CN112559991A - System secure login method, device, equipment and storage medium - Google Patents
System secure login method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112559991A CN112559991A CN202011523922.2A CN202011523922A CN112559991A CN 112559991 A CN112559991 A CN 112559991A CN 202011523922 A CN202011523922 A CN 202011523922A CN 112559991 A CN112559991 A CN 112559991A
- Authority
- CN
- China
- Prior art keywords
- password
- login
- encrypted ciphertext
- target
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000013475 authorization Methods 0.000 claims abstract description 48
- 230000004044 response Effects 0.000 claims abstract description 31
- 238000012795 verification Methods 0.000 claims abstract description 18
- 238000004891 communication Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a system secure login method, a device, equipment and a storage medium, wherein the method comprises the following steps: when a system login request sent by terminal equipment is received, extracting a first password from the system login request, and acquiring an encrypted ciphertext from local; sending the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, and feeds back a second password obtained by decryption; combining the first password and the second password to obtain a target login password; and when the target login password passes the verification, performing system login response on the terminal equipment. In the prior art, a system administrator records and keeps a fixed plaintext password, but the invention needs to acquire a first password and a second password, combine the first password and the second password to obtain a target login password, and finally perform system login response on terminal equipment according to the target login password, thereby improving the security of system login.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for system security login.
Background
With the rapid development of the internet, information security is a key concern for all enterprises and users. Aiming at the access of a World Wide Web (WEB) interface of the system, a plurality of identity authentication security strategies are realized, and the security is very high, such as based on a mobile phone authentication code, a mail token, a dynamic password and the like. However, in the aspect of identity verification of system background login, an effective security identity authentication strategy is lacked, in the prior art, most enterprises do not have a forced authentication process to the system background, the login password of the system background is generally set as a fixed password, a system administrator records and keeps a plaintext password, and the password is fixed and unchanged, so that the security of system login is low.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a system security login method, a system security login device and a system security login storage medium, and aims to solve the technical problem of how to improve the security of system security login.
In order to achieve the above object, the present invention provides a system secure login method, which comprises:
when a system login request sent by terminal equipment is received, extracting a first password from the system login request, and acquiring an encrypted ciphertext from local;
sending the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, and feeds back a second password obtained by decryption;
combining the first password and the second password to obtain a target login password;
and when the target login password passes the verification, performing system login response on the terminal equipment.
Optionally, before the step of extracting the first password from the system login request and obtaining the encrypted ciphertext locally when the system login request sent by the terminal device is received, the method further includes:
the method comprises the steps of obtaining a system login password, dividing the system login password to obtain a first password and a second password, and sending the first password to terminal equipment;
and encrypting the second password according to a preset authorization public key to obtain an encrypted ciphertext, and storing the encrypted ciphertext to the local.
Optionally, the step of obtaining the encrypted ciphertext locally includes:
extracting an administrator account from the system login request;
and acquiring an encrypted ciphertext from local according to the administrator account.
Optionally, the step of obtaining an encrypted ciphertext locally according to the administrator account includes:
judging whether the administrator account number meets preset ciphertext sending conditions or not;
and when the administrator account number meets the preset ciphertext sending condition, acquiring an encrypted ciphertext from local according to the administrator account number.
Optionally, the step of combining the first password and the second password to obtain the target login password includes:
determining a preset password combination strategy according to the first password and the second password;
and combining the first password and the second password according to the preset password combination strategy to obtain a target login password.
Optionally, before the step of performing a system login response to the terminal device when the target login password is verified, the method further includes:
judging whether the target login password is consistent with the system login password;
and when the target login password is consistent with the system login password, judging that the target login password passes the verification.
Optionally, after the step of performing a system login response to the terminal device when the target login password is verified, the method further includes:
acquiring system login response information, and generating a password updating instruction according to the system login response information;
and replacing the system login password according to the password updating instruction.
In addition, to achieve the above object, the present invention further provides a system security login device, including:
the system comprises an acquisition module, a first password generation module and a second password generation module, wherein the acquisition module is used for extracting a first password from a system login request and acquiring an encrypted ciphertext from local when the system login request sent by terminal equipment is received;
the obtaining module is further configured to send the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, and feeds back a second password obtained through decryption;
the combination module is used for combining the first password and the second password to obtain a target login password;
and the response module is used for carrying out system login response on the terminal equipment when the target login password passes the verification.
In addition, in order to achieve the above object, the present invention further provides a system security login device, including: the system comprises a memory, a processor and a system security login program stored on the memory and capable of running on the processor, wherein the system security login program is configured to realize the steps of the system security login method.
In addition, to achieve the above object, the present invention further provides a storage medium, which stores a system security login program, wherein the system security login program, when executed by a processor, implements the steps of the system security login method as described above.
The method comprises the steps of firstly extracting a first password from a system login request when the system login request sent by a terminal device is received, obtaining an encrypted ciphertext from the local, then sending the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, feeds back a second password obtained by decryption, then combines the first password and the second password to obtain a target login password, and carries out system login response on the terminal device when the target login password passes verification. In the prior art, a system administrator records and keeps a plaintext password, but the invention needs to acquire a first password and a second password, then combines the first password and the second password to acquire a target login password, and finally performs system login response on terminal equipment when the target login password passes verification, thereby improving the security of system login.
Drawings
Fig. 1 is a schematic structural diagram of a system security login device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a system secure login method according to the present invention;
FIG. 3 is a flowchart illustrating a system security login method according to a second embodiment of the present invention;
fig. 4 is a block diagram of a first embodiment of a system security login device according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a system secure login device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the system secure login device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of the system secure login device, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a data storage module, a network communication module, a user interface module, and a system secure login program.
In the system secure login device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 of the system security login device of the present invention may be disposed in the system security login device, and the system security login device calls the system security login program stored in the memory 1005 through the processor 1001 and executes the system security login method provided by the embodiment of the present invention.
An embodiment of the present invention provides a system secure login method, and referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of the system secure login method according to the present invention.
In this embodiment, the system secure login method includes the following steps:
step S10: when a system login request sent by terminal equipment is received, a first password is extracted from the system login request, and an encrypted ciphertext is obtained locally.
It is easy to understand that the execution main body of the embodiment may be a system security login device having functions of data processing, network communication, program operation, and the like, or may also be other computer devices having similar functions, and the system security login device in the embodiment may be a system server, and the following description takes the system server as the execution main body for example, which is not limited in the embodiment.
It can be understood that the system login request is a system login request sent by a user to a system server through a terminal device, and the system login request includes a first password, an administrator account, and the like.
The first password is a password that the system server sends the plaintext to the mailbox of the system administrator in the form of an email for storage, and the password is a partial password divided by the system login password, which may be adasccf, 1232313, and the like.
Further, in order to ensure the security of the system login password, when a system login request sent by the terminal device is received, the first password is extracted from the system login request, and before the step of locally obtaining the encrypted ciphertext, the system login password is obtained and divided to obtain the first password and the second password, the first password is sent to the terminal device, the second password is encrypted according to the preset authorized public key to obtain the encrypted ciphertext, and the encrypted ciphertext is stored to the local and the like.
The system login password may be a password set by a user in advance, may be 1353454 addd, may also be gigigsdggiuo, and the like, and this embodiment is not limited.
Assuming that the system login password is 1353454 add, splitting the system login password according to a preset password splitting rule to obtain a first password 1353454 and a second password add, sending the first password 1353454 to a mailbox of a system administrator in the form of a mail, keeping the first password and the second password, encrypting the second password add by using an authorized public key and an encryption algorithm which are built in a system server to obtain an encrypted ciphertext, storing the encrypted ciphertext to the local, and the like.
The preset password splitting rule may be set by a user in a self-defined manner, may be an average splitting manner, and may also be a password character type splitting manner, which is not limited in this embodiment.
The authorization public key is a public key pre-stored in the system server by the user, and the like.
The processing mode of obtaining the encrypted ciphertext locally may be to extract an administrator account from the system login request, and then obtain the encrypted ciphertext locally according to the administrator account, and the like.
The administrator account is an account which is logged in by a system administrator in a system login interface, can be an account which is set by a user in a user-defined mode, can also be an administrator mobile phone number, an administrator identity card number or a worker license number and the like.
Further, in order to ensure the security of the encrypted ciphertext, the step of locally obtaining the encrypted ciphertext according to the administrator account may be to determine whether the administrator account satisfies a preset ciphertext sending condition, and obtain the encrypted ciphertext locally according to the administrator account when the administrator account satisfies the preset ciphertext sending condition.
The preset ciphertext sending condition is whether the administrator account number is a ciphertext account number or not.
And if the administrator account is a text-capable account, judging that the administrator account meets the preset ciphertext sending condition, and locally acquiring an encrypted ciphertext according to the administrator account.
Step S20: and sending the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing the authentication, and feeds back a second password obtained by decryption.
The preset authorization private key is a private key which is pre-stored to the authorization server by the user, that is, both the preset authorization public key and the preset authorization private key can be set by the user in a user-defined manner.
The second password is a partial password, which is divided by the system server for the system login password, except for the first password, and may be ggsdabd, 5474655, and the embodiment is not limited.
And the system server sends the encrypted ciphertext to the authorization server, then the authorization server decrypts the encrypted ciphertext through a preset authorization private key and a corresponding decryption algorithm after passing the authentication to obtain a second password, and finally sends the second password to the system server and the like.
Assuming that the system login password is 1353454 addad, splitting the system login password according to a preset password splitting rule to obtain a first password 1353454 and a second password addad respectively, sending the first password 1353454 to a mailbox of a system administrator in the form of a mail, keeping the mail, encrypting the second password addad by using an authorization public key and an encryption algorithm which are arranged in the system server to obtain an encrypted ciphertext, storing the encrypted ciphertext to the local, sending the encrypted ciphertext to an authorization server according to an account number of the administrator, decrypting the encrypted ciphertext by using a preset authorization private key and a corresponding decryption algorithm by the authorization server after the authorization server passes authentication to obtain the second password addad, and finally sending the second password addad to the system server and the like.
Step S30: and combining the first password and the second password to obtain a target login password.
Further, in order to ensure the security of the password, the first password and the second password are combined, and the step of obtaining the target login password may be determining a preset password combination policy according to the first password and the second password, and then combining the first password and the second password according to the preset password combination policy to obtain the target login password, and the like, where the preset password combination policy may be user-defined according to the first password and the second password, and the like.
Assuming that the system login password is 1353454 addd, splitting the system login password according to a preset password splitting rule to obtain a first password 1353454 and a second password addd, respectively, the preset password combination policy needs to correspond to the preset password splitting rule, that is, the preset password combination policy may be that the first password 1353454 is input first, the second password is input later, and the like.
In the specific implementation, after bidirectional authorization is performed, a login interface of a system background is called first, and both sides can operate, wherein both sides can remotely share the system login interface, and can input a first password and a second password through external equipment to further acquire a target login password and the like.
Step S40: and when the target login password passes the verification, performing system login response on the terminal equipment.
When the target login password passes the verification, before the step of performing system login response on the terminal equipment, whether the target login password is consistent with the system login password or not can be judged, when the target login password is consistent with the system login password, the target login password passes the verification, and the like.
Further, in order to reduce the leakage risk of the login password, after the step of performing system login response on the terminal device when the target login password passes verification, system login response information is obtained, a password updating instruction is generated according to the system login response information, the system login password is replaced according to the password updating instruction, and the like.
In a specific embodiment, after the system logs in successfully in the background, the password is updated immediately, the login password is disabled immediately after being used, and when logging in again, the two parties need to authorize again to obtain a new login password, so that the login password is guaranteed to be different every time, and the leakage risk of the login password is effectively reduced.
In this embodiment, first, when a system login request sent by a terminal device is received, a first password is extracted from the system login request, an encrypted ciphertext is obtained locally, and then the encrypted ciphertext is sent to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, feeds back a second password obtained by decryption, combines the first password and the second password to obtain a target login password, and performs a system login response on the terminal device when the target login password passes authentication. In the prior art, a system administrator records and keeps a plaintext password, but in this embodiment, a first password and a second password need to be acquired, then the first password and the second password are combined to obtain a target login password, and finally, when the target login password passes verification, a system login response is performed on a terminal device, so that the security of system login is improved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a system secure login method according to a second embodiment of the present invention.
Based on the first embodiment, in this embodiment, the step S10 further includes:
step S101: when a system login request sent by a terminal device is received, a first password and an administrator account are extracted from the system login request.
It can be understood that the system login request is a system login request sent by a user to a system server through a terminal device, and the system login request includes a first password, an administrator account, and the like.
The first password is a password that the system server sends the plaintext to the mailbox of the system administrator in the form of an email for storage, and the password is a partial password divided by the system login password, which may be adasccf, 1232313, and the like.
Further, in order to ensure the security of the system login password, when a system login request sent by the terminal device is received, the first password is extracted from the system login request, and before the step of locally obtaining the encrypted ciphertext, the system login password is obtained and divided to obtain the first password and the second password, the first password is sent to the terminal device, the second password is encrypted according to the preset authorized public key to obtain the encrypted ciphertext, and the encrypted ciphertext is stored to the local and the like.
The system login password may be a password set by a user in advance, may be 1353454 addd, may also be gigigsdggiuo, and the like, and this embodiment is not limited.
Assuming that the system login password is 1353454 add, splitting the system login password according to a preset password splitting rule to obtain a first password 1353454 and a second password add, sending the first password 1353454 to a mailbox of a system administrator in the form of a mail, keeping the first password and the second password, encrypting the second password add by using an authorized public key and an encryption algorithm which are built in a system server to obtain an encrypted ciphertext, storing the encrypted ciphertext to the local, and the like.
The preset password splitting rule may be set by a user in a self-defined manner, may be an average splitting manner, and may also be a password character type splitting manner, which is not limited in this embodiment.
The authorization public key is a public key pre-stored in the system server by the user, and the like.
The administrator account is an account which is logged in by a system administrator in a system login interface, can be an account which is set by a user in a user-defined mode, can also be an administrator mobile phone number, an administrator identity card number or a worker license number and the like.
The preset clearing threshold is set by a user, and may be 80, or may also be 100, and the present embodiment is not limited.
Step S102: and acquiring an encrypted ciphertext from local according to the administrator account.
Further, in order to ensure the security of the encrypted ciphertext, the step of locally obtaining the encrypted ciphertext according to the administrator account may be to determine whether the administrator account satisfies a preset ciphertext sending condition, and obtain the encrypted ciphertext locally according to the administrator account when the administrator account satisfies the preset ciphertext sending condition.
The preset ciphertext sending condition is whether the administrator account number is a ciphertext account number or not.
And if the administrator account is a text-capable account, judging that the administrator account meets the preset ciphertext sending condition, and locally acquiring an encrypted ciphertext according to the administrator account.
In this embodiment, first, when a system login request sent by a terminal device is received, a first password and an administrator account are extracted from the system login request, and then an encrypted ciphertext is locally obtained according to the administrator account, so that the risk of leakage of the login password is reduced.
Referring to fig. 4, fig. 4 is a block diagram illustrating a first embodiment of a system security login device according to the present invention.
As shown in fig. 4, the system security login device according to the embodiment of the present invention includes:
the acquisition module 4001 is configured to, when receiving a system login request sent by a terminal device, extract a first password from the system login request, and acquire an encrypted ciphertext locally;
the obtaining module 4001 is further configured to send the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext by using a preset authorization private key after passing authentication, and feeds back a second password obtained by decryption;
the combination module 4002 is configured to combine the first password and the second password to obtain a target login password;
a response module 4003, configured to perform a system login response on the terminal device when the target login password is verified.
In this embodiment, first, when a system login request sent by a terminal device is received, a first password is extracted from the system login request, an encrypted ciphertext is obtained locally, and then the encrypted ciphertext is sent to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, feeds back a second password obtained by decryption, combines the first password and the second password to obtain a target login password, and performs a system login response on the terminal device when the target login password passes authentication. In the prior art, a system administrator records and keeps a plaintext password, but in this embodiment, a first password and a second password need to be acquired, then the first password and the second password are combined to obtain a target login password, and finally, when the target login password passes verification, a system login response is performed on a terminal device, so that the security of system login is improved.
Further, the obtaining module 4001 is further configured to obtain a system login password, divide the system login password to obtain a first password and a second password, and send the first password to a terminal device;
the obtaining module 4001 is further configured to encrypt the second password according to a preset authorization public key, obtain an encrypted ciphertext, and store the encrypted ciphertext to the local.
Further, the obtaining module 4001 is further configured to extract an administrator account from the system login request;
the obtaining module 4001 is further configured to obtain an encrypted ciphertext locally according to the administrator account.
Further, the obtaining module 4001 is further configured to determine whether the administrator account number meets a preset ciphertext sending condition;
and when the administrator account number meets the preset ciphertext sending condition, acquiring an encrypted ciphertext from local according to the administrator account number.
Further, the combination module 4002 is further configured to determine a preset password combination policy according to the first password and the second password;
the combination module 4002 is further configured to combine the first password and the second password according to the preset password combination policy to obtain a target login password.
Further, the response module 4003 is further configured to determine whether the target login password is consistent with the system login password;
the response module 4003 is further configured to determine that the target login password is verified when the target login password is consistent with the system login password.
Further, the system security login device further comprises a replacement module;
the replacing module is used for acquiring system login response information and generating a password updating instruction according to the system login response information;
the replacing module is further used for replacing the system login password according to the password updating instruction.
Other embodiments or specific implementation manners of the system security login device of the present invention may refer to the above method embodiments, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., a rom/ram, a magnetic disk, an optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A system secure login method is characterized in that the system secure login method comprises the following steps:
when a system login request sent by terminal equipment is received, extracting a first password from the system login request, and acquiring an encrypted ciphertext from local;
sending the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, and feeds back a second password obtained by decryption;
combining the first password and the second password to obtain a target login password;
and when the target login password passes the verification, performing system login response on the terminal equipment.
2. The method as claimed in claim 1, wherein before the step of extracting the first password from the system login request and obtaining the encrypted ciphertext from local, when receiving the system login request sent by the terminal device, the method further comprises:
the method comprises the steps of obtaining a system login password, dividing the system login password to obtain a first password and a second password, and sending the first password to terminal equipment;
and encrypting the second password according to a preset authorization public key to obtain an encrypted ciphertext, and storing the encrypted ciphertext to the local.
3. The method of claim 1, wherein the step of obtaining the encrypted ciphertext locally comprises:
extracting an administrator account from the system login request;
and acquiring an encrypted ciphertext from local according to the administrator account.
4. The method of claim 3, wherein the step of obtaining the encrypted ciphertext from the local according to the administrator account comprises:
judging whether the administrator account number meets preset ciphertext sending conditions or not;
and when the administrator account number meets the preset ciphertext sending condition, acquiring an encrypted ciphertext from local according to the administrator account number.
5. The method of claim 4, wherein the step of combining the first password and the second password to obtain the target login password comprises:
determining a preset password combination strategy according to the first password and the second password;
and combining the first password and the second password according to the preset password combination strategy to obtain a target login password.
6. The method of claim 2, wherein said step of responding to said terminal device for a system login upon verification of said target login password is preceded by the step of:
judging whether the target login password is consistent with the system login password;
and when the target login password is consistent with the system login password, judging that the target login password passes the verification.
7. The method of claim 6, wherein said step of responding to said terminal device for a system login upon verification of said target login password further comprises:
acquiring system login response information, and generating a password updating instruction according to the system login response information;
and replacing the system login password according to the password updating instruction.
8. A system security login device, the system security login device comprising:
the system comprises an acquisition module, a first password generation module and a second password generation module, wherein the acquisition module is used for extracting a first password from a system login request and acquiring an encrypted ciphertext from local when the system login request sent by terminal equipment is received;
the obtaining module is further configured to send the encrypted ciphertext to an authorization server, so that the authorization server decrypts the encrypted ciphertext through a preset authorization private key after passing authentication, and feeds back a second password obtained through decryption;
the combination module is used for combining the first password and the second password to obtain a target login password;
and the response module is used for carrying out system login response on the terminal equipment when the target login password passes the verification.
9. A system secure login device, the system secure login device comprising: memory, a processor and a system security login program stored on the memory and executable on the processor, the system security login program when executed by the processor implementing the steps of the system security login method of any one of claims 1 to 7.
10. A storage medium having stored thereon a system secure login program, the system secure login program when executed by a processor implementing the steps of the system secure login method of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011523922.2A CN112559991A (en) | 2020-12-21 | 2020-12-21 | System secure login method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011523922.2A CN112559991A (en) | 2020-12-21 | 2020-12-21 | System secure login method, device, equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112559991A true CN112559991A (en) | 2021-03-26 |
Family
ID=75032111
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011523922.2A Pending CN112559991A (en) | 2020-12-21 | 2020-12-21 | System secure login method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112559991A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113221082A (en) * | 2021-05-26 | 2021-08-06 | 东营安顺电气有限公司 | Data encryption method, system and computer |
CN116668196A (en) * | 2023-07-28 | 2023-08-29 | 深圳市科力锐科技有限公司 | Login authentication method, login authentication device, login authentication equipment and storage medium |
CN116842544A (en) * | 2023-07-07 | 2023-10-03 | 山东普惠共享经济技术开发有限公司 | Data security management method, data security management device and data security management system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160112396A1 (en) * | 2014-10-15 | 2016-04-21 | Airbnb, Inc. | Password Manipulation for Secure Account Creation and Verification Through Third-Party Servers |
WO2017054444A1 (en) * | 2015-09-30 | 2017-04-06 | 深圳市先河系统技术有限公司 | System login method, server, system, and network attached storage device |
CN107835075A (en) * | 2017-12-06 | 2018-03-23 | 北京深思数盾科技股份有限公司 | The processing method and processing device of local password |
CN109547428A (en) * | 2018-11-14 | 2019-03-29 | 深圳市云歌人工智能技术有限公司 | It verifies password and accesses method, system and the storage medium of server |
CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
-
2020
- 2020-12-21 CN CN202011523922.2A patent/CN112559991A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160112396A1 (en) * | 2014-10-15 | 2016-04-21 | Airbnb, Inc. | Password Manipulation for Secure Account Creation and Verification Through Third-Party Servers |
WO2017054444A1 (en) * | 2015-09-30 | 2017-04-06 | 深圳市先河系统技术有限公司 | System login method, server, system, and network attached storage device |
CN107835075A (en) * | 2017-12-06 | 2018-03-23 | 北京深思数盾科技股份有限公司 | The processing method and processing device of local password |
CN109547428A (en) * | 2018-11-14 | 2019-03-29 | 深圳市云歌人工智能技术有限公司 | It verifies password and accesses method, system and the storage medium of server |
CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113221082A (en) * | 2021-05-26 | 2021-08-06 | 东营安顺电气有限公司 | Data encryption method, system and computer |
CN116842544A (en) * | 2023-07-07 | 2023-10-03 | 山东普惠共享经济技术开发有限公司 | Data security management method, data security management device and data security management system |
CN116668196A (en) * | 2023-07-28 | 2023-08-29 | 深圳市科力锐科技有限公司 | Login authentication method, login authentication device, login authentication equipment and storage medium |
CN116668196B (en) * | 2023-07-28 | 2024-03-12 | 深圳市科力锐科技有限公司 | Login authentication method, login authentication device, login authentication equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109858262B (en) | Process approval method, device and system based on block chain system and storage medium | |
US8447970B2 (en) | Securing out-of-band messages | |
CN111178884B (en) | Information processing method, device, equipment and readable storage medium | |
CN101309278B (en) | Method and system for storing encrypt data on customer | |
CN112559991A (en) | System secure login method, device, equipment and storage medium | |
US8953805B2 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
JP5613596B2 (en) | Authentication system, terminal device, authentication server, and program | |
US9198036B2 (en) | Method for providing application service | |
CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
CN111800262B (en) | Digital asset processing method and device and electronic equipment | |
CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
CN107819579B (en) | User request processing method, server and computer readable storage medium | |
CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
CN107918731A (en) | Method and apparatus for controlling the authority to access to open interface | |
CN113886771A (en) | Software authorization authentication method | |
CN113114668A (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
CN111639357A (en) | Encryption network disk system and authentication method and device thereof | |
JP2004015725A (en) | Communication system, authentication method in communication system, program therefor and recording medium therefor | |
CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
CN114006700A (en) | Client login method and device, computer equipment and storage medium | |
CN106850592B (en) | A kind of information processing method, server and terminal | |
CN105100030B (en) | Access control method, system and device | |
CN113595982B (en) | Data transmission method and device, electronic equipment and storage medium | |
CN109688158B (en) | Financial execution chain authentication method, electronic device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |