CN115664707A - Security authentication method, system, device and storage medium for WEB application - Google Patents
Security authentication method, system, device and storage medium for WEB application Download PDFInfo
- Publication number
- CN115664707A CN115664707A CN202211126043.5A CN202211126043A CN115664707A CN 115664707 A CN115664707 A CN 115664707A CN 202211126043 A CN202211126043 A CN 202211126043A CN 115664707 A CN115664707 A CN 115664707A
- Authority
- CN
- China
- Prior art keywords
- password
- ciphertext
- authentication
- registration
- cipher text
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a security authentication method, a system, a device and a storage medium for WEB application, wherein the method comprises the following steps: when a user registers, acquiring a registration password provided by the user, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database; during front-end security authentication, acquiring a user name and a password provided by a user, encrypting the password to generate a password ciphertext, and encrypting the user name and the password ciphertext to generate an authentication ciphertext; when the background security authentication is carried out, an authentication ciphertext is obtained, and the authentication ciphertext is decrypted to obtain a user name and password ciphertext; verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name; matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful; the invention can realize the confidentiality and the integrity of the transmission of the identity authentication information and the confidentiality and the integrity of the data storage.
Description
Technical Field
The invention relates to a security authentication method, a system, a device and a storage medium for WEB application, belonging to the technical field of identity authentication.
Background
With the development of network technology and the popularization of network communication, the network security problem becomes more serious and becomes a focus problem of world attention. The current network-bound security threats mainly come from hacker attacks, network defects, malicious programs, software bugs, management defects and the like. Network security events become more and more serious, web application has security risks of being forged, hijacked by middlemen and the like, and hackers can attack through forged identities. In order to prevent the leakage of personal information of a user and enhance the security of the Web application, various security authentications are generally performed on the Web application, so that the leakage of information contents due to illegal means is reduced, and the security of data is further improved. Authentication security for Web applications is therefore also becoming increasingly important.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a security authentication method, a system, a device and a storage medium for WEB application, which can realize the transmission confidentiality and integrity of identity authentication information and the confidentiality and integrity of data storage.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, the present invention provides a security authentication method for WEB applications, including:
when a user registers, acquiring a registration password provided by the user, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database;
during front-end security authentication, acquiring a user name and a password provided by a user, encrypting the password to generate a password ciphertext, and encrypting the user name and the password ciphertext to generate an authentication ciphertext;
when the background security authentication is carried out, an authentication ciphertext is obtained, and the authentication ciphertext is decrypted to obtain a user name and password ciphertext;
verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name;
and matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful.
Optionally, the encrypting the registration password to generate the registration password ciphertext includes:
encrypting the registration password by using SM3 algorithm to generate a preliminary registration password ciphertext which is marked as SM3[ registration password ];
and encrypting the initial registration cipher ciphertext by using an SM4 algorithm to generate a final registration cipher ciphertext which is recorded as SM4[ SM3[ registration cipher ] ].
Optionally, the encrypting the password to generate the password ciphertext includes:
carrying out SM3 algorithm encryption on the password to generate a preliminary password cipher text which is recorded as SM3[ password ];
and carrying out SM2 algorithm encryption on the password cipher text, the 8-bit random code and the password cipher to generate a final password cipher text which is recorded as SM2[ SM3[ password cipher ], the 8-bit random code and the password cipher ].
Optionally, the encrypting the user name and password ciphertext to generate the authentication ciphertext includes:
carrying out SM2 algorithm encryption on the user name and password cipher text to generate an authentication cipher text, and recording the authentication cipher text as SM2[ user name, SM2[ SM3[ password, 8-bit random code, password ] ];
decrypting the authentication ciphertext to obtain a user name and password ciphertext comprises:
and carrying out SM2 algorithm decryption on the authentication ciphertext to obtain a user name and password ciphertext, and recording as [ user name ] and SM2[ SM3[ password ], 8-bit random code and password ].
Optionally, the public key encrypted by the SM2 algorithm and the decrypted private key are both stored in a key store; the key bank provides a service for obtaining a public key through a REST protocol, and provides a service for obtaining a private key through a JDBC protocol.
Optionally, the verifying the password cipher text obtained by decryption includes:
carrying out SM3 algorithm encryption on the password in the password ciphertext obtained by decryption to generate a verification password ciphertext;
and matching and verifying the password cipher text and the verification password cipher text in the password cipher text obtained by decryption.
Optionally, the matching the registration password ciphertext and the password ciphertext includes:
carrying out SM4 decryption on the registered cipher ciphertext SM4[ SM3[ registered cipher ] ] to obtain a preliminary registered cipher ciphertext SM3[ registered cipher ];
and matching the preliminary registration password ciphertext SM3[ registration password ] with the password ciphertext SM3[ registration password ].
In a second aspect, the present invention provides a security authentication system for WEB applications, including:
the registration module is used for acquiring a registration password provided by a user when the user registers, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database;
the front-end authentication module is used for acquiring a user name and a password provided by a user during front-end security authentication, encrypting the password to generate a password cipher text, and encrypting the user name and the password cipher text to generate an authentication cipher text;
the background authentication module is used for acquiring an authentication ciphertext during background security authentication, and decrypting the authentication ciphertext to acquire a user name and a password ciphertext; verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name; and matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful.
In a third aspect, the present invention provides a security authentication apparatus for WEB applications, including a processor and a storage medium;
the storage medium is to store instructions;
the processor is configured to operate in accordance with the instructions to perform the steps according to the above-described method.
In a fourth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above-described method.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a security authentication method, a system, a device and a storage medium for WEB application, wherein a user registration password is encrypted and stored through a national encryption algorithm, so that the confidentiality and the integrity of data storage are ensured; encrypting the password of the user through a national encryption algorithm to ensure the confidentiality and the integrity of data transmission; integrity verification is carried out on the password and the password of the user through a national secret algorithm, the password and the password are compared with the user registration password stored in the database, a verification result and an access token are fed back to the front end when the password and the password are consistent, and error information is fed back to the front end when the password and the password are inconsistent; in conclusion, the invention can realize the confidentiality and the integrity of the transmission of the identity authentication information and the confidentiality and the integrity of the data storage.
Drawings
Fig. 1 is a flowchart of a security authentication method for a WEB application according to an embodiment of the present invention;
fig. 2 is a flowchart of front-end authentication and background authentication according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
The first embodiment is as follows:
as shown in fig. 1, the present invention provides a security authentication method for WEB application, which includes the following steps:
1. when a user registers, acquiring a registration password provided by the user, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database;
the method for encrypting the registration password to generate the registration password ciphertext comprises the following steps:
1.1, encrypting the registration password by using SM3 algorithm to generate a preliminary registration password ciphertext which is marked as SM3[ registration password ];
and 1.2, encrypting the initial registration cipher ciphertext through an SM4 algorithm to generate a final registration cipher ciphertext, and recording the final registration cipher ciphertext as SM4[ SM3[ registration cipher ] ].
2. During front-end security authentication, acquiring a user name and a password provided by a user, encrypting the password to generate a password ciphertext, and encrypting the user name and the password ciphertext to generate an authentication ciphertext;
as shown in fig. 2, the authentication information is a user name and a password;
wherein, encrypt the password and generate the password ciphertext includes:
2.1, carrying out SM3 algorithm encryption on the password to generate a preliminary password cipher text which is recorded as SM3[ password ];
2.2, carrying out SM2 algorithm encryption on the password cipher text, the 8-bit random code and the password cipher to generate a final password cipher text which is recorded as SM2[ SM3[ password cipher ], 8-bit random code and password cipher ].
The encrypting the user name and password cipher text to generate the authentication cipher text comprises the following steps:
2.3, carrying out SM2 algorithm encryption on the user name and the password ciphertext to generate an authentication ciphertext, and recording as SM2[ the user name, SM2[ SM3[ the password, 8-bit random code, the password ] ];
3. when the background security authentication is carried out, an authentication ciphertext is obtained, and the authentication ciphertext is decrypted to obtain a user name and password ciphertext;
the step of decrypting the authentication ciphertext to obtain the user name and password ciphertext comprises the following steps:
and 3.1, carrying out SM2 algorithm decryption on the authentication ciphertext to obtain a user name and password ciphertext, and recording as [ user name ] and SM2[ SM3[ password ], 8-bit random code and password ].
When decrypting, the integrity of the SM2 algorithm is required to be verified, the encryption result of the SM2 algorithm is different every time, the verification length is in accordance with the anti-decryption, if the length is not enough, the decryption cannot be performed, if the length is over-long, the decryption-capable length is automatically intercepted, if the decryption cannot be performed at the moment, the verification is failed, and the front end is directly returned;
the public key encrypted by the SM2 algorithm and the decrypted private key are both stored in a key bank; the key bank provides a service for obtaining a public key through a REST protocol, and provides a service for obtaining a private key through a JDBC protocol.
4. Verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name;
wherein, the password cipher text obtained by decryption is verified by the following steps:
carrying out SM3 algorithm encryption on the password in the password ciphertext obtained by decryption to generate a verification password ciphertext;
and matching and verifying the password cipher text and the verification password cipher text in the decrypted password cipher text.
5. And matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful.
Wherein, matching the registration password ciphertext with the password ciphertext comprises:
5.1, carrying out SM4 decryption on the registered cipher text SM4[ SM3[ registered cipher ] ] to obtain a preliminary registered cipher text SM3[ registered cipher ];
and 5.2, matching the preliminary registration password ciphertext SM3[ registration password ] with the password ciphertext SM3[ registration password ].
And the private key decrypted by the SM4 algorithm is stored in a key bank, and a service for obtaining the private key is provided through a JDBC protocol.
Example two:
as shown in fig. 2, the present invention provides a security authentication system for WEB applications, which includes:
the registration module is used for acquiring a registration password provided by a user when the user registers, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database;
the front-end authentication module is used for acquiring a user name and a password provided by a user during front-end security authentication, encrypting the password to generate a password cipher text, and encrypting the user name and the password cipher text to generate an authentication cipher text;
the background authentication module is used for acquiring an authentication ciphertext during background security authentication, and decrypting the authentication ciphertext to acquire a user name and a password ciphertext; verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name; and matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful.
Example three:
the invention provides a security authentication device for WEB application, which comprises a processor and a storage medium, wherein the processor is used for processing a WEB application;
a storage medium to store instructions;
the processor is configured to operate in accordance with instructions to perform steps in accordance with the above-described method.
Example four:
the invention provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
In conclusion, the invention carries out encryption storage on the user registration password through the cryptographic algorithms SM4 and SM3, thereby ensuring the confidentiality and integrity of data storage; encrypting the password of the user through the SM2 and SM3 cryptographic algorithms to ensure the confidentiality and the integrity of data transmission; and integrity verification is carried out on the password and the password of the user through a national secret algorithm, the password and the password are compared with the user registration password stored in the database, the verification result and the access token are fed back to the front end when the password and the password are consistent, and error information is fed back to the front end when the password and the password are inconsistent.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A security authentication method for WEB application is characterized by comprising the following steps:
when a user registers, acquiring a registration password provided by the user, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database;
during front-end security authentication, acquiring a user name and a password provided by a user, encrypting the password to generate a password ciphertext, and encrypting the user name and the password ciphertext to generate an authentication ciphertext;
when the background security authentication is carried out, an authentication ciphertext is obtained, and the authentication ciphertext is decrypted to obtain a user name and password ciphertext;
verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name;
and matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful.
2. The method of claim 1, wherein the encrypting the registration password to generate the ciphertext of the registration password comprises:
encrypting the registration password by SM3 algorithm to generate a preliminary registration password ciphertext, which is recorded as SM3[ registration password ];
and encrypting the initial registration cipher ciphertext by using an SM4 algorithm to generate a final registration cipher ciphertext which is recorded as SM4[ SM3[ registration cipher ] ].
3. The method of claim 2, wherein the encrypting the password to generate the password ciphertext comprises:
carrying out SM3 algorithm encryption on the password to generate a preliminary password cipher text which is recorded as SM3[ password ];
and carrying out SM2 algorithm encryption on the password cipher text, the 8-bit random code and the password cipher to generate a final password cipher text which is marked as SM2[ SM3[ password cipher ], 8-bit random code and password cipher ].
4. The WEB application security authentication method according to claim 3, wherein the encrypting the user name and password ciphertext to generate the authentication ciphertext comprises:
carrying out SM2 algorithm encryption on the user name and password cipher text to generate an authentication cipher text, and recording the authentication cipher text as SM2[ user name, SM2[ SM3[ password, 8-bit random code, password ] ];
decrypting the authentication ciphertext to obtain a user name and password ciphertext comprises:
and carrying out SM2 algorithm decryption on the authentication ciphertext to obtain a user name and password ciphertext, and recording as [ user name ] and SM2[ SM3[ password ], 8-bit random code and password ].
5. The security authentication method for WEB application according to claim 4, wherein the public key encrypted by the SM2 algorithm and the private key decrypted by the SM2 algorithm are both stored in the key repository; the key bank provides a service for obtaining a public key through an REST protocol, and provides a service for obtaining a private key through a JDBC protocol.
6. The method of claim 4, wherein the verifying the password cipher text obtained by decryption comprises:
carrying out SM3 algorithm encryption on the password in the password ciphertext obtained by decryption to generate a verification password ciphertext;
and matching and verifying the password cipher text and the verification password cipher text in the decrypted password cipher text.
7. The WEB application security authentication method according to claim 4, wherein the matching the registration password ciphertext and the password ciphertext comprises:
carrying out SM4 decryption on the registered cipher ciphertext SM4[ SM3[ registered cipher ] ] to obtain a preliminary registered cipher ciphertext SM3[ registered cipher ];
and matching the preliminary registration password ciphertext SM3[ registration password ] with the password ciphertext SM3[ registration password ].
8. A security authentication system for WEB applications, comprising:
the registration module is used for acquiring a registration password provided by a user when the user registers, encrypting the registration password to generate a registration password ciphertext and uploading the registration password ciphertext to a database;
the front-end authentication module is used for acquiring a user name and a password provided by a user during front-end security authentication, encrypting the password to generate a password cipher text, and encrypting the user name and the password cipher text to generate an authentication cipher text;
the background authentication module is used for acquiring an authentication ciphertext during background security authentication, and decrypting the authentication ciphertext to acquire a user name and a password ciphertext; verifying the password cipher text obtained by decryption, and if the password cipher text passes the verification, inquiring the corresponding registration password cipher text from the database according to the user name; and matching the registered password ciphertext with the password ciphertext, and finishing authentication if matching is successful.
9. A safety certification device for WEB application is characterized by comprising a processor and a storage medium;
the storage medium is to store instructions;
the processor is configured to operate in accordance with the instructions to perform the steps of the method according to any one of claims 1 to 8.
10. Computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211126043.5A CN115664707A (en) | 2022-09-16 | 2022-09-16 | Security authentication method, system, device and storage medium for WEB application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211126043.5A CN115664707A (en) | 2022-09-16 | 2022-09-16 | Security authentication method, system, device and storage medium for WEB application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115664707A true CN115664707A (en) | 2023-01-31 |
Family
ID=84983407
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211126043.5A Pending CN115664707A (en) | 2022-09-16 | 2022-09-16 | Security authentication method, system, device and storage medium for WEB application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115664707A (en) |
-
2022
- 2022-09-16 CN CN202211126043.5A patent/CN115664707A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8051297B2 (en) | Method for binding a security element to a mobile device | |
| CN111464301B (en) | Key management method and system | |
| CN106452764B (en) | Method for automatically updating identification private key and password system | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| CN110059458B (en) | User password encryption authentication method, device and system | |
| CN107453880B (en) | Cloud data secure storage method and system | |
| US9215070B2 (en) | Method for the cryptographic protection of an application | |
| CN110971593B (en) | Database secure network access method | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN113472793A (en) | Personal data protection system based on hardware password equipment | |
| CN111614621A (en) | Internet of things communication method and system | |
| CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN114143082A (en) | Encryption communication method, system and device | |
| CN112507296A (en) | User login verification method and system based on block chain | |
| CA2553081C (en) | A method for binding a security element to a mobile device | |
| CN112883396B (en) | Trusted cryptographic module security management method and system | |
| CN108551391B (en) | Authentication method based on USB-key | |
| CN112398832B (en) | Service end user data encryption method and decryption method | |
| CN113849797A (en) | Method, device, equipment and storage medium for repairing data security vulnerability | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| CN111698203A (en) | Cloud data encryption method | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| CN115455497A (en) | Computer hard disk data encryption system and method | |
| CN114282189A (en) | Data security storage method, system, client and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |