CN111918287A - Information processing method and device - Google Patents

Information processing method and device Download PDF

Info

Publication number
CN111918287A
CN111918287A CN201910390786.5A CN201910390786A CN111918287A CN 111918287 A CN111918287 A CN 111918287A CN 201910390786 A CN201910390786 A CN 201910390786A CN 111918287 A CN111918287 A CN 111918287A
Authority
CN
China
Prior art keywords
password
address
login
client
user name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910390786.5A
Other languages
Chinese (zh)
Inventor
叶彦
何媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201910390786.5A priority Critical patent/CN111918287A/en
Publication of CN111918287A publication Critical patent/CN111918287A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The embodiment of the invention provides an information processing method and device, which are applied to an Operation Maintenance Center (OMC) system, wherein the method comprises the following steps: receiving a login request sent by a client, and acquiring login information corresponding to the login request, wherein the login information comprises: a first IP address, a first username and a first password; when the pre-stored user name matched with the first user name is found, judging whether the first IP address comprises a first IP address section; the first IP address segment corresponds to a pre-stored user name matched with the first user name; if yes, verifying the first password, returning login permission information to the client when the first password passes verification, and returning login prohibition information to the client when the first password fails verification; if not, returning a login prohibition message to the client. The verification of the IP address and the login password in the login request is realized, and the complexity of the verification of the login request is increased, so that the safety of the OMC system is improved.

Description

Information processing method and device
Technical Field
The present invention relates to the field of mobile communications technologies, and in particular, to an information processing method and an information processing apparatus.
Background
At present, the scale of a mobile network is continuously enlarged, the number of network elements is continuously enlarged, operators adopt an OMC (Operation and Maintenance Center) system to perform centralized management on the network elements, and the Operation and Maintenance Center (OMC) plays an increasingly important role in the Operation and Maintenance process of communication equipment.
At present, a user logs in an OMC system to perform network element management, when logging in the OMC system, a server of the OMC system only performs simple verification on a login request, and when the verification is passed, the user can log in the OMC system to perform network element management. However, the security of the OMC system is reduced by using a simple verification method for a long time, so that the risk of the OMC system being invaded is higher and higher, and potential security risks are caused to a mobile network maintained by the OMC system.
Content of application
The embodiment of the invention provides an information processing method for improving the safety of an OMC system.
Correspondingly, the embodiment of the invention also provides an information processing device, which is used for ensuring the realization and the application of the method.
In order to solve the above problem, the present invention discloses an information processing method, which is applied to an operation and maintenance center OMC system, and the method includes:
receiving a login request sent by a client, and acquiring login information corresponding to the login request, wherein the login information comprises: a first IP address, a first username and a first password;
when the pre-stored user name matched with the first user name is found, judging whether the first IP address comprises a first IP address section; the first IP address segment corresponds to a pre-stored user name matched with the first user name;
if the first IP address comprises the first IP address section, verifying the first password; when the verification is passed, returning a login permission message to the client; when the verification fails, a login forbidding message is returned to the client;
and if the first IP address does not comprise the first IP address field, returning a login prohibition message to the client.
Optionally, the step of determining whether the first IP address includes a first IP address segment includes:
extracting the first N bytes of the first IP address;
encrypting the first N bytes, and judging whether the encrypted first N bytes are matched with the first IP address field; n is a positive integer.
Optionally, before the step of returning a login prohibition message to the client, the method further includes:
judging whether the first IP address is a fixed IP address; the fixed IP address corresponds to a pre-stored user name matched with the first user name;
if the first IP address is the fixed IP address, executing the step of verifying the first password;
and if the first IP address is not the fixed IP address, executing the step of returning the login prohibition message to the client.
Optionally, before the step of verifying the first password, the method further comprises:
judging whether the current time is within a preset login time interval or not; wherein, the login time interval corresponds to a pre-stored user name matched with the first user name;
if the current time is within a preset login time interval, the step of verifying the first password is executed;
and if the current time is not within the preset login time interval, executing the step of returning the login prohibition message to the client.
Optionally, the method further comprises the step of registering:
receiving a registration request sent by the client, and acquiring registration information corresponding to the registration request; wherein the registration information includes: a second username and a second password;
judging whether the length of the second user name exceeds a preset length or not;
if the length of the second username exceeds the preset length, judging whether the second password comprises at least two preset characters; when the second password comprises the at least two preset characters, returning a registration success message to the client; when the second password does not comprise the at least two preset characters, a first registration failure message is returned to the client;
and if the length of the second user name does not exceed the preset length, returning a second registration failure message to the client.
Optionally, before the step of verifying the first password, the method further comprises:
searching a pre-stored password corresponding to the pre-stored user name, and acquiring the generation time of the pre-stored password;
calculating the time difference between the generation time and the current time, and judging whether the time difference is greater than a time threshold value;
if the time difference is larger than the time threshold, the step of returning a login prohibition message to the client is executed;
and if the time difference is smaller than or equal to the time threshold, executing the step of verifying the first password.
Optionally, the method further comprises:
if the time difference is smaller than or equal to the time threshold, returning a password modification message to the client, and receiving a password modification request returned by the client for the password modification message;
acquiring password modification information corresponding to the password modification request, wherein the password modification information comprises a third password;
judging whether the third password comprises at least two preset characters;
if the third password comprises the at least two preset characters, a password modification success message is returned to the client;
and if the third password does not comprise the at least two preset characters, returning a password modification failure message to the client.
The embodiment of the invention also provides an information processing device, which is applied to an operation maintenance center OMC system, and the device comprises:
the login information acquisition module is used for receiving a login request sent by a client and acquiring login information corresponding to the login request, wherein the login information comprises: a first IP address, a first username and a first password;
the IP address judging module is used for judging whether the first IP address comprises a first IP address section or not when the prestored user name matched with the first user name is found; the first IP address segment corresponds to a pre-stored user name matched with the first user name;
the password verification module is used for verifying the first password if the first IP address comprises the first IP address section; when the verification is passed, returning a login permission message to the client;
and the login prohibition message returning module is used for returning a login prohibition message to the client if the first IP address does not comprise the first IP address field or the first IP address comprises the first IP address field and the password authentication fails.
Optionally, the IP address determining module is specifically configured to extract the first N bytes of the first IP address, encrypt the first N bytes, and determine whether the encrypted first N bytes match the first IP address segment; n is a positive integer.
Optionally, the apparatus further comprises:
the fixed IP address judging module is used for judging whether the first IP address is a fixed IP address; the fixed IP address corresponds to a pre-stored user name matched with the first user name;
the password verification module is used for verifying the first password if the first IP address is the fixed IP address;
and the login prohibition message returning module is used for returning a login prohibition message to the client if the first IP address is not the fixed IP address.
Optionally, the apparatus further comprises:
the login time judging module is used for judging whether the current time is within a preset login time interval or not; wherein, the login time interval corresponds to a pre-stored user name matched with the first user name;
the password verification module is used for verifying the first password if the current time is within a preset login time interval;
and the login prohibition message returning module is used for returning a login prohibition message to the client if the current time is not within a preset login time interval.
Optionally, the apparatus further comprises:
the registration information acquisition module is used for receiving a registration request sent by the client and acquiring registration information corresponding to the registration request; wherein the registration information includes: a second username and a second password;
the user name judging module is used for judging whether the length of the second user name exceeds a preset length or not;
the first registration judgment module is used for judging whether the second password comprises at least two preset characters or not if the length of the second username exceeds a preset length; when the second password comprises the at least two preset characters, returning a registration success message to the client; when the second password does not comprise the at least two preset characters, a first registration failure message is returned to the client;
and the second registration judgment module is used for returning a second registration failure message to the client if the length of the second user name does not exceed the preset length.
Optionally, the apparatus further comprises:
the password generation time acquisition module is used for searching a pre-stored password corresponding to the pre-stored user name and acquiring the generation time of the pre-stored password;
the time difference judging module is used for calculating the time difference between the generation time and the current time and judging whether the time difference is greater than a time threshold value;
the login prohibition message returning module is used for returning a login prohibition message to the client if the time difference is greater than the time threshold;
and the password verification module is used for verifying the first password if the time difference is less than or equal to the time threshold.
Optionally, the apparatus further comprises:
a password modification request receiving module, configured to return a password modification message to the client if the time difference is smaller than or equal to the time threshold, and receive a password modification request returned by the client for the password modification message;
a password modification information acquisition module, configured to acquire password modification information corresponding to the password modification request, where the password modification information includes a third password;
the password judgment module is used for judging whether the third password comprises at least two preset characters;
a password modification success message returning module, configured to return a password modification success message to the client if the third password includes the at least two preset characters;
and the password modification failure message returning module is used for returning a password modification failure message to the client if the third password does not comprise the at least two preset characters.
Compared with the prior art, the embodiment of the invention has the following advantages:
when a login request of a client is received, acquiring login information from the login request, verifying an IP address and a login password in the login information, verifying whether the IP address is the IP address allowed to be logged in, and continuously verifying whether the login password is the correct password when the IP address allowed to be logged in is the IP address allowed to be logged in, so that the login of the OMC system is allowed only under the conditions that the login IP address is the IP address allowed to be logged in and the login password is the correct password, otherwise, the login of the OMC system is prohibited; therefore, the complexity of the login request verification is increased, so that a user can only log in the OMC system from a given local area network, and after a user name and a password are stolen, an illegal user can log in and use the OMC system from any network by adopting the stolen user name and password, and the safety of the OMC system is improved.
Drawings
FIG. 1 is a block diagram of an OMC system according to an embodiment of an information processing method of the present invention;
FIG. 2 is a flow chart of the steps of an embodiment of a method of information processing of the present invention;
FIG. 3 is a flow chart of steps in another information processing method embodiment of the present invention;
FIG. 4 is a diagram of a local area network in the Internet in yet another embodiment of an information processing method of the present invention;
FIG. 5 is a flow chart of steps in another information processing method embodiment of the present invention;
FIG. 6 is a flow chart of steps for modifying a password in another embodiment of a method of information processing of the present invention;
FIG. 7 is a flowchart of the steps of a registration step in yet another embodiment of an information processing method of the present invention;
FIG. 8 is a block diagram of an embodiment of an information processing apparatus according to the present invention;
FIG. 9 is a block diagram of the structure of still another embodiment of an information processing apparatus according to the present invention;
fig. 10 is a block diagram showing the configuration of a module for authenticating a registration request according to still another embodiment of the information processing apparatus of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
One of the core ideas of the embodiment of the invention is that when a server of the OMC system receives a login request, whether the login IP address is the IP address allowed to be logged in or not can be judged firstly, if yes, the password is further verified, and then an illegal user can be prevented from stealing the user name and the password and then invading the OMC system, so that the safety of the OMC system is improved.
The frame structure of the OMC system according to the embodiment of the present invention may refer to fig. 1, in fig. 1, a client of the OMC system may be deployed on a Personal Computer (PC), and a server of the OMC system provides a required service for the client of the OMC system, where the service may include a login service, a registration service, a network element management service, and the like, so that a user may log in the OMC system through the client to manage a network element in a communication system.
Referring to fig. 2, a flowchart illustrating steps of an embodiment of an information processing method according to the present invention is shown, which may specifically include the following steps:
step 201, receiving a login request sent by a client, and acquiring login information corresponding to the login request.
In the embodiment of the invention, the client can send out the login request according to the login operation of the user, the login request carries login information, and the login information can comprise various information, such as a first IP address, a first user name and a first password; of course, other information, such as client port information, number information, and the like, may also be included, which is not limited in this embodiment of the present invention. The first IP address may refer to an IP address used by the client in the internet, the first username may refer to a login username input by the user at the client, and the first password may refer to a login password input by the user at the client.
Step 202, when the pre-stored user name matched with the first user name is found, judging whether the first IP address comprises a first IP address section.
And the first IP address field corresponds to a pre-stored user name matched with the first user name.
In the embodiment of the invention, after the user successfully registers in the OMC system, the OMC system can store the corresponding registered user name, and subsequently, the stored registered user name can be called a pre-stored user name; and after receiving the login request, matching the first username in the login request with the pre-stored username, and searching the pre-stored username matched with the first username. When the pre-stored user name matched with the first user name is found, the first user name can be determined to be the registered user name of the OMC system, and at the moment, the first IP address field corresponding to the pre-stored user name matched with the first user name can be obtained. Different pre-stored user names can correspond to different first IP address fields, for example, if 24 pre-stored user names exist, 24 first IP address fields exist in a matching way; certainly, different pre-stored user names may also correspond to the same IP address segment, for example, there are 24 pre-stored user names, the 24 pre-stored user names are divided into 6 groups, each group has 4 pre-stored user names, each group has one first IP address segment corresponding to the pre-stored user name, and there are 6 first IP address segments matched with each other; the specific corresponding relationship may be set according to actual requirements, which is not limited in the embodiment of the present invention. If different pre-stored user names can correspond to different first IP address fields, different users are allowed to log in different IP addresses, so that the users do not share the IP address fields, and the security level of the OMC system can be improved.
After the first IP address segment is obtained, whether the first IP address comprises the first IP address segment can be judged; illustratively, taking a class C IP address, using an IPV4 address as an example, the first IP address field may be represented as: 193.178.12, if the first IP address is 193.178.12.11, it can be determined that the first IP address includes the first IP address field; if the first IP address is 193.178.11.11, it may be determined that it does not include the first IP address segment.
If the first IP address includes the first IP address field, which indicates that the first IP address is an IP address allowed to be logged in, go to step 203; if the first IP address does not include the first IP address field, indicating that the first IP address is an IP address not allowed to be registered, go to step 205.
Step 203, verifying the first password.
In the embodiment of the present invention, when the first password is verified, the first password may be matched with a pre-stored registration password, where the pre-stored registration password corresponds to the pre-stored user name found in step 202, and if the first password is matched with the pre-stored user name found in step 202, it indicates that the first password is correct, and the first password passes verification; if the login of the OMC system can be allowed, turning to step 204; if not, it indicates that the first password is wrong, the first password authentication is not passed or failed, and the login to the OMC system may be prohibited, then go to step 205.
And step 204, returning a login permission message to the client.
In the embodiment of the invention, when the first password passes the verification, the client is allowed to log in the OMC system, the login allowing message can be returned to the client, and the client can automatically enter the OMC system when receiving the login allowing message, so that a user can manage the network element in the communication system.
Step 205, a login prohibition message is returned to the client.
In the embodiment of the invention, when the first password is not verified or the first IP address does not comprise the first IP address field, the login of the OMC system is prohibited, a login prohibition message can be returned to the client, and the client can still stay in the current login interface when receiving the login prohibition message, so that the user cannot enter the OMC system and further cannot manage the network element in the communication system.
In the embodiment of the present invention, when a login request of a client is received, login information is obtained from the login request, where the login information includes: a first IP address, a first username and a first password; then when the pre-stored user name corresponding to the first user name is found, whether the first IP address in the login information comprises a first IP address section corresponding to the pre-stored user name or not can be judged, if yes, the first IP address is an IP address allowed to be logged in, a first password in the login information can be further verified, and the OMC system is allowed to be logged in when the first password is verified; when the first password is not verified, or the first IP address does not comprise the first IP address field, the login of the OMC system is forbidden; the user can only log in the OMC system from the established local area network, the complexity of login request verification is increased, and after the user name and the password are stolen, an illegal user can log in and use the OMC system from any network by adopting the stolen user name and password, so that the safety of the OMC system is improved.
In another embodiment of the present invention, details of the password authentication and the judgment of the IP address field in the information processing method of the present invention are described as follows:
referring to fig. 3, a flowchart illustrating steps of another embodiment of the information processing method of the present invention is shown, which may specifically include the following steps:
step 301, receiving a login request sent by a client, and acquiring login information corresponding to the login request.
In the embodiment of the present invention, when a login request of a client is received, the login information in the login request may be analyzed by using a corresponding analysis Protocol according to a Protocol type of the login request, for example, if the Protocol type of the login request is an HTTP Protocol (HyperText Transfer Protocol), the login request may be analyzed by using the HTTP Protocol, so as to analyze the login information therein, where the login information may include a first IP address, a first user name, and a first password.
Step 302, judging whether a pre-stored user name matched with the first user name is found.
In the embodiment of the invention, in order to ensure that the registered user name is not easy to steal and crack and improve the safety of the OMC system, the registered user name can be encrypted after the registered user name is obtained, and the encrypted registered user name is called as a pre-stored user name. The algorithm for encrypting the registered user name may include various algorithms, such as MD5(Message-digest algorithm 5) encryption algorithm. Therefore, when searching the pre-stored user name matched with the first user name, the first user name may be encrypted first, and then the pre-stored user name matched with the encrypted first user name may be searched.
The process of encrypting the first username and searching the pre-stored username matched with the encrypted first username can be as follows:
first, the first username is encrypted. The algorithm for encrypting the first username is consistent with the algorithm for encrypting the registered username, for example, if the stored pre-stored username is encrypted by the MD5 encryption algorithm, the first username is correspondingly encrypted by the MD5 encryption algorithm.
Then, searching a pre-stored user name matched with the encrypted first user name from a plurality of pre-stored user names, such as the pre-stored user name same as the encrypted first user name; if the pre-stored user name matched with the encrypted first user name is not found, the first user name is not the registered user name of the OMC system, and then the step 309 is executed; if the pre-stored user name matching the encrypted first user name is found, it indicates that the first user name is the registered user name of the OMC system, and then step 303 is performed.
Step 303, obtaining a first IP address segment corresponding to the pre-stored user name, and extracting the first N bytes of the first IP address.
After the pre-stored user name consistent with the encrypted first user name is found, the first IP address field corresponding to the pre-stored user name can be obtained.
In the embodiment of the present invention, the first IP address segment may only include the network address, for example, the first IP address segment may be 192.179.1; the first IP address may be a complete IP address, and may include a network address and a host address, where N may be determined according to the number of bytes included in the first IP address segment when the first N bytes of the first IP address are extracted, and N is a positive integer.
For example, taking the first IP address as a class C IP address and using an IPV4 address as an example, if the first IP address field is 192.179.1, N may be set to 3, and if the first IP address field is 192.178.1.12, the first 3 bytes of the first IP address are extracted 192.178.1, where the first 3 bytes may be used to identify a local area network in the internet at the lowest layer; if the first IP address field is 192.179, N may be set to 2, and if the first IP address is 192.178.1.12, the first 2 bytes 192.178 of the first IP address may be extracted, and the first 2 bytes may be used to identify a medium-sized network in which a plurality of local area networks are commonly located in the internet. As shown in fig. 4, a schematic diagram of a local area network in the internet is shown; in this example, the first 3 bytes of the first IP address are extracted to identify a lan such as 001 in fig. 4, and the first 2 bytes of the first IP address are extracted to identify a medium network such as 002 in fig. 4, the 002 comprising a 001 lan. In practice, the larger the number of bytes included in the first IP address field, the larger the value of N is set, and the smaller the characterized network.
And step 304, encrypting the first N bytes, and judging whether the encrypted first N bytes are matched with the first IP address field.
In the embodiment of the invention, in order to improve the difficulty of stealing and cracking the first IP address field and ensure the safety of the OMC system, the first IP address field can be an encrypted IP address field; therefore, when judging whether the first N bytes are matched with the first IP address field, the first N bytes may be encrypted first, and then whether the encrypted first N bytes are matched with the first IP address field may be judged. Wherein the encryption method for encrypting the first N bytes is similar to the encryption method for encrypting the first IP address field; for example, the first IP address segment may be encrypted by using a pre-stored key, or the first IP address segment may be encrypted by using an existing encryption algorithm, which is not limited in this embodiment of the present invention.
Illustratively, with a class C IP address and an IPV4 address, a first IP address field corresponding to a pre-stored user name is 193.178.12 encrypted value, assuming 22, and N is set to 3, where:
if the first IP address is 193.179.12.12, the first 3 bytes of the first IP address are extracted 193.179.12, 193.179.12 is encrypted, and assuming that the encrypted value is 23, it is determined that the first 3 bytes of the first IP address do not match the first IP address segment.
If the first IP address is 193.178.12.12, the first 3 bytes of the first IP address are extracted 193.178.12, 193.178.12 is encrypted, and assuming that the encrypted value is 22, it is determined that the first 3 bytes of the first IP address match the first IP address field.
If the first N encrypted bytes match the first IP address field, it indicates that the first IP address is an IP address allowed to be logged in, and step 305 may be performed; if the first N bytes after encryption do not match the first IP address field, it indicates that the first IP address is an IP address that is not allowed to be registered, and step 309 may be performed.
Step 305, obtaining a pre-stored password matched with the first user name.
In the embodiment of the invention, after the pre-stored user name matched with the first user name is found, the pre-stored password matched with the pre-stored user name can be found; in order to prevent the stored registration password from being stolen and cracked easily and improve the safety of the OMC system, the registration password can be encrypted after the registration password stored in the OMC system is registered, and the encrypted registration password is called as a pre-stored password; for example, if the registered password is 1242b, the pre-stored password may be a value obtained by encrypting the 1242b password, and if the encrypted value of 1242b is 3AB, the pre-stored password is 3 AB. And even if the pre-stored password is stolen by an illegal user, the illegal user obtains only an encrypted value instead of the original registered password, thereby ensuring the security of the OMC system.
Step 306, encrypt the first password.
Therefore, when the first password is verified, the first password is encrypted firstly, and then the encrypted first password is compared with the prestored password; the encryption algorithm used when encrypting the first password may be the same as the encryption algorithm used when encrypting the registration password.
And 307, judging whether the encrypted first password is matched with a pre-stored password.
When the encrypted first password is the same as the pre-stored password, the determined first password can be matched with the pre-stored password; exemplarily, taking the pre-stored password as 3AB as an example, if the first password is 1242b and the value obtained by encrypting 1242b is 3AB, it is determined that the encrypted first password matches the pre-stored password; if the first password is 1243b and the encrypted first password is 3AC, it is determined that the encrypted first password is not matched with the pre-stored password.
When the encrypted first password is matched with the pre-stored password, the verification is passed, and then the step 308 is executed; when the encrypted first password does not match the pre-stored password, the authentication is not passed, and step 309 is executed.
Step 308, a login permission message is returned to the client.
Step 308 is similar to step 204 and will not be described herein.
Step 309, a login prohibition message is returned to the client.
In the embodiment of the invention, when the pre-stored user name matched with the first user name is not found, or the first N bytes after encryption are judged to be not matched with the first IP address field, or the first password after encryption is verified to be not matched with the pre-stored password, the login prohibition message can be returned to the client, and the client can still stay in the current login interface when receiving the login prohibition message, so that the user can not enter the OMC system to realize the management of the network element in the communication system.
In the embodiment of the present invention, when a login request of a client is received, login information is obtained from the login request, where the login information includes: a first IP address, a first username and a first password; then when a pre-stored user name corresponding to the first user name is found, judging whether a first IP address in the login information comprises a first IP address section corresponding to the pre-stored user name, specifically, judging whether the first N encrypted bytes in the first IP address are consistent with the first IP address section, wherein the first IP address section is also an encrypted IP address section, verifying the first password when the first IP address section is consistent with the first IP address section, and forbidding to login the OMC system when the first IP address section is inconsistent with the first IP address section; on one hand, the user can only log in the OMC system from the set local area network, the complexity of verifying the login request is increased, and the safety of the OMC system is improved; on the other hand, the first IP address field is an encrypted IP address field, so that the difficulty of cracking the first IP address field is improved, and the safety of the OMC system is further improved.
Furthermore, the pre-stored user name is also an encrypted user name, and the pre-stored password is also an encrypted password, so that the difficulty of cracking the pre-stored user name and the pre-stored password can be improved, and the safety of the OMC system is further improved.
In another embodiment of the present invention, when verifying the login request, in addition to verifying whether the first IP address includes the first IP address field, the first IP address may be further verified, and other information may be verified, so as to further improve the complexity of the verification, which is specifically set forth as follows:
referring to fig. 5, a flow chart of steps of an information processing method is shown, which specifically includes the following steps:
step 501, receiving a login request sent by a client, and acquiring login information corresponding to the login request.
The login information may include a first IP address, a first username, and a first password.
The specific process of this step is similar to step 201 or step 301, and is not described herein again.
Step 502, when finding the pre-stored user name matched with the first user name, judging whether the first IP address comprises a first IP address section.
The specific process of searching for the pre-stored user name matching the first user name and determining whether the first IP address includes the first IP address segment in this step is similar to step 202, and is not repeated here.
In an example of the embodiment of the present invention, if the first IP address does not include the first IP address field, go to step 503; if the first IP address includes the first IP address field, go to step 504 to verify the login time.
Step 503, determining whether the first IP address is a fixed IP address.
In this optional example, when the first IP address does not include the first IP address field, it may be further determined whether the first IP address is a fixed IP address, where the fixed IP address corresponds to a pre-stored user name matched with the first user name, and the fixed IP address may be preset as needed; the fixed IP address may refer to a complete IP address.
Exemplarily, the class a IP address is used, the IPV4 address is used, the fixed IP address corresponding to the pre-stored user name is 193.178.12.11, and if the first IP address is 193.178.12.11, it is determined that the first IP address is a fixed IP address, which indicates that the user logs in the OMC system from an allowed IP address; if the first IP address is 193.178.12.9, it is determined that the first IP address is not a fixed IP address, indicating that the user is not logged into the OMC system from an IP address that is not allowed.
In an alternative example, if the first IP address is a fixed IP address, go to step 504, continue to verify the login time; if the first IP address is not a fixed IP address, go to step 509.
Step 504, determine whether the current time is within a predetermined login time interval.
In this optional example, the login time interval may correspond to a pre-stored user name matched with the first user name; the login time interval can be preset as required, in practice, different pre-stored user names can correspond to different login time intervals, different pre-stored user names can also correspond to the same login time interval, and different users can log in the OMC system at different time intervals when different pre-stored user names correspond to different login time intervals, so that peak load shifting login of the OMC system can be realized, and the operation efficiency of the OMC system is improved.
For example, taking the login time interval of "09: 00-18: 00" as an example, it means that the user can log in and use the OMC system at 09:00-18:00 every day, and if the current time is 21:02, it is determined that the current time is not in the login time interval; if the current time is 12:02, then it is determined that the current time is in the login time interval.
For example, taking the login time interval of "2018/01/12-2019/01/12" as an example, it indicates that the user can log in and use the OMC system from 12 days 1-12 in 2018 to 12 days 1-12 in 2019, and if the current time is 23 days 1-23 in 2018, it is determined that the current time is in the login time interval; if the current time is 2019, 2, month, 1, it is determined that the current time is not in the login time interval.
In an optional example, if it is determined that the current time is within the preset login time interval, which indicates that the user logs in and uses the OMC system at the specified time, go to step 505; if the current time is not within the preset login time interval, which indicates that the user logs in and uses the OMC system outside the specified time, the process goes to step 509.
Step 505, searching a pre-stored password corresponding to the pre-stored user name, and obtaining the generation time of the pre-stored password.
In this optional example, when the pre-stored user name matching the first user name is found, the pre-stored password corresponding to the pre-stored user name can be found, and in practice, the generation time of the pre-stored password may refer to the time of storing the pre-stored password last time; in practical application, the specific generation time can be determined according to the timestamp carried by the pre-stored password, and the time for storing the pre-stored password last time can also be used as the generation time.
For example, taking the time when the pre-stored password is stored for the first time as 0:00 in 1/2/2019, if the time is not modified, the generation time of the pre-stored password is 0:00 in 1/2/2019; if the password is modified in 2019, 1, 18, 12:00, the time for storing the pre-stored password last time is 12:00 in 2019, 1, 18, and the generation time is 12:00 in 2019, 1, 18, and 18.
Step 506, calculating a time difference between the generation time and the current time, and judging whether the time difference is greater than a time threshold value.
In this optional example, the time threshold may be a time threshold preset according to actual needs, and the time threshold may be set according to needs, for example, the time threshold may be set to 30 days, or may be set to 720 hours; in calculating the time difference between the generation time and the current time, the unit of the calculated time difference may coincide with the unit of the time threshold.
Illustratively, take a time threshold of 30 days, a current time of 2019, 2 months, 5 days, 0:00 as an example; if the generation time of the pre-stored password is 2019, 1, 2, 0:00 and the time difference with the current time is 33 days, determining that the time difference is greater than a time threshold value; and if the generation time of the pre-stored password is 2019, 2 months, 2 days and 0:00, and the time difference with the current time is 3 days, determining that the time difference is smaller than the time threshold.
When the time difference is less than or equal to the time threshold, it indicates that the pre-stored password is not expired, then go to step 507; if the time difference is greater than the time threshold, it indicates that the pre-stored password has expired, then go to step 509; in the embodiment of the application, whether the first password is the correct password or not can be judged firstly, and if the pre-stored password is overdue, the first password is not continuously verified, so that the safety of the OMC system is improved.
Step 507, verifying the first password.
The specific process of verifying the first password in the embodiment of the present invention is similar to step 306, and is not described herein again, and if the first password passes verification, step 508 is performed; if the verification fails, go to step 509.
Step 508, a login permission message is returned to the client.
This step is similar to step 308 or step 204 and will not be described herein again.
Step 509, a login prohibition message is returned to the client.
This step is similar to step 309 or step 205, and is not described herein again.
Step 505 and step 506 performed before step 507 may be performed in another order; for example, step 506 may be performed first and then step 505 may be performed, which is not limited in the embodiment of the present invention.
In an optional example of the embodiment of the present invention, when a time difference between the generation time of the pre-stored password and the current time is greater than a time threshold, the user may be forced to modify the password, specifically as follows:
referring to FIG. 6, a flow chart illustrating the steps of modifying a password in another embodiment of the information processing method of the present invention is shown; the method comprises the following specific steps:
step 601, returning a password modification message to the client, and receiving a password modification request returned by the client for the password modification message.
When the time difference between the generation time of the pre-stored password and the current time is greater than the time threshold, the pre-stored password is determined to be expired, the pre-stored password needs to be modified, a password modification message can be returned to the client, the client can automatically start a preset password modification page when receiving the password modification message, and therefore a user can perform password modification operation on the password modification page, wherein the password modification message can comprise a first username and the pre-stored password, the password modification page can automatically contain the first username and the pre-stored password, and the user can modify the pre-stored password again after inputting the password consistent with the pre-stored password.
Step 602, obtaining password modification information corresponding to the password modification request, where the password modification information includes a third password.
The password modification request sent by the client may carry password modification information, where the password modification information may include various information, for example, a third password, and may also include other information such as a first username, port information, and the like, where the third password may be a password modified by the user again.
Step 603, determining whether the third password comprises at least two preset characters.
In specific application, the preset character may be a self-defined character according to actual needs, for example, the preset character may not be an existing punctuation mark and an office common special character, but may also be an existing all-kind character, for example, the preset character may be an existing special character, an english letter, and the like; in practice, how many kinds of characters are specifically included can be set according to requirements.
If the third password includes at least two preset characters, which indicate that the third password meets the modification standard, go to step 604; if the third password does not include at least two preset characters, which indicates that the third password does not meet the modification criteria, go to step 605.
Step 604, a password modification success message is returned to the client.
When the third password reaches the modification standard, a password modification success message can be returned to the client, and the client can also display the password modification success message when receiving the password modification success message; in practice, the pre-stored password may be further updated to an encrypted third password, so that the pre-stored password is periodically updated.
Step 605, a password modification failure message is returned to the client.
When the third password reaches the modification standard, a password modification failure message can be returned to the client, and when the client receives the password modification failure message, the password modification failure message can be displayed, so that the user can modify the password again; and then the user can be forced to modify the third password into at least two preset characters, so that the complexity of the third password is improved, and the cracking difficulty is further improved.
In yet another optional example of the embodiment of the present invention, the registration request may also be verified during the user registration process to improve the security of the OMC system, and specifically, as shown in fig. 7, the following registration steps are shown:
step 701, receiving a registration request sent by the client, and acquiring registration information corresponding to the registration request.
In this optional example, the registration request sent by the client may carry registration information, where the registration information may include a plurality of information, for example, a second username and a second password, and may also include other information such as client port information, number information, and an IP address; the second username may be a registered username that is input by the user at the client during registration, and the second password may be a registered password that is input by the user at the client during registration.
Step 702, determining whether the length of the second username exceeds a preset length.
In the embodiment of the invention, the preset length can be preset according to actual requirements, the length can be understood as how many characters are represented, the more characters of the second user name are, the longer the length is, the higher the difficulty of cracking the second user name is, and the better the safety is. Illustratively, the preset length is 8, and if the second username is admin-a, which includes 7 characters, and the length is 7, it is determined that the second username does not exceed the preset length; and if the second username is admin-abc, comprises 9 characters and has the length of 9, determining that the second username exceeds the preset length.
If the length of the second username exceeds the preset length, go to step 703; if the length of the second username does not exceed the preset length, go to step 706.
Step 703, determining whether the second password includes at least two preset characters.
The specific process of step 703 is similar to that of step 603, and this step is not described again.
When the second password comprises the at least two preset characters, turning to step 704; when the second password does not include the at least two preset characters, step 705 is performed.
Step 704, returning a registration success message to the client.
If the second password comprises at least two preset characters, the password safety standard meets the requirements, the registration is successful, a registration success message can be returned to the client, the client can display the registration success message when receiving the registration success message, and the client can automatically quit the registration interface according to the registration success message; and the second password can be encrypted and stored as a pre-stored password, the second username is also encrypted and stored as a pre-stored username, and when the pre-stored username is stored, the corresponding relationship between the pre-stored username and the first IP address field can be set at the same time.
Step 705, a first registration failure message is returned to the client.
If the second password does not include at least two preset characters, it indicates that the security standard of the password does not meet the requirement, and the registration fails, and a first registration failure message may be returned to the client, for example, the first registration failure message may be "the password is less than two characters". When receiving the first registration failure message, the client may display the first registration failure message, so that the user determines a cause of the registration failure according to the displayed first registration failure message, and may further modify the password in a targeted manner.
Step 706, a second registration failure message is returned to the client.
When the length of the second username does not exceed the preset length, the username is failed to be registered, and a second registration failure message may be returned to the client, for example, the second registration failure message may be "the username does not exceed 8 characters". When receiving the second registration failure message, the client may display the second registration failure message, so that the user determines the reason for the registration failure according to the displayed second registration failure message, and may further modify the registration user name in a targeted manner.
In the embodiment of the present invention, when a login request of a client is received, login information is obtained from the login request, where the login information includes: a first IP address, a first username and a first password; then when the pre-stored user name corresponding to the first user name is found, judging whether the first IP address in the login information comprises a first IP address section corresponding to the pre-stored user name, if yes, verifying whether the current time is in a login time interval, if so, continuously judging whether a pre-stored password corresponding to the pre-stored user name is overdue, if not, verifying the first password, if the verification is passed, pre-storing and logging in the OMC system, and if the verification is not passed, forbidding logging in the OMC system; therefore, the complexity of verifying the login request is increased, the login request sent by the client needs to pass through the verification of an IP address, the verification of login time, the verification of password expiration and the verification of a password, so that a user can only successfully log in the OMC system when the login request is in the specified login time and the OMC system logs in from a given local area network and the input first password is correct when the set login password is not expired, the difficulty of verifying the login request is improved, the phenomenon that the OMC system is invaded by an illegal user after the user name and the password are stolen is avoided, and the safety of the OMC system is improved.
Further, if the first IP address does not include the first IP address section, whether the first IP address is a fixed IP address or not is judged, when the first IP address is the fixed IP address, subsequent login time, password expiration and first password verification are carried out, and when the first IP address is not the fixed IP address, login of the OMC system is forbidden, so that certain advanced users can only log in from the fixed IP address and use the OMC system, and the safety of the OMC system is further improved.
Furthermore, when the pre-stored password is expired, the user is prohibited from logging in the OMC system, so that the user must modify the pre-stored password, the pre-stored password can be periodically updated, and the safety of the OMC system is improved; in addition, the pre-stored password, the pre-stored user name and the first IP address segment are encrypted, so that the difficulty of cracking the pre-stored password, the pre-stored user name and the first IP address segment is improved, and the safety of the OMC system is ensured more reliably.
Furthermore, the information of login time is also verified, and the login time can be limited for each user, so that different users can only log in a specific time period, and cannot log in the OMC system in other time periods. On one hand, different login time can be defined for different users, and peak-shifting login is realized, so that the risk of password stealing during intensive login of the OMC system is reduced; on the other hand, peak-shifting login is realized, the number of users using the OMC system to perform network element management in the same time period can be reduced, and the operation efficiency of the OMC system can be improved.
And furthermore, the information of the second user name and the second password input during the registration is verified, so that the second user name has to meet a certain length, and the second password has to contain certain types of characters to be successfully registered, thereby improving the complexity of the registered user name and the registered password, further improving the difficulty of cracking the user name and the password, and further ensuring the safety of the OMC system.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
The embodiment of the invention also provides an information processing device which is applied to the OMC system of the operation and maintenance center.
As shown in fig. 8, a block diagram of an embodiment of an information processing apparatus according to the present invention is shown, and may specifically include the following modules:
a login information obtaining module 801, configured to receive a login request sent by a client, and obtain login information corresponding to the login request, where the login information includes: a first IP address, a first username and a first password;
an IP address determining module 802, configured to determine whether the first IP address includes a first IP address segment when the pre-stored user name matching the first user name is found; the first IP address segment corresponds to a pre-stored user name matched with the first user name;
a password verification module 803, configured to verify the first password if the first IP address includes the first IP address segment; when the verification is passed, returning a login permission message to the client;
a login prohibition message returning module 804, configured to return a login prohibition message to the client if the first IP address does not include the first IP address field, or the first IP address includes the first IP address field and the password authentication fails, and return a login prohibition message to the client.
In an optional example of the present invention, the IP address determining module 802 is specifically configured to extract the first N bytes of the first IP address, encrypt the first N bytes, and determine whether the encrypted first N bytes match the first IP address field; n is a positive integer.
The embodiment of the present invention further provides another information processing apparatus, which may include, in addition to the IP address determining module 802, other modules, so as to perform other verifications on the first IP address and perform other verifications on other information, so as to further improve the complexity of the verification.
As shown in fig. 9, a block diagram of a structure of another embodiment of an information processing apparatus according to the present invention is shown, and may specifically include the following modules:
a login information obtaining module 801, configured to receive a login request sent by a client, and obtain login information corresponding to the login request, where the login information includes: a first IP address, a first username and a first password;
an IP address determining module 802, configured to determine whether the first IP address includes a first IP address segment when the pre-stored user name matching the first user name is found; the first IP address segment corresponds to a pre-stored user name matched with the first user name;
a password verification module 803, configured to verify the first password if the first IP address includes the first IP address segment; when the verification is passed, returning a login permission message to the client;
a login prohibition message returning module 804, configured to return a login prohibition message to the client if the first IP address does not include the first IP address field, or the first IP address includes the first IP address field and password authentication fails, and return a login prohibition message to the client.
In an optional example of the present invention, the IP address determining module 802 is specifically configured to extract the first N bytes of the first IP address, encrypt the first N bytes, and determine whether the encrypted first N bytes match the first IP address field; n is a positive integer.
In an optional example of the invention, the apparatus may further comprise the following module:
a fixed IP address determining module 805, configured to determine whether the first IP address is a fixed IP address; the fixed IP address corresponds to a pre-stored user name matched with the first user name;
the password verification module 803 is configured to verify the first password if the first IP address is the fixed IP address;
the login prohibition message returning module 804 is configured to return a login prohibition message to the client if the first IP address is not the fixed IP address.
In an optional example of the invention, the apparatus may further comprise the following module:
a login time determining module 806, configured to determine whether the current time is within a preset login time interval; wherein, the login time interval corresponds to a pre-stored user name matched with the first user name;
the password verification module 803 is configured to verify the first password if the current time is within a preset login time interval;
the login prohibition message returning module 804 is configured to return a login prohibition message to the client if the current time is not within the preset login time interval.
In an optional example of the invention, the apparatus may further comprise the following module:
a password generation time obtaining module 807, configured to search a pre-stored password corresponding to the pre-stored user name, and obtain generation time of the pre-stored password;
a time difference determination module 808, configured to calculate a time difference between the generation time and the current time, and determine whether the time difference is greater than a time threshold;
the login prohibition message returning module 803 is configured to return a login prohibition message to the client if the time difference is greater than the time threshold;
the password verification module 804 is configured to verify the first password if the time difference is smaller than or equal to the time threshold.
In an optional example of the invention, the apparatus may further comprise the following module:
a password modification request receiving module 809, configured to return a password modification message to the client if the time difference is smaller than or equal to the time threshold, and receive a password modification request returned by the client for the password modification message;
a password modification information obtaining module 810, configured to obtain password modification information corresponding to the password modification request, where the password modification information includes a third password;
the password judgment module 811 is configured to judge whether the third password includes at least two preset characters;
a password modification success message returning module 812, configured to return a password modification success message to the client if the third password includes the at least two preset characters;
a password modification failure message returning module 813, configured to return a password modification failure message to the client if the third password does not include the at least two preset characters.
In an optional example of the present invention, the apparatus may further include a module for authenticating the registration request, so as to improve security of the OMC system.
As shown in fig. 10, the module for verifying the registration request in the apparatus of the present invention is shown, and specifically may include:
a registration information obtaining module 1001, configured to receive a registration request sent by the client, and obtain registration information corresponding to the registration request; wherein the registration information includes: a second username and a second password;
a user name judging module 1002, configured to judge whether the length of the second user name exceeds a preset length;
a first registration judgment module 1003, configured to judge whether the second password includes at least two preset characters if the length of the second username exceeds a preset length; when the second password comprises the at least two preset characters, returning a registration success message to the client; when the second password does not comprise the at least two preset characters, a first registration failure message is returned to the client;
a second registration determining module 1004, configured to return a second registration failure message to the client if the length of the second username does not exceed the preset length.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The foregoing detailed description of an information processing method and an information processing apparatus according to the present invention has been presented, and the principles and embodiments of the present invention are explained herein by using specific examples, which are only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (14)

1. An information processing method is applied to an Operation and Maintenance Center (OMC) system, and the method comprises the following steps:
receiving a login request sent by a client, and acquiring login information corresponding to the login request, wherein the login information comprises: a first IP address, a first username and a first password;
when the pre-stored user name matched with the first user name is found, judging whether the first IP address comprises a first IP address section; the first IP address segment corresponds to a pre-stored user name matched with the first user name;
if the first IP address comprises the first IP address section, verifying the first password; when the verification is passed, returning a login permission message to the client; when the verification fails, a login forbidding message is returned to the client;
and if the first IP address does not comprise the first IP address field, returning a login prohibition message to the client.
2. The method of claim 1, wherein the step of determining whether the first IP address includes a first IP address segment comprises:
extracting the first N bytes of the first IP address;
encrypting the first N bytes, and judging whether the encrypted first N bytes are matched with the first IP address field; n is a positive integer.
3. The method of claim 1, wherein prior to the step of returning a logon message to the client, the method further comprises:
judging whether the first IP address is a fixed IP address; the fixed IP address corresponds to a pre-stored user name matched with the first user name;
if the first IP address is the fixed IP address, executing the step of verifying the first password;
and if the first IP address is not the fixed IP address, executing the step of returning the login prohibition message to the client.
4. The method of claim 1, wherein prior to the step of verifying the first password, the method further comprises:
judging whether the current time is within a preset login time interval or not; wherein, the login time interval corresponds to a pre-stored user name matched with the first user name;
if the current time is within a preset login time interval, the step of verifying the first password is executed;
and if the current time is not within the preset login time interval, executing the step of returning the login prohibition message to the client.
5. The method according to claim 1, characterized in that it further comprises the step of registering:
receiving a registration request sent by the client, and acquiring registration information corresponding to the registration request; wherein the registration information includes: a second username and a second password;
judging whether the length of the second user name exceeds a preset length or not;
if the length of the second username exceeds the preset length, judging whether the second password comprises at least two preset characters; when the second password comprises the at least two preset characters, returning a registration success message to the client; when the second password does not comprise the at least two preset characters, a first registration failure message is returned to the client;
and if the length of the second user name does not exceed the preset length, returning a second registration failure message to the client.
6. The method of claim 1, wherein prior to the step of verifying the first password, the method further comprises:
searching a pre-stored password corresponding to the pre-stored user name, and acquiring the generation time of the pre-stored password;
calculating the time difference between the generation time and the current time, and judging whether the time difference is greater than a time threshold value;
if the time difference is larger than the time threshold, the step of returning a login prohibition message to the client is executed;
and if the time difference is smaller than or equal to the time threshold, executing the step of verifying the first password.
7. The method of claim 6, further comprising:
if the time difference is smaller than or equal to the time threshold, returning a password modification message to the client, and receiving a password modification request returned by the client for the password modification message;
acquiring password modification information corresponding to the password modification request, wherein the password modification information comprises a third password;
judging whether the third password comprises at least two preset characters;
if the third password comprises the at least two preset characters, a password modification success message is returned to the client;
and if the third password does not comprise the at least two preset characters, returning a password modification failure message to the client.
8. An information processing apparatus applied to an Operation and Maintenance Center (OMC) system, the apparatus comprising:
the login information acquisition module is used for receiving a login request sent by a client and acquiring login information corresponding to the login request, wherein the login information comprises: a first IP address, a first username and a first password;
the IP address judging module is used for judging whether the first IP address comprises a first IP address section or not when the prestored user name matched with the first user name is found; the first IP address segment corresponds to a pre-stored user name matched with the first user name;
the password verification module is used for verifying the first password if the first IP address comprises the first IP address section; when the verification is passed, returning a login permission message to the client;
and the login prohibition message returning module is used for returning a login prohibition message to the client if the first IP address does not comprise the first IP address field or the first IP address comprises the first IP address field and the password authentication fails.
9. The apparatus according to claim 8, wherein the IP address determining module is specifically configured to extract the first N bytes of the first IP address, encrypt the first N bytes, and determine whether the encrypted first N bytes match the first IP address field; n is a positive integer.
10. The apparatus of claim 8, further comprising:
the fixed IP address judging module is used for judging whether the first IP address is a fixed IP address; the fixed IP address corresponds to a pre-stored user name matched with the first user name;
the password verification module is used for verifying the first password if the first IP address is the fixed IP address;
and the login prohibition message returning module is used for returning a login prohibition message to the client if the first IP address is not the fixed IP address.
11. The apparatus of claim 8, further comprising:
the login time judging module is used for judging whether the current time is within a preset login time interval or not; wherein, the login time interval corresponds to a pre-stored user name matched with the first user name;
the password verification module is used for verifying the first password if the current time is within a preset login time interval;
and the login prohibition message returning module is used for returning a login prohibition message to the client if the current time is not within a preset login time interval.
12. The apparatus of claim 8, further comprising:
the registration information acquisition module is used for receiving a registration request sent by the client and acquiring registration information corresponding to the registration request; wherein the registration information includes: a second username and a second password;
the user name judging module is used for judging whether the length of the second user name exceeds a preset length or not;
the first registration judgment module is used for judging whether the second password comprises at least two preset characters or not if the length of the second username exceeds a preset length; when the second password comprises the at least two preset characters, returning a registration success message to the client; when the second password does not comprise the at least two preset characters, a first registration failure message is returned to the client;
and the second registration judgment module is used for returning a second registration failure message to the client if the length of the second user name does not exceed the preset length.
13. The apparatus of claim 8, further comprising:
the password generation time acquisition module is used for searching a pre-stored password corresponding to the pre-stored user name and acquiring the generation time of the pre-stored password;
the time difference judging module is used for calculating the time difference between the generation time and the current time and judging whether the time difference is greater than a time threshold value;
the login prohibition message returning module is used for returning a login prohibition message to the client if the time difference is greater than the time threshold;
and the password verification module is used for verifying the first password if the time difference is less than or equal to the time threshold.
14. The apparatus of claim 13, further comprising:
a password modification request receiving module, configured to return a password modification message to the client if the time difference is smaller than or equal to the time threshold, and receive a password modification request returned by the client for the password modification message;
a password modification information acquisition module, configured to acquire password modification information corresponding to the password modification request, where the password modification information includes a third password;
the password judgment module is used for judging whether the third password comprises at least two preset characters;
a password modification success message returning module, configured to return a password modification success message to the client if the third password includes the at least two preset characters;
and the password modification failure message returning module is used for returning a password modification failure message to the client if the third password does not comprise the at least two preset characters.
CN201910390786.5A 2019-05-10 2019-05-10 Information processing method and device Pending CN111918287A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910390786.5A CN111918287A (en) 2019-05-10 2019-05-10 Information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910390786.5A CN111918287A (en) 2019-05-10 2019-05-10 Information processing method and device

Publications (1)

Publication Number Publication Date
CN111918287A true CN111918287A (en) 2020-11-10

Family

ID=73242923

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910390786.5A Pending CN111918287A (en) 2019-05-10 2019-05-10 Information processing method and device

Country Status (1)

Country Link
CN (1) CN111918287A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113472747A (en) * 2021-05-31 2021-10-01 珠海大横琴科技发展有限公司 Login method and device for application program
CN114006716A (en) * 2021-01-04 2022-02-01 北京八分量信息科技有限公司 Block chain authority management method and system
CN114039843A (en) * 2021-10-11 2022-02-11 浪潮通信信息系统有限公司 Automatic equipment login detection method based on open source framework
CN114785576A (en) * 2022-04-06 2022-07-22 北京蓝海在线科技有限公司 Account password authority authentication method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070204324A1 (en) * 2006-02-27 2007-08-30 Research In Motion Limited Method of customizing a standardized it policy
CN101340332A (en) * 2007-07-02 2009-01-07 郑志豪 Method for preventing website login by illegal user
CN101355471A (en) * 2007-07-27 2009-01-28 中国电信股份有限公司 Method and system for forming user database of telecom wideband application
CN102892110A (en) * 2012-09-19 2013-01-23 邦讯技术股份有限公司 Method and system for keeping consistency of user identifications of terminal in different networks
CN102916946A (en) * 2012-09-29 2013-02-06 李勇奇 Access control method and access control system
CN104093151A (en) * 2014-07-30 2014-10-08 广东欧珀移动通信有限公司 Method and device for preventing Wi-Fi (Wireless-Fidelity) hot spot from being illegally accessed

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070204324A1 (en) * 2006-02-27 2007-08-30 Research In Motion Limited Method of customizing a standardized it policy
CN101340332A (en) * 2007-07-02 2009-01-07 郑志豪 Method for preventing website login by illegal user
CN101355471A (en) * 2007-07-27 2009-01-28 中国电信股份有限公司 Method and system for forming user database of telecom wideband application
CN102892110A (en) * 2012-09-19 2013-01-23 邦讯技术股份有限公司 Method and system for keeping consistency of user identifications of terminal in different networks
CN102916946A (en) * 2012-09-29 2013-02-06 李勇奇 Access control method and access control system
CN104093151A (en) * 2014-07-30 2014-10-08 广东欧珀移动通信有限公司 Method and device for preventing Wi-Fi (Wireless-Fidelity) hot spot from being illegally accessed

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王凤英: "《访问控制原理与实践》", 31 December 2010 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114006716A (en) * 2021-01-04 2022-02-01 北京八分量信息科技有限公司 Block chain authority management method and system
CN113472747A (en) * 2021-05-31 2021-10-01 珠海大横琴科技发展有限公司 Login method and device for application program
CN114039843A (en) * 2021-10-11 2022-02-11 浪潮通信信息系统有限公司 Automatic equipment login detection method based on open source framework
CN114785576A (en) * 2022-04-06 2022-07-22 北京蓝海在线科技有限公司 Account password authority authentication method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111918287A (en) Information processing method and device
CN105939326B (en) Method and device for processing message
US9736131B2 (en) Secure login for subscriber devices
US8213583B2 (en) Secure access to restricted resource
CN109067813B (en) Network vulnerability detection method and device, storage medium and computer equipment
CN108259502B (en) Authentication method for obtaining interface access authority, server and storage medium
CN108965222B (en) Identity authentication method, system and computer readable storage medium
CN109040070B (en) File transmission method, device and computer readable storage medium
TR201810890T4 (en) A method and system that protects against identity theft or copy abuse.
CN103701805A (en) Method and device for detecting weak password in network
CN109005142B (en) Website security detection method, device, system, computer equipment and storage medium
CN102457491B (en) Dynamic identity authenticating method and system
CN106789855A (en) The method and device of user login validation
CN113297560A (en) Identity authentication method, device and equipment based on block chain and readable storage medium
CN102833247A (en) Method for anti-sweeping ciphers in user login system and device thereof
CN104796383A (en) Method and device for preventing terminal information from being tempered
CN102868702A (en) System login device and system login method
CN110071937A (en) Login method, system and storage medium based on block chain
CN107580002B (en) Double-factor authentication security manager login system and method
CN115694932A (en) Method and equipment for realizing community sensitive data protection based on block chain technology
CN105187417B (en) Authority acquiring method and apparatus
CN105100030B (en) Access control method, system and device
CN111723347B (en) Identity authentication method, identity authentication device, electronic equipment and storage medium
CN106888195B (en) Verification method and device
US10949560B1 (en) Systems and methods for providing access control to web services using mirrored, secluded web instances

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201110

RJ01 Rejection of invention patent application after publication