CN109462602B - Login information storage method, login verification method, device, equipment and medium - Google Patents
Login information storage method, login verification method, device, equipment and medium Download PDFInfo
- Publication number
- CN109462602B CN109462602B CN201811527514.7A CN201811527514A CN109462602B CN 109462602 B CN109462602 B CN 109462602B CN 201811527514 A CN201811527514 A CN 201811527514A CN 109462602 B CN109462602 B CN 109462602B
- Authority
- CN
- China
- Prior art keywords
- information
- login
- storage information
- random
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a login information storage method, a login verification device and a login information storage medium, wherein in the login information storage method, after a login request comprising login address information is obtained, local storage information is generated according to the login information, a random character string is generated, and then the character string, the login information and the login address information are stored in an associated manner at any time to obtain database storage information; encrypting the local storage information, adding login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information, adding the random character string into the encrypted local storage information, and storing the random character string in a local storage to obtain target storage information. By encrypting the locally stored information including the login information, the security of the login information storage can be improved.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a login information storage method, a login verification device, and a login verification medium.
Background
Nowadays, with the continuous development of network information technology, the security of personal information becomes more and more important. When a user logs in a website, a plurality of websites store personal login information of the user in a local storage of the user in order to facilitate the browsing of the user, so that the user is prevented from inputting a user name and a password for many times, and the user experience of the user is improved. However, since the personal login information in the local storage is usually stored in the clear, the personal login information of the user is directly stored without any technical processing. Doing so presents the user with a risk of personal login information leakage. And partial malicious attackers modify the authority of the user to enable the user which is originally the common authority to be modified into the authority of the administrator, so that local storage information deception occurs.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for storing login information, which aim to solve the problem of low security of login information storage.
The embodiment of the invention provides a login verification method, a login verification device, equipment and a medium, and aims to solve the problem of low login verification safety.
A login information storage method includes:
acquiring a login request, and generating local storage information according to login information in the login request, wherein the login request also comprises login address information;
responding to the login request, and generating a random character string by adopting a random function;
performing associated storage on the login information, the login address information and the random character string to obtain database storage information;
encrypting the local storage information, and adding the login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information;
and adding the random character string in the encrypted local storage information, and storing the encrypted local storage information in a local storage to obtain target storage information.
A login authentication device comprising:
the login request acquisition module is used for acquiring a login request and generating local storage information according to login information in the login request, wherein the login request also comprises login address information;
the random character string generating module is used for responding to the login request and generating a random character string by adopting a random function;
the database storage module is used for performing associated storage on the login information, the login address information and the random character string to obtain database storage information;
the data encryption module is used for encrypting the local storage information and adding the login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information;
and the local storage module is used for adding the random character string in the encrypted local storage information and storing the encrypted local storage information in a local storage to obtain target storage information.
A login authentication method, comprising:
acquiring a login authentication request, wherein the login authentication request comprises check address information;
acquiring target storage information and the database storage information according to the verification address information, wherein the target storage information and the database storage information are obtained by adopting the login information storage method according to any one of claims 1-3;
decrypting the target storage information;
if the target storage information is decrypted successfully, the decrypted storage information is obtained;
verifying the decrypted storage information according to the database storage information;
and if the decrypted storage information passes the verification, the login authentication request passes.
A login authentication device comprising:
a login authentication request acquisition module, configured to acquire a login authentication request, where the login authentication request includes check address information;
a check information obtaining module, configured to obtain target storage information and the database storage information according to the check address information, where the target storage information and the database storage information are obtained by using the login information storage method;
the information decryption module is used for decrypting the target storage information;
the decryption information acquisition module is used for obtaining decrypted storage information if the target storage information is decrypted successfully;
the login checking module is used for checking the decrypted storage information according to the database storage information;
and the verification judgment module is used for passing the login verification request if the decrypted storage information passes the verification.
A computer device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, said processor implementing the steps of the above-mentioned login information storage method when executing said computer program, or implementing the steps of the above-mentioned login authentication method when executing said computer program.
A computer-readable storage medium, which stores a computer program that when executed by a processor implements the steps of the above-described login information storage method, or that when executed by a processor implements the steps of the above-described login authentication method.
According to the login information storage method, the device, the computer equipment and the storage medium, after a login request comprising login address information is obtained, local storage information is generated according to the login information in the login request, the login request is responded, a random character string is generated by adopting a random function, and the random character string, the login information and the login address information are stored in an associated mode to obtain database storage information; and encrypting the local storage information, adding login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information, adding the random character string into the encrypted local storage information, and storing the random character string in a local storage to obtain target storage information. By encrypting the locally stored information including the login information, the security of the login information storage can be improved.
According to the login verification method, the login verification device, the computer equipment and the storage medium, after a login verification request containing verification address information is obtained, target storage information and database storage information are obtained according to the verification address information, then the target storage information is decrypted, and if decryption is successful, the decrypted storage information is obtained; and verifying the decrypted storage information according to the storage information of the database, and if the decrypted storage information passes the verification, the login verification request passes. And the safety of login verification is improved by verifying whether the decrypted storage information corresponds to the login information and the random character string in the database storage information.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a schematic diagram of an application environment of a login information storage method or a login authentication method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating an exemplary method for storing login information according to an embodiment of the present invention;
FIG. 3 is a diagram of another example of a method for storing login information according to an embodiment of the present invention;
FIG. 4 is a diagram of another example of a method for storing login information according to an embodiment of the present invention;
FIG. 5 is a schematic block diagram of a log information storage device according to an embodiment of the invention;
FIG. 6 is a diagram illustrating an exemplary login authentication method according to an embodiment of the present invention;
FIG. 7 is a diagram of another example of a login authentication method in an embodiment of the invention;
FIG. 8 is a functional block diagram of a login authentication device in an embodiment of the present invention;
FIG. 9 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The login information storage method provided by the embodiment of the invention can be applied to the application environment shown in fig. 1, wherein a client (computer device) communicates with a server through a network. After the computer equipment sends a login request, the server side obtains login address information and login information according to the login request, generates a random character string, and obtains database storage information and target storage information after processing. Among them, the client (computer device) may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server can be implemented by an independent server or a server cluster composed of a plurality of servers.
In an embodiment, as shown in fig. 2, a method for storing login information is provided, which is described by taking the application of the method to the server in fig. 1 as an example, and includes the following steps:
s10: and acquiring a login request, and generating local storage information according to login information in the login request, wherein the login request also comprises login address information.
The login request is an instruction sent by the client to the server and used for informing the server to perform login operation. The login request carries login address information and login information. And the server side acquires the login request and processes the login request.
The login address information comprises an IP address currently logged in by the user or website information currently logged in by the user. The IP address is a uniform address format provided by the IP protocol, and a logical address is allocated to each network and each host on the Internet. The website information refers to the website of the website which the user currently logs in.
The login information refers to personal information input when a user logs in a website, an APP or a platform by using computer equipment and/or data generated by a server according to the operation of the user.
Optionally, the login information comprises at least one of a username, a login status, a login timestamp, or a session ID. The user name refers to a login account input by the user during login. The login state is used for indicating whether the user is in an online state or an offline state during the current login. The login timestamp refers to a timestamp generated by the server according to the network time of the system when the user logs in, and is used for recording the current login time of the user, and a new login timestamp is correspondingly generated every time the user logs in. The session ID is a session saved by the server for each user, and a generated ID is assigned to the sessions as an identifier to distinguish different users. The session refers to a session object generated by interaction between the client and the server.
The local storage information may be cookies, localStorage objects or sessionstorege objects. Cookies are a local storage object, and are used for storing login information of a user in a hard disk of the device. And the localStorage is a local storage object newly added by the html5 and is used for permanently storing the local memory data of the whole website. sessionStorage is a new session storage object added by html5, and is used for temporarily storing data of the same window (or tab page).
Generating the local storage information according to the login information means adding the login information to the local storage information. Illustratively, the local storage information is a cookie object, and when a user logs in a computer device, if the user selects a remember password or an automatic login function option, the server stores the login information of the user in the cookies according to the selection of the user. For example, when a user logs in a shopping website for the first time, if the user selects to remember a password or an automatic login function option, the server stores login information of the user in cookies, so that the user can automatically log in an account of the user without re-inputting a user name and a password when the user opens the same browser to enter the website by using the same computer device again.
S20: and responding to the login request, and generating a random character string by adopting a random function.
The random character string refers to a character string randomly generated by the server. Optionally, the number of bits of the character string is two or more.
Specifically, after the server receives a login request sent by the client, a random string may be generated by using a random function. Generating the random string may randomly generate an integer of a predetermined number of bits by a random function random (). Or, generating N random integers, dividing the N random integers by preset numbers respectively to carry out remainder, and searching corresponding characters in predefined character string variables respectively according to a remainder result. Further, generating a random character string may also be implemented by generating N random integers and then searching for corresponding characters in an ASCII table according to the N random integers.
In consideration of the complexity of the random character string, the constituent elements of the random character string may be at least one of numbers, uppercase english alphabets, lowercase english alphabets, and symbols. It will be appreciated that the more bits of the random string, the more complex the string constituent elements, and the lower the likelihood of brute force cracking of the random string. The brute force cracking means that hackers or system malicious attackers adopt an exhaustion method, namely, the hackers and the system malicious attackers use a user name and a password dictionary of the hackers and perform enumeration one by one to try to determine whether the hackers can log in or not.
S30: and performing associated storage on the login information, the login address information and the random character string to obtain database storage information.
The associated storage means that each piece of login information and login address information only has one random character string corresponding to the login information and the login address information is stored. The login address information may be stored as an identifier in association with the login information and the random string. The specific method can be that the information stored in the database is named by adopting login address information, and the login information, the login address information and the random character string can also be stored in the database of the user.
Preferably, the associating and storing the login information, the login address information and the random character string mainly means storing the login information, the login address information and the random character string in a database of the user to realize the associating and storing of the login information and the random character string. Specifically, a field may be newly created in the database of the user, and the user name and the random string may be stored in the field.
In the step, the login information, the login address information and the random character string are stored in an associated manner to obtain database storage information, and the most important function is to store the login information in the database, so that the login information is prevented from being leaked, and the security of the login information is protected.
S40: and encrypting the local storage information, and adding login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information.
In the step, the local storage information is encrypted by adopting an encryption algorithm, and after the local storage information is encrypted, the data in the local storage information is encrypted into a ciphertext.
The encryption algorithm for encrypting the local storage information may be AES symmetric encryption, RAS asymmetric encryption, DES encryption, SM4 encryption, or the like. It is understood that the encryption algorithm for encrypting the locally stored information includes, but is not limited to, the above algorithm, and other algorithms capable of encrypting and invertible data information are within the scope of the present invention.
Preferably, the local storage information is encrypted by using an AES symmetric encryption algorithm, which can encrypt plaintext, that is, data before encryption, by using an AES encryption function to generate a section of ciphertext, that is, data after encryption. The algorithm has the advantages of high encryption efficiency, unlimited encrypted data length and the like. And the encryption key of the algorithm is the same as the decryption key so that encryption and decryption can operate in reverse.
The identifier for adding the login address information as the encrypted local storage information may be named by the login address information as the encrypted local storage information, or may be a login address information identifier field added to the encrypted local storage information. Preferably, the adding of the login address information identifier refers to naming the encrypted local storage information by using the login address information.
S50: and adding a random character string in the encrypted local storage information, and storing the encrypted local storage information in a local storage to obtain target storage information.
The random string is added to the encrypted local storage information, and the encrypted local storage information to which the random string is added is saved in the local storage. Specifically, a field is added to the encrypted local storage information to store the random string, and the encrypted local storage information is stored in the local storage. The local storage refers to a storage space of a device for a user to perform login operation. For example, if the user logs in by using a browser of the PC, the local storage information is encrypted and added with a login address information identifier and then stored in a hard disk of the PC. For example, a field is added to cookies to store a random character string, and then the cookies are stored in a hard disk of the PC.
In this embodiment, a login request is obtained, a random character string is generated by using a random function in response to the login request, login information and the random character string are stored in association, local storage information is encrypted, login address information is added as an identifier of the encrypted local storage information, the random character string is added to the encrypted local storage information, and the encrypted local storage information is stored in a local storage. By generating the random character string and encrypting the local storage information by using the algorithm, the local storage information which is originally plaintext is encrypted into ciphertext, so that the safety of the login information can be improved, and the login information cannot be obtained from the ciphertext even if an attacker maliciously steals the login information in the storage process.
In an embodiment, as shown in fig. 3, in step S20, that is, in response to the login request, a random character string is generated by using a random function, which specifically includes the following steps:
s21: and randomly generating N random integers by adopting a random function, wherein N is a positive integer.
Wherein the size of N is related to the number of bits of the random character string to be generated, and the number of bits of the random character string is a positive integer. Optionally, the size of N is equal to the number of bits of the random string to be generated. For example, if a 16-bit random string needs to be generated, 16 random integers need to be generated randomly.
The method for generating the random integer may be to generate a random number between 0 and 1 by using random function random (), then multiply the random number by a certain multiple, such as 100 times, and then use a method of taking an integer downwards or rounding to take an integer to the random number, so as to obtain a random integer. Rounding down is the direct removal of the fractional part of the random number. For example, the random number generated by using the random function random () is 0.3261, and then the random number is multiplied by 100 times to obtain 32.61, and then an integer obtained by taking an integer downward is 32.
S22: dividing each random integer by a preset numerical value to obtain a remainder, and obtaining N random numbers.
The preset numerical value refers to a constituent element of the generated random character string. The constituent elements of the random string may be at least one of 0-9, a-Z, A-Z, or symbols. The size of the preset numerical value is determined according to the total number of kinds of the constituent elements of the random character string. For example, if the random string is composed of any N characters of 36 characters, i.e., 0 to 9 and a to z, the preset value is 36.
Preferably, the constituent elements of the random string may be 62 characters of 0-9, a-Z and A-Z. Therefore, the preset value is 62.
Specifically, each random integer is divided by 62 to get the remainder. The remainder is the result of dividing the random integer by 62 to obtain an integer quotient. If the random integer is less than 62, the remainder is the integer itself. For example, the generated random integer is 68, 68 divided by 62, the quotient is 1, and the remainder is 6, so the random number is 6.
S23: and searching a corresponding character in the character string variables according to each random number to obtain N random characters, wherein the character string variables are obtained by pre-configuration.
Specifically, the character string variables are generated by at least one of numbers, capital letters, lowercase letters and English characters arranged in a certain order. For example, the variables of the character string are sorted by numbers, capital letters and lowercase letters in the order from 0 to 9, then from a to Z, and from a to Z. The character string variables can be pre-configured according to actual needs.
Searching for the corresponding character in the character string variable according to the random number refers to searching for the serial number of the corresponding character according to the random number, wherein the character corresponding to the serial number of the character is the currently generated random character. For example, since the number of the character corresponding to the random number 11 is also 11, the random character corresponding to 11 is a.
S24: and combining the N random characters by adopting a repeated assignment method to obtain a random character string.
The repeated assignment refers to that assignment is repeated for a plurality of times on the same variable, and each time a random character is generated, the random character is assigned to one variable.
Specifically, the random character generated each time and the random character generated last time are placed in the same variable. For example, a two-bit random string is generated, the random character a is generated for the first time, and the random string variable is Rstring ='. Assigning a random character a to a variable Rstring variable by adopting a statement Rstring + = 'a', wherein Rstring = 'a'; and (3) repeatedly assigning the random character b to the Rstring variable by adopting an Rstring + = 'b' statement for the random character b generated for the second time, obtaining a random character string Rstring = 'ab', and so on until all the N random characters are assigned to Rstring.
In this embodiment, a random function is used to randomly generate N random integers, each random integer is divided by a preset numerical value to obtain a remainder, so as to obtain N random numbers, corresponding characters are searched for in a character string variable according to each random number to obtain N random characters, and finally, the N random characters are combined to obtain a random character string. The random character string generated by the method has the advantages of complexity and difficulty in cracking, the speed of generating the random character string is high, the digit and the constituent elements of the random character string can be configured, and basic help is provided for protecting the safety of login information.
In an embodiment, as shown in fig. 4, in step S40, encrypting the local storage information, and adding the login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information, specifically includes the following steps:
s41: and encrypting the preset field of the local storage information to obtain the encrypted information.
The preset field refers to a preset specific field, and the preset field may include all fields in the local storage information or may include some fields (for example, a username, a login timestamp, or a session ID) in the local storage information. The specific setting can be preset according to actual requirements. And symmetrically encrypting the preset field of the local storage information to obtain the encrypted information.
S42: and adding login address information as an identifier in the encrypted information to obtain encrypted local storage information.
Specifically, the encrypted information is added with a login address information identifier, and the login address information may be used to name the encrypted local storage information. For example, the login address information includes an IP address, and the IP address of the user currently logged in is 123.234.345.456, then the target storage information may be named "123.234.345.456".
In the embodiment, the preset field of the local storage information is encrypted, so that the calculation amount of the server can be reduced, the calculation speed of the server is improved, and meanwhile, the encrypted data is more freely controlled, the operable space is large, and the flexibility is high. And login address information is added in the encrypted information as an identifier, so that the server can conveniently identify and obtain the information.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In one embodiment, a login information storage device is provided, and the login information storage device corresponds to the login information storage method in the above embodiments one to one. As shown in fig. 5, the login information storage device includes a login request acquisition module 10, a random string generation module 20, a database storage module 30, a data encryption module 40, and a local storage module 50. The functional modules are explained in detail as follows:
a login request obtaining module 10, configured to obtain a login request, and generate local storage information according to login information in the login request, where the login request further includes login address information;
a random character string generating module 20, configured to respond to the login request and generate a random character string by using a random function;
the database storage module 30 is configured to perform associated storage on the login information, the login address information, and the random character string to obtain database storage information;
the data encryption module 40 is used for encrypting the local storage information, and adding login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information;
and the local storage module 50 is configured to add a random character string to the encrypted local storage information, and store the encrypted local storage information in a local storage to obtain target storage information.
Preferably, the random character string generating module 20 includes a random integer generating unit, a random number generating unit, a random character generating unit, and a random character string generating unit.
And the random integer generating unit is used for randomly generating N random integers by adopting a random function, wherein N is a positive integer.
And the random number generating unit is used for dividing each random integer by a preset numerical value to obtain a remainder so as to obtain N random numbers.
And the random character generation unit is used for searching corresponding characters in the character string variables according to each random number to obtain N random characters, wherein the character string variables are obtained by pre-configuration.
And the random character string generating unit is used for combining the N random characters by adopting a repeated assignment method to obtain a random character string.
Preferably, the data encryption module 40 includes a preset field encryption unit and an identification addition unit.
The preset field encryption unit is used for encrypting the preset field of the local storage information to obtain encrypted information;
and the identification adding unit is used for adding the login address information as an identification in the encrypted information to obtain the encrypted local storage information.
For specific limitations of the login information storage device, reference may be made to the above limitations of the login information storage method, which will not be described herein again. The modules in the login information storage device may be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
An embodiment of the present invention provides a login authentication method, which can be applied in an application environment as shown in fig. 1, in which a client (computer device) communicates with a server through a network. The computer equipment sends a login authentication request, the server side obtains the login authentication request, obtains target storage information and database storage information, obtains decrypted storage information after processing, and verifies the decrypted storage information by adopting the database storage information. The computer device may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, among others. The server may be implemented as a stand-alone server or as a server cluster comprised of multiple servers.
In an embodiment, as shown in fig. 6, a login authentication method is provided, which is described by taking the application of the method to the server in fig. 1 as an example, and includes the following steps:
s60: and acquiring a login authentication request, wherein the login authentication request comprises verification address information.
The login verification request refers to a login verification request sent by the customer service side to the service side when the user logs in a website, an APP or a platform by adopting computer equipment. The verification address information refers to IP address information and/or a website carried in a login verification request sent to the server by the customer service side. The IP address is a uniform address format provided by the IP protocol, and a logical address is allocated to each network and each host on the Internet. The website information refers to the website of the website which the user currently logs in.
S70: and acquiring target storage information and database storage information according to the check address information, wherein the target storage information and the database storage information are acquired by adopting a login information storage method.
The step of acquiring the target storage information and the database storage information according to the check address information means that the target storage information and the database storage information are acquired according to the IP address and/or the website which the user currently logs in. The target storage information and the database storage information are obtained by the login information storage method in the above embodiment. Specifically, if target storage information and database storage information named by the check address information exist in the local storage corresponding to the login address information of the user, or if an identification field identical to the current check address information exists in the local storage corresponding to the login address information of the user, the target storage information and the database storage information are acquired. For example, if the IP address of the user currently logged in is 123.234.345.456, the target storage information and the database storage information with the name "123.234.345.456" are obtained.
S80: and decrypting the target storage information.
Specifically, decryption of the target storage information is performed by using a reverse algorithm of an algorithm for encrypting a preset field of newly added local storage information in a login information storage method.
Preferably, the target storage information is decrypted by adopting an AES algorithm, and the decryption process is the reverse process of the encryption process.
The target storage information is decrypted, and the login information which is originally encrypted into the ciphertext can be decrypted into the plaintext. The plaintext is data which is obtained by decrypting and restoring the encrypted data.
S90: and if the target storage information is decrypted successfully, the decrypted storage information is obtained.
And if the target storage information is successfully decrypted, obtaining the decrypted storage information. The decrypted storage information includes the decrypted login information and the decrypted random string.
S100: and verifying the decrypted storage information according to the storage information of the database.
Specifically, the decrypted storage information is verified, and whether the decrypted login information in the decrypted storage information corresponds to the decrypted random character string is verified mainly according to the login information in the database storage information and the random character string. And if the decrypted login information corresponds to the decrypted random character string, the decrypted storage information passes the verification. And if the decrypted login information does not correspond to the decrypted random character string, the decrypted storage information is not verified.
S110: and if the decrypted storage information passes the verification, the login authentication request passes.
And if the local storage information passes the verification, the login authentication request passes the authentication. After the login authentication request passes the authentication, the automatic login can be realized, that is, the user does not need to input the user name and the password again and logs in the website, the APP or the platform.
In this embodiment, the target storage information is decrypted by obtaining the login authentication request, and if the target storage information is decrypted successfully, the decrypted storage information is obtained. And decrypting the target storage information, verifying the decrypted storage information according to the database storage information, and if the decrypted storage information passes the verification, passing the login verification request. By using the decryption algorithm for decryption, the login information which is originally encrypted to become the ciphertext can be changed into the plaintext, so that the security of login verification can be effectively improved. By verifying the stored information of the database and the decrypted stored information, a malicious attacker can be prevented from stealing the user login information, so that the user with the common authority is modified into the administrator authority, and the login verification safety is further improved.
In one embodiment, the decrypted stored information includes decrypted login information and a decrypted random string.
The decrypted login information includes a decrypted user name, a decrypted login timestamp, and/or a decrypted session ID.
In this embodiment, as shown in fig. 7, in step S100, that is, verifying the decrypted storage information according to the database storage information, the method specifically includes the following steps:
s101: and checking whether the stored information of the database is associated with the decrypted stored information.
Wherein the database storage information is obtained from the database. The database storage information mainly includes login information and a random character string.
Specifically, checking whether the database storage information is associated with the decrypted storage information refers to checking whether the login information (for example, user name) in the database storage information is consistent with the decrypted login information (for example, decrypted user name) in the decrypted storage information, and checking whether the random character string in the database storage information is consistent with the decrypted random character string in the decrypted storage information. And if the login information and the random character in the database do not correspond to any item in the decrypted storage information or any item of the login information and the random character string in the database is missing, the login information and the random character string in the database are not associated with the login information and the random character string in the decrypted storage information.
S102: and if the database storage information is associated with the decrypted storage information, the decrypted storage information passes verification.
And if the database storage information is associated with the decrypted storage information, the decrypted storage information passes verification.
If a malicious attacker wants to modify the user name of the common user into the user name of the administrator, the administrator authority is obtained. However, in the decrypted stored information verification process, if the random character string of the ordinary user modified as the administrator user name is found to be inconsistent with the random character string of the administrator, the decrypted stored information verification cannot pass, and the login needs to be performed again.
In a specific embodiment, after verifying whether the database storage information is associated with the decrypted storage information, it further includes verifying whether a session corresponding to a session ID in the decrypted storage information is invalid.
And if the session corresponding to the session ID in the decrypted storage information is invalid, the decrypted storage information is not verified. Specifically, the step of checking whether the session corresponding to the session ID is invalid mainly includes checking whether a session object corresponding to the session ID of the current session reaches the session invalidation time, and if the session invalidation time is reached, it is verified that the session corresponding to the session ID is invalid, so that the decrypted stored information cannot be checked and needs to be logged in again.
Among them, session is also called "session control". A session is used to store the attributes and configuration information needed for a particular user session. The session invalidation means that after the user logs in, a current session invalidation time is set, if the user does not interact with the server for a long time, the user automatically logs out, and the session is destroyed.
In the embodiment, whether the database storage information is associated with the decrypted storage information or not is verified, and if the database storage information is associated with the decrypted storage information, the decrypted storage information is verified to be passed, so that the verification response time can be shortened, the verification speed is accelerated, a user can be prevented from inputting a user name and a password for many times when the user enters a website, an APP or a platform, and the user experience is improved.
In one embodiment, after the step of decrypting the target storage information, the login authentication method further comprises the steps of:
and if the decryption of the target storage information fails, sending prompt information of re-login.
If a network problem occurs, the decryption will fail due to data loss in the data packet transmitted from the back end or due to the fact that a malicious attacker tries to modify the login data, which affects the decryption. Therefore, if the decryption of the target storage information fails, the prompt information of re-login is sent out to prompt the user to re-login.
Optionally, the prompt message for sending the login again may be prompted in a frame flipping manner or in a manner of directly jumping the page to the login page. It is understood that the prompt for re-login includes, but is not limited to, the two aforementioned methods, and other methods for sending the prompt are also within the scope of the present invention.
In this embodiment, if the decryption fails, it is proved that the user may be in an unsafe login environment, or login information is missing, and at this time, the user logs in again, so that the login information can be protected, the security of login verification is improved, and a malicious attacker is prevented from stealing the login information or leaking the login information.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In an embodiment, a login authentication device is provided, and the login authentication device corresponds to the login authentication method in the above embodiments one to one. As shown in fig. 8, the login authentication device includes a login authentication request acquisition module 60, a verification information acquisition module 70, an information decryption module 80, a decryption information acquisition module 90, a login verification module 100, and a verification judgment module 110. The functional modules are explained in detail as follows:
a login authentication request obtaining module 60, configured to obtain a login authentication request, where the login authentication request includes check address information.
A verification information obtaining module 70, configured to obtain target storage information and database storage information according to the verification address information, where the target storage information and the database storage information are obtained by using the login information storage method according to any one of claims 1 to 3.
And an information decryption module 80, configured to decrypt the target storage information.
And a decryption information obtaining module 90, configured to obtain the decrypted storage information if the target storage information is decrypted successfully.
And the login checking module 100 is used for checking the decrypted storage information according to the database storage information.
And a verification judgment module 110, configured to, if the decrypted storage information passes verification, pass the login authentication request.
Preferably, the login checking module 100 includes an association checking unit and a checking result judging unit.
And the association checking unit is used for checking whether the database storage information is associated with the decrypted storage information or not.
And the verification result judging unit is used for verifying the decrypted storage information if the database storage information is associated with the decrypted storage information.
Preferably, the login verification device is further configured to send a prompt message for re-login if decryption of the target storage information fails after decryption of the target storage information.
For specific limitations of the login authentication device, reference may be made to the above limitations of the login authentication method, which are not described herein again. The modules in the login authentication device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing login information, login address information and random character strings. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a login information storage method, or the computer program is executed by a processor to implement a login authentication method.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, the computer program implementing a login information storage method when executed by a processor or implementing a login authentication method when executed by a processor.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct Rambus Dynamic RAM (DRDRAM), and Rambus Dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A login information storage method, comprising:
acquiring a login request sent by a client to a server, and generating local storage information according to login information in the login request, wherein the login request also comprises login address information; the local storage information is a Cookies object, a localStorage object or a sessionStorage object;
responding to the login request, and generating a random character string by adopting a random function;
performing associated storage on the login information, the login address information and the random character string to obtain database storage information;
encrypting the local storage information, and adding the login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information;
adding the random character string in the encrypted local storage information, and storing the encrypted local storage information in a local storage to obtain target storage information; the local storage refers to a storage space of the device for the user to log in.
2. The login information storage method according to claim 1, wherein the generating a random string using a random function in response to the login request specifically comprises:
randomly generating N random integers by adopting a random function, wherein N is a positive integer;
dividing each random integer by a preset numerical value to obtain a remainder so as to obtain N random numbers;
searching a corresponding character in a character string variable according to each random number to obtain N random characters, wherein the character string variable is obtained by pre-configuration;
and combining the N random characters by adopting a repeated assignment method to obtain a random character string.
3. The login information storage method according to claim 1, wherein encrypting the local storage information and adding the login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information comprises:
encrypting a preset field of the local storage information to obtain encrypted information;
and adding the login address information as an identifier in the encrypted information to obtain encrypted local storage information.
4. A login authentication method, comprising:
acquiring a login authentication request, wherein the login authentication request comprises check address information;
acquiring target storage information and the database storage information according to the check address information, wherein the target storage information and the database storage information are obtained by adopting the login information storage method of any one of claims 1-3;
decrypting the target storage information;
if the target storage information is decrypted successfully, the decrypted storage information is obtained;
verifying the decrypted storage information according to the database storage information;
and if the decrypted storage information passes the verification, the login authentication request passes.
5. The login authentication method of claim 4, wherein the decrypted stored information comprises a decrypted user name and a decrypted random string;
the verifying the decrypted storage information according to the database storage information specifically includes:
verifying whether the database storage information is associated with the decrypted storage information;
and if the database storage information is associated with the decrypted storage information, the decrypted storage information passes verification.
6. The login authentication method of claim 5, wherein after the step of decrypting the target storage information, the login authentication method further comprises:
and if the decryption of the target storage information fails, sending prompt information for logging in again.
7. A login information storage apparatus, comprising:
the system comprises a login request acquisition module, a server and a server, wherein the login request acquisition module is used for acquiring a login request sent by a client to the server and generating local storage information according to login information in the login request, and the login request also comprises login address information; the local storage information is a Cookies object, a localStorage object or a sessionStorage object;
the random character string generating module is used for responding to the login request and generating a random character string by adopting a random function;
the database storage module is used for performing associated storage on the login information, the login address information and the random character string to obtain database storage information;
the data encryption module is used for encrypting the local storage information and adding the login address information as an identifier of the encrypted local storage information to obtain the encrypted local storage information;
the local storage module is used for adding the random character string in the encrypted local storage information and storing the encrypted local storage information in a local storage to obtain target storage information; the local storage refers to a storage space of the device for the user to log in.
8. A login authentication device, comprising:
a login authentication request acquisition module, configured to acquire a login authentication request, where the login authentication request includes check address information;
a check information obtaining module, configured to obtain target storage information and the database storage information according to the check address information, where the target storage information and the database storage information are obtained by using the login information storage method according to any one of claims 1 to 3;
the information decryption module is used for decrypting the target storage information;
the decryption information acquisition module is used for obtaining decrypted storage information if the target storage information is decrypted successfully;
the login checking module is used for checking the decrypted storage information according to the database storage information;
and the verification judgment module is used for passing the login verification request if the decrypted storage information passes the verification.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the login information storage method according to any one of claims 1 to 3 when executing the computer program, or implements the steps of the login authentication method according to any one of claims 4 to 6 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of a login information storage method according to one of claims 1 to 3, or which computer program, when being executed by a processor, carries out the steps of a login authentication method according to one of claims 4 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811527514.7A CN109462602B (en) | 2018-12-13 | 2018-12-13 | Login information storage method, login verification method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811527514.7A CN109462602B (en) | 2018-12-13 | 2018-12-13 | Login information storage method, login verification method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109462602A CN109462602A (en) | 2019-03-12 |
| CN109462602B true CN109462602B (en) | 2022-11-01 |
Family
ID=65613224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811527514.7A Active CN109462602B (en) | 2018-12-13 | 2018-12-13 | Login information storage method, login verification method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109462602B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110083386B (en) * | 2019-04-04 | 2024-03-19 | 平安普惠企业管理有限公司 | Random number generation control method, device, computer equipment and storage medium |
| CN110166242B (en) * | 2019-05-22 | 2022-10-21 | 吉林亿联银行股份有限公司 | Message transmission method and device |
| CN112149069A (en) * | 2019-06-27 | 2020-12-29 | 北京数安鑫云信息技术有限公司 | Generation method, use method and device of authorization check character string |
| CN110572371B (en) * | 2019-08-20 | 2021-07-13 | 河南大学 | Identity uniqueness check control method based on HTML5 local storage mechanism |
| CN110751033A (en) * | 2019-09-16 | 2020-02-04 | 平安科技(深圳)有限公司 | Offline login method and related product |
| CN112836206A (en) * | 2019-11-22 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Login method, device, storage medium and computer equipment |
| CN112003847B (en) * | 2020-08-14 | 2023-07-18 | 苏州浪潮智能科技有限公司 | Front-end authority access method and device |
| CN114120457A (en) * | 2021-09-07 | 2022-03-01 | 重庆畅停智慧停车服务有限公司 | Parking self-service payment method and vehicle query method based on mobile phone terminal |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957202A (en) * | 2014-04-22 | 2014-07-30 | 中国工商银行股份有限公司 | Safety login method and system |
| CN108683679A (en) * | 2018-05-30 | 2018-10-19 | 深圳壹账通智能科技有限公司 | More account login methods, device, equipment and the storage medium of Web APP |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618807A (en) * | 2013-11-08 | 2014-03-05 | 北京奇虎科技有限公司 | Method and device for processing cookie information |
| CN106330979B (en) * | 2016-11-09 | 2019-12-17 | 腾讯科技(深圳)有限公司 | Router login method and device |
| CN108322461B (en) * | 2018-01-31 | 2020-10-27 | 百度在线网络技术(北京)有限公司 | Method, system, device, equipment and medium for automatically logging in application program |
| CN108551443B (en) * | 2018-03-30 | 2021-07-23 | 平安科技(深圳)有限公司 | Application login method and device, terminal equipment and storage medium |
-
2018
- 2018-12-13 CN CN201811527514.7A patent/CN109462602B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957202A (en) * | 2014-04-22 | 2014-07-30 | 中国工商银行股份有限公司 | Safety login method and system |
| CN108683679A (en) * | 2018-05-30 | 2018-10-19 | 深圳壹账通智能科技有限公司 | More account login methods, device, equipment and the storage medium of Web APP |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109462602A (en) | 2019-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109462602B (en) | Login information storage method, login verification method, device, equipment and medium | |
| US10348715B2 (en) | Computer-implemented systems and methods of device based, internet-centric, authentication | |
| US9979707B2 (en) | Cryptographic security functions based on anticipated changes in dynamic minutiae | |
| CN107689869B (en) | User password management method and server | |
| US10924289B2 (en) | Public-private key pair account login and key manager | |
| AU2019381268A1 (en) | Systems and methods for distributed data storage and delivery using blockchain | |
| CN107920081B (en) | Login authentication method and device | |
| CN109495426B (en) | Data access method and device and electronic equipment | |
| CN111565107B (en) | Key processing method and device based on cloud service platform and computer equipment | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN111538977B (en) | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server | |
| CN111031037A (en) | Authentication method and device for object storage service and electronic equipment | |
| WO2017006118A1 (en) | Secure distributed encryption system and method | |
| KR102421567B1 (en) | Internet access management service server capable of providing internet access management service based on terminal grouping and operating method thereof | |
| CA3086236A1 (en) | Encrypted storage of data | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN107204959B (en) | Verification method, device and system of verification code | |
| JP2016004581A (en) | Apparatus and method for password authentication | |
| CN111628985A (en) | Security access control method, security access control device, computer equipment and storage medium | |
| CN110837373A (en) | Continuous integration and continuous delivery method, device, computer equipment and storage medium | |
| CN114448722B (en) | Cross-browser login method and device, computer equipment and storage medium | |
| CN110719257A (en) | Method, device and equipment for managing authority of single-page application and storage medium | |
| CN115600215A (en) | System startup method, system information processing method, device, equipment and medium thereof | |
| CN108512657B (en) | Password generation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |