated according to the log-on message in logging request
It further include entry address information.
Wherein, logging request is that client is issued to server-side, for notifying server-side to carry out one of register
Instruction.Logging request carries entry address information and log-on message.Server-side obtains logging request, and carries out to logging request
Processing.
Entry address information includes the IP address that user currently logs in or the website information that user currently logs in.Wherein, IP
Address refers to that Internet protocol address, IP address are a kind of unified address formats that IP agreement provides, it is on internet
One logical address of each network and each host assignment.Website information refers to the network address for the website that user currently logs in.
Log-on message refer to the personal information that user was inputted using computer equipment Website login, APP or when platform and/
Or server depending on the user's operation and generate data.
Optionally, log-on message includes at least one in user name, logging state, login time stamp or session ID
?.Wherein, user name refers to the login account inputted when user logs in.Logging state is to be used to indicate user this login to be
In online state or off-line state.When login time stamp refers to that user logs in, server-side is raw according to the network time of system
At a timestamp, the time currently logged in for recording user, and will once to correspond to generation primary new for the every login of user
Login time stamp.Session ID refers to that server-side is the session that each user saves, and is these
Session distributes a generation ID as mark, to distinguish different user.Wherein, session refers to client and server-side
The session object that interaction generates.
Locally store information can be cookies object, localStorage object or sessionStorage object.Its
In, cookies is that object is locally stored in one kind, for the log-on message of user to be stored in equipment hard disk.
LocalStorage is that object is locally stored in newly-increased one of html5, for saving the local memory data of entire website for a long time.
SessionStorage is a newly-increased session storage object of html5, for temporarily saving the same window (or Shipping Options Page)
Data.
Referred to according to log-on message generation locally store information and log-on message is added in locally store information.It is exemplary
Ground, locally store information are a cookies objects, and user is when a computer equipment carries out register, if user selects
It has selected and has remembered password or Auto Login feature option, server-side will according to the user's choice deposit the log-on message of user
It is placed in cookies.For example, when user first logs into certain shopping website, if user has selected to remember password or step on automatically
The log-on message of the user will be stored in cookies by recording function option, server-side, to facilitate the user to reuse together
When one same browser of computer equipment opening enters the website, it can not be had to again with the account of the automated log on user
Input username and password.
S20: response logging request generates random string using random function.
Wherein, random string refers to the character string that server-side generates at random.Optionally, the digit of the character string is
Two or more.
Specifically, it can be after the logging request that server-side receives that client is sent, it is raw using random function
At a random string.The whole of predetermined figure can be generated by random function random () at random by generating random string
Number.Alternatively, first generating N number of random integers, remainder then is carried out divided by preset number respectively to this N number of random integers, further according to
Remainder result searches corresponding character in string variable predetermined respectively.Further, a random character is generated
String can also search the side of corresponding character further according to this N number of random integers using N number of random integers are first generated in ascii table
Formula is realized.
In view of the complexity of random string, the component of random string be can be by number, capitalization English words
At least one of mother, small English alphabet, symbol composition.It is to be appreciated that the digit of random string is more, character string group
More complicated at element, a possibility that random string is by Brute Force, is lower.Wherein, Brute Force refers to that hacker or system dislike
Whether the attacker that anticipates uses the method for exhaustion, that is, uses the username and password dictionary of oneself, go to enumerate one by one, attempt to step on
Record.
S30: being associated storage for log-on message, entry address information and random string, obtains database purchase letter
Breath.
Associated storage refers to that each log-on message and entry address information only one random string are corresponding to it simultaneously
Storage.Wherein it is possible to be associated storage for entry address information as an identifier and log-on message and random string.
Specific way, which can be, names database stores information using entry address information, can also be by log-on message, login ground
Location information and random string are stored in the lane database of the user.
Preferably, log-on message, entry address information and random string storage is associated to be primarily referred to as to log in
Information, entry address information and random string are stored in the lane database of the user to realize log-on message and random string
Associated storage.Specifically, one section of field can be created in the lane database of user, then together by user name and random string
It is stored in the field.
In this step, it by the way that log-on message, entry address information and random string are associated storage, is counted
Information is stored according to library, most important effect is to store these log-on messages in the database, avoid log-on message from being leaked, from
And protect the safety of log-on message.
S40: encryption locally store information, and add mark of the entry address information as encrypted locally store information
Know, the locally store information encrypted.
In this step, locally store information is encrypted using Encryption Algorithm, locally store information is encrypted
Later, so that the data encryption in locally store information becomes ciphertext.
Wherein, Encryption Algorithm locally store information encrypted can for AES symmetric cryptography, RAS asymmetric encryption,
Des encryption or SM4 encrypt scheduling algorithm.It is to be appreciated that the Encryption Algorithm that locally store information is encrypted includes but unlimited
In above-mentioned algorithm, other can encrypt data information and reversible algorithm belongs to protection scope of the present invention.
Preferably, locally store information is encrypted using AES symmetric encipherment algorithm, the algorithm can by plain text,
Data namely before unencryption generate the data after a Duan Miwen, that is, encryption by the encryption of AES encryption function.
The algorithm has many advantages, such as that encryption efficiency height, the data length of encryption are unrestricted.And the encryption key of the algorithm and decryption are close
Key is identical, so that encrypting and decrypting reversible to operation.
Addition entry address information as the mark of encrypted locally store information can use entry address information for
Encrypted locally store information name, is also possible to encrypted locally store information adding an entry address information mark
Character learning section.Preferably, addition entry address message identification, which refers to, uses entry address information for encrypted locally store information
Name.
S50: random string is added in the locally store information encrypted, and the locally store information encrypted is protected
In being locally stored, target storage information is obtained.
Random string is added in the locally store information encrypted, and is added to having encrypted for random string
Locally store information, which is stored in, to be locally stored.Specifically, increase a field in the locally store information encrypted to be used to
Random string is saved, and the locally store information encrypted is stored in is locally stored.It is locally stored and refers to that user carries out
The memory space of the equipment of register.For example, letter will be locally stored if user is logged in using the browser at the end PC
Breath is encrypted and adds entry address message identification and is stored in the hard disk at the end PC later.For example, adding one in cookies
A field is used to save random string, then cookies is stored in the hard disk at the end PC.
In this embodiment, logging request is obtained, logging request is responded, random string is generated simultaneously using random function
Log-on message and random string are associated storage, encrypt locally store information, and adds entry address information and is used as and add
The mark of locally store information after close, add random string in the locally store information encrypted, and will encrypt
Locally store information, which is stored in, to be locally stored.By generating random string and being added to locally store information using algorithm
It is close, by be originally plaintext locally store information encryption become ciphertext, can be improved log-on message safety, so that log-on message
In storing process, even if being stolen by attacker's malice to these log-on messages, effective information can not be therefrom got.
In one embodiment, as shown in figure 3, in step S20, that is, logging request is responded, is generated using random function random
Character string specifically comprises the following steps:
S21: generating N number of random integers using random function at random, and wherein N is positive integer.
Wherein, the size of N is related with the digit for the random string to be generated, and the digit of this random string is
Positive integer.Optionally, the size of N is equal to the digit for the random string to be generated.For example, if desired generate one 16 with
Machine character string then needs to generate 16 random integers at random.
The method for generating the random integers can be first generated using random function random () it is random between a 0-1
Number, then by the random number multiplied by certain multiple, such as 100 times, then using downward round numbers or the method pair to round up
Random number round numbers, so that it may obtain a random integers.Being rounded downwards is directly to remove the fractional part of random number.Example
Such as, the random number for using random function random () to generate obtains 32.61 multiplied by 100 times for 0.3261, then by the random number,
The integer that round numbers obtains still further below is 32.
S22: each random integers are taken the remainder divided by default value, obtain N number of random digit.
Wherein, default value refers to the component of the random string of generation.The component of random string can be with
It is at least one of 0-9, a-z, A-Z or symbol.The size of default value is the kind according to the component of random string
What the sum of class determined.For example, what random string was made of any N number of character in this 36 characters of 0-9 and a-z, that
Default value is then 36.
Preferably, the component of random string can be 0-9, a-z and A-Z totally 62 characters.Therefore, default value
It is 62.
Specifically, each random integers are taken the remainder divided by 62.Take the remainder be random integers are obtained divided by 62 one it is whole
Number quotient, remainder is the result taken the remainder.If the random integers, less than 62, remainder is the integer itself.For example, what is generated is random
Integer is 68,68 divided by 62, Shang Wei 1, remainder 6, so the random number is 6.
S23: searching corresponding character according to each random digit in string variable, obtain N number of random character,
In, string variable is pre-configured with to obtain.
Specifically, string variable be by number, capitalization English letter, small English alphabet, English character at least
One kind, arrangement generates in sequence.Such as string variable is by number, capitalization English letter and small English alphabet
According to again from a to z, the sequence from A to Z is ranked up from 0 to 9.String variable can be pre-configured with according to actual needs
It arrives.
Corresponding character is searched in string variable according to random digit to refer to according to the corresponding word of random digit lookup
The serial number of symbol, character corresponding to the serial number of the character is the random character being currently generated.For example, the corresponding word of random digit 11
The serial number of symbol is also 11, so 11 corresponding random characters are a.
S24: N number of random character is combined using the method for repeated assignment of values, obtains random string.
Wherein, repeated assignment of values, which refers to, is repeated as many times assignment to the same variable, after one random character of every generation just
The random character is assigned to a variable.
Specifically, the random character generated each time and the last random character generated are placed in the same variable.
For example, generating one two random strings, the random character a generated for the first time, random character string variable is Rstring
=" ".Random character a is assigned to by variable R string variable using Rstring+=" a " sentence, at this point, Rstring=" a ";
Second of random character b generated, gives random character b repeated assignment of values to Rstring variable using Rstring+=" b " sentence,
Random string Rstring=" ab " is obtained at this time, and so on, until N number of random character is all assigned to Rstring.
In this embodiment, N number of random integers are generated at random using random function, and by each random integers divided by pre-
If numerical value takes the remainder, N number of random digit is obtained, searches corresponding character in string variable further according to each random digit,
N number of random character is obtained, finally N number of random character is combined, obtains random string.It is generated by this method random
Character string has the advantages that complicated difficult to crack, and this method generates the fast speed of random string, random string
Digit and component are configurable, to protect the safety of log-on message to provide basic help.
In one embodiment, as shown in figure 4, in step S40, that is, locally store information is encrypted, and adds entry address letter
The mark as encrypted locally store information is ceased, the locally store information encrypted specifically comprises the following steps:
S41: the preset field of locally store information is encrypted, encryption information is obtained.
Wherein preset field refers to that pre-set specific fields, preset field may include complete in locally store information
Portion's field, also may include in locally store information part field (such as: user name, login time stamp or session
ID).It can specifically preset according to actual needs.The preset field of locally store information is subjected to symmetric cryptography, is obtained
Encryption information.
S42: entry address information is added in encryption information and is used as mark, the locally store information encrypted.
Specifically, by encryption information add entry address message identification, can be use entry address information be encrypt after
Locally store information name.For example, entry address information includes IP address, the IP address that user currently logs in is
123.234.345.456 then target can be stored information name " 123.234.345.456 ".
In this embodiment, it is encrypted by the preset field to locally store information, server can be reduced
Operand, improves the arithmetic speed of server, at the same make encryption data control it is freer, can operating space it is big, flexibility
It is high.Entry address information is added in encryption information as mark, and server-side can be facilitated to identify and obtain.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
In one embodiment, a kind of log-on message storage device is provided, the log-on message storage device and above-described embodiment
Middle log-on message storage method corresponds.As shown in figure 5, the log-on message storage device includes that logging request obtains module
10, random string generation module 20, database storage module 30, data encryption module 40, module 50 is locally stored.Each function
Detailed description are as follows for module:
Logging request obtains module 10, generates this for obtaining logging request, and according to the log-on message in logging request
Ground stores information, and logging request further includes entry address information;
Random string generation module 20 generates random string using random function for responding logging request;
Database storage module 30, for log-on message, entry address information and random string to be associated storage,
Obtain database stores information;
Data encryption module 40 for encrypting locally store information, and adds entry address information as encrypted
Ground stores the mark of information, the locally store information encrypted;
Module 50 is locally stored, for adding random string in the locally store information encrypted, and will encrypt
Locally store information be stored in and be locally stored, obtain target storage information.
Preferably, random string generation module 20 include random integers generation unit, it is random digit generation unit, random
Character generation unit and random string generation unit.
Random integers generation unit, for generating N number of random integers at random using random function, wherein N is positive integer.
Random digit generation unit obtains N number of random number for taking the remainder each random integers divided by default value
Word.
Random character generation unit is obtained for searching corresponding character in string variable according to each random digit
To N number of random character, wherein string variable is pre-configured with to obtain.
Random string generation unit, for N number of random character to be combined using the method for repeated assignment of values, obtain with
Machine character string.
Preferably, data encryption module 40 includes preset field encryption unit and mark adding unit.
