CN112565156A - Information registration method, device and system - Google Patents
Information registration method, device and system Download PDFInfo
- Publication number
- CN112565156A CN112565156A CN201910853282.2A CN201910853282A CN112565156A CN 112565156 A CN112565156 A CN 112565156A CN 201910853282 A CN201910853282 A CN 201910853282A CN 112565156 A CN112565156 A CN 112565156A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- authentication
- random
- random character
- generate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an information registration method, device and system, and relates to the technical field of computers. One embodiment of the method comprises: acquiring random salt generated by a server; carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext; sending the seed ciphertext and the first authentication ciphertext to a server side; when authentication is carried out, random salt generated by the server is obtained again; carrying out registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext; and sending the second authentication ciphertext to the server side for authentication. The embodiment can still perform unique authentication on the premise of not influencing the user when the authentication process is hijacked, thereby ensuring the information security of the user and improving the user experience; in addition, leaked ciphertext can be invalidated.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an information registration method, apparatus, and system.
Background
Currently, accounts, personal homepages, and various systems, etc. use user names and passwords to register and authenticate. When the server stores the user name and the password of the user, the original password text is generally not stored, but only an original text ciphertext obtained by encrypting the original password text through a secure hash algorithm is stored, when the user name and the password are authenticated, the client side encrypts the password input by the user to generate a ciphertext and sends the ciphertext to the server, the server compares the ciphertext with the original text ciphertext, if the ciphertext is consistent with the original text ciphertext, the authentication is passed, and if the ciphertext is inconsistent with the original text ciphertext, the authentication is failed.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
when the authentication process is hijacked by a malicious third party, the malicious third party can obtain the ciphertext sent to the server side by the client side, so that the masquerading user carries out illegal operation, and even if the server finds that the ciphertext is leaked, the masquerading user and the real user cannot be distinguished.
Disclosure of Invention
In view of this, embodiments of the present invention provide an information registration method, apparatus, and system, which can perform unique authentication without affecting a user when an authentication process is hijacked, so as to ensure information security of the user and improve user experience; in addition, leaked ciphertext can be invalidated.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided an information registration method.
The information encryption method of the embodiment of the invention is applied to a client and comprises the following steps: acquiring random salt generated by a server; carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext; sending the seed ciphertext and the first authentication ciphertext to a server; when authentication is carried out, random salt generated by the server is obtained again; registering and encrypting the new ciphertext and the random salt to generate a second authentication ciphertext; and sending the second authentication ciphertext to a server side for authentication.
Optionally, the random salt comprises a first random character and a second random character; and performing registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext, wherein the steps of: carrying out registration encryption on the original ciphertext and the first random character to generate a seed ciphertext; wherein the original ciphertext is obtained based on the original information; and performing registration encryption on the seed ciphertext and the second random character to generate a first authentication ciphertext.
Optionally, performing registration encryption on the new ciphertext and the random salt, and generating a second authentication ciphertext includes: registering and encrypting the new ciphertext and the first random character to generate an intermediate ciphertext; and performing registration encryption on the intermediate ciphertext and the second random character to generate a second authentication ciphertext.
To achieve the above object, according to another aspect of an embodiment of the present invention, another information registration method is provided.
The information registration method of the embodiment of the invention is applied to a server and comprises the following steps: generating random salt and a third random character, and sending the random salt to a first client; receiving a seed ciphertext and a first authentication ciphertext sent by the first client; registering and encrypting the first authentication ciphertext and the third random character to generate a first verification ciphertext; storing the random salt, the third random character, the first verification ciphertext, and the seed ciphertext; receiving a second authentication ciphertext sent by a second client; registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext; comparing whether the second verification ciphertext is consistent with the stored first verification ciphertext; if the two are consistent, the authentication is passed; if not, the authentication fails.
Optionally, the random salt comprises a first random character and a second random character; before receiving the second authentication ciphertext sent by the second client, the method further comprises: generating a fourth random character and a fifth random character; registering and encrypting the seed ciphertext and the fourth random character to generate a third authentication ciphertext; registering and encrypting the third authentication ciphertext and the fifth random character to generate a third verification ciphertext; replacing the stored second random character with the fourth random character, replacing the stored third random character with the fifth random character, and replacing the stored first verification ciphertext with the third verification ciphertext.
To achieve the above object, according to still another aspect of an embodiment of the present invention, there is provided an information registration apparatus.
An information registration apparatus according to an embodiment of the present invention includes: the first acquisition module is used for acquiring the random salt generated by the server; the first generation module is used for carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext; the first sending module is used for sending the seed ciphertext and the first authentication ciphertext to a server side; the second acquisition module is used for acquiring the random salt generated by the server again during authentication; the second generation module is used for registering and encrypting the new ciphertext and the random salt to generate a second authentication ciphertext; and the second sending module is used for sending the second authentication ciphertext to the server.
Optionally, the random salt comprises a first random character and a second random character; and the first generating module is further configured to: carrying out registration encryption on the original ciphertext and the first random character to generate a seed ciphertext; wherein the original ciphertext is obtained based on the original information; and performing registration encryption on the seed ciphertext and the second random character to generate a first authentication ciphertext.
Optionally, the second generating module is further configured to: registering and encrypting the new ciphertext and the first random character to generate an intermediate ciphertext; and performing registration encryption on the intermediate ciphertext and the second random character to generate a second authentication ciphertext.
To achieve the above object, according to still another aspect of an embodiment of the present invention, there is provided another information registration apparatus.
An information registration apparatus according to an embodiment of the present invention includes: the third sending module is used for generating random salt and third random characters and sending the random salt to the first client; the first receiving module is used for receiving the seed ciphertext and the first authentication ciphertext sent by the first client; the third generation module is used for performing registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext; a storage module, configured to store the random salt, the third random character, the first verification ciphertext, and the seed ciphertext; the second receiving module is used for receiving a second authentication ciphertext sent by a second client; the fourth generation module is used for registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext; the comparison module is used for comparing whether the second verification ciphertext is consistent with the stored first verification ciphertext or not; if the two are consistent, the authentication is passed; if not, the authentication fails.
Optionally, the random salt comprises a first random character and a second random character; and the apparatus further comprises: the updating module is used for generating a fourth random character and a fifth random character; registering and encrypting the seed ciphertext and the fourth random character to generate a third authentication ciphertext; registering and encrypting the third authentication ciphertext and the fifth random character to generate a third verification ciphertext; replacing the stored second random character with the fourth random character, replacing the stored third random character with the fifth random character, and replacing the stored first verification ciphertext with the third verification ciphertext.
To achieve the above object, according to still another aspect of embodiments of the present invention, an information registration system is provided.
The information registration system of the embodiment of the invention comprises a client and a server, wherein the client is used for executing the information registration method of the embodiment of the invention, and the server is used for executing the other information registration method of the embodiment of the invention.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided an electronic apparatus.
An electronic device of an embodiment of the present invention includes: one or more processors; a storage device, configured to store one or more programs, which when executed by the one or more processors, cause the one or more processors to implement one information registration method according to an embodiment of the present invention or another information registration method according to an embodiment of the present invention.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided a computer-readable storage medium.
A computer-readable storage medium of an embodiment of the present invention stores thereon a computer program that, when executed by a processor, implements an information registration method of an embodiment of the present invention or another information registration method of an embodiment of the present invention.
One embodiment of the above invention has the following advantages or benefits: because the server is adopted to generate random salt and a third random character; the client side carries out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext, and sends the seed ciphertext and the first authentication ciphertext to the server side; the server side performs registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext, and stores random salt, the third random character, the first verification ciphertext and a seed ciphertext; when authentication is carried out, the client acquires the random salt generated by the server again, carries out registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext, and sends the second authentication ciphertext to the server; the server performs registration encryption on the second authentication ciphertext and the stored third random character to generate a second authentication ciphertext, and compares the second authentication ciphertext with the stored first authentication ciphertext to perform authentication; and moreover, the technical effect of disabling the leaked ciphertext can be achieved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of a secure hash algorithm and salt encryption applied to an encryption process;
FIG. 2 is a schematic diagram of a secure hash algorithm and salt encryption applied to an authentication process;
fig. 3 is a schematic diagram of the main steps of an information registration method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of main steps of another information registration method according to an embodiment of the present invention;
fig. 5 is a schematic view of a main flow of an information registration method according to a referential embodiment of the present invention;
fig. 6 is a first schematic application diagram of an information registration method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an application of the information registration method according to the embodiment of the present invention;
fig. 8 is a schematic application diagram three of the information registration method according to the embodiment of the present invention;
fig. 9 is a schematic diagram of main blocks of an information registration apparatus according to an embodiment of the present invention;
fig. 10 is a schematic diagram of main blocks of another information registration apparatus according to an embodiment of the present invention;
FIG. 11 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 12 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be noted that the embodiments of the present invention and the technical features of the embodiments may be combined with each other without conflict.
Fig. 1 and 2 show the application of a secure hash algorithm and salt encryption to an encryption process and an authentication process, respectively.
As shown in fig. 1, the main flow of encryption is as follows:
1. the client acquires a password input by a user;
2. the client encrypts a password input by a user by using a secure hash algorithm to obtain a ciphertext 1(hash 1);
3. the client acquires random salt 1(salt1) randomly generated by the server;
4. the client performs salt encryption on the hash1 and the salt1 to obtain ciphertext 2(hash 2); even if intercepted in the network transmission process, the hash2 cannot be used for reversely deducing the password of the user, but in this case, the user login can be disguised by the hash 2;
5. the client sends the hash2 to the server;
6. server generated random salt 2;
7. the server carries out salt adding encryption on the hash2 and the salt2 to obtain a ciphertext 3(hash 3);
8. the server stores salt1, salt2, and hash 3.
As shown in fig. 2, the main flow of authentication is as follows:
1. the client acquires a password input by a user;
2. the client side obtains a user password and encrypts the user password by adopting a secure hash algorithm to obtain a ciphertext 4(hash 4);
3. the client side obtains the salt1 stored by the server;
4. the client side performs salt encryption on the ciphertexts hash4 and salt1 to obtain a cipher text 5(hash 5);
5. the client sends the hash5 to the server;
6. the server performs salt encryption on the hash5 and the stored salt2 to obtain a ciphertext 6(hash 6);
7. the hash6 is compared to the stored hash3 for authentication.
The secure hash algorithm is an algorithm that can calculate a fixed-length string (also called a message digest) corresponding to a message, and if the input message is different, the probability of obtaining different strings is high, and the original data can hardly be deduced from the ciphertext, such as a cryptographic hash function (SHA 512). Salt encryption refers to inserting a specific character string into an arbitrary fixed position of hash content (password) before hashing, and the way of adding a character string into hash content is called "salt adding" and has the function of preventing a simple password from being easily deciphered.
Fig. 3 is a schematic diagram illustrating main steps of an information registration method according to an embodiment of the present invention.
As shown in fig. 3, the information registration method according to the embodiment of the present invention mainly includes the following steps:
step S301: and acquiring the random salt generated by the server.
The information registration method provided by the embodiment of the invention is mainly used for encryption and subsequent authentication of important information such as login passwords or payment passwords and the like, can be used for encrypting the original information to obtain an original ciphertext and simultaneously using random salt to perform salting encryption on the original ciphertext in order to prevent the information content from being too simple and easy to decipher. Because the number of the clients corresponding to the server side is large, the random salt is generated by the server side for the convenience of data recording and management, and the client side obtains the random salt from the server side when the client side carries out operations such as information encryption or authentication. A random salt is a randomly generated set of strings that may include random upper and lower case letters, numbers, and/or characters, and the number of bits may be determined as desired.
Step S302: and performing registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext.
In order to prevent the authentication process from being hijacked by a malicious third party (namely, the interactive content between the client and the server can be acquired by the malicious third party), the malicious third party can acquire the ciphertext sent to the server by the client, so that the user logs in the server to perform illegal operation, the first client performs registration encryption on the original ciphertext and random salt, generates a seed ciphertext besides the first authentication ciphertext, and the seed ciphertext does not participate in the subsequent authentication process and is used for performing unique authentication on the premise of not influencing the user (namely, only a real user can pass the authentication) when the authentication process is hijacked, so that the user can still normally use the authentication process without changing important information such as a login password or a payment password, and the user experience is improved.
In addition, the registration encryption can adopt an irreversible encryption algorithm, the irreversible encryption algorithm is characterized in that a secret key is not needed in the encryption process, the plaintext is directly encrypted to obtain a ciphertext, the generated ciphertext cannot be decrypted, the same encryption processing needs to be carried out on the original plaintext, and the ciphertext can be really decrypted only if the same ciphertext is obtained. Such as a secure hash algorithm.
In embodiments of the present invention, the random salt may include a first random character and a second random character. Step S302 may be implemented by: carrying out registration encryption on the original ciphertext and the first random character to generate a seed ciphertext; and performing registration encryption on the seed ciphertext and the second random character to generate a first authentication ciphertext.
The first client may perform registration encryption on the original ciphertext and the first random character to generate a seed ciphertext, where the seed ciphertext is generated based on the original ciphertext, and then perform registration encryption on the seed ciphertext and the second random character again to generate a first authentication ciphertext, where the first authentication ciphertext is generated based on the seed ciphertext. The original ciphertext may be obtained based on the original information, and may be the same as or different from the original information. In addition, the random salt may also include a greater number of random characters to prevent the information content from being easily deciphered.
Step S303: and sending the seed ciphertext and the first authentication ciphertext to the server.
After the first client generates the seed ciphertext and the first authentication ciphertext, the first client may send the seed ciphertext and the first authentication ciphertext to the server, and the server stores the seed ciphertext and the first authentication ciphertext for subsequent authentication.
Step S304: when authentication is carried out, random salt generated by the server is obtained again;
the information encrypted in steps S301 to S303 is usually authenticated when the original information is changed or used, and in this case, in order to ensure the information security of the user, the information is encrypted again in the same step without being authenticated by the content of the original information, and the authentication is performed by the result of the encryption twice. Therefore, when performing authentication, the second client may obtain the random salt corresponding to the user (i.e., the original information) from the server again, i.e., the random salt generated by the server and obtained in step S301.
Step S305: and performing registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext.
For the new ciphertext, the random salt in step S304 and it are encrypted in the same way as the enrollment encryption, thereby generating a second authentication ciphertext.
In the embodiment of the present invention, step S305 may be implemented by: registering and encrypting the new ciphertext and the first random character to generate an intermediate ciphertext; and registering and encrypting the intermediate ciphertext and the second random character to generate a second authentication ciphertext.
The intermediate ciphertext generated in this step is necessarily the same as the seed ciphertext generated in step S302 if the new ciphertext is the same as the original ciphertext, as is the second authentication ciphertext.
Step S306: and sending the second authentication ciphertext to the server side for authentication.
And after the second authentication ciphertext is generated, the second authentication ciphertext is sent to the server side for authentication. And if the new ciphertext is the same as the original ciphertext, the generated second authentication ciphertext is inevitably the same as the first authentication ciphertext stored by the server.
It should be noted that, because the seed ciphertext is used to perform unique authentication on the user when the authentication process is hijacked, the seed ciphertext does not participate in the authentication process in order to ensure that the seed ciphertext is not leaked, the second client only sends the second authentication ciphertext to the server in the authentication process. In addition, if the original information is directly used as the original ciphertext in encryption, the new information is used as a new ciphertext in authentication; and if the original ciphertext is obtained based on the original information during encryption, a new ciphertext is obtained based on the new information by adopting the same method during authentication. In addition, the first client represents a client that performs information encryption, the second client represents a client that performs information authentication, and the first client and the second client may be the same client or different clients.
According to the information encryption method provided by the embodiment of the invention, the random salt generated by the server is obtained; carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext; sending the seed ciphertext and the first authentication ciphertext to a server side; when authentication is carried out, random salt generated by the server is obtained again; carrying out registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext; the second authentication ciphertext is sent to the server side for authentication, and unique authentication of the user can still be realized through the seed ciphertext when the authentication process is hijacked, so that the technical problem that a server cannot distinguish a disguised user from a real user when the authentication process is hijacked by a malicious third party is solved, and the unique authentication of the user can still be realized when the authentication process is hijacked, so that the information security of the user is ensured, and the user experience is improved; and moreover, the technical effect of disabling the leaked ciphertext can be achieved.
Fig. 4 is a schematic diagram of main steps of another information registration method according to an embodiment of the present invention.
As shown in fig. 4, the information registration method according to the embodiment of the present invention mainly includes the following steps:
step S401: and generating a random salt and a third random character, and sending the random salt to the first client.
The random salt may include a first random character and a second random character. Because the number of the clients corresponding to the server is large, the random salt is generated by the server for the convenience of data recording and management, and the first client acquires the random salt from the server when performing operations such as information encryption or authentication.
Step S402: and receiving the seed ciphertext and the first authentication ciphertext sent by the first client.
After receiving the random salt, the first client may process the original ciphertext and the random salt in the manner of steps S301 to S303 to obtain a seed ciphertext and a first authentication ciphertext, and send the seed ciphertext and the first authentication ciphertext to the server.
Step S403: and performing registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext.
In order to further ensure the information security of the user, the server can further generate a first verification ciphertext based on the first authentication ciphertext after receiving the seed ciphertext and the first authentication ciphertext, and in the subsequent authentication process, even if data leakage occurs in the server, the first verification ciphertext cannot be used for reversely deducing the first authentication ciphertext generated by the client, namely, the first authentication ciphertext cannot be disguised as the user.
Step S404: and storing the random salt, the third random character, the first verification ciphertext and the seed ciphertext.
In order to further ensure the information security of the user, the seed ciphertext can be stored separately, that is, when the server stores variables such as the first random character, the second random character, the third random character, the first verification ciphertext, the seed ciphertext and the like, the first random character, the second random character, the third random character and the first verification ciphertext are stored in the storage area of the server, and the seed ciphertext is stored separately in a storage system such as a cloud storage or an offline security database outside the client and the server.
Step S405: and receiving a second authentication ciphertext sent by the second client.
And when the authentication is carried out, the second client side sends the generated second authentication ciphertext to the server side.
Step S406: and performing registration encryption on the second authentication ciphertext and the stored third random character to generate a second verification ciphertext.
Since the second authentication ciphertext is generated in the same manner as in steps S301 to S302, the server may already authenticate the new ciphertext based on the second authentication ciphertext, i.e., whether the new ciphertext is the same as the original ciphertext.
Step S407: comparing whether the second verification ciphertext is consistent with the stored first verification ciphertext; if the two are consistent, the authentication is passed; if not, the authentication fails.
When authentication is carried out, the server side can realize the authentication of the new ciphertext by comparing the second verification ciphertext with the first verification ciphertext, if the second verification ciphertext is consistent with the first verification ciphertext, the new ciphertext is the same as the original ciphertext, and the authentication is passed; if the second verification ciphertext is inconsistent with the first verification ciphertext, the new ciphertext is different from the original ciphertext, and the authentication fails; the first verification ciphertext is generated by the server side by registering and encrypting the first authentication ciphertext and the third random character.
In this embodiment of the present invention, the information registration method may further include step S408: generating a fourth random character and a fifth random character; registering and encrypting the seed ciphertext and the fourth random character to generate a third authentication ciphertext; registering and encrypting the third authentication ciphertext and the fifth random character to generate a third verification ciphertext; and replacing the stored second random character with a fourth random character, replacing the stored third random character with a fifth random character, and replacing the stored first verification ciphertext with a third verification ciphertext.
During authentication, if the authentication process is hijacked, a second authentication ciphertext sent by the second client to the server can be acquired by a malicious third party, and although new information cannot be deduced by using the second authentication ciphertext, the second authentication ciphertext can still be disguised as a user under the condition. In order to ensure normal use of the user and improve user experience, variables such as the second random character, the third random character, the first verification ciphertext and the seed ciphertext can be regenerated based on the seed ciphertext, so that the leaked second authentication ciphertext is invalid.
It should be noted that, in the authentication process, the second client only sends the second authentication ciphertext to the server. In addition, if the original information is directly used as the original ciphertext in encryption, the new information is used as a new ciphertext in authentication; and if the original ciphertext is obtained based on the original information during encryption, a new ciphertext is obtained based on the new information by adopting the same method during authentication. In addition, the first client represents a client that performs information encryption, the second client represents a client that performs information authentication, and the first client and the second client may be the same client or different clients.
According to the information registration method, the random salt and the third random character are generated, and the random salt is sent to the first client; receiving a seed ciphertext and a first authentication ciphertext sent by a first client; registering and encrypting the first authentication ciphertext and the third random character to generate a first verification ciphertext; storing the random salt, the third random character, the first verification ciphertext and the seed ciphertext; receiving a second authentication ciphertext sent by a second client; registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext; the second verification ciphertext is compared with the stored first verification ciphertext to perform authentication, and unique authentication on the user can be still realized through the seed ciphertext when the authentication process is hijacked, so that the technical problem that a server cannot distinguish a disguised user from a real user when the authentication process is hijacked by a malicious third party is solved, and the unique authentication on the user can still be performed when the authentication process is hijacked, so that the information safety of the user is ensured, and the user experience is improved; and moreover, the technical effect of disabling the leaked ciphertext can be achieved.
Fig. 5 is a schematic diagram of a main flow of an information registration method according to a referential embodiment of the present invention.
As shown in fig. 5, two information registration methods according to the embodiments of the present invention can be implemented with reference to the following procedures:
step S501: the server generates a first random character, a second random character and a third random character;
step S502: a first client acquires a first random character and a second random character generated by a server;
step S503: the first client performs registration encryption on the original ciphertext and the first random character to generate a seed ciphertext;
step S504: the first client performs registration encryption on the seed ciphertext and the second random character to generate a first authentication ciphertext;
step S505: the first client side sends the seed ciphertext and the first authentication ciphertext to the server side;
step S506: the server side performs registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext;
step S507: the server stores a first random character, a second random character, a third random character, a first verification ciphertext and a seed ciphertext;
step S508: the second client side obtains the stored first random character and the second random character from the server side;
step S509: the second client performs registration encryption on the new ciphertext and the first random character to generate an intermediate ciphertext;
step S510: the second client performs registration encryption on the intermediate ciphertext and the second random character to generate a second authentication ciphertext;
step S511: the second client side sends the second authentication ciphertext to the server side;
step S512: the server side performs registration encryption on the second authentication ciphertext and the stored third random character to generate a second verification ciphertext;
step S513: the server compares whether the second verification ciphertext is consistent with the first verification ciphertext; if the two are consistent, the authentication is passed; if not, the authentication fails;
step S514: the server generates a fourth random character and a fifth random character, and obtains a seed ciphertext;
step S515: the server side performs registration encryption on the seed ciphertext and the fourth random character to generate a third authentication ciphertext;
step S516: the server side performs registration encryption on the third authentication ciphertext and the fifth random character to generate a third verification ciphertext;
step S517: and the server side replaces the stored second random character with a fourth random character, replaces the stored third random character with a fifth random character, and replaces the stored first verification ciphertext with a third verification ciphertext.
It should be noted that steps S501 to S507 are encryption processes, steps S508 to S513 are authentication processes, and steps S514 to S517 are update variable processes, where the implementation manner of step S501 is the same as step S401, step S502 is the same as step S301, step S503 to step S505 is the same as step S302 to step S303, step S506 to step S507 is the same as step S403 to step S404, step S508 to step S511 is the same as step S304, step S512 to step S513 is the same as step S405, and step S514 to step S517 is the same as step S406, which is not repeated herein.
In order to further illustrate the technical idea of the present invention, the technical solution of the present invention will now be described with reference to specific application scenarios. As shown in fig. 6, the registration, login authentication and change process of the personal account are taken as an example, wherein the registration encryption adopts SHA512 encryption, and the user uses the same client to perform registration and login.
1. When a user registers a personal account, a user name and a password are set through a client, and the encryption process of the password of the personal account of the user is as follows:
2. the client acquires a password (namely a registration password) input by a user during registration;
3. the client side carries out SHA512 encryption on the registration password to obtain an original ciphertext hash 11;
4. the client side obtains a first random character salt11 and a second random character salt22 which are randomly generated by the server side;
5. the client encrypts a hash11 and a salt11 by SHA512 to generate a seed ciphertext hash 12;
6. the client encrypts a hash12 and a salt22 by SHA512 to generate a first authentication ciphertext hash 13;
7. the client sends the hash12 and the hash13 to the server;
8. the server generates a third random character salt 33;
9. the server side performs SHA512 encryption on hash13 and salt13 to generate a first verification ciphertext hash 14;
10. the server stores salt11, salt22, salt33 and hash 14;
11. the server stores the hash12 separately as a "key".
As shown in fig. 7, when the user logs in the personal account through the client, the authentication process is as follows:
1. the client acquires a password (namely a login password) input by a user during login;
2. the client encrypts the login password by SHA512 to obtain a new ciphertext hash 21;
3. the client acquires salt11 and salt22 stored by the server;
4. the client side performs SHA512 encryption on hash21 and salt11 to generate an intermediate ciphertext hash 22;
5. the client encrypts SHA512 to generate a second authentication ciphertext hash23 by using hash22 and salt 22;
6. the client sends the hash23 to the server;
7. the server side performs SHA512 encryption on the hash23 and the stored salt33 to generate a second verification ciphertext hash 24;
8. comparing whether the hash24 is the same as the stored hash14, if the hash24 is the same, the login is successful, and if the hash14 is not the same, the login is failed.
As shown in fig. 8, when the authentication process is hijacked, the process of the server changing the variables such as the second random character, the third random character, the first verification ciphertext, the seed ciphertext, and the like is as follows:
1. the server generates a fourth random character salt44 and a fifth random character salt 55;
2. the server side obtains 12 another hash stored separately;
3. the server side performs SHA512 encryption on hash12 and salt44 to generate a third authentication ciphertext hash 31;
4. the server side performs SHA512 encryption on hash31 and salt55 to generate a third verification ciphertext hash 32;
5. the server updates stored salt22 as salt44, salt33 as salt55, and hash14 as hash 32.
Because the variable changing process is completely operated at the server end, the user can continue to use the original password after the operation is completed, and the leaked ciphertext is invalid.
Fig. 9 is a schematic diagram of main blocks of an information registration apparatus according to an embodiment of the present invention.
As shown in fig. 9, an information registration apparatus 900 according to an embodiment of the present invention includes: a first obtaining module 901, a first generating module 902, a first sending module 903, a second obtaining module 904, a second generating module 905 and a second sending module 906.
Wherein the content of the first and second substances,
a first obtaining module 901, configured to obtain random salt generated by a server;
a first generation module 902, configured to perform registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext;
a first sending module 903, configured to send the seed ciphertext and the first authentication ciphertext to a server;
a second obtaining module 904, configured to obtain the random salt generated by the server again during authentication;
a second generating module 905, configured to perform registration encryption on the new ciphertext and the random salt, and generate a second authentication ciphertext;
a second sending module 906, configured to send the second authentication ciphertext to the server.
Further, the random salt may include a first random character and a second random character.
In this embodiment of the present invention, the first generating module 902 may further be configured to: carrying out registration encryption on the original ciphertext and the first random character to generate a seed ciphertext; and performing registration encryption on the seed ciphertext and the second random character to generate a first authentication ciphertext.
And obtaining the original ciphertext based on the original information.
In this embodiment of the present invention, the second generating module 905 is further configured to: registering and encrypting the new ciphertext and the first random character to generate an intermediate ciphertext; and performing registration encryption on the intermediate ciphertext and the second random character to generate a second authentication ciphertext.
According to the information registration device of the embodiment of the invention, the random salt generated by the server is obtained; carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext; sending the seed ciphertext and the first authentication ciphertext to a server side; when authentication is carried out, random salt generated by the server is obtained again; carrying out registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext; the second authentication ciphertext is sent to the server side for authentication, and unique authentication of the user can still be realized through the seed ciphertext when the authentication process is hijacked, so that the technical problem that a server cannot distinguish a disguised user from a real user when the authentication process is hijacked by a malicious third party is solved, and the unique authentication of the user can still be realized when the authentication process is hijacked, so that the information security of the user is ensured, and the user experience is improved; and moreover, the technical effect of disabling the leaked ciphertext can be achieved.
Fig. 10 is a schematic diagram of main blocks of another information registration apparatus according to an embodiment of the present invention.
As shown in fig. 10, an information registration apparatus 1000 according to an embodiment of the present invention includes: a third sending module 1001, a first receiving module 1002, a third generating module 1003, a storing module 1004, a second receiving module 1005, a fourth generating module 1006 and a comparing module 1007.
Wherein the content of the first and second substances,
a third sending module 1001, configured to generate a random salt and a third random character, and send the random salt to the first client; and
a first receiving module 1002, configured to receive a seed ciphertext and a first authentication ciphertext sent by the first client;
a third generating module 1003, configured to perform registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext;
a storage module 1004, configured to store the random salt, the third random character, the first verification ciphertext, and the seed ciphertext;
a second receiving module 1005, configured to receive a second authentication ciphertext sent by a second client;
a fourth generating module 1006, configured to perform registration encryption on the second authentication ciphertext and the stored third random character to generate a second verification ciphertext;
a comparison module 1007, configured to compare whether the second verification ciphertext is consistent with the stored first verification ciphertext; if the two are consistent, the authentication is passed; if not, the authentication fails.
Further, the random salt may include a first random character and a second random character.
In this embodiment of the present invention, the apparatus 1000 may further include: an update module (not shown) for generating a fourth random character and a fifth random character; registering and encrypting the seed ciphertext and the fourth random character to generate a third authentication ciphertext; registering and encrypting the third authentication ciphertext and the fifth random character to generate a third verification ciphertext; replacing the stored second random character with the fourth random character, replacing the stored third random character with the fifth random character, and replacing the stored first verification ciphertext with the third verification ciphertext.
According to the information registration device provided by the embodiment of the invention, the random salt and the third random character are generated and sent to the first client; receiving a seed ciphertext and a first authentication ciphertext sent by a first client; registering and encrypting the first authentication ciphertext and the third random character to generate a first verification ciphertext; storing the random salt, the third random character, the first verification ciphertext and the seed ciphertext; receiving a second authentication ciphertext sent by a second client; registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext; the second verification ciphertext is compared with the stored first verification ciphertext to perform authentication, and unique authentication on the user can be still realized through the seed ciphertext when the authentication process is hijacked, so that the technical problem that a server cannot distinguish a disguised user from a real user when the authentication process is hijacked by a malicious third party is solved, and the unique authentication on the user can still be performed when the authentication process is hijacked, so that the information safety of the user is ensured, and the user experience is improved; and moreover, the technical effect of disabling the leaked ciphertext can be achieved.
In addition, an information registration system is further provided in an embodiment of the present invention, and includes a client and a server, where the client is configured to execute an information registration method in an embodiment of the present invention, and the server is configured to execute another information registration method in an embodiment of the present invention.
Fig. 11 shows an exemplary system architecture 1100 of an information registration method, an information registration apparatus, another information registration method, another information registration apparatus, or an information registration system to which embodiments of the present invention can be applied.
As shown in fig. 11, the system architecture 1100 may include terminal devices 1101, 1102, 1103, a network 1104, and a server 1105. The network 1104 is a medium to provide communication links between the terminal devices 1101, 1102, 1103 and the server 1105. Network 1104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use terminal devices 1101, 1102, 1103 to interact with a server 1105 over a network 1104 to receive or send messages or the like. Various communication client applications, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 1101, 1102, 1103.
The terminal devices 1101, 1102, 1103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 1105 may be a server that provides various services, such as a background management server that supports shopping websites browsed by users using the terminal apparatuses 1101, 1102, 1103. The background management server may analyze and perform other processing on the received data such as the product information query request, and feed back a processing result (e.g., target push information and product information) to the terminal device.
It should be noted that, one information registration method and another information registration method provided by the embodiment of the present invention are generally executed by the server 1105, and accordingly, one information registration apparatus and another information registration apparatus are generally disposed in the server 1105.
It should be understood that the number of terminal devices, networks, and servers in fig. 11 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 12, shown is a block diagram of a computer system 1200 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 12 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 12, the computer system 1200 includes a Central Processing Unit (CPU)1201, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)1202 or a program loaded from a storage section 1208 into a Random Access Memory (RAM) 1203. In the RAM 1203, various programs and data necessary for the operation of the system 1200 are also stored. The CPU 1201, ROM 1202, and RAM 1203 are connected to each other by a bus 1204. An input/output (I/O) interface 1205 is also connected to bus 1204.
The following components are connected to the I/O interface 1205: an input section 1206 including a keyboard, a mouse, and the like; an output portion 1207 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 1208 including a hard disk and the like; and a communication section 1209 including a network interface card such as a LAN card, a modem, or the like. The communication section 1209 performs communication processing via a network such as the internet. A driver 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is mounted on the drive 1210 as necessary, so that a computer program read out therefrom is mounted into the storage section 1208 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 1209, and/or installed from the removable medium 1211. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 1201.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a first obtaining module, a first generating module, a first sending module, a second obtaining module, a second generating module, and a second sending module, and may also be described as: a processor comprises a third sending module, a first receiving module, a third generating module, a storage module, a second receiving module, a fourth generating module and a comparison module. Where the names of these modules do not in some cases constitute a limitation of the module itself, for example, a storage module may also be described as a "module storing the random salt, the third random character, the first verification secret and the seed secret".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: step S301: acquiring random salt generated by a server; step S302: carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext; step S303: sending the seed ciphertext and the first authentication ciphertext to a server side; step S304: when authentication is carried out, random salt generated by the server is obtained again; step S305: carrying out registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext; step S306: and sending the second authentication ciphertext to the server side for authentication. Or cause the apparatus to comprise: step S401: generating random salt and a third random character, and sending the random salt to the first client; step S402: receiving a seed ciphertext and a first authentication ciphertext sent by a first client; step S403: registering and encrypting the first authentication ciphertext and the third random character to generate a first verification ciphertext; step S404: storing the random salt, the third random character, the first verification ciphertext and the seed ciphertext; step S405: receiving a second authentication ciphertext sent by a second client; step S406: registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext; step S407: comparing whether the second verification ciphertext is consistent with the stored first verification ciphertext; if the two are consistent, the authentication is passed; if not, the authentication fails.
According to the technical scheme of the embodiment of the invention, the server is adopted to generate the random salt and the third random character; the client side carries out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext, and sends the seed ciphertext and the first authentication ciphertext to the server side; the server side performs registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext, and stores random salt, the third random character, the first verification ciphertext and a seed ciphertext; when authentication is carried out, the client acquires the random salt generated by the server again, carries out registration encryption on the new ciphertext and the random salt to generate a second authentication ciphertext, and sends the second authentication ciphertext to the server; the server performs registration encryption on the second authentication ciphertext and the stored third random character to generate a second authentication ciphertext, and compares the second authentication ciphertext with the stored first authentication ciphertext to perform authentication; and moreover, the technical effect of disabling the leaked ciphertext can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (11)
1. An information registration method is applied to a client, and is characterized by comprising the following steps:
acquiring random salt generated by a server;
carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext;
sending the seed ciphertext and the first authentication ciphertext to a server;
when authentication is carried out, random salt generated by the server is obtained again;
registering and encrypting the new ciphertext and the random salt to generate a second authentication ciphertext;
and sending the second authentication ciphertext to a server side for authentication.
2. The method of claim 1, wherein the random salt comprises a first random character and a second random character; and
performing registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext, comprising:
carrying out registration encryption on the original ciphertext and the first random character to generate a seed ciphertext; wherein the original ciphertext is obtained based on the original information;
and performing registration encryption on the seed ciphertext and the second random character to generate a first authentication ciphertext.
3. The method of claim 2, wherein performing a enrollment encryption of the new ciphertext and the random salt to generate a second authentication ciphertext comprises:
registering and encrypting the new ciphertext and the first random character to generate an intermediate ciphertext;
and performing registration encryption on the intermediate ciphertext and the second random character to generate a second authentication ciphertext.
4. An information registration method is applied to a server side, and is characterized by comprising the following steps:
generating random salt and a third random character, and sending the random salt to a first client;
receiving a seed ciphertext and a first authentication ciphertext sent by the first client;
registering and encrypting the first authentication ciphertext and the third random character to generate a first verification ciphertext;
storing the random salt, the third random character, the first verification ciphertext, and the seed ciphertext;
receiving a second authentication ciphertext sent by a second client;
registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext;
comparing whether the second verification ciphertext is consistent with the stored first verification ciphertext;
if the two are consistent, the authentication is passed;
if not, the authentication fails.
5. The method of claim 4, wherein the random salt comprises a first random character and a second random character; and
before sending the random salt to the client, the method further comprises:
generating a fourth random character and a fifth random character;
registering and encrypting the seed ciphertext and the fourth random character to generate a third authentication ciphertext;
registering and encrypting the third authentication ciphertext and the fifth random character to generate a third verification ciphertext;
replacing the stored second random character with the fourth random character, replacing the stored third random character with the fifth random character, and replacing the stored first verification ciphertext with the third verification ciphertext.
6. An information registration apparatus, comprising:
the first acquisition module is used for acquiring the random salt generated by the server;
the first generation module is used for carrying out registration encryption on the original ciphertext and the random salt to generate a seed ciphertext and a first authentication ciphertext;
the first sending module is used for sending the seed ciphertext and the first authentication ciphertext to a server side;
the second acquisition module is used for acquiring the random salt stored by the server again during authentication;
the second generation module is used for registering and encrypting the new ciphertext and the random salt to generate a second authentication ciphertext;
and the second sending module is used for sending the second authentication ciphertext to the server side for authentication.
7. An information registration apparatus, comprising:
the third sending module is used for generating random salt and third random characters and sending the random salt to the first client;
the first receiving module is used for receiving the seed ciphertext and the first authentication ciphertext sent by the first client;
the third generation module is used for performing registration encryption on the first authentication ciphertext and the third random character to generate a first verification ciphertext;
a storage module, configured to store the random salt, the third random character, the first verification ciphertext, and the seed ciphertext;
the second receiving module is used for receiving a second authentication ciphertext sent by a second client;
the fourth generation module is used for registering and encrypting the second authentication ciphertext and the stored third random character to generate a second verification ciphertext;
the comparison module is used for comparing whether the second verification ciphertext is consistent with the stored first verification ciphertext or not; if the two are consistent, the authentication is passed; if not, the authentication fails.
8. The apparatus of claim 7, further comprising an update module to:
generating a fourth random character and a fifth random character;
registering and encrypting the seed ciphertext and the fourth random character to generate a third authentication ciphertext;
registering and encrypting the third authentication ciphertext and the fifth random character to generate a third verification ciphertext;
replacing the stored second random character with the fourth random character, replacing the stored third random character with the fifth random character, and replacing the stored first verification ciphertext with the third verification ciphertext.
9. An information registration system, comprising a client and a server, wherein the client is configured to perform the method of any of claims 1-3, and the server is configured to perform the method of any of claims 4-5.
10. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-3 or the method of any one of claims 4-5.
11. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method of any one of claims 1 to 3 or the method of any one of claims 4 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910853282.2A CN112565156B (en) | 2019-09-10 | 2019-09-10 | Information registration method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910853282.2A CN112565156B (en) | 2019-09-10 | 2019-09-10 | Information registration method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112565156A true CN112565156A (en) | 2021-03-26 |
| CN112565156B CN112565156B (en) | 2023-06-27 |
Family
ID=75029210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910853282.2A Active CN112565156B (en) | 2019-09-10 | 2019-09-10 | Information registration method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112565156B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113329004A (en) * | 2021-05-25 | 2021-08-31 | 浙江大华技术股份有限公司 | Authentication method, system and device |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN103078742A (en) * | 2013-01-10 | 2013-05-01 | 天地融科技股份有限公司 | Generation method and system of digital certificate |
| CN106330456A (en) * | 2016-08-19 | 2017-01-11 | Tcl集团股份有限公司 | Intelligent device security access method and system |
| CN106789032A (en) * | 2017-01-16 | 2017-05-31 | 西安电子科技大学 | The single password tripartite authentication method of privacy sharing between server and mobile device |
| WO2017185911A1 (en) * | 2016-04-29 | 2017-11-02 | 上海斐讯数据通信技术有限公司 | Network user authentication method |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN107819587A (en) * | 2017-12-13 | 2018-03-20 | 陈智罡 | Authentication method and user equipment and certificate server based on full homomorphic cryptography |
| CN107864136A (en) * | 2017-11-08 | 2018-03-30 | 北京酷我科技有限公司 | A kind of stolen method of anti-locking system short message service |
| CN107911381A (en) * | 2017-12-01 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | Access method, system, server-side and the client of application programming interface |
| CN109450622A (en) * | 2018-10-16 | 2019-03-08 | 平安普惠企业管理有限公司 | Data ciphering method, data verification method, device, equipment and storage medium |
| CN109522726A (en) * | 2018-10-16 | 2019-03-26 | 平安万家医疗投资管理有限责任公司 | Method for authenticating, server and the computer readable storage medium of small routine |
| CN109714365A (en) * | 2019-02-25 | 2019-05-03 | 南京金信通信息服务有限公司 | The cipher management method and system calculated based on multiple hash |
| CN109981262A (en) * | 2019-02-28 | 2019-07-05 | 深圳点猫科技有限公司 | A kind of client anti-violence crack method and device |
-
2019
- 2019-09-10 CN CN201910853282.2A patent/CN112565156B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN103078742A (en) * | 2013-01-10 | 2013-05-01 | 天地融科技股份有限公司 | Generation method and system of digital certificate |
| WO2017185911A1 (en) * | 2016-04-29 | 2017-11-02 | 上海斐讯数据通信技术有限公司 | Network user authentication method |
| CN106330456A (en) * | 2016-08-19 | 2017-01-11 | Tcl集团股份有限公司 | Intelligent device security access method and system |
| CN106789032A (en) * | 2017-01-16 | 2017-05-31 | 西安电子科技大学 | The single password tripartite authentication method of privacy sharing between server and mobile device |
| CN107733656A (en) * | 2017-10-23 | 2018-02-23 | 北京深思数盾科技股份有限公司 | A kind of cipher authentication method and device |
| CN107864136A (en) * | 2017-11-08 | 2018-03-30 | 北京酷我科技有限公司 | A kind of stolen method of anti-locking system short message service |
| CN107911381A (en) * | 2017-12-01 | 2018-04-13 | 济南浪潮高新科技投资发展有限公司 | Access method, system, server-side and the client of application programming interface |
| CN107819587A (en) * | 2017-12-13 | 2018-03-20 | 陈智罡 | Authentication method and user equipment and certificate server based on full homomorphic cryptography |
| CN109450622A (en) * | 2018-10-16 | 2019-03-08 | 平安普惠企业管理有限公司 | Data ciphering method, data verification method, device, equipment and storage medium |
| CN109522726A (en) * | 2018-10-16 | 2019-03-26 | 平安万家医疗投资管理有限责任公司 | Method for authenticating, server and the computer readable storage medium of small routine |
| CN109714365A (en) * | 2019-02-25 | 2019-05-03 | 南京金信通信息服务有限公司 | The cipher management method and system calculated based on multiple hash |
| CN109981262A (en) * | 2019-02-28 | 2019-07-05 | 深圳点猫科技有限公司 | A kind of client anti-violence crack method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113329004A (en) * | 2021-05-25 | 2021-08-31 | 浙江大华技术股份有限公司 | Authentication method, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112565156B (en) | 2023-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9985782B2 (en) | Network bound decryption with offline encryption | |
| US11676133B2 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
| US9537861B2 (en) | Method of mutual verification between a client and a server | |
| US10951595B2 (en) | Method, system and apparatus for storing website private key plaintext | |
| US10432619B2 (en) | Remote keychain for mobile devices | |
| CN110324143A (en) | Data transmission method, electronic equipment and storage medium | |
| US10382424B2 (en) | Secret store for OAuth offline tokens | |
| CN113364760A (en) | Data encryption processing method and device, computer equipment and storage medium | |
| CN109714176B (en) | Password authentication method, device and storage medium | |
| US9749130B2 (en) | Distributing keys for decrypting client data | |
| US10601590B1 (en) | Secure secrets in hardware security module for use by protected function in trusted execution environment | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN107040520B (en) | Cloud computing data sharing system and method | |
| CN109743161B (en) | Information encryption method, electronic device and computer readable medium | |
| CN112966287B (en) | Method, system, device and computer readable medium for acquiring user data | |
| CN104038336A (en) | Data encryption method based on 3DES | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN116633582A (en) | Secure communication method, apparatus, electronic device and storage medium | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN111181920A (en) | Encryption and decryption method and device | |
| CN112560003A (en) | User authority management method and device | |
| JP2023532976A (en) | Method and system for verification of user identity | |
| CN111400743B (en) | Transaction processing method, device, electronic equipment and medium based on blockchain network | |
| US11133926B2 (en) | Attribute-based key management system | |
| CN112565156B (en) | Information registration method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |