CN110147658A - User information encipher-decipher method, system and computer equipment - Google Patents
User information encipher-decipher method, system and computer equipment Download PDFInfo
- Publication number
- CN110147658A CN110147658A CN201910305180.7A CN201910305180A CN110147658A CN 110147658 A CN110147658 A CN 110147658A CN 201910305180 A CN201910305180 A CN 201910305180A CN 110147658 A CN110147658 A CN 110147658A
- Authority
- CN
- China
- Prior art keywords
- encryption
- user
- information
- password
- factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
This application provides a kind of user information encipher-decipher method, system, computer equipment and readable storage medium storing program for executing, it is related to asymmetric encryption techniques field, user information is encrypted by the system random value that the encryption factor and instantaneity that periodically generate at random generate.When carrying out the decryption of user information, it not only needs to compare the encryption factor in the user account and user password in user information, also need to compare account random value, cipher random value and the system random value in user information, to effectively increase confidentiality, the safety of user information authentication, prevent other people from directly gaining certification by cheating by back-end server interface using encrypted user information.
Description
Technical field
This application involves asymmetric encryption techniques field, in particular to a kind of user information encipher-decipher method, system and meter
Calculate machine equipment.
Background technique
Encryption is a kind of common cryptographic applications, and the most commonly used is symmetric cryptographies and asymmetric cryptography for cryptographic technique, pass through
Symmetric encipherment algorithm or rivest, shamir, adelman are passed to rear end clothes after client encrypts user account and user password
Business device.Then, it is decrypted in back-end server by symmetric encipherment algorithm or rivest, shamir, adelman, obtains original user
Account and user password are completed to authenticate the legitimacy of user account and user password.But this user information is added
It is close, decryption method is too simple, safety, confidentiality are lower.If user name and the leakage of encrypted cryptographic secret, other people
Username and password ciphertext can be taken directly to gain back-end server certification by interface by cheating.
Summary of the invention
The main purpose of the application is to provide a kind of user information encipher-decipher method, system and computer equipment, it is intended to be solved
Certainly existing user information encryption and decryption method is simple, the low drawback of safety, confidentiality.
To achieve the above object, this application provides a kind of user information encryption methods, are applied to client, described to add
Decryption method includes:
Whether real time monitoring receives the user information of user's input, and the user information includes that user account and user are close
Code;
If receiving the user information of user's input, system random value is generated, wherein the system random value is general
Unique identifier;
The first encryption factor obtained in advance is transferred, and first encryption factor and the system random value are spliced,
Obtain the first concatenation information, wherein first encryption factor is what the client was obtained according to predeterminated frequency from server-side
The encryption information generated at random by the server-side;
According to first concatenation information, the user account and the user password are encrypted respectively, obtain institute
State the corresponding user account encryption information of user account and the corresponding user password encryption information of the user password;
Believe the user account encryption information, the user password encryption information and the system random value as certification
Breath is sent to server-side.
Further, described according to first concatenation information, respectively to the user account and the user password into
Row encryption, obtains the corresponding user account encryption information of the user account and the corresponding user password of the user password
The step of encryption information, comprising:
First concatenation information is spelled with the user account, the user password respectively using preset separator
It connects, obtains corresponding second concatenation information of the user account and the corresponding third concatenation information of the user password;
The public-key cryptography of asymmetric arithmetic is called, second concatenation information and the third concatenation information are carried out respectively
Encryption, obtains the user account encryption information and the user password encryption information.
Further, before described the step of transferring the first encryption factor obtained in advance, comprising:
First encryption factor is obtained from server-side according to predeterminated frequency, and judges whether there is the second encryption factor,
Wherein, first encryption factor is the encryption factor when previous acquisition, and second encryption factor is adding for last acquisition
The close factor;
Second encryption factor if it exists then judges whether first encryption factor and second encryption factor are identical;
If not identical, second encryption factor is replaced using first encryption factor.
The application also provides a kind of user information decryption method, is applied to server-side, as described above for decrypted authentication
The authentication information that user information encryption method obtains, the decryption method include:
Receive the authentication information that the client is sent;
The user account encryption information and the user password encryption information are decrypted respectively, obtain the user
The corresponding user account of account encryption information, account random value and account encryption factor and the user password encryption information
Corresponding user password, cipher random value and the password encryption factor;
Judge whether the account random value, the cipher random value are consistent with the system random value, and judges institute
It is whether consistent with the password encryption factor to state account encryption factor;
If the account random value, the cipher random value and the system random value are consistent, and the account adds
The close factor and the password encryption factor are consistent, then whether effective inquire the password encryption factor;
If effectively, determining that the authentication information is legal.
Further, the whether effective step of the inquiry password encryption factor, comprising:
Transfer effective encryption factor of current period generation, wherein effective encryption factor is that the server-side is current
The encryption information in effective status that period generates at random;
Judge whether the password encryption factor is consistent with the effectively close factor;
If consistent, determine that the password encryption factor is effective;
If inconsistent, determine that the password encryption factor is invalid.
Further, before described the step of receiving the authentication information that the client is sent, comprising:
Generate effective encryption factor according to predetermined period, and according to the predetermined period be arranged effective encryption because
Son effective time, the effective time be effective encryption factor the server-side there are the times;
Effective encryption factor described in real-time monitoring whether there are the times to be in effective period of time;
If not then deleting effective encryption factor in effective period of time.
Further, after the step for determining that the authentication information is legal, comprising:
Judge whether to get the corresponding pre-set user password of the user account from the user account library constructed in advance,
Wherein, the user account inventory contains user account and pre-set user password mapping table;
If getting the corresponding pre-set user password of the user account from the user account library constructed in advance, judge
Whether the user password and the pre-set user password are consistent;
If consistent, determine that authentication information is correct.
Present invention also provides a kind of user informations to verify system, including client and server-side, wherein the client
Include:
Monitoring module, for monitoring the user information for whether receiving user's input in real time, the user information includes using
Family account and user password;
Generation module, for generating system random value, wherein the system random value is Universally Unique Identifier;
Splicing module, for transferring the first encryption factor obtained in advance, and by first encryption factor and the system
Unite random value splicing, obtain the first concatenation information, wherein first encryption factor be the client according to predeterminated frequency from
The encryption information generated at random that server-side obtains;
Encrypting module, for according to first concatenation information, respectively to the user account and the user password into
Row encryption, obtains the corresponding user account encryption information of the user account and the corresponding user password of the user password
Encryption information;
Sending module, for by the user account encryption information, the user password encryption information and the system with
Machine value is sent to server-side as authentication information;
The server-side includes:
Receiving module, the authentication information sent for receiving the client;
Deciphering module, for being solved respectively to the user account encryption information and the user password encryption information
It is close, obtain the corresponding user account of the user account encryption information, account random value and account encryption factor and the use
The corresponding user password of family password encryption information, cipher random value and the password encryption factor;
First judgment module, for judging that the account random value, the cipher random value and the system random value be
It is no consistent, and judge whether the account encryption factor is consistent with the password encryption factor;
Enquiry module, it is whether effective for inquiring the password encryption factor;
Determination module, for determining that the authentication information is legal.
Further, the encrypting module, comprising:
Concatenation unit, for using preset separator by first concatenation information respectively with the user account, described
User password is spliced, and corresponding second concatenation information of the user account and the user password corresponding are obtained
Three concatenation informations;
Encryption unit, for calling the public-key cryptography of asymmetric arithmetic, respectively to second concatenation information and described
Three concatenation informations are encrypted, and the user account encryption information and the user password encryption information are obtained.
Further, the client, further includes:
Second judgment module for obtaining first encryption factor from server-side according to predeterminated frequency, and judges whether
There are the second encryption factors, wherein first encryption factor is the encryption factor when previous acquisition, second encryption factor
The encryption factor obtained for the last time;
Third judgment module, for judging whether first encryption factor and second encryption factor are identical;
Replacement module, for replacing second encryption factor using first encryption factor.