Preset field encryption unit obtains encryption information for encrypting the preset field of locally store information;
Adding unit is identified, is used as mark, the sheet encrypted for adding entry address information in encryption information
Ground stores information.
Specific about log-on message storage device limits the limit that may refer to above for log-on message storage method
Fixed, details are not described herein.Modules in above-mentioned log-on message storage device can fully or partially through software, hardware and its
Combination is to realize.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with
It is stored in the memory in computer equipment in a software form, in order to which processor calls the above modules of execution corresponding
Operation.
One embodiment of the invention provides a kind of login validation method, which can be applicable to the application such as Fig. 1
In environment, wherein client (computer equipment) is communicated by network with server-side.Computer equipment issues login authentication
Request, server-side obtain login authentication request, obtain target storage information and database stores information, are solved after treatment
Storage information after close, and the storage information after decryption is verified using database stores information.Wherein, computer equipment
It can be, but not limited to various personal computers, laptop, smart phone, tablet computer and portable wearable device.Clothes
Business device can be realized with the server cluster of the either multiple server compositions of independent server.
In one embodiment, as shown in fig. 6, providing a kind of login validation method, the service in Fig. 1 is applied in this way
It is illustrated, includes the following steps: for end
S60: obtaining login authentication request, and login authentication request includes verification address information.
Wherein, when login authentication request refers to user using computer equipment Website login, APP or platform, customer side hair
Give the login verification request of server-side.Verification address information refers to that customer side is sent to institute in the login verification request of server-side
The IP address information and/or network address of carrying.Wherein, IP address refers to that Internet protocol address, IP address are that IP agreement provides
A kind of unified address format, it is one logical address of each network and each host assignment on internet.Network address
Information refers to the network address for the website that user currently logs in.
S70: target storage information and database stores information are obtained according to verification address information, wherein target storage letter
Breath and database stores information are obtained using log-on message storage method.
Wherein, target storage information and database stores information are obtained according to verification address information, refers to and is worked as according to user
The IP address and/or network address of preceding login store information and database stores information to obtain target.Wherein, target storage information and
Database stores information is obtained using the log-on message storage method in above-described embodiment.Specifically, if the login of user
Being locally stored corresponding in address information is middle in the presence of the target named with verification address information storage information and data inventory
Store up information, if in the entry address information of user it is corresponding be locally stored it is middle exist it is identical as current verification address information
Identification field, then obtain target storage information and database stores information.For example, the IP address that user currently logs in is
123.234.345.456, then it obtains the target that name is " 123.234.345.456 " and stores information and database stores information.
S80: target storage information is decrypted.
Specifically, target storage information is decrypted using in log-on message storage method, newly-increased local is deposited
The algorithm for inversion for the algorithm that the preset field of storage information is encrypted is decrypted.
Preferably, target storage information is decrypted and is equally decrypted using aes algorithm, decrypting process is encrypted
The inverse process of journey.
Target storage information is decrypted, the log-on message for being encrypted as ciphertext originally can be decrypted into plain text.Wherein,
It is the data that encrypted data deciphering restores in plain text.
S90: if target stores information successful decryption, the storage information after being decrypted.
If target stores information successful decryption, the storage information after being decrypted.Storage information after decryption includes solution
The random string after log-on message and decryption after close.
S100: the storage information after decryption is verified according to database stores information.
Specifically, the storage information after decryption is verified, mainly according to the log-on message in database stores information
Verified with random string decryption after storage information in decryption after log-on message and decryption after random string be
No correspondence.If the random string after log-on message and decryption after decryption is corresponding, the storage information checking after decryption passes through.
If the random string after log-on message and decryption after decryption does not correspond to, the storage information checking after decryption does not pass through.
S110: if the storage information checking after decryption passes through, login authentication request passes through.
If locally store information verification passes through, login authentication requests verification passes through.Login authentication requests verification passes through it
Afterwards, so that it may realize automated log on, i.e., user without input username and password again just and Website login, APP or flat
Platform.
In the present embodiment, by the way that login authentication request is obtained, target storage information is decrypted, if target stores
Information successful decryption, then the storage information after being decrypted.Target storage information is decrypted, according to database stores information
Storage information after decryption is verified, if the storage information checking after decryption passes through, login authentication request passes through.Pass through
It is decrypted using decipherment algorithm, the log-on message that encryption becomes ciphertext originally can be made to become in plain text, doing so more can be effective
Improve the safety for logging in verification in ground.By being verified to database stores information and to the storage information after decryption, can prevent
Only malicious attacker steals user login information, thus caused by the user of common permission be modified to administrator right, into one
Improve the safety for logging in verification to step.
In one embodiment, the storage information after decryption includes the random character after the log-on message and decryption after decryption
String.
Wherein, after the log-on message after decryption includes the user name after decryption, the stamp of the login time after decryption and/or decrypts
Session ID etc..
In the present embodiment, as shown in fig. 7, in step S100, i.e., according to database stores information to the storage after decryption
Information is verified, and is specifically comprised the following steps:
S101: calibration database stores whether information is associated with the storage information after decryption.
Wherein, database stores information is to obtain to come from database.Database stores information mainly includes logging in letter
Breath and random string.
Specifically, whether calibration database storage information is associated with the storage information after decryption, refers to that calibration database is deposited
The log-on message after decryption in log-on message (such as user name) in storage information and the storage information after decrypting (such as is decrypted
User name afterwards) whether consistent and calibration database stores the solution in the random string in letter and the storage information after decryption
Whether the random string after close is consistent.Log-on message in database and random character and the storage information after decryption if it exists
In any one do not correspond to or the log-on message in database and random string any one missing, then it is assumed that data
Log-on message and random string are not associated with log-on message in the storage information after decryption and random string in library.
S102: if the storage information association after database stores information and decryption, the storage information checking after decryption is logical
It crosses.
If the storage information association after database stores information and decryption, the storage information checking after decryption pass through.
If malicious attacker wants the user name for the user name of ordinary user being revised as administrator, to obtain administrator's power
Limit.But during storage information checking after decryption, it is found that this is modified to the ordinary user's of administrator username
Random string and the random string of administrator are inconsistent, then the storage information checking after decrypting can not pass through, and need again
It logs in.
In a specific embodiment, whether calibration database storage information is associated with it with the storage information after decryption
Afterwards, further include verification decryption after storage information in session ID corresponding to session whether fail.
If session failure corresponding to the session ID in storage information after decryption, the storage letter after decryption
Breath verification does not pass through.Specifically, whether the corresponding session of verification session ID, which fails, mainly verifies this session
Whether session object corresponding to session ID reaches the session failed time proves if reaching Session Time
The corresponding session failure of session ID, therefore the storage information checking after decryption does not pass through, and needs to log in again.
Wherein, session is also referred to as " session control ".Session for attribute needed for storing specific user's session and
Configuration information.Session failure refers to after the user logs, the time of a current session failure can all be arranged, if user
It is not interacted for a long time with server, automatically exits from login, destroy session.
In this embodiment, whether calibration database storage information is associated with the storage information after decryption, if database
Storage information association after storing information and decryption, then the storage information checking after decrypting pass through, and can reduce the response of verification
Time accelerates verification speed, so that user enters a website, APP or when platform, avoids and repeatedly inputs user name and close
Code, improves the experience of user.
In one embodiment, after the step of target storage information is decrypted, which further includes
Following steps:
If target stores information decryption failure, the prompt information logged in again is issued.
If encountering network problem, leads to the loss of data in the data packet of rear end transmission or attempt to repair there are malicious attacker
Changing the case where influences such as logon data decryption carries out will lead to decryption failure.Therefore, if target storage information decryption failure,
The prompt information logged in again is issued, user is prompted to log in again.
Optionally, issuing the prompt information that logs in again can be by the way of playing frame or directly by page jump to stepping on
The mode of the page is recorded to prompt.It is to be appreciated that issuing the prompt information logged in again includes but is not limited to above-mentioned two
Kind, other methods that can issue prompt information also belong to protection scope of the present invention.
In this embodiment, if there is decryption failure the case where, then prove that user is likely to be at unsafe step on
Record environment or log-on message are lacked, and at this moment user are allowed to log in again, can more protect log-on message, are improved and are logged in verification
Safety, prevent malicious attacker steal log-on message or leakage log-on message.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
In one embodiment, a kind of login authentication device is provided, which tests with login in above-described embodiment
Card method corresponds.As shown in figure 8, the login authentication device includes that login authentication request module 60, check information obtain
Modulus block 70, decryption data obtaining module 90, logs in correction verification module 100 and verification judgment module 110 at information deciphering module 80.
Detailed description are as follows for each functional module:
Login authentication request module 60, for obtaining login authentication request, login authentication request includes verification address
Information.
Check information obtains module 70, and for being obtained according to verification address information, target stores information and database purchase is believed
Breath, wherein target stores information and database stores information is using the described in any item log-on messages storages of claim 1-3
What method obtained.
Information deciphering module 80, for target storage information to be decrypted.
Data obtaining module 90 is decrypted, if storing information successful decryption, the storage information after being decrypted for target.
Correction verification module 100 is logged in, for verifying according to database stores information to the storage information after decryption.
Judgment module 110 is verified, if the storage information checking for after decrypting passes through, login authentication request passes through.
Preferably, logging in correction verification module 100 includes association verification unit and check results judging unit.
It is associated with verification unit, whether is associated with for calibration database storage information with the storage information after decryption.
Check results judging unit, if for the storage information association after database stores information and decryption, after decryption
Storage information checking pass through.
Preferably, which is also used to after target storage information is decrypted, if target storage letter
Breath decryption failure, then issue the prompt information logged in again.
Specific about login authentication device limits the restriction that may refer to above for login validation method, herein not
It repeats again.Modules in above-mentioned login authentication device can be realized fully or partially through software, hardware and combinations thereof.On
Stating each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also store in a software form
In memory in computer equipment, the corresponding operation of the above modules is executed in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 9.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment is for storing log-on message, entry address information and random string.The network of the computer equipment connects
Mouth with external terminal by network connection for being communicated.To realize a kind of login letter when the computer program is executed by processor
To realize a kind of login validation method when breath storage method or the computer program are executed by processor.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program realizes realization when a kind of log-on message storage method or computer program are executed by processor when being executed by processor
A kind of login validation method.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of log-on message storage method characterized by comprising
Logging request is obtained, and locally store information, the logging request are generated according to the log-on message in the logging request
It further include entry address information;
The logging request is responded, random string is generated using random function;
The log-on message, the entry address information and the random string are associated storage, obtain data inventory
Store up information;
The locally store information is encrypted, and adds the entry address information as the encrypted locally store information
Mark, the locally store information encrypted;
Add the random string in the locally store information encrypted, and by it is described encrypted letter is locally stored
During breath is stored in and is locally stored, target storage information is obtained.
2. log-on message storage method as described in claim 1, which is characterized in that the response logging request uses
Random function generates random string, specifically includes:
Generate N number of random integers at random using random function, wherein N is positive integer;
Each random integers are taken the remainder divided by default value, obtain N number of random digit;
Corresponding character is searched in string variable according to each random digit, obtains N number of random character, wherein institute
String variable is stated to be pre-configured with to obtain;
N number of random character is combined using the method for repeated assignment of values, obtains random string.
3. log-on message storage method as described in claim 1, which is characterized in that encrypt the locally store information, and add
Add the entry address information as the mark of the encrypted locally store information, what is encrypted is locally stored letter
Breath, comprising:
The preset field of the locally store information is encrypted, encryption information is obtained;
The entry address information is added in the encryption information is used as mark, the locally store information encrypted.
4. a kind of login validation method characterized by comprising
Login authentication request is obtained, the login authentication request includes verification address information;
Target storage information and the database stores information are obtained according to the verification address information, wherein the target is deposited
Storage information and the database stores information are obtained using the described in any item log-on message storage methods of claim 1-3
's;
Target storage information is decrypted;
If the target stores information successful decryption, the storage information after being decrypted;
The storage information after the decryption is verified according to the database stores information;
If the storage information checking after the decryption passes through, the login authentication request passes through.
5. login validation method as claimed in claim 4, which is characterized in that the storage information after the decryption includes after decrypting
User name and decryption after random string;
It is described that the storage information after the decryption is verified according to the database stores information, it specifically includes:
Verify whether the database stores information is associated with the storage information after the decryption;
If the storage information association after the database stores information and the decryption, the storage information checking after the decryption
Pass through.
6. login validation method as claimed in claim 5, which is characterized in that described that target storage information is decrypted
The step of after, the login validation method further include:
If the target storage information decryption failure, issues the prompt information logged in again.
7. a kind of log-on message storage device characterized by comprising
Logging request obtains module, generates locally for obtaining logging request, and according to the log-on message in the logging request
Information is stored, the logging request further includes entry address information;
Random string generation module generates random string using random function for responding the logging request;
Database storage module, for closing the log-on message, the entry address information and the random string
Connection storage, obtains database stores information;
Data encryption module for encrypting the locally store information, and adds the entry address information as encrypted
The mark of the locally store information, the locally store information encrypted;
Module is locally stored, for adding the random string in the locally store information encrypted, and will be described
The locally store information encrypted, which is stored in, to be locally stored, and target storage information is obtained.
8. a kind of login authentication device characterized by comprising
Login authentication request module, for obtaining login authentication request, the login authentication request includes verification address letter
Breath;
Check information obtains module, for obtaining target storage information and the database purchase according to the verification address information
Information, wherein the target stores information and the database stores information is stepped on using claim 1-3 is described in any item
Record information storage means obtain;
Information deciphering module, for target storage information to be decrypted;
Data obtaining module is decrypted, if storing information successful decryption, the storage information after being decrypted for the target;
Correction verification module is logged in, for verifying according to the database stores information to the storage information after the decryption;
Judgment module is verified, if the storage information checking for after the decryption passes through, the login authentication request passes through.
9. a kind of computer equipment, including memory, processor and storage are in the memory and can be in the processor
The computer program of upper operation, which is characterized in that the processor realized when executing the computer program as claim 1 to
The step of any one of 3 log-on message storage method or the processor are realized when executing the computer program as weighed
Benefit requires the step of any one of 4 to 6 login validation method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In realizing the log-on message storage method as described in any one of claims 1 to 3 when the computer program is executed by processor
The login validation method as described in any one of claim 4 to 6 is realized when step or the computer program are executed by processor
The step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811527514.7A CN109462602B (en) | 2018-12-13 | 2018-12-13 | Login information storage method, login verification method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811527514.7A CN109462602B (en) | 2018-12-13 | 2018-12-13 | Login information storage method, login verification method, device, equipment and medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109462602A true CN109462602A (en) | 2019-03-12 |
CN109462602B CN109462602B (en) | 2022-11-01 |
Family
ID=65613224
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811527514.7A Active CN109462602B (en) | 2018-12-13 | 2018-12-13 | Login information storage method, login verification method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109462602B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110083386A (en) * | 2019-04-04 | 2019-08-02 | 平安普惠企业管理有限公司 | Random number generates control method, device, computer equipment and storage medium |
CN110166242A (en) * | 2019-05-22 | 2019-08-23 | 吉林亿联银行股份有限公司 | Message transmitting method and device |
CN110572371A (en) * | 2019-08-20 | 2019-12-13 | 河南大学 | identity uniqueness check control method based on HTML5 local storage mechanism |
CN110751033A (en) * | 2019-09-16 | 2020-02-04 | 平安科技(深圳)有限公司 | Offline login method and related product |
CN111814133A (en) * | 2020-05-27 | 2020-10-23 | 平安国际智慧城市科技股份有限公司 | Unified login method and device for mobile application |
CN112003847A (en) * | 2020-08-14 | 2020-11-27 | 苏州浪潮智能科技有限公司 | Front-end authority access method and equipment |
CN112149069A (en) * | 2019-06-27 | 2020-12-29 | 北京数安鑫云信息技术有限公司 | Generation method, use method and device of authorization check character string |
CN112836206A (en) * | 2019-11-22 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Login method, device, storage medium and computer equipment |
CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
CN117763625A (en) * | 2023-12-01 | 2024-03-26 | 深圳高灯云科技有限公司 | Token acquisition method, device, computer equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618807A (en) * | 2013-11-08 | 2014-03-05 | 北京奇虎科技有限公司 | Method and device for processing cookie information |
CN103957202A (en) * | 2014-04-22 | 2014-07-30 | 中国工商银行股份有限公司 | Safety login method and system |
CN106330979A (en) * | 2016-11-09 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Router login method and device |
CN108322461A (en) * | 2018-01-31 | 2018-07-24 | 百度在线网络技术(北京)有限公司 | Method, system, device, equipment and the medium of application program automated log on |
CN108551443A (en) * | 2018-03-30 | 2018-09-18 | 平安科技(深圳)有限公司 | A kind of application login method, device, terminal device and storage medium |
CN108683679A (en) * | 2018-05-30 | 2018-10-19 | 深圳壹账通智能科技有限公司 | More account login methods, device, equipment and the storage medium of Web APP |
-
2018
- 2018-12-13 CN CN201811527514.7A patent/CN109462602B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618807A (en) * | 2013-11-08 | 2014-03-05 | 北京奇虎科技有限公司 | Method and device for processing cookie information |
CN103957202A (en) * | 2014-04-22 | 2014-07-30 | 中国工商银行股份有限公司 | Safety login method and system |
CN106330979A (en) * | 2016-11-09 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Router login method and device |
CN108322461A (en) * | 2018-01-31 | 2018-07-24 | 百度在线网络技术(北京)有限公司 | Method, system, device, equipment and the medium of application program automated log on |
CN108551443A (en) * | 2018-03-30 | 2018-09-18 | 平安科技(深圳)有限公司 | A kind of application login method, device, terminal device and storage medium |
CN108683679A (en) * | 2018-05-30 | 2018-10-19 | 深圳壹账通智能科技有限公司 | More account login methods, device, equipment and the storage medium of Web APP |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110083386A (en) * | 2019-04-04 | 2019-08-02 | 平安普惠企业管理有限公司 | Random number generates control method, device, computer equipment and storage medium |
CN110083386B (en) * | 2019-04-04 | 2024-03-19 | 平安普惠企业管理有限公司 | Random number generation control method, device, computer equipment and storage medium |
CN110166242A (en) * | 2019-05-22 | 2019-08-23 | 吉林亿联银行股份有限公司 | Message transmitting method and device |
CN110166242B (en) * | 2019-05-22 | 2022-10-21 | 吉林亿联银行股份有限公司 | Message transmission method and device |
CN112149069A (en) * | 2019-06-27 | 2020-12-29 | 北京数安鑫云信息技术有限公司 | Generation method, use method and device of authorization check character string |
CN110572371A (en) * | 2019-08-20 | 2019-12-13 | 河南大学 | identity uniqueness check control method based on HTML5 local storage mechanism |
CN110751033A (en) * | 2019-09-16 | 2020-02-04 | 平安科技(深圳)有限公司 | Offline login method and related product |
CN112836206A (en) * | 2019-11-22 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Login method, device, storage medium and computer equipment |
CN111814133A (en) * | 2020-05-27 | 2020-10-23 | 平安国际智慧城市科技股份有限公司 | Unified login method and device for mobile application |
CN112003847A (en) * | 2020-08-14 | 2020-11-27 | 苏州浪潮智能科技有限公司 | Front-end authority access method and equipment |
CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
CN114120457B (en) * | 2021-09-07 | 2024-05-14 | 重庆亿连信息科技有限公司 | Parking self-service payment method and vehicle inquiring method based on mobile phone end |
CN117763625A (en) * | 2023-12-01 | 2024-03-26 | 深圳高灯云科技有限公司 | Token acquisition method, device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109462602B (en) | 2022-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109462602A (en) | Log-on message storage method, login validation method, device, equipment and medium | |
US11516201B2 (en) | Encryption and decryption techniques using shuffle function | |
US11757641B2 (en) | Decentralized data authentication | |
US10986073B2 (en) | Vaultless tokenization engine | |
Li et al. | The {Emperor’s} new password manager: Security analysis of web-based password managers | |
JP6545136B2 (en) | System and method for encrypted transmission of web pages | |
CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
CN110365670A (en) | Blacklist sharing method, device, computer equipment and storage medium | |
US10068106B2 (en) | Tokenization column replacement | |
CN106685973A (en) | Method and device for remembering log in information, log in control method and device | |
CN104992119B (en) | A kind of safe transmission method and system of sensitive information Anti-theft | |
CN107241184B (en) | Personal password generation and management method based on improved AES | |
Casey et al. | An interoperable architecture for usable password-less authentication | |
US20170200020A1 (en) | Data management system, program recording medium, communication terminal, and data management server | |
CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
JPWO2011058629A1 (en) | Information management system | |
US11502840B2 (en) | Password management system and method | |
JP2007065789A (en) | Authentication system and method | |
Calpito et al. | Application of advanced encryption standard in the computer or handheld online year-round registration system | |
Modugula | A Hybrid approach for Augmenting password security using Argon2i hashing and AES Scheme. | |
CN116566744B (en) | Data processing method and security verification system | |
CN103235910A (en) | Method achieving network account protection control based on smart card in iOS operation system | |
Alrashidy | Protecting Sensitive Data on Cloud Service Provider | |
Retinger | A client-based encryption model for secure data storing in publicly available storage systems | |
Gupta et al. | Developing Application Framework for Secure and Distributed Banking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |