Disclosure of Invention
The technical problem to be solved by the invention is as follows: a code scanning login method, a system, a device, an electronic device and a storage medium are provided, and the security of code scanning login is improved.
In order to achieve the purpose, the invention adopts the technical scheme that:
in a first aspect, the present invention provides a code scanning login method, which is applied to a mobile terminal client, a browser client and a server, and comprises the following steps:
the browser client accesses the server and sends an SSID distribution request;
after receiving the SSID distribution request, the server generates an SSID and sends the SSID to the browser client, and stores the SSID in a login verification queue;
after receiving SSID information sent by a server, a browser client displays a two-dimensional code containing the SSID information;
after acquiring correct login information of a user, a mobile terminal client starts a scanning function to acquire SSID information in the two-dimensional code, digital signature is carried out on the SSID information by using a unique device code (MID) of the mobile terminal client to generate SIG, a device ID of the mobile terminal client and the SIG are sent to a server, and the device ID is used for searching for an authorized MID in the server;
after receiving the device ID and the SIG, the server searches for a matched MID, digitally signs the SSID in the login verification queue after matching, searches for a matching item with the sent SIG, adjusts the SSID state in the queue to be authorized if the matching item is found, generates an authorization token, and sends the authorization token to the browser client;
and the browser client skips to an operation page after receiving the authorization token and uses the authorization token to access the server.
Further, after the browser client displays the two-dimensional code containing the SSID information, a login request is periodically sent to the server;
after the server generates an SSID and sends the SSID to the browser client, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client;
and when a matching item with the uploaded SIG is searched, if the verification login countdown is ended, sending an invalid SSID to the mobile terminal client, and removing the SSID in the queue.
In a second aspect, the present invention provides a code scanning login system, including: the system comprises a mobile terminal client, a browser client and a server, wherein the mobile terminal client is in communication connection with the server, and the browser client is in communication connection with the server;
the browser client is used for accessing a server and sending an SSID distribution request, and the server is used for generating the SSID and sending the SSID to the browser client after receiving the SSID distribution request and storing the SSID into a login verification queue; the browser client displays a two-dimensional code containing SSID information after receiving the SSID information sent by the server;
the mobile terminal client is used for starting a scanning function to acquire SSID information in the two-dimensional code after acquiring correct login information of a user, digitally signing the SSID information by using a unique device code (MID) of the mobile terminal client, generating SIG, and sending a device ID of the mobile terminal client and the SIG to a server, wherein the device ID is used for searching for an authorized MID in the server;
the server is used for searching for a matched MID after receiving the equipment ID and the SIG, performing digital signature on the SSID in the login verification queue after matching, searching for a matching item with the uploaded SIG, adjusting the SSID state in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to the browser client;
and the browser client skips to an operation page after receiving the authorization token and uses the authorization token to access the server.
Further, after the browser client displays the two-dimensional code containing the SSID information, a login request is periodically sent to the server;
after the server generates an SSID and sends the SSID to the browser client, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client;
and when a matching item with the uploaded SIG is searched, if the verification login countdown is ended, sending an invalid SSID to the mobile terminal client, and removing the SSID in the queue.
In a third aspect, the present invention further provides a code scanning login method, which is applied to a server, and includes the following steps:
receiving an SSID allocation request, generating an SSID, sending SSID information to a browser client, and storing the SSID in a login verification queue, wherein the SSID allocation request is an SSID allocation request sent when the browser client accesses a server;
receiving a device ID and SIG sent by a client of a mobile terminal, wherein the device ID is used for searching an authorized device unique code MID in a server, the SIG is generated by digitally signing SSID information in a two-dimensional code by using the unique device code of the client of the mobile terminal after the mobile terminal acquires correct login information of a user and starts a scanning function to acquire the SSID information in the two-dimensional code, and the SSID information in the two-dimensional code is the SSID information in the two-dimensional code sent by the server to the client of a browser for display;
and matching corresponding MIDs in the login verification queue, performing digital signature on the SSID in the glazer verification queue if the matching is successful, searching a matching item of the uploaded SIG, adjusting the state of the SSID in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to a browser client, wherein the authorization token is an authorization token which is received by the browser and then jumped to an operation page to access a server.
In a fourth aspect, the present invention further provides a code scanning login method, which is applied to a browser client, and includes the following steps:
the access server sends an SSID allocation request;
displaying the acquired two-dimensional code containing SSID information, wherein the SSID information is generated and sent to a browser client after the server receives an SSID distribution request and is stored in a login verification queue;
obtaining an authorization token sent by a server, jumping to an operation page, using the authorization token to access the server, wherein the authorization token is an MID matched with a found device ID in a verification queue by the server, digitally signing an SSID in a login verification queue, adjusting the SSID state in the login verification queue to be authorized after finding a matching item with a sent SIG, and generating and sending the authorized SSID state to a browser client; the SIG is generated after a mobile terminal client starts a scanning function to acquire SSID information in the two-dimensional code after acquiring correct login information of a user, and digital signature is carried out on the SSID information in the two-dimensional code by using a unique device code (MID) of the mobile terminal client; the device ID is used to find an authorized MID in the server.
In a fifth aspect, the present invention provides a code scanning login method, which is used in a mobile terminal client, and includes the following steps:
after acquiring correct login information of a user, starting a scanning function to acquire SSID information in a two-dimensional code, wherein the two-dimensional code is generated by a browser client side through the SSID generated by a server and sent to the browser client side after the browser client side accesses the server and sends an SSID distribution request;
carrying out digital signature on the SSID information by a unique device code (MID) of a mobile terminal client and generating an SIG, wherein the SSID information is also stored in a login verification queue when being sent to a browser client by a server;
the method comprises the steps of sending a device ID of a mobile terminal client and SIG to a server, wherein the device ID is used for matching MID of the mobile terminal client stored in the server, the SIG is used for matching SSID in a verification queue in the server, searching a matching item of the sent SIG after the server carries out digital signature on the SSID in the verification queue after matching the MID, adjusting the state of the SSID in the verification queue to be authorized if the matching item is found, sending an authorization token to a browser client, the browser client jumps to an operation page after receiving the authorization token, and uses the authorization token to access the server.
In a sixth aspect, the present invention provides a code scanning login device, including:
the acquisition module is used for starting a scanning function to acquire SSID information in a two-dimensional code after acquiring correct login information of a user, wherein the two-dimensional code is a two-dimensional code generated by a browser client side through generating the SSID and sending the SSID to the browser client side after the browser client side accesses a server and sends an SSID allocation request;
the generating module is used for digitally signing the SSID information by the unique device code MID of the mobile terminal client and generating SIG, and the SSID information is also stored in a login verification queue when the server sends the SSID information to the browser client;
the device ID is used for matching an MID (device identification) of the mobile terminal client stored in the server, the SIG is used for matching an SSID (service set identifier) in a verification queue in the server, the SSID in the verification queue is digitally signed after the server is matched with the MID, a matching item of the uploaded SIG is searched, if the matching item is found, the SSID state in the verification queue is adjusted to be authorized, an authorization token is sent to the browser client, the browser client receives the authorization token and then jumps to an operation page, and the authorization token is used for accessing the server.
In a seventh aspect, the present invention discloses an electronic device, including:
a memory for storing a computer program;
a processor for implementing the steps of the code scanning login method according to the fifth aspect when executing the computer program.
In an eighth aspect, the present invention discloses a storage medium having a computer program stored thereon, which when executed by a processor, implements the steps of the code scanning entry method according to the fifth aspect.
The invention has the beneficial effects that: compared with the defect that the login information of the user is directly sent to the server in the prior art and is easy to intercept and crack in the process, the certificate logged in by the browser is not a fixed user password but a temporary SSID (service set identifier) with a login verification window period, so that the safety risk caused by user information leakage in network transmission is avoided; in addition, the login of the browser depends on the authorized use of the mobile terminal equipment, the authorized use user information of the mobile terminal client side is logged in and the code scanning function is started, and the safety level is improved in the aspect of user verification; in addition, the unique device code MID of the mobile terminal is not transmitted on the network any more, so that the safety risk caused by the leakage of the client information of the mobile terminal during network transmission is avoided; and finally, the authorization information gold of the mobile terminal client transmits the irreversible digital signature of the SSID, the SSID plaintext does not appear, and the security risk brought by the association of the authorization information and the SSID in network transmission is avoided.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only and do not represent the only embodiments.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
In order to solve the problem that the login information of a user is transmitted to a server through a network in the code scanning login process in the prior art, and the password of the user is easy to leak, the user password information is not directly transmitted, the scanning function is started by logging in a mobile client based on authorization equipment, the SSID is contained in a two-dimensional code displayed by a browser client through a temporary SSID with a login verification window period, the SSID is transmitted to the server from the mobile terminal client after the SSID in the two-dimensional code information is digitally signed, the SSID is matched with the SSID in the server after the SSID is digitally signed, and the browser is controlled to jump to a corresponding operation page to realize the access to the server after the matching is completed; by the mode, the leakage of user login information is avoided; for ease of understanding, the relevant information involved will be described here:
SSID: the unique identifier of the browser client temporarily generated by the server is used for subsequent access authorization related operations;
and (4) MID: the device unique code of the mobile terminal client is used for identifying whether the device is authorized;
the Device ID is also called Device ID, and refers to a Device code locally stored by the client of the mobile terminal and is used for searching a corresponding MID;
SIG is an irreversible digital signature technology, and information is encrypted and transmitted in a mode that plaintext does not appear, so that the safety of transmitted information can be improved;
token: the token is a string of character strings generated by the server side and used as a token requested by the browser client side, when logging in, the server generates a token to return the token to the browser client side, and the browser client side only needs to take the token to request data before, and does not need to take the user name and the password again.
The code scanning login method shown in fig. 2, which is applied to the mobile terminal client 110, the browser client 120 and the server 130, includes the following steps:
the browser client 120 accesses the server 130 and sends an SSID assignment request;
after receiving the SSID allocation request, the server 130 generates an SSID and sends the SSID to the browser client 120, and stores the SSID in a login authentication queue; it should be noted here that the authentication login queue of the server 130 contains, in addition to the temporarily produced SSID, the unique device code MID of the authorized mobile terminal client 110 in the server 130, and only the mobile terminal client 110 authorized in the server 130 is used to perform the code scanning operation; through the setting, the security of code scanning login can be ensured, and the mobile terminal client 110 can be a mobile phone with a corresponding app installed, or a dedicated PDA device.
After receiving the SSID information sent by the server 130, the browser client 120 displays a two-dimensional code containing the SSID information; it should be noted here that the browser client 120 is a device for displaying a two-dimensional code, and may be a computer display, and also has a network transmission function, where a user may enter the display page by inputting a specific website during a specific operation, or may display the two-dimensional code page when the device is powered on, and protect SSID information in the two-dimensional code by interacting with the server 130, and later, after verification, the two-dimensional code page jumps to an operation page by an authorization token sent by the server 130, and data transmission between the two-dimensional code page and the server 130 is realized;
after acquiring correct login information of a user, the mobile terminal client 110 starts a scanning function to acquire SSID information in the two-dimensional code, digitally signs the SSID information by using a unique device code (MID) of the mobile terminal client 110 to generate SIG, and sends a device ID and the SIG of the mobile terminal client 110 to the server 130, wherein the device ID is used for searching for an authorized MID in the server 130; the user correct login information can be realized in various ways, such as inputting a user name and a password, or fingerprint, facial recognition and other prior arts;
after receiving the device ID and the SIG, the server 130 searches for a matched MID, digitally signs the SSID in the login verification queue after matching, searches for a matching item with the uploaded SIG, adjusts the SSID state in the queue to "authorized" if the matching item is found, generates an authorization token, and sends the authorization token to the browser client 120; as shown in fig. 1, the following operations are performed when the server 130 looks for an SSID in the login authentication queue and verifies whether it is authorized: if the corresponding MID matching the device ID is not found, returning an invalid SSID to the browser client 120 or the mobile terminal client 110, and stopping subsequent verification; if no matching SIG is found, sending "authorization failure" to the mobile terminal client 110 or the browser client 120;
the browser client 120, after receiving the authorization token, jumps to the operation page and accesses the server 130 using the authorization token.
In the embodiment, the temporary SSID with the login verification window period avoids the safety risk caused by user information leakage during network transmission; in addition, in the invention, the login of the browser depends on the authorized use of the mobile terminal equipment, the authorized use user information of the mobile terminal client 110 is logged in and the code scanning function is started, and the safety level is improved in the aspect of user verification; in addition, the unique device code MID of the mobile terminal is not transmitted on the network any more, so that the safety risk caused by the information leakage of the client 110 of the mobile terminal during network transmission is avoided; finally, the authorization information gold of the mobile terminal client 110 transmits the irreversible digital signature of the SSID, and the clear text of the SSID does not appear, so that the security risk brought by the association of the authorization information and the SSID in network transmission is avoided.
On the basis of the above embodiment, the embodiment of the present invention further provides a verification window countdown function, so as to further improve the security performance, specifically: after the browser client 120 displays the two-dimensional code containing the SSID information, periodically sending a login request to the server 130, for example, sending a login request every ten seconds;
after the server 130 generates the SSID and sends the SSID to the browser client 120, starting a verification login countdown, for example, the countdown time is fifteen minutes, and the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client 120;
when a matching with the uploaded SIG is found, if the authentication login countdown is over, an "invalid SSID" is sent to the mobile terminal client 110, and the SSID in the queue is removed. At the moment, the user is reminded to refresh the two-dimensional code page to obtain new SSID information again, so that the overall safety is further improved.
The code scanning login system shown in fig. 2 comprises: the system comprises a mobile terminal client 110, a browser client 120 and a server 130, wherein the mobile terminal client 110 is in communication connection with the server 130, and the browser client 120 is in communication connection with the server 130; the system describes the login method in a hardware content transmission mode, the scheme content is the same as the method, and the details are not repeated here.
The browser client 120 is configured to access the server 130 and send an SSID allocation request, and the server 130 is configured to generate an SSID after receiving the SSID allocation request, send the SSID to the browser client 120, and store the SSID in a login authentication queue; after receiving the SSID information sent by the server 130, the browser client 120 displays a two-dimensional code containing the SSID information;
the mobile terminal client 110 is configured to, after acquiring correct login information of a user, start a scanning function to acquire SSID information in a two-dimensional code, perform digital signature on the SSID information by using a unique device code MID of the mobile terminal client 110 to generate an SIG, and send a device ID and the SIG of the mobile terminal client 110 to the server 130, where the device ID is used to find an authorized MID in the server 130;
the server 130 is configured to search for a matched MID after receiving the device ID and the SIG, perform digital signature on an SSID in a login verification queue after matching, search for a matching item with the uploaded SIG, adjust the SSID state in the queue to "authorized" if the matching item is found, generate an authorization token, and send the authorization token to the browser client 120;
the browser client 120 jumps to the operation page after receiving the authorization token, and accesses the server 130 using the authorization token.
Further, after the browser client 120 displays the two-dimensional code containing the SSID information, it periodically sends a login request to the server 130;
after the server 130 generates the SSID and sends the SSID to the browser client 120, starting a verification login countdown, wherein the time length of the verification login countdown is longer than the time length of a login request sending period of the browser client 120;
when a matching with the uploaded SIG is found, if the authentication login countdown is over, an "invalid SSID" is sent to the mobile terminal client 110, and the SSID in the queue is removed.
In the following portions of the embodiments of the present invention, the server 130, the browser client 120, and the mobile terminal client 110 are respectively used as main bodies to describe the schemes, the specific implementation schemes thereof are consistent with the above methods, and the rest contents are detailed in the method portions and are not described again here;
the code scanning login method provided by the invention is applied to the server 130 and comprises the following steps:
receiving an SSID allocation request, generating an SSID and sending SSID information to the browser client 120, and storing the SSID in the login verification queue, wherein the SSID allocation request is an SSID allocation request sent when the browser client 120 accesses the server 130;
receiving a device ID and SIG sent by a mobile terminal client 110, wherein the device ID is used for searching an authorized device unique code MID in a server 130, the SIG is generated by digitally signing SSID information in a two-dimensional code by using the unique device code of the mobile terminal client 110 after the mobile terminal acquires correct login information of a user and starts a scanning function to acquire the SSID information in the two-dimensional code, and the SSID information in the two-dimensional code is the SSID information in the two-dimensional code sent to a browser client 120 by the server 130;
and matching corresponding MIDs in the login verification queue, performing digital signature on the SSID in the glazer verification queue if the matching is successful, searching a matching item of the uploaded SIG, adjusting the state of the SSID in the queue to be authorized if the matching item is found, generating an authorization token, and sending the authorization token to the browser client 120, wherein the authorization token is an authorization token which is received by the browser and then jumped to an operation page and used for accessing the server 130.
The code scanning login method provided by the invention is applied to the browser client 120 and comprises the following steps:
the access server 130, which sends an SSID assignment request;
displaying the acquired two-dimensional code containing the SSID information, wherein the SSID information is generated and sent to the browser client 120 after the server 130 receives the SSID allocation request and is stored in the login verification queue;
obtaining an authorization token sent by the server 130, jumping to an operation page, and accessing the server 130 by using the authorization token, wherein the authorization token is an MID matched with the found device ID in a verification queue, and after digitally signing the SSID in the login verification queue, adjusting the SSID state in the login verification queue to be authorized after finding a matching item with the sent SIG, and sending the generated SSID state to the browser client 120; the SIG is generated by starting a scanning function to acquire SSID information in the two-dimensional code after the mobile terminal client 110 acquires correct login information of a user, and digitally signing the SSID information in the two-dimensional code by using a unique device code (MID) of the mobile terminal client 110; the device ID is used to find an authorized MID in the server 130.
The code scanning login method provided by the invention is used in the mobile terminal client 110, and comprises the following steps:
after acquiring correct login information of a user, starting a scanning function to acquire SSID information in a two-dimensional code, wherein the two-dimensional code is a two-dimensional code generated by the browser client 120 by generating an SSID and sending the SSID to the browser client 120 after the browser client 120 accesses the server 130 and sends an SSID allocation request;
digitally signing the SSID information by a unique device code MID of the mobile terminal client 110 and generating SIG, the SSID information being stored in a login verification queue when the server 130 sends it to the browser client 120;
sending the device ID and SIG of the mobile terminal client 110 to the server 130, wherein the device ID is used for matching with the MID of the mobile terminal client 110 stored in the server 130, the SIG is used for matching with the SSID in the verification queue in the server 130, after the server 130 matches with the MID, the SSID in the verification queue is digitally signed, then a matching item of the sent SIG is searched, if the matching item is found, the SSID state in the verification queue is adjusted to be authorized, an authorization token is sent to the browser client 120, the browser client 120 jumps to an operation page after receiving the authorization token, and the authorization token is used for accessing the server 130.
As shown in fig. 3, a module architecture diagram of a code scanning login apparatus, which corresponds to an embodiment of a code scanning login method of the mobile terminal client 110, includes:
the acquisition module 201 is configured to start a scanning function to acquire SSID information in a two-dimensional code after acquiring correct login information of a user, where the two-dimensional code is a two-dimensional code generated by the browser client 120 and generated by the browser client 120, and the server 130 generates an SSID and transmits the SSID to the browser client 120 after the browser client 120 accesses the server 130 and sends an SSID allocation request;
a generating module 202, configured to digitally sign the SSID information with the unique device code MID of the mobile terminal client 110 and generate SIG, where the SSID information is also stored in a login verification queue when the server 130 sends the SSID information to the browser client 120;
the sending module 203 is configured to send the device ID and the SIG of the mobile terminal client 110 to the server 130, where the device ID is used to match the MID of the mobile terminal client 110 already stored in the server 130, the SIG is used to match the SSID in the verification queue in the server 130, after the server 130 matches the MID, the SSID in the verification queue is digitally signed, and then a matching item of the SIG sent upwards is found, if the matching item is found, the SSID state in the verification queue is adjusted to "authorized", an authorization token is sent to the browser client 120, and the browser client 120, after receiving the authorization token, jumps to an operation page and uses the authorization token to access the server 130.
In the following, an electronic device provided in the embodiment of the present application is introduced, and the electronic device described below and the code scanning login direction applied to the mobile terminal client 110 described above may be referred to correspondingly;
an embodiment of the present invention further provides an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the code scanning login method when executing the computer program.
Since the embodiment of the electronic device portion and the embodiment of the code scanning login method portion correspond to each other, for the embodiment of the electronic device portion, please refer to the description of the embodiment of the code scanning login method portion, which is not repeated here.
In the following, a storage medium provided by an embodiment of the present application is introduced, and the storage medium described below and the code scanning registration method described above may be referred to correspondingly.
The invention also discloses a storage medium, wherein the storage medium is stored with a computer program, and the computer program realizes the steps of the code scanning login method when being executed by a processor.
Since the embodiment of the storage medium portion and the embodiment of the code scanning login method portion correspond to each other, please refer to the description of the embodiment of the code scanning login method portion for the embodiment of the storage medium portion, which is not described herein again.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.