CN113938283A - Code scanning login method, system, device, electronic equipment and storage medium - Google Patents

Code scanning login method, system, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113938283A
CN113938283A CN202111199908.6A CN202111199908A CN113938283A CN 113938283 A CN113938283 A CN 113938283A CN 202111199908 A CN202111199908 A CN 202111199908A CN 113938283 A CN113938283 A CN 113938283A
Authority
CN
China
Prior art keywords
ssid
server
login
client
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111199908.6A
Other languages
Chinese (zh)
Other versions
CN113938283B (en
Inventor
刘亮
朱敏
鲁锦伸
孙谦
林晨
朱义林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhenjinag Klockner Moeller Electrical Systems Co ltd
Daqo Group Co Ltd
Nanjing Daqo Electrical Institute Co Ltd
Original Assignee
Zhenjinag Klockner Moeller Electrical Systems Co ltd
Nanjing Daqo Electrical Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhenjinag Klockner Moeller Electrical Systems Co ltd, Nanjing Daqo Electrical Institute Co Ltd filed Critical Zhenjinag Klockner Moeller Electrical Systems Co ltd
Priority to CN202111199908.6A priority Critical patent/CN113938283B/en
Publication of CN113938283A publication Critical patent/CN113938283A/en
Application granted granted Critical
Publication of CN113938283B publication Critical patent/CN113938283B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/14Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
    • G06K7/1404Methods for optical code recognition
    • G06K7/1408Methods for optical code recognition the method being specifically adapted for the type of code
    • G06K7/14172D bar codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of data processing systems, in particular to a code scanning login method, a system, a device, electronic equipment and a storage medium, wherein the method comprises the steps of logging in a mobile client to start a scanning function based on an authorization device, including an SSID (service set identifier) in a login verification window period in a two-dimensional code displayed by a browser client, sending the SSID in two-dimensional code information from the mobile terminal client to a server after digitally signing the SSID, matching the SSID with a corresponding SSID in the server after digitally signing the SSID, and controlling the browser to jump to a corresponding operation page to realize access to the server after matching is completed; by the mode, the leakage of user login information is avoided; in addition, the authorization information gold of the mobile terminal client transmits the irreversible digital signature of the SSID, the clear text of the SSID does not appear, and the security risk brought by the association of the authorization information and the SSID in network transmission is avoided.

Description

Code scanning login method, system, device, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of data processing systems, in particular to a code scanning login method, a code scanning login system, a code scanning login device, electronic equipment and a storage medium.
Background
Code scanning login is increasingly favored by users as a convenient login mode, and the users only need to scan the two-dimensional code of the interface to be logged in and can enter the system to be logged in after authorization;
in the related technology, a user logs in a system in a code scanning mode, the user needs to log in on a mobile terminal firstly, then a two-dimensional code of a webpage login page is scanned by using a code scanning function of a mobile terminal client side to obtain a login identification of the webpage, then the mobile terminal transmits the logged-in user information and the webpage identification to a server in an interface mode, the server judges that the user information is correct, then the user information is sent to a specified webpage client side through the webpage identification, the user information is automatically loaded into the user information login system after the user information is obtained by logging in the webpage, and then a code scanning login process is completed.
In the above manner, the user needs to transmit the login information of the user for many times during each code scanning login, the security of the information transmission process is low, and the user can easily crack the information through the modes of library collision, message interception and the like, so that the security of the user information cannot be guaranteed. In addition, the verification method only audits the login information of the user, and does not audit the terminal equipment for the user to perform code scanning operation, that is, theoretically, the user can log in any mobile terminal, and the method cannot meet the requirement of high security.
The information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art that is known to a person skilled in the art.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a code scanning login method, a system, a device, an electronic device and a storage medium are provided, and the security of code scanning login is improved.
In order to achieve the purpose, the invention adopts the technical scheme that:
in a first aspect, the present invention provides a code scanning login method, which is applied to a mobile terminal client, a browser client and a server, and comprises the following steps:
the browser client accesses the server and sends an SSID distribution request;
after receiving the SSID distribution request, the server generates an SSID and sends the SSID to the browser client, and stores the SSID in a login verification queue;
after receiving SSID information sent by a server, a browser client displays a two-dimensional code containing the SSID information;
after acquiring correct login information of a user, a mobile terminal client starts a scanning function to acquire SSID information in the two-dimensional code, digital signature is carried out on the SSID information by using a unique device code (MID) of the mobile terminal client to generate SIG, a device ID of the mobile terminal client and the SIG are sent to a server, and the device ID is used for searching for an authorized MID in the server;
after receiving the device ID and the SIG, the server searches for a matched MID, digitally signs the SSID in the login verification queue after matching, searches for a matching item with the sent SIG, adjusts the SSID state in the queue to be authorized if the matching item is found, generates an authorization token, and sends the authorization token to the browser client;
and the browser client skips to an operation page after receiving the authorization token and uses the authorization token to access the server.
Further, after the browser client displays the two-dimensional code containing the SSID information, a login request is periodically sent to the server;
after the server generates an SSID and sends the SSID to the browser client, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client;
and when a matching item with the uploaded SIG is searched, if the verification login countdown is ended, sending an invalid SSID to the mobile terminal client, and removing the SSID in the queue.
In a second aspect, the present invention provides a code scanning login system, including: the system comprises a mobile terminal client, a browser client and a server, wherein the mobile terminal client is in communication connection with the server, and the browser client is in communication connection with the server;
the browser client is used for accessing a server and sending an SSID distribution request, and the server is used for generating the SSID and sending the SSID to the browser client after receiving the SSID distribution request and storing the SSID into a login verification queue; the browser client displays a two-dimensional code containing SSID information after receiving the SSID information sent by the server;
the mobile terminal client is used for starting a scanning function to acquire SSID information in the two-dimensional code after acquiring correct login information of a user, digitally signing the SSID information by using a unique device code (MID) of the mobile terminal client, generating SIG, and sending a device ID of the mobile terminal client and the SIG to a server, wherein the device ID is used for searching for an authorized MID in the server;
the server is used for searching for a matched MID after receiving the equipment ID and the SIG, performing digital signature on the SSID in the login verification queue after matching, searching for a matching item with the uploaded SIG, adjusting the SSID state in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to the browser client;
and the browser client skips to an operation page after receiving the authorization token and uses the authorization token to access the server.
Further, after the browser client displays the two-dimensional code containing the SSID information, a login request is periodically sent to the server;
after the server generates an SSID and sends the SSID to the browser client, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client;
and when a matching item with the uploaded SIG is searched, if the verification login countdown is ended, sending an invalid SSID to the mobile terminal client, and removing the SSID in the queue.
In a third aspect, the present invention further provides a code scanning login method, which is applied to a server, and includes the following steps:
receiving an SSID allocation request, generating an SSID, sending SSID information to a browser client, and storing the SSID in a login verification queue, wherein the SSID allocation request is an SSID allocation request sent when the browser client accesses a server;
receiving a device ID and SIG sent by a client of a mobile terminal, wherein the device ID is used for searching an authorized device unique code MID in a server, the SIG is generated by digitally signing SSID information in a two-dimensional code by using the unique device code of the client of the mobile terminal after the mobile terminal acquires correct login information of a user and starts a scanning function to acquire the SSID information in the two-dimensional code, and the SSID information in the two-dimensional code is the SSID information in the two-dimensional code sent by the server to the client of a browser for display;
and matching corresponding MIDs in the login verification queue, performing digital signature on the SSID in the glazer verification queue if the matching is successful, searching a matching item of the uploaded SIG, adjusting the state of the SSID in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to a browser client, wherein the authorization token is an authorization token which is received by the browser and then jumped to an operation page to access a server.
In a fourth aspect, the present invention further provides a code scanning login method, which is applied to a browser client, and includes the following steps:
the access server sends an SSID allocation request;
displaying the acquired two-dimensional code containing SSID information, wherein the SSID information is generated and sent to a browser client after the server receives an SSID distribution request and is stored in a login verification queue;
obtaining an authorization token sent by a server, jumping to an operation page, using the authorization token to access the server, wherein the authorization token is an MID matched with a found device ID in a verification queue by the server, digitally signing an SSID in a login verification queue, adjusting the SSID state in the login verification queue to be authorized after finding a matching item with a sent SIG, and generating and sending the authorized SSID state to a browser client; the SIG is generated after a mobile terminal client starts a scanning function to acquire SSID information in the two-dimensional code after acquiring correct login information of a user, and digital signature is carried out on the SSID information in the two-dimensional code by using a unique device code (MID) of the mobile terminal client; the device ID is used to find an authorized MID in the server.
In a fifth aspect, the present invention provides a code scanning login method, which is used in a mobile terminal client, and includes the following steps:
after acquiring correct login information of a user, starting a scanning function to acquire SSID information in a two-dimensional code, wherein the two-dimensional code is generated by a browser client side through the SSID generated by a server and sent to the browser client side after the browser client side accesses the server and sends an SSID distribution request;
carrying out digital signature on the SSID information by a unique device code (MID) of a mobile terminal client and generating an SIG, wherein the SSID information is also stored in a login verification queue when being sent to a browser client by a server;
the method comprises the steps of sending a device ID of a mobile terminal client and SIG to a server, wherein the device ID is used for matching MID of the mobile terminal client stored in the server, the SIG is used for matching SSID in a verification queue in the server, searching a matching item of the sent SIG after the server carries out digital signature on the SSID in the verification queue after matching the MID, adjusting the state of the SSID in the verification queue to be authorized if the matching item is found, sending an authorization token to a browser client, the browser client jumps to an operation page after receiving the authorization token, and uses the authorization token to access the server.
In a sixth aspect, the present invention provides a code scanning login device, including:
the acquisition module is used for starting a scanning function to acquire SSID information in a two-dimensional code after acquiring correct login information of a user, wherein the two-dimensional code is a two-dimensional code generated by a browser client side through generating the SSID and sending the SSID to the browser client side after the browser client side accesses a server and sends an SSID allocation request;
the generating module is used for digitally signing the SSID information by the unique device code MID of the mobile terminal client and generating SIG, and the SSID information is also stored in a login verification queue when the server sends the SSID information to the browser client;
the device ID is used for matching an MID (device identification) of the mobile terminal client stored in the server, the SIG is used for matching an SSID (service set identifier) in a verification queue in the server, the SSID in the verification queue is digitally signed after the server is matched with the MID, a matching item of the uploaded SIG is searched, if the matching item is found, the SSID state in the verification queue is adjusted to be authorized, an authorization token is sent to the browser client, the browser client receives the authorization token and then jumps to an operation page, and the authorization token is used for accessing the server.
In a seventh aspect, the present invention discloses an electronic device, including:
a memory for storing a computer program;
a processor for implementing the steps of the code scanning login method according to the fifth aspect when executing the computer program.
In an eighth aspect, the present invention discloses a storage medium having a computer program stored thereon, which when executed by a processor, implements the steps of the code scanning entry method according to the fifth aspect.
The invention has the beneficial effects that: compared with the defect that the login information of the user is directly sent to the server in the prior art and is easy to intercept and crack in the process, the certificate logged in by the browser is not a fixed user password but a temporary SSID (service set identifier) with a login verification window period, so that the safety risk caused by user information leakage in network transmission is avoided; in addition, the login of the browser depends on the authorized use of the mobile terminal equipment, the authorized use user information of the mobile terminal client side is logged in and the code scanning function is started, and the safety level is improved in the aspect of user verification; in addition, the unique device code MID of the mobile terminal is not transmitted on the network any more, so that the safety risk caused by the leakage of the client information of the mobile terminal during network transmission is avoided; and finally, the authorization information gold of the mobile terminal client transmits the irreversible digital signature of the SSID, the SSID plaintext does not appear, and the security risk brought by the association of the authorization information and the SSID in network transmission is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating steps of a code scanning login method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a code scanning login system according to an embodiment of the present invention;
FIG. 3 is a block diagram of a code scanning entry apparatus according to an embodiment of the present invention.
Reference numerals: 110. A mobile terminal client; 120. a browser client; 130. a server; 201. an acquisition module; 202. a generation module; 203. and a sending module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only and do not represent the only embodiments.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
In order to solve the problem that the login information of a user is transmitted to a server through a network in the code scanning login process in the prior art, and the password of the user is easy to leak, the user password information is not directly transmitted, the scanning function is started by logging in a mobile client based on authorization equipment, the SSID is contained in a two-dimensional code displayed by a browser client through a temporary SSID with a login verification window period, the SSID is transmitted to the server from the mobile terminal client after the SSID in the two-dimensional code information is digitally signed, the SSID is matched with the SSID in the server after the SSID is digitally signed, and the browser is controlled to jump to a corresponding operation page to realize the access to the server after the matching is completed; by the mode, the leakage of user login information is avoided; for ease of understanding, the relevant information involved will be described here:
SSID: the unique identifier of the browser client temporarily generated by the server is used for subsequent access authorization related operations;
and (4) MID: the device unique code of the mobile terminal client is used for identifying whether the device is authorized;
the Device ID is also called Device ID, and refers to a Device code locally stored by the client of the mobile terminal and is used for searching a corresponding MID;
SIG is an irreversible digital signature technology, and information is encrypted and transmitted in a mode that plaintext does not appear, so that the safety of transmitted information can be improved;
token: the token is a string of character strings generated by the server side and used as a token requested by the browser client side, when logging in, the server generates a token to return the token to the browser client side, and the browser client side only needs to take the token to request data before, and does not need to take the user name and the password again.
The code scanning login method shown in fig. 2, which is applied to the mobile terminal client 110, the browser client 120 and the server 130, includes the following steps:
the browser client 120 accesses the server 130 and sends an SSID assignment request;
after receiving the SSID allocation request, the server 130 generates an SSID and sends the SSID to the browser client 120, and stores the SSID in a login authentication queue; it should be noted here that the authentication login queue of the server 130 contains, in addition to the temporarily produced SSID, the unique device code MID of the authorized mobile terminal client 110 in the server 130, and only the mobile terminal client 110 authorized in the server 130 is used to perform the code scanning operation; through the setting, the security of code scanning login can be ensured, and the mobile terminal client 110 can be a mobile phone with a corresponding app installed, or a dedicated PDA device.
After receiving the SSID information sent by the server 130, the browser client 120 displays a two-dimensional code containing the SSID information; it should be noted here that the browser client 120 is a device for displaying a two-dimensional code, and may be a computer display, and also has a network transmission function, where a user may enter the display page by inputting a specific website during a specific operation, or may display the two-dimensional code page when the device is powered on, and protect SSID information in the two-dimensional code by interacting with the server 130, and later, after verification, the two-dimensional code page jumps to an operation page by an authorization token sent by the server 130, and data transmission between the two-dimensional code page and the server 130 is realized;
after acquiring correct login information of a user, the mobile terminal client 110 starts a scanning function to acquire SSID information in the two-dimensional code, digitally signs the SSID information by using a unique device code (MID) of the mobile terminal client 110 to generate SIG, and sends a device ID and the SIG of the mobile terminal client 110 to the server 130, wherein the device ID is used for searching for an authorized MID in the server 130; the user correct login information can be realized in various ways, such as inputting a user name and a password, or fingerprint, facial recognition and other prior arts;
after receiving the device ID and the SIG, the server 130 searches for a matched MID, digitally signs the SSID in the login verification queue after matching, searches for a matching item with the uploaded SIG, adjusts the SSID state in the queue to "authorized" if the matching item is found, generates an authorization token, and sends the authorization token to the browser client 120; as shown in fig. 1, the following operations are performed when the server 130 looks for an SSID in the login authentication queue and verifies whether it is authorized: if the corresponding MID matching the device ID is not found, returning an invalid SSID to the browser client 120 or the mobile terminal client 110, and stopping subsequent verification; if no matching SIG is found, sending "authorization failure" to the mobile terminal client 110 or the browser client 120;
the browser client 120, after receiving the authorization token, jumps to the operation page and accesses the server 130 using the authorization token.
In the embodiment, the temporary SSID with the login verification window period avoids the safety risk caused by user information leakage during network transmission; in addition, in the invention, the login of the browser depends on the authorized use of the mobile terminal equipment, the authorized use user information of the mobile terminal client 110 is logged in and the code scanning function is started, and the safety level is improved in the aspect of user verification; in addition, the unique device code MID of the mobile terminal is not transmitted on the network any more, so that the safety risk caused by the information leakage of the client 110 of the mobile terminal during network transmission is avoided; finally, the authorization information gold of the mobile terminal client 110 transmits the irreversible digital signature of the SSID, and the clear text of the SSID does not appear, so that the security risk brought by the association of the authorization information and the SSID in network transmission is avoided.
On the basis of the above embodiment, the embodiment of the present invention further provides a verification window countdown function, so as to further improve the security performance, specifically: after the browser client 120 displays the two-dimensional code containing the SSID information, periodically sending a login request to the server 130, for example, sending a login request every ten seconds;
after the server 130 generates the SSID and sends the SSID to the browser client 120, starting a verification login countdown, for example, the countdown time is fifteen minutes, and the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client 120;
when a matching with the uploaded SIG is found, if the authentication login countdown is over, an "invalid SSID" is sent to the mobile terminal client 110, and the SSID in the queue is removed. At the moment, the user is reminded to refresh the two-dimensional code page to obtain new SSID information again, so that the overall safety is further improved.
The code scanning login system shown in fig. 2 comprises: the system comprises a mobile terminal client 110, a browser client 120 and a server 130, wherein the mobile terminal client 110 is in communication connection with the server 130, and the browser client 120 is in communication connection with the server 130; the system describes the login method in a hardware content transmission mode, the scheme content is the same as the method, and the details are not repeated here.
The browser client 120 is configured to access the server 130 and send an SSID allocation request, and the server 130 is configured to generate an SSID after receiving the SSID allocation request, send the SSID to the browser client 120, and store the SSID in a login authentication queue; after receiving the SSID information sent by the server 130, the browser client 120 displays a two-dimensional code containing the SSID information;
the mobile terminal client 110 is configured to, after acquiring correct login information of a user, start a scanning function to acquire SSID information in a two-dimensional code, perform digital signature on the SSID information by using a unique device code MID of the mobile terminal client 110 to generate an SIG, and send a device ID and the SIG of the mobile terminal client 110 to the server 130, where the device ID is used to find an authorized MID in the server 130;
the server 130 is configured to search for a matched MID after receiving the device ID and the SIG, perform digital signature on an SSID in a login verification queue after matching, search for a matching item with the uploaded SIG, adjust the SSID state in the queue to "authorized" if the matching item is found, generate an authorization token, and send the authorization token to the browser client 120;
the browser client 120 jumps to the operation page after receiving the authorization token, and accesses the server 130 using the authorization token.
Further, after the browser client 120 displays the two-dimensional code containing the SSID information, it periodically sends a login request to the server 130;
after the server 130 generates the SSID and sends the SSID to the browser client 120, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client 120;
when a matching with the uploaded SIG is found, if the authentication login countdown is over, an "invalid SSID" is sent to the mobile terminal client 110, and the SSID in the queue is removed.
In the following portions of the embodiments of the present invention, the server 130, the browser client 120, and the mobile terminal client 110 are respectively used as main bodies to describe the schemes, the specific implementation schemes thereof are consistent with the above methods, and the rest contents are detailed in the method portions and are not described again here;
the code scanning login method provided by the invention is applied to the server 130 and comprises the following steps:
receiving an SSID allocation request, generating an SSID and sending SSID information to the browser client 120, and storing the SSID in the login verification queue, wherein the SSID allocation request is an SSID allocation request sent when the browser client 120 accesses the server 130;
receiving a device ID and SIG sent by a mobile terminal client 110, wherein the device ID is used for searching an authorized device unique code MID in a server 130, the SIG is generated by digitally signing SSID information in a two-dimensional code by using the unique device code of the mobile terminal client 110 after the mobile terminal acquires correct login information of a user and starts a scanning function to acquire the SSID information in the two-dimensional code, and the SSID information in the two-dimensional code is the SSID information in the two-dimensional code sent to a browser client 120 by the server 130;
and matching corresponding MIDs in the login verification queue, performing digital signature on the SSID in the glazer verification queue if the matching is successful, searching a matching item of the uploaded SIG, adjusting the state of the SSID in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to the browser client 120, wherein the authorization token is an authorization token which is received by the browser and then jumped to an operation page and used for accessing the server 130.
The code scanning login method provided by the invention is applied to the browser client 120 and comprises the following steps:
the access server 130, which sends an SSID assignment request;
displaying the acquired two-dimensional code containing the SSID information, wherein the SSID information is generated and sent to the browser client 120 after the server 130 receives the SSID allocation request and is stored in the login verification queue;
obtaining an authorization token sent by the server 130, jumping to an operation page, and accessing the server 130 by using the authorization token, wherein the authorization token is an MID matched with the found device ID in a verification queue, and after digitally signing the SSID in the login verification queue, adjusting the SSID state in the login verification queue to be authorized after finding a matching item with the sent SIG, and sending the generated SSID state to the browser client 120; the SIG is generated by starting a scanning function to acquire SSID information in the two-dimensional code after the mobile terminal client 110 acquires correct login information of a user, and digitally signing the SSID information in the two-dimensional code by using a unique device code (MID) of the mobile terminal client 110; the device ID is used to find an authorized MID in the server 130.
The code scanning login method provided by the invention is used in the mobile terminal client 110, and comprises the following steps:
after acquiring correct login information of a user, starting a scanning function to acquire SSID information in a two-dimensional code, wherein the two-dimensional code is a two-dimensional code generated by the browser client 120 by generating an SSID and sending the SSID to the browser client 120 after the browser client 120 accesses the server 130 and sends an SSID allocation request;
digitally signing the SSID information by a unique device code MID of the mobile terminal client 110 and generating SIG, the SSID information being stored in a login verification queue when the server 130 sends it to the browser client 120;
sending the device ID and SIG of the mobile terminal client 110 to the server 130, wherein the device ID is used for matching with the MID of the mobile terminal client 110 stored in the server 130, the SIG is used for matching with the SSID in the verification queue in the server 130, after the server 130 matches with the MID, the SSID in the verification queue is digitally signed, then a matching item of the sent SIG is searched, if the matching item is found, the SSID state in the verification queue is adjusted to be authorized, an authorization token is sent to the browser client 120, the browser client 120 jumps to an operation page after receiving the authorization token, and the authorization token is used for accessing the server 130.
As shown in fig. 3, a module architecture diagram of a code scanning login apparatus, which corresponds to an embodiment of a code scanning login method of the mobile terminal client 110, includes:
the acquisition module 201 is configured to start a scanning function to acquire SSID information in a two-dimensional code after acquiring correct login information of a user, where the two-dimensional code is a two-dimensional code generated by the browser client 120 and generated by the browser client 120, and the server 130 generates an SSID and transmits the SSID to the browser client 120 after the browser client 120 accesses the server 130 and sends an SSID allocation request;
a generating module 202, configured to digitally sign the SSID information with the unique device code MID of the mobile terminal client 110 and generate SIG, where the SSID information is also stored in a login verification queue when the server 130 sends the SSID information to the browser client 120;
the sending module 203 is configured to send the device ID and the SIG of the mobile terminal client 110 to the server 130, where the device ID is used to match the MID of the mobile terminal client 110 already stored in the server 130, the SIG is used to match the SSID in the verification queue in the server 130, after the server 130 matches the MID, the SSID in the verification queue is digitally signed, and then a matching item of the SIG sent upwards is found, if the matching item is found, the SSID state in the verification queue is adjusted to "authorized", an authorization token is sent to the browser client 120, and the browser client 120, after receiving the authorization token, jumps to an operation page and uses the authorization token to access the server 130.
In the following, an electronic device provided in the embodiment of the present application is introduced, and the electronic device described below and the code scanning login direction applied to the mobile terminal client 110 described above may be referred to correspondingly;
an embodiment of the present invention further provides an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the code scanning login method when executing the computer program.
Since the embodiment of the electronic device portion and the embodiment of the code scanning login method portion correspond to each other, for the embodiment of the electronic device portion, please refer to the description of the embodiment of the code scanning login method portion, which is not repeated here.
In the following, a storage medium provided by an embodiment of the present application is introduced, and the storage medium described below and the code scanning registration method described above may be referred to correspondingly.
The invention also discloses a storage medium, wherein the storage medium is stored with a computer program, and the computer program realizes the steps of the code scanning login method when being executed by a processor.
Since the embodiment of the storage medium portion and the embodiment of the code scanning login method portion correspond to each other, please refer to the description of the embodiment of the code scanning login method portion for the embodiment of the storage medium portion, which is not described herein again.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (10)

1. A code scanning login method is applied to a mobile terminal client, a browser client and a server, and comprises the following steps:
the browser client accesses the server and sends an SSID distribution request;
after receiving the SSID distribution request, the server generates an SSID and sends the SSID to the browser client, and stores the SSID in a login verification queue;
after receiving SSID information sent by a server, a browser client displays a two-dimensional code containing the SSID information;
after acquiring correct login information of a user, a mobile terminal client starts a scanning function to acquire SSID information in the two-dimensional code, digital signature is carried out on the SSID information by using a unique device code (MID) of the mobile terminal client to generate SIG, a device ID of the mobile terminal client and the SIG are sent to a server, and the device ID is used for searching for an authorized MID in the server;
after receiving the device ID and the SIG, the server searches for a matched MID, digitally signs the SSID in the login verification queue after matching, searches for a matching item with the sent SIG, adjusts the SSID state in the queue to be authorized if the matching item is found, generates an authorization token, and sends the authorization token to the browser client;
and the browser client skips to an operation page after receiving the authorization token and uses the authorization token to access the server.
2. The code-scanning login method of claim 1, wherein after the browser client displays the two-dimensional code containing the SSID information, a login request is periodically sent to the server;
after the server generates an SSID and sends the SSID to the browser client, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client;
and when a matching item with the uploaded SIG is searched, if the verification login countdown is ended, sending an invalid SSID to the mobile terminal client, and removing the SSID in the queue.
3. A code scanning login system, comprising: the system comprises a mobile terminal client, a browser client and a server, wherein the mobile terminal client is in communication connection with the server, and the browser client is in communication connection with the server;
the browser client is used for accessing a server and sending an SSID distribution request, and the server is used for generating the SSID and sending the SSID to the browser client after receiving the SSID distribution request and storing the SSID into a login verification queue; the browser client displays a two-dimensional code containing SSID information after receiving the SSID information sent by the server;
the mobile terminal client is used for starting a scanning function to acquire SSID information in the two-dimensional code after acquiring correct login information of a user, digitally signing the SSID information by using a unique device code (MID) of the mobile terminal client, generating SIG, and sending a device ID of the mobile terminal client and the SIG to a server, wherein the device ID is used for searching for an authorized MID in the server;
the server is used for searching for a matched MID after receiving the equipment ID and the SIG, performing digital signature on the SSID in the login verification queue after matching, searching for a matching item with the uploaded SIG, adjusting the SSID state in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to the browser client;
and the browser client skips to an operation page after receiving the authorization token and uses the authorization token to access the server.
4. The code-scanning login system of claim 3, wherein the browser client periodically sends a login request to the server after displaying the two-dimensional code containing the SSID information;
after the server generates an SSID and sends the SSID to the browser client, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client;
and when a matching item with the uploaded SIG is searched, if the verification login countdown is ended, sending an invalid SSID to the mobile terminal client, and removing the SSID in the queue.
5. A code scanning login method is applied to a server and comprises the following steps:
receiving an SSID allocation request, generating an SSID, sending SSID information to a browser client, and storing the SSID in a login verification queue, wherein the SSID allocation request is an SSID allocation request sent when the browser client accesses a server;
receiving a device ID and SIG sent by a client of a mobile terminal, wherein the device ID is used for searching an authorized device unique code MID in a server, the SIG is generated by digitally signing SSID information in a two-dimensional code by using the unique device code of the client of the mobile terminal after the mobile terminal acquires correct login information of a user and starts a scanning function to acquire the SSID information in the two-dimensional code, and the SSID information in the two-dimensional code is the SSID information in the two-dimensional code sent by the server to the client of a browser for display;
and matching corresponding MIDs in the login verification queue, performing digital signature on the SSID in the glazer verification queue if the matching is successful, searching a matching item of the uploaded SIG, adjusting the state of the SSID in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to a browser client, wherein the authorization token is an authorization token which is received by the browser and then jumped to an operation page to access a server.
6. A code scanning login method is applied to a browser client side and comprises the following steps:
the access server sends an SSID allocation request;
displaying the acquired two-dimensional code containing SSID information, wherein the SSID information is generated and sent to a browser client after the server receives an SSID distribution request and is stored in a login verification queue;
obtaining an authorization token sent by a server, jumping to an operation page, using the authorization token to access the server, wherein the authorization token is an MID matched with a found device ID in a verification queue by the server, digitally signing an SSID in a login verification queue, adjusting the SSID state in the login verification queue to be authorized after finding a matching item with a sent SIG, and generating and sending the authorized SSID state to a browser client; the SIG is generated after a mobile terminal client starts a scanning function to acquire SSID information in the two-dimensional code after acquiring correct login information of a user, and digital signature is carried out on the SSID information in the two-dimensional code by using a unique device code (MID) of the mobile terminal client; the device ID is used to find an authorized MID in the server.
7. A code scanning login method is used in a mobile terminal client, and comprises the following steps:
after acquiring correct login information of a user, starting a scanning function to acquire SSID information in a two-dimensional code, wherein the two-dimensional code is generated by a browser client side through the SSID generated by a server and sent to the browser client side after the browser client side accesses the server and sends an SSID distribution request;
carrying out digital signature on the SSID information by a unique device code (MID) of a mobile terminal client and generating an SIG, wherein the SSID information is also stored in a login verification queue when being sent to a browser client by a server;
the method comprises the steps of sending a device ID of a mobile terminal client and SIG to a server, wherein the device ID is used for matching MID of the mobile terminal client stored in the server, the SIG is used for matching SSID in a verification queue in the server, searching a matching item of the sent SIG after the server carries out digital signature on the SSID in the verification queue after matching the MID, adjusting the state of the SSID in the verification queue to be authorized if the matching item is found, sending an authorization token to a browser client, the browser client jumps to an operation page after receiving the authorization token, and uses the authorization token to access the server.
8. A code scanning entry device, comprising:
the acquisition module is used for starting a scanning function to acquire SSID information in a two-dimensional code after acquiring correct login information of a user, wherein the two-dimensional code is a two-dimensional code generated by a browser client side through generating the SSID and sending the SSID to the browser client side after the browser client side accesses a server and sends an SSID allocation request;
the generating module is used for digitally signing the SSID information by the unique device code MID of the mobile terminal client and generating SIG, and the SSID information is also stored in a login verification queue when the server sends the SSID information to the browser client;
the device ID is used for matching an MID (device identification) of the mobile terminal client stored in the server, the SIG is used for matching an SSID (service set identifier) in a verification queue in the server, the SSID in the verification queue is digitally signed after the server is matched with the MID, a matching item of the uploaded SIG is searched, if the matching item is found, the SSID state in the verification queue is adjusted to be authorized, an authorization token is sent to the browser client, the browser client receives the authorization token and then jumps to an operation page, and the authorization token is used for accessing the server.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the code scan entry method of claim 7 when executing said computer program.
10. A storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, realizes the steps of the code scanning entry method according to claim 7.
CN202111199908.6A 2021-10-14 2021-10-14 Code scanning login method, system, device, electronic equipment and storage medium Active CN113938283B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111199908.6A CN113938283B (en) 2021-10-14 2021-10-14 Code scanning login method, system, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111199908.6A CN113938283B (en) 2021-10-14 2021-10-14 Code scanning login method, system, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113938283A true CN113938283A (en) 2022-01-14
CN113938283B CN113938283B (en) 2023-12-12

Family

ID=79279396

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111199908.6A Active CN113938283B (en) 2021-10-14 2021-10-14 Code scanning login method, system, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113938283B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640460A (en) * 2022-01-28 2022-06-17 成都卫士通信息产业股份有限公司 User login method, device, equipment and medium in application program
CN114944946A (en) * 2022-05-13 2022-08-26 北京北信源软件股份有限公司 System login method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109600340A (en) * 2017-09-30 2019-04-09 腾讯科技(深圳)有限公司 Authorization method, apparatus, terminal and server
CN110691397A (en) * 2018-07-05 2020-01-14 腾讯科技(深圳)有限公司 WIFI sharing method, WIFI connection device and computer-readable storage medium
BR102018074209A2 (en) * 2018-11-23 2020-06-02 Samsung Eletrônica da Amazônia Ltda. SAFE METHOD FOR CONFIGURING DEALS OF INTERNET OF THINGS (IOT) THROUGH WIRELESS TECHNOLOGIES
CN111328055A (en) * 2018-12-14 2020-06-23 中国移动通信集团山东有限公司 ONU automatic registration method and device
WO2021003816A1 (en) * 2019-07-05 2021-01-14 杭州博联智能科技股份有限公司 Method for authenticating iot device is bound to user, device and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109600340A (en) * 2017-09-30 2019-04-09 腾讯科技(深圳)有限公司 Authorization method, apparatus, terminal and server
CN110691397A (en) * 2018-07-05 2020-01-14 腾讯科技(深圳)有限公司 WIFI sharing method, WIFI connection device and computer-readable storage medium
BR102018074209A2 (en) * 2018-11-23 2020-06-02 Samsung Eletrônica da Amazônia Ltda. SAFE METHOD FOR CONFIGURING DEALS OF INTERNET OF THINGS (IOT) THROUGH WIRELESS TECHNOLOGIES
CN111328055A (en) * 2018-12-14 2020-06-23 中国移动通信集团山东有限公司 ONU automatic registration method and device
WO2021003816A1 (en) * 2019-07-05 2021-01-14 杭州博联智能科技股份有限公司 Method for authenticating iot device is bound to user, device and medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640460A (en) * 2022-01-28 2022-06-17 成都卫士通信息产业股份有限公司 User login method, device, equipment and medium in application program
CN114640460B (en) * 2022-01-28 2024-01-30 成都卫士通信息产业股份有限公司 User login method, device, equipment and medium in application program
CN114944946A (en) * 2022-05-13 2022-08-26 北京北信源软件股份有限公司 System login method
CN114944946B (en) * 2022-05-13 2023-12-08 北京北信源软件股份有限公司 System login method

Also Published As

Publication number Publication date
CN113938283B (en) 2023-12-12

Similar Documents

Publication Publication Date Title
CN107864115B (en) Method for user account login verification by using portable terminal
CN107302539B (en) Electronic identity registration and authentication login method and system
US8504820B2 (en) Method for improving network application security and system thereof
CN109583181B (en) Authentication method, authentication device and machine-readable storage medium
CN109587162B (en) Login verification method, device, terminal, password server and storage medium
US8516239B2 (en) Virtual authentication proxy server and terminal authentication server
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN110502886B (en) Multiple identity authentication method, device, terminal and computer storage medium
CN111030812A (en) Token verification method, device, storage medium and server
CN113938283B (en) Code scanning login method, system, device, electronic equipment and storage medium
CN106161348B (en) Single sign-on method, system and terminal
CN108322416B (en) Security authentication implementation method, device and system
CN106161475B (en) Method and device for realizing user authentication
US8732460B2 (en) System and method for providing a one-time key for identification
CN109474600B (en) Account binding method, system, device and equipment
CN113630241B (en) Password recovery method and system, cloud server and electronic equipment
CN111949959B (en) Authorization authentication method and device in Oauth protocol
CN113641973A (en) Identity authentication method, system and medium
CN115842680A (en) Network identity authentication management method and system
CN107437996B (en) Identity authentication method, device and terminal
CN107294931B (en) Method and apparatus for adjusting restricted access frequency
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN112364322A (en) Safety verification system and method for instant communication tool
CN110995654A (en) Remote terminal temporary authorization method, device and system based on dynamic two-dimensional code
CN111131140A (en) Method and system for enhancing login security of Windows operating system based on message pushing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20231226

Address after: 211106 No. 28, Yinlong Road, economic and Technological Development Zone, Jiangning District, Nanjing City, Jiangsu Province

Patentee after: NANJING DAQO ELECTRICAL INSTITUTE Co.,Ltd.

Patentee after: ZHENJINAG KLOCKNER-MOELLER ELECTRICAL SYSTEMS Co.,Ltd.

Patentee after: DAQO GROUP Co.,Ltd.

Address before: 211106 No. 28, Yinlong Road, economic and Technological Development Zone, Jiangning District, Nanjing City, Jiangsu Province

Patentee before: NANJING DAQO ELECTRICAL INSTITUTE Co.,Ltd.

Patentee before: ZHENJINAG KLOCKNER-MOELLER ELECTRICAL SYSTEMS Co.,Ltd.