CN115694807A - Password intelligent verification prompting method and system and electronic equipment - Google Patents

Password intelligent verification prompting method and system and electronic equipment Download PDF

Info

Publication number
CN115694807A
CN115694807A CN202211349775.0A CN202211349775A CN115694807A CN 115694807 A CN115694807 A CN 115694807A CN 202211349775 A CN202211349775 A CN 202211349775A CN 115694807 A CN115694807 A CN 115694807A
Authority
CN
China
Prior art keywords
password
verified
error
user
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211349775.0A
Other languages
Chinese (zh)
Inventor
戚建淮
刘航
崔宸
徐国前
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Y&D Electronics Information Co Ltd
Original Assignee
Shenzhen Y&D Electronics Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Y&D Electronics Information Co Ltd filed Critical Shenzhen Y&D Electronics Information Co Ltd
Priority to CN202211349775.0A priority Critical patent/CN115694807A/en
Publication of CN115694807A publication Critical patent/CN115694807A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The application discloses a password intelligent verification prompting method, a system and electronic equipment. Compared with the prior art, the method comprises the following steps: acquiring a user name to be verified and a password to be verified; performing first user name verification on a user name to be verified, and sending first error information if the first user name verification fails; if the first user name passes the verification, performing first password verification on the password to be verified; if the first password is not verified, performing first password error judgment on the password to be verified; the first password error judgment comprises the following steps: identifying the error digit of the password to be verified, and judging the size of the error digit and a first preset value; if the error bit number is higher than the first preset value, sending out second error information; and if the error digit is less than or equal to a first preset value, sending out first error prompt information. Compared with the prior art, the technical scheme can improve the efficiency of modifying after the user wrongly inputs the password and reduce the probability of wrong input of the password again.

Description

Password intelligent verification prompting method and system and electronic equipment
Technical Field
The application relates to the technical field of password management, in particular to an intelligent password verification prompting method; the application also relates to a password intelligent verification prompt system; the application also relates to an electronic device.
Background
For a system requiring strong password protection, the system has extremely high requirements on information security. When setting the password, an absolute strong password is required, and the strong password itself is irregular and difficult to memorize and use (for example, the number of password bits is more than 16, including irregular numbers, english, special characters, etc.).
In the prior art, when a strong password is input in error, only the password input error is prompted, a user needs to input all passwords again, and the password input again is likely to generate secondary errors, so that the problem of inconvenient use of the user exists.
Therefore, how to provide an intelligent password verification prompting method, which is applied to password management, can improve the efficiency of modification after a user inputs a wrong password and reduce the probability of inputting a wrong password again, and has become a technical problem to be solved by technical personnel in the field.
Disclosure of Invention
In order to solve the technical problem, the application provides an intelligent password verification prompting method which can improve the efficiency of modification after a user mistakenly inputs a password and reduce the probability of password mistake input again.
The intelligent password verification prompting method based on the PKI technology has the advantages that a client (such as a personal computer, a mobile phone and the like) needing a password verification function and a user personal Ukey are issued with an asymmetric encrypted digital certificate in advance, when the password used by the user is long and the user inputs an error (the input error password bit is lower than a threshold value), the client sandbox prompts the user to input the sequence number of the error password bit, and the prompting information is displayed on the user personal Ukey, so that the user only needs to modify the input error password bit, and the user is prevented from inputting a complete password again.
The technical scheme provided by the application is as follows:
the application provides a password intelligent verification prompting method, which comprises the following steps: acquiring a user name to be verified and a password to be verified; carrying out first username verification on the user name to be verified, and sending first error information if the first username verification fails; if the first user name passes the verification, performing first password verification on the password to be verified; if the first password is not verified, performing first password error judgment on the password to be verified; the first password error judgment comprises the following steps: identifying the error digit of the password to be verified, and judging the size of the error digit and a first preset value; if the error bit number is higher than the first preset value, sending out second error information; and if the error digit is less than or equal to the first preset value, sending out first error prompt information.
Further, in a preferred mode of the present invention, the first username verification includes the following steps: uploading the user name to be verified to a server, wherein a login user information list is stored in the server, and the login user information list comprises login user names; and the server verifies the user name to be verified based on the login user information list, and if the user name to be verified does not exist in the login user information list, the first user name is not verified.
Further, in a preferred mode of the present invention, the login user information list further includes specific login device information associated with the login user name; the first username verification further comprises the steps of: uploading the information of the to-be-verified equipment of the to-be-logged-in terminal equipment, which acquires the user name to be verified and the password to be verified, to the server; and the server verifies the information of the equipment to be verified based on the login user information list, and if the information of the equipment to be verified is not matched with the user name to be verified, the first user name is not verified.
Further, in a preferred mode of the present invention, the login-enabled user information list further includes login-enabled area information associated with the designated login-enabled device information; the first username verification further comprises the steps of: uploading the current position information of the terminal equipment to be logged in to the server; the server verifies the current location information based on the login-enabled area information, and does not perform the first password error judgment if the current location information is not matched with the login-enabled area information.
Further, in a preferred mode of the present invention, the first password verification includes the steps of: acquiring a first password data packet associated with the user name to be verified from a server, and decrypting the first password data packet by combining a preset asymmetric encryption private key to obtain a correct login password and an asymmetric encryption public key associated with the user name to be verified; and judging whether the password to be verified is correct or not by combining the correct login password: if the password to be verified is correct, the first user name is verified to pass; and if the password to be verified is incorrect, carrying out the first password error judgment.
Further, in a preferred embodiment of the present invention, the "identifying the number of error bits of the password to be verified" specifically includes: and identifying the error digit of the password to be verified by combining the correct login password.
Further, in a preferred mode of the present invention, the first error prompt information is password bit information indicating that the password to be verified is a specific error; the step of sending out the first error prompt message comprises the following steps: combining the asymmetric encryption public key to carry out asymmetric encryption on the first error prompt information to obtain a first error prompt packet; and decrypting the first error prompt packet through the user Ukey equipment associated with the user name to be verified, and displaying the first error prompt information on the user Ukey equipment.
Further, in a preferred mode of the present invention, a user name to be verified and a password to be verified are obtained on a terminal device to be logged in, and a specified client is logged in, where the specified client is installed on the terminal device to be logged in; a sandbox module is pre-installed on the terminal equipment to be logged in; the sandbox module performs first user name verification on the user name to be verified; the sandbox module performs first password verification on the password to be verified; and the sandbox module performs first password error judgment on the password to be verified.
The application also provides a password intelligent verification prompting system, which executes the password intelligent verification prompting method; the system comprises: the first acquisition module is used for acquiring a user name to be verified and a password to be verified; the first checking module is used for carrying out first user name checking on the user name to be checked; the second check module is used for carrying out first password check on the password to be checked; and the third verification module is used for carrying out first password error judgment on the password to be verified.
The application also provides a password intelligent verification prompting system, which executes the password intelligent verification prompting method; the system comprises: the server is used for asymmetrically encrypting the correct login password and the asymmetric encryption public key which are associated with the user name to be verified through the asymmetric encryption public key to obtain a first password data packet; the terminal equipment to be logged in is in signal connection with the server, a sandbox module is installed on the terminal equipment to be logged in, a designated client is installed on the terminal equipment to be logged in, the terminal equipment to be logged in is used for acquiring a user name to be verified and a password to be verified, and the terminal equipment to be logged in is used for displaying first error information or second error information; the user Ukey equipment is used for decrypting the first error prompt packet and displaying first error prompt information; and the user Ukey equipment is connected with the server through the second terminal.
Further, in a preferred mode of the present invention, the terminal device to be logged in is a computer, and the second terminal is a handheld mobile device.
Further, in a preferred mode of the present invention, the terminal device to be logged in is a handheld mobile device, and the second terminal is the terminal device to be logged in.
The present application further provides an electronic device, comprising: the computer program is used for executing the intelligent password verification prompting method; a memory for storing the computer program; a processor for executing the computer program.
Compared with the prior art, in the technical scheme provided by the application, the user name to be verified is a user name input when the user logs in, and the password to be verified is a password input when the user logs in; and preferentially carrying out first user name verification on the user name, directly prompting first error information if the user name is not verified, and not needing to verify the password to be verified, thereby improving the verification efficiency of the system and reducing the whole verification pressure. If the user name passes, starting to perform first password verification; and when the first password is verified, if the password verification fails, the first password error judgment is carried out. The invention of the application is characterized in that the judgment, identification and display of the password error bit are carried out. In the technical scheme, firstly, the number of wrong digits of the password to be verified is judged, if the number of wrong digits of the password exceeds a threshold value, the password error rate is high, the current operator is judged to be not the wrong digit, and wrong password digit prompt is not performed; if the number of wrong password bits is lower than or equal to the threshold value, the password error rate is normal, the fact that the user mistakenly inputs the wrong password is judged, and information prompt of the wrong password bits is carried out. The specific information of the wrong password bit is prompted, so that the password bit which needs to be modified by a user can be effectively prompted, the user only needs to modify the password corresponding to the password bit, and the trouble that the user deletes the password completely and inputs the password again is avoided. Compared with the prior art, the technical scheme provided by the application can improve the modification efficiency of the user after the password is wrongly input, and reduce the probability of inputting the password again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a password intelligent verification prompting method according to an embodiment of the present invention;
FIG. 2 is a diagram showing a configuration of a password smart check prompt system according to embodiment 1 of the present invention;
fig. 3 is a structural diagram of a password smart check prompt system according to embodiment 2 of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It will be understood that when an element is referred to as being "fixed" or "disposed" to another element, it can be directly on the other element or be indirectly disposed on the other element; when an element is referred to as being "connected to" another element, it can be directly connected to the other element or be indirectly connected to the other element.
It will be understood that the terms "length," "width," "upper," "lower," "front," "rear," "first," "second," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like, as used herein, refer to an orientation or positional relationship indicated in the drawings that is solely for the purpose of facilitating the description and simplifying the description, and do not indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be considered as limiting the present application.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "plurality" or "a plurality" means two or more unless specifically limited otherwise.
It should be understood that the structures, ratios, sizes, and the like shown in the drawings are only used for matching the disclosure of the present disclosure to be understood and read by those skilled in the art, and are not used for limiting the practical limitations of the present disclosure, so they do not have the essential technical meaning, and any modifications of the structures, changes of the ratio relationships, or adjustments of the sizes, should still fall within the scope of the technical disclosure of the present disclosure without affecting the function and the achievable purpose of the present disclosure.
As shown in fig. 1 and fig. 3, an intelligent password verification prompting method provided in an embodiment of the present application includes: acquiring a user name to be verified and a password to be verified; carrying out first username verification on the user name to be verified, and sending first error information if the first username verification fails; if the first user name passes the verification, performing first password verification on the password to be verified; if the first password is not verified, performing first password error judgment on the password to be verified; the first password error judgment comprises the following steps: identifying the error digit of the password to be verified, and judging the size of the error digit and a first preset value; if the error bit number is higher than the first preset value, sending out second error information; and if the error digit is less than or equal to the first preset value, sending out first error prompt information.
The embodiment of the invention provides a technical scheme of a password intelligent verification prompting method. In the technical scheme, the name of the user to be verified is a user name input when the user logs in, and the password to be verified is a password input when the user logs in; and preferentially carrying out first user name verification on the user name, directly prompting first error information if the user name is not verified, and not needing to verify the password to be verified, thereby improving the verification efficiency of the system and reducing the whole verification pressure. If the user name passes, starting to perform first password verification; and when the first password is verified, if the password verification fails, the first password error judgment is carried out. The invention of the application is characterized in that the judgment, identification and display of the password error bit are carried out. In the technical scheme, firstly, the number of wrong digits of the password to be verified is judged, if the number of wrong digits of the password exceeds a threshold value, the password error rate is high, the current operator is judged to be not the wrong digit, and wrong password digit prompt is not performed; if the number of wrong password bits is lower than or equal to the threshold value, the password error rate is normal, the fact that the user mistakenly inputs the wrong password is judged, and information prompt of the wrong password bits is carried out. The specific information of the wrong password bit is prompted, so that the password bit which needs to be modified by a user can be effectively prompted, the user only needs to modify the password corresponding to the password bit, and the trouble that the user deletes the password completely and inputs the password again is avoided. The technical scheme provided by the application can improve the modification efficiency of the user after the password is wrongly input, and reduce the probability of inputting the password again.
It should be noted that, in the prior art, usually, the user needs to input the complete password again when inputting the wrong password; for a relatively general system, a user generally sets a relatively complicated password, such as including case, number, special symbol, etc., and the input of the password itself is very troublesome. If the user needs to input all the passwords again because the passwords of the individual bits are wrongly input, the trouble is caused to the client; according to the password error judgment method and device, the password error is judged, the error password bit is identified, and the user is prompted in a targeted mode to solve the problem.
Specifically, in the embodiment of the present invention, the first username verification includes the following steps: uploading the user name to be verified to a server, wherein a login user information list is stored in the server, and the login user information list comprises login user names; and the server verifies the user name to be verified based on the login user information list, and if the user name to be verified does not exist in the login user information list, the first user name is not verified.
It should be noted that the user name to be verified is uploaded to the server to verify the user name, and the login user name information is stored in the server, so that the user name verification can be conveniently and reliably performed.
Specifically, in the embodiment of the present invention, the login user information list further includes specific login device information associated with the login user name; the first username verification further comprises the steps of: uploading the information of the to-be-verified equipment of the to-be-logged-in terminal equipment, which acquires the user name to be verified and the password to be verified, to the server; and the server verifies the information of the equipment to be verified based on the login user information list, and if the information of the equipment to be verified is not matched with the user name to be verified, the first user name is not verified.
It should be noted that, in the first user name verification, verification of the terminal device to be logged in is also performed, so as to prevent the user name from logging in at the designated terminal device. The login operation can be performed only if the specified user name is on the bound terminal device.
Specifically, in the embodiment of the present invention, the login-enabled user information list further includes login-enabled area information associated with the designated login-enabled device information; the first username verification further comprises the steps of: uploading the current position information of the terminal equipment to be logged in to the server; the server verifies the current location information based on the login-enabled area information, and does not perform the first password error judgment if the current location information is not matched with the login-enabled area information.
It should be noted that, further, when the first username is verified, the current location information of the terminal device is uploaded to the server for verification, and if the current location information is not verified, the function of the intelligent password verification prompt of the application is not started, that is, the step of judging the error of the first password is not performed.
It should be further noted that the above-mentioned scheme is applicable to a scenario in which the handheld mobile terminal logs in a specific client. If the user is allowed to log in the handheld terminal device in a designated area and use the client, the password prompting function is provided, and the safety is improved.
Specifically, in the embodiment of the present invention, the first password verification includes the following steps: acquiring a first password data packet associated with the user name to be verified from a server, and decrypting the first password data packet by combining a preset asymmetric encryption private key to obtain a correct login password and an asymmetric encryption public key associated with the user name to be verified; and judging whether the password to be verified is correct or not by combining the correct login password: if the password to be verified is correct, the first user name is verified to pass; and if the password to be verified is incorrect, carrying out the first password error judgment.
It should be noted that, when the first password verification is performed, the first password data packet is acquired from the server, and the correct login password is compared with the password to be verified, so that the first password verification is realized, and the security of the first password verification is improved.
It should be noted that, the server identifies the corresponding correct login password and the corresponding asymmetric encryption public key according to the verified user name, and encrypts the associated correct login password and the associated asymmetric encryption public key by using the asymmetric encryption public key to obtain the first password data packet.
Specifically, in the embodiment of the present invention, the "identifying the error digit of the password to be verified" specifically includes: and identifying the error digit of the password to be verified by combining the correct login password.
It should be noted that, in combination with a correct login password, the wrong password bits of the wrong password can be quickly matched.
Specifically, in the embodiment of the present invention, the first error prompt information is password bit information of a specific error of the password to be verified; the step of sending out the first error prompt message comprises the following steps: combining the asymmetric encryption public key to carry out asymmetric encryption on the first error prompt information to obtain a first error prompt packet; and decrypting the first error prompt packet through the user Ukey equipment associated with the user name to be verified, and displaying the first error prompt information on the user Ukey equipment.
It should be noted that the first error prompt information is encrypted by the asymmetric encryption public key to form a first error prompt packet, and the first error prompt packet is displayed on an interface of the user Ukey device, so that the first error prompt information is prevented from being leaked.
Specifically, in the embodiment of the present invention, the method further includes: receiving a specified confirmation operation instruction on user Ukey equipment; and in a password input box of the terminal equipment, highlighting the error password bit directly.
It should be noted that this embodiment facilitates customer selected modifications.
Specifically, in the embodiment of the present invention, the method further includes: receiving a specified confirmation operation instruction on user Ukey equipment; and directly popping up a corresponding error code bit input box according to the error bit of the actual code.
It should be noted that this embodiment facilitates the modification directly by the client. If 32 input by the client is the password, 3-bit character errors exist, and are smaller than the first preset value of 4; the input box of the 3-bit password is directly displayed in the interface, so that the user can directly input the corresponding correct character, and the trouble of identifying and selecting the input by the user is saved.
Specifically, in the embodiment of the present invention, a user name to be verified and a password to be verified are obtained on a terminal device to be logged in, and a specified client is logged in, where the specified client is installed on the terminal device to be logged in; a sandbox module is pre-installed on the terminal equipment to be logged in; the sandbox module performs first user name verification on the user name to be verified; the sandbox module performs first password verification on the password to be verified; and the sandbox module performs first password error judgment on the password to be verified.
It should be noted that, the sandbox module is combined to perform the first username verification, the first password verification and the first password error judgment, so as to ensure the data security.
In addition, the application also provides a password intelligent verification prompting system, which executes the password intelligent verification prompting method; the system comprises: the first acquisition module is used for acquiring a user name to be verified and a password to be verified; the first checking module is used for carrying out first user name checking on the user name to be checked; the second check module is used for carrying out first password check on the password to be checked; and the third verification module is used for carrying out first password error judgment on the password to be verified.
The technical scheme of the intelligent password verification prompt system also has the technical effect.
In addition, the application also provides a password intelligent verification prompting system which executes the password intelligent verification prompting method; the system comprises: the server is used for carrying out asymmetric encryption on a correct login password and an asymmetric encryption public key which are associated with the user name to be verified through the asymmetric encryption public key to obtain a first password data packet; the terminal equipment to be logged in is in signal connection with the server, a sandbox module is installed on the terminal equipment to be logged in, a specified client is installed on the terminal equipment to be logged in, the terminal equipment to be logged in is used for acquiring a user name to be verified and a password to be verified, and the terminal equipment to be logged in is used for displaying first error information or second error information; the user Ukey equipment is used for decrypting the first error prompt packet and displaying first error prompt information; and the user Ukey equipment is connected with the server through the second terminal.
The technical scheme of the intelligent password verification prompt system also has the technical effect.
Specifically, in the embodiment of the present invention, the terminal device to be logged in is a computer, and the second terminal is a handheld mobile device.
Specifically, in the embodiment of the present invention, the terminal device to be logged in is a handheld mobile device, and the second terminal is the terminal device to be logged in.
The present application further provides an electronic device, comprising: the computer program is used for executing the intelligent password verification prompting method; a memory for storing the computer program; a processor for executing the computer program.
The technical scheme of the electronic equipment provided by the application also has the technical effects.
The invention provides a password intelligent verification prompting method based on a PKI technology, which is applied to issuing an asymmetric encrypted digital certificate for a client (such as a personal computer, a mobile phone and the like) needing to use a password verification function and a user personal Ukey in advance, prompting the user to input an error password bit sequence number through a client sandbox module when the user uses a longer password and inputs an error (the input error password bit is lower than a threshold value (a first preset value)), and displaying prompting information on the user personal Ukey, so that the user only needs to modify the input error password bit, and the user is prevented from inputting a complete password again. Therefore, the difficulty in use of the user caused by overlong and over-complicated passwords at present is avoided. The use efficiency of the user for the strong password is improved.
Use example 1
As shown in fig. 2, the application scenario is that an enterprise works, and an asymmetric encrypted digital certificate is issued in advance to a client (a computer used by a user/employee) and a user own Ukey.
The client side is provided with the sandbox, password verification and prompt functions are achieved through the sandbox, and the main process is as follows:
(1) Installing a sandbox (sandbox module) at a client (such as an employee computer) of a system (such as an ERP system or an OA system of a company, wherein the system is deployed privately in the local of the company and does not need to upload data to an external supplier) needing to use a password verification prompting function;
(2) A system administrator prestores a user list (a user information list capable of logging in) with system use authority (the list comprises an asymmetric public key of a user Ukey) in a company server;
(3) A user logs in a system by using certain client equipment a (the client equipment a is provided with and runs a sandbox module), inputs a user name (such as employee ID, job number, nickname and the like) on a login interface, inputs a login password and clicks to confirm;
(4) And after the sandbox of the device a detects that the user logs in.
Firstly, uploading a login name (a user name to be verified) of a user to a server in an SSL VPN mode, and searching the user name in a user list with system use authority by the server;
A. if the server fails to retrieve the user name, the server feeds back 'retrieval failure' to the client sandbox, and the sandbox feeds back 'login failure' to the user (for example, a login box displays 'user name or password error', 'no authority login', etc.) (first error information)
B. If the user name is searched in the user list, the server encrypts a user login password (correct login password) and a public key (asymmetric encryption public key) of the user Ukey by using a public key of the client (such as a user personal computer), transmits an encrypted ciphertext (a first password data packet) to a sandbox module of the client in an SSL VPN mode, decrypts the ciphertext by using a private key (asymmetric encryption private key) of the client, obtains the login password of the user and the asymmetric public key of the employee Ukey, and compares the login password with the login password input by the user
By contrast, if the login password input by the user is correct (the password input by the user is consistent with the login password corresponding to the user name in the server), the server feeds back the result that the login password of the client sandbox is correct, and the user logs in normally.
By contrast, if the login password input by the user is wrong (the password input by the user does not conform to the login password corresponding to the user name in the server), the sandbox counts whether the number of wrong digits input by the user is lower than a threshold value according to a preset rule, and if the number of wrong digits is higher than the threshold value (a first preset value), the user is required to input all passwords again; if the number of the wrong password bits is lower than a threshold value (a first preset value), the sandbox automatically starts a password verification prompt function, namely, the wrong password bits are recorded by comparing the correct password with the password input by the user to form password error prompt information (first error prompt information).
For example, the password is 12 bits, the threshold is 3, the user inputs 2 wrong passwords, because the password is lower than the threshold, the sandbox starts password verification prompting, and the sandbox records error prompting information when the comparison shows that the error occurs in the 2 nd bit and the 8 th bit: 2,8 bit error. At this time, the sandbox of the client prompts that the user password input is wrong (for example, "input error, please modify" is displayed) on the login interface, and simultaneously encrypts error prompt information (for example, "2,8 bit error") through the asymmetric public key of the employee Ukey to form an error prompt ciphertext (first error prompt packet).
(5) The client can forward the error prompt ciphertext to the user mobile phone App in two ways,
A. the client sandbox sends the error prompt ciphertext to the server in an SSL VPN mode, and the server sends the error prompt ciphertext to the user mobile phone App in the SSL VPN mode;
B. the client side directly sends the error prompt ciphertext to the user mobile phone App in a Bluetooth or WiFi mode.
(6) The mobile phone terminal App sends the error prompt ciphertext to the Ukey of the user in a bluetooth mode, and the Ukey decrypts the ciphertext (the first error prompt packet) through the private key and displays the ciphertext to the user (for example, the final display information of the Ukey is '2,8 bit error').
(7) The user revises the wrong password bits according to the error prompt message and tries to log in again.
Description of the drawings:
(1) The input error threshold value is required to be regulated, the input verification function can be automatically started only when the input error threshold value is lower than the threshold value, the total digit of the password is set to be m, the input error password is n, n is equal to or less than m, and the password verification prompt function is started when the input digit error is less than or equal to n. For example, if the total number of digits of the password is 10 and the number of digits of the input error is less than or equal to 3, the password verification prompt function is started. The number of wrong input bits is greater than 3, and the whole password needs to be input again.
(2) For a password that is entered incorrectly, the number of re-entries of the verification prompt is limited (typically less than 3 attempts are allowed). For example, if the user inputs a certain password incorrectly, and the number of digits of the input error does not exceed the threshold value, the system automatically starts the verification prompt function, and the number of times of input retries by the user according to the prompt does not exceed 3 times (the input error exceeds 3 times, and the verification prompt function is closed).
Use example 2
As shown in fig. 3, for example, the usage scenario is an enterprise, and an employee/user may have installed enterprise ERP or OA system software (a client) through a mobile phone end (that is, the enterprise ERP or OA has a mobile phone loggable version (Android/IOS, etc.)), and the system is deployed privately at the company local without uploading data to an external provider.
Asymmetric encrypted digital certificates have been issued to the user's handset and the user's Ukey. The server stores the relevant information of the mobile phone of the user, including information such as IMEI code of the mobile phone, public key of the digital certificate of the mobile phone and the like. The server stores user information including a user login account, a login password, a geographical range allowing the password verification prompt function to be used, a user Ukey public key and the like. A sandbox is installed at the mobile phone end, and password verification and prompt functions are achieved through the sandbox; the ciphertext information sent from the server can be forwarded to the user Ukey through Bluetooth; and can judge whether the owner is in the area that allows to use the verification function of the password through collecting the locating information of the mobile phone, the main procedure is as follows:
(1) A sandbox module is installed at a mobile phone end (handheld terminal equipment) needing to use a password verification prompt function system,
(2) The system administrator prestores a user list (login user information list) with system use authority, wherein the list comprises the asymmetric public key of the user Ukey, in the company server.
(3) The user logs in the system through mobile phone software by using a mobile phone of the user, the user clicks the software and simultaneously starts a sandbox in the mobile phone, the user inputs a user name (such as employee ID, job number, nickname and the like) on a login interface, and inputs a login password and clicks confirmation.
(4) After monitoring that a user logs in, a sandbox of the mobile phone collects the current geographic position of the mobile phone of the user, uploads the information of the login name (user name), the current geographic position and the like of the user to a server in an SSL VPN mode, and the server searches the user name in a user list with system use authority and matches the geographic position information.
A. If the server fails to retrieve the user name, the 'retrieval failure' is fed back to the sandbox at the mobile phone end, and the sandbox feeds back the 'login failure' to the user.
B. If the server can retrieve the user name, but the current geographic position of the user name does not belong to the region using the function (for example, the password verification prompting function can only be used in the office area of a company, but cannot be used at home), the server feeds back information of 'geographic position inconsistency' to the sandbox at the mobile phone end, and the sandbox does not provide password verification prompting service for the user.
C. If the user name is searched in the user list and the geographic position meets the requirement, the server encrypts the user login password and the public key of the Ukey by using the public key of the user mobile phone digital certificate, and sends the encrypted ciphertext to the sandbox of the user mobile phone in an SSL VPN mode, the sandbox of the user mobile phone decrypts the ciphertext by using the private key of the mobile phone digital certificate to obtain the login password of the user and the asymmetric public key of the Ukey of the employee, and the login password is compared with the login password input by the user
(5) By contrast, if the login password input by the user is correct, the server feeds back the correct result of the login password of the mobile phone sandbox, and the user logs in normally.
(6) Through comparison, if the login password input by the user is wrong, the sandbox counts whether the digit of the mistake input by the user is lower than a threshold value according to a preset rule, and if the digit of the mistake password is higher than the threshold value, the user is required to input all passwords again; if the number of wrong password bits is lower than the threshold value, the sandbox automatically starts a password verification prompt function, namely the wrong password bits are recorded by comparing the correct password with the password input by the user to form password error prompt information, at the moment, the sandbox of the mobile phone prompts the user that the password input is wrong on a login interface, and meanwhile, the error prompt information is encrypted through the asymmetric public key of the Ukey of the staff to form an error prompt ciphertext.
(7) The sandbox at the mobile phone end sends the error prompt ciphertext to the Ukey of the user in a Bluetooth mode, and the Ukey decrypts the ciphertext through a private key and displays the ciphertext to the user
(8) The user revises the wrong password bits according to the error prompt message and tries to log in again.
It needs to be emphatically explained that:
1. the asymmetric encryption algorithm is SM2 national encryption algorithm or RSA algorithm. The private keys of the digital certificates are respectively stored in a client (a computer used by a user) and the Ukey of the employee;
2. the server has stored the information of each client (computer), including the network card number of the client and the public key of the digital certificate of the client;
3. the server stores user information including information such as a user login account, a login password, a user Ukey public key and the like;
4. the user mobile phone is provided with a password verification prompt App, and the App can start to forward ciphertext information issued from a server or a client to the user Ukey through Bluetooth.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. An intelligent password verification prompting method is characterized by comprising the following steps:
acquiring a user name to be verified and a password to be verified;
carrying out first username verification on the user name to be verified, and sending first error information if the first username verification fails;
if the first user name passes the verification, performing first password verification on the password to be verified;
if the first password is not verified, performing first password error judgment on the password to be verified;
the first password error judgment comprises the following steps:
identifying the error digit of the password to be verified, and judging the size of the error digit and a first preset value;
if the error bit number is higher than the first preset value, sending out second error information;
and if the error digit is less than or equal to the first preset value, sending out first error prompt information.
2. The password smart check prompting method according to claim 1, wherein the first username check comprises the following steps:
uploading the user name to be verified to a server, wherein a login user information list is stored in the server, and the login user information list comprises login user names;
and the server verifies the user name to be verified based on the login user information list, and if the user name to be verified does not exist in the login user information list, the first user name is not verified.
3. The intelligent password verification prompting method of claim 2,
the list of registrable user information further comprises: specific registrable-device information associated with the registrable user name;
the first username verification further comprises the steps of:
uploading the information of the to-be-verified equipment of the to-be-logged-in terminal equipment, which acquires the user name to be verified and the password to be verified, to the server;
and the server verifies the information of the equipment to be verified based on the login user information list, and if the information of the equipment to be verified is not matched with the user name to be verified, the first user name is not verified.
4. The password smart check-up prompting method according to claim 3, wherein the registrable-user information list further includes registrable-area information associated with the designated registrable-device information;
the first username verification further comprises the steps of:
uploading the current position information of the terminal equipment to be logged in to the server;
the server verifies the current location information based on the login-enabled area information, and does not perform the first password error judgment if the current location information is not matched with the login-enabled area information.
5. The password smart check prompting method according to claim 1, wherein the first password check comprises the following steps:
acquiring a first password data packet associated with the user name to be verified from a server, and decrypting the first password data packet by combining a preset asymmetric encryption private key to obtain a correct login password and an asymmetric encryption public key associated with the user name to be verified;
and judging whether the password to be verified is correct or not by combining the correct login password: if the password to be verified is correct, the first user name is verified to be passed; and if the password to be verified is incorrect, carrying out the first password error judgment.
6. The intelligent password verification prompting method according to claim 4, wherein the step of identifying the error digit of the password to be verified specifically comprises the following steps: identifying the error digit of the password to be verified in combination with the correct login password; and/or
The first error prompt message is the password bit information of the specific error of the password to be verified; the step of sending out the first error prompt message comprises the following steps:
combining the asymmetric encryption public key to carry out asymmetric encryption on the first error prompt information to obtain a first error prompt packet;
and decrypting the first error prompt packet through the user Ukey equipment associated with the user name to be verified, and displaying the first error prompt information on the user Ukey equipment.
7. A password intelligent verification prompting system is characterized in that the password intelligent verification prompting method of any one of claims 1 to 7 is executed;
the system comprises:
the first acquisition module is used for acquiring a user name to be verified and a password to be verified;
the first checking module is used for carrying out first user name checking on the user name to be checked;
the second check module is used for carrying out first password check on the password to be checked;
and the third verification module is used for carrying out first password error judgment on the password to be verified.
8. A password intelligent verification prompting system, which is characterized in that the password intelligent verification prompting method of any one of claims 1 to 7 is executed;
the system comprises:
the server is used for carrying out asymmetric encryption on a correct login password and an asymmetric encryption public key which are associated with the user name to be verified through the asymmetric encryption public key to obtain a first password data packet;
the terminal equipment to be logged in is in signal connection with the server, a sandbox module is installed on the terminal equipment to be logged in, a specified client is installed on the terminal equipment to be logged in, the terminal equipment to be logged in is used for acquiring a user name to be verified and a password to be verified, and the terminal equipment to be logged in is used for displaying first error information or second error information;
the user Ukey equipment is used for decrypting the first error prompt packet and displaying first error prompt information;
and the user Ukey equipment is connected with the server through the second terminal.
9. The password intelligent verification prompting system according to claim 8, wherein the terminal device to be logged in is a computer, and the second terminal is a handheld mobile device; or
The terminal equipment to be logged in is handheld mobile equipment, and the second terminal is the terminal equipment to be logged in.
10. An electronic device, comprising:
a computer program for executing the password smart check prompting method of any one of claims 1 to 7;
a memory for storing the computer program;
a processor for executing the computer program.
CN202211349775.0A 2022-10-31 2022-10-31 Password intelligent verification prompting method and system and electronic equipment Pending CN115694807A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211349775.0A CN115694807A (en) 2022-10-31 2022-10-31 Password intelligent verification prompting method and system and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211349775.0A CN115694807A (en) 2022-10-31 2022-10-31 Password intelligent verification prompting method and system and electronic equipment

Publications (1)

Publication Number Publication Date
CN115694807A true CN115694807A (en) 2023-02-03

Family

ID=85045589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211349775.0A Pending CN115694807A (en) 2022-10-31 2022-10-31 Password intelligent verification prompting method and system and electronic equipment

Country Status (1)

Country Link
CN (1) CN115694807A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116611048A (en) * 2023-07-13 2023-08-18 深圳奥联信息安全技术有限公司 Password verification system and password verification method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116611048A (en) * 2023-07-13 2023-08-18 深圳奥联信息安全技术有限公司 Password verification system and password verification method

Similar Documents

Publication Publication Date Title
EP2579141B1 (en) Method and device for unlocking operating system
US8369833B2 (en) Systems and methods for providing authentication and authorization utilizing a personal wireless communication device
CN101258505B (en) Secure software updates
US9372977B2 (en) Screen unlocking method, device and terminal
EP1659810B1 (en) Updating configuration parameters in a mobile terminal
US5249230A (en) Authentication system
US20040097217A1 (en) System and method for providing authentication and authorization utilizing a personal wireless communication device
EP2657871A2 (en) Secure configuration of mobile application
EP2521034A1 (en) Managing method, device and terminal for application program
WO2020035009A1 (en) Authentication system and working method therefor
CN107124279B (en) Method and device for erasing terminal data
WO2010060242A1 (en) An authentication method for the mobile terminal and a system thereof
CN115694807A (en) Password intelligent verification prompting method and system and electronic equipment
WO2013182103A2 (en) Encryption and decryption terminal and encryption and decryption method applied to same
EP1868125A1 (en) Method for identifying a user of a computer system
CN112073961B (en) SIM card state updating method and device, terminal and readable storage medium
CN109150852A (en) A kind of account number safe login method, apparatus and system
CN111614686A (en) Key management method, controller and system
US8732456B2 (en) Enterprise environment disk encryption
CN111148089B (en) Unbinding method and device
CN112287312B (en) Method and system for logging in Windows operating system
US8176148B2 (en) Method and system for wireless network configuration
CN111984961B (en) Password resetting system, method, device, equipment and storage medium
CN115296822B (en) Method and system for realizing service processing
CN111489462A (en) Personal Bluetooth key system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination