CN113329004B - Authentication method, system and device - Google Patents

Authentication method, system and device Download PDF

Info

Publication number
CN113329004B
CN113329004B CN202110571248.3A CN202110571248A CN113329004B CN 113329004 B CN113329004 B CN 113329004B CN 202110571248 A CN202110571248 A CN 202110571248A CN 113329004 B CN113329004 B CN 113329004B
Authority
CN
China
Prior art keywords
value
salt
user
server
account information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110571248.3A
Other languages
Chinese (zh)
Other versions
CN113329004A (en
Inventor
冷国强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN202110571248.3A priority Critical patent/CN113329004B/en
Publication of CN113329004A publication Critical patent/CN113329004A/en
Application granted granted Critical
Publication of CN113329004B publication Critical patent/CN113329004B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses an authentication method, an authentication system and an authentication device, wherein a second salt value is added in an authentication calculation process to resist replay attack and improve confidentiality and usability. The method comprises the following steps: sending a login request to a server, wherein the login request contains account information of a user; receiving a login request response sent by a server, wherein the login request response comprises a first salt value corresponding to account information and a second salt value randomly generated by the server; performing salt adding hash processing on the user information by using the first salt value to obtain a first salt value; the user information includes a password input by the user, or includes account information and a password; performing salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value; sending a verification request to a server, wherein the verification request comprises account information and a second salination value, and the second salination value is used for verifying the identity of a user by the server; and receiving a verification response sent by the server, wherein the verification response is used for indicating whether the verification of the user identity is successful or not.

Description

Authentication method, system and device
Technical Field
The present invention relates to the field of information security, and in particular, to an authentication method, system, and device.
Background
At present, a large number of internet of things devices are connected to a network, and the devices provide various services for people, so that the living aspects of people are influenced, the safety of the devices is particularly important, and the safety of the authentication process of the devices is ensured.
The current authentication modes are of various types, wherein the authentication modes based on the user name and the password are the authentication modes commonly used by the user at present, but the authentication modes have risks of revealing a plaintext password, violent cracking or colliding with a warehouse and the like. Therefore, the conventional authentication method is not high enough in security.
Disclosure of Invention
The embodiment of the application provides an authentication method, an authentication system and an authentication device, which are used for improving the security of an authentication process.
In a first aspect, an embodiment of the present application provides an authentication method, which is applied to a terminal device, including:
sending a login request to a server, wherein the login request comprises account information of a user;
receiving a login request response sent by the server, wherein the login request response comprises a first salt value corresponding to the account information and a second salt value randomly generated by the server;
performing salt adding hash processing on the user information by using the first salt value to obtain a first salt adding value; the user information includes at least one of the account information and a password entered by the user;
Performing salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value;
sending a verification request to the server, wherein the verification request comprises the account information and the second salination value, and the second salination value is used for verifying the user identity by the server;
and receiving a verification response sent by the server, wherein the verification response is used for indicating whether the verification of the user identity is successful or not.
Based on the scheme, the terminal equipment directly receives the first salt value and the second salt value from the server without receiving useless data, so that the bandwidth of data transmission is reduced, the suitability of the terminal equipment is improved, and the efficiency of data transmission is improved. And the second salt value in the scheme is randomly generated by the server, so that confidentiality can be improved. And the terminal equipment performs salt adding hash processing on the first salt adding value to obtain a second salt adding value on the basis of performing salt adding hash processing on the user information by using the first salt value, and sends the second salt adding value to the server, so that replay attack can be effectively resisted.
In one possible implementation, the method further includes:
Sending a registration request to the server, wherein the registration request is used for requesting to create an account of a user of the terminal equipment;
receiving the first salt value and a public key from the server, the first salt value being randomly generated by the server;
acquiring account information and a password input by the user;
performing salt adding hash processing on the user information by using the first salt value to obtain the first salt value; encrypting the first salified value by using the public key to obtain a first ciphertext;
and sending the first ciphertext to the server.
Based on the scheme, in the registration stage of the user, the server randomly generates a first salt value and sends the first salt value to the terminal equipment, wherein the first salt value is used for carrying out salt adding hash processing on the user information. The first salt value generated randomly can improve the attack difficulty and ensure the security of the password.
In one possible implementation manner, the login request response further includes calculating a round number, and performing salt hash processing on the user information by using the first salt value to obtain a first salt value, which specifically includes:
and using a first salt value, and performing the salt adding hash processing of the calculated round number on the password input by the user through a slow salt adding hash algorithm to obtain the first salt value.
Based on the scheme, the terminal equipment uses the first salt value to carry out the salt adding hash processing of the calculated round number on the user information to obtain the first salt value. The number of calculation rounds is increased in the process of processing the password, so that the calculation time consumption is increased, the time cost of an attacker is increased, the difficulty of password blasting is increased, and the safety of the password is ensured.
In a second aspect, the present application provides another authentication method, applied to a server, including:
receiving a login request sent by a terminal device, wherein the login request comprises account information of a user of the terminal device;
acquiring a first salt value corresponding to the account information from the stored user identity information, and randomly generating a second salt value;
sending a login response to the terminal equipment, wherein the login response comprises the first salt value and the second salt value;
receiving a verification request sent by a terminal device, wherein the verification request comprises the account information and a second salification value; the second salination value is generated by the terminal equipment by using the first salination value and the second salination value and is used for verifying the user identity;
acquiring a first salified value corresponding to the account information from the user identity information, and performing salification hash processing on the first salified value by using the second salified value to obtain a third salified value;
Obtaining a comparison result of the second salination value and the third salination value, wherein the comparison result indicates whether the verification of the user identity is successful or not;
and a verification response is sent to the terminal equipment, wherein the verification response is used for indicating whether the verification of the user identity is successful or not.
Based on the scheme, the server directly sends the first salt value and the second salt value to the terminal equipment, so that the bandwidth of data transmission is reduced, the adaptability is improved, and the efficiency of data transmission is improved. And the second salt value is randomly generated by the server, so that confidentiality can be improved. The server receives the second salinized value from the terminal equipment, generates a third salinized value according to the first salinized value stored by the server, and can ensure that replay attack cannot be realized even if an attacker intercepts the second salinized value by using the comparison of the third salinized value and the second salinized value.
In one possible implementation, the method further includes:
receiving a registration request from a terminal device, the registration request being for requesting creation of an account of a user of the terminal device;
randomly generating a first salt value and distributing a public key for the terminal equipment;
transmitting the first salt value and the public key to the terminal equipment, and receiving the account information and a first ciphertext from the terminal equipment;
And decrypting the first ciphertext by using a private key corresponding to the public key to obtain the first salified value, and storing the account information, the first salified value and the first salified value into the user identity information.
Based on the scheme, the server randomly generates the first salt value, so that the attack difficulty can be improved, and the security of the password is ensured.
In a possible implementation manner, the login response further comprises a calculation round number, and the calculation round number is used for generating a second salification value by the terminal device.
Based on the scheme, the number of calculation rounds is increased in the process of processing the password, the calculation time consumption is increased, the time cost of an attacker is increased, the difficulty of password blasting is increased, and the safety of the password is ensured.
In a third aspect, embodiments of the present application provide an authentication system, including:
the terminal equipment is used for receiving account information and passwords input by a user and sending a login request to the server, wherein the login request comprises the account information of the user;
the server is used for receiving the login request, acquiring a first salt value corresponding to the account information from the stored user identity information, randomly generating a second salt value, and sending a login response to the terminal equipment, wherein the login response comprises the first salt value and the second salt value;
The terminal equipment is also used for receiving a login response, and performing salt adding hash processing on the user information by using the first salt value to obtain a first salt adding value; performing salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value, and sending the second salt adding value and the account information to the server;
the server is further configured to receive the second salt adding value and the account information, obtain a first salt adding value corresponding to the account information from the user identity information, and perform salt adding hash processing on the first salt adding value by using the second salt value to obtain a third salt adding value; obtaining a comparison result of the second salination value and the third salination value, wherein the comparison result indicates whether the verification of the user identity is successful or not; and sending a verification response to the terminal device, where the verification response is used to indicate whether verification of the user identity is successful;
and the terminal equipment receives the verification response.
In a possible implementation manner, the terminal device is further configured to send a registration request to the server;
the server is further configured to receive the registration request, randomly generate the first salt value, acquire a public key, and send the first salt value and the public key to the terminal device;
The terminal equipment is also used for receiving the first salt value and the public key, and performing salt adding hash processing on the user information by using the first salt value to obtain the first salt adding value; encrypting the first salified value by using the public key to obtain a first ciphertext; and sending the first ciphertext to the server;
the server is further configured to receive the first ciphertext, decrypt the first ciphertext using a private key corresponding to the public key to obtain the first salified value, and store the account information, the first salified value, and the first salified value into the user identity information.
In one possible implementation manner, the login request response further includes calculating a round number, and when the terminal device performs a salifying hash process on the user information through a salifying hash algorithm according to using the first salt value to obtain the first salt value, the terminal device is specifically configured to:
and according to the first salt value, carrying out the salt adding hash processing of the calculated round number on the password input by the user through a slow salt adding hash algorithm to obtain the first salt value.
In a fourth aspect, an embodiment of the present application provides an authentication apparatus, which is applied to a terminal device, including:
The communication unit is used for sending a login request to the server, wherein the login request comprises account information of a user;
the communication unit is further used for receiving a login request response sent by the server, wherein the login request response comprises a first salt value corresponding to the account information and a second salt value randomly generated by the server;
the processing unit is used for carrying out salifying hash processing on the user information by using the first salt value to obtain a first salt value; wherein the user information includes a password input by the user, or includes the password and the account information;
the processing unit is further used for performing salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value;
the communication unit is further configured to send a verification request to the server, where the verification request includes the account information and the second salination value, and the second salination value is used for verifying the user identity by the server;
the communication unit is further configured to receive a verification response sent by the server, where the verification response is used to indicate whether verification of the user identity is successful.
In a possible implementation manner, the communication unit is further configured to send a registration request to the server, where the registration request is used to request creation of an account of a user of the terminal device; receiving the first salt value and a public key from the server, the first salt value being randomly generated by the server;
The processing unit is also used for acquiring account information and passwords input by the user;
the processing unit is further used for performing salification hash processing on the user information by using the first salt value to obtain the first salt value; encrypting the first salified value by using the public key to obtain a first ciphertext;
the communication unit is further configured to send the first ciphertext to the server.
In one possible implementation manner, the login request response further includes a calculation round number, and the processing unit is specifically configured to, when performing salt hash processing on the user information using the first salt value to obtain the first salt value:
and using a first salt value, and performing the salt adding hash processing of the calculated round number on the password input by the user through a slow salt adding hash algorithm to obtain the first salt value.
In a fifth aspect, embodiments of the present application provide another authentication apparatus, applied to a server, including:
the communication unit is used for receiving a login request sent by the terminal equipment, wherein the login request comprises account information of a user of the terminal equipment;
the processing unit is used for acquiring a first salt value corresponding to the account information from the stored user identity information and randomly generating a second salt value;
The communication unit is further configured to send a login response to the terminal device, where the login response includes the first salt value and the second salt value;
the communication unit is further used for receiving a verification request sent by the terminal equipment, wherein the verification request comprises the account information and a second salification value; the second salination value is generated by the terminal equipment by using the first salination value and the second salination value and is used for verifying the user identity;
the processing unit is further used for acquiring a first salified value corresponding to the account information from the user identity information, and performing salification hash processing on the first salified value by using the second salified value to obtain a third salified value;
the processing unit is further configured to obtain a comparison result of the second salination value and the third salination value, where the comparison result indicates whether verification of the user identity is successful;
the communication unit is further configured to send an authentication response to the terminal device, where the authentication response is used to indicate whether authentication of the user identity is successful.
In a possible implementation manner, the communication unit is further configured to receive a registration request from a terminal device, where the registration request is used to request creation of an account of a user of the terminal device;
The processing unit is further used for randomly generating a first salt value and distributing a public key for the terminal equipment;
the communication unit is further configured to send the first salt value and the public key to the terminal device, and receive the account information and the first ciphertext from the terminal device;
the processing unit is further configured to decrypt the first ciphertext by using a private key corresponding to the public key to obtain the first salified value, and store the account information, the first salified value, and the first salified value into the user identity information.
In a possible implementation manner, the login response further comprises a calculation round number, and the calculation round number is used for generating a second salification value by the terminal device.
In a sixth aspect, an electronic device is provided that includes a processor and a memory. The memory is used for storing computer-executable instructions, and the processor executes the computer-executable instructions in the memory to perform the operational steps of the method in any one of the possible implementations of the first aspect to the second aspect using hardware resources in the controller.
In a seventh aspect, the present application provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the methods of the above aspects.
In addition, the advantages of the third aspect to the seventh aspect may be referred to as those of the first aspect to the second aspect, and will not be described here.
Drawings
Fig. 1 is a schematic diagram of an authentication system architecture according to an embodiment of the present application;
fig. 2 is a schematic flow chart of an authentication method according to an embodiment of the present application;
FIG. 3A is a schematic diagram of an interface for determining a registration request according to an embodiment of the present application;
FIG. 3B is a schematic diagram of an interface for user input of information according to an embodiment of the present application;
FIG. 3C is a schematic diagram of an interface for notifying a user of successful registration according to an embodiment of the present application;
FIG. 4A is a schematic diagram of an interface for determining a login request according to an embodiment of the present application;
FIG. 4B is a schematic diagram of an interface for user input of information according to an embodiment of the present application;
FIG. 4C is a schematic diagram of an interface for notifying a user of successful login according to an embodiment of the present application;
fig. 4D is a schematic diagram of an interface for notifying a user of login failure according to an embodiment of the present application;
FIG. 5 is a flowchart of user registration according to an embodiment of the present application;
FIG. 6 is a flowchart of user login according to an embodiment of the present application;
Fig. 7 is a schematic structural diagram of an authentication device according to an embodiment of the present application;
fig. 8 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of promoting an understanding of the principles and advantages of the invention, reference will now be made in detail to the drawings and specific examples, some but not all of which are illustrated in the accompanying drawings. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The authentication mode adopted by the current user is generally to carry out authentication by inputting account information and a password, but the authentication method has the risks of revealing a plaintext password, colliding with a database, blasting and the like. The security of this authentication method is not high. The method for improving the security in the prior art is that the information such as a first salt value, a public key, the number of calculation rounds and the like is obtained from the source code of the page execution script, and the password is encrypted through a slow salt hash algorithm. However, by adopting the method, the terminal equipment needs to acquire all code sources for executing the script, and analyze the information such as the first salt value, the public key, the calculation round number and the like from the code sources, so that not only is the bandwidth of data transmission increased, but also a lot of useless data is received, and the adaptability is poor. In addition, in the prior art, a token field is added in the encrypted password to prevent replay attack, but the token field is possibly intercepted by an attacker, so that the risk of replay attack still exists by adopting the method. In view of this, the present application proposes an authentication method and apparatus, which randomly generates a first salt value, a public key, a calculation round number, and other information by a server, and sends the information to a terminal device to reduce the width of data transmission. And by adding the second salt value in the authentication calculation process, the replay attack is effectively resisted.
In order to facilitate understanding of the scheme proposed in the embodiment of the present application, first, a description will be given by taking a configuration diagram of the authentication system shown in fig. 1 as an example.
The authentication system architecture diagram shown in fig. 1 includes a terminal device 101 and a server 102. It should be noted that fig. 1 is only an example, and the number of terminal devices and servers is not limited in the embodiment of the present application.
The terminal device 101 related to the present application may be a Mobile Phone (Mobile Phone), a tablet computer, a notebook computer, a palm computer, a Mobile internet device (Mobile Internet Device, MID), an internet of things (internet of things, IOT) terminal, a wearable device, or the like. The wearable device may include, for example, a smart watch or smart glasses, a smart bracelet, or the like.
The server 102 according to the present application is configured to implement the following functions: information such as a first salt value, a public key, etc. necessary for providing the encrypted password to the terminal device, storing the encrypted password, verifying the accuracy of the authentication message inputted by the user, etc. The functions of the server according to the present application may be implemented by a server cluster, for example, the server cluster may include a server for providing data, a server for checking the accuracy of an authentication message, and the like. In the embodiment of the present application, each function is described by taking one server as an example.
In the following, for facilitating understanding of the authentication method proposed in the present application, referring to fig. 2, a specific method flowchart provided in an embodiment of the present application is shown.
201, the terminal device sends a login request to the server, wherein the login request contains account information of the user.
Specifically, the terminal device may acquire account information and password in response to an operation of inputting the account information and password by the user, and transmit a login request including the account information to the server. The account information may be a user name or a user's cell phone number or other information representing the identity of the user.
202, the server receives the account information and sends a first salt value corresponding to the account information and a second salt value randomly generated by the server to the terminal equipment.
In one possible manner, the server may obtain a first salt value corresponding to the account information in the user identity information. Wherein the information stored in the user identity information may be stored during a user registration phase. Alternatively, the terminal device may send a registration request to the server when the user of the terminal device registers. The server may randomly generate a first salt value and acquire a public key after receiving the registration request, and send the first salt value and the public key to the terminal device. The terminal device may perform salt hash processing on the user information by using the first salt value to obtain a first salt value, encrypt the first salt value by using the public key to obtain a first ciphertext, and send the first ciphertext to the server. Wherein the user information includes a password entered by the user, or includes the password and the account information. For convenience of description, description will be given below taking an example in which user information includes password and account information. After the server receives the first ciphertext, the first ciphertext can be decrypted by using a private key corresponding to the public key to obtain a first salified value, and the account information of the user, the first salified value and the first salified value are stored in the user identity information.
After the server obtains the first salt value from the user identity information, a second salt value can be randomly generated, and the second salt value can be any character string. Further, the server may transmit the second salt value generated randomly and the first salt value corresponding to the account information to the terminal device.
Since the server transmits both the first salt and the second salt to the terminal device, the server may also add an identification to the first salt and the second salt before transmission to distinguish the two salts.
And 203, the terminal equipment uses the first salt value to carry out salt adding hash processing on the user information to obtain the first salt value.
Specifically, after receiving the first salt value, the terminal device may perform a salt hash process on the user information received in step 201 through a salt hash algorithm, to obtain the first salt value.
In a possible manner, in step 202, the server may also send the number of calculation rounds to the terminal device, where N is N, N is greater than or equal to 1. After the terminal equipment receives the calculated round number, the first salt value can be used for carrying out N rounds of salt adding hash processing on the user information, so that the first salt adding value is obtained. For example, the user information is XY123, and 1760 qq & abc is obtained after the first round of processing, and then the salt hash processing is performed on 1760 qq & abc, and this is repeated N times. As a possible way, the number of calculation rounds may be set by the server according to different service scenarios, for example, the server may set the number of calculation rounds to 10 in the service of WeChat login. In the WeChat payment service, the server can set the number of calculation rounds to 12 because the confidentiality requirement of the service is higher than that of the WeChat login service. That is, the higher the number of calculation rounds, the higher the confidentiality. The server can set different calculation round numbers according to specific requirements of different service scenes.
And 204, the terminal equipment uses the second salt value to carry out salt adding hash processing on the first salt adding value to obtain the second salt adding value.
And 205, the terminal equipment sends account information and the second salification value to the server.
206, the server obtains the first salinized value from the user identity information, and processes the first salinized value according to the second salinized value through a salinized hash algorithm to obtain a third salinized value.
Alternatively, the server may obtain the first salified value from the user identity information according to the account information. And performing salt adding hash processing on the obtained first salt adding value by using the second salt value to obtain a third salt adding value.
207, the server obtains a comparison result of the second salination value and the third salination value.
Wherein the comparison result may indicate whether the user authentication was successful. As an example, the server may compare the second salinized value with the third salinized value to obtain a comparison result, and if the comparison result indicates that the second salinized value is the same as the third salinized value, then indicate that the user authentication is successful; and if the comparison result indicates that the second salination value is different from the third salination value, indicating that the user identity verification fails.
208, the server sends a verification response to the terminal device.
The authentication response is used to indicate whether the authentication of the user was successful.
Embodiments of the present application will be described in further detail below with reference to different scenarios. In order to facilitate understanding of the authentication method proposed in the present application, a process of creating authentication information, that is, a process of user registration, will be described first. The process of user registration is described below in connection with a specific scenario.
Scene one: user registration process.
First, the terminal device may determine that the user needs to register in response to an operation of the user, and transmit a registration request to the server. For example, the terminal device may transmit the registration request to the server in response to a touch operation of the user on the display interface as shown in fig. 3A. In one possible manner, the server may randomly generate a salt value for processing the user information after receiving the registration request, and the salt value will be referred to as a first salt value for convenience of description. It should be noted that, in the embodiment of the present application, the first salt values generated by the server are different each time.
Further, the server may also generate a public key and a calculation round number, and may send the public key and the calculation round number and the first salt value to the terminal device. Of course, the server may only transmit the public key and the first salt, and in this scenario, the public key, the calculation round number and the first salt are transmitted by the server. After the terminal device receives the public key, the calculation round number and the first salt value, the calculation round number can be checked first to determine whether the calculation round number is valid. As an example, the server may set different calculation round numbers for different service scenarios, where the higher the calculation round number, the higher the security. For example, the security required for a user to register a certain banking software and a certain video software is different, and then the corresponding server sets a different number of computing rounds to achieve the purpose of ensuring security without affecting the user's experience because it takes too much time. Alternatively, the terminal device may pre-define a valid range of the number of calculation rounds set for the unused service scenario with the server, and check whether the number of calculation rounds is within the valid range after receiving the number of calculation rounds from the server, and if not, may resend the registration request to the server. If so, a display interface for the user to enter account information and passwords may be displayed in the display screen. It should be noted that, the information input by the user may not only be account information and password, but also include information such as the gender of the user and the identification card number. In this scenario, the information input by the user is described by taking account information and a password as examples. For example, see the display interface shown in fig. 3B. Still further, the terminal device may obtain the account information and the password in response to the user's operation of inputting the account information and the password in the display interface as shown in fig. 3B, and may perform the salt hash processing of the number of calculation rounds on the user information using the first salt value from the server to obtain the first salt value. Optionally, the terminal device may further encrypt the first salified value by using a public key from the server to obtain a first ciphertext. And the terminal device can send the first ciphertext and the account information of the user to the server. After receiving the first ciphertext, the server may decrypt the first ciphertext using a private key corresponding to the public key to obtain a first salified value, and may store the first salified value, the account information of the user, and the first salified value in the user identity information. And a notification message of successful registration is returned to the terminal equipment, and the terminal equipment can display an interface of successful registration in a display screen after receiving the notification message so as to notify the user of successful registration. For example, see the display interface shown in fig. 3C.
The above is an introduction to the registration process of the user, and the authentication process will be further described below. The authentication process may be a process of logging in by the user, or may be a process of inputting a password when the user performs a certain service, and authenticating the password, for example, a scene of inputting a payment password when the user pays. The login process of the user will be described below with reference to a specific scenario.
Scene II: a user login procedure.
First, the terminal device determines that the user needs to log in response to the operation of the user in the display interface. For example, referring to the display interface shown in fig. 4A, the terminal device determines that the user needs to perform a login operation in response to a click operation by the user in the display interface shown in fig. 4A, and may display a display interface for the user to input account information and a password in the display screen, for example, referring to the display interface shown in fig. 4B. The terminal device may acquire the account information and password of the user in response to the user inputting the account information and password in the display interface as shown in fig. 4B, and may transmit the account information of the user to the server. After receiving the account information of the user, the server may acquire a first salt value corresponding to the account information from the user identity information, and may randomly generate a second salt value. It should be noted that, in the embodiment of the present application, the second salt value generated by the server is different each time.
Further, the server may send the randomly generated second salt value, first salt value, and the calculated number of rounds to the terminal device. And since the server sends two salt values to the terminal device, the two salt values can be identified for distinguishing the two salt values. For example, if the second salt value is used only to perform the saliency hashing algorithm, an identification of the saliency hashing algorithm may be added to the second salt value. Thus, when the terminal device receives two salt values and calculates the number of rounds, it can determine that the first salt value is used to perform the slow salt hash algorithm and the second salt value is used to perform the salt hash algorithm. The terminal device may use the first salt value to perform a salt hash process for calculating the number of rounds on the user information to obtain the first salt value. And the second salt value may be further obtained by performing salt hash processing on the first salt value using the second salt value. After the second salination value is obtained, the terminal equipment can send the second salination value and account information of the user to the server for user identity verification. The server may first obtain a first salified value in the user identity information according to the received account information, and perform salifying hash processing on the first salified value according to the second salified value to obtain a third salified value. Still further, the server may compare whether the second salt added value is the same as the third salt added value, if so, determine that the user authentication is successful, send a notification message of successful authentication to the terminal device, and after receiving the notification message, the terminal device may display a display interface for prompting the user that the authentication is successful in a display screen, for example, see a display interface shown in fig. 4C. Otherwise, if the server determines that the second salination value is different from the third salination value, it determines that the authentication of the user fails, and a notification message of the authentication failure may be sent to the terminal device, and after the terminal device receives the notification message, a display interface for prompting the user that the authentication fails may be displayed in the display screen, for example, see a display interface shown in fig. 4D.
The user registration and user login processes are introduced in combination with specific scenes respectively. In order to further understand the scheme proposed in the present application, a specific embodiment is described below to describe the authentication method proposed in the present application. Also, for convenience of description, a procedure of user registration will be described first in one specific flow. Referring to fig. 5, a flowchart of user registration provided in an embodiment of the present application is shown, which specifically includes:
501, the terminal device receives a registration request of a user and sends the registration request to a server.
502, after receiving the registration request, the server randomly generates a first salt value R1, a public key Pub and a calculation round number N.
It should be noted that, in the embodiment of the present application, the first salt value generated by the server is different each time.
The calculation round number is generated by the server according to different business scenes. Different business scenarios may correspond to the same number of computing rounds, or may correspond to different numbers of computing rounds.
503, the server sends the first salt R1, the public key Pub and the number of rounds of calculation N to the terminal device.
Wherein N is a positive integer greater than or equal to 1.
504, the terminal device receives the first salt value R1, the public key Pub and the calculation round number N from the server, receives account information U and the password P input by the user, and processes the password P and the account information U to obtain a first salt adding value H1. Alternatively, the terminal device may process only the password P. In this embodiment, the terminal device is taken as an example to process the password P and the account information U.
Optionally, after receiving the number of rounds N, the terminal device may further check N to determine that N is within the normal range. The normal range here may be that the terminal device agrees with the server according to different service scenarios.
Further, the terminal device may perform N rounds of processing on the password and the account information U by using a slow salt adding hash algorithm according to the received first salt value R1 to obtain a first salt value H1. For example, referring to the slow salt hash algorithm as F, the first salt value H1 can be obtained by the following equation (1):
H1=F(U,P,R1,N) (1)
505, the terminal device encrypts the first salified value by using the public key Pub to obtain a first ciphertext Eh1.
The terminal device sends 506 the account information of the user and the first ciphertext Eh1 to the server.
507, the server decrypts the first ciphertext Eh1 using a private key Pri corresponding to the public key Pub to obtain a first salified value H1.
508, the server stores the account information U, the first salt R1 and the first salt H1 of the user in an associated manner.
509, the server sends a notification message to the terminal device that the registration was successful.
The above embodiment describes the user registration process in detail, and the following describes the user registration process in a specific embodiment. Referring to fig. 6, a flowchart of a login procedure provided in an embodiment of the present application is shown, which specifically includes:
601, the terminal device receives account information U and a password P input by a user.
602, the terminal device sends a login request to the server, wherein the login request comprises account information U of a user.
603, the server obtains the first salt value R1 stored in the user registration stage according to the account information U, and randomly generates the second salt value R2.
The server may also add an identifier of "salifying hash algorithm" to the second salt value R2 for distinguishing R1, and inform the terminal device R2 that the salt value is for executing the salifying hash algorithm.
The server sends 604 the first salt value R1, the second salt value R2 and the number of calculation rounds N to the terminal device.
605, the terminal equipment obtains a first salt adding value H1 by carrying out N rounds of processing on the password P and the account information U through a slow salt adding hash algorithm according to the first salt value R1. Alternatively, the terminal device may perform N rounds of processing on the password P, and in this embodiment, the terminal device performs N rounds of processing on the password P and the account information U is described as an example.
Optionally, after receiving the number of rounds N, the terminal device may further check N to determine that N is within the normal range. The normal range here may be that the terminal device agrees with the server according to different service scenarios.
Further, the terminal device determines that the first salt value R1 is a salt value for executing a slow salt adding hash algorithm according to the identifier of the second salt value R2, and then according to R1, performs N rounds of processing on the password P and the account information U through the slow salt adding hash algorithm to obtain a first salt adding value H1. For example, by noting the slow salt hash algorithm as F1, H1 can be obtained by the method of the following formula (2):
H1=F1(U,P,R1,N) (2)
606, the terminal device processes the first salified value H1 according to the second salified value R2 through a salified hash algorithm to obtain a second salified value H2.
By way of example, referring to the salt hashing algorithm as F2, H2 may be obtained by the method of equation (3) below:
H2=F2(H1,R2) (3)
further, the formula (2) may be combined, and H2 may be obtained by the method of the following formula (4):
H2=F2[F1(U,P,R1,N),R2] (4)
607, the terminal device sends the second salified value H2 and the account information of the user to the server.
The server obtains 608 the first salified value H1 stored in the user registration stage according to the account information of the user.
609, the server processes the first salified value H1 according to R2 by a salified hash algorithm to obtain a third salified value H3.
And 610, the server verifies the identity of the user according to the comparison result of the second salification value H2 and the third salification value H3, and a verification result is generated.
Specifically, if the server determines that H2 is the same as H3, the generated verification result indicates that the user authentication is successful; if the server judges that H2 and H3 are different, the generated verification result indicates that the user identity verification fails.
611, the server transmits the verification result to the terminal device.
Based on the same concept as the above method, the embodiment of the present application further provides an authentication apparatus 700, as shown in fig. 7. The authentication device 700 is capable of performing the various steps of the method described above, and will not be described in detail herein in order to avoid repetition. The authentication apparatus 700 includes: communication unit 701, processing unit 702.
In one possible scenario:
a communication unit 701, configured to send a login request to a server, where the login request includes account information of a user;
the communication unit 701 is further configured to receive a login request response sent by the server, where the login request response includes a first salt value corresponding to the account information and a second salt value randomly generated by the server;
a processing unit 702, configured to perform salt hashing processing on the user information by using the first salt value to obtain a first salt value;
the processing unit 702 is further configured to perform salt hashing on the first salt value with the second salt value to obtain a second salt value;
The communication unit 701 is further configured to send a verification request to the server, where the verification request includes the account information and the second salified value, and the second salified value is used for verifying the user identity by the server;
the communication unit 701 is further configured to receive an authentication response sent by the server, where the authentication response is used to indicate whether authentication of the user identity is successful.
In a possible implementation manner, the communication unit 701 is further configured to send a registration request to the server, where the registration request is used to request creation of an account of a user of the terminal device; receiving the first salt value and a public key from the server, the first salt value being randomly generated by the server;
the processing unit 702 is further configured to obtain account information and a password input by the user;
the processing unit 702 is further configured to perform salt hashing on the user information by using the first salt value to obtain the first salt value; encrypting the first salified value by using the public key to obtain a first ciphertext;
the communication unit 701 is further configured to send the first ciphertext to the server.
In a possible implementation manner, the login request response further includes calculating a round number, and the processing unit 702 is specifically configured to, when performing a salifying hash process on the password input by the user using the first salt value to obtain the first salt value:
and using a first salt value, and carrying out the salt adding hash processing of the calculated round number on the user information through a slow salt adding hash algorithm to obtain the first salt value.
In another possible scenario:
a communication unit 701, configured to receive a login request sent by a terminal device, where the login request includes account information of a user of the terminal device;
the processing unit 702 is configured to obtain a first salt value corresponding to the account information from the stored user identity information, and randomly generate a second salt value;
the communication unit 701 is further configured to send a login response to the terminal device, where the login response includes the first salt value and the second salt value;
the communication unit 701 is further configured to receive a verification request sent by a terminal device, where the verification request includes the account information and a second salified value; the second salination value is generated by the terminal equipment by using the first salination value and the second salination value and is used for verifying the user identity;
The processing unit 702 is further configured to obtain a first salified value corresponding to the account information from the user identity information, and perform salifying hash processing on the first salified value by using the second salified value to obtain a third salified value;
the processing unit 702 is further configured to obtain a comparison result of the second salination value and the third salination value, where the comparison result indicates whether the verification of the user identity is successful;
the communication unit 701 is further configured to send an authentication response to the terminal device, where the authentication response is used to indicate whether the authentication of the user identity is successful.
In a possible implementation manner, the communication unit 701 is further configured to receive a registration request from a terminal device, where the registration request is used to request creation of an account of a user of the terminal device;
the processing unit 702 is further configured to randomly generate a first salt value and allocate a public key to the terminal device;
the communication unit 701 is further configured to send the first salt value and the public key to the terminal device, and receive the account information and a first ciphertext from the terminal device;
the processing unit 702 is further configured to decrypt the first ciphertext using a private key corresponding to the public key to obtain the first salified value, and store the account information, the first salified value, and the first salified value in the user identity information.
In a possible implementation manner, the login response further comprises a calculation round number, and the calculation round number is used for generating a second salification value by the terminal device.
Fig. 8 is a schematic structural diagram of an electronic device for implementing an authentication function according to an embodiment of the present application. The electronic device in the embodiment of the present application may include a processor 801, a memory 802, and a communication interface 803, where the communication interface 803 is, for example, a network port, and the electronic device may transmit data through the communication interface 803.
In the embodiment of the present application, the memory 802 stores instructions executable by the at least one processor 801, and the at least one processor 801 may be configured to execute the steps executed by the test control platform by executing the instructions stored in the memory 802.
The processor 801 is a control center of the electronic device, among other things, and may connect various parts of the overall electronic device using various interfaces and lines, by executing or executing instructions stored in the memory 802 and invoking data stored in the memory 802. Alternatively, the processor 801 may include one or more processing units, and the processor 801 may integrate an application processor that primarily processes operating systems and application programs, etc., with a modem processor that primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 801. In some embodiments, processor 801 and memory 802 may be implemented on the same chip, or they may be implemented separately on separate chips in some embodiments.
The processor 801 may be a general purpose processor such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, and may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps performed by the test control platform disclosed in connection with the embodiments of the present application may be performed directly by a hardware processor, or may be performed by a combination of hardware and software modules in the processor.
Memory 802, as a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 802 may include at least one type of storage medium, which may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory), magnetic Memory, magnetic disk, optical disk, and the like. Memory 802 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 802 in the embodiments of the present application may also be circuitry or any other device capable of implementing a memory function for storing program instructions and/or data.
By programming the processor 801, for example, the code corresponding to the test method described in the foregoing embodiment may be cured into the chip, so that the chip can execute the steps of the neural network model training method when running, and how to program the processor 801 is a technology known to those skilled in the art will not be repeated here.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (8)

1. An authentication method, applied to a terminal device, the method comprising:
sending a login request to a server, wherein the login request comprises account information of a user;
Receiving a login request response sent by the server, wherein the login request response comprises a first salt value corresponding to the account information, a second salt value randomly generated by the server and a calculation round number;
performing salt adding hash processing on the user information by using the first salt value to obtain a first salt adding value; the method specifically comprises the following steps:
using a first salt value, and carrying out salt adding hash processing of the calculated round number on the user information through a slow salt adding hash algorithm to obtain the first salt value; the user information comprises a password input by the user or comprises the password and the account information;
performing salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value;
sending a verification request to the server, wherein the verification request comprises the account information and the second salinized value, and the second salinized value is used for verifying the user identity by the server according to the second salinized value and the stored first salinized value;
and receiving a verification response sent by the server, wherein the verification response is used for indicating whether the verification of the user identity is successful or not.
2. The method of claim 1, wherein the method further comprises:
Sending a registration request to the server, wherein the registration request is used for requesting to create an account of a user of the terminal equipment;
receiving the first salt value and a public key from the server, the first salt value being randomly generated by the server;
acquiring account information and a password input by the user;
performing salt adding hash processing on the user information by using the first salt value to obtain the first salt value; encrypting the first salified value by using the public key to obtain a first ciphertext;
and sending the first ciphertext to the server.
3. An authentication method, applied to a server, the method comprising:
receiving a login request sent by a terminal device, wherein the login request comprises account information of a user of the terminal device;
acquiring a first salt value and a calculated round number corresponding to the account information from the stored user identity information, and randomly generating a second salt value;
sending a login response to the terminal equipment, wherein the login response comprises the first salt value, the second salt value and the calculated round number;
receiving a verification request sent by a terminal device, wherein the verification request comprises the account information and a second salification value; the second salifying value is generated by the terminal equipment by using the first salifying value, the calculation round number and the second salifying value and is used for verifying the identity of the user;
Acquiring a first salified value corresponding to the account information from the user identity information, and performing salification hash processing on the first salified value by using the second salified value to obtain a third salified value;
obtaining a comparison result of the second salination value and the third salination value, wherein the comparison result indicates whether the verification of the user identity is successful or not;
and a verification response is sent to the terminal equipment, wherein the verification response is used for indicating whether the verification of the user identity is successful or not.
4. A method as claimed in claim 3, wherein the method further comprises:
receiving a registration request from a terminal device, the registration request being for requesting creation of an account of a user of the terminal device;
randomly generating a first salt value and distributing a public key for the terminal equipment;
transmitting the first salt value and the public key to the terminal equipment, and receiving the account information and a first ciphertext from the terminal equipment;
and decrypting the first ciphertext by using a private key corresponding to the public key to obtain the first salified value, and storing the account information, the first salified value and the first salified value into the user identity information.
5. An authentication system, comprising:
the terminal equipment is used for receiving account information and passwords input by a user and sending a login request to the server, wherein the login request comprises the account information of the user;
the server is used for receiving the login request, acquiring a first salt value and a calculation round number corresponding to the account information from the stored user identity information, randomly generating a second salt value, and sending a login response to the terminal equipment, wherein the login response comprises the first salt value, the calculation round number and the second salt value;
the terminal equipment is also used for receiving a login response, and performing salt adding hash processing on the user information by using the first salt value to obtain a first salt value; the method is particularly used for:
according to the first salt value, carrying out the salt adding hash processing of the calculated round number on the password input by the user through a slow salt adding hash algorithm to obtain the first salt value;
the terminal equipment is further used for carrying out salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value, and sending the second salt adding value and the account information to the server; wherein the user information includes a password input by the user, or includes the password and the account information;
The server is further configured to receive the second salt adding value and the account information, obtain a first salt adding value corresponding to the account information from the user identity information, and perform salt adding hash processing on the first salt adding value by using the second salt value to obtain a third salt adding value; obtaining a comparison result of the second salination value and the third salination value, wherein the comparison result indicates whether the verification of the user identity is successful or not; and sending a verification response to the terminal device, where the verification response is used to indicate whether verification of the user identity is successful;
and the terminal equipment receives the verification response.
6. An authentication apparatus, applied to a terminal device, comprising:
the communication unit is used for sending a login request to the server, wherein the login request comprises account information of a user;
the communication unit is further used for receiving a login request response sent by the server, wherein the login request response comprises a first salt value corresponding to the account information, a second salt value randomly generated by the server and a calculation round number;
the processing unit is used for carrying out salifying hash processing on the user information by using the first salt value to obtain a first salt value; the method is particularly used for:
Using a first salt value, and carrying out salt adding hash processing of the calculated round number on the user information through a slow salt adding hash algorithm to obtain the first salt value; the user information comprises a password input by the user or comprises the password and the account information;
the processing unit is further used for performing salt adding hash processing on the first salt adding value by using the second salt value to obtain a second salt adding value;
the communication unit is further configured to send a verification request to the server, where the verification request includes the account information and the second salinized value, and the second salinized value is used for verifying the user identity by the server according to the second salinized value and the stored first salinized value;
the communication unit is further configured to receive a verification response sent by the server, where the verification response is used to indicate whether verification of the user identity is successful.
7. An authentication apparatus, applied to a server, comprising:
the communication unit is used for receiving a login request sent by the terminal equipment, wherein the login request comprises account information of a user of the terminal equipment;
the processing unit is used for acquiring a first salt value corresponding to the account information from the stored user identity information and randomly generating a second salt value;
The communication unit is further configured to send a login response to the terminal device, where the login response includes the first salt value, the calculated number of rounds, and the second salt value;
the communication unit is further used for receiving a verification request sent by the terminal equipment, wherein the verification request comprises the account information and a second salification value; the second salifying value is generated by the terminal equipment by using the first salifying value, the calculation round number and the second salifying value and is used for verifying the identity of the user;
the processing unit is further used for acquiring a first salified value corresponding to the account information from the user identity information, and performing salification hash processing on the first salified value by using the second salified value to obtain a third salified value;
the processing unit is further configured to obtain a comparison result of the second salination value and the third salination value, where the comparison result indicates whether verification of the user identity is successful;
the communication unit is further configured to send an authentication response to the terminal device, where the authentication response is used to indicate whether authentication of the user identity is successful.
8. A computer readable storage medium storing computer executable instructions which, when invoked by a computer, cause the computer to perform the method of any one of claims 1-4.
CN202110571248.3A 2021-05-25 2021-05-25 Authentication method, system and device Active CN113329004B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110571248.3A CN113329004B (en) 2021-05-25 2021-05-25 Authentication method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110571248.3A CN113329004B (en) 2021-05-25 2021-05-25 Authentication method, system and device

Publications (2)

Publication Number Publication Date
CN113329004A CN113329004A (en) 2021-08-31
CN113329004B true CN113329004B (en) 2023-04-28

Family

ID=77416665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110571248.3A Active CN113329004B (en) 2021-05-25 2021-05-25 Authentication method, system and device

Country Status (1)

Country Link
CN (1) CN113329004B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244522B (en) * 2021-12-09 2024-05-03 山石网科通信技术股份有限公司 Information protection method, device, electronic equipment and computer readable storage medium
CN114500055B (en) * 2022-01-27 2023-06-27 建信金融科技有限责任公司 Password verification method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107454048A (en) * 2016-06-01 2017-12-08 腾讯科技(深圳)有限公司 The processing method and processing device of information, the authentication method of information, apparatus and system
CN108111310A (en) * 2017-03-09 2018-06-01 张长富 A kind of generation method and device of candidate password dictionary
CN109981285A (en) * 2019-03-11 2019-07-05 北京纬百科技有限公司 A kind of password protection method, password method of calibration and system
CN111538983A (en) * 2020-07-03 2020-08-14 杭州摸象大数据科技有限公司 User password generation method and device, computer equipment and storage medium
CN111563251A (en) * 2020-07-15 2020-08-21 腾讯科技(深圳)有限公司 Encryption method and related device for private information in terminal equipment
US10956560B1 (en) * 2014-08-01 2021-03-23 State Farm Mutual Automobile Insurance Company System and method for improving the security of stored passwords for an organization

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9253199B2 (en) * 2010-09-09 2016-02-02 Red Hat, Inc. Verifying authenticity of a sender of an electronic message sent to a recipient using message salt
CN109075968A (en) * 2016-03-08 2018-12-21 马维尔国际贸易有限公司 Method and apparatus for safety equipment certification
CN106060078B (en) * 2016-07-11 2019-01-01 浪潮(北京)电子信息产业有限公司 User information encryption method, register method and verification method applied to cloud platform
CN112565156B (en) * 2019-09-10 2023-06-27 北京京东尚科信息技术有限公司 Information registration method, device and system
US10790967B1 (en) * 2019-11-18 2020-09-29 Capital One Services, Llc Server side authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10956560B1 (en) * 2014-08-01 2021-03-23 State Farm Mutual Automobile Insurance Company System and method for improving the security of stored passwords for an organization
CN107454048A (en) * 2016-06-01 2017-12-08 腾讯科技(深圳)有限公司 The processing method and processing device of information, the authentication method of information, apparatus and system
CN108111310A (en) * 2017-03-09 2018-06-01 张长富 A kind of generation method and device of candidate password dictionary
CN109981285A (en) * 2019-03-11 2019-07-05 北京纬百科技有限公司 A kind of password protection method, password method of calibration and system
CN111538983A (en) * 2020-07-03 2020-08-14 杭州摸象大数据科技有限公司 User password generation method and device, computer equipment and storage medium
CN111563251A (en) * 2020-07-15 2020-08-21 腾讯科技(深圳)有限公司 Encryption method and related device for private information in terminal equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
编委会.电子商务实务.2007,第143-145页. *

Also Published As

Publication number Publication date
CN113329004A (en) 2021-08-31

Similar Documents

Publication Publication Date Title
EP3319292B1 (en) Methods, client and server for checking security based on biometric features
CN111708991B (en) Service authorization method, device, computer equipment and storage medium
US9722794B2 (en) System and method for remote access, remote digital signature
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN111625829A (en) Application activation method and device based on trusted execution environment
EP3206329B1 (en) Security check method, device, terminal and server
CN103095457A (en) Login and verification method for application program
CN113329004B (en) Authentication method, system and device
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN111131300B (en) Communication method, terminal and server
CN111130798B (en) Request authentication method and related equipment
CN115242553B (en) Data exchange method and system supporting safe multi-party calculation
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN113553572A (en) Resource information acquisition method and device, computer equipment and storage medium
CN108449322B (en) Identity registration and authentication method, system and related equipment
CN114143108A (en) Session encryption method, device, equipment and storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN117807567A (en) Software function authorization method and device
CN113127844A (en) Variable access method, device, system, equipment and medium
Rossudowski et al. A security privacy aware architecture and protocol for a single smart card used for multiple services
CN113127818A (en) Block chain-based data authorization method and device and readable storage medium
CN115567297A (en) Cross-site request data processing method and device
CN112150151B (en) Secure payment method, apparatus, electronic device and storage medium
CN114065170A (en) Method and device for acquiring platform identity certificate and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant