CN117439806A - Login verification method and device and electronic equipment - Google Patents
Login verification method and device and electronic equipment Download PDFInfo
- Publication number
- CN117439806A CN117439806A CN202311571926.1A CN202311571926A CN117439806A CN 117439806 A CN117439806 A CN 117439806A CN 202311571926 A CN202311571926 A CN 202311571926A CN 117439806 A CN117439806 A CN 117439806A
- Authority
- CN
- China
- Prior art keywords
- password
- login
- ciphertext
- verification
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 107
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000004590 computer program Methods 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 10
- 238000001514 detection method Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 17
- 238000013461 design Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
A login verification method, a login verification device and an electronic device are provided, wherein the login verification method comprises the following steps: responding to a login request sent by a user terminal, acquiring a verification password from a target authentication system based on a user identifier, acquiring a password ciphertext from a password service platform based on the user identifier, responding to whether the verification password is consistent with a preset verification password, detecting whether the password ciphertext is consistent with the preset password ciphertext, generating a login passing result corresponding to the login request when the password ciphertext is consistent with the preset password ciphertext, and sending the login passing result to the user terminal. By the method, the verification password and the password ciphertext are combined to perform double verification on the login request of the user side, so that the security in the login process is improved.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a login verification method and device, and an electronic device.
Background
With the development of network security technology, in order to ensure account security of a user terminal, verification is generally required when the user terminal performs account login, at present, when the user terminal sends a login request to an authentication server, the authentication server requests to a password service platform to obtain an encrypted password, the encrypted password is used for ensuring the security of a user login account, and when the authentication server determines that the encrypted password is consistent with a preset encrypted password, the authentication of the user login is determined to pass.
However, the password service platform encrypts the password by adopting a cryptographic algorithm, but in the process of encrypting the password by the password service platform, dictionary attack, interception, snooping and the like of a network attacker are easily carried out, so that password texts are tampered or intercepted, and the security is low in the process of logging in an account through a user side.
Disclosure of Invention
The application provides a login verification method, a login verification device and electronic equipment, which are used for improving the security of a user login account through a user side.
In a first aspect, the present application provides a login verification method, the method including:
responding to a login request sent by a user side, wherein the login request at least comprises the following components: a user identification;
acquiring a verification password from a target authentication system based on the user identification, and acquiring a password ciphertext from a password service platform based on the user identification, wherein the verification password is a dynamically-changed password;
detecting whether the password ciphertext is consistent with a preset password ciphertext or not in response to the fact that the verification password is consistent with the preset verification password;
and when the password ciphertext is consistent with the preset password ciphertext, generating a login success result corresponding to the login request, and sending the login success result to the user side.
By the method, the double authentication is performed in the process of logging in the account by combining the verification password and the password ciphertext, so that the security of the user-side login account is ensured.
In one possible design, before responding to the login request sent by the user terminal, the method further includes:
responding to a registration request sent by the user side, and extracting identity information in the registration request;
the identity information is sent to a target authentication system, a user identifier and a verification password corresponding to the identity information are obtained, and the verification password is used as a preset verification password; and
and sending the identity information to a password service platform, obtaining a password ciphertext corresponding to the identity information, and taking the password ciphertext as a preset password ciphertext.
By the method, the user side sends the registration request to the authentication server, the authentication password is obtained from the target authentication system through the identity information of the user side, and the password ciphertext is obtained from the password service platform, so that login authentication can be performed in various modes in the login process of the user side.
In one possible design, the obtaining a verification password from a target authentication system based on the user identification includes:
obtaining the interval duration of the target authentication system for sending the verification password;
and when the interval duration exceeds a preset interval duration, acquiring a verification password from the target authentication system based on the user identification.
By the method, the verification password is sent according to the preset interval duration, the command for obtaining the verification password is prevented from being triggered all the time, and convenience in login verification of the user side is ensured.
In one possible design, the detecting whether the password ciphertext is consistent with a preset password ciphertext includes:
when the password ciphertext is inconsistent with the preset password ciphertext, determining a login failure result;
and sending the login failure result to the user side.
By the method, when the password ciphertext is inconsistent with the preset password ciphertext, the login failure result is sent to the user side, and the accuracy of determining the login failure result is ensured.
In a second aspect, the present application provides a login authentication device, the device comprising:
the response module is used for responding to a login request sent by the user side, wherein the login request at least comprises the following components: a user identification;
the acquisition module is used for acquiring a verification password from a target authentication system based on the user identification and acquiring a password ciphertext from a password service platform based on the user identification, wherein the verification password is a dynamically-changed password;
the detection module is used for responding to the fact that the verification password is consistent with a preset verification password and detecting whether the password ciphertext is consistent with the preset password ciphertext or not;
and the generation module is used for generating a login success result corresponding to the login request when the password ciphertext is consistent with the preset password ciphertext, and sending the login success result to the user side.
In one possible design, the response module is specifically configured to respond to a registration request sent by the user side, extract identity information in the registration request, send the identity information to a target authentication system, obtain a user identifier and an authentication password corresponding to the identity information, use the authentication password as a preset authentication password, send the identity information to a password service platform, obtain a password ciphertext corresponding to the identity information, and use the password ciphertext as a preset password ciphertext.
In one possible design, the obtaining module is specifically configured to obtain an interval duration of sending the verification password by the target authentication system, and obtain the verification password from the target authentication system based on the user identifier when the interval duration exceeds a preset interval duration.
In one possible design, the detection module is specifically configured to determine a login failure result when the password ciphertext is inconsistent with the preset password ciphertext, and send the login failure result to the user side.
In a third aspect, the present application provides an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the login verification method steps when executing the computer program stored in the memory.
In a fourth aspect, a computer readable storage medium has a computer program stored therein, which when executed by a processor, implements a login authentication method step as described above.
The technical effects of each of the first to fourth aspects and the technical effects that may be achieved by each aspect are referred to above for the technical effects that may be achieved by the first aspect or the various possible aspects of the first aspect, and are not repeated here.
Drawings
FIG. 1 is a flowchart of a login verification method provided in the present application;
fig. 2 is a schematic flow chart of login verification performed by a user terminal in a login account process provided by the application;
fig. 3 is a schematic structural diagram of a login verification device provided in the present application;
fig. 4 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail with reference to the accompanying drawings. The specific method of operation in the method embodiment may also be applied to the device embodiment or the system embodiment. It should be noted that "a plurality of" is understood as "at least two" in the description of the present application. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. A is connected with B, and can be represented as follows: both cases of direct connection of A and B and connection of A and B through C. In addition, in the description of the present application, the words "first," "second," and the like are used merely for distinguishing between the descriptions and not be construed as indicating or implying a relative importance or order.
In the prior art, when a user sends a login request to an authentication server, the authentication server requests to obtain an encrypted password from a password service platform, and when the authentication server determines that the encrypted password is consistent with a preset encrypted password, the user login verification is determined to pass, however, the password service platform encrypts the password by adopting a national password algorithm, but in the process of encrypting the password by the password service platform, dictionary attack, interception, snooping and the like of a network attacker are easily suffered, so that password text is tampered or intercepted, and the security in the process of logging in the user is low.
In order to solve the above-described problems, the embodiments of the present application provide a login verification method for improving security in a user login process. The method and the device according to the embodiments of the present application are based on the same technical concept, and because the principles of the problems solved by the method and the device are similar, the embodiments of the device and the method can be referred to each other, and the repetition is not repeated.
Embodiments of the present application are described in detail below with reference to the accompanying drawings.
Referring to fig. 1, the present application provides a login verification method, which can improve security in a user login process, and the implementation flow of the method is as follows:
step S1: responding to a login request sent by a user side.
When a user accesses a service network through a user terminal, a registration request needs to be sent to an authentication server in the service network, where the registration request at least includes identity information of the user, for example: the identity information may be a user name, user personal information, a user number, etc., after the user applies for registration, the authentication server needs to send the identity information in the registration request to the target authentication system, and the target authentication system generates a verification password and a user identifier based on the identity information, and uses the verification password as a preset verification password, for example: the authentication passwords are 123789, ads13@scq and the like, the user identification has uniqueness, and the authentication server stores the preset authentication password and the user identification, so that the user account and the preset authentication password are bound.
Further, in order to ensure that the login request of the user terminal can be verified for multiple times, the identity information is required to be sent to the password service platform, so that the password service platform generates a verification password based on the identity information, encrypts the verification password by adopting a secret key to obtain a password ciphertext, and the password ciphertext is used as a preset password ciphertext.
The authentication server stores a preset verification password and a preset password ciphertext corresponding to the user, wherein the preset verification password and the preset password ciphertext are used for verifying identity information of the user terminal and returning information of successful registration, so that successful registration of the user terminal is realized.
After the user is successfully registered, the user can perform operations such as binding, changing, unbinding between the account number and the verification password through an interface, and the interface can include: the authentication request interface, the binding verification password interface, the replacement verification password interface, the unbinding verification password interface and the like can authorize and manage the user according to actual requirements, and are not described too much.
After the registration is successful, the user side can acquire the verification password from the target authentication system and store the verification password into the user side, and when the user realizes the user login, the user side acquires the dynamic password through the verification password and initiates a login request to the authentication server, wherein the login request comprises the user identifier.
By the method, the user realizes exceeding registration in the authentication server through the user side, acquires the preset verification password from the target authentication system and acquires the preset password ciphertext from the password service platform, so that multiple verifications exist when the user logs in the account, and the safety of the user in the process of logging in the account is improved.
Step S2: a verification password is obtained from the target authentication system based on the user identification, and a password ciphertext is obtained from the password service platform based on the user identification.
After receiving a login request sent by a user terminal, an authentication server extracts a user identifier from the login request, acquires a verification password from a target authentication system based on the user identifier, wherein the verification password is a dynamically-changed password, and in order to prevent the uninterrupted acquisition of the verification password by the user terminal, the interval duration of the verification password sent by the target authentication system needs to be acquired.
By the method, when the user logs in the account, the verification password and the password ciphertext are obtained, so that multiple verification can be performed in the account login process, and the security of the multiple verification is improved.
Step S3: detecting whether the password ciphertext is consistent with a preset password ciphertext or not in response to the fact that the verification password is consistent with the preset verification password;
after the authentication server obtains the authentication password and the password ciphertext, in order to prevent password leakage of a user, the authentication server needs to perform double authentication on the authentication password and the password ciphertext, the authentication server compares the authentication password with a preset authentication password, and when the authentication password is consistent with the preset authentication password, it is determined that the authentication of the target authentication system is passed, and in order to be able to further authenticate the login account, whether the password ciphertext is consistent with the preset password ciphertext or not needs to be detected.
By the method, after the user side sends the login request, the target authentication system authenticates the user side, so that the security of the user side in the process of logging in the account is ensured.
Step S4: and when the password ciphertext is consistent with the preset password ciphertext, generating a login success result corresponding to the login request, and sending the login success result to the user side.
If the password ciphertext is detected to be consistent with the preset password ciphertext, a login success result corresponding to the login request is generated, the login success result is sent to the user side, and if the password ciphertext is detected to be inconsistent with the preset password ciphertext, a login failure result is determined, and the login failure result is sent to the user side.
In fig. 2, the user side requests registration from an authentication server through a registration request, the authentication server obtains identity information in the registration request of the user side and sends the identity information to a target authentication system, the target authentication system returns a user identifier and an authentication password based on the identity information, the authentication server requests password encryption from a password service platform after obtaining the user identifier and the authentication password corresponding to the identity information, and the password service platform encrypts the password into a password ciphertext and returns the password ciphertext to the authentication server.
Because the user side can carry out login verification when logging in, before logging in, the user side can request a dynamic password from a target authentication system, the target authentication system can send the dynamic password to the user side, the dynamic password is stored in a database of the user side, when the user side sends the login request to an authentication server, the authentication server can send information for verifying the dynamic password to the target authentication system and is used for obtaining the verification password, when the verification password stored by the authentication server is consistent with the received verification password, the verification is passed, a password encryption request is sent to a password service platform, the password service platform encrypts the password into a password ciphertext and returns the password ciphertext to the authentication server, when the password ciphertext is consistent with a preset password ciphertext, the authentication server represents that the login verification is passed, and a login success result is returned to the user side.
By the method, the authentication server performs multiple verifications on the account logged in by the user terminal through the target authentication system and the password service platform, so that security threats such as password leakage and phishing attack are effectively prevented, and the security of the user terminal in the process of logging in the account is improved.
Based on the same inventive concept, the embodiment of the present application further provides a login verification device, where the login verification device is configured to implement a function of a login verification method, and referring to fig. 3, the device includes:
the response module 301 is configured to respond to a login request sent by a user side, where the login request at least includes: a user identification;
the obtaining module 302 is configured to obtain a verification password from a target authentication system based on the user identifier, and obtain a password ciphertext from a password service platform based on the user identifier, where the verification password is a dynamically changing password;
a detection module 303, configured to detect whether the password ciphertext is consistent with a preset password ciphertext in response to the verification password being consistent with a preset verification password;
and the generating module 304 is configured to generate a login success result corresponding to the login request when the password ciphertext is consistent with the preset password ciphertext, and send the login success result to the user side.
In one possible design, the response module 301 is specifically configured to respond to a registration request sent by the user side, extract identity information in the registration request, send the identity information to a target authentication system, obtain a user identifier and an authentication password corresponding to the identity information, use the authentication password as a preset authentication password, send the identity information to a password service platform, obtain a password ciphertext corresponding to the identity information, and use the password ciphertext as a preset password ciphertext.
In one possible design, the obtaining module 302 is specifically configured to obtain an interval duration of sending the verification password by the target authentication system, and obtain the verification password from the target authentication system based on the user identifier when the interval duration exceeds a preset interval duration.
In one possible design, the detection module 303 is specifically configured to determine a login failure result when the password ciphertext is inconsistent with the preset password ciphertext, and send the login failure result to the user side.
Based on the same inventive concept, the embodiment of the present application further provides an electronic device, where the electronic device may implement the function of the login verification apparatus, and referring to fig. 4, the electronic device includes:
at least one processor 401, and a memory 402 connected to the at least one processor 401, in this embodiment of the present application, a specific connection medium between the processor 401 and the memory 402 is not limited, and in fig. 4, the processor 401 and the memory 402 are connected by a bus 400 as an example. The bus 400 is shown in bold lines in fig. 4, and the manner in which the other components are connected is illustrated schematically and not by way of limitation. The bus 400 may be divided into an address bus, a data bus, a control bus, etc., and is represented by only one thick line in fig. 4 for ease of illustration, but does not represent only one bus or one type of bus. Alternatively, the processor 401 may be referred to as a controller, and the name is not limited.
In the embodiment of the present application, the memory 402 stores instructions executable by the at least one processor 401, and the at least one processor 401 may perform a login verification method as described above by executing the instructions stored in the memory 402. Processor 401 may implement the functions of the various modules in the apparatus shown in fig. 3.
The processor 401 is a control center of the apparatus, and various interfaces and lines can be used to connect various parts of the entire control device, and by executing or executing instructions stored in the memory 402 and invoking data stored in the memory 402, various functions of the apparatus and processing data can be performed, so that the apparatus is monitored as a whole.
In one possible design, processor 401 may include one or more processing units, and processor 401 may integrate an application processor and a modem processor, wherein the application processor primarily processes operating systems, user interfaces, application programs, and the like, and the modem processor primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 401. In some embodiments, processor 401 and memory 402 may be implemented on the same chip, and in some embodiments they may be implemented separately on separate chips.
The processor 401 may be a general purpose processor such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, which may implement or perform the methods, steps and logic blocks disclosed in the embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a login verification method disclosed in connection with the embodiments of the present application may be directly embodied as a hardware processor executing or may be executed by a combination of hardware and software modules in the processor.
Memory 402 is a non-volatile computer-readable storage medium that can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 402 may include at least one type of storage medium, which may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory), magnetic Memory, magnetic disk, optical disk, and the like. Memory 402 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 402 in the present embodiment may also be circuitry or any other device capable of implementing a memory function for storing program instructions and/or data.
By programming the processor 401, the code corresponding to one of the login verification methods described in the previous embodiments may be cured into the chip, thereby enabling the chip to perform one of the login verification steps of the embodiment shown in fig. 1 at run-time. How to design and program the processor 401 is a technology well known to those skilled in the art, and will not be described in detail here.
Based on the same inventive concept, the embodiments of the present application also provide a storage medium storing computer instructions that, when executed on a computer, cause the computer to perform a login authentication method as discussed above.
In some possible embodiments, aspects of a login verification method may also be implemented in the form of a program product comprising program code for causing the control apparatus to carry out the steps of a login verification method according to the various exemplary embodiments of the present application as described herein above when the program product is run on a device.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (10)
1. A login authentication method, the method comprising:
responding to a login request sent by a user side, wherein the login request at least comprises the following components: a user identification;
acquiring a verification password from a target authentication system based on the user identification, and acquiring a password ciphertext from a password service platform based on the user identification, wherein the verification password is a dynamically-changed password;
detecting whether the password ciphertext is consistent with a preset password ciphertext or not in response to the fact that the verification password is consistent with the preset verification password;
and when the password ciphertext is consistent with the preset password ciphertext, generating a login success result corresponding to the login request, and sending the login success result to the user side.
2. The method of claim 1, further comprising, prior to responding to the login request sent by the client:
responding to a registration request sent by the user side, and extracting identity information in the registration request;
the identity information is sent to a target authentication system, a user identifier and a verification password corresponding to the identity information are obtained, and the verification password is used as a preset verification password; and
and sending the identity information to a password service platform, obtaining a password ciphertext corresponding to the identity information, and taking the password ciphertext as a preset password ciphertext.
3. The method of claim 1, wherein the obtaining a verification password from a target authentication system based on the user identification comprises:
obtaining the interval duration of the target authentication system for sending the verification password;
and when the interval duration exceeds a preset interval duration, acquiring a verification password from the target authentication system based on the user identification.
4. The method of claim 1, wherein the detecting whether the password ciphertext corresponds to a preset password ciphertext comprises:
when the password ciphertext is inconsistent with the preset password ciphertext, determining a login failure result;
and sending the login failure result to the user side.
5. A login authentication device, the device comprising:
the response module is used for responding to a login request sent by the user side, wherein the login request at least comprises the following components: a user identification;
the acquisition module is used for acquiring a verification password from a target authentication system based on the user identification and acquiring a password ciphertext from a password service platform based on the user identification, wherein the verification password is a dynamically-changed password;
the detection module is used for responding to the fact that the verification password is consistent with a preset verification password and detecting whether the password ciphertext is consistent with the preset password ciphertext or not;
and the generation module is used for generating a login success result corresponding to the login request when the password ciphertext is consistent with the preset password ciphertext, and sending the login success result to the user side.
6. The apparatus of claim 5, wherein the response module is specifically configured to respond to a registration request sent by the user terminal, extract identity information in the registration request, send the identity information to a target authentication system, obtain a user identifier and an authentication password corresponding to the identity information, use the authentication password as a preset authentication password, send the identity information to a password service platform, obtain a password ciphertext corresponding to the identity information, and use the password ciphertext as a preset password ciphertext.
7. The apparatus of claim 5, wherein the obtaining module is specifically configured to obtain an interval duration for the target authentication system to send the verification password, and obtain the verification password from the target authentication system based on the user identification when the interval duration exceeds a preset interval duration.
8. The apparatus of claim 5, wherein the detection module is specifically configured to determine a login failure result when the password ciphertext is inconsistent with the preset password ciphertext, and send the login failure result to the client.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 1-4 when executing a computer program stored on said memory.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311571926.1A CN117439806A (en) | 2023-11-23 | 2023-11-23 | Login verification method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311571926.1A CN117439806A (en) | 2023-11-23 | 2023-11-23 | Login verification method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117439806A true CN117439806A (en) | 2024-01-23 |
Family
ID=89558277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311571926.1A Pending CN117439806A (en) | 2023-11-23 | 2023-11-23 | Login verification method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117439806A (en) |
-
2023
- 2023-11-23 CN CN202311571926.1A patent/CN117439806A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3236630B1 (en) | Apparatus authentication method and device | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN109325342B (en) | Identity information management method, device, computer equipment and storage medium | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| CN111625829A (en) | Application activation method and device based on trusted execution environment | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| US9734091B2 (en) | Remote load and update card emulation support | |
| CN109981562B (en) | Software development kit authorization method and device | |
| CN103236931B (en) | A kind of auth method based on TPM and system and relevant device | |
| CN110311895B (en) | Session permission verification method and system based on identity authentication and electronic equipment | |
| US20230412399A1 (en) | Database Multi-Authentication Method and System, Terminal, and Storage Medium | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN112688773A (en) | Token generation and verification method and device | |
| CN112836202A (en) | Information processing method and device and server | |
| CN113472716A (en) | System access method, gateway device, server, electronic device, and storage medium | |
| CN112528268B (en) | Cross-channel applet login management method and device and related equipment | |
| CN113505353A (en) | Authentication method, device, equipment and storage medium | |
| CN111600701B (en) | Private key storage method, device and storage medium based on blockchain | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN109428869B (en) | Phishing attack defense method and authorization server | |
| CN117439806A (en) | Login verification method and device and electronic equipment | |
| CN114239000A (en) | Password processing method, device, computer equipment and storage medium | |
| CN110659522B (en) | Storage medium security authentication method and device, computer equipment and storage medium | |
| CN109936522B (en) | Equipment authentication method and equipment authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |