CN115589290A - Password identification method and device, computer equipment and storage medium - Google Patents
Password identification method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN115589290A CN115589290A CN202211228462.XA CN202211228462A CN115589290A CN 115589290 A CN115589290 A CN 115589290A CN 202211228462 A CN202211228462 A CN 202211228462A CN 115589290 A CN115589290 A CN 115589290A
- Authority
- CN
- China
- Prior art keywords
- password
- information
- login
- target
- key value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a password identification method, a password identification device, a computer device, a storage medium and a computer program product. The method comprises the following steps: according to a password login request sent by a target terminal, generating a login reply instruction corresponding to the password login request, and returning the login reply instruction to the target terminal; scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation; and under the condition that the key value information is matched with the key image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of password input operation executed by the target terminal. The method can improve the safety protection capability of the password.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a password identification method, apparatus, computer device, storage medium, and computer program product.
Background
The power monitoring system is a control center of the whole power system, can monitor and control the power production and supply process, and has important significance for ensuring safe and stable operation and reliable power supply of the power system, so the password security of the power monitoring system is very important.
At present, the security of the password of the power monitoring system is ensured by using a mode of encrypting and transmitting the password, but the password can be directly obtained after decryption without performing relevant identification analysis processing after decryption. If the encryption key of the password is cracked in the password transmission process, the password of the power monitoring system can be identified and stolen, so that the safety protection capability of the password identification process of the power monitoring system is low.
Disclosure of Invention
In view of the above, it is necessary to provide a password identification method, an apparatus, a computer device, a computer readable storage medium, and a computer program product, which can improve the security protection capability of the password.
In a first aspect, the present application provides a password identification method. The method comprises the following steps:
generating a login reply instruction corresponding to a password login request according to the password login request sent by a target terminal, and returning the login reply instruction to the target terminal;
scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and under the condition that the key value information is matched with the key image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of password input operation executed by the target terminal.
In one embodiment, the scanning processing of the terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain the key value information and the key position image corresponding to the password input operation includes:
scanning a terminal page associated with the password input operation to obtain chrominance information, scanning information and the key bit image of the password input operation;
performing least square processing on the chrominance information and the scanning information to obtain correction information of the password input operation;
and obtaining key value information of the password input operation according to the correction information, the chrominance information and the scanning information.
In one embodiment, before the detecting that the key value information matches with the key map, the method further comprises:
carrying out graying processing on the key position image to obtain a grayed image;
comparing the grayed image with the key value information to obtain a comparison result of the key value information;
and confirming that the key value information is matched with the key image under the condition that the comparison result meets the key position matching condition.
In one embodiment, before performing matching processing on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, the method further includes:
receiving an initial password function sent by the target terminal;
filtering the initial password function to obtain a target password function;
and according to the target password function, decrypting the initial password corresponding to the key value information to obtain the target password information.
In one embodiment, generating a login reply instruction corresponding to a password login request according to the password login request sent by a target terminal, and returning the login reply instruction to the target terminal includes:
receiving the password login request sent by the target terminal;
carrying out logic detection on the password login request to obtain a logic detection result of the password login request;
and generating the corresponding login reply instruction according to the logic detection result.
In one embodiment, the login reply instruction comprises a login approval instruction and a login rejection instruction;
generating the corresponding login reply instruction according to the logic detection result, wherein the login reply instruction comprises:
generating the login consent instruction under the condition that the logic detection result is that the logic detection is passed; the login consent instruction is used for the target terminal to execute password input operation according to the login consent instruction;
and generating the login rejection instruction under the condition that the logic detection result is that the logic detection fails.
In a second aspect, the application further provides a password identification device. The device comprises:
the request reply module is used for generating a login reply instruction corresponding to the password login request according to the password login request sent by the target terminal and returning the login reply instruction to the target terminal;
the key value acquisition module is used for scanning a terminal page related to the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and the password matching module is used for matching the target password information corresponding to the key value information with historical password information stored in a password database under the condition that the key value information is matched with the key image, so as to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of the password input operation executed by the target terminal.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the following steps when executing the computer program:
under the condition that a password login request sent by a target terminal is detected to meet login conditions, a login reply instruction is generated and returned to the target terminal;
scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and under the condition that the key value information is matched with the key image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of password input operation executed by the target terminal.
In a fourth aspect, the present application further provides a computer-readable storage medium. The computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
under the condition that a password login request sent by a target terminal is detected to meet login conditions, a login reply instruction is generated and returned to the target terminal;
scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and under the condition that the key value information is matched with the key image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of password input operation executed by the target terminal.
In a fifth aspect, the present application further provides a computer program product. The computer program product comprising a computer program which when executed by a processor performs the steps of:
under the condition that a password login request sent by a target terminal is detected to meet login conditions, a login reply instruction is generated and returned to the target terminal;
scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and under the condition that the key value information is detected to be matched with the key position image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of password input operation executed by the target terminal.
According to the password identification method, the password identification device, the computer equipment, the storage medium and the computer program product, a login reply instruction corresponding to the password login request is generated according to the password login request sent by the target terminal, and the login reply instruction is returned to the target terminal; scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation; and under the condition that the key value information is detected to be matched with the key position image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database, and a password matching result of the target password information is obtained and is used as a password identification result of password input operation executed by a target terminal. By adopting the method, the target password information to be identified is obtained by obtaining the key value information and the key position image corresponding to the password input operation executed by the target terminal, and the target terminal is not required to directly transmit the target password information, so that the target password information is prevented from being easily stolen and identified, the safety protection capability of the password is improved, and the safety of the password identification process is improved.
Drawings
FIG. 1 is a diagram of an embodiment of a cryptographic identification method;
FIG. 2 is a flow diagram illustrating a method for password identification in one embodiment;
FIG. 3 is a flowchart illustrating the steps of obtaining target password information in one embodiment;
FIG. 4 is a flow diagram illustrating a method for password identification in another embodiment;
FIG. 5 is a block diagram of the structure of a password identification apparatus in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The password identification method provided by the embodiment of the application can be applied to the application environment shown in fig. 1. Wherein the target terminal 101 communicates with the server 102 via a network. The target terminal 101 may be, but is not limited to, a terminal used by a user such as a worker or an expert in the field of electric power. The server 102 may be a server equipped with a power monitoring system. The data storage system may store data that the server 102 needs to process. The data storage system may be integrated on the server 102, or may be located on the cloud or other network server. The server 102 generates a login reply instruction corresponding to the password login request according to the password login request sent by the target terminal 101, and returns the login reply instruction to the target terminal 101; scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation; in the case where it is detected that the key value information matches the key image, matching processing is performed on target password information corresponding to the key value information and historical password information stored in the password database, and a password matching result of the target password information is obtained as a password recognition result of a password input operation performed by the target terminal 101. The target terminal 101 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and the like having keys. The server 102 may be implemented as a stand-alone server or a server cluster comprising a plurality of servers. The key device may be a virtual keyboard displayed on the target terminal (e.g., an input keyboard displayed on a screen of a mobile phone).
In one embodiment, as shown in fig. 2, a password identification method is provided, which is described by taking an example that the method is applied to the server mounted with the power monitoring system in fig. 1, and includes the following steps:
step S201, generating a login reply instruction corresponding to the password login request according to the password login request sent by the target terminal, and returning the login reply instruction to the target terminal.
The password login request refers to request information of a target terminal for requesting to log in the power monitoring system.
The login reply instruction is reply information for indicating whether the target terminal can log in the power monitoring system. The power monitoring system refers to a system for monitoring, processing, maintaining and the like of power related services in the power field.
Specifically, when a user needs to log in the power monitoring system, the user can access the power monitoring system through the target terminal, and the target terminal responds to the login operation of the user, generates a password login request and sends the password login request to the server. The server receives the password login request, judges the reasonability of the password login request by carrying out logic detection on the password login request, further generates a login reply instruction corresponding to the password login request according to a logic detection result, and returns the login reply instruction to the target terminal.
Step S202, a terminal page related to the password input operation executed by the target terminal according to the login reply instruction is scanned to obtain key value information and a key position image corresponding to the password input operation.
The terminal page refers to a page which is displayed on the target terminal and used for executing password input operation.
The key value information refers to information for triggering a key when a password is input.
The key images are images indicating key input modes. For example, the key image may be one showing a complete key, with the activated key highlighted on the image.
Specifically, the target terminal receives a login reply instruction, and in the case that the login reply instruction is to allow login, the target terminal performs a related login operation, for example, the related login operation may be a manner of clicking a virtual keyboard on a terminal page to trigger a password input operation, at which time the terminal responds to the password input operation and captures related information (e.g., a clicked key position sequence and page display information) of the terminal page, and sends the information to the server. The server scans the related information of the terminal page to obtain key value information corresponding to the password input operation and key position images of the keys triggered by the password input operation.
And step S203, under the condition that the key value information is detected to be matched with the key position image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database, and a password matching result of the target password information is obtained and is used as a password identification result of the password input operation executed by the target terminal.
The password matching result is data indicating whether the target password information and the historical password information have a matching relationship.
The historical password information refers to a password when each terminal registers a login account of the power monitoring system.
The password database is used for storing passwords of login accounts of the power monitoring system. The password database stores a plurality of historical password information.
Specifically, the server compares the key value information with the key position image, confirms that the key value information is valid when the key value information is matched with the key position image obtained through comparison, and then stores the key value information into the memory system. And the server acquires target password information corresponding to the key value information, matches the target password information with a plurality of historical password information stored in a password database, so as to detect whether the historical password information matched with the target password information exists in the password database, and obtain a password matching result. And under the condition that the password matching result is that the password matching is successful, generating access permission information and sending the access permission information to the target terminal for displaying so that a user can access the power monitoring system through the target terminal after seeing the access permission information. And under the condition that the password matching result is that the matching fails, generating access refusing information and sending the access refusing information to the target terminal for displaying.
In the password identification method, a login reply instruction corresponding to the password login request is generated according to the password login request sent by the target terminal, and the login reply instruction is returned to the target terminal; scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation; and under the condition that the key value information is matched with the key position image, matching the target password information corresponding to the key value information with the historical password information stored in the password database to obtain a password matching result of the target password information, wherein the password matching result is used as a password identification result of the password input operation executed by the target terminal. By adopting the method, the target password information is obtained by acquiring the key value information and the key position image corresponding to the password input operation executed by the target terminal without directly transmitting the target password information by the target terminal, so that the target password information is prevented from being easily stolen and identified, the safety protection capability of the password is improved, and the safety of the password identification process is improved.
In an embodiment, in step S202, the terminal page associated with the password input operation executed by the target terminal according to the login reply instruction is scanned to obtain key value information and a key position image corresponding to the password input operation, and the method specifically includes the following steps: scanning a terminal page related to password input operation to obtain chrominance information, scanning information and a key position image of the password input operation; performing least square processing on the chroma information and the scanning information to obtain correction information of password input operation; and obtaining key value information of the password input operation according to the correction information, the chrominance information and the scanning information.
The scanning information refers to data obtained by scanning a terminal page.
Wherein the chroma information refers to hue and saturation of colors of the key bit image.
The correction information refers to data for correcting the scan information. Wherein the correction information may be data in a matrix form.
Specifically, when receiving an access permission instruction for a terminal page associated with a password input operation, the server scans the terminal page to obtain a plurality of unit scan values, and may mark the unit scan values as ci, where ci = [ ri gi bi =] T And i is more than or equal to 1 and less than or equal to Mq, further obtaining a matrix Cs with a unit scanning value set of Mqx3, and taking the matrix Cs as scanning information, wherein the matrix Cs = [ c1 \8230, cMq =] T . The unit chroma may also be labeled ti, where ti = [ Li ai bi =] T I is more than or equal to 1 and less than or equal to Mq, a matrix Ts with a unit chromaticity set Mqx3 is obtained, and the matrix Ts is used as chromaticity information, wherein the matrix Ts = [ t1 '\8230'; tMq =] T 。
Performing matrix operation on the unit scanning value ci to obtain a target unit scanning value ci'; the target cell scan value may be expressed by the following equation:
ci′=[1 ri gi bi ri gi bi gi bi ri 2 gi 2 bi 2 ] T
further, the target scan information Cs' may be obtained based on the target cell scan value, and the target scan information may be represented by the following formula:
Cs′=[c1′…cMq′] T
performing least square processing on the chroma information and the target scanning information to obtain correction information of password input operation; determining initial key value information of password input operation according to the chrominance information, the key position image and the scanning information; and correcting the initial key position information according to the correction information to obtain key value information of password input operation. The correction information M may be obtained as follows:
M=(Cs′ T Cs′) -1 Cs′ T Ts
further, it is also possible to find a correction function by the correction information to assist the correction information in correcting the initial key position information; the correction function Fscan be obtained as follows:
Fscan=ci′(Cs′ T Cs′) -1 Cs′ T Ts
in the embodiment, the chrominance information, the scanning information and the key position image of the password input operation are obtained by scanning the terminal page associated with the password input operation; performing least square processing on the chroma information and the scanning information to obtain correction information of password input operation; and obtaining the key value information of the password input operation according to the correction information, the chrominance information and the scanning information, thereby realizing reasonable acquisition of the key value information and the key position image corresponding to the password input operation executed by the target terminal.
In one embodiment, before the case where the key value information is detected to match the key image, further comprising: carrying out graying processing on the key position image to obtain a grayed image; the grayed image and the key value information are compared to obtain a comparison result of the key value information; and under the condition that the comparison result meets the key position matching condition, confirming that the key value information is matched with the key position image.
The grayed image refers to an image obtained by performing graying processing on the key bit image.
The key position matching condition is a condition for determining whether the key value information is valid. For example, the key position matching condition may be set such that the comparison result is higher than a preset matching degree threshold.
After the server acquires the key value information and the key images in the above step S202, the validity of the acquired key value information may be confirmed again. Specifically, since the color image has more three channels of information and complicated calculation, in order to avoid the key position information obtained by using the chromatic value calculation in the above embodiment from being incorrect, the server may perform the graying processing on the key position image, for example, the server may convert the key position image into the grayed image by the graying instruction "cv2. Cvtctcolor (image, cv2.Color _ BGR2 GRAY)" in OpenCV. It should be noted that, compared with the original key value image, since the channel data of the grayed image can more highlight the target area, the grayed image can more clearly reflect the key value information, so that the server compares the grayed image with the key value information to obtain the comparison result of the key value information; the server can set the bit matching condition as that the comparison result is higher than a preset matching degree threshold value, and when the matching degree between the grayed image and the key value information is higher than the preset matching degree threshold value, the key value information is confirmed to be matched with the key value image; and when the matching degree between the grayed image and the key value information is lower than a preset matching degree threshold value, confirming that the key value information is not matched with the key value image.
In the embodiment, the key position image is subjected to graying processing to obtain a grayed image; the grayed image and the key value information are compared to obtain a comparison result of the key value information; and under the condition that the comparison result meets the key position matching condition, the key value information is confirmed to be matched with the key position image, namely, before the target password information corresponding to the key value information is verified, the key value information is verified by comparing the grayed image with the key value information, so that the error of processing the obtained key value information can be avoided, the accuracy of the key value information is improved, and the accuracy and the reliability of the target password information corresponding to the key value information are improved.
In an embodiment, as shown in fig. 3, before the target password information corresponding to the key value information is matched with the historical password information stored in the password database to obtain the password matching result of the target password information, the method further includes a step of obtaining the target password information, which specifically includes the following steps:
step S301, receiving an initial password function sent by a target terminal.
The initial cryptographic function refers to an original cryptographic algorithm sent by a target terminal, and is constructed by a plurality of sub-cryptographic functions, for example, the initial cryptographic function may be constructed by sub-cryptographic functions of an inner layer and an outer layer. Among them, the cryptographic algorithm refers to a function for encryption and decryption.
Step S302, the initial password function is filtered to obtain a target password function.
Step S303, according to the target password function, the initial password corresponding to the key value information is decrypted to obtain the target password information.
The target cryptographic function is a cryptographic function including a constant.
The initial password refers to an encrypted password input by the target terminal. The encryption password is preferably constant.
The target password information refers to a real password used by the target terminal for logging in the power monitoring system.
Before the target password information corresponding to the key value information is matched with the historical password information stored in the password database in step S203, the target password information corresponding to the key value information needs to be obtained first. Specifically, the target terminal sends an initial cryptographic function to the server, and the server receives the initial cryptographic function. Then the server filters the initial cryptographic function, for example, the server first obtains the operation instruction frequency of each sub-cryptographic function in the initial cryptographic function, and respectively detects whether the operation instruction frequency of each sub-cryptographic function meets a preset instruction frequency condition; and under the condition that the operation instruction frequency of the sub-cryptographic function does not meet the preset instruction frequency condition, confirming that the sub-cryptographic function is invalid, and filtering the sub-cryptographic function. Under the condition that the operation instruction frequency of the sub-cryptographic function meets the preset instruction frequency condition, matching the immediate number in the operation instruction of the sub-cryptographic function with the immediate number in the cryptographic database to obtain a function matching result of the sub-cryptographic function; the immediate number is obtained by circularly right-shifting the even number of the constant number, so that the method can detect whether the sub-cryptographic function contains the constant number. And when the function matching result of the sub-cryptographic function is detected to be successful, namely the sub-cryptographic function contains a constant, the sub-cryptographic function is confirmed to be valid and stored in the cache. And under the condition that the function matching result of the sub-cryptographic function is detected to be matching failure, calculating to obtain the proportion occupied by arithmetic operation and logic operation in the sub-cryptographic function, and under the condition that the proportion is greater than a preset proportion threshold value, confirming that the sub-cryptographic function is valid and storing in a cache. And under the condition that the proportion is larger than a preset proportion threshold value, confirming that the sub-cryptographic function is invalid, and filtering the sub-cryptographic function. And taking each effective sub-cryptographic function in the cache as a target cryptographic function together.
In practical application, the child cryptographic functions can also have corresponding parent cryptographic functions, the server can detect the child cryptographic functions of the inner layer and the outer layer in advance, and if the child cryptographic functions are confirmed to be effective, the parent cryptographic functions of the child cryptographic functions do not need to be detected; if the child cryptographic function is determined to be invalid, the parent cryptographic function is detected. In the embodiment, most functions in the initial cryptographic functions are filtered out by filtering the initial cryptographic functions to screen out target cryptographic functions (e.g., MD5, SHA1, etc.) including constants.
Further, the server obtains an initial password corresponding to the key value information, and decrypts the initial password through a target password function to obtain target password information. For example, when a password input operation is performed by a target terminal, an encrypted login password (the encrypted login password is a constant) is input to prevent the password from being stolen and tampered in the transmission process, then an initial password function is separately transmitted, the encrypted login password is decrypted by using a target password function containing the constant in the initial password function, and finally real target password information is obtained.
In the embodiment, the initial password function sent by the target terminal is received, and the initial password function and the key value information are separately transmitted, so that the probability that both the key value information and the initial password function are stolen is reduced, even if any one of the key value information and the initial password function is stolen, the key value information and the initial password function cannot be cracked under the condition that another data cannot be obtained, and the safety of the password identification process is improved; filtering the initial password function to obtain a target password function; according to the target password function, the initial password corresponding to the key value information is decrypted to obtain the target password information, the initial password function is obtained through the construction of the plurality of sub-password functions, the initial password can be prevented from being easily decrypted when the initial password function is leaked, the target password function needs to be accurately filtered from the initial password function, the accurate decryption of the target password information can be realized, and therefore the safety of the password identification process is greatly improved.
In an embodiment, in step S201, according to the password login request sent by the target terminal, a login reply instruction corresponding to the password login request is generated, which specifically includes the following contents: carrying out logic detection on the password login request to obtain a logic detection result of the password login request; and generating a corresponding login reply instruction according to the logic detection result.
The login reply instruction refers to an instruction for replying to the password login request.
Specifically, the server receives a password login request sent by the target terminal, acquires a preset logic detection instruction from the database, judges the reasonability of the password login request through the logic detection instruction, generates a login reply instruction corresponding to the password login request according to a logic detection result, and returns the login reply instruction to the target terminal.
For example, after the target terminal is infected by network viruses, the target terminal is sent to the server by the virus agent for multiple times, and the server can detect that the multiple request behaviors of the target terminal are abnormal through a logic detection instruction, that is, the password login request is judged to be unreasonable, so that data in the power monitoring system is prevented from being stolen or tampered.
In the embodiment, the logic detection result of the password login request is obtained by performing logic detection on the password login request; according to the logic detection result, a corresponding login reply instruction is generated, whether the password login request sent by the target terminal is reasonable or not can be detected, abnormal login of the target terminal on the power monitoring system is avoided, and therefore data safety of the power monitoring system is improved.
In one embodiment, the login reply instruction includes a login approval instruction and a login rejection instruction; generating a corresponding login reply instruction according to the logic detection result, wherein the login reply instruction specifically comprises the following contents: generating a login consent instruction under the condition that the logic detection result is that the logic detection is passed; the login agreement instruction is used for the target terminal to execute password input operation according to the login agreement instruction; and generating a login rejection instruction when the logic detection result is that the logic detection fails.
The login approval instruction is an instruction for allowing the target terminal to log in the power monitoring system.
The login rejection instruction is an instruction for rejecting the target terminal to log in the power monitoring system.
Specifically, when the server detects that the logic of the password login request is unreasonable, and the logic detection result is that the logic detection fails, the server generates a login rejection instruction as a login reply instruction, and returns the login rejection instruction to the target terminal. When the server detects that the logic of the password login request is reasonable, the obtained logic detection result is set to be logical detection pass, a login agreement instruction is generated to serve as a login reply instruction, the login agreement instruction is returned to the target terminal, and the target terminal executes password input operation after receiving the login agreement instruction and confirming that the password is allowed to log in.
In the embodiment, when the logic detection result is that the logic detection is passed, a login approval instruction is generated as a login reply instruction and is sent to the target terminal, so that the target terminal executes password input operation according to the login reply instruction; and under the condition that the logic detection result is that the logic detection fails, generating a login refusing instruction as a login reply instruction and sending the login refusing instruction to the target terminal, so that the logic detection of the password login request sent by the target terminal is realized, the abnormal login of the target terminal on the power monitoring system is avoided, and the data security of the power monitoring system is improved.
In one embodiment, as shown in fig. 4, another password identification method is provided, which is described by taking the method as an example applied to the server in fig. 1, and includes the following steps:
step S401, carrying out logic detection on the password login request to obtain a logic detection result of the password login request; and generating a corresponding login reply instruction according to the logic detection result, and returning the login reply instruction to the target terminal.
Step S402, scanning the terminal page related to the password input operation to obtain the chrominance information, the scanning information and the key position image of the password input operation.
And step S403, performing least square processing on the chroma information and the scanning information to obtain correction information of password input operation.
And step S404, obtaining key value information of the password input operation according to the correction information, the chrominance information and the scanning information.
Step S405, performing graying processing on the key position image to obtain a grayed image; and comparing the grayed image with the key value information to obtain a comparison result of the key value information.
Step S406, under the condition that the comparison result meets the key position matching condition, the key value information is confirmed to be matched with the key position image.
Step S407, in the case of detecting that the key value information matches the key image, receives the initial cryptographic function sent by the target terminal.
Step S408, filtering the initial password function to obtain a target password function; and according to the target password function, decrypting the initial password corresponding to the key value information to obtain target password information.
And step S409, matching the target password information corresponding to the key value information with the historical password information stored in the password database to obtain a password matching result of the target password information, wherein the password matching result is used as a password identification result of the password input operation executed by the target terminal.
The password identification method can achieve the following beneficial effects:
(1) Target password information is obtained by obtaining key value information and key position images corresponding to password input operation executed by a target terminal, and the target terminal is not required to directly transmit the target password information, so that the target password information is prevented from being easily stolen and identified, the safety protection capability of a password is improved, and the safety of the password identification process is improved;
(2) The initial password function and the key value information are transmitted separately, so that the probability that both the key value information and the initial password function are stolen is reduced, even if any one of the key value information and the initial password function is stolen, the key value information and the initial password function cannot be cracked under the condition that the other data cannot be obtained, and the safety of the password identification process is further improved;
(3) Through carrying out logic detection on the password login request, whether the password login request sent by the target terminal is reasonable or not can be detected, abnormal login of the power monitoring system by the target terminal is avoided, and therefore data security of the power monitoring system is improved.
In order to clarify the password identification method provided by the embodiments of the present disclosure more clearly, the above password identification method is specifically described below with a specific embodiment. The method for identifying the password specifically comprises the following steps:
(1) A user transmits a password login request for a control center in a power monitoring system to a server equipped with the power monitoring system through a target terminal.
(2) The power monitoring system (or a server equipped with the power monitoring system) receives a password login request transmitted by a target terminal.
(3) And the power monitoring system performs logic detection on the password login request, generates a corresponding login reply instruction and returns the login reply instruction to the target terminal. And (4) when the login reply instruction is a login approval instruction, executing the step (4), and when the login reply instruction is a login rejection instruction, repeatedly executing the steps (1) to (3).
(4) When the target terminal receives the login approval instruction, the user inputs the password input operation executed by the target terminal, namely, the encrypted password of the control center in the power monitoring system.
(5) The power monitoring system scans a terminal page of the target terminal to obtain key value information and a key position image corresponding to password input operation.
(6) And the power monitoring system control center compares the key value information with the key position images, and confirms that the key value information is effective when the key value information obtained by comparison is matched with the key position images.
(7) And storing the key value data and the target password information corresponding to the key value data into a memory system of a control center in the power monitoring system.
(8) The power monitoring system matches the target password information with a plurality of historical password information stored in a password database.
(9) And under the condition that the password matching result is successful, generating access permission information and sending the access permission information to the target terminal to finish the password identification process. And the target terminal displays the access permission information on a screen so that a user can access the power monitoring system through the target terminal after seeing the access permission information.
In the embodiment, the target password information is obtained by obtaining the key value information and the key position image corresponding to the password input operation executed by the target terminal, the target terminal is not required to directly transmit the target password information, the target password information is prevented from being easily stolen and identified, the safety protection capability of the password is improved, the safety of the password identification process is improved, the effective guarantee is provided for the integral operation of a large-scale power monitoring system, the practicability is high, and the application range is wide.
It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.
Based on the same inventive concept, the embodiment of the application also provides a password identification device for realizing the password identification method. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the method, so the specific limitations in one or more embodiments of the password identification device provided below can be referred to the limitations of the password identification method in the above, and are not described herein again.
In one embodiment, as shown in fig. 5, there is provided a password recognition apparatus 500, including: a request reply module 501, a key value collection module 502 and a password matching module 503, wherein:
the request reply module 501 is configured to generate a login reply instruction corresponding to the password login request according to the password login request sent by the target terminal, and return the login reply instruction to the target terminal.
The key value acquisition module 502 is configured to scan a terminal page associated with a password input operation executed by the target terminal according to the login reply instruction, and obtain key value information and a key position image corresponding to the password input operation.
And the password matching module 503 is configured to, in a case that it is detected that the key value information matches the key position image, perform matching processing on target password information corresponding to the key value information and historical password information stored in the password database to obtain a password matching result of the target password information, which is used as a password identification result of a password input operation executed by the target terminal.
In one embodiment, the key value acquisition module 502 is further configured to scan a terminal page associated with the password input operation to obtain chrominance information, scanning information, and a key position image of the password input operation; performing least square processing on the chroma information and the scanning information to obtain correction information of password input operation; and obtaining key value information of the password input operation according to the correction information, the chrominance information and the scanning information.
In one embodiment, the password identification apparatus 500 further includes a key comparison module for performing graying processing on the key image to obtain a grayed image; the grayed image and the key value information are compared to obtain a comparison result of the key value information; and under the condition that the comparison result meets the key position matching condition, confirming that the key value information is matched with the key position image.
In one embodiment, the password identification apparatus 500 further includes a password obtaining module, configured to receive an initial password function sent by the target terminal; filtering the initial password function to obtain a target password function; and according to the target password function, decrypting the initial password corresponding to the key value information to obtain the target password information.
In an embodiment, the request reply module 501 is further configured to perform a logical detection on the password login request, so as to obtain a logical detection result of the password login request; and generating a corresponding login reply instruction according to the logic detection result.
In one embodiment, the login reply instruction includes a login approval instruction and a login rejection instruction; the password identification device 500 further includes a logic detection module, configured to generate a login agreement instruction when the logic detection result is that the logic detection passes; the login agreement instruction is used for the target terminal to execute password input operation according to the login agreement instruction; and generating a login rejection instruction when the logic detection result is that the logic detection fails.
The modules in the password identification device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 6. The computer device includes a processor, a memory, an Input/Output interface (I/O for short), and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing key value information, key image, target password information and other data. The input/output interface of the computer device is used for exchanging information between the processor and an external device. The communication interface of the computer device is used for connecting and communicating with an external terminal through a network. The computer program is executed by a processor to implement a method of password identification.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, carries out the steps in the method embodiments described above.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided herein can include at least one of non-volatile and volatile memory. The nonvolatile Memory may include a Read-Only Memory (ROM), a magnetic tape, a floppy disk, a flash Memory, an optical Memory, a high-density embedded nonvolatile Memory, a resistive Random Access Memory (ReRAM), a Magnetic Random Access Memory (MRAM), a Ferroelectric Random Access Memory (FRAM), a Phase Change Memory (PCM), a graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), for example. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing based data processing logic devices, etc., without limitation.
All possible combinations of the technical features in the above embodiments may not be described for the sake of brevity, but should be considered as being within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A method of password identification, the method comprising:
generating a login reply instruction corresponding to a password login request according to the password login request sent by a target terminal, and returning the login reply instruction to the target terminal;
scanning a terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and under the condition that the key value information is matched with the key image, matching processing is carried out on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, and the password matching result is used as a password identification result of password input operation executed by the target terminal.
2. The method according to claim 1, wherein the scanning the terminal page associated with the password input operation executed by the target terminal according to the login reply instruction to obtain the key value information and the key position image corresponding to the password input operation comprises:
scanning a terminal page related to the password input operation to obtain chrominance information, scanning information and the key position image of the password input operation;
performing least square processing on the chrominance information and the scanning information to obtain correction information of the password input operation;
and obtaining key value information of the password input operation according to the correction information, the chrominance information and the scanning information.
3. The method according to claim 1, before detecting that the key value information matches the key image, further comprising:
carrying out graying processing on the key position image to obtain a grayed image;
comparing the grayed image with the key value information to obtain a comparison result of the key value information;
and confirming that the key value information is matched with the key image under the condition that the comparison result meets the key position matching condition.
4. The method of claim 1, wherein before performing matching processing on target password information corresponding to the key value information and historical password information stored in a password database to obtain a password matching result of the target password information, the method further comprises:
receiving an initial password function sent by the target terminal;
filtering the initial password function to obtain a target password function;
and according to the target password function, decrypting the initial password corresponding to the key value information to obtain the target password information.
5. The method according to claim 1, wherein the generating a login reply instruction corresponding to the password login request according to the password login request sent by the target terminal includes:
carrying out logic detection on the password login request to obtain a logic detection result of the password login request;
and generating the corresponding login reply instruction according to the logic detection result.
6. The method according to claim 5, wherein the login reply instruction comprises a login approval instruction and a login rejection instruction;
the generating the corresponding login reply instruction according to the logic detection result includes:
generating the login consent instruction under the condition that the logic detection result is that the logic detection is passed; the login consent instruction is used for the target terminal to execute password input operation according to the login consent instruction;
and generating the login rejection instruction under the condition that the logic detection result is that the logic detection fails.
7. A password identification device, the device comprising:
the request reply module is used for generating a login reply instruction corresponding to the password login request according to the password login request sent by the target terminal and returning the login reply instruction to the target terminal;
the key value acquisition module is used for scanning a terminal page related to the password input operation executed by the target terminal according to the login reply instruction to obtain key value information and a key position image corresponding to the password input operation;
and the password matching module is used for matching the target password information corresponding to the key value information with historical password information stored in a password database under the condition that the key value information is detected to be matched with the key position image, so that a password matching result of the target password information is obtained and is used as a password identification result of the password input operation executed by the target terminal.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 6 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211228462.XA CN115589290A (en) | 2022-10-08 | 2022-10-08 | Password identification method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211228462.XA CN115589290A (en) | 2022-10-08 | 2022-10-08 | Password identification method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115589290A true CN115589290A (en) | 2023-01-10 |
Family
ID=84780568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211228462.XA Pending CN115589290A (en) | 2022-10-08 | 2022-10-08 | Password identification method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115589290A (en) |
-
2022
- 2022-10-08 CN CN202211228462.XA patent/CN115589290A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11558381B2 (en) | Out-of-band authentication based on secure channel to trusted execution environment on client device | |
| US20230132211A1 (en) | Distributed key secret for rewritable blockchain | |
| US11451544B2 (en) | Systems and methods for secure online credential authentication | |
| WO2020048241A1 (en) | Blockchain cross-chain authentication method and system, and server and readable storage medium | |
| KR101843340B1 (en) | Privacy-preserving collaborative filtering | |
| JP2016531508A (en) | Data secure storage | |
| AU2020245399B2 (en) | System and method for providing anonymous validation of a query among a plurality of nodes in a network | |
| CN112529586B (en) | Transaction information management method, device, equipment and storage medium | |
| CN112073444B (en) | Data set processing method and device and server | |
| CN111259363B (en) | Service access information processing method, system, device, equipment and storage medium | |
| CN116962021A (en) | Method, device, equipment and medium for user real name authentication in financial cooperative institution | |
| US9135449B2 (en) | Apparatus and method for managing USIM data using mobile trusted module | |
| CN116366289A (en) | Safety supervision method and device for remote sensing data of unmanned aerial vehicle | |
| CN115589290A (en) | Password identification method and device, computer equipment and storage medium | |
| CN115756255A (en) | Method, device and equipment for processing equipment parameters of parking lot equipment and storage medium | |
| CN111125741B (en) | Zero knowledge verification method based on block chain | |
| CN115168907B (en) | Data matching method, system, equipment and storage medium for protecting data privacy | |
| US11531739B1 (en) | Authenticating user identity based on data stored in different locations | |
| CN113806778B (en) | Data management method, system and storage medium based on big data platform | |
| CN116366335A (en) | Method, device, computer equipment and storage medium for remotely accessing intranet | |
| CN116094764A (en) | Power grid data storage method, device and equipment of power monitoring system | |
| CN117391701A (en) | Method and device for detecting theft and brushing behaviors, computer equipment and storage medium | |
| CN115964724A (en) | Data processing method and device and electronic equipment | |
| CN116192512A (en) | Data transmission method, device, computer equipment and storage medium | |
| CN116962589A (en) | Data transmission method, device, system, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |