WO2018045802A1 - Login authentication and login password modification authentication methods, terminal, and server - Google Patents

Login authentication and login password modification authentication methods, terminal, and server Download PDF

Info

Publication number
WO2018045802A1
WO2018045802A1 PCT/CN2017/091251 CN2017091251W WO2018045802A1 WO 2018045802 A1 WO2018045802 A1 WO 2018045802A1 CN 2017091251 W CN2017091251 W CN 2017091251W WO 2018045802 A1 WO2018045802 A1 WO 2018045802A1
Authority
WO
WIPO (PCT)
Prior art keywords
random number
authentication
login password
terminal
login
Prior art date
Application number
PCT/CN2017/091251
Other languages
French (fr)
Chinese (zh)
Inventor
温海龙
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018045802A1 publication Critical patent/WO2018045802A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present disclosure relates to the field of communications technologies, and in particular, to a login authentication and login password modification authentication method, a terminal, and a server.
  • a client such as a customer premise equipment (CPE) or MiFi (Mobile Wifi)
  • CPE customer premise equipment
  • MiFi Mobile Wifi
  • the login password is generally adopted.
  • Base64 is encoded and then transmitted. This is easy to be eavesdropped in the WLAN wireless network environment, and the password is cleared by Base64 anti-encoding, which causes the Web UI login password to leak.
  • the main purpose of the present disclosure is to provide a login authentication and login password modification authentication method, a terminal, and a server, which are designed to prevent Web UI login password leakage and improve the security of Web UI login.
  • the login authentication method includes: the terminal sends a login page request to the server; the terminal receiving the login page returned by the server based on the login page request, the encrypted authentication random number, and the punctured random number, and the authentication random number and The punctured random number is encrypted by using a pre-stored login password corresponding to the terminal; after receiving the login password input by the user based on the login page, the terminal uses the received login password to return the authentication random number to the server. And decrypting the punctured random number, and generating authentication information according to the decrypted authentication random number and the punctured random number; the terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and is authenticated The terminal is allowed to log in when passing.
  • the step of generating the authentication information according to the decrypted authentication random number and the punctured random number comprises: calculating a digest value of the decrypted authentication random number; calculating a punching position according to the decrypted punctured random number a number of puncturing lengths or a number of bits; deleting data corresponding to the puncturing position and the puncturing length of the digest value, and moving the other data after the deleted data to the puncturing length to generate The authentication information.
  • the login authentication method provided by the present disclosure includes: after receiving the login page request sent by the terminal, the server returns a login page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching The random number is encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal returns the authentication returned by the server after receiving the login password input by the user based on the login page.
  • the random number and the punctured random number are decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is sent to the server; after receiving the authentication information sent by the terminal, the server receives the The obtained authentication information is authenticated, and the terminal is allowed to log in when the authentication is passed.
  • the step of authenticating the received authentication information includes: calculating a digest value of the pre-stored authentication random number; calculating a punching position and a punching length according to the pre-stored punching random number; and using the digest value With the punch position and Data corresponding to the puncturing length is deleted, and the other data after the deleted data is forwarded by the puncturing length to generate an authentication digest value; and the authentication digest value is compared with the received authentication information, if If they are consistent, the authentication is passed.
  • the login password modification authentication method includes: the terminal sends a login password modification page request to the server; the terminal receiving server changes the login password modification page, the encrypted authentication random number, and the punching based on the login password modification page request. a random number, and the authentication random number and the punctured random number are encrypted by using a pre-stored original login password corresponding to the terminal; and the terminal receives the original login password and the new login entered by the user based on the login password modification page.
  • the login password After the password, decrypting the authentication random number and the punched random number returned by the server by using the received original login password, and generating authentication information according to the decrypted authentication random number and the punched random number; and the authentication information and the new
  • the login password is sent to the server for the server to authenticate the received authentication information, and the pre-stored original login password corresponding to the terminal is updated to the new login password when the authentication is passed.
  • the login password modification authentication method includes: after receiving the login password modification page request sent by the terminal, the server returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the Both the authentication random number and the punctured random number are encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page.
  • the server Decrypting the authentication random number and the punched random number returned by the server by using the received original login password, generating authentication information according to the decrypted authentication random number and the punched random number, and the authentication information and the new login password Sending to the server; and after receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal when the authentication is passed For the new login password.
  • the terminal includes: a first sending module, configured to send a login page request to the server; and a first receiving module configured to receive a login page returned by the server based on the login page request, an encrypted authentication random number, and Punching a random number, and the authentication random number and the puncturing random number are encrypted by using a pre-stored login password corresponding to the terminal;
  • the first generation module is configured to receive the login input by the user based on the login page After the password, the authentication random number and the punched random number returned by the server are decrypted by using the received login password, and the authentication information is generated according to the decrypted authentication random number and the punched random number;
  • the first sending module further It is configured to send the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed.
  • the first generating module includes: a first calculating unit, configured to calculate a digest value of the decrypted authentication random number; the first calculating unit is further configured to calculate, according to the decrypted punching random number a hole position and a punching length; the first generating unit is configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data The length of the hole to generate the authentication information.
  • a first calculating unit configured to calculate a digest value of the decrypted authentication random number
  • the first calculating unit is further configured to calculate, according to the decrypted punching random number a hole position and a punching length
  • the first generating unit is configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data The length of the hole to generate the authentication information.
  • the server provided by the present disclosure includes: a first returning module, configured to return a login page, an encrypted authentication random number, and a punctured random number to the terminal after receiving the login page request sent by the terminal, and the authentication is randomized
  • the number and the punctured random number are encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal uses the received login password pair after receiving the login password input by the user based on the login page.
  • the authentication random number returned by the server and the punctured random number are decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is sent to the server; the first authentication module is set to receive After the authentication information sent by the terminal, the received authentication information is authenticated, and the terminal is allowed to log in when the authentication is passed.
  • the first authentication module includes: a second calculating unit, configured to calculate a digest value of the pre-stored authentication random number; the second calculating unit is further configured to calculate a punching position according to the pre-stored punching random number And a punching length; the second generating unit is configured to delete the data corresponding to the punching position and the punching length of the digest value, and advance the other data after the deleted data to the punching length And generating an authentication digest value; the authentication unit is configured to compare the authentication digest value with the received authentication information, and if yes, determine that the authentication is passed.
  • a second calculating unit configured to calculate a digest value of the pre-stored authentication random number
  • the second calculating unit is further configured to calculate a punching position according to the pre-stored punching random number And a punching length
  • the second generating unit is configured to delete the data corresponding to the punching position and the punching length of the digest value, and advance the other data after the deleted data to the punching length And generating an authentication digest value
  • the terminal includes: a second sending module, configured to send a login password modification page request to the server; and a second receiving module configured to receive a login password modification page returned by the server based on the login password modification page request, and Encrypted authentication random number and punctured random number, and the authentication random number and the punctured random number are both encrypted by using a pre-stored original login password corresponding to the terminal; and the second generation module is set to be based on the received user After the original login password and the new login password input by the login password modification page, the authentication random number and the punched random number returned by the server are decrypted by using the received original login password, according to the decrypted authentication random number and playing The hole random number generates authentication information; the second sending module is further configured to send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the authentication when the authentication is passed The original login password corresponding to the terminal is updated to the new login password.
  • a second sending module configured to send a
  • the server provided by the present disclosure includes: a second returning module, configured to return a login password modification page, an encrypted authentication random number, and a punched random number to the terminal after receiving the login password modification page request sent by the terminal, and
  • the authentication random number and the punctured random number are both encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page.
  • the login password is sent to the server; and the second authentication module is configured to, after receiving the authentication information and the new login password sent by the terminal, authenticate the received authentication information, and store the pre-stored information when the authentication is passed.
  • the original login password corresponding to the terminal is updated to the new login password.
  • the login authentication and login password modification authentication method, the terminal, and the server provided by the disclosure after receiving the login page request sent by the terminal, return the login page, the encrypted authentication random number, and the punched random number to the terminal, and the server Both the authentication random number and the punctured random number are encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal uses the received login password after receiving the login password input by the user based on the login page.
  • the login password decrypts the authentication random number and the punched random number returned by the server, and generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information to the server; the server sends the received terminal After the authentication information, the received authentication information is authenticated, and the terminal is allowed to log in when the authentication is passed.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
  • FIG. 1 is a schematic flowchart of a first embodiment of a login authentication method according to the present disclosure
  • FIG. 2 is a schematic flowchart of a step of generating authentication information in a second embodiment of the login authentication method according to the present disclosure
  • FIG. 3 is a schematic flowchart of a third embodiment of a login authentication method according to the present disclosure.
  • FIG. 4 is a schematic flowchart of a step of generating authentication information in a fourth embodiment of the login authentication method of the present disclosure
  • FIG. 5 is a schematic flowchart of a first embodiment of a login password modification and authentication method according to the present disclosure
  • FIG. 6 is a schematic flowchart of a second embodiment of a method for authenticating a login password modification according to the present disclosure
  • FIG. 7 is a schematic diagram of functional modules of a first embodiment of the present disclosure.
  • FIG. 8 is a schematic diagram of a refinement function module of a first generation module in a second embodiment of the present disclosure
  • FIG. 9 is a schematic diagram of functional modules of a first embodiment of the server of the present disclosure.
  • FIG. 10 is a schematic diagram of a refinement function module of an authentication module in a second embodiment of the present disclosure
  • FIG. 11 is a schematic diagram of functional modules of a third embodiment of the terminal of the present disclosure.
  • FIG. 12 is a schematic diagram of functional modules of a third embodiment of the server of the present disclosure.
  • the present disclosure provides a login authentication method that is implemented based on a terminal.
  • 1 is a schematic flowchart of a login authentication method according to a first embodiment of the present disclosure.
  • the login authentication method provided by the present disclosure includes the following steps: Step S110: A terminal sends a login page request to a server. In this embodiment, the login is performed.
  • the authentication method can be used for the web UI login authentication method.
  • the login page request can be used to log in to the web UI authentication request.
  • the server After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • step S120 the terminal receives a login page, an encrypted authentication random number, and a punctured random number that are returned by the server based on the login page request, and the authentication random number and the punctured random number both use pre-stored corresponding to the terminal.
  • the login password is encrypted.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
  • step S130 after receiving the login password input by the user based on the login page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received login password, and randomly according to the decrypted authentication.
  • the number and the punctured random number generate authentication information.
  • the terminal After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • step S140 the terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication passes.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the login authentication method sends a login page request to the server through the terminal, and receives a login page returned by the server based on the login page request, an encrypted authentication random number, and a punched random number, and receives the user based on the
  • the authentication random number and the punched random number returned by the server are decrypted by using the received login password, and the authentication information is generated according to the decrypted authentication random number and the punched random number, and then
  • the terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login.
  • the password is leaked to improve the security of the web UI login.
  • FIG. 2 is a step of generating authentication information in the second embodiment of the public login authentication method. Schematic diagram of the refinement process.
  • the step of generating the authentication information according to the decrypted authentication random number and the punctured random number includes: Step S131, calculating a digest value of the decrypted authentication random number; in this embodiment, calculating the digest
  • the value of the algorithm can be MD5 or SHA-1 or other algorithms.
  • step S132 the punching position and the punching length are calculated based on the decrypted punching random number.
  • the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • step S133 the data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate the authentication information.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • FIG. 3 is a schematic flowchart of a login authentication method according to a third embodiment of the present disclosure.
  • the login authentication method provided by the present disclosure includes the following steps: Step S210: After receiving a login page request sent by a terminal, the server returns a login to the terminal. Page, encrypted authentication a random number and a punctured random number, and the authentication random number and the punctured random number are encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal receives the user input based on the login page.
  • the authentication random number and the punctured random number returned by the server are decrypted by using the received login password, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is generated. Send to the server.
  • the terminal first sends a login page request to the server.
  • the login authentication method can be used for the web UI login authentication method.
  • the login page request can be used to log in to the web UI authentication request.
  • the server After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
  • the terminal After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • Step S220 After receiving the authentication information sent by the terminal, the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the login authentication method returns a login page, an encrypted authentication random number, and a punctured random number to the terminal after receiving the login page request sent by the terminal, and the authentication random number and the punctured random number And encrypting, by using the pre-stored login password corresponding to the terminal, for the terminal to use the login password input by the user based on the login page, and using the received login password to return the authentication random number to the server. Decrypting with the punctured random number, and generating authentication information according to the decrypted authentication random number and the punctured random number, and sending the authentication information to the server; after receiving the authentication information sent by the terminal, the server receives the received The authentication information is authenticated and the terminal is allowed to log in when the authentication is passed.
  • the present disclosure generates authentication information by using an authentication random number and a punctured random number, and the authentication random number and the punctured random number are encrypted by using a login password, so that an attacker cannot crack through a HASH dictionary attack.
  • the login password effectively avoids the leakage of the Web UI login password and improves the security of the Web UI login.
  • FIG. 4 is a step of generating authentication information in the fourth embodiment of the public login authentication method. Schematic diagram of the refinement process.
  • the authenticating the received authentication information includes the following steps.
  • step S211 the digest value of the pre-stored authentication random number is calculated.
  • the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • step S212 the punching position and the punching length are calculated based on the pre-stored punching random numbers.
  • the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • step S213 the data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate an authentication digest value.
  • step S214 the authentication digest value is compared with the received authentication information, and if they match, it is determined that the authentication is passed.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • FIG. 5 is a schematic flowchart of a login password modification and authentication method according to a first embodiment of the present disclosure.
  • the login password modification authentication method provided by the present disclosure includes the following steps.
  • step S310 the terminal sends a login password modification page request to the server.
  • the login password modification authentication method can be used for the Web UI login password modification authentication method.
  • the login password modification page request can modify the authentication request for the web UI login password.
  • the server After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • step S320 the terminal receiving the login password modification page, the encrypted authentication random number and the punching random number returned by the server based on the login password modification page request, and the authentication random number and the punching random number both utilize the pre-stored
  • the original login password corresponding to the terminal is encrypted.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
  • step S330 after receiving the original login password and the new login password input by the user based on the login password modification page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received original login password.
  • the authentication information is generated according to the decrypted authentication random number and the punched random number.
  • the terminal After receiving the login password modification page, the terminal displays the login password modification page, and the user is in the login password modification page. Enter the original login password and the new login password in the password input field. It can be understood that, when the original login password input by the user is correct, the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption. When the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • the step of generating the authentication information according to the decrypted authentication random number and the punctured random number includes:
  • the digest value of the decrypted authentication random number is calculated; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • the punching position and the punching length are calculated according to the decrypted random number of punching holes; it can be understood that the punching length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • Data corresponding to the punching position and the punching length of the digest value is deleted, and other data after the deleted data is advanced by the punching length to generate the authentication information.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • Step S340 the authentication information and the new login password are sent to the server, so that the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the new when the authentication is passed. login password.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the login authentication method sends a login password modification page request to the server through the terminal, and receives a login password modification page, an encrypted authentication random number, and a punched random number returned by the server based on the login password modification page request,
  • the terminal decrypts the authentication random number and the punched random number returned by the server by using the received original login password, according to the decrypted
  • the authentication random number and the punctured random number generate authentication information, and then send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the terminal with the terminal when the authentication is passed.
  • the corresponding original login password is updated to the new login password.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login.
  • the password is leaked to improve the security of the web UI login.
  • FIG. 6 is a schematic flowchart of a second embodiment of a login password modification and authentication method.
  • the login password modification and authentication method provided by the present disclosure includes the following steps.
  • step S410 after receiving the login password modification page request sent by the terminal, the server returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching random number are both Encrypting with a pre-stored original login password corresponding to the terminal, for the terminal to receive the original login password and the new login password input by the user based on the login password modification page, and using the received original login password Decrypting the authentication random number and the punctured random number returned by the server, generating authentication information according to the decrypted authentication random number and the punctured random number, and transmitting the authentication information and the new login password to the server.
  • the terminal first sends a login password modification page request to the server.
  • the login password modification authentication method can be used for the web UI login password modification authentication method.
  • the login password modification page request can modify the authentication request for the web UI login password.
  • the server After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the original login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm;
  • the terminal After receiving the login password modification page, the terminal displays the login password modification page, and the user inputs the original login password and the new login password in the password input field of the login password modification page.
  • the original login password input by the user is correct
  • the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption.
  • the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • step S420 after receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the location when the authentication is passed.
  • the new login password is the pre-stored original login password corresponding to the terminal to the location when the authentication is passed.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the step of authenticating the received authentication information includes: calculating a digest value of the pre-stored authentication random number; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • the punching position and the punching length are calculated; it can be understood that the punching length can be a word Metering can also be measured in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • the data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate an authentication digest value.
  • the authentication digest value is compared with the received authentication information, and if they are consistent, the authentication is determined to pass.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • the login authentication method returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal after receiving the login password modification page request sent by the terminal, and the authentication random number and the authentication random number are
  • the punctured random numbers are encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received
  • the original login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server;
  • the server After receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the new login password when the authentication is passed.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login.
  • the password is leaked to improve the security of the web UI login.
  • FIG. 7 is a schematic diagram of a functional module of a first embodiment of the present disclosure.
  • the terminal proposed by the present disclosure includes the following modules.
  • the first sending module 110 is configured to send a login page request to the server.
  • the login authentication method can be used for the web UI login authentication method.
  • the login page request can be used to log in to the web UI authentication request.
  • the server After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • the first receiving module 120 is configured to receive, by the server, a login page that is returned based on the login page request, an encrypted authentication random number, and a punctured random number, and the authentication random number and the punctured random number both utilize pre-stored
  • the login password corresponding to the terminal is encrypted.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
  • the first generation module 130 is configured to: after receiving the login password input by the user based on the login page, The received login password decrypts the authentication random number and the punched random number returned by the server, and generates authentication information according to the decrypted authentication random number and the punched random number.
  • the terminal After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • the first sending module 110 is further configured to send the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication passes.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the terminal provided by the present disclosure sends a login page request to the server, and receives a login page returned by the server based on the login page request, an encrypted authentication random number, and a punctured random number, and receives the user based on the login page.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login.
  • the password is leaked to improve the security of the web UI login.
  • FIG. 8 is a schematic diagram of the refinement function module of the first generation module in the second embodiment of the present disclosure.
  • the first generation module 130 includes a first calculation unit 131 configured to calculate a digest value of the decrypted authentication random number.
  • the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • the first calculating unit 131 is further configured to calculate the punching position and the punching length according to the decrypted punching random number. It can be understood that the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • the first generating unit 132 is configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data to the punching length to generate a Describe the authentication information.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • FIG. 9 is a schematic diagram of a function module of a first embodiment of the present disclosure.
  • the server provided by the present disclosure includes a first returning module 210, and is configured to receive a login page sent by the terminal. After the request, the login page, the encrypted authentication random number, and the punctured random number are returned to the terminal, and the authentication random number and the punctured random number are encrypted by using the pre-stored login password corresponding to the terminal.
  • the terminal After receiving the login password input by the user based on the login page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received login password, and according to the decrypted authentication random number and playing The hole random number generates authentication information and transmits the authentication information to the server.
  • the terminal first sends a login page request to the server.
  • the login authentication method can be used for the web UI login authentication method.
  • the login page request can be used to log in to the web UI authentication request.
  • the server After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
  • the terminal After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • the server further includes a first authentication module 220 configured to, after receiving the authentication information sent by the terminal, authenticate the received authentication information, and allow the terminal to log in when the authentication is passed.
  • a first authentication module 220 configured to, after receiving the authentication information sent by the terminal, authenticate the received authentication information, and allow the terminal to log in when the authentication is passed.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the server provided by the present disclosure returns a login page, an encrypted authentication random number, and a punctured random number to the terminal after receiving the login page request sent by the terminal, and the authentication random number and the puncturing random number are utilized by the server.
  • the pre-stored login password corresponding to the terminal is encrypted, so that after receiving the login password input by the user based on the login page, the terminal uses the received login password to return the authentication random number to the server.
  • the hole random number is decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is sent to the server; after receiving the authentication information sent by the terminal, the server receives the authentication information.
  • the authentication is performed and the terminal is allowed to log in when the authentication is passed.
  • the present disclosure generates authentication information by using an authentication random number and a punctured random number, and authenticates
  • the random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, effectively avoiding the leakage of the Web UI login password and improving the security of the Web UI login.
  • FIG. 10 is a schematic diagram of a refinement function module of the authentication module in the second embodiment of the disclosure server.
  • the first authentication module 220 includes: a second calculating unit 221 configured to calculate a digest value of the pre-stored authentication random number.
  • the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • the second calculating unit 221 may further be configured to calculate the punching position and the punching length according to the pre-stored punching random number. It can be understood that the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • the first authentication module 220 further includes a second generating unit 222, configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data. Puncturing length to generate an authentication digest value.
  • the first authentication module 220 further includes an authentication unit 223 configured to compare the authentication digest value with the received authentication information, and if they are consistent, determine that the authentication is passed.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • FIG. 11 is a schematic diagram of a function module of a third embodiment of the present disclosure.
  • the terminal provided by the present disclosure includes: a second sending module 310, configured to send a login password modification page request to the server. .
  • the login password modification authentication method can be used for the Web UI login password modification authentication method.
  • the login password modification page request can modify the authentication request for the web UI login password.
  • the server After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • the terminal further includes a second receiving module 320, configured to receive, by the server, a login password modification page, an encrypted authentication random number, and a punctured random number returned according to the login password modification page request, and the authentication random number and the punching random number
  • the numbers are all encrypted using the pre-stored original login password corresponding to the terminal.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
  • the terminal further includes a second generating module 330, configured to: after receiving the original login password and the new login password input by the user based on the login password modification page, using the received original login password to return the authentication random number to the server
  • the punctured random number is decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number.
  • the terminal After receiving the login password modification page, the terminal displays the login password modification page, and the user inputs the original login password and the new login password in the password input field of the login password modification page.
  • the original login password input by the user is correct
  • the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption.
  • the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • the generating the authentication information according to the decrypted authentication random number and the punctured random number includes the following steps.
  • the digest value of the decrypted authentication random number is calculated; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • the punching position and the punching length are calculated according to the decrypted random number of punching holes; it can be understood that the punching length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • Data corresponding to the punching position and the punching length of the digest value is deleted, and other data after the deleted data is advanced by the punching length to generate the authentication information.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • the second sending module 310 is further configured to send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the pre-stored original corresponding to the terminal when the authentication is passed.
  • the login password is updated to the new login password.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the terminal sends a login password modification page request to the server through the terminal, and receives a login password modification page returned by the server based on the login password modification page request, the encrypted authentication random number and the punched random number, and receives at the terminal.
  • the authenticated random number and the punched random number returned by the server are decrypted by using the received original login password, and are randomly selected according to the decrypted authentication.
  • the number and the punctured random number generate authentication information, and then send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the pre-stored corresponding to the terminal when the authentication is passed.
  • the original login password is updated to the new login password.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login.
  • the password is leaked to improve the security of the web UI login.
  • FIG. 12 is a schematic diagram of functional modules of a third embodiment of the present disclosure.
  • the server proposed by the present disclosure includes the following modules.
  • the second returning module 410 is configured to: after receiving the login password modification page request sent by the terminal, return a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching
  • the random number is encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received
  • the original login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server;
  • the terminal first sends a login password modification page request to the server.
  • the login password modification authentication method can be used for the web UI login password modification authentication method.
  • the login password modification page request can modify the authentication request for the web UI login password.
  • the server After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
  • the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time.
  • the parameter value is the time at which the random number is generated.
  • the algorithm for encrypting the authentication random number and the punctured random number by using the original login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm;
  • the terminal After receiving the login password modification page, the terminal displays the login password modification page, and the user inputs the original login password and the new login password in the password input field of the login password modification page.
  • the original login password input by the user is correct
  • the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption.
  • the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
  • the manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
  • the second authentication module 420 is configured to, after receiving the authentication information and the new login password sent by the terminal, authenticate the received authentication information, and store the pre-stored original login password corresponding to the terminal when the authentication is passed. Update to the new login password.
  • the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
  • the authenticating the received authentication information includes the following steps.
  • the digest value of the pre-stored authentication random number is calculated; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
  • the punching position and the punching length are calculated according to the pre-stored punching random number; it can be understood that the punching length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
  • the data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate an authentication digest value.
  • the authentication digest value is compared with the received authentication information, and if they are consistent, the authentication is determined to pass.
  • the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
  • the server provided by the disclosure, after receiving the login password modification page request sent by the terminal, returns a login password modification page, an encrypted authentication random number and a punched random number to the terminal, and the authentication random number and the punching
  • the random number is encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received
  • the original login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server;
  • the server is After receiving the authentication information and the new login password sent by the terminal, the received authentication information is authenticated, and the pre-stored original login password corresponding to the terminal is updated to the new login password when the authentication is passed.
  • the present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login.
  • the password is leaked to improve the security of the web UI login.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present disclosure, which is essential or contributes to the related art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, CD-ROM).
  • the instructions include a number of instructions for causing a terminal device (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in various embodiments of the present disclosure.

Abstract

Disclosed is a login authentication method, comprising: a terminal sends a login page request to a server; the terminal receives a login page, an authentication random number, and a punching random number returned by the server; the terminal uses, after receiving a login password inputted by a user, the received login password to decrypt the authentication random number and the punching random number, and generates authentication information; the terminal sends the authentication information to the server, so that the server authenticates the received the authentication information, and permits the terminal to log in when the authentication is successful. Also disclosed are a login password modification authentication method, a terminal, and a server. According to the present invention, by using an authentication random number and a punching random number to generate authentication information, and encrypting the authentication random number and the punching random number using a login password, an attacker cannot crack the login password by means of HASH dictionary attacking, so that reveal of Web UI login passwords is effectively avoided, and the security of Web UI login is improved.

Description

登录认证及登录密码修改认证方法、终端及服务器Login authentication and login password modification authentication method, terminal and server 技术领域Technical field
本公开涉及通信技术领域,尤其涉及一种登录认证及登录密码修改认证方法、终端及服务器。The present disclosure relates to the field of communications technologies, and in particular, to a login authentication and login password modification authentication method, a terminal, and a server.
背景技术Background technique
目前,客户端(如CPE(Customer Premise Equipment,客户终端设备)或MiFi(Mobile Wifi,便携式宽带无线装置))在进行Web UI(Website User Interface,网络产品界面设计)登录认证时,登录密码一般采用Base64编码后再进行传输,这在WLAN无线网络环境下很容易被人窃听,并通过Base64反编码解出密码明文,从而导致其Web UI登录密码泄露。At present, when a client (such as a customer premise equipment (CPE) or MiFi (Mobile Wifi)) is used for login authentication of the Web UI (Website User Interface), the login password is generally adopted. Base64 is encoded and then transmitted. This is easy to be eavesdropped in the WLAN wireless network environment, and the password is cleared by Base64 anti-encoding, which causes the Web UI login password to leak.
发明内容Summary of the invention
本公开的主要目的在于提供一种登录认证及登录密码修改认证方法、终端及服务器,旨在避免Web UI登录密码泄露,提高Web UI登录的安全性。The main purpose of the present disclosure is to provide a login authentication and login password modification authentication method, a terminal, and a server, which are designed to prevent Web UI login password leakage and improve the security of Web UI login.
本公开提供的登录认证方法包括:终端向服务器发送登录页面请求;终端接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密;终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息;终端将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。The login authentication method provided by the present disclosure includes: the terminal sends a login page request to the server; the terminal receiving the login page returned by the server based on the login page request, the encrypted authentication random number, and the punctured random number, and the authentication random number and The punctured random number is encrypted by using a pre-stored login password corresponding to the terminal; after receiving the login password input by the user based on the login page, the terminal uses the received login password to return the authentication random number to the server. And decrypting the punctured random number, and generating authentication information according to the decrypted authentication random number and the punctured random number; the terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and is authenticated The terminal is allowed to log in when passing.
可选地,所述根据解密后的认证随机数和打孔随机数生成认证信息的步骤包括:计算解密后的认证随机数的摘要值;根据解密后的打孔随机数计算出打孔位置和打孔长度数或比特位数;将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。Optionally, the step of generating the authentication information according to the decrypted authentication random number and the punctured random number comprises: calculating a digest value of the decrypted authentication random number; calculating a punching position according to the decrypted punctured random number a number of puncturing lengths or a number of bits; deleting data corresponding to the puncturing position and the puncturing length of the digest value, and moving the other data after the deleted data to the puncturing length to generate The authentication information.
此外,本公开提供的登录认证方法包括:服务器在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;服务器在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。In addition, the login authentication method provided by the present disclosure includes: after receiving the login page request sent by the terminal, the server returns a login page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching The random number is encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal returns the authentication returned by the server after receiving the login password input by the user based on the login page. The random number and the punctured random number are decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is sent to the server; after receiving the authentication information sent by the terminal, the server receives the The obtained authentication information is authenticated, and the terminal is allowed to log in when the authentication is passed.
可选地,所述对接收到的认证信息进行认证的步骤包括:计算预存的认证随机数的摘要值;根据预存的打孔随机数计算出打孔位置和打孔长度;将所述摘要值的与所述打孔位置和 打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值;将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。Optionally, the step of authenticating the received authentication information includes: calculating a digest value of the pre-stored authentication random number; calculating a punching position and a punching length according to the pre-stored punching random number; and using the digest value With the punch position and Data corresponding to the puncturing length is deleted, and the other data after the deleted data is forwarded by the puncturing length to generate an authentication digest value; and the authentication digest value is compared with the received authentication information, if If they are consistent, the authentication is passed.
此外,本公开提供的登录密码修改认证方法包括:终端向服务器发送登录密码修改页面请求;终端接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密;在终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息;将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。In addition, the login password modification authentication method provided by the present disclosure includes: the terminal sends a login password modification page request to the server; the terminal receiving server changes the login password modification page, the encrypted authentication random number, and the punching based on the login password modification page request. a random number, and the authentication random number and the punctured random number are encrypted by using a pre-stored original login password corresponding to the terminal; and the terminal receives the original login password and the new login entered by the user based on the login password modification page. After the password, decrypting the authentication random number and the punched random number returned by the server by using the received original login password, and generating authentication information according to the decrypted authentication random number and the punched random number; and the authentication information and the new The login password is sent to the server for the server to authenticate the received authentication information, and the pre-stored original login password corresponding to the terminal is updated to the new login password when the authentication is passed.
此外,本公开提供的登录密码修改认证方法包括:服务器在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;以及,服务器在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。In addition, the login password modification authentication method provided by the disclosure includes: after receiving the login password modification page request sent by the terminal, the server returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the Both the authentication random number and the punctured random number are encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page. Decrypting the authentication random number and the punched random number returned by the server by using the received original login password, generating authentication information according to the decrypted authentication random number and the punched random number, and the authentication information and the new login password Sending to the server; and after receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal when the authentication is passed For the new login password.
此外,本公开提供的终端包括:第一发送模块,设置为向服务器发送登录页面请求;第一接收模块,设置为接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密;第一生成模块,设置为在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息;所述第一发送模块还设置为将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。In addition, the terminal provided by the present disclosure includes: a first sending module, configured to send a login page request to the server; and a first receiving module configured to receive a login page returned by the server based on the login page request, an encrypted authentication random number, and Punching a random number, and the authentication random number and the puncturing random number are encrypted by using a pre-stored login password corresponding to the terminal; the first generation module is configured to receive the login input by the user based on the login page After the password, the authentication random number and the punched random number returned by the server are decrypted by using the received login password, and the authentication information is generated according to the decrypted authentication random number and the punched random number; the first sending module further It is configured to send the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed.
可选地,所述第一生成模块包括:第一计算单元,设置为计算解密后的认证随机数的摘要值;所述第一计算单元还设置为根据解密后的打孔随机数计算出打孔位置和打孔长度;第一生成单元,设置为将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。Optionally, the first generating module includes: a first calculating unit, configured to calculate a digest value of the decrypted authentication random number; the first calculating unit is further configured to calculate, according to the decrypted punching random number a hole position and a punching length; the first generating unit is configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data The length of the hole to generate the authentication information.
此外,本公开提供的服务器包括:第一返回模块,设置为在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;第一认证模块,设置为在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。 In addition, the server provided by the present disclosure includes: a first returning module, configured to return a login page, an encrypted authentication random number, and a punctured random number to the terminal after receiving the login page request sent by the terminal, and the authentication is randomized The number and the punctured random number are encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal uses the received login password pair after receiving the login password input by the user based on the login page. The authentication random number returned by the server and the punctured random number are decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is sent to the server; the first authentication module is set to receive After the authentication information sent by the terminal, the received authentication information is authenticated, and the terminal is allowed to log in when the authentication is passed.
可选地,所述第一认证模块包括:第二计算单元,设置为计算预存的认证随机数的摘要值;所述第二计算单元还设置为根据预存的打孔随机数计算出打孔位置和打孔长度;第二生成单元,设置为将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值;认证单元,设置为将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。Optionally, the first authentication module includes: a second calculating unit, configured to calculate a digest value of the pre-stored authentication random number; the second calculating unit is further configured to calculate a punching position according to the pre-stored punching random number And a punching length; the second generating unit is configured to delete the data corresponding to the punching position and the punching length of the digest value, and advance the other data after the deleted data to the punching length And generating an authentication digest value; the authentication unit is configured to compare the authentication digest value with the received authentication information, and if yes, determine that the authentication is passed.
此外,本公开提供的终端包括:第二发送模块,设置为向服务器发送登录密码修改页面请求;第二接收模块,设置为接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密;第二生成模块,设置为在接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息;所述第二发送模块还设置为将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。In addition, the terminal provided by the present disclosure includes: a second sending module, configured to send a login password modification page request to the server; and a second receiving module configured to receive a login password modification page returned by the server based on the login password modification page request, and Encrypted authentication random number and punctured random number, and the authentication random number and the punctured random number are both encrypted by using a pre-stored original login password corresponding to the terminal; and the second generation module is set to be based on the received user After the original login password and the new login password input by the login password modification page, the authentication random number and the punched random number returned by the server are decrypted by using the received original login password, according to the decrypted authentication random number and playing The hole random number generates authentication information; the second sending module is further configured to send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the authentication when the authentication is passed The original login password corresponding to the terminal is updated to the new login password.
此外,本公开提供的服务器包括:第二返回模块,设置为在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;以及,第二认证模块,设置为在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。In addition, the server provided by the present disclosure includes: a second returning module, configured to return a login password modification page, an encrypted authentication random number, and a punched random number to the terminal after receiving the login password modification page request sent by the terminal, and The authentication random number and the punctured random number are both encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page. And decrypting the authentication random number and the punched random number returned by the server by using the received original login password, generating authentication information according to the decrypted authentication random number and the punched random number, and the authentication information and the new The login password is sent to the server; and the second authentication module is configured to, after receiving the authentication information and the new login password sent by the terminal, authenticate the received authentication information, and store the pre-stored information when the authentication is passed. The original login password corresponding to the terminal is updated to the new login password.
本公开提供的登录认证及登录密码修改认证方法、终端及服务器,通过服务器在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;服务器在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The login authentication and login password modification authentication method, the terminal, and the server provided by the disclosure, after receiving the login page request sent by the terminal, return the login page, the encrypted authentication random number, and the punched random number to the terminal, and the server Both the authentication random number and the punctured random number are encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal uses the received login password after receiving the login password input by the user based on the login page. The login password decrypts the authentication random number and the punched random number returned by the server, and generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information to the server; the server sends the received terminal After the authentication information, the received authentication information is authenticated, and the terminal is allowed to log in when the authentication is passed. The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
附图说明DRAWINGS
图1为本公开登录认证方法第一实施例的流程示意图; 1 is a schematic flowchart of a first embodiment of a login authentication method according to the present disclosure;
图2为本公开登录认证方法第二实施例中生成认证信息步骤的细化流程示意图;2 is a schematic flowchart of a step of generating authentication information in a second embodiment of the login authentication method according to the present disclosure;
图3为本公开登录认证方法第三实施例的流程示意图;3 is a schematic flowchart of a third embodiment of a login authentication method according to the present disclosure;
图4为本公开登录认证方法第四实施例中生成认证信息步骤的细化流程示意图;4 is a schematic flowchart of a step of generating authentication information in a fourth embodiment of the login authentication method of the present disclosure;
图5为本公开登录密码修改认证方法第一实施例的流程示意图;FIG. 5 is a schematic flowchart of a first embodiment of a login password modification and authentication method according to the present disclosure;
图6为本公开登录密码修改认证方法第二实施例的流程示意图;6 is a schematic flowchart of a second embodiment of a method for authenticating a login password modification according to the present disclosure;
图7为本公开终端第一实施例的功能模块示意图;7 is a schematic diagram of functional modules of a first embodiment of the present disclosure;
图8为本公开终端第二实施例中第一生成模块的细化功能模块示意图;8 is a schematic diagram of a refinement function module of a first generation module in a second embodiment of the present disclosure;
图9为本公开服务器第一实施例的功能模块示意图;9 is a schematic diagram of functional modules of a first embodiment of the server of the present disclosure;
图10为本公开服务器第二实施例中认证模块的细化功能模块示意图;10 is a schematic diagram of a refinement function module of an authentication module in a second embodiment of the present disclosure;
图11为本公开终端第三实施例的功能模块示意图;11 is a schematic diagram of functional modules of a third embodiment of the terminal of the present disclosure;
图12为本公开服务器第三实施例的功能模块示意图。FIG. 12 is a schematic diagram of functional modules of a third embodiment of the server of the present disclosure.
本公开目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present disclosure will be further described with reference to the accompanying drawings.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本公开,并不用于限定本公开。It is understood that the specific embodiments described herein are merely illustrative of the disclosure and are not intended to limit the disclosure.
本公开提供一种登录认证方法,该方法基于终端实现。参照图1,图1为本公开登录认证方法第一实施例的流程示意图,本公开提出的登录认证方法包括以下步骤:步骤S110,终端向服务器发送登录页面请求;在本实施例中,该登录认证方法可以用于Web UI登录认证方法。登录页面请求可以为Web UI登录认证请求。The present disclosure provides a login authentication method that is implemented based on a terminal. 1 is a schematic flowchart of a login authentication method according to a first embodiment of the present disclosure. The login authentication method provided by the present disclosure includes the following steps: Step S110: A terminal sends a login page request to a server. In this embodiment, the login is performed. The authentication method can be used for the web UI login authentication method. The login page request can be used to log in to the web UI authentication request.
服务器在接收到终端发送的登录页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
在步骤S120,终端接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密。In step S120, the terminal receives a login page, an encrypted authentication random number, and a punctured random number that are returned by the server based on the login page request, and the authentication random number and the punctured random number both use pre-stored corresponding to the terminal. The login password is encrypted.
可选地,服务器使用登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法。Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
在步骤S130,终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息。In step S130, after receiving the login password input by the user based on the login page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received login password, and randomly according to the decrypted authentication. The number and the punctured random number generate authentication information.
终端接收到登录页面后,显示登录页面,用户在登录页面的密码输入栏输入登录密码。 可以理解的是,在用户输入的登录密码正确时,则服务器预存的与终端对应的登录密码与用户输入的登录密码一致,因此终端可以利用用户输入的登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的登录密码错误时,则服务器预存的与终端对应的登录密码与用户输入的登录密码不一致,因此终端不能利用用户输入的登录密码对认证随机数和打孔随机数正确解密。After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
在步骤S140,终端将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。In step S140, the terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication passes.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
本公开提供的登录认证方法,通过终端向服务器发送登录页面请求,并接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,并在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,然后终端将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The login authentication method provided by the present disclosure sends a login page request to the server through the terminal, and receives a login page returned by the server based on the login page request, an encrypted authentication random number, and a punched random number, and receives the user based on the After the login password input on the login page is described, the authentication random number and the punched random number returned by the server are decrypted by using the received login password, and the authentication information is generated according to the decrypted authentication random number and the punched random number, and then The terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed. The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
进一步的,基于本公开登录认证方法的第一实施例,本公开还提出了登录认证方法的第二实施例,参照图2,图2为本公开登录认证方法第二实施例中生成认证信息步骤的细化流程示意图。在第二实施例中,所述根据解密后的认证随机数和打孔随机数生成认证信息的步骤包括:步骤S131,计算解密后的认证随机数的摘要值;在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。Further, based on the first embodiment of the present disclosure login authentication method, the present disclosure further provides a second embodiment of the login authentication method. Referring to FIG. 2, FIG. 2 is a step of generating authentication information in the second embodiment of the public login authentication method. Schematic diagram of the refinement process. In the second embodiment, the step of generating the authentication information according to the decrypted authentication random number and the punctured random number includes: Step S131, calculating a digest value of the decrypted authentication random number; in this embodiment, calculating the digest The value of the algorithm can be MD5 or SHA-1 or other algorithms.
在步骤S132,根据解密后的打孔随机数计算出打孔位置和打孔长度。In step S132, the punching position and the punching length are calculated based on the decrypted punching random number.
可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。It can be understood that the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
在步骤S133,将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。In step S133, the data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate the authentication information.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
本公开进一步提供一种登录认证方法,该方法基于服务器实现。参照图3,图3为本公开登录认证方法第三实施例的流程示意图,本公开提出的登录认证方法包括以下步骤:步骤S210,服务器在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证 随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器。The present disclosure further provides a login authentication method that is based on a server implementation. Referring to FIG. 3, FIG. 3 is a schematic flowchart of a login authentication method according to a third embodiment of the present disclosure. The login authentication method provided by the present disclosure includes the following steps: Step S210: After receiving a login page request sent by a terminal, the server returns a login to the terminal. Page, encrypted authentication a random number and a punctured random number, and the authentication random number and the punctured random number are encrypted by using a pre-stored login password corresponding to the terminal, so that the terminal receives the user input based on the login page. After the password is logged in, the authentication random number and the punctured random number returned by the server are decrypted by using the received login password, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is generated. Send to the server.
在本实施例中,终端先向服务器发送登录页面请求。该登录认证方法可以用于Web UI登录认证方法。登录页面请求可以为Web UI登录认证请求。In this embodiment, the terminal first sends a login page request to the server. The login authentication method can be used for the web UI login authentication method. The login page request can be used to log in to the web UI authentication request.
服务器在接收到终端发送的登录页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
可选地,服务器使用登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法。Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
终端接收到登录页面后,显示登录页面,用户在登录页面的密码输入栏输入登录密码。可以理解的是,在用户输入的登录密码正确时,则服务器预存的与终端对应的登录密码与用户输入的登录密码一致,因此终端可以利用用户输入的登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的登录密码错误时,则服务器预存的与终端对应的登录密码与用户输入的登录密码不一致,因此终端不能利用用户输入的登录密码对认证随机数和打孔随机数正确解密。After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
步骤S220,服务器在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。Step S220: After receiving the authentication information sent by the terminal, the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
本公开提供的登录认证方法,通过服务器在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;服务器在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解 登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The login authentication method provided by the present disclosure returns a login page, an encrypted authentication random number, and a punctured random number to the terminal after receiving the login page request sent by the terminal, and the authentication random number and the punctured random number And encrypting, by using the pre-stored login password corresponding to the terminal, for the terminal to use the login password input by the user based on the login page, and using the received login password to return the authentication random number to the server. Decrypting with the punctured random number, and generating authentication information according to the decrypted authentication random number and the punctured random number, and sending the authentication information to the server; after receiving the authentication information sent by the terminal, the server receives the received The authentication information is authenticated and the terminal is allowed to log in when the authentication is passed. The present disclosure generates authentication information by using an authentication random number and a punctured random number, and the authentication random number and the punctured random number are encrypted by using a login password, so that an attacker cannot crack through a HASH dictionary attack. The login password effectively avoids the leakage of the Web UI login password and improves the security of the Web UI login.
进一步的,基于本公开登录认证方法的第三实施例,本公开还提出了登录认证方法的第四实施例,参照图4,图4为本公开登录认证方法第四实施例中生成认证信息步骤的细化流程示意图。在第四实施例中,所述对接收到的认证信息进行认证包括以下步骤。Further, based on the third embodiment of the present disclosure login authentication method, the present disclosure further provides a fourth embodiment of the login authentication method. Referring to FIG. 4, FIG. 4 is a step of generating authentication information in the fourth embodiment of the public login authentication method. Schematic diagram of the refinement process. In the fourth embodiment, the authenticating the received authentication information includes the following steps.
在步骤S211,计算预存的认证随机数的摘要值。在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。In step S211, the digest value of the pre-stored authentication random number is calculated. In this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
在步骤S212,根据预存的打孔随机数计算出打孔位置和打孔长度。可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。In step S212, the punching position and the punching length are calculated based on the pre-stored punching random numbers. It can be understood that the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
在步骤S213,将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值。In step S213, the data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate an authentication digest value.
在步骤S214,将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In step S214, the authentication digest value is compared with the received authentication information, and if they match, it is determined that the authentication is passed. In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
本公开进一步提供一种登录密码修改认证方法,该方法基于终端实现。参照图5,图5为本公开登录密码修改认证方法第一实施例的流程示意图,本公开提出的登录密码修改认证方法包括以下步骤。The present disclosure further provides a login password modification authentication method, which is implemented based on a terminal. Referring to FIG. 5, FIG. 5 is a schematic flowchart of a login password modification and authentication method according to a first embodiment of the present disclosure. The login password modification authentication method provided by the present disclosure includes the following steps.
在步骤S310,终端向服务器发送登录密码修改页面请求。In step S310, the terminal sends a login password modification page request to the server.
在本实施例中,该登录密码修改认证方法可以用于Web UI登录密码修改认证方法。登录密码修改页面请求可以为Web UI登录密码修改认证请求。In this embodiment, the login password modification authentication method can be used for the Web UI login password modification authentication method. The login password modification page request can modify the authentication request for the web UI login password.
服务器在接收到终端发送的登录密码修改页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的原始登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录密码修改页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
在步骤S320,终端接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密。In step S320, the terminal receiving the login password modification page, the encrypted authentication random number and the punching random number returned by the server based on the login password modification page request, and the authentication random number and the punching random number both utilize the pre-stored The original login password corresponding to the terminal is encrypted.
可选地,服务器使用登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法。Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
在步骤S330,在终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息。In step S330, after receiving the original login password and the new login password input by the user based on the login password modification page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received original login password. The authentication information is generated according to the decrypted authentication random number and the punched random number.
终端接收到登录密码修改页面后,显示登录密码修改页面,用户在登录密码修改页面的 密码输入栏输入原始登录密码和新登录密码。可以理解的是,在用户输入的原始登录密码正确时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码一致,因此终端可以利用用户输入的原始登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的原始登录密码错误时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码不一致,因此终端不能利用用户输入的原始登录密码对认证随机数和打孔随机数正确解密。After receiving the login password modification page, the terminal displays the login password modification page, and the user is in the login password modification page. Enter the original login password and the new login password in the password input field. It can be understood that, when the original login password input by the user is correct, the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption. When the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
可选地,所述根据解密后的认证随机数和打孔随机数生成认证信息的步骤包括:Optionally, the step of generating the authentication information according to the decrypted authentication random number and the punctured random number includes:
计算解密后的认证随机数的摘要值;在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。The digest value of the decrypted authentication random number is calculated; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
根据解密后的打孔随机数计算出打孔位置和打孔长度;可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。The punching position and the punching length are calculated according to the decrypted random number of punching holes; it can be understood that the punching length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。Data corresponding to the punching position and the punching length of the digest value is deleted, and other data after the deleted data is advanced by the punching length to generate the authentication information.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
步骤S340,将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。Step S340, the authentication information and the new login password are sent to the server, so that the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the new when the authentication is passed. login password.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
本公开提供的登录认证方法,通过终端向服务器发送登录密码修改页面请求,并接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,在终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,然后将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The login authentication method provided by the present disclosure sends a login password modification page request to the server through the terminal, and receives a login password modification page, an encrypted authentication random number, and a punched random number returned by the server based on the login password modification page request, After receiving the original login password and the new login password input by the user based on the login password modification page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received original login password, according to the decrypted The authentication random number and the punctured random number generate authentication information, and then send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the terminal with the terminal when the authentication is passed. The corresponding original login password is updated to the new login password. The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
本公开进一步提供一种登录密码修改认证方法,该方法基于服务器实现。参照图6,图6为本公开登录密码修改认证方法第二实施例的流程示意图,本公开提出的登录密码修改认证方法包括以下步骤。 The present disclosure further provides a login password modification authentication method, which is based on a server implementation. Referring to FIG. 6 , FIG. 6 is a schematic flowchart of a second embodiment of a login password modification and authentication method. The login password modification and authentication method provided by the present disclosure includes the following steps.
在步骤S410,服务器在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器。In step S410, after receiving the login password modification page request sent by the terminal, the server returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching random number are both Encrypting with a pre-stored original login password corresponding to the terminal, for the terminal to receive the original login password and the new login password input by the user based on the login password modification page, and using the received original login password Decrypting the authentication random number and the punctured random number returned by the server, generating authentication information according to the decrypted authentication random number and the punctured random number, and transmitting the authentication information and the new login password to the server.
在本实施例中,终端先向服务器发送登录密码修改页面请求。该登录密码修改认证方法可以用于Web UI登录密码修改认证方法。登录密码修改页面请求可以为Web UI登录密码修改认证请求。In this embodiment, the terminal first sends a login password modification page request to the server. The login password modification authentication method can be used for the web UI login password modification authentication method. The login password modification page request can modify the authentication request for the web UI login password.
服务器在接收到终端发送的登录密码修改页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的原始登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录密码修改页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
可选地,服务器使用原始登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法;Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the original login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm;
终端接收到登录密码修改页面后,显示登录密码修改页面,用户在登录密码修改页面的密码输入栏输入原始登录密码和新登录密码。可以理解的是,在用户输入的原始登录密码正确时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码一致,因此终端可以利用用户输入的原始登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的原始登录密码错误时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码不一致,因此终端不能利用用户输入的原始登录密码对认证随机数和打孔随机数正确解密。After receiving the login password modification page, the terminal displays the login password modification page, and the user inputs the original login password and the new login password in the password input field of the login password modification page. It can be understood that, when the original login password input by the user is correct, the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption. When the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
在步骤S420,服务器在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。In step S420, after receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the location when the authentication is passed. The new login password.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
可选地,所述对接收到的认证信息进行认证的步骤包括:计算预存的认证随机数的摘要值;在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。Optionally, the step of authenticating the received authentication information includes: calculating a digest value of the pre-stored authentication random number; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
根据预存的打孔随机数计算出打孔位置和打孔长度;可以理解的是,打孔长度可以以字 节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。According to the pre-stored random number of punching holes, the punching position and the punching length are calculated; it can be understood that the punching length can be a word Metering can also be measured in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值。The data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate an authentication digest value.
将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。The authentication digest value is compared with the received authentication information, and if they are consistent, the authentication is determined to pass.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
本公开提供的登录认证方法,通过服务器在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;服务器在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The login authentication method provided by the present disclosure returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal after receiving the login password modification page request sent by the terminal, and the authentication random number and the authentication random number are The punctured random numbers are encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received The original login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server; After receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the new login password when the authentication is passed. . The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
本公开进一步提供一种终端,参照图7,图7为本公开终端第一实施例的功能模块示意图,本公开提出的终端包括以下模块。The present disclosure further provides a terminal. Referring to FIG. 7, FIG. 7 is a schematic diagram of a functional module of a first embodiment of the present disclosure. The terminal proposed by the present disclosure includes the following modules.
第一发送模块110,设置为向服务器发送登录页面请求。The first sending module 110 is configured to send a login page request to the server.
在本实施例中,该登录认证方法可以用于Web UI登录认证方法。登录页面请求可以为Web UI登录认证请求。In this embodiment, the login authentication method can be used for the web UI login authentication method. The login page request can be used to log in to the web UI authentication request.
服务器在接收到终端发送的登录页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
第一接收模块120,设置为接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密。The first receiving module 120 is configured to receive, by the server, a login page that is returned based on the login page request, an encrypted authentication random number, and a punctured random number, and the authentication random number and the punctured random number both utilize pre-stored The login password corresponding to the terminal is encrypted.
可选地,服务器使用登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法。Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
第一生成模块130,设置为在接收到用户基于所述登录页面输入的登录密码后,利用接 收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息。The first generation module 130 is configured to: after receiving the login password input by the user based on the login page, The received login password decrypts the authentication random number and the punched random number returned by the server, and generates authentication information according to the decrypted authentication random number and the punched random number.
终端接收到登录页面后,显示登录页面,用户在登录页面的密码输入栏输入登录密码。可以理解的是,在用户输入的登录密码正确时,则服务器预存的与终端对应的登录密码与用户输入的登录密码一致,因此终端可以利用用户输入的登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的登录密码错误时,则服务器预存的与终端对应的登录密码与用户输入的登录密码不一致,因此终端不能利用用户输入的登录密码对认证随机数和打孔随机数正确解密。After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
所述第一发送模块110还设置为将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。The first sending module 110 is further configured to send the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication passes.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
本公开提供的终端,通过向服务器发送登录页面请求,并接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,并在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,然后终端将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The terminal provided by the present disclosure sends a login page request to the server, and receives a login page returned by the server based on the login page request, an encrypted authentication random number, and a punctured random number, and receives the user based on the login page. After inputting the login password, decrypting the authentication random number and the punching random number returned by the server by using the received login password, and generating authentication information according to the decrypted authentication random number and the punched random number, and then the terminal will The authentication information is sent to the server for the server to authenticate the received authentication information, and allows the terminal to log in when the authentication is passed. The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
进一步的,基于本公开终端的第一实施例,本公开还提出了终端的第二实施例,参照图8,图8为本公开终端第二实施例中第一生成模块的细化功能模块示意图。在第二实施例中,所述第一生成模块130包括第一计算单元131,设置为计算解密后的认证随机数的摘要值。在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。所述第一计算单元131还设置为根据解密后的打孔随机数计算出打孔位置和打孔长度。可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。Further, based on the first embodiment of the present disclosure, the present disclosure further provides a second embodiment of the terminal. Referring to FIG. 8, FIG. 8 is a schematic diagram of the refinement function module of the first generation module in the second embodiment of the present disclosure. . In the second embodiment, the first generation module 130 includes a first calculation unit 131 configured to calculate a digest value of the decrypted authentication random number. In this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms. The first calculating unit 131 is further configured to calculate the punching position and the punching length according to the decrypted punching random number. It can be understood that the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
第一生成单元132,设置为将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。The first generating unit 132 is configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data to the punching length to generate a Describe the authentication information.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
本公开进一步提供一种服务器,参照图9,图9为本公开服务器第一实施例的功能模块示意图,本公开提出的服务器包括第一返回模块210,设置为在接收到终端发送的登录页面 请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器。The present disclosure further provides a server. Referring to FIG. 9, FIG. 9 is a schematic diagram of a function module of a first embodiment of the present disclosure. The server provided by the present disclosure includes a first returning module 210, and is configured to receive a login page sent by the terminal. After the request, the login page, the encrypted authentication random number, and the punctured random number are returned to the terminal, and the authentication random number and the punctured random number are encrypted by using the pre-stored login password corresponding to the terminal. After receiving the login password input by the user based on the login page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received login password, and according to the decrypted authentication random number and playing The hole random number generates authentication information and transmits the authentication information to the server.
在本实施例中,终端先向服务器发送登录页面请求。该登录认证方法可以用于Web UI登录认证方法。登录页面请求可以为Web UI登录认证请求。In this embodiment, the terminal first sends a login page request to the server. The login authentication method can be used for the web UI login authentication method. The login page request can be used to log in to the web UI authentication request.
服务器在接收到终端发送的登录页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login page request sent by the terminal, the server generates two random numbers, one is the authentication random number and the other is the punching random number. The server then encrypts the authentication random number and the punctured random number using a pre-stored login password corresponding to the terminal. The server then sends the login page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
可选地,服务器使用登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法。Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
终端接收到登录页面后,显示登录页面,用户在登录页面的密码输入栏输入登录密码。可以理解的是,在用户输入的登录密码正确时,则服务器预存的与终端对应的登录密码与用户输入的登录密码一致,因此终端可以利用用户输入的登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的登录密码错误时,则服务器预存的与终端对应的登录密码与用户输入的登录密码不一致,因此终端不能利用用户输入的登录密码对认证随机数和打孔随机数正确解密。After receiving the login page, the terminal displays the login page, and the user enters the login password in the password input field of the login page. It can be understood that, when the login password input by the user is correct, the login password corresponding to the terminal pre-stored by the server is consistent with the login password input by the user, so the terminal can use the login password entered by the user to authenticate the random number and the punched random number. Make a correct decryption. When the login password entered by the user is incorrect, the login password corresponding to the terminal prestored by the server does not match the login password input by the user. Therefore, the terminal cannot correctly decrypt the authentication random number and the punched random number by using the login password input by the terminal.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
服务器还包括第一认证模块220,设置为在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。The server further includes a first authentication module 220 configured to, after receiving the authentication information sent by the terminal, authenticate the received authentication information, and allow the terminal to log in when the authentication is passed.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
本公开提供的服务器,通过服务器在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;服务器在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证 随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The server provided by the present disclosure returns a login page, an encrypted authentication random number, and a punctured random number to the terminal after receiving the login page request sent by the terminal, and the authentication random number and the puncturing random number are utilized by the server. The pre-stored login password corresponding to the terminal is encrypted, so that after receiving the login password input by the user based on the login page, the terminal uses the received login password to return the authentication random number to the server. The hole random number is decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number, and the authentication information is sent to the server; after receiving the authentication information sent by the terminal, the server receives the authentication information. The authentication is performed and the terminal is allowed to log in when the authentication is passed. The present disclosure generates authentication information by using an authentication random number and a punctured random number, and authenticates The random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, effectively avoiding the leakage of the Web UI login password and improving the security of the Web UI login.
进一步的,基于本公开服务器的第一实施例,本公开还提出了服务器的第二实施例,参照图10,图10为本公开服务器第二实施例中认证模块的细化功能模块示意图。在第二实施例中,所述第一认证模块220包括:第二计算单元221,设置为计算预存的认证随机数的摘要值。在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。Further, based on the first embodiment of the present disclosure, the present disclosure further provides a second embodiment of the server. Referring to FIG. 10, FIG. 10 is a schematic diagram of a refinement function module of the authentication module in the second embodiment of the disclosure server. In the second embodiment, the first authentication module 220 includes: a second calculating unit 221 configured to calculate a digest value of the pre-stored authentication random number. In this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
所述第二计算单元221还可以设置为根据预存的打孔随机数计算出打孔位置和打孔长度。可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。The second calculating unit 221 may further be configured to calculate the punching position and the punching length according to the pre-stored punching random number. It can be understood that the puncturing length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
第一认证模块220还包括第二生成单元222,设置为将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值。The first authentication module 220 further includes a second generating unit 222, configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data. Puncturing length to generate an authentication digest value.
第一认证模块220还包括认证单元223,设置为将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。The first authentication module 220 further includes an authentication unit 223 configured to compare the authentication digest value with the received authentication information, and if they are consistent, determine that the authentication is passed.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
本公开进一步提供一种终端,参照图11,图11为本公开终端第三实施例的功能模块示意图,本公开提出的终端包括:第二发送模块310,设置为向服务器发送登录密码修改页面请求。在本实施例中,该登录密码修改认证方法可以用于Web UI登录密码修改认证方法。登录密码修改页面请求可以为Web UI登录密码修改认证请求。The present disclosure further provides a terminal. Referring to FIG. 11, FIG. 11 is a schematic diagram of a function module of a third embodiment of the present disclosure. The terminal provided by the present disclosure includes: a second sending module 310, configured to send a login password modification page request to the server. . In this embodiment, the login password modification authentication method can be used for the Web UI login password modification authentication method. The login password modification page request can modify the authentication request for the web UI login password.
服务器在接收到终端发送的登录密码修改页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的原始登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录密码修改页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
终端还包括第二接收模块320,设置为接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密。The terminal further includes a second receiving module 320, configured to receive, by the server, a login password modification page, an encrypted authentication random number, and a punctured random number returned according to the login password modification page request, and the authentication random number and the punching random number The numbers are all encrypted using the pre-stored original login password corresponding to the terminal.
可选地,服务器使用登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法。Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm.
终端还包括第二生成模块330,设置为在接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息。 The terminal further includes a second generating module 330, configured to: after receiving the original login password and the new login password input by the user based on the login password modification page, using the received original login password to return the authentication random number to the server The punctured random number is decrypted, and the authentication information is generated according to the decrypted authentication random number and the punctured random number.
终端接收到登录密码修改页面后,显示登录密码修改页面,用户在登录密码修改页面的密码输入栏输入原始登录密码和新登录密码。可以理解的是,在用户输入的原始登录密码正确时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码一致,因此终端可以利用用户输入的原始登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的原始登录密码错误时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码不一致,因此终端不能利用用户输入的原始登录密码对认证随机数和打孔随机数正确解密。After receiving the login password modification page, the terminal displays the login password modification page, and the user inputs the original login password and the new login password in the password input field of the login password modification page. It can be understood that, when the original login password input by the user is correct, the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption. When the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
可选地,所述根据解密后的认证随机数和打孔随机数生成认证信息包括以下步骤。Optionally, the generating the authentication information according to the decrypted authentication random number and the punctured random number includes the following steps.
计算解密后的认证随机数的摘要值;在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。The digest value of the decrypted authentication random number is calculated; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
根据解密后的打孔随机数计算出打孔位置和打孔长度;可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。The punching position and the punching length are calculated according to the decrypted random number of punching holes; it can be understood that the punching length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。Data corresponding to the punching position and the punching length of the digest value is deleted, and other data after the deleted data is advanced by the punching length to generate the authentication information.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
所述第二发送模块310还设置为将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。The second sending module 310 is further configured to send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the pre-stored original corresponding to the terminal when the authentication is passed. The login password is updated to the new login password.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
本公开提供的终端,通过终端向服务器发送登录密码修改页面请求,并接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,在终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,然后将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The terminal provided by the disclosure sends a login password modification page request to the server through the terminal, and receives a login password modification page returned by the server based on the login password modification page request, the encrypted authentication random number and the punched random number, and receives at the terminal. After the user enters the original login password and the new login password based on the login password modification page, the authenticated random number and the punched random number returned by the server are decrypted by using the received original login password, and are randomly selected according to the decrypted authentication. The number and the punctured random number generate authentication information, and then send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the pre-stored corresponding to the terminal when the authentication is passed. The original login password is updated to the new login password. The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
本公开进一步提供一种服务器,参照图12,图12为本公开服务器第三实施例的功能模块示意图,本公开提出的服务器包括以下模块。 The present disclosure further provides a server. Referring to FIG. 12, FIG. 12 is a schematic diagram of functional modules of a third embodiment of the present disclosure. The server proposed by the present disclosure includes the following modules.
第二返回模块410,设置为在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;The second returning module 410 is configured to: after receiving the login password modification page request sent by the terminal, return a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching The random number is encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received The original login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server;
在本实施例中,终端先向服务器发送登录密码修改页面请求。该登录密码修改认证方法可以用于Web UI登录密码修改认证方法。登录密码修改页面请求可以为Web UI登录密码修改认证请求。In this embodiment, the terminal first sends a login password modification page request to the server. The login password modification authentication method can be used for the web UI login password modification authentication method. The login password modification page request can modify the authentication request for the web UI login password.
服务器在接收到终端发送的登录密码修改页面请求后,生成两个随机数,一个为认证随机数,另一个为打孔随机数。然后服务器使用预存的与所述终端对应的原始登录密码对认证随机数和打孔随机数进行加密。然后服务器将登录密码修改页面、经过加密的认证随机数以及打孔随机数一起发送至终端。After receiving the login password modification page request sent by the terminal, the server generates two random numbers, one is an authentication random number, and the other is a punching random number. The server then encrypts the authentication random number and the punctured random number using the pre-stored original login password corresponding to the terminal. The server then sends the login password modification page, the encrypted authentication random number, and the punctured random number to the terminal.
可选地,服务器向终端发送的认证随机数和打孔随机数都是服务器使用序列号和时间参数作为种子生成的,序列号初始值不为0,每生成一次随机数序列号加1,时间参数取值为生成随机数的时刻。Optionally, the authentication random number and the punctured random number sent by the server to the terminal are generated by the server using the sequence number and the time parameter as a seed, and the initial value of the sequence number is not 0, and the sequence number of the random number is incremented by 1 each time. The parameter value is the time at which the random number is generated.
可选地,服务器使用原始登录密码对所述认证随机数和打孔随机数进行加密的算法可以为公开的标准加密算法,例如AES,也可以为私有加密算法;Optionally, the algorithm for encrypting the authentication random number and the punctured random number by using the original login password may be a public standard encryption algorithm, such as AES, or a private encryption algorithm;
终端接收到登录密码修改页面后,显示登录密码修改页面,用户在登录密码修改页面的密码输入栏输入原始登录密码和新登录密码。可以理解的是,在用户输入的原始登录密码正确时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码一致,因此终端可以利用用户输入的原始登录密码对认证随机数和打孔随机数进行正确解密。在用户输入的原始登录密码错误时,则服务器预存的与终端对应的原始登录密码与用户输入的原始登录密码不一致,因此终端不能利用用户输入的原始登录密码对认证随机数和打孔随机数正确解密。After receiving the login password modification page, the terminal displays the login password modification page, and the user inputs the original login password and the new login password in the password input field of the login password modification page. It can be understood that, when the original login password input by the user is correct, the original login password corresponding to the terminal pre-stored by the server is consistent with the original login password input by the user, so the terminal can use the original login password input by the user to authenticate the random number and Punch the random number for correct decryption. When the original login password entered by the user is incorrect, the original login password corresponding to the terminal pre-stored by the server is inconsistent with the original login password input by the user, so the terminal cannot use the original login password input by the user to correctly authenticate the random number and the punched random number. Decrypt.
根据认证随机数和打孔随机数生成认证信息的方式可以根据预设规则生成。预设规则可以根据实际需要进行设置。The manner of generating authentication information according to the authentication random number and the punctured random number may be generated according to a preset rule. Preset rules can be set according to actual needs.
第二认证模块420,设置为在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。The second authentication module 420 is configured to, after receiving the authentication information and the new login password sent by the terminal, authenticate the received authentication information, and store the pre-stored original login password corresponding to the terminal when the authentication is passed. Update to the new login password.
在本实施例中,服务器需要根据之前生成的认证随机数和打孔随机数生成认证信息,并且,服务器在接收到认证信息后,将接收到的认证信息与生成的认证信息进行比对,在一致时,则判定认证通过;在不一致时,则判定认证不通过。In this embodiment, the server needs to generate the authentication information according to the previously generated authentication random number and the punctured random number, and after receiving the authentication information, the server compares the received authentication information with the generated authentication information, If they match, the authentication is passed; if they are not, the authentication is not passed.
可选地,所述对接收到的认证信息进行认证包括以下步骤。Optionally, the authenticating the received authentication information includes the following steps.
计算预存的认证随机数的摘要值;在本实施例中,计算摘要值的算法可以为MD5或SHA-1或其他算法。 The digest value of the pre-stored authentication random number is calculated; in this embodiment, the algorithm for calculating the digest value may be MD5 or SHA-1 or other algorithms.
根据预存的打孔随机数计算出打孔位置和打孔长度;可以理解的是,打孔长度可以以字节计量,也可以比特计量。即,打孔长度可以为打孔字节数或打孔比特数。The punching position and the punching length are calculated according to the pre-stored punching random number; it can be understood that the punching length can be measured in bytes or in bits. That is, the puncturing length can be the number of punctured bytes or the number of punctured bits.
将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值。The data corresponding to the punching position and the punching length of the digest value is deleted, and the other data after the deleted data is advanced by the punching length to generate an authentication digest value.
将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。The authentication digest value is compared with the received authentication information, and if they are consistent, the authentication is determined to pass.
在本实施例中,可选地,为确保摘要值长度不变,需要在打孔生成的新摘要值后面进行填充,填充值最好是随机数值,填充长度为打孔字节数或打孔比特数。In this embodiment, optionally, to ensure that the length of the digest value is constant, it is required to fill the new digest value generated by the puncturing, and the padding value is preferably a random value, and the padding length is the number of punctured bytes or punched. The number of bits.
本实施例由于采用了随机数打孔填充技术,进一步提高了登录认证时的安全性。In this embodiment, since the random number punching filling technique is adopted, the security at the time of login authentication is further improved.
本公开提供的服务器,通过服务器在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;服务器在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。本公开由于采用认证随机数和打孔随机数生成认证信息,并且认证随机数和打孔随机数使用登录密码加密,使得攻击者无法通过HASH字典攻击来破解登录密码,有效地避免了Web UI登录密码泄露,提高Web UI登录的安全性。The server provided by the disclosure, after receiving the login password modification page request sent by the terminal, returns a login password modification page, an encrypted authentication random number and a punched random number to the terminal, and the authentication random number and the punching The random number is encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received The original login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server; the server is After receiving the authentication information and the new login password sent by the terminal, the received authentication information is authenticated, and the pre-stored original login password corresponding to the terminal is updated to the new login password when the authentication is passed. The present disclosure generates authentication information by using the authentication random number and the punctured random number, and the authentication random number and the punctured random number are encrypted by using the login password, so that the attacker cannot crack the login password through the HASH dictionary attack, thereby effectively avoiding the Web UI login. The password is leaked to improve the security of the web UI login.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is to be understood that the term "comprises", "comprising", or any other variants thereof, is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a series of elements includes those elements. It also includes other elements that are not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
上述本公开实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present disclosure are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本公开的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本公开各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present disclosure, which is essential or contributes to the related art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, CD-ROM). The instructions include a number of instructions for causing a terminal device (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in various embodiments of the present disclosure.
以上仅为本公开的优选实施例,并非因此限制本公开的专利范围,凡是利用本公开说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本公开的专利保护范围内。 The above is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the patents of the present disclosure, and the equivalent structure or equivalent process transformations made by the present disclosure and the contents of the drawings may be directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present disclosure.

Claims (12)

  1. 一种登录认证方法,包括:A login authentication method, including:
    终端向服务器发送登录页面请求;The terminal sends a login page request to the server;
    终端接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密;The terminal receiving server returns a login page, an encrypted authentication random number, and a punctured random number based on the login page request, and the authentication random number and the punctured random number are both performed by using a pre-stored login password corresponding to the terminal. encryption;
    终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息;After receiving the login password input by the user based on the login page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received login password, and according to the decrypted authentication random number and punching Generate random authentication information;
    终端将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。The terminal sends the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication is passed.
  2. 如权利要求1所述的登录认证方法,其中,所述根据解密后的认证随机数和打孔随机数生成认证信息的步骤包括:The login authentication method according to claim 1, wherein the step of generating authentication information according to the decrypted authentication random number and the punctured random number comprises:
    计算解密后的认证随机数的摘要值;Calculating a digest value of the decrypted authentication random number;
    根据解密后的打孔随机数计算出打孔位置和打孔长度;Calculating the punching position and the punching length according to the decrypted random number of punching holes;
    将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。Data corresponding to the punching position and the punching length of the digest value is deleted, and other data after the deleted data is advanced by the punching length to generate the authentication information.
  3. 如权利要求1所述的登录认证方法,还包括:The login authentication method of claim 1, further comprising:
    服务器在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;After receiving the login page request sent by the terminal, the server returns a login page, an encrypted authentication random number, and a punctured random number to the terminal, and the authentication random number and the punctured random number are both pre-stored and corresponding to the terminal. The login password is encrypted, so that the terminal decrypts the authentication random number and the punched random number returned by the server by using the received login password after receiving the login password input by the user based on the login page, and Generating authentication information according to the decrypted authentication random number and the punctured random number, and transmitting the authentication information to the server;
    服务器在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。After receiving the authentication information sent by the terminal, the server authenticates the received authentication information and allows the terminal to log in when the authentication is passed.
  4. 如权利要求3所述的登录认证方法,其中,所述对接收到的认证信息进行认证的步骤包括:The login authentication method according to claim 3, wherein the step of authenticating the received authentication information comprises:
    计算预存的认证随机数的摘要值;Calculating a digest value of the pre-stored authentication random number;
    根据预存的打孔随机数计算出打孔位置和打孔长度;Calculating the punching position and the punching length according to the pre-stored random number of punching holes;
    将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值;Deleting the data corresponding to the punching position and the punching length of the digest value, and moving the other data after the deleted data to the punching length to generate an authentication digest value;
    将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。 The authentication digest value is compared with the received authentication information, and if they are consistent, the authentication is determined to pass.
  5. 如权利要求1所述的登录认证方法,还包括:The login authentication method of claim 1, further comprising:
    终端向服务器发送登录密码修改页面请求;The terminal sends a login password modification page request to the server;
    终端接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密;Receiving, by the terminal receiving server, a login password modification page, an encrypted authentication random number, and a punching random number, which are returned by the login password modification page request, and the authentication random number and the punching random number are both pre-stored and corresponding to the terminal The original login password is encrypted;
    在终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息;After receiving the original login password and the new login password input by the user based on the login password modification page, the terminal decrypts the authentication random number and the punched random number returned by the server by using the received original login password, according to the decryption. The authentication random number and the punctured random number generate authentication information;
    将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。Sending the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the new login password when the authentication is passed.
  6. 如权利要求5所述的登录认证方法,还包括:The login authentication method of claim 5, further comprising:
    服务器在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;After receiving the login password modification page request sent by the terminal, the server returns a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching random number both use the pre-stored The original login password corresponding to the terminal is encrypted, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and returns the original login password to the server. Decrypting the authentication random number and the punctured random number, generating authentication information according to the decrypted authentication random number and the punctured random number, and transmitting the authentication information and the new login password to the server;
    服务器在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。After receiving the authentication information and the new login password sent by the terminal, the server authenticates the received authentication information, and updates the pre-stored original login password corresponding to the terminal to the new login password when the authentication is passed. .
  7. 一种终端,包括:A terminal comprising:
    第一发送模块,设置为向服务器发送登录页面请求;a first sending module, configured to send a login page request to the server;
    第一接收模块,设置为接收服务器基于所述登录页面请求返回的登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密;The first receiving module is configured to receive, by the server, a login page that is returned based on the login page request, an encrypted authentication random number, and a punctured random number, and the authentication random number and the punctured random number are both pre-stored and The login password corresponding to the terminal is encrypted;
    第一生成模块,设置为在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息;The first generating module is configured to: after receiving the login password input by the user based on the login page, decrypt the authentication random number and the punching random number returned by the server by using the received login password, and according to the decrypted The authentication random number and the punched random number generate authentication information;
    所述第一发送模块还设置为将所述认证信息发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。The first sending module is further configured to send the authentication information to the server, so that the server authenticates the received authentication information, and allows the terminal to log in when the authentication passes.
  8. 如权利要求7所述的终端,其中,所述第一生成模块包括:The terminal of claim 7, wherein the first generation module comprises:
    第一计算单元,设置为计算解密后的认证随机数的摘要值; a first calculating unit, configured to calculate a digest value of the decrypted authentication random number;
    所述第一计算单元还设置为根据解密后的打孔随机数计算出打孔位置和打孔长度;The first calculating unit is further configured to calculate a punching position and a punching length according to the decrypted punching random number;
    第一生成单元,设置为将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成所述认证信息。a first generating unit, configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data to the punching length to generate the Certification Information.
  9. 一种服务器,包括:A server that includes:
    第一返回模块,设置为在接收到终端发送的登录页面请求后,向终端返回登录页面、经过加密的认证随机数以及打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的登录密码进行加密,以供所述终端在接收到用户基于所述登录页面输入的登录密码后,利用接收到的所述登录密码对服务器返回的认证随机数和打孔随机数进行解密,并根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息发送至服务器;The first returning module is configured to: after receiving the login page request sent by the terminal, return a login page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching random number are both pre-stored And the login password corresponding to the terminal is encrypted, so that after the terminal receives the login password input by the user based on the login page, the terminal uses the received login password to return the authentication random number and punched by the server. Decrypting the random number, and generating authentication information according to the decrypted authentication random number and the punctured random number, and transmitting the authentication information to the server;
    第一认证模块,设置为在接收到终端发送的认证信息后,对接收到的认证信息进行认证,并在认证通过时允许所述终端登录。The first authentication module is configured to, after receiving the authentication information sent by the terminal, authenticate the received authentication information, and allow the terminal to log in when the authentication is passed.
  10. 如权利要求9所述的服务器,其中,所述第一认证模块包括:The server of claim 9, wherein the first authentication module comprises:
    第二计算单元,设置为计算预存的认证随机数的摘要值;a second calculating unit, configured to calculate a digest value of the pre-stored authentication random number;
    所述第二计算单元还设置为根据预存的打孔随机数计算出打孔位置和打孔长度;The second calculating unit is further configured to calculate a punching position and a punching length according to the pre-stored punching random number;
    第二生成单元,设置为将所述摘要值的与所述打孔位置和打孔长度对应的数据删除,并将被删除的数据之后的其他数据前移所述打孔长度,以生成认证摘要值;a second generating unit, configured to delete data corresponding to the punching position and the punching length of the digest value, and advance other data after the deleted data to the punching length to generate an authentication digest value;
    认证单元,设置为将所述认证摘要值与接收到的所述认证信息进行对比,若一致,则判定认证通过。The authentication unit is configured to compare the authentication digest value with the received authentication information, and if they are consistent, determine that the authentication is passed.
  11. 如权利要求7所述的终端,还包括:The terminal of claim 7, further comprising:
    第二发送模块,设置为向服务器发送登录密码修改页面请求;a second sending module, configured to send a login password modification page request to the server;
    第二接收模块,设置为接收服务器基于所述登录密码修改页面请求返回的登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密;The second receiving module is configured to receive, by the server, a login password modification page, an encrypted authentication random number, and a punched random number returned according to the login password modification page request, and the authentication random number and the punching random number are both pre-stored Encrypting the original login password corresponding to the terminal;
    第二生成模块,设置为在接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息;a second generating module, configured to: after receiving the original login password and the new login password input by the user based on the login password modification page, using the received original login password to return the authentication random number and the punching random number to the server Decrypting, generating authentication information according to the decrypted authentication random number and the punching random number;
    所述第二发送模块还设置为将所述认证信息和新登录密码发送至服务器,以供服务器对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。The second sending module is further configured to send the authentication information and the new login password to the server, so that the server authenticates the received authentication information, and pre-stores the original login corresponding to the terminal when the authentication is passed. The password is updated to the new login password.
  12. 如权利要求9所述的服务器,还包括: The server of claim 9 further comprising:
    第二返回模块,设置为在接收到终端发送的登录密码修改页面请求后,向终端返回登录密码修改页面、经过加密的认证随机数和打孔随机数,且所述认证随机数与打孔随机数均利用预存的与所述终端对应的原始登录密码进行加密,以供所述终端接收到用户基于所述登录密码修改页面输入的原始登录密码和新登录密码后,利用接收到的所述原始登录密码对服务器返回的认证随机数和打孔随机数进行解密,根据解密后的认证随机数和打孔随机数生成认证信息,并将所述认证信息和新登录密码发送至服务器;The second returning module is configured to: after receiving the login password modification page request sent by the terminal, return a login password modification page, an encrypted authentication random number, and a punched random number to the terminal, and the authentication random number and the punching random number The number is encrypted by using the pre-stored original login password corresponding to the terminal, so that the terminal receives the original login password and the new login password input by the user based on the login password modification page, and uses the received original The login password decrypts the authentication random number and the punched random number returned by the server, generates authentication information according to the decrypted authentication random number and the punched random number, and sends the authentication information and the new login password to the server;
    第二认证模块,设置为在接收到终端发送的所述认证信息和新登录密码后,对接收到的认证信息进行认证,并在认证通过时将预存的与所述终端对应的原始登录密码更新为所述新登录密码。 The second authentication module is configured to: after receiving the authentication information and the new login password sent by the terminal, authenticating the received authentication information, and updating the pre-stored original login password corresponding to the terminal when the authentication is passed For the new login password.
PCT/CN2017/091251 2016-09-12 2017-06-30 Login authentication and login password modification authentication methods, terminal, and server WO2018045802A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610817478.2 2016-09-12
CN201610817478.2A CN107819723A (en) 2016-09-12 2016-09-12 Login authentication and login password modification authentication method, terminal and server

Publications (1)

Publication Number Publication Date
WO2018045802A1 true WO2018045802A1 (en) 2018-03-15

Family

ID=61561318

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/091251 WO2018045802A1 (en) 2016-09-12 2017-06-30 Login authentication and login password modification authentication methods, terminal, and server

Country Status (2)

Country Link
CN (1) CN107819723A (en)
WO (1) WO2018045802A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743696A (en) * 2018-12-29 2019-05-10 努比亚技术有限公司 Identifying code encryption method, system and readable storage medium storing program for executing
CN110336807A (en) * 2019-06-28 2019-10-15 苏州浪潮智能科技有限公司 A kind of identity identifying method based on Web service, equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768613A (en) * 2018-04-03 2018-11-06 四川新网银行股份有限公司 A kind of ciphertext password method of calibration based on multiple encryption algorithms
CN109787989B (en) * 2019-01-30 2022-05-31 广东工业大学 Password modification method, system, target server and storage medium
CN115622794B (en) * 2022-11-15 2023-04-07 北京密码云芯科技有限公司 Encryption and decryption method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836310B1 (en) * 2002-11-01 2010-11-16 Yevgeniy Gutnik Security system that uses indirect password-based encryption
CN102387161A (en) * 2011-12-14 2012-03-21 创新科存储技术有限公司 Authentication method
CN102724215A (en) * 2012-07-07 2012-10-10 成都国腾实业集团有限公司 Method for storing user key safely and improving data security of cloud platform based on user login password
CN103096165A (en) * 2013-01-05 2013-05-08 中国传媒大学 Method for certification between digital television set-top box and remote control unit
CN103581121A (en) * 2012-07-25 2014-02-12 深圳中兴网信科技有限公司 Log-in authentication method and system on web application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836310B1 (en) * 2002-11-01 2010-11-16 Yevgeniy Gutnik Security system that uses indirect password-based encryption
CN102387161A (en) * 2011-12-14 2012-03-21 创新科存储技术有限公司 Authentication method
CN102724215A (en) * 2012-07-07 2012-10-10 成都国腾实业集团有限公司 Method for storing user key safely and improving data security of cloud platform based on user login password
CN103581121A (en) * 2012-07-25 2014-02-12 深圳中兴网信科技有限公司 Log-in authentication method and system on web application
CN103096165A (en) * 2013-01-05 2013-05-08 中国传媒大学 Method for certification between digital television set-top box and remote control unit

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743696A (en) * 2018-12-29 2019-05-10 努比亚技术有限公司 Identifying code encryption method, system and readable storage medium storing program for executing
CN110336807A (en) * 2019-06-28 2019-10-15 苏州浪潮智能科技有限公司 A kind of identity identifying method based on Web service, equipment and storage medium

Also Published As

Publication number Publication date
CN107819723A (en) 2018-03-20

Similar Documents

Publication Publication Date Title
WO2018045802A1 (en) Login authentication and login password modification authentication methods, terminal, and server
US8209744B2 (en) Mobile device assisted secure computer network communication
US8156333B2 (en) Username based authentication security
WO2019020051A1 (en) Method and apparatus for security authentication
KR100979576B1 (en) Methods for remotely changing a communications password
US20100332841A1 (en) Authentication Method and System
CN110213195B (en) Login authentication method, server and user terminal
WO2017185913A1 (en) Method for improving wireless local area network authentication mechanism
CN107612889B (en) Method for preventing user information leakage
WO2009155813A1 (en) Method for storing encrypted data in client and system thereof
US11503022B2 (en) Personalized security system
CN107306181B (en) Authentication system and encryption and verification method and device of authentication information thereof
KR20080004165A (en) Method for device authentication using broadcast encryption
CN110677382A (en) Data security processing method, device, computer system and storage medium
KR101531662B1 (en) Method and system for mutual authentication between client and server
CN103701787A (en) User name password authentication method implemented on basis of public key algorithm
TWI526871B (en) Server, user device, and user device and server interaction method
CN114499871B (en) Signature encryption method, device and system and computer readable storage medium
Schwab et al. Entity authentication in a mobile-cloud environment
CN114024672A (en) Safety protection method and system for low-voltage power line carrier communication system
CN111740995B (en) Authorization authentication method and related device
KR102171377B1 (en) Method of login control
CN111460523B (en) Verification method, device and computer readable storage medium for data integrity
CN111181722A (en) Authentication method and system
CN104135470A (en) A method and system for verifying storage integrity of target data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17847975

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17847975

Country of ref document: EP

Kind code of ref document: A1