CN112069472A - User login authentication method and system - Google Patents
User login authentication method and system Download PDFInfo
- Publication number
- CN112069472A CN112069472A CN202010717428.3A CN202010717428A CN112069472A CN 112069472 A CN112069472 A CN 112069472A CN 202010717428 A CN202010717428 A CN 202010717428A CN 112069472 A CN112069472 A CN 112069472A
- Authority
- CN
- China
- Prior art keywords
- encrypted ciphertext
- password
- login authentication
- user login
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000008569 process Effects 0.000 claims abstract description 23
- 230000002427 irreversible effect Effects 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 12
- 150000003839 salts Chemical class 0.000 claims description 11
- 238000004891 communication Methods 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a user login authentication method and a user login authentication system, wherein the method comprises the following steps: acquiring a password original text input by a front end; carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext; transmitting the first encrypted ciphertext to a back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result; performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext; and matching the second encrypted ciphertext with a preset password library to obtain a final decryption result. The embodiment of the invention realizes the secondary encryption in the process of logging in the system by the user, the encrypted password is irreversible, the encryption result of the same password is different, but the matching can be successful, and the login safety of the system is ensured by multiple encryption processes.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a user login authentication method and system.
Background
In a common login system, for example, when a railway system logs in, the security is generally guaranteed by using foreground encryption or background encryption, at this time, an encrypted value is fixed and corresponds to a background database, and if information in a transmission process, even the encrypted information, is intercepted by other people, the information can also correspond to the database, so that the security is insufficient.
In the existing login authentication process, the defects that the encryption mode is single, the password is easy to crack, the password and the database are in one-to-one correspondence, once data leakage occurs, a system can be easily logged in according to the user and the password, and the like exist.
Therefore, a new user login authentication method is needed to solve the above-mentioned shortcomings.
Disclosure of Invention
The embodiment of the invention provides a user login authentication method and a user login authentication system, which are used for solving the defect of insufficient security caused by the adoption of a fixed encryption value during system login in the prior art.
In a first aspect, an embodiment of the present invention provides a user login authentication method, including:
acquiring a password original text input by a front end;
carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext;
transmitting the first encrypted ciphertext to a back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result;
performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext;
and matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
Further, the first forward encryption process includes an encryption operation and a transcoding operation.
Further, the reverse decryption process includes a decoding operation and a decryption operation.
Further, the second forward encryption process includes processing by the SHA-256 algorithm and the random salt algorithm, and an add key operation.
Further, the SHA-256 algorithm is an irreversible Hash algorithm.
Further, the first encrypted ciphertext is different from the second encrypted ciphertext.
Further, the preset password library is obtained by storing the encrypted password in a preset database.
In a second aspect, an embodiment of the present invention further provides a user login authentication system, including:
the acquisition module is used for acquiring a password original text input by the front end;
the first encryption module is used for carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext;
the decryption module is used for transmitting the first encrypted ciphertext to the rear end and reversely decrypting the first encrypted ciphertext to obtain an initial decryption result;
the second encryption module is used for carrying out second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext;
and the matching module is used for matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any one of the above-mentioned user login authentication methods when executing the program.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the user login authentication method according to any one of the above.
According to the user login authentication method and system provided by the embodiment of the invention, secondary encryption is realized in the process of logging in the system by the user, the encrypted password is irreversible, the encryption results of the same password are different, the matching can still be successful, and the login safety of the system is ensured through multiple encryption processes.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a user login authentication method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a user login authentication system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Aiming at the problems in the prior art, the embodiment of the invention provides a new user login authentication method, which can protect the login security of a user and ensure the security of a password, and meanwhile, the encrypted password is stored in a database and is safer, and even if data leakage occurs due to special conditions, the system cannot be logged in by using the encrypted password.
Fig. 1 is a schematic flowchart of a user login authentication method according to an embodiment of the present invention, as shown in fig. 1, including:
s1, acquiring the password text input by the front end;
s2, performing first forward encryption processing on the password original text to obtain a first encrypted ciphertext;
s3, transmitting the first encrypted ciphertext to a rear end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result;
s4, performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext;
and S5, matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
Wherein the first forward encryption process comprises an encryption operation and a transcoding operation.
Wherein the reverse decryption process comprises a decoding operation and a decryption operation.
Wherein the second forward encryption process comprises processing by the SHA-256 algorithm and the random salt algorithm, and adding a key operation.
Wherein, the SHA-256 algorithm is an irreversible Hash algorithm.
Wherein the first encrypted ciphertext is different from the second encrypted ciphertext.
Wherein the preset password library is obtained by storing the encrypted password in a preset database.
Specifically, a login password original text is input at the front end of a login system, and the password original text is encrypted and then transcoded by a foreground; here, the used encryption transcoding algorithm is generally a commonly used encryption algorithm, such as:
(1) MD5 Message Digest Algorithm (MD5 Message-Digest Algorithm), a widely used cryptographic hash function, can generate a 128-bit (16-byte) hash value (hash value) for ensuring the integrity and consistency of information transmission, and MD5 encryption Algorithm is irreversible, so decryption is generally realized through a brute force exhaustion method and through an interface of a website;
(2) the Data Encryption Standard (Data Encryption Standard) belongs to a symmetric Encryption algorithm, DES is a block Encryption algorithm, a typical DES encrypts Data by taking 64 bits as blocks, the Encryption and decryption use the same algorithm, the key length is 56 bits (because each 8 th bit is used as a parity check), the key can be any 56-bit number and can be changed at any time;
(3) the RSA (rivest Shamir adleman) cryptographic algorithm is an asymmetric cryptographic algorithm, widely used in public key cryptography and electronic commerce, which is widely regarded as one of the most elegant public key schemes at present, and the RSA is the first algorithm that can be used for both encryption and digital signature, which is resistant to all cryptographic attacks known so far;
(4) advanced Encryption Standard (english), also known as Rijndael Encryption method in cryptography, is a block Encryption Standard adopted by the federal government in the united states, which is used to replace the original DES, has been analyzed by many parties and is widely used throughout the world.
After the encryption transcoding processing, a first encrypted ciphertext is obtained and transmitted to the background, and the background performs decoding and decryption processing, so that obviously, the process and the first encryption process are in a forward and reverse relationship.
After the original password text is decrypted, the second encryption is carried out in the background, wherein the encryption method adopts SHA-256+ random salt + secret key to encrypt the password.
The SHA-256 Algorithm (Secure Hash Algorithm) is a Secure Hash Algorithm, which is irreversible, wherein the embodiment of the present invention uses a Hash value with a length of 256 bits, belongs to an extended branch Algorithm of SHA series algorithms, and the Hash function, also called Hash Algorithm, is a method for creating a small digital "fingerprint" from any kind of data. The hash function compresses a message or data into a digest so that the amount of data becomes small, fixing the format of the data. This function mixes the data and creates a new fingerprint called a hash value (or hash value), which is usually represented by a short string of random letters and numbers, and for any length of message, SHA256 generates a 256-bit long hash value called a message digest.
The concept of random salt is: first, Salt (Salt) is specified, in cryptology, a hashed result is inconsistent with a hashed result using an original password by inserting a specific character string at an arbitrary fixed position of the password, and the process is called 'Salt adding'; typically, when a field is hashed (e.g., MD5), a hash value is generated, and the hashed value is generally not obtained from the original field by a specific algorithm. However, in some cases, such as a large rainbow table, by searching the MD5 value in the table, it is very likely that the actual field content corresponding to the hash value can be found in a very short time; the hashed value after adding salt can greatly reduce the password leakage risk caused by the theft of user data, even if the original content corresponding to the hashed value is found through a rainbow table, the inserted character string disturbs the real password after adding salt, so that the probability of obtaining the real password is greatly reduced; the salt addition is usually implemented by adding a specific character at a specific position of a field to be hashed, and scrambling the original character string to generate a change in the hash result.
After the series of encryption processing, for the same password, the output result after encryption is different every time, but the result can be finally inquired and matched with the encrypted password stored in the database successfully, and the password stored in the database is the encrypted ciphertext which cannot be decrypted.
The embodiment of the invention realizes the secondary encryption in the process of logging in the system by the user, the encrypted password is irreversible, the encryption result of the same password is different, but the matching can be successful, and the login safety of the system is ensured by multiple encryption processes.
The following describes the user login authentication system provided by the embodiment of the present invention, and the user login authentication system described below and the user login authentication method described above may be referred to in correspondence with each other.
Fig. 2 is a schematic structural diagram of a user login authentication system according to an embodiment of the present invention, as shown in fig. 2, including: the device comprises an acquisition module 21, a first encryption module 22, a decryption module 23, a second encryption module 24 and a matching module 25; wherein:
the obtaining module 21 is configured to obtain a password text input by a front end; the first encryption module 22 is configured to perform a first forward encryption process on the password plaintext to obtain a first encrypted ciphertext; the decryption module 23 is configured to transmit the first encrypted ciphertext to a back end, and perform reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result; the second encryption module 24 is configured to perform a second forward encryption process on the initial decryption result to obtain a second encrypted ciphertext; the matching module 25 is configured to match the second encrypted ciphertext with a preset password library to obtain a final decryption result.
The embodiment of the invention realizes the secondary encryption in the process of logging in the system by the user, the encrypted password is irreversible, the encryption result of the same password is different, but the matching can be successful, and the login safety of the system is ensured by multiple encryption processes.
Fig. 3 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 3: a processor (processor)310, a communication Interface (communication Interface)320, a memory (memory)330 and a communication bus 340, wherein the processor 310, the communication Interface 320 and the memory 330 communicate with each other via the communication bus 340. The processor 310 may invoke logic instructions in the memory 330 to perform a user login authentication method comprising: acquiring a password original text input by a front end; carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext; transmitting the first encrypted ciphertext to a back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result; performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext; and matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
In addition, the logic instructions in the memory 330 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, an embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer, the computer can execute the user login authentication method provided by the above-mentioned method embodiments, where the method includes: acquiring a password original text input by a front end; carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext; transmitting the first encrypted ciphertext to a back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result; performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext; and matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
In yet another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to perform the user login authentication method provided in the foregoing embodiments, and the method includes: acquiring a password original text input by a front end; carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext; transmitting the first encrypted ciphertext to a back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result; performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext; and matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A user login authentication method is characterized by comprising the following steps:
acquiring a password original text input by a front end;
carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext;
transmitting the first encrypted ciphertext to a back end, and performing reverse decryption processing on the first encrypted ciphertext to obtain an initial decryption result;
performing second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext;
and matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
2. The user login authentication method of claim 1, wherein the first forward encryption process comprises an encryption operation and a transcoding operation.
3. The user login authentication method of claim 1, wherein the reverse decryption process comprises a decoding operation and a decryption operation.
4. The method of claim 1, wherein the second forward encryption process comprises processing through SHA-256 algorithm and random salt algorithm, and adding a key operation.
5. The user login authentication method of claim 4, wherein the SHA-256 algorithm is an irreversible Hash algorithm.
6. The user login authentication method of claim 1, wherein the first encrypted ciphertext is different from the second encrypted ciphertext.
7. The user login authentication method of any one of claims 1 to 6, wherein the preset password library is obtained by storing an encrypted password in a preset database.
8. A user login authentication system, comprising:
the acquisition module is used for acquiring a password original text input by the front end;
the first encryption module is used for carrying out first forward encryption processing on the password original text to obtain a first encrypted ciphertext;
the decryption module is used for transmitting the first encrypted ciphertext to the rear end and reversely decrypting the first encrypted ciphertext to obtain an initial decryption result;
the second encryption module is used for carrying out second forward encryption processing on the initial decryption result to obtain a second encrypted ciphertext;
and the matching module is used for matching the second encrypted ciphertext with a preset password library to obtain a final decryption result.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the user login authentication method according to any one of claims 1 to 7 are implemented when the processor executes the program.
10. A non-transitory computer readable storage medium, having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the user login authentication method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010717428.3A CN112069472A (en) | 2020-07-23 | 2020-07-23 | User login authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010717428.3A CN112069472A (en) | 2020-07-23 | 2020-07-23 | User login authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112069472A true CN112069472A (en) | 2020-12-11 |
Family
ID=73657378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010717428.3A Pending CN112069472A (en) | 2020-07-23 | 2020-07-23 | User login authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112069472A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579941A (en) * | 2022-02-11 | 2022-06-03 | 麒麟软件有限公司 | Linux operating system login method and system based on state cryptographic algorithm |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106357679A (en) * | 2016-10-24 | 2017-01-25 | 北京明华联盟科技有限公司 | Method, system and client for password authentication, and server and intelligent equipment |
| CN107920081A (en) * | 2017-12-01 | 2018-04-17 | 华为软件技术有限公司 | Login authentication method and device |
| CN108471403A (en) * | 2018-02-27 | 2018-08-31 | 平安科技(深圳)有限公司 | A kind of method, apparatus, terminal device and the storage medium of account migration |
-
2020
- 2020-07-23 CN CN202010717428.3A patent/CN112069472A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106357679A (en) * | 2016-10-24 | 2017-01-25 | 北京明华联盟科技有限公司 | Method, system and client for password authentication, and server and intelligent equipment |
| CN107920081A (en) * | 2017-12-01 | 2018-04-17 | 华为软件技术有限公司 | Login authentication method and device |
| CN108471403A (en) * | 2018-02-27 | 2018-08-31 | 平安科技(深圳)有限公司 | A kind of method, apparatus, terminal device and the storage medium of account migration |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579941A (en) * | 2022-02-11 | 2022-06-03 | 麒麟软件有限公司 | Linux operating system login method and system based on state cryptographic algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107294937B (en) | Data transmission method based on network communication, client and server | |
| CN107086915B (en) | Data transmission method, data sending end and data receiving end | |
| US8989385B2 (en) | Data encryption method, data verification method and electronic apparatus | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN111586076B (en) | Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password | |
| CN110611670A (en) | API request encryption method and device | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| CN104243149A (en) | Encrypting and decrypting method, device and server | |
| CN113726725A (en) | Data encryption and decryption method and device, electronic equipment and storage medium | |
| CN104396182A (en) | Method of encrypting data | |
| CN104038336A (en) | Data encryption method based on 3DES | |
| CN112115461A (en) | Equipment authentication method and device, computer equipment and storage medium | |
| CN113515766A (en) | File transmission method and device | |
| CN114205142B (en) | Data transmission method, device, electronic equipment and storage medium | |
| Malalla et al. | Improving hiding security of Arabic text steganography by hybrid AES cryptography and text steganography | |
| CN111859435B (en) | Data security processing method and device | |
| WO2015166701A1 (en) | Encryption method, program, and system | |
| CN112069472A (en) | User login authentication method and system | |
| CN110912683B (en) | Password storage method and device and password verification method and device | |
| CN116707778A (en) | Data hybrid encryption transmission method and device and electronic equipment | |
| CN112149166B (en) | Unconventional password protection method and intelligent bank machine | |
| JP2005114870A (en) | Cryptocommunication system | |
| US7606361B2 (en) | Sending a message securely over an insecure channel | |
| CN116032509A (en) | Mail encryption and decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201211 |