CN103327034A - Safe login method, system and device - Google Patents
Safe login method, system and device Download PDFInfo
- Publication number
- CN103327034A CN103327034A CN2013103031562A CN201310303156A CN103327034A CN 103327034 A CN103327034 A CN 103327034A CN 2013103031562 A CN2013103031562 A CN 2013103031562A CN 201310303156 A CN201310303156 A CN 201310303156A CN 103327034 A CN103327034 A CN 103327034A
- Authority
- CN
- China
- Prior art keywords
- character string
- client
- cloud server
- checking character
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a safe login method. The safe login method comprises the following steps that: a cloud server receives a login check request sent by a client; the cloud server generates a check character string according to the login check request and sends the check character string to the client, wherein the check character string comprises a plurality of characters and the plurality of the characters are randomly arrayed; the client is used for displaying the check character string to a user and recording input information aiming at the check character string of the user; the client feeds back the input information to the cloud server; and the cloud server carries out login check on the client according to the input information. According to the safe login method disclosed by the invention, the characters of the check character string are randomly arrayed so that the safety of a login system is improved when an http (Hyper Text Transport Protocol) is used for sending a login request; and the calculation amount of an encryption algorithm is small and the power consumption is low. The invention further discloses a safe login system and the cloud server.
Description
Technical field
The present invention relates to Internet technical field, particularly a kind of safe login method, system and device.
Background technology
The development of the Internet also is accompanied by the growth of network security threats.Service in a lot of websites needs the user just can use after logining, and in login process, needs account and the password of transmission user.Many hackers are by the user login information of intercepting transmission, and malice is stolen user account and password, has threatened user's individual account number safety.
General traditional login system in order to guarantee the user cipher safe transmission, generally can adopt the data transmission mechanism based on ssl protocol when submitting user's logging request to, as adopting the https agreement.
Under the mobile network at home, use the https consultation following fatal problem to occur:
(1), the gateway of some mobile operator do not support the https agreement, such as CMWAP gateway early.
(2), because mobile network's transmission speed itself is slower, add three SSL handshake process of https agreement existence and https certificate checking procedure, and certification authentication mechanism all abroad, and these all cause using the https consultation the very slow problem of response speed to occur on the mobile network at home.
For fear of cause the user to experience rapid deterioration because of the problems referred to above, many movements are applied in and all directly use the http agreement when submitting user's logging request to.If process but user cipher is not done respective encrypted, directly use the http agreement, user cipher is easy to be got access to by operations such as network packet capturings by the hacker, causes user profile to reveal, and threatens user information safety.In order to address this problem, great majority adopt the mobile meeting of application of http agreement before sending logging request, by key the password of user's input is done symmetry or asymmetric encryption in client first, then the password after will encrypting is sent to service end, after service end receives the password of encryption, deciphering obtains the password of user's input, relatively comes the validity of authentication of users password by the user's original password with the service end preservation.This mode has improved the fail safe of user cipher to a certain extent, but in fact, this login system is still safe not, and reason is as follows:
(1) if what adopt during the client encrypt user cipher is symmetric encipherment algorithm, the hacker can pass through reverse-engineering decompiling client-side program, know cryptographic algorithm details and default fixed key, when the hacker obtains the user cipher of encryption by the network packet capturing, can obtain the real password of user according to corresponding decipherment algorithm.
(2) if what adopt during the client encrypt user cipher is rivest, shamir, adelman, the hacker can't utilize the method in () to obtain the real password of user.But the hacker can pass through the Replay Attack means, and the user name that obtains during with the network packet capturing and the password of encryption again are sent to service end and login, and obtain the subscriber sign-in conversation information that service end is returned, and obtains all operations power of user account.In like manner, during the customer end adopted symmetric encipherment algorithm, the hacker also can realize logining by this means victim's account.
(3), in order to improve fail safe, generally cryptographic algorithm can be designed complicatedly when doing the encryption process, cause that development cost is high, amount of calculation is large.And amount of calculation means that also the electricity consumption of equipment amount is large large the time, and for mobile device, electric weight is very important resource.
Summary of the invention
The present invention is intended to solve at least one of technical problem that exists in the prior art.For this reason, one object of the present invention is to propose a kind of safe login method, by the checking character string character is carried out random alignment, improved the fail safe of login system when using the http agreement to send logging request, and the cryptographic algorithm amount of calculation is little, and power consumption is low.
Second purpose of the present invention is to propose a kind of Security Login System.
The 3rd purpose of the present invention is to propose a kind of cloud server.
For achieving the above object, the embodiment of first aspect present invention has proposed a kind of safe login method, may further comprise the steps: cloud server receives the login authentication request that client sends; Described cloud server generates the checking character string and described checking character string is sent to described client according to described login authentication request, and wherein, described checking character string comprises a plurality of characters, and described a plurality of character random alignment; Described client shows described user with described checking character string, and records described user for the input message of described checking character string; Described client feeds back to described cloud server with described input message; Described cloud server carries out login authentication according to described input message to described client.
Safe login method according to the embodiment of the invention carries out random alignment by the checking character string with character, and the checking character string of each user's login is all different, so button number information corresponding to each code characters do not fixed.Even password is obtained by the malice packet capturing, also be difficult to be resolved out.Thereby improved the fail safe of login system when the http agreement sends logging request, and the cryptographic algorithm amount of calculation is little, power consumption is low.
In one embodiment of the invention, described client shows described user with described checking character string, and record described user and further comprise for the input message of described checking character string: described client generates corresponding soft keyboard according to the order of character in described checking character string and the described checking character string, and records the positional information of a plurality of characters in described soft keyboard in the described checking character string; The described user of described client is for the trigger action of described soft keyboard, and with the positional information that triggers as described input message.
In one embodiment of the invention, also comprise: described client is sent to described cloud server with user name, so that described cloud server is verified described client according to described input message and user name.
In one embodiment of the invention, described positional information comprises order information or the coordinate information of described a plurality of character in described soft keyboard.
In one embodiment of the invention, also comprise: described cloud server generates unique string according to described login authentication request, and described unique string is sent to described client, and sets up the corresponding relation between described unique string and the described checking character string.
In one embodiment of the invention, also comprise: described client feeds back to described cloud server with described unique string.
In one embodiment of the invention, described cloud server is verified further described client according to described input message and comprised: described cloud server obtains corresponding checking character string according to described unique string; Described cloud server is concatenated into corresponding password expressly according to the checking character of described input message and described correspondence; Described cloud server expressly carries out login authentication to described client according to described user name and described password.
In one embodiment of the invention, described client is portable terminal.
The embodiment of second aspect present invention has proposed a kind of Security Login System, comprises client and cloud server.Wherein, described client, be used for sending the login authentication request to described cloud server, and receive the checking character string that described cloud server sends, and described checking character string showed described user, and record described user for the input message of described checking character string, and described input message is fed back to described cloud server; Described cloud server is used for generating the checking character string and described checking character string being sent to described client according to described login authentication request, wherein, described checking character string comprises a plurality of characters, and described a plurality of character random alignment, and according to described input message described client is carried out login authentication.
Security Login System according to the embodiment of the invention carries out random alignment by the checking character string with character, and the checking character string of each user's login is all different, so button number information corresponding to each code characters do not fixed.Even password is obtained by the malice packet capturing, also be difficult to be resolved out.Thereby improved the fail safe of login system when the http agreement sends logging request, and the cryptographic algorithm amount of calculation is little, power consumption is low.
In one embodiment of the invention, described client generates corresponding soft keyboard according to the order of character in described checking character string and the described checking character string, and record the positional information of a plurality of characters in described soft keyboard in the described checking character string, and receive described user for the trigger action of described soft keyboard, and with the positional information that triggers as described input message.
In one embodiