CN112637160A

CN112637160A - Login verification method, device, equipment and storage medium

Info

Publication number: CN112637160A
Application number: CN202011466613.6A
Authority: CN
Inventors: 李伟; 蔡亮; 匡立中; 曾磊; 边书豪
Original assignee: Hangzhou Qulian Technology Co Ltd
Current assignee: Hangzhou Qulian Technology Co Ltd
Priority date: 2020-12-14
Filing date: 2020-12-14
Publication date: 2021-04-09

Abstract

The application discloses a login verification method, a login verification device, login verification equipment and a storage medium, and belongs to the technical field of networks. Applied to a server, the method comprising: after a login page request sent by a terminal is received, sending an initial value, a preset condition and page data of a login page to the terminal, and indicating the terminal to perform hash operation on a value obtained after a target value of the initial value is increased in series to obtain a collision value meeting the preset condition; receiving a login request sent by the terminal, wherein the login request carries user login information, the target value and the collision value; performing hash operation on the value obtained after the initial value is connected with the target value in series to obtain a first hash value; and if the first hash value is the same as the collision value, verifying the user login information. The method and the device can increase the attack cost of an attacker.

Description

Login verification method, device, equipment and storage medium

Technical Field

The present application relates to the field of network technologies, and in particular, to a login authentication method, device, apparatus, and storage medium.

Background

In various systems, the login interface is often exposed to all users. In this case, an attacker can frequently access the login interface according to the characteristic, so that the system is in a busy state, and system resources are wasted.

At present, attacks are protected in a pattern verification code mode. By utilizing the principle that a machine is not easy to identify the graphical verification code, when a user requests to log in, the user can identify and input the numbers in the graphical verification code by human eyes, and then the system checks to achieve the purpose of protection.

However, with the development of image recognition technology, graphic verification codes have been able to be recognized by machines. An attacker can use image recognition techniques to break the above-mentioned protection, resulting in a reduction in system security.

Disclosure of Invention

The application provides a login verification method, a login verification device, login verification equipment and a storage medium, which can increase the attack cost of an attacker. The technical scheme is as follows:

in a first aspect, a login authentication method is provided, which is applied to a server, and the method includes:

after a login page request sent by a terminal is received, sending an initial value, a preset condition and page data of a login page to the terminal, and indicating the terminal to perform hash operation on a value obtained after a target value of the initial value is increased in series to obtain a collision value meeting the preset condition;

receiving a login request sent by the terminal, wherein the login request carries user login information, the target value and the collision value;

performing hash operation on the value obtained after the initial value is connected with the target value in series to obtain a first hash value;

and if the first hash value is the same as the collision value, verifying the user login information.

In the application, when the terminal requests to log in, the terminal needs to adopt a hash collision algorithm in an enumeration form to obtain a collision value meeting a preset condition. That is, the terminal needs to perform a large amount of hash operations to obtain the collision value for login verification. In this case, if an attacker wants to log in, the attacker must first perform a large number of hash operations to obtain the collision value. This hash operation requires resource and time consumption. When a normal login person logs in, a certain time is needed, and the login is not frequently attempted, so that the consumed resources and time are acceptable. For an attacker, since the attacker attacks by frequently initiating login requests, a large amount of resources are consumed, and the time is long, so that the attack cost of the attacker is increased. The verification mechanism can be completed under the condition that the user does not perceive, and has good user experience and realization feasibility.

Optionally, the page data includes a graphical verification code, and the user login information further includes an identification value of the graphical verification code.

Optionally, the preset conditions are: the first N bits of the value obtained by the Hash operation are 0; and N is the operation difficulty corresponding to the preset condition, the operation difficulty is increased along with the increase of N, and N is a positive integer.

Optionally, the method further comprises:

if the first hash value is different from the collision value, determining that the login request fails to be verified; or if the user login information fails to be checked, determining that the login request fails to be verified;

if the login request fails to be verified, regenerating an initial value;

and sending the regenerated initial value and the preset condition to the terminal.

Optionally, before sending the regenerated initial value and the preset condition to the terminal, the method further includes:

if the login request fails to be verified, increasing the operation difficulty corresponding to the preset condition under the condition that the login request verification failure frequency of the terminal in the first time length is greater than or equal to the first frequency, or under the condition that the login request verification failure frequency of the user account in the user login information in the first time length is greater than or equal to the first frequency, or under the condition that the login request sending frequency of the terminal in the second time length to the server is greater than or equal to the second frequency, or under the condition that the login request sending frequency of the user account in the user login information in the second time length to the server is greater than or equal to the second frequency.

Optionally, before sending the initial value, the preset condition, and the page data of the landing page to the terminal, the method further includes:

after a login page request sent by the terminal is received, under the condition that the number of times that the terminal sends the login request to the server within a second time length is greater than or equal to a second number of times, increasing the operation difficulty corresponding to the preset condition; or

After a login page request sent by the terminal is received, under the condition that the total login request verification failure times of all devices sending login requests to the server within a third time are m times of the total number of user accounts registered in the server, the operation difficulty corresponding to the preset condition is increased, and m is larger than 1.

In a second aspect, a login authentication method is provided, which is applied to a terminal, and the method includes:

sending a login page request to a server;

receiving an initial value, preset conditions and page data of a login page sent by the server;

performing hash operation on the value obtained after the initial value is subjected to the target value in serial incremental mode to obtain a collision value meeting the preset condition;

displaying the login page according to the page data, and acquiring user login information according to the login page;

and sending a login request to the server, wherein the login request carries the user login information, the target value and the collision value so as to indicate the server to verify the login request.

Optionally, the user login information further includes an identification value of a graphical verification code, and the method further includes:

generating a graphic verification code according to the initial value;

and displaying the graphical verification code in the login page.

Optionally, the performing a hash operation on a value obtained after the initial value is serially incremented by the target value to obtain a collision value meeting the preset condition includes:

setting the target value to 1;

performing hash operation on the value obtained after the initial value is connected with the target value in series to obtain a second hash value;

if the second hash value does not meet the preset condition, adding 1 to the target value, and re-executing the step of performing hash operation on the value obtained by connecting the initial value with the target value in series;

and if the second hash value meets the preset condition, taking the second hash value as a collision value.

In a third aspect, a login authentication apparatus is provided, which is applied to a server, and includes:

the sending module is used for sending an initial value, a preset condition and page data of a login page to a terminal after receiving a login page request sent by the terminal, and instructing the terminal to perform hash operation on a value obtained after the initial value is serially and incrementally increased to obtain a collision value meeting the preset condition;

a receiving module, configured to receive a login request sent by the terminal, where the login request carries user login information, the target value, and the collision value;

the operation module is used for carrying out Hash operation on the value obtained after the initial value is connected with the target value in series to obtain a first Hash value;

and the checking module is used for checking the user login information under the condition that the first hash value is the same as the collision value.

Optionally, the apparatus further comprises:

a determining module, configured to determine that the login request fails to be verified if the first hash value is different from the collision value; or if the user login information fails to be checked, determining that the login request fails to be verified;

the generating module is used for regenerating the initial value if the login request fails to be verified;

and the sending module is used for sending the regenerated initial value and the preset condition to the terminal.

Optionally, the apparatus further comprises:

and the adjusting module is configured to, if the login request fails to be verified, increase the operation difficulty corresponding to the preset condition when the number of times of the login request verification failure of the terminal in the first duration is greater than or equal to the first time, or when the number of times of the login request verification failure of the user account in the user login information in the first duration is greater than or equal to the first time, or when the number of times of the login request sent by the terminal to the server in the second duration is greater than or equal to the second time, or when the number of times of the login request sent by the user account in the user login information to the server in the second duration is greater than or equal to the second time.

Optionally, the apparatus further comprises an adjustment module, the adjustment module is configured to:

In a fourth aspect, a login authentication apparatus is provided, which is applied to a terminal, and includes:

the sending module is used for sending a login page request to the server;

the receiving module is used for receiving the initial value, the preset condition and the page data of the login page sent by the server;

the operation module is used for carrying out Hash operation on the value obtained after the initial value is subjected to the target value in serial increasing mode so as to obtain a collision value meeting the preset condition;

the acquisition module is used for displaying the login page according to the page data and acquiring user login information according to the login page;

the sending module is further configured to send a login request to the server, where the login request carries the user login information, the target value, and the collision value, so as to instruct the server to verify the login request.

Optionally, the user login information further includes an identification value of a graphical verification code, and the apparatus further includes:

the generating module is used for generating a graph verification code according to the initial value;

and the display module is used for displaying the graphical verification code in the login page.

Optionally, the operation module is configured to:

setting the target value to 1;

In a fifth aspect, a computer device is provided, the computer device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, the computer program, when executed by the processor, implementing the login authentication method of the first aspect.

In a sixth aspect, there is provided a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the computer program, when executed by the processor, implementing the login authentication method of the second aspect.

In a seventh aspect, a computer-readable storage medium is provided, which stores a computer program, and the computer program, when executed by a processor, implements the login authentication method according to the first aspect.

In an eighth aspect, a computer-readable storage medium is provided, which stores a computer program, and the computer program realizes the login authentication method of the second aspect when being executed by a processor.

In a ninth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the steps of the login authentication method of the first aspect as described above.

In a tenth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the steps of the login authentication method according to the second aspect described above.

It is understood that, for the beneficial effects of the third aspect, the fifth aspect, the seventh aspect and the ninth aspect, reference may be made to the description of the first aspect, and details are not described herein again. For the beneficial effects of the fourth aspect, the sixth aspect, the eighth aspect and the tenth aspect, reference may be made to the description related to the second aspect, and details are not repeated here.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic diagram of a login authentication system according to an embodiment of the present application;

fig. 2 is a flowchart of a login authentication method according to an embodiment of the present application;

fig. 3 is a flowchart of a second login authentication method provided in an embodiment of the present application;

fig. 4 is a flowchart of a third login authentication method provided in an embodiment of the present application;

fig. 5 is a schematic structural diagram of a login authentication device according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of another login authentication device provided in an embodiment of the present application;

FIG. 7 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure;

fig. 8 is a schematic structural diagram of another computer device provided in the embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

It should be understood that reference to "a plurality" in this application means two or more. In addition, for the convenience of clearly describing the technical solutions of the present application, the terms "first", "second", and the like are used to distinguish the same items or similar items having substantially the same functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.

Before explaining the embodiments of the present application, a system architecture related to the embodiments of the present application will be described.

Fig. 1 is a schematic diagram of a login authentication system according to an embodiment of the present application. Referring to fig. 1, the login authentication system includes: a terminal 101 and a server 102.

The terminal 101 may be a desktop computer, a laptop computer, a palmtop computer, a mobile phone, a tablet computer, etc. The terminal 101 is a device for requesting login to the server 102.

The server 102 may be one server or a server cluster including a plurality of servers. The server 102 is a device for authenticating a login request initiated by the terminal 101.

The terminal 101 and the server 102 may communicate through a wired network or a wireless network. The terminal 101 and the server 102 may execute a login authentication method described in the embodiment of fig. 2 below to implement authentication of the login request.

The following explains the login authentication method provided in the embodiments of the present application in detail.

Fig. 2 is a flowchart of a login authentication method according to an embodiment of the present application. Referring to fig. 2, the method includes the following steps.

Step 201: the terminal sends a login page request to the server.

The landing page request is used for requesting to acquire page data of the landing page. The login page is a page that can be used to input user login information, and a user requests to log in to the server by inputting user login information on the login page.

Specifically, the terminal may send a login page request to the server when receiving the login page display instruction.

The landing page display instruction can be triggered by a user, and the user can trigger the landing page display instruction through operations such as click operation, sliding operation, voice operation, gesture operation and somatosensory operation.

Step 202: and after receiving a login page request sent by the terminal, the server sends an initial value, preset conditions and page data of the login page to the terminal.

After receiving a login page request sent by a terminal, a server can acquire page data of the login page, generate an initial value and acquire a preset condition.

The initial value may be a random value, which may be generated using a random number generation algorithm. For example, the server may generate a 6-bit random string as the initial value, and the random string may be formed by randomly combining numbers and letters.

The preset condition is used for indicating a condition which should be satisfied by the value obtained through the hash operation. Different preset conditions correspond to different operation difficulties, and the operation difficulties can reflect the hash operation amount required by obtaining the hash value meeting the preset conditions. That is, the hash operation amounts required to obtain hash values satisfying different preset conditions are different. For example, the preset condition may be: the first N bits of the value obtained by the hash operation are 0, and N is a positive integer. In this case, N is the operation difficulty corresponding to the preset condition, and the operation difficulty increases with the increase of N. That is, the larger N is, the larger the operation difficulty corresponding to the preset condition is. For example, the operation difficulty corresponding to the preset condition that "the first 6 bits of the value obtained by the hash operation are 0" is greater than the operation difficulty corresponding to the preset condition that "the first 4 bits of the value obtained by the hash operation are 0". That is, the hash operation amount required to obtain the hash value of 0 on the first 6 bits is larger than the hash operation amount required to obtain the hash value of 0 on the first 4 bits.

Optionally, the page data of the landing page may include a graphical verification code. The server can generate a random number first, and then use a canvas tool and other tools to perform appropriate operations such as rotation, scaling, interference line addition and the like on the random number to obtain the graphic verification code containing the random number, so that the difficulty of machine identification can be increased, and the cost is increased for an attacker to read the graphic verification code by using a program. Illustratively, the random number may be the initial value.

In one possible mode, after the server receives a login page request sent by the terminal, the operation difficulty corresponding to the preset condition sent to the terminal is a fixed difficulty. For example, the preset condition may be: the first 4 bits of the value obtained by the hash operation are 0, and the operation difficulty corresponding to the preset condition is a fixed difficulty, that is, 4.

In another possible mode, after receiving the login page request sent by the terminal, the server may adjust the operation difficulty corresponding to the preset condition and then send the adjusted operation difficulty to the terminal. Specifically, in the following two cases, the server may adjust the operation difficulty corresponding to the preset condition.

In the first case: if the number of times that the terminal sends the login request to the server within the second duration is greater than or equal to the second number of times, the server can increase the operation difficulty corresponding to the preset condition.

The second time length and the second time number can be preset, the second time length can be set to be shorter, and the second time number can be set to be larger. For example, the second time period may be 30 minutes, 40 minutes, etc., and the second number may be 5 times, 6 times, etc.

If the number of times that the terminal sends the login request to the server within the second duration is greater than or equal to the second number of times, the terminal frequently requests to login within a short time, so that the server can increase the operation difficulty corresponding to the preset conditions to prevent possible malicious attacks on the terminal. For example, the server may adjust the preset condition from "the first 4 bits of the value obtained through the hash operation are 0" to "the first 6 bits of the value obtained through the hash operation are 0", so that the operation difficulty corresponding to the preset condition is changed from 4 to 6, and the operation difficulty corresponding to the preset condition is increased.

It should be noted that a data table (including but not limited to a Key-Value (Key-Value) data structure) may be maintained in the server, and is used to record the login request times corresponding to the Identifier of the device (including but not limited to UUID (universal Unique Identifier), MAC (Media Access Control) address, IP (Internet Protocol) address, or factory serial number, etc.). The server may obtain an identifier of the device that sent the login request each time the server receives the login request, and then add 1 to the number of login requests corresponding to the identifier of the device in the maintained data table. Therefore, the server can obtain the login request times corresponding to the terminal identification from the maintained data table, and the times that the terminal sends the login request to the server is obtained.

In the second case: if the total number of login request authentication failures of all devices sending login requests to the server within the third duration is m times of the total number of user accounts registered in the server, the server can increase the operation difficulty corresponding to the preset condition.

The third time period may be preset, and the third time period may be set to be shorter, for example, the third time period may be 1 hour, 2 hours, and the like. m may also be set in advance, and m is greater than 1, e.g., m may be 2, 3, etc.

If the total number of times of login request authentication failures of all devices sending login requests to the server within the third time length is m times of the total number of all user accounts registered in the server, the server is likely to be attacked if the failed login failures of all devices sending login requests to the server within the third time length are more than the total number of the user accounts registered in the server, and therefore the server can increase the operation difficulty corresponding to the preset conditions to prevent possible malicious attacks on the terminal.

It should be noted that, after the server increases the operation difficulty corresponding to the preset condition, for a normal login user, the increase of the operation difficulty does not bring obvious increase of login time or resource consumption, and for an attacker, since the attacker attacks by frequently initiating a login request, the attack cost of the attacker will be greatly increased.

Step 203: after receiving the initial value, the preset condition and the page data of the landing page sent by the server, the terminal performs hash operation on the value obtained after the initial value is connected in series with the incrementally increased target value, so as to obtain a collision value meeting the preset condition.

The value obtained by concatenating the initial value with the target value is a value obtained by adding the target value to the end of the initial value. The incremental target value means that the target value can be continuously incremented, that is, the target value is set to 1, and then 1 is continuously added to the target value, so as to obtain the collision value meeting the preset condition. That is, in the embodiment of the present application, an enumeration-type hash collision algorithm is used to obtain a collision value that meets a preset condition.

In the embodiment of the application, the terminal needs to adopt a hash collision algorithm in an enumeration form to obtain a collision value meeting a preset condition. That is, the terminal needs to perform a large amount of hash operations to obtain the collision value for login verification. In this case, if an attacker wants to log in, the attacker must first perform a large number of hash operations to obtain the collision value. This hash operation requires resource and time consumption. When a normal login person logs in, a certain time is needed, and the login is not frequently attempted, so that the consumed resources and time are acceptable. For an attacker, since the attacker attacks by frequently initiating login requests, a large amount of resources are consumed, and the time is long, so that the attack cost of the attacker is increased. The verification mechanism can be completed under the condition that the user does not perceive, and has good user experience and realization feasibility.

The operation of the terminal performing hash operation on the value obtained after the initial value is serially and incrementally increased with respect to the target value to obtain the collision value satisfying the preset condition may be: the terminal sets the target value to 1. And the terminal performs Hash operation on the value obtained after the initial value is connected with the target value in series to obtain a second Hash value. And if the obtained second hash value does not meet the preset condition, the terminal adds 1 to the target value, and performs the hash operation on the value obtained by connecting the initial value with the target value again until the obtained second hash value meets the preset condition. And after the obtained second hash value meets the preset condition, taking the second hash value as a collision value.

The Hash Algorithm used in the Hash operation may be preset, and for example, SHA-2(Secure Hash Algorithm 2), SHA-256, and the like may be used, which is not limited in this embodiment of the present application.

For example, the terminal may calculate the second hash value according to the formula result-SHA-2 (randString + count). Wherein result is a second hash value; randString is the initial value; the count is a target value, and the count is added with 1 after each hash operation. randString + count is to concatenate the initial values to the target value. SHA-2() uses SHA-2 to perform a hash operation.

Illustratively, the preset conditions are: the first 4 bits of the hash result are 0. This initial value is "6B 5FO 1". The target value is initialized to 1. The terminal substitutes "6B 5FO 1" into the above equation result-SHA-2 (randString + count) to solve, the solving process is shown in table 1 below:

TABLE 1

Thus, after 14797 hash operations, the terminal can obtain a second hash value with the first four bits of "0000" meeting the preset condition, and at this time, the second hash value can be used as a collision value. The time consumed for the terminal to perform 14797 hash operations is slightly different according to the calculation frequency of the processor, and actually, the time is about 283 milliseconds, so that the time is short.

Step 204: and the terminal displays a login page according to the page data of the login page and acquires user login information according to the login page.

An input box for inputting user login information can be displayed in the login page. The user login information may include a user account, a user password, and the like. If the login page also displays the graphic verification code, the user can also input the identification value of the graphic verification code in the login page. The identification value can also be used as user login information.

In a possible manner, if the page data of the login page sent by the server includes the graphical verification code, when the terminal displays the login page according to the page data, the displayed login page includes the graphical verification code.

In another possible mode, if the page data of the login page sent by the server does not include the graphical verification code, the terminal may generate the graphical verification code by itself and display the graphical verification code on the login page.

Illustratively, the terminal may generate the graphical verification code from the initial value. For example, the terminal may use a canvas or other tools to perform appropriate operations such as rotating, scaling, and adding interference lines to the initial value to obtain the pattern verification code containing the initial value, so that the difficulty of machine identification may be increased, and the cost may be increased for an attacker to read the pattern verification code using a program.

Step 205: the terminal sends a login request to the server, wherein the login request carries user login information, a target value and a collision value.

The login request is used for requesting login, and the server can be instructed to verify the login request.

Step 206: after receiving the login request sent by the terminal, the server performs hash operation on the value obtained by connecting the initial value with the target value in series to obtain a first hash value; and if the first hash value is the same as the collision value, checking the user login information.

After receiving the login request sent by the terminal, the server may perform hash operation on a value obtained by connecting the initial value with the target value in series when determining that the collision value meets a preset condition, so as to obtain a first hash value.

If the first hash value is the same as the collision value, the terminal is indicated to have performed a large amount of hash operations, that is, the terminal obtains the workload certification, and thus the server can continue to check the user login information.

When the server checks the user login information, the server can compare whether a user account and a user password included in the user login information are consistent with a user account and a user password stored in a database, and compare whether an identification value of a graphical verification code in the user login information is consistent with a value contained in the graphical verification code stored in the database; if the user login information is consistent with the user login information, the server can determine that the user login information passes verification, and otherwise, the server determines that the user login information fails verification.

If the first hash value is the same as the collision value and the user login information is successfully verified, the server can determine that the login request is successfully verified, and the terminal logs in successfully at the moment.

If the first hash value is different from the collision value, the server can determine that the login request fails to be verified; or, if the user login information fails to be checked, the server may determine that the login request fails to be verified.

Further, if the login request fails to be verified, the server may regenerate the initial value; and sending the regenerated initial value and the preset condition to the terminal to indicate the terminal to re-request login.

For example, the server may regenerate a random value as the initial value using a random number generation algorithm.

Further, after determining that the login request fails to be verified, the server may increase the operation difficulty corresponding to the preset condition when the login request failed verification number of the terminal in the first time period is greater than or equal to the first number, or when the login request failed verification number of the user account in the user login information in the first time period is greater than or equal to the first number, or when the login request is sent to the server by the terminal in the second time period, or when the login request is sent to the server by the user account in the user login information in the second time period by the terminal in the first time period, before sending the regenerated initial value and the preset condition to the terminal.

The first time length, the second time length, the first frequency and the second frequency can be preset, the first time length and the second time length can be set to be shorter, and the first frequency and the second frequency can be set to be larger. For example, the first time period may be 5 minutes, 10 minutes, and the like, the second time period may be 10 minutes, 15 minutes, and the like, the first number may be 4 times, 5 times, and the like, and the second number may be 5 times, 6 times, and the like, which is not limited in this embodiment of the present application.

If the number of times of authentication failure of the login request of the terminal in the first time period is greater than or equal to the first time period, the terminal frequently fails to log in a short time period, and therefore the server can increase the operation difficulty corresponding to the preset conditions to prevent possible malicious attacks on the terminal.

If the number of times of login request authentication failure of the user account in the user login information within the first duration is greater than or equal to the first time, the user account is indicated to frequently fail to login within a short time, so that the server can increase the operation difficulty corresponding to the preset condition to prevent possible malicious attack of the user account.

If the number of times that the terminal sends the login request to the server within the second duration is greater than or equal to the second number of times, the terminal frequently requests to login within a short time, so that the server can increase the operation difficulty corresponding to the preset conditions to prevent possible malicious attacks on the terminal.

If the number of times that the user account in the user login information sends the login request to the server within the second duration is greater than or equal to the second number of times, it is indicated that the user account frequently requests to login within a short time, so that the server can increase the operation difficulty corresponding to the preset condition to prevent possible malicious attack of the user account.

Further, after the server sends the regenerated initial value and the preset condition to the terminal, the terminal may perform hash operation on a value obtained after the initial value is serially and incrementally increased with respect to the target value to obtain a collision value meeting the preset condition, and then the collision value is carried in a login request and sent to the server to re-request login. This process is similar to step 203 described above, and details thereof are not described in this embodiment of the present application.

In addition, when the terminal requests login again, the terminal can carry the newly calculated collision value and the user login information obtained before in the sent login request. Or, the terminal can also redisplay the login page, reacquire the user login information according to the login page, carry the newly calculated collision value and the newly acquired user login information in the login request, and send the login request to the server to request login again.

In the embodiment of the application, when the terminal requests to log in, the terminal needs to adopt a hash collision algorithm in an enumeration form to obtain a collision value meeting a preset condition. That is, the terminal needs to perform a large amount of hash operations to obtain the collision value for login verification. In this case, if an attacker wants to log in, the attacker must first perform a large number of hash operations to obtain the collision value. This hash operation requires resource and time consumption. When a normal login person logs in, a certain time is needed, and the login is not frequently attempted, so that the consumed resources and time are acceptable. For an attacker, since the attacker attacks by frequently initiating login requests, a large amount of resources are consumed, and the time is long, so that the attack cost of the attacker is increased. The verification mechanism can be completed under the condition that the user does not perceive, and has good user experience and realization feasibility.

Fig. 3 is a flowchart of a login authentication method according to an embodiment of the present application. The method is applied to a server, and referring to fig. 3, the method comprises the following steps:

step 301: after a login page request sent by a terminal is received, an initial value, a preset condition and page data of the login page are sent to the terminal, and the terminal is instructed to perform Hash operation on a value obtained after a target value of the initial value is increased in series, so that a collision value meeting the preset condition is obtained.

The specific operation of step 301 has already been described in detail in step 201 and step 202, and this is not described again in this embodiment of the present application.

Step 302: and receiving a login request sent by a terminal, wherein the login request carries user login information, a target value and a collision value.

The specific operation of step 302 is already described in step 205, and is not described again in this embodiment of the present application.

Step 303: and carrying out Hash operation on the value obtained after the initial value is connected with the target value in series to obtain a first Hash value, and verifying the user login information if the first Hash value is the same as the collision value.

The specific operation of step 303 is already described in detail in step 206, and is not described again in this embodiment of the present application.

Fig. 4 is a flowchart of a login authentication method according to an embodiment of the present application. The method is applied to the terminal, and referring to fig. 4, the method comprises the following steps:

step 401: and sending a login page request to the server.

The specific operation of step 401 is already described in detail in step 201, and is not described again in this embodiment of the present application.

Step 402: and receiving an initial value, a preset condition and page data of a landing page sent by a server, and performing hash operation on a value obtained after the initial value is serially and incrementally increased with a target value to obtain a collision value meeting the preset condition.

The specific operation of step 402 is already described in detail in step 203, and is not described again in this embodiment of the present application.

Step 403: and displaying a login page according to the page data, and acquiring user login information according to the login page.

The specific operation of step 403 is already described in detail in step 204, and this is not described in detail in this embodiment of the present application.

Step 404: and sending a login request to a server, wherein the login request carries user login information, a target value and a collision value so as to indicate the server to verify the login request.

The specific operation of step 404 is already described in detail in step 205, and is not described again in this embodiment of the present application.

Fig. 5 is a schematic structural diagram of a login authentication device according to an embodiment of the present application, where the login authentication device may be applied to a server, which may be the server 102 in the embodiment of fig. 1 above. Referring to fig. 5, the apparatus includes: a sending module 501, a receiving module 502, an operation module 503 and a check module 504.

A sending module 501, configured to send an initial value, a preset condition, and page data of a landing page to a terminal after receiving a landing page request sent by the terminal, so as to instruct the terminal to perform hash operation on a value obtained after a target value of the initial value is serially incremented, so as to obtain a collision value meeting the preset condition;

a receiving module 502, configured to receive a login request sent by a terminal, where the login request carries user login information, a target value, and a collision value;

an operation module 503, configured to perform hash operation on a value obtained by concatenating the initial value with the target value to obtain a first hash value;

and the checking module 504 is configured to check the user login information under the condition that the first hash value is the same as the collision value.

Optionally, the apparatus further comprises:

the determining module is used for determining that the login request fails to be verified if the first hash value is different from the collision value; or if the user login information fails to be checked, determining that the login request fails to be verified;

a sending module 501, configured to send the regenerated initial value and the preset condition to the terminal.

Optionally, the apparatus further comprises:

the adjusting module is configured to, if the login request fails to be verified, increase an operation difficulty corresponding to the preset condition when the number of times of verification failure of the login request of the terminal within the first time period is greater than or equal to the first time, or when the number of times of verification failure of the login request of the user account in the user login information within the first time period is greater than or equal to the first time, or when the number of times of sending the login request to the server within the second time period of the terminal is greater than or equal to the second time, or when the number of times of sending the login request to the server within the second time period of the user account in the user login information is greater than or equal to the second time.

Optionally, the apparatus further comprises an adjusting module, the adjusting module is configured to:

after a login page request sent by the terminal is received, under the condition that the number of times that the terminal sends the login request to the server in the second time length is larger than or equal to the second number of times, the operation difficulty corresponding to the preset condition is increased; or

After a login page request sent by a terminal is received, under the condition that the total times of login request authentication failures of all devices sending login requests to a server within a third time length are m times of the total number of user accounts registered in the server, the operation difficulty corresponding to the preset condition is increased, and m is larger than 1.

Fig. 6 is a schematic structural diagram of a login authentication device according to an embodiment of the present application, where the login authentication device may be applied to a terminal, and the terminal may be the terminal 101 in the embodiment of fig. 1 above. Referring to fig. 6, the apparatus includes: a sending module 601, a receiving module 602, an operation module 603 and an obtaining module 604.

A sending module 601, configured to send a login page request to a server;

a receiving module 602, configured to receive an initial value, a preset condition, and page data of a login page sent by a server;

an operation module 603, configured to perform hash operation on a value obtained after the initial value is serially incremented with respect to the target value, so as to obtain a collision value meeting a preset condition;

an obtaining module 604, configured to display a login page according to the page data, and obtain login information of the user according to the login page;

the sending module 601 is further configured to send a login request to the server, where the login request carries user login information, a target value, and a collision value, so as to instruct the server to verify the login request.

Optionally, the user login information further includes an identification value of the graphical verification code, and the apparatus further includes:

Optionally, the operation module 603 is configured to:

setting the target value to 1;

carrying out Hash operation on the value obtained after the initial value is connected with the target value in series to obtain a second Hash value;

if the second hash value does not meet the preset condition, adding 1 to the target value, and re-executing the hash operation on the value obtained by connecting the initial value with the target value in series;

It should be noted that: in the login authentication device provided in the above embodiment, only the division of the above functional modules is used for illustration in login authentication, and in practical applications, the above function distribution may be completed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the above described functions.

Each functional unit and module in the above embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used to limit the protection scope of the embodiments of the present application.

The embodiments of the login authentication device and the login authentication method provided in the above embodiments belong to the same concept, and the specific working processes and technical effects brought by the units and modules in the above embodiments can be referred to the section of the embodiments of the methods, which is not described herein again.

Fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 7, the computer device 7 includes: a processor 70, a memory 71 and a computer program 72 stored in the memory 71 and operable on the processor 70, the steps in the login authentication method in the embodiment of fig. 3 above being implemented when the computer program 72 is executed by the processor 70.

The computer device 7 may be a general purpose computer device or a special purpose computer device. In a specific implementation, the computer device 7 may be one server or a server cluster composed of a plurality of servers. Those skilled in the art will appreciate that fig. 7 is only an example of the computer device 7, and does not constitute a limitation to the computer device 7, and may include more or less components than those shown, or combine some components, or different components, such as input and output devices, network access devices, etc.

The Processor 70 may be a Central Processing Unit (CPU), and the Processor 70 may also be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor.

The storage 71 may in some embodiments be an internal storage unit of the computer device 7, such as a hard disk or a memory of the computer device 7. The memory 71 may also be an external storage device of the computer device 7 in other embodiments, such as a plug-in hard disk provided on the computer device 7, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 71 may also include both an internal storage unit of the computer device 7 and an external storage device. The memory 71 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of a computer program. The memory 71 may also be used to temporarily store data that has been output or is to be output.

Fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 8, the computer device 8 includes: a processor 80, a memory 81 and a computer program 82 stored in the memory 81 and operable on the processor 80, the steps in the login authentication method in the embodiment of fig. 4 above being implemented when the computer program 82 is executed by the processor 80.

The computer device 8 may be a general purpose computer device or a special purpose computer device. In a specific implementation, the computer device 8 may be a desktop computer, a laptop computer, a palmtop computer, a mobile phone, a tablet computer, or a wireless terminal device, and the embodiment of the present application does not limit the type of the computer device 8. Those skilled in the art will appreciate that fig. 8 is merely an example of the computer device 8 and does not constitute a limitation of the computer device 8, and may include more or less components than those shown, or combine certain components, or different components, such as input output devices, network access devices, etc.

The Processor 80 may be a Central Processing Unit (CPU), and the Processor 80 may also be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor.

The storage 81 may in some embodiments be an internal storage unit of the computer device 8, such as a hard disk or a memory of the computer device 8. The memory 81 may also be an external storage device of the computer device 8 in other embodiments, such as a plug-in hard disk provided on the computer device 8, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 81 may also include both an internal storage unit of the computer device 8 and an external storage device. The memory 81 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of a computer program. The memory 81 may also be used to temporarily store data that has been output or is to be output.

An embodiment of the present application further provides a computer device, where the computer device includes: at least one processor, a memory, and a computer program stored in the memory and executable on the at least one processor, the processor implementing the steps of any of the various method embodiments described above when executing the computer program.

The embodiments of the present application also provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in the above-mentioned method embodiments.

The embodiments of the present application provide a computer program product, which when run on a computer causes the computer to perform the steps of the above-described method embodiments.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the above method embodiments may be implemented by a computer program, which may be stored in a computer readable storage medium and used by a processor to implement the steps of the above method embodiments. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or apparatus capable of carrying computer program code to a photographing apparatus/terminal device, a recording medium, computer Memory, ROM (Read-Only Memory), RAM (Random Access Memory), CD-ROM (Compact Disc Read-Only Memory), magnetic tape, floppy disk, optical data storage device, etc. The computer-readable storage medium referred to herein may be a non-volatile storage medium, in other words, a non-transitory storage medium.

It should be understood that all or part of the steps for implementing the above embodiments may be implemented by software, hardware, firmware or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The computer instructions may be stored in the computer-readable storage medium described above.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the above-described apparatus/computer device embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims

1. A login authentication method is applied to a server, and the method comprises the following steps:

2. The method of claim 1, wherein the page data includes a graphical authentication code, and wherein the user login information further includes an identification value for the graphical authentication code.

3. The method of claim 1, wherein the preset condition is: the first N bits of the value obtained by the Hash operation are 0; and N is the operation difficulty corresponding to the preset condition, the operation difficulty is increased along with the increase of N, and N is a positive integer.

4. The method of any of claims 1-3, wherein the method further comprises:

if the login request fails to be verified, regenerating an initial value;

5. The method of claim 4, wherein before sending the regenerated initial value and the preset condition to the terminal, further comprising:

6. The method according to any one of claims 1 to 3, wherein before sending the initial value, the preset condition and the page data of the landing page to the terminal, the method further comprises:

7. A login authentication method is applied to a terminal, and the method comprises the following steps:

sending a login page request to a server;

8. The method of claim 7, wherein the page data includes a graphical authentication code, and wherein the user login information further includes an identification value for the graphical authentication code.

9. The method of claim 7, wherein the user login information further includes an identification value of a graphical verification code, the method further comprising:

generating a graphic verification code according to the initial value;

and displaying the graphical verification code in the login page.

10. The method according to any one of claims 7 to 9, wherein the performing a hash operation on the value obtained after the target value of the initial value is serially incremented to obtain the collision value satisfying the preset condition includes:

setting the target value to 1;

11. A login authentication device applied to a server, the device comprising:

12. A login authentication device is applied to a terminal, and the device comprises:

the sending module is used for sending a login page request to the server;

the acquisition module is used for displaying the login page according to the page data of the login page and acquiring user login information according to the login page;

13. A computer device, characterized in that the computer device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, which computer program, when executed by the processor, implements the method according to any of claims 1 to 10.

14. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 10.