CN112966242A - User name and password authentication method, device and equipment and readable storage medium - Google Patents
User name and password authentication method, device and equipment and readable storage medium Download PDFInfo
- Publication number
- CN112966242A CN112966242A CN202110333015.XA CN202110333015A CN112966242A CN 112966242 A CN112966242 A CN 112966242A CN 202110333015 A CN202110333015 A CN 202110333015A CN 112966242 A CN112966242 A CN 112966242A
- Authority
- CN
- China
- Prior art keywords
- target
- information
- random number
- password
- user name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides a user name and password authentication method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: acquiring target information, wherein the target information comprises: a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is effective in a preset time; generating target verification information by using a preset key, the password and the target random number which are pre-stored in a local browser plug-in; and transmitting the user name and the target verification information to the system server so that the system server can verify the target verification information and log in the user after the verification is passed. Therefore, the attack of hackers can be prevented, the security of the user name and password authentication is improved, and the data security is guaranteed.
Description
Technical Field
The present disclosure relates to the field of data security technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for user name and password authentication.
Background
With the rapid development of the internet, the prosperity of a plurality of industries is driven, but the network security problem is increasingly serious, and the identity authentication plays a vital role as the first key of information security protection. The method enhances the security of the system for storing, protecting and verifying the password, and can effectively improve the security of the user name and password authentication.
The traditional user name and password authentication method mainly adopts the following methods, one is HTTP + user name + MD5 (password) or SHA1 (password); second, HTTPS + username + password; the third is HTTPS + username + MD5 (password) or SHA1 (password).
However, the above authentication methods all have corresponding disadvantages, wherein, mainly because the HTTP transmission process is not encrypted, a hacker catches a plaintext data packet in the transmission process by catching the packet to perform replay attack; after the MD5 or SHA1 value of the password stored in the database is leaked, the hacker sends the MD5 or SHA1 value of the user name and the password to the server according to the corresponding transmission protocol, and the hacker logs in the system successfully. Or after the password is leaked, a hacker can directly and successfully log in the system by using the user name and the password, so that the security of password authentication is greatly reduced, and great data security hidden danger is brought.
Disclosure of Invention
In view of this, an object of the present disclosure is to provide a method, an apparatus, a device and a readable storage medium for user name and password authentication, which can improve the security of user name and password authentication and ensure the data security. The specific scheme is as follows:
in a first aspect, the present disclosure provides a user name and password authentication method, applied to a target browser, including:
acquiring target information, wherein the target information comprises: a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is effective in a preset time;
generating target verification information by using a preset key, the password and the target random number which are pre-stored in a local browser plug-in;
and transmitting the user name and the target verification information to the system server so that the system server can verify the target verification information and log in the user after the verification is passed.
Optionally, the obtaining target information includes:
acquiring a user name and a password input by a user through a login page;
sending a random number acquisition request to the system server through an HTTPS protocol;
and acquiring the target random number which is returned by the system server according to the random number acquisition request and is effective in the preset time.
Optionally, the generating target verification information by using a preset key, the password, and the target random number pre-stored in a local browser plug-in includes:
transmitting the password and the target random number to a local browser plug-in;
performing SHA256 operation on the password through the browser plug-in to obtain first information;
and performing SHA256 operation on the first information, the target random number and the preset key through the browser plug-in to obtain target verification information.
Optionally, before the obtaining the target information, the method further includes:
acquiring a system access request triggered by the user;
accessing a login page on the system server according to the system access request;
and loading the login page returned by the system server.
In a second aspect, the present disclosure provides a username and password authentication method, applied to a system server, including:
generating a target random number which is effective in a preset time according to a random number acquisition request sent by a target browser, and sending the target random number to the target browser;
acquiring a user name and target verification information sent by the target browser, wherein the target verification information is verification information generated by the target browser by using a password corresponding to the user name, the target random number and a preset key stored in advance;
and verifying the target verification information, and logging in the user after the target verification information passes the verification.
Optionally, before verifying the target verification information, the method further includes:
when the user name is registered, acquiring a registration password corresponding to the user name;
performing SHA256 operation on the registration password to obtain second information;
and storing the second information to a local database.
Optionally, the verifying the target verification information includes:
performing SHA256 operation on the second information, the target random number and the preset key to obtain comparison information;
comparing the target verification information with the comparison information;
and if the target verification information is consistent with the comparison information, the verification is passed.
In a third aspect, the present disclosure provides a user name and password authentication apparatus, applied to a target browser, including:
the information acquisition module is used for acquiring target information, wherein the target information comprises: a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is effective in a preset time;
the verification information generation module is used for generating target verification information by utilizing a preset key, the password and the target random number which are pre-stored in a local browser plug-in;
and the information transmission module is used for transmitting the user name and the target verification information to the system server so that the system server can verify the target verification information and log in the user after the verification is passed.
In a fourth aspect, the present disclosure provides an electronic device comprising:
a memory and a processor;
wherein the memory is used for storing a computer program;
the processor is used for executing the computer program to realize the user name and password authentication method disclosed in the foregoing.
In a fifth aspect, the present disclosure provides a computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the username-password authentication method disclosed above.
As can be seen, the present disclosure first obtains target information, where the target information includes: the method comprises the steps that a user inputs a user name and a password through a login page, the target random number is sent by a system server and is effective in a preset time, then a preset key stored in a local browser plug-in advance, the password and the target random number are used for generating target verification information, and then the user name and the target verification information are transmitted to the system server, so that the system server can verify the target verification information, and the user login is carried out after the verification is passed. Therefore, a random number with a validity period within a certain time is introduced as a challenge in the process of generating verification information, a hacker is prevented from using data to replay and attack, and when information obtained by using a password is leaked, the hacker cannot attack through a corresponding transmission protocol due to the addition of a preset key, so that the security of user name and password authentication is improved, and the data security is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart of a username-password authentication method provided by the present disclosure;
FIG. 2 is a flowchart of a username-password authentication method provided by the present disclosure;
FIG. 3 is a flowchart of a specific username-password authentication method provided by the present disclosure;
fig. 4 is a schematic structural diagram of a username and password authentication apparatus provided in the present disclosure;
fig. 5 is a schematic structural diagram of a username-password authentication apparatus provided in the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device according to the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Referring to fig. 1, an embodiment of the present disclosure provides a username and password authentication method, which is applied to a target browser, and the method includes:
step S11: acquiring target information, wherein the target information comprises: the system comprises a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is valid within a preset time.
In a specific implementation process, the target browser is a browser that needs to access the system server, and needs to acquire target information first, where the target information includes a user name and a password that are input by a user through a login page, and a target random number that is sent by the system server and is valid within a preset time. Specifically, a user name and a password input by a user through a login page are obtained; sending a random number acquisition request to the system server through an HTTPS protocol; and acquiring the target random number which is returned by the system server according to the random number acquisition request and is effective in the preset time. The target random number is valid for a preset time, such as 60 seconds.
Step S12: and generating target verification information by using a preset key, the password and the target random number which are pre-stored in a local browser plug-in.
After the target information is obtained, target verification information can be generated by using a preset key, the password and the target random number which are pre-stored in a local browser plug-in. Specifically, the password and the target random number are transmitted to a local browser plug-in; performing SHA256 operation on the password through the browser plug-in to obtain first information; and performing SHA256 operation on the first information, the target random number and the preset key through the browser plug-in to obtain target verification information. In a specific implementation process, a browser plug-in is required to be installed in advance at a local terminal corresponding to the target browser, wherein a preset key which is the same as that of the system server is preset in the browser plug-in.
Step S13: and transmitting the user name and the target verification information to the system server so that the system server can verify the target verification information and log in the user after the verification is passed.
It is to be understood that, after the target authentication information is generated, the target authentication information and the user name may be transmitted to the system server, so that the system server authenticates the target authentication information, and performs user login after authentication is passed.
In an actual implementation process, before the obtaining the target information, the method further includes: acquiring a system access request triggered by the user; accessing a login page on the system server according to the system access request; and loading the login page returned by the system server. That is, after a request that a user needs to perform system access is acquired, a login page on the system server is accessed according to the system access request, and the login page is loaded after the system server returns to the login page.
As can be seen, the present disclosure first obtains target information, where the target information includes: the method comprises the steps that a user inputs a user name and a password through a login page, the target random number is sent by a system server and is effective in a preset time, then a preset key stored in a local browser plug-in advance, the password and the target random number are used for generating target verification information, and then the user name and the target verification information are transmitted to the system server, so that the system server can verify the target verification information, and the user login is carried out after the verification is passed. Therefore, a random number with a validity period within a certain time is introduced as a challenge in the process of generating verification information, a hacker is prevented from using data to replay and attack, and when information obtained by using a password is leaked, the hacker cannot attack through a corresponding transmission protocol due to the addition of a preset key, so that the security of user name and password authentication is improved, and the data security is guaranteed.
Referring to fig. 2, an embodiment of the present disclosure provides a username and password authentication method, which is applied to a system server, and the method includes:
step S21: generating a target random number which is effective in a preset time according to a random number acquisition request sent by a target browser, and sending the target random number to the target browser.
In a specific implementation process, a target random number which is valid within a preset time is generated locally according to a random number acquisition request sent by a target browser, and the target random number is returned to the target browser. The target random number is valid within a preset time, for example, within 60 seconds, and the length of the target random number is not limited herein. Can be determined according to actual requirements.
Before generating a target random number valid within a preset time according to a random number acquisition request sent by a target browser, the method further includes: receiving a system access request sent by the target browser, returning a login page to the target browser according to the system access request and the system access request, so that the target browser loads the login page, acquires a user name and a password input by a user through the login page, and sends a random number acquisition request to the local through an HTTPS protocol; and receiving the random number acquisition request. Accordingly, the generating the target random number is to generate the target random number according to the random number obtaining request.
Step S22: and acquiring a user name and target verification information sent by the target browser, wherein the target verification information is verification information generated by the target browser by using a password corresponding to the user name, the target random number and a pre-stored preset key.
After the target random number is returned to the target browser, a user name and target verification information sent by the target browser need to be acquired, wherein the target verification information is verification information generated by the target browser by using a password corresponding to the user name, the target random number and a pre-stored preset key.
Step S23: and verifying the target verification information, and logging in the user after the target verification information passes the verification.
After the user name and the target authentication information are obtained, the target authentication information needs to be authenticated, and the user logs in after the authentication is passed.
In a specific implementation process, before verifying the target verification information, the method further includes: when the user name is registered, acquiring a registration password corresponding to the user name; performing SHA256 operation on the registration password to obtain second information; and storing the second information to a local database. In practical application, after the user is registered, if the user modifies the corresponding password, a new password needs to be acquired, and the new password is used to update the second information in the local database.
Correspondingly, the verifying the target verification information includes: performing SHA256 operation on the second information, the target random number and the preset key to obtain comparison information; comparing the target verification information with the comparison information; and if the target verification information is consistent with the comparison information, the verification is passed.
It can be seen that, according to a random number acquisition request sent by a target browser, the present disclosure generates a target random number valid within a preset time, sends the target random number to the target browser, and then acquires a user name and target authentication information sent by the target browser, where the target authentication information is authentication information generated by the target browser using a password corresponding to the user name, the target random number, and a preset key stored in advance, and then authenticates the target authentication information, and performs user login after the authentication is passed. Therefore, a random number with a validity period within a certain time is introduced as a challenge in the process of generating verification information, a hacker is prevented from using data to replay and attack, and when information obtained by using a password is leaked, the hacker cannot attack through a corresponding transmission protocol due to the addition of a preset key, so that the security of user name and password authentication is improved, and the data security is guaranteed.
Referring to fig. 3, a user name authentication flow chart is shown. The database stores a value H1 obtained by SHA256 calculation of a password acquired during user name registration, a key K is preset during system server initialization, a user terminal is provided with a browser plug-in, the browser plug-in is preset with the key K which is the same as that of a system server, the browser communicates with the system server through an HTTPS protocol, a user accesses a login page of the system through the browser, the user inputs the user name and the password through the login page, clicks a login button, the browser requests a random number challenge to the system server through the HTTPS protocol, the system server generates a random number R with an effective period of only 60 seconds and returns the random number R to the browser, the browser calls an interface of the browser plug-in to transmit the password and the R into the browser plug-in after receiving the random number R, the browser plug-in firstly performs SHA256 on the password to obtain H1, and then performs SHA256 on H1+ R + K to obtain C, and returning the C to the browser, sending the user name and the C to a system server by the browser through an HTTPS protocol, after receiving the user name and the C, querying an SHA256 value H1 of a corresponding password through the user name to a database, then carrying out SHA256 on H1+ R + K to obtain C1, and comparing the C1 with the C by the system server, wherein if the C is equal to the C, the login is successful, and otherwise, the login is failed.
Referring to fig. 4, an embodiment of the present disclosure provides a username-password authentication apparatus 10 applied to a target browser, including:
an information obtaining module 11, configured to obtain target information, where the target information includes: a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is effective in a preset time;
a verification information generation module 12, configured to generate target verification information by using a preset key, the password, and the target random number that are pre-stored in a local browser plug-in;
and the information transmission module 13 is configured to transmit the user name and the target authentication information to the system server, so that the system server can authenticate the target authentication information and log in the user after the authentication is passed.
As can be seen, the present disclosure first obtains target information, where the target information includes: the method comprises the steps that a user inputs a user name and a password through a login page, the target random number is sent by a system server and is effective in a preset time, then a preset key stored in a local browser plug-in advance, the password and the target random number are used for generating target verification information, and then the user name and the target verification information are transmitted to the system server, so that the system server can verify the target verification information, and the user login is carried out after the verification is passed. Therefore, a random number with a validity period within a certain time is introduced as a challenge in the process of generating verification information, a hacker is prevented from using data to replay and attack, and when information obtained by using a password is leaked, the hacker cannot attack through a corresponding transmission protocol due to the addition of a preset key, so that the security of user name and password authentication is improved, and the data security is guaranteed.
In some specific implementation processes, the information obtaining module 11 is configured to:
acquiring a user name and a password input by a user through a login page;
sending a random number acquisition request to the system server through an HTTPS protocol;
and acquiring the target random number which is returned by the system server according to the random number acquisition request and is effective in the preset time.
In some specific implementations, the verification information generating module 12 is configured to:
transmitting the password and the target random number to a local browser plug-in;
performing SHA256 operation on the password through the browser plug-in to obtain first information;
and performing SHA256 operation on the first information, the target random number and the preset key through the browser plug-in to obtain target verification information.
In some specific implementations, the apparatus 10 for authenticating a username and a password further includes:
the login page access module is used for acquiring a system access request triggered by the user; accessing a login page on the system server according to the system access request; and loading the login page returned by the system server.
Referring to fig. 5, an embodiment of the present disclosure provides a username-password authentication apparatus 20, applied to a system server, including:
a random number generation module 21, configured to generate a target random number that is valid within a preset time according to a random number acquisition request sent by a target browser, and send the target random number to the target browser;
a verification information obtaining module 22, configured to obtain a user name and target verification information sent by the target browser, where the target verification information is verification information generated by the target browser using a password corresponding to the user name, the target random number, and a preset key stored in advance;
and the information verification module 23 is configured to verify the target verification information, and log in the user after the verification is passed.
It can be seen that, according to a random number acquisition request sent by a target browser, the present disclosure generates a target random number valid within a preset time, sends the target random number to the target browser, and then acquires a user name and target authentication information sent by the target browser, where the target authentication information is authentication information generated by the target browser using a password corresponding to the user name, the target random number, and a preset key stored in advance, and then authenticates the target authentication information, and performs user login after the authentication is passed. Therefore, a random number with a validity period within a certain time is introduced as a challenge in the process of generating verification information, a hacker is prevented from using data to replay and attack, and when information obtained by using a password is leaked, the hacker cannot attack through a corresponding transmission protocol due to the addition of a preset key, so that the security of user name and password authentication is improved, and the data security is guaranteed.
In some specific implementations, the apparatus 20 for authenticating a username and a password further includes:
a registration information determining module, configured to obtain a registration password corresponding to the user name when the user name is registered; performing SHA256 operation on the registration password to obtain second information; and storing the second information to a local database.
In some specific implementations, the information verification module 23 is configured to:
performing SHA256 operation on the second information, the target random number and the preset key to obtain comparison information; comparing the target verification information with the comparison information; and if the target verification information is consistent with the comparison information, the verification is passed.
Further, the disclosed embodiment also discloses a computer readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the username and password authentication method disclosed in any of the foregoing embodiments.
For the specific process of the username and password authentication method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
Fig. 6 is a block diagram illustrating one type of electronic device 30 according to an example embodiment. The electronic device 30 comprises a processor 31 and a memory 32. The electronic device 30 may also include one or more of a multimedia component 33, an input/output (I/O) interface 34, and a communications component 35.
The processor 31 is configured to control the overall operation of the electronic device 30, so as to complete all or part of the steps in the multi-user name and password authentication method. The memory 32 is used to store various types of data to support operation at the electronic device 30, such data may include, for example, instructions for any application or method operating on the electronic device 30, as well as application-related data, such as contact data, messaging, pictures, audio, video, and so forth. The Memory 32 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia components 33 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 32 or transmitted via the communication component 35. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 34 provides an interface between the processor 31 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 35 is used for wired or wireless communication between the electronic device 30 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G or 4G, or a combination of one or more of them, so that the corresponding Communication component 25 may include: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the electronic Device 30 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors or other electronic components, and is configured to perform the above-mentioned username and password authentication method performed by the target browser side or the username and password authentication method performed by the system server side.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Finally, it is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of other elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A user name and password authentication method is applied to a target browser and comprises the following steps:
acquiring target information, wherein the target information comprises: a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is effective in a preset time;
generating target verification information by using a preset key, the password and the target random number which are pre-stored in a local browser plug-in;
and transmitting the user name and the target verification information to the system server so that the system server can verify the target verification information and log in the user after the verification is passed.
2. The username-password authentication method of claim 1, wherein the obtaining target information comprises:
acquiring a user name and a password input by a user through a login page;
sending a random number acquisition request to the system server through an HTTPS protocol;
and acquiring the target random number which is returned by the system server according to the random number acquisition request and is effective in the preset time.
3. The method of claim 1, wherein the generating target verification information using the pre-set key, the password and the target random number pre-stored in the local browser plug-in comprises:
transmitting the password and the target random number to a local browser plug-in;
performing SHA256 operation on the password through the browser plug-in to obtain first information;
and performing SHA256 operation on the first information, the target random number and the preset key through the browser plug-in to obtain target verification information.
4. The username-password authentication method according to claim 1, further comprising, prior to obtaining the target information:
acquiring a system access request triggered by the user;
accessing a login page on the system server according to the system access request;
and loading the login page returned by the system server.
5. A user name and password authentication method is applied to a system server and comprises the following steps:
generating a target random number which is effective in a preset time according to a random number acquisition request sent by a target browser, and sending the target random number to the target browser;
acquiring a user name and target verification information sent by the target browser, wherein the target verification information is verification information generated by the target browser by using a password corresponding to the user name, the target random number and a preset key stored in advance;
and verifying the target verification information, and logging in the user after the target verification information passes the verification.
6. The username-password authentication method according to claim 5, further comprising, before verifying the target verification information:
when the user name is registered, acquiring a registration password corresponding to the user name;
performing SHA256 operation on the registration password to obtain second information;
and storing the second information to a local database.
7. The username-password authentication method of claim 6, wherein the verifying the target verification information comprises:
performing SHA256 operation on the second information, the target random number and the preset key to obtain comparison information;
comparing the target verification information with the comparison information;
and if the target verification information is consistent with the comparison information, the verification is passed.
8. A username and password authentication device applied to a target browser comprises:
the information acquisition module is used for acquiring target information, wherein the target information comprises: a user name and a password input by a user through a login page, and a target random number which is sent by a system server and is effective in a preset time;
the verification information generation module is used for generating target verification information by utilizing a preset key, the password and the target random number which are pre-stored in a local browser plug-in;
and the information transmission module is used for transmitting the user name and the target verification information to the system server so that the system server can verify the target verification information and log in the user after the verification is passed.
9. An electronic device, comprising:
a memory and a processor;
wherein the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the username-password authentication method of any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements a username-password authentication method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110333015.XA CN112966242A (en) | 2021-03-29 | 2021-03-29 | User name and password authentication method, device and equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110333015.XA CN112966242A (en) | 2021-03-29 | 2021-03-29 | User name and password authentication method, device and equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112966242A true CN112966242A (en) | 2021-06-15 |
Family
ID=76278789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110333015.XA Pending CN112966242A (en) | 2021-03-29 | 2021-03-29 | User name and password authentication method, device and equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112966242A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114154126A (en) * | 2021-10-31 | 2022-03-08 | 苏州浪潮智能科技有限公司 | BMC login authentication method, device and medium |
| WO2023010285A1 (en) * | 2021-08-03 | 2023-02-09 | 华为技术有限公司 | Information processing method and apparatus, and device |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070061889A1 (en) * | 2005-09-12 | 2007-03-15 | Sand Box Technologies Inc. | System and method for controlling distribution of electronic information |
| US20070208743A1 (en) * | 2006-02-14 | 2007-09-06 | Narayan Sainaney | System and Method For Searching Rights Enabled Documents |
| US20140129830A1 (en) * | 2012-11-07 | 2014-05-08 | Wolfgang Raudaschl | Process for Storing Data on a Central Server |
| CN105871553A (en) * | 2016-06-28 | 2016-08-17 | 电子科技大学 | Identity-free three-factor remote user authentication method |
| CN106127016A (en) * | 2016-07-18 | 2016-11-16 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN107295011A (en) * | 2017-08-04 | 2017-10-24 | 杭州安恒信息技术有限公司 | The safety certifying method and device of webpage |
| CN107454115A (en) * | 2017-10-10 | 2017-12-08 | 北京奇艺世纪科技有限公司 | A kind of abstract identification method and digest authentication system |
| CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
| CN109379176A (en) * | 2018-12-10 | 2019-02-22 | 湖北工业大学 | A kind of certifiede-mail protocol method of anti-password leakage |
| CN111800378A (en) * | 2020-05-21 | 2020-10-20 | 视联动力信息技术股份有限公司 | Login authentication method, device, system and storage medium |
| CN111970270A (en) * | 2020-08-14 | 2020-11-20 | 山东省计算中心(国家超级计算济南中心) | SIP security authentication method and system based on-loop error learning problem |
-
2021
- 2021-03-29 CN CN202110333015.XA patent/CN112966242A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070061889A1 (en) * | 2005-09-12 | 2007-03-15 | Sand Box Technologies Inc. | System and method for controlling distribution of electronic information |
| US20070208743A1 (en) * | 2006-02-14 | 2007-09-06 | Narayan Sainaney | System and Method For Searching Rights Enabled Documents |
| US20140129830A1 (en) * | 2012-11-07 | 2014-05-08 | Wolfgang Raudaschl | Process for Storing Data on a Central Server |
| CN105871553A (en) * | 2016-06-28 | 2016-08-17 | 电子科技大学 | Identity-free three-factor remote user authentication method |
| CN106127016A (en) * | 2016-07-18 | 2016-11-16 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN107295011A (en) * | 2017-08-04 | 2017-10-24 | 杭州安恒信息技术有限公司 | The safety certifying method and device of webpage |
| CN107454115A (en) * | 2017-10-10 | 2017-12-08 | 北京奇艺世纪科技有限公司 | A kind of abstract identification method and digest authentication system |
| CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
| CN109379176A (en) * | 2018-12-10 | 2019-02-22 | 湖北工业大学 | A kind of certifiede-mail protocol method of anti-password leakage |
| CN111800378A (en) * | 2020-05-21 | 2020-10-20 | 视联动力信息技术股份有限公司 | Login authentication method, device, system and storage medium |
| CN111970270A (en) * | 2020-08-14 | 2020-11-20 | 山东省计算中心(国家超级计算济南中心) | SIP security authentication method and system based on-loop error learning problem |
Non-Patent Citations (1)
| Title |
|---|
| 周贤伟: "无线传感器网络的密钥管理", 《无线传感器网络与安全》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023010285A1 (en) * | 2021-08-03 | 2023-02-09 | 华为技术有限公司 | Information processing method and apparatus, and device |
| CN114154126A (en) * | 2021-10-31 | 2022-03-08 | 苏州浪潮智能科技有限公司 | BMC login authentication method, device and medium |
| CN114154126B (en) * | 2021-10-31 | 2024-04-19 | 苏州浪潮智能科技有限公司 | BMC login authentication method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11165581B2 (en) | System for improved identification and authentication | |
| US10491587B2 (en) | Method and device for information system access authentication | |
| US11764966B2 (en) | Systems and methods for single-step out-of-band authentication | |
| US9979719B2 (en) | System and method for converting one-time passcodes to app-based authentication | |
| US10445487B2 (en) | Methods and apparatus for authentication of joint account login | |
| US20170244676A1 (en) | Method and system for authentication | |
| US8510811B2 (en) | Network transaction verification and authentication | |
| US9369286B2 (en) | System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications | |
| CN111355726B (en) | Identity authorization login method and device, electronic equipment and storage medium | |
| CN114679293A (en) | Access control method, device and storage medium based on zero trust security | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| US10122697B2 (en) | Native authentication experience with failover | |
| CN112738105B (en) | Invitation registration method and device | |
| US9660981B2 (en) | Strong authentication method | |
| CN111698250A (en) | Access request processing method and device, electronic equipment and computer storage medium | |
| US11777942B2 (en) | Transfer of trust between authentication devices | |
| CN112966242A (en) | User name and password authentication method, device and equipment and readable storage medium | |
| CN111565179B (en) | Identity verification method and device, electronic equipment and storage medium | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| Gibbons et al. | Security evaluation of the OAuth 2.0 framework | |
| CN112653676A (en) | Identity authentication method and equipment of cross-authentication system | |
| JP7403430B2 (en) | Authentication device, authentication method and authentication program | |
| CN114079573B (en) | Router access method and router | |
| CN114090996A (en) | Multi-party system mutual trust authentication method and device | |
| JP2023073844A (en) | Authentication system, authentication terminal, and authentication program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210615 |
|
| RJ01 | Rejection of invention patent application after publication |