Further, the enquiry module, comprising:
Unit is transferred, for transferring effective encryption factor of current period generation, wherein effective encryption factor is institute
State the encryption information in effective status that server-side current period generates at random;
Judging unit, for judging whether the password encryption factor is consistent with the effectively close factor;
First judging unit, for determining that the password encryption factor is effective;
Second judging unit, for determining that the password encryption factor is invalid.
Further, the server-side, further includes:
Setup module for generating effective encryption factor according to predetermined period, and is arranged according to the predetermined period
The effective time of effective encryption factor, the effective time be effective encryption factor the server-side there are when
Between;
Monitoring modular, for effective encryption factor described in real-time monitoring whether there are the times to be in effective period of time;
Removing module, for deleting effective encryption factor.
Further, the server-side, further includes:
4th judgment module gets the user account pair from the user account library constructed in advance for judging whether
The pre-set user password answered, wherein the user account inventory contains user account and pre-set user password mapping table;
5th judgment module, for judging whether the user password and the pre-set user password are consistent;
Determination module, for determining that authentication information is correct.
The application also provides a kind of computer equipment, including memory and processor, is stored with calculating in the memory
Machine program, the processor realize the step of user information encryption method described in any of the above-described when executing the computer program
Suddenly, the step of and/or realizing user information decryption method described in any of the above-described.
The application also provides a kind of computer readable storage medium, is stored thereon with computer program, the computer journey
The step of user information encryption method described in any of the above-described is realized when sequence is executed by processor, and/or realize any of the above-described
The step of user information decryption method.
A kind of user information encipher-decipher method, system and computer equipment provided herein, by periodically random
The system random value that the encryption factor and instantaneity of generation generate encrypts user information.In the decryption for carrying out user information
When, it not only needs to compare the encryption factor in the user account and user password in user information, it is also necessary to compare user information
In account random value, cipher random value and system random value, thus effectively increase user information authentication confidentiality, safety
Property, prevent other people from directly gaining certification by cheating by back-end server interface using encrypted user information.
Detailed description of the invention
Fig. 1 is user information encryption method step schematic diagram in one embodiment of the application;
Fig. 2 is user information decryption method step schematic diagram in one embodiment of the application;
Fig. 3 is that user information verifies overall system architecture block diagram in one embodiment of the application;
Fig. 4 is the structural schematic block diagram of the computer equipment of one embodiment of the application.
The embodiments will be further described with reference to the accompanying drawings for realization, functional characteristics and the advantage of the application purpose.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
Referring to Fig.1, a kind of user information encryption method is provided in one embodiment of the application, is applied to client, it is described
Encryption method includes:
S1: whether real time monitoring receives the user information of user's input, and the user information includes user account and use
Family password;
S2: if receiving the user information of user's input, system random value is generated, wherein the system random value is
Universally Unique Identifier;
S3: the first encryption factor obtained in advance is transferred, and first encryption factor and the system random value are spelled
It connects, obtains the first concatenation information, wherein first encryption factor is that the client is obtained according to predeterminated frequency from server-side
The encryption information generated at random by the server-side;
S4: according to first concatenation information, the user account and the user password is encrypted respectively, obtained
The corresponding user account encryption information of user account and the corresponding user password encryption information of the user password;
S5: using the user account encryption information, the user password encryption information and the system random value as recognizing
Card information is sent to server-side.
In the present embodiment, client is in the state of real time monitoring, is monitored to extraneous input information.User into
When row information authenticates, need pre-registered user information inputting client.Wherein, user information includes user account
(userID) and user password (password), user account oneself is defined by user in registration, or is given birth to automatically by server-side
At;User password is independently defined by user, and after generation, and server-side is related to user password by the user account of the user
It stores after connection into internal database, so that realizes user account and user password in the later period is associated with certification.Client prison
After controlling user's input user information, automatically generating a UUID, (Universally Unique Identifier-is general only
One identification code) it is used as system random value, the system random value is referred to as are as follows: randKey.Client is transferred after generating randKey
The first encryption factor obtained in advance: serverEnKey, and encryption factor and system random value are carried out using preset separator
Splicing, obtains the first concatenation information encryptKey, specific format are as follows: encryptKey=randKey-serverEnKey.
Wherein, the first encryption factor is generated by server-side according to predetermined period, and client is worked as according to predeterminated frequency from server-side acquisition
The first encryption factor that previous cycle generates.Client is based on the first concatenation information after splicing obtains the first concatenation information, point
User account and user password are not spliced using preset separator, form corresponding second concatenation information of user account:
ContactUserID and the corresponding third concatenation information of user password: contactPassword, wherein contactUserID
=userID-encryptKey, contactPassword=password-encryptKe.Then, client call is preparatory
The public-key cryptography of the rivest, shamir, adelman of setting is respectively to spliced user account and user password, i.e.,
ContactUserID and contactPassword are encrypted, and the corresponding user account encryption of contactUserID is obtained
The corresponding user password encryption information encryptPassword of information encryptUserID and contactPassword.Its
In, rivest, shamir, adelman needs two keys: public-key cryptography (publickey) and private cipher key (privatekey).It is open
Key and private cipher key are a pair, if encrypted with public-key cryptography to data, could only be solved with corresponding private cipher key
It is close;If encrypted with private cipher key pair data, could only be decrypted with corresponding public-key cryptography.Client according to plus
The system random value of the user account encryption information, user password encryption information and the generation that obtain after close generates authentication information,
And authentication information is transferred to server-side.
Further, described according to first concatenation information, respectively to the user account and the user password into
Row encryption, obtains the corresponding user account encryption information of the user account and the corresponding user password of the user password
The step of encryption information, comprising:
S401: using preset separator by first concatenation information respectively with the user account, the user password
Spliced, obtains corresponding second concatenation information of the user account and the corresponding third splicing letter of the user password
Breath;
S402: calling the public-key cryptography of asymmetric arithmetic, respectively to second concatenation information and third splicing letter
Breath is encrypted, and the user account encryption information and the user password encryption information are obtained.
In the present embodiment, client is needed based on the first concatenation information after obtaining the first concatenation information to user account
It is encrypted with user password.Specifically: client passes through the first concatenation information pre- with user account and user password respectively
It sets separator to be spliced, form corresponding second concatenation information of user account: contactUserID and user password are corresponding
Third concatenation information: contactPassword.Wherein contactUserID=userID-encryptKey,
ContactPassword=password-encryptKe.For example, serverEnKey are as follows: 6a666256cd144ea19166
Bc2392432169-2b162f8e38a045d78ed5606c8bdbea3a, user account are as follows: zhangsan, user password are as follows:
123456, then the second concatenation information contactUserID are as follows: zhangsan-6a666256cd144ea19166bc23924321
69-2b162f8e38a045d78ed5606c8bdbea3a;Third concatenation information contactUserID is 123456-6a6662
56cd144ea19166bc2392432169-2b162f8e38a045d78ed5606c8bdbea3a.Client call is set in advance
The public-key cryptography of fixed asymmetric arithmetic, such as RSA Algorithm respectively encrypt the second concatenation information and third concatenation information,
It is corresponding to obtain contactUserID corresponding user account encryption information encr yptUserID and contactPassword
User password encryption information encryptPassword.
Further, before described the step of transferring the first encryption factor obtained in advance, comprising:
S6: obtaining first encryption factor from server-side according to predeterminated frequency, and judge whether there is the second encryption because
Son, wherein first encryption factor is the encryption factor that current period obtains, and second encryption factor is to obtain in a upper period
The encryption factor taken;
S7: the second encryption factor if it exists, then judge first encryption factor and second encryption factor whether phase
Together;
S8: if not identical, second encryption factor is replaced using first encryption factor.
In the present embodiment, client according to predeterminated frequency, sent to server-side obtain the encryption that generates when previous cycle because
The request of son.Server-side will can be currently at the first encryption of effective status after receiving the acquisition request of client automatically
The factor is transferred to client.Client needs first to judge current internal whether existing after receiving the first encryption factor
Two encryption factors.Wherein, the first encryption factor be client when it is previous from server-side obtain the encryption in effective status because
Son;Second encryption factor be client according to predeterminated frequency in the upper encryption factor once obtained, validity is unknowable.If objective
The second encryption factor is not present in family end current internal, then will directly work as the first encryption factor typing of previous acquisition, so as to right
User information can call directly when being encrypted.If existing second encryption factor of current internal, needing will be already present
Second encryption factor is compared with the first encryption factor when previous acquisition, judges whether the two is consistent.If the two is consistent,
Retain already present second encryption factor, and deletes the first encryption factor for working as previous acquisition.If the two is inconsistent, using working as
First encryption factor of previous acquisition replaces already present second encryption factor, has guaranteed the first encryption factor and clothes in client
Encryption factor validity is consistent in business end.
A kind of user information decryption method is additionally provided in one embodiment of the application, is applied to server-side, is recognized for decrypting
The authentication information that user information encryption method as described above obtains is demonstrate,proved, the decryption method includes:
S9: the authentication information that the client is sent is received;
S10: being respectively decrypted the user account encryption information and the user password encryption information, obtains described
The corresponding user account of user account encryption information, account random value and account encryption factor and user password encryption
The corresponding user password of information, cipher random value and the password encryption factor;
S11: judge whether the account random value, the cipher random value are consistent with the system random value, and sentence
Whether the account encryption factor of breaking is consistent with the password encryption factor;
S12: if the account random value, the cipher random value and the system random value are consistent, and the account
Number encryption factor and the password encryption factor are consistent, then whether effective inquire the password encryption factor;
S13: if effectively, determining that the authentication information is legal.
In the present embodiment, server-side calls the privately owned of asymmetric arithmetic after the authentication information for receiving client transmission
Key, respectively in authentication information user account encryption information and user password encryption information be decrypted.Wherein, server-side
In asymmetric arithmetic private cipher key, in client for encrypt user information asymmetric arithmetic public-key cryptography be one
It is right, it is mutually matched correspondence between the two.User account encryption information and user password encryption information pass through the private of asymmetric arithmetic
Have key decryption after, respectively obtain the corresponding user account of user account encryption information, account random value and account encryption because
Son, the corresponding user password of user password encryption information, cipher random value and the password encryption factor.Server-side is random by account
Value, cipher random value and system random value are used as one group two-by-two, and carry out the comparison of two random values in group respectively, to judge
Whether two random values among each group are identical.For example, above-mentioned 3 random values can be divided into pairs: A group: account
Random value, cipher random value;B group: account random value, system random value;C group: cipher random value, system random value.If each
Two random values in group are identical, for example, the random value in A group, B group, C group be it is identical, then illustrate the second concatenation information
It is produced by same request with third concatenation information, server-side determines that authentication information is legal.If there are any two in each group
Different random value, then illustrate the second concatenation information and third concatenation information is not produced by same request, and server-side determines
Authentification failure, and client is sent by the information of authentification failure.Also, server-side by account encryption factor and password encryption because
Son is compared, and judges whether the two is consistent.If the two is inconsistent, illustrate the second concatenation information and third concatenation information not
It is produced by same request, server-side determines authentification failure, and sends client for the information of authentification failure.If two
Person is consistent, then illustrates the second concatenation information and third concatenation information is produced by same request, server-side determines that authentication information closes
Method.When server-side is only determined as that authentication information is legal in two judgements movement to random value and encryption factor, just meeting
Into next movement, to effectively judging for encryption factor.Can be generated automatically according to predetermined period inside server-side encryption because
Son, and more than the encryption factor for being automatically deleted failure after validity period.That is, encryption factor currently stored in server-side is to work as
The encryption factor in effective status that the preceding period generates.Server-side directly transfers the encryption factor of current period generation, and will
The encryption factor of current period is compared with the password encryption factor or account encryption factor, judges whether the two is consistent.If no
Unanimously, then illustrate that the encryption factor in authentication information has failed, it may be possible to because caused by overlong time or leakage, service
End determines this authentification failure.If the two is consistent, illustrate that the encryption factor in this authentication information is in effective status, services
End determines that authentication information is legal.
Further, the whether effective step of the inquiry password encryption factor, comprising:
S1201: effective encryption factor of current period generation is transferred, wherein effective encryption factor is the service
The encryption information in effective status that end current period generates at random;
S1202: judge whether the password encryption factor is consistent with the effectively close factor;
S1203: if consistent, determine that the password encryption factor is effective;
S1204: if inconsistent, determine that the password encryption factor is invalid.
In the present embodiment, encryption factor of the server-side in inquiry authentication information, i.e. the password encryption factor or account encryption
When whether the factor is effective, need to transfer effective encryption factor of current period generation.Wherein, server-side can be automatically according to default week
Phase generates and updates encryption factor, and to the encryption factor for being in effective status, i.e. effective encryption factor of current period carries out
Record.Effective encryption factor of current period is compared server-side with the password encryption factor or account encryption factor, judgement
Whether the two is consistent.If inconsistent, illustrate that the encryption factor in authentication information has failed, it may be possible to because overlong time or
Caused by leakage, server-side determines the password encryption factor or the failure of account encryption factor.If the two is consistent, illustrate that this is recognized
Encryption factor in card information is in effective status, and server-side determines that the password encryption factor or account encryption factor are effective.
Further, before described the step of receiving the authentication information that the client is sent, comprising:
S14: effective encryption factor is generated according to predetermined period, and is effectively added according to predetermined period setting is described
The effective time of the close factor, the effective time be effective encryption factor the server-side there are the times;
S15: effective encryption factor described in real-time monitoring whether there are the times to be in effective period of time;
S16: if not in effective period of time, then effective encryption factor is deleted.
In the present embodiment, server-side automatically generates effective encryption factor according to predetermined period, and effective encryption factor is deposited
It stores up in internal memory space, so that client is obtained when needed.After generating effective encryption factor, server-side is needed
Set the effective time of effective encryption factor.Server-side transfers preset algorithm, and the predetermined period generation that will generate encryption factor
Enter in preset algorithm, the effective time of effective encryption factor is calculated.Wherein, effective time is that effective encryption factor is servicing
End there are the times;Preset algorithm are as follows: S=M* (1+rate), S are effective time, and M is predetermined period, and rate is certification redundancy
Elastic proportional coefficient, certification redundancy elastic proportional coefficient are preset by developer.Because client is that periodical poll takes
Encryption factor, there is a time difference halfway, and after the encryption factor in server-side new period generates, still a upper period adds client
It is close, lead to authentification failure;There have to be poor according to certification redundancy time for being calculated of redundancy elastic proportional coefficient, and by redundancy time
Difference includes within effective time, and in the flex time of effective time, the data of old value encryption still come into force.Server-side is from effective
Encryption factor starts to be monitored it after generating, with judge effective encryption factor there are the times whether to be in effective period of time
It is interior.If in the effective period of time, server-side when the authentication information that client is sent is decrypted, with effectively encrypt because
Son is compared with the encryption factor in authentication information.It is such as not in effective period of time, then by effective encryption factor from clothes
It deletes at business end.
Further, after the step for determining that the authentication information is legal, comprising:
S17: judge whether to get the corresponding pre-set user of the user account from the user account library constructed in advance
Password, wherein the user account inventory contains user account and pre-set user password mapping table;
S18: if getting the corresponding pre-set user password of the user account from the user account library constructed in advance,
Judge whether the user password and the pre-set user password are consistent;
S19: if consistent, determine that authentication information is correct.
In the present embodiment, server-side is after determining that authentication information is legal, it is also necessary to user account and user password can
Judged with property.It is built with user account library in advance inside server-side, to store user of the user in server-side registration
Account, and pre-set user password associated with user account.Wherein, it is stored with user account in user account library and presets
User password mapping table, to characterize the incidence relation between user account and pre-set user password.Server-side will authenticate
In the user account input user account library obtained after information decryption, whether inquiry has in user account library and authentication information
In the identical preparatory typing of user account user account.If no, illustrating the user account in this authentication information also
It is not registered in server-side, determines authentification failure.If having preparatory typing identical with the user account in authentication information
User account, then according to user account and pre-set user password mapping table, it is corresponding default that matching obtains user account
User password.Then, the user password in authentication information is compared with pre-set user password, judges whether the two is consistent.
If inconsistent, illustrate the password mistake of user's input, server-side determines authentification failure, and exports prompt information, reminds user
Reaffirm user password.If consistent, server-side determines that authentication information is correct, i.e., the user information inputted when this is authenticated is just
Really, it authenticates successfully.
A kind of user information encrypting/decrypting method provided in this embodiment is based on redis, is generated by periodically random
Encryption factor and instantaneity generate system random value user information is encrypted.When carrying out the decryption of user information,
It not only needs to compare the encryption factor in the user account and user password in user information, it is also necessary to compare in user information
Account random value, cipher random value and system random value are prevented to effectively increase the confidentiality of user information authentication, safety
Only other people directly gain certification by cheating by back-end server interface using encrypted user information.
Referring to Fig. 2, a kind of user information verifying system, including client and service are additionally provided in one embodiment of the application
End, wherein the client includes:
Monitoring module 1, for monitoring the user information for whether receiving user's input in real time, the user information includes using
Family account and user password;
Generation module 2, for generating system random value, wherein the system random value is Universally Unique Identifier;
Splicing module 3, for transferring the first encryption factor obtained in advance, and by first encryption factor and the system
Unite random value splicing, obtain the first concatenation information, wherein first encryption factor be the client according to predeterminated frequency from
The encryption information generated at random by the server-side that server-side obtains;
Encrypting module 4, for according to first concatenation information, respectively to the user account and the user password into
Row encryption, obtains the corresponding user account encryption information of the user account and the corresponding user password of the user password
Encryption information;
Sending module 5, for by the user account encryption information, the user password encryption information and the system with
Machine value is sent to server-side as authentication information;
The server-side includes:
Receiving module 6, the authentication information sent for receiving the client;
Deciphering module 7, for being solved respectively to the user account encryption information and the user password encryption information
It is close, obtain the corresponding user account of the user account encryption information, account random value and account encryption factor and the use
The corresponding user password of family password encryption information, cipher random value and the password encryption factor;
First judgment module 8, for judging that the account random value, the cipher random value and the system random value be
It is no consistent, and judge whether the account encryption factor is consistent with the password encryption factor;
Enquiry module 9, it is whether effective for inquiring the password encryption factor;
Determination module 10, for determining that the authentication information is legal.
In the present embodiment, client is in the state of real time monitoring, is monitored to extraneous input information.User into
When row information authenticates, need pre-registered user information inputting client.Wherein, user information includes user account
(userID) and user password (password), user account oneself is defined by user in registration, or is given birth to automatically by server-side
At;User password is independently defined by user, and after generation, and server-side is related to user password by the user account of the user
It stores after connection into internal database, so that realizes user account and user password in the later period is associated with certification.Client prison
After controlling user's input user information, automatically generating a UUID, (Universally Unique Identifier-is general only
One identification code) it is used as system random value, the system random value is referred to as are as follows: randKey.Client is transferred after generating randKey
The first encryption factor obtained in advance: serverEnKey, and encryption factor and system random value are carried out using preset separator
Splicing, obtains the first concatenation information encryptKey, specific format are as follows: encryptKey=randKey-serverEnKey.
Wherein, the first encryption factor is generated by server-side according to predetermined period, and client is worked as according to predeterminated frequency from server-side acquisition
The first encryption factor that previous cycle generates.Client is based on the first concatenation information after splicing obtains the first concatenation information, point
User account and user password are not spliced using preset separator, form corresponding second concatenation information of user account:
ContactUserID and the corresponding third concatenation information of user password: contactPassword, wherein contactUserID
=userID-encryptKey, contactPassword=password-encryptKe.Then, client call is preparatory
The public-key cryptography of the rivest, shamir, adelman of setting is respectively to spliced user account and user password, i.e.,
ContactUserID and contactPassword are encrypted, and the corresponding user account encryption of contactUserID is obtained
The corresponding user password encryption information encryptPassword of information encryptUserID and contactPassword.Its
In, rivest, shamir, adelman needs two keys: public-key cryptography (publickey) and private cipher key (privatekey).It is open
Key and private cipher key are a pair, if encrypted with public-key cryptography to data, could only be solved with corresponding private cipher key
It is close;If encrypted with private cipher key pair data, could only be decrypted with corresponding public-key cryptography.Client according to plus
The system random value of the user account encryption information, user password encryption information and the generation that obtain after close generates authentication information,
And authentication information is transferred to server-side.
Further, server-side calls the privately owned close of asymmetric arithmetic after the authentication information for receiving client transmission
Key, respectively in authentication information user account encryption information and user password encryption information be decrypted.Wherein, in server-side
Asymmetric arithmetic private cipher key, in client for encrypt user information asymmetric arithmetic public-key cryptography be one
It is right, it is mutually matched correspondence between the two.User account encryption information and user password encryption information pass through the private of asymmetric arithmetic
Have key decryption after, respectively obtain the corresponding user account of user account encryption information, account random value and account encryption because
Son, the corresponding user password of user password encryption information, cipher random value and the password encryption factor.Server-side is random by account
Value, cipher random value and system random value are used as one group two-by-two, and carry out the comparison of two random values in group respectively, to judge
Whether two random values among each group are identical.For example, above-mentioned 3 random values can be divided into pairs: A group: account
Random value, cipher random value;B group: account random value, system random value;C group: cipher random value, system random value.If each
Two random values in group are identical, for example, the random value in A group, B group, C group be it is identical, then illustrate the second concatenation information
It is produced by same request with third concatenation information, server-side determines that authentication information is legal.If there are any two in each group
Different random value, then illustrate the second concatenation information and third concatenation information is not produced by same request, and server-side determines
Authentification failure, and client is sent by the information of authentification failure.Also, server-side by account encryption factor and password encryption because
Son is compared, and judges whether the two is consistent.If the two is inconsistent, illustrate the second concatenation information and third concatenation information not
It is produced by same request, server-side determines authentification failure, and sends client for the information of authentification failure.If two
Person is consistent, then illustrates the second concatenation information and third concatenation information is produced by same request, server-side determines that authentication information closes
Method.When server-side is only determined as that authentication information is legal in two judgements movement to random value and encryption factor, just meeting
Into next movement, to effectively judging for encryption factor.Can be generated automatically according to predetermined period inside server-side encryption because
Son, and more than the encryption factor for being automatically deleted failure after validity period.That is, encryption factor currently stored in server-side is to work as
The encryption factor in effective status that the preceding period generates.Server-side directly transfers the encryption factor of current period generation, and will
The encryption factor of current period is compared with the password encryption factor or account encryption factor, judges whether the two is consistent.If no
Unanimously, then illustrate that the encryption factor in authentication information has failed, it may be possible to because caused by overlong time or leakage, service
End determines this authentification failure.If the two is consistent, illustrate that the encryption factor in this authentication information is in effective status, services
End determines that authentication information is legal.
Further, the encrypting module 4, comprising:
Concatenation unit, for using preset separator by first concatenation information respectively with the user account, described
User password is spliced, and corresponding second concatenation information of the user account and the user password corresponding are obtained
Three concatenation informations;
Encryption unit, for calling the public-key cryptography of asymmetric arithmetic, respectively to second concatenation information and described
Three concatenation informations are encrypted, and the user account encryption information and the user password encryption information are obtained.
In the present embodiment, client is needed based on the first concatenation information after obtaining the first concatenation information to user account
It is encrypted with user password.Specifically: client passes through the first concatenation information pre- with user account and user password respectively
It sets separator to be spliced, form corresponding second concatenation information of user account: contactUserID and user password are corresponding
Third concatenation information: contactPassword.Wherein contactUserID=userID-encryptKey,
ContactPassword=password-encryptKe.For example, serverEnKey are as follows: 6a666256cd144ea19166
Bc2392432169-2b162f8e38a045d78ed5606c8bdbea3a, user account are as follows: zhangsan, user password are as follows:
123456, then the second concatenation information contactUserID are as follows: zhangsan-6a666256cd144ea19166bc23924321
69-2b162f8e38a045d78ed5606c8bdbea3a;Third concatenation information contactUserID is 123456-6a6662
56cd144ea19166bc2392432169-2b162f8e38a045d78ed5606c8bdbea3a.Client call is set in advance
The public-key cryptography of fixed asymmetric arithmetic, such as RSA Algorithm respectively encrypt the second concatenation information and third concatenation information,
It is corresponding to obtain contactUserID corresponding user account encryption information encr yptUserID and contactPassword
User password encryption information encryptPassword.
Further, the client, further includes:
Second judgment module 11, for obtaining first encryption factor from server-side according to predeterminated frequency, and judgement is
It is no that there are the second encryption factors, wherein first encryption factor be when previous acquisition encryption factor, it is described second encryption because
Son is the last encryption factor obtained;
Third judgment module 12, for judging whether first encryption factor and second encryption factor are identical;
Replacement module 13, for replacing second encryption factor using first encryption factor.
In the present embodiment, client according to predeterminated frequency, sent to server-side obtain the encryption that generates when previous cycle because
The request of son.Server-side will can be currently at the first encryption of effective status after receiving the acquisition request of client automatically
The factor is transferred to client.Client needs first to judge current internal whether existing after receiving the first encryption factor
Two encryption factors.Wherein, the first encryption factor be client when it is previous from server-side obtain the encryption in effective status because
Son;Second encryption factor be client according to predeterminated frequency in the upper encryption factor once obtained, validity is unknowable.If objective
The second encryption factor is not present in family end current internal, then will directly work as the first encryption factor typing of previous acquisition, so as to right
User information can call directly when being encrypted.If existing second encryption factor of current internal, needing will be already present
Second encryption factor is compared with the first encryption factor when previous acquisition, judges whether the two is consistent.If the two is consistent,
Retain already present second encryption factor, and deletes the first encryption factor for working as previous acquisition.If the two is inconsistent, using working as
First encryption factor of previous acquisition replaces already present second encryption factor, has guaranteed the first encryption factor and clothes in client
Encryption factor validity is consistent in business end.
Further, the enquiry module 9, comprising:
Unit is transferred, for transferring effective encryption factor of current period generation, wherein effective encryption factor is institute
State the encryption information in effective status that server-side current period generates at random;
Judging unit, for judging whether the password encryption factor is consistent with the effectively close factor;
First judging unit, for determining that the password encryption factor is effective;
Second judging unit, for determining that the password encryption factor is invalid.
In the present embodiment, encryption factor of the server-side in inquiry authentication information, i.e. the password encryption factor or account encryption
When whether the factor is effective, need to transfer effective encryption factor of current period generation.Wherein, server-side can be automatically according to default week
Phase generates and updates encryption factor, and to the encryption factor for being in effective status, i.e. effective encryption factor of current period carries out
Record.Effective encryption factor of current period is compared server-side with the password encryption factor or account encryption factor, judgement
Whether the two is consistent.If inconsistent, illustrate that the encryption factor in authentication information has failed, it may be possible to because overlong time or
Caused by leakage, server-side determines the password encryption factor or the failure of account encryption factor.If the two is consistent, illustrate that this is recognized
Encryption factor in card information is in effective status, and server-side determines that the password encryption factor or account encryption factor are effective.
Further, the server-side, further includes:
Setup module 14 for generating effective encryption factor according to predetermined period, and is set according to the predetermined period
It sets the effective time of effective encryption factor, the effective time is presence of the effective encryption factor in the server-side
Time;
Monitoring modular 15, for effective encryption factor described in real-time monitoring there are the times whether to be in effective period of time
It is interior;
Removing module 16, for deleting effective encryption factor.
In the present embodiment, server-side automatically generates effective encryption factor according to predetermined period, and effective encryption factor is deposited
It stores up in internal memory space, so that client is obtained when needed.After generating effective encryption factor, server-side is needed
Set the effective time of effective encryption factor.Server-side transfers preset algorithm, and the predetermined period generation that will generate encryption factor
Enter in preset algorithm, the effective time of effective encryption factor is calculated.Wherein, effective time is that effective encryption factor is servicing
End there are the times;Preset algorithm are as follows: S=M* (1+rate), S are effective time, and M is predetermined period, and rate is certification redundancy
Elastic proportional coefficient, certification redundancy elastic proportional coefficient are preset by developer.Because client is that periodical poll takes
Encryption factor, there is a time difference halfway, and after the encryption factor in server-side new period generates, still a upper period adds client
It is close, lead to authentification failure;There have to be poor according to certification redundancy time for being calculated of redundancy elastic proportional coefficient, and by redundancy time
Difference includes within effective time, and in the flex time of effective time, the data of old value encryption still come into force.Server-side is from effective
Encryption factor starts to be monitored it after generating, with judge effective encryption factor there are the times whether to be in effective period of time
It is interior.If in the effective period of time, server-side when the authentication information that client is sent is decrypted, with effectively encrypt because
Son is compared with the encryption factor in authentication information.It is such as not in effective period of time, then by effective encryption factor from clothes
It deletes at business end.
Further, the server-side, further includes:
4th judgment module 17 gets the user account from the user account library constructed in advance for judging whether
Corresponding pre-set user password, wherein the user account inventory contains user account and pre-set user password mapping table;
5th judgment module 18, for judging whether the user password and the pre-set user password are consistent;
Determination module 19, for determining that authentication information is correct.
In the present embodiment, server-side is after determining that authentication information is legal, it is also necessary to user account and user password can
Judged with property.It is built with user account library in advance inside server-side, to store user of the user in server-side registration
Account, and pre-set user password associated with user account.Wherein, it is stored with user account in user account library and presets
User password mapping table, to characterize the incidence relation between user account and pre-set user password.Server-side will authenticate
In the user account input user account library obtained after information decryption, whether inquiry has in user account library and authentication information
In the identical preparatory typing of user account user account.If no, illustrating the user account in this authentication information also
It is not registered in server-side, determines authentification failure.If having preparatory typing identical with the user account in authentication information
User account, then according to user account and pre-set user password mapping table, it is corresponding default that matching obtains user account
User password.Then, the user password in authentication information is compared with pre-set user password, judges whether the two is consistent.
If inconsistent, illustrate the password mistake of user's input, server-side determines authentification failure, and exports prompt information, reminds user
Reaffirm user password.If consistent, server-side determines that authentication information is correct, i.e., the user information inputted when this is authenticated is just
Really, it authenticates successfully.
A kind of user information provided in this embodiment verifies system, is based on redis, passes through the encryption periodically generated at random
The system random value that the factor and instantaneity generate encrypts user information.When carrying out the decryption of user information, not only need
Compare the encryption factor in the user account and user password in user information, it is also necessary to compare account in user information with
Machine value, cipher random value and system random value prevent other to effectively increase the confidentiality of user information authentication, safety
People directly gains certification by cheating by back-end server interface using encrypted user information.
Referring to Fig. 4, a kind of computer equipment is also provided in the embodiment of the present application, which can be server,
Its internal structure can be as shown in Figure 4.The computer equipment includes processor, the memory, network connected by system bus
Interface and database.Wherein, the processor of the Computer Design is for providing calculating and control ability.The computer equipment is deposited
Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program
And database.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.
The database of the computer equipment is for storing the data such as user account library.The network interface of the computer equipment is used for and outside
Terminal by network connection communication.When the computer program is executed by processor with realize a kind of encryption of user information and/or
Decryption method.
Above-mentioned processor executes the step of above-mentioned user information encryption method, is applied to client, the encryption method packet
It includes:
S1: whether real time monitoring receives the user information of user's input, and the user information includes user account and use
Family password;
S2: if receiving the user information of user's input, system random value is generated, wherein the system random value is
Universally Unique Identifier;
S3: the first encryption factor obtained in advance is transferred, and first encryption factor and the system random value are spelled
It connects, obtains the first concatenation information, wherein first encryption factor is that the client is obtained according to predeterminated frequency from server-side
The encryption information generated at random by the server-side;
S4: according to first concatenation information, the user account and the user password is encrypted respectively, obtained
The corresponding user account encryption information of user account and the corresponding user password encryption information of the user password;
S5: using the user account encryption information, the user password encryption information and the system random value as recognizing
Card information is sent to server-side.
Further, described according to first concatenation information, respectively to the user account and the user password into
Row encryption, obtains the corresponding user account encryption information of the user account and the corresponding user password of the user password
The step of encryption information, comprising:
S401: using preset separator by first concatenation information respectively with the user account, the user password
Spliced, obtains corresponding second concatenation information of the user account and the corresponding third splicing letter of the user password
Breath;
S402: calling the public-key cryptography of asymmetric arithmetic, respectively to second concatenation information and third splicing letter
Breath is encrypted, and the user account encryption information and the user password encryption information are obtained.
Further, before described the step of transferring the first encryption factor obtained in advance, comprising:
S6: obtaining first encryption factor from server-side according to predeterminated frequency, and judge whether there is the second encryption because
Son, wherein first encryption factor is the encryption factor that current period obtains, and second encryption factor is to obtain in a upper period
The encryption factor taken;
S7: the second encryption factor if it exists, then judge first encryption factor and second encryption factor whether phase
Together;
S8: if not identical, second encryption factor is replaced using first encryption factor.
Above-mentioned processor executes the step of above-mentioned user information decryption method, is applied to server-side, such as decrypted authentication
The authentication information that the upper user information encryption method obtains, the decryption method include:
S9: the authentication information that the client is sent is received;
S10: being respectively decrypted the user account encryption information and the user password encryption information, obtains described
The corresponding user account of user account encryption information, account random value and account encryption factor and user password encryption
The corresponding user password of information, cipher random value and the password encryption factor;
S11: judge whether the account random value, the cipher random value are consistent with the system random value, and sentence
Whether the account encryption factor of breaking is consistent with the password encryption factor;
S12: if the account random value, the cipher random value and the system random value are consistent, and the account
Number encryption factor and the password encryption factor are consistent, then whether effective inquire the password encryption factor;
S13: if effectively, determining that the authentication information is legal.
Further, the whether effective step of the inquiry password encryption factor, comprising:
S1201: effective encryption factor of current period generation is transferred, wherein effective encryption factor is the service
The encryption information in effective status that end current period generates at random;
S1202: judge whether the password encryption factor is consistent with the effectively close factor;
S1203: if consistent, determine that the password encryption factor is effective;
S1204: if inconsistent, determine that the password encryption factor is invalid.
Further, before described the step of receiving the authentication information that the client is sent, comprising:
S14: effective encryption factor is generated according to predetermined period, and is effectively added according to predetermined period setting is described
The effective time of the close factor, the effective time be effective encryption factor the server-side there are the times;
S15: effective encryption factor described in real-time monitoring whether there are the times to be in effective period of time;
S16: if not in effective period of time, then effective encryption factor is deleted.
Further, after the step for determining that the authentication information is legal, comprising:
S17: judge whether to get the corresponding pre-set user of the user account from the user account library constructed in advance
Password, wherein the user account inventory contains user account and pre-set user password mapping table;
S18: if getting the corresponding pre-set user password of the user account from the user account library constructed in advance,
Judge whether the user password and the pre-set user password are consistent;
S19: if consistent, determine that authentication information is correct.
One embodiment of the application also provides a kind of computer readable storage medium, is stored thereon with computer program, calculates
Machine program realizes a kind of encryption of user information and/or decryption method when being executed by processor.
Specifically: the step of a kind of user information encryption method, it is applied to client, the encryption method includes:
S1: whether real time monitoring receives the user information of user's input, and the user information includes user account and use
Family password;
S2: if receiving the user information of user's input, system random value is generated, wherein the system random value is
Universally Unique Identifier;
S3: the first encryption factor obtained in advance is transferred, and first encryption factor and the system random value are spelled
It connects, obtains the first concatenation information, wherein first encryption factor is that the client is obtained according to predeterminated frequency from server-side
The encryption information generated at random by the server-side;
S4: according to first concatenation information, the user account and the user password is encrypted respectively, obtained
The corresponding user account encryption information of user account and the corresponding user password encryption information of the user password;
S5: using the user account encryption information, the user password encryption information and the system random value as recognizing
Card information is sent to server-side.
Further, described according to first concatenation information, respectively to the user account and the user password into
Row encryption, obtains the corresponding user account encryption information of the user account and the corresponding user password of the user password
The step of encryption information, comprising:
S401: using preset separator by first concatenation information respectively with the user account, the user password
Spliced, obtains corresponding second concatenation information of the user account and the corresponding third splicing letter of the user password
Breath;
S402: calling the public-key cryptography of asymmetric arithmetic, respectively to second concatenation information and third splicing letter
Breath is encrypted, and the user account encryption information and the user password encryption information are obtained.
Further, before described the step of transferring the first encryption factor obtained in advance, comprising:
S6: obtaining first encryption factor from server-side according to predeterminated frequency, and judge whether there is the second encryption because
Son, wherein first encryption factor is the encryption factor that current period obtains, and second encryption factor is to obtain in a upper period
The encryption factor taken;
S7: the second encryption factor if it exists, then judge first encryption factor and second encryption factor whether phase
Together;
S8: if not identical, second encryption factor is replaced using first encryption factor.
Above-mentioned processor executes the step of above-mentioned user information decryption method, is applied to server-side, such as decrypted authentication
The authentication information that the upper user information encryption method obtains, the decryption method include:
S9: the authentication information that the client is sent is received;
S10: being respectively decrypted the user account encryption information and the user password encryption information, obtains described
The corresponding user account of user account encryption information, account random value and account encryption factor and user password encryption
The corresponding user password of information, cipher random value and the password encryption factor;
S11: judge whether the account random value, the cipher random value are consistent with the system random value, and sentence
Whether the account encryption factor of breaking is consistent with the password encryption factor;
S12: if the account random value, the cipher random value and the system random value are consistent, and the account
Number encryption factor and the password encryption factor are consistent, then whether effective inquire the password encryption factor;
S13: if effectively, determining that the authentication information is legal.
Further, the whether effective step of the inquiry password encryption factor, comprising:
S1201: effective encryption factor of current period generation is transferred, wherein effective encryption factor is the service
The encryption information in effective status that end current period generates at random;
S1202: judge whether the password encryption factor is consistent with the effectively close factor;
S1203: if consistent, determine that the password encryption factor is effective;
S1204: if inconsistent, determine that the password encryption factor is invalid.
Further, before described the step of receiving the authentication information that the client is sent, comprising:
S14: effective encryption factor is generated according to predetermined period, and is effectively added according to predetermined period setting is described
The effective time of the close factor, the effective time be effective encryption factor the server-side there are the times;
S15: effective encryption factor described in real-time monitoring whether there are the times to be in effective period of time;
S16: if not in effective period of time, then effective encryption factor is deleted.
Further, after the step for determining that the authentication information is legal, comprising:
S17: judge whether to get the corresponding pre-set user of the user account from the user account library constructed in advance
Password, wherein the user account inventory contains user account and pre-set user password mapping table;
S18: if getting the corresponding pre-set user password of the user account from the user account library constructed in advance,
Judge whether the user password and the pre-set user password are consistent;
S19: if consistent, determine that authentication information is correct.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can store and a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
Any reference used in provided herein and embodiment to memory, storage, database or other media,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM can by diversified forms
, such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double speed are according to rate SDRAM (SSRSDRAM), increasing
Strong type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and
And further include the other elements being not explicitly listed, or further include for this process, device, article or method institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, device of element, article or method.
The foregoing is merely preferred embodiment of the present application, are not intended to limit the scope of the patents of the application, all utilizations
Equivalent structure or equivalent flow shift made by present specification and accompanying drawing content is applied directly or indirectly in other correlations
Technical field, similarly include in the scope of patent protection of the application.
Claims (10)
1. a kind of user information encryption method, which is characterized in that be applied to client, the encryption method includes:
Whether real time monitoring receives the user information of user's input, and the user information includes user account and user password;
If receiving the user information of user's input, system random value is generated, wherein the system random value is general unique
Identification code;
The first encryption factor obtained in advance is transferred, and first encryption factor and the system random value are spliced, is obtained
First concatenation information, wherein first encryption factor for the client according to predeterminated frequency obtained from server-side by institute
State the encryption information that server-side generates at random;
According to first concatenation information, the user account and the user password are encrypted respectively, obtain the use
The corresponding user account encryption information of family account and the corresponding user password encryption information of the user password;
It is sent out the user account encryption information, the user password encryption information and the system random value as authentication information
It is sent to the server-side.
2. user information encryption method according to claim 1, which is characterized in that described to be believed according to first splicing
Breath, respectively encrypts the user account and the user password, obtains the corresponding user account of the user account and add
The step of confidential information and the user password corresponding user password encryption information, comprising:
First concatenation information is spliced with the user account, the user password respectively using preset separator,
Obtain corresponding second concatenation information of the user account and the corresponding third concatenation information of the user password;
The public-key cryptography for calling asymmetric arithmetic, respectively adds second concatenation information and the third concatenation information
It is close, obtain the user account encryption information and the user password encryption information.
3. user information encryption method according to claim 1, which is characterized in that it is described transfer obtain in advance first plus
Before the step of close factor, comprising:
First encryption factor is obtained from server-side according to predeterminated frequency, and judges whether there is the second encryption factor, wherein
First encryption factor is the encryption factor when previous acquisition, second encryption factor be the last encryption obtained because
Son;
Second encryption factor if it exists then judges whether first encryption factor and second encryption factor are identical;
If not identical, second encryption factor is replaced using first encryption factor.
4. a kind of user information decryption method, which is characterized in that be applied to server-side, be used for decrypted authentication such as claim 1 institute
The authentication information that the user information encryption method stated obtains, the decryption method include:
Receive the authentication information that the client is sent;
The user account encryption information and the user password encryption information are decrypted respectively, obtain the user account
The corresponding user account of encryption information, account random value and account encryption factor and the user password encryption information are corresponding
User password, cipher random value and the password encryption factor;
Judge whether the account random value, the cipher random value are consistent with the system random value, and judges the account
Whether number encryption factor is consistent with the password encryption factor;
If the account random value, the cipher random value and the system random value are consistent, and the account encryption because
It is sub consistent with the password encryption factor, then whether effective inquire the password encryption factor;
If effectively, determining that the authentication information is legal.
5. user information decryption method according to claim 4, which is characterized in that the inquiry password encryption factor
Whether effective step, comprising:
Transfer effective encryption factor of current period generation, wherein effective encryption factor is the server-side current period
The encryption information in effective status generated at random;
Judge whether the password encryption factor is consistent with the effectively close factor;
If consistent, determine that the password encryption factor is effective;
If inconsistent, determine that the password encryption factor is invalid.
6. user information decryption method according to claim 5, which is characterized in that described to receive what the client was sent
Before the step of authentication information, comprising:
Effective encryption factor is generated according to predetermined period, and effective encryption factor is arranged according to the predetermined period
Effective time, the effective time be effective encryption factor the server-side there are the times;
Effective encryption factor described in real-time monitoring whether there are the times to be in effective period of time;
If not then deleting effective encryption factor in effective period of time.
7. user information decryption method according to claim 4, which is characterized in that described to determine that the authentication information is legal
The step of after, comprising:
Judge whether to get the corresponding pre-set user password of the user account from the user account library constructed in advance,
In, the user account inventory contains user account and pre-set user password mapping table;
If getting the corresponding pre-set user password of the user account from the user account library constructed in advance, described in judgement
Whether user password and the pre-set user password are consistent;
If consistent, determine that authentication information is correct.
8. a kind of user information verifies system, which is characterized in that including client and server-side, wherein the client includes:
Monitoring module, for monitoring the user information for whether receiving user's input in real time, the user information includes user's account
Number and user password;
Generation module, for generating system random value, wherein the system random value is Universally Unique Identifier;
Splicing module, for transferring the first encryption factor obtained in advance, and by first encryption factor and the system with
The splicing of machine value, obtains the first concatenation information, wherein first encryption factor be the client according to predeterminated frequency from service
Hold the encryption information generated at random obtained;
Encrypting module, for adding to the user account and the user password respectively according to first concatenation information
It is close, obtain the corresponding user account encryption information of the user account and the corresponding user password encryption of the user password
Information;
Sending module is used for the user account encryption information, the user password encryption information and the system random value
Server-side is sent to as authentication information;
The server-side includes:
Receiving module, the authentication information sent for receiving the client;
Deciphering module is obtained for the user account encryption information and the user password encryption information to be decrypted respectively
It is close to the corresponding user account of the user account encryption information, account random value and account encryption factor and the user
The corresponding user password of code encryption information, cipher random value and the password encryption factor;
Judgment module, for judging whether the account random value, the cipher random value are consistent with the system random value,
And judge whether the account encryption factor is consistent with the password encryption factor;
Enquiry module, it is whether effective for inquiring the password encryption factor;
Determination module, for determining that the authentication information is legal.
9. a kind of computer equipment, including memory and processor, it is stored with computer program in the memory, feature exists
In the processor realizes user information encryption method described in any one of claims 1 to 3 when executing the computer program
The step of, and/or the step of user information decryption method described in any one of realization claim 4 to 7.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of user information encryption method described in any one of claims 1 to 3 is realized when being executed by processor, and/or realize power
Benefit require any one of 4 to 7 described in user information decryption method the step of.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910305180.7A CN110147658A (en) | 2019-04-16 | 2019-04-16 | User information encipher-decipher method, system and computer equipment |
PCT/CN2019/117661 WO2020211348A1 (en) | 2019-04-16 | 2019-11-12 | User information encryption and decryption method, system, and computer device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910305180.7A CN110147658A (en) | 2019-04-16 | 2019-04-16 | User information encipher-decipher method, system and computer equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110147658A true CN110147658A (en) | 2019-08-20 |
Family
ID=67588515
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910305180.7A Pending CN110147658A (en) | 2019-04-16 | 2019-04-16 | User information encipher-decipher method, system and computer equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110147658A (en) |
WO (1) | WO2020211348A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020211348A1 (en) * | 2019-04-16 | 2020-10-22 | 平安科技(深圳)有限公司 | User information encryption and decryption method, system, and computer device |
CN113139203A (en) * | 2020-01-19 | 2021-07-20 | 上海臻客信息技术服务有限公司 | User information leakage prevention method |
CN114143029A (en) * | 2021-10-29 | 2022-03-04 | 航天信息股份有限公司 | User personal account password generating system and method capable of being repeatedly generated |
Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110281630A1 (en) * | 2009-01-30 | 2011-11-17 | Omarco Networks Solutions Limited | Multifunction authentication systems |
CN102316112A (en) * | 2011-09-16 | 2012-01-11 | 李建成 | Password authentication method in network application and system |
CN102598577A (en) * | 2009-10-23 | 2012-07-18 | 微软公司 | Authentication using cloud authentication |
CN103220673A (en) * | 2013-04-24 | 2013-07-24 | 中国联合网络通信集团有限公司 | Wireless local area network (WLAN) user authentication method, authentication server and user equipment (UE) |
CN103647746A (en) * | 2013-11-01 | 2014-03-19 | 北京奇虎科技有限公司 | User login method, device and system |
CN104125055A (en) * | 2014-06-25 | 2014-10-29 | 小米科技有限责任公司 | Encryption and decryption method and electronic device |
CN104219228A (en) * | 2014-08-18 | 2014-12-17 | 四川长虹电器股份有限公司 | User registration and user identification method and user registration and user identification system |
CN105357191A (en) * | 2015-10-28 | 2016-02-24 | 北京奇虎科技有限公司 | User data encryption method and device |
CN106453234A (en) * | 2016-08-12 | 2017-02-22 | 北京东方车云信息技术有限公司 | Identity authentication method, relevant server and client |
CN107209658A (en) * | 2014-10-17 | 2017-09-26 | 艾佛伦美国公司 | User is verified based on the digital fingerprint signal as derived from out of band data |
CN107317791A (en) * | 2016-12-15 | 2017-11-03 | 平安科技(深圳)有限公司 | Login validation method, logging request method and Security Login System |
CN107566407A (en) * | 2017-10-20 | 2018-01-09 | 哈尔滨工程大学 | A kind of two-way authentication Security Data Transmission and storage method based on USBkey |
CN107818255A (en) * | 2017-12-01 | 2018-03-20 | 郑州云海信息技术有限公司 | A kind of method based on fingerprint recognition encryption strengthening system safety |
CN107948155A (en) * | 2017-11-24 | 2018-04-20 | 重庆金融资产交易所有限责任公司 | Cryptographic check method, apparatus, computer equipment and computer-readable recording medium |
CN108880812A (en) * | 2017-05-09 | 2018-11-23 | 北京京东尚科信息技术有限公司 | The method and system of data encryption |
CN108964901A (en) * | 2018-07-06 | 2018-12-07 | 武汉斗鱼网络科技有限公司 | Information Authentication method, system, device |
CN109150903A (en) * | 2018-09-25 | 2019-01-04 | 平安科技(深圳)有限公司 | A kind of account management method, device, storage medium and terminal device |
CN109327444A (en) * | 2014-03-27 | 2019-02-12 | 阿里巴巴集团控股有限公司 | A kind of registration of account information and authentication method and device |
CN109474423A (en) * | 2018-12-10 | 2019-03-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, server and storage medium |
CN109492382A (en) * | 2018-10-22 | 2019-03-19 | 黄超 | A kind of single input frame login validation method |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9015489B2 (en) * | 2010-04-07 | 2015-04-21 | Microsoft Technology Licensing, Llc | Securing passwords against dictionary attacks |
CN105207782B (en) * | 2015-11-18 | 2018-09-25 | 上海爱数信息技术股份有限公司 | A kind of auth method based on restful frameworks |
CN106790056B (en) * | 2016-12-20 | 2020-01-14 | 中国科学院苏州生物医学工程技术研究所 | Method and system for reducing data stealing risk of data bank |
CN109413627B (en) * | 2018-10-18 | 2022-08-12 | 飞天诚信科技股份有限公司 | Network distribution method and network distribution system of intelligent household equipment |
CN110147658A (en) * | 2019-04-16 | 2019-08-20 | 平安科技(深圳)有限公司 | User information encipher-decipher method, system and computer equipment |
-
2019
- 2019-04-16 CN CN201910305180.7A patent/CN110147658A/en active Pending
- 2019-11-12 WO PCT/CN2019/117661 patent/WO2020211348A1/en active Application Filing
Patent Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110281630A1 (en) * | 2009-01-30 | 2011-11-17 | Omarco Networks Solutions Limited | Multifunction authentication systems |
CN102598577A (en) * | 2009-10-23 | 2012-07-18 | 微软公司 | Authentication using cloud authentication |
CN102316112A (en) * | 2011-09-16 | 2012-01-11 | 李建成 | Password authentication method in network application and system |
CN103220673A (en) * | 2013-04-24 | 2013-07-24 | 中国联合网络通信集团有限公司 | Wireless local area network (WLAN) user authentication method, authentication server and user equipment (UE) |
CN103647746A (en) * | 2013-11-01 | 2014-03-19 | 北京奇虎科技有限公司 | User login method, device and system |
CN109327444A (en) * | 2014-03-27 | 2019-02-12 | 阿里巴巴集团控股有限公司 | A kind of registration of account information and authentication method and device |
CN104125055A (en) * | 2014-06-25 | 2014-10-29 | 小米科技有限责任公司 | Encryption and decryption method and electronic device |
CN104219228A (en) * | 2014-08-18 | 2014-12-17 | 四川长虹电器股份有限公司 | User registration and user identification method and user registration and user identification system |
CN107209658A (en) * | 2014-10-17 | 2017-09-26 | 艾佛伦美国公司 | User is verified based on the digital fingerprint signal as derived from out of band data |
CN105357191A (en) * | 2015-10-28 | 2016-02-24 | 北京奇虎科技有限公司 | User data encryption method and device |
CN106453234A (en) * | 2016-08-12 | 2017-02-22 | 北京东方车云信息技术有限公司 | Identity authentication method, relevant server and client |
CN107317791A (en) * | 2016-12-15 | 2017-11-03 | 平安科技(深圳)有限公司 | Login validation method, logging request method and Security Login System |
CN108880812A (en) * | 2017-05-09 | 2018-11-23 | 北京京东尚科信息技术有限公司 | The method and system of data encryption |
CN107566407A (en) * | 2017-10-20 | 2018-01-09 | 哈尔滨工程大学 | A kind of two-way authentication Security Data Transmission and storage method based on USBkey |
CN107948155A (en) * | 2017-11-24 | 2018-04-20 | 重庆金融资产交易所有限责任公司 | Cryptographic check method, apparatus, computer equipment and computer-readable recording medium |
CN107818255A (en) * | 2017-12-01 | 2018-03-20 | 郑州云海信息技术有限公司 | A kind of method based on fingerprint recognition encryption strengthening system safety |
CN108964901A (en) * | 2018-07-06 | 2018-12-07 | 武汉斗鱼网络科技有限公司 | Information Authentication method, system, device |
CN109150903A (en) * | 2018-09-25 | 2019-01-04 | 平安科技(深圳)有限公司 | A kind of account management method, device, storage medium and terminal device |
CN109492382A (en) * | 2018-10-22 | 2019-03-19 | 黄超 | A kind of single input frame login validation method |
CN109474423A (en) * | 2018-12-10 | 2019-03-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, server and storage medium |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020211348A1 (en) * | 2019-04-16 | 2020-10-22 | 平安科技(深圳)有限公司 | User information encryption and decryption method, system, and computer device |
CN113139203A (en) * | 2020-01-19 | 2021-07-20 | 上海臻客信息技术服务有限公司 | User information leakage prevention method |
CN114143029A (en) * | 2021-10-29 | 2022-03-04 | 航天信息股份有限公司 | User personal account password generating system and method capable of being repeatedly generated |
CN114143029B (en) * | 2021-10-29 | 2024-03-08 | 航天信息股份有限公司 | User personal account password generation system and method capable of repeatedly generating |
Also Published As
Publication number | Publication date |
---|---|
WO2020211348A1 (en) | 2020-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1249095B1 (en) | Method for issuing an electronic identity | |
JP4866863B2 (en) | Security code generation method and user device | |
CN111447214B (en) | Method for centralized service of public key and cipher based on fingerprint identification | |
US9338163B2 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
US6985583B1 (en) | System and method for authentication seed distribution | |
EP1500226B1 (en) | System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients | |
US7571489B2 (en) | One time passcode system | |
US7793102B2 (en) | Method for authentication between a portable telecommunication object and a public access terminal | |
CN1565117B (en) | Data certification method and apparatus | |
US7366904B2 (en) | Method for modifying validity of a certificate using biometric information in public key infrastructure-based authentication system | |
US8724819B2 (en) | Credential provisioning | |
CN110138744B (en) | Method, device and system for replacing communication number, computer equipment and storage medium | |
US20040103325A1 (en) | Authenticated remote PIN unblock | |
US7844834B2 (en) | Method and system for protecting data, related communication network and computer program product | |
WO2012067847A1 (en) | System and method for end to end encryption | |
CN104683107B (en) | Digital certificate keeping method and device, digital signature method and device | |
CN110147658A (en) | User information encipher-decipher method, system and computer equipment | |
US7913096B2 (en) | Method and system for the cipher key controlled exploitation of data resources, related network and computer program products | |
WO2007036763A1 (en) | Biometric authentication system | |
US7587051B2 (en) | System and method for securing information, including a system and method for setting up a correspondent pairing | |
JPWO2010050192A1 (en) | Password reissue method | |
WO2001043338A1 (en) | Method and apparatus for secure e-commerce transactions | |
EP1879321A1 (en) | Electronic signature with a trusted platform | |
EP1763192A1 (en) | Cascaded personalization of an end-to-end encryption module | |
CN114238912A (en) | Digital certificate processing method and device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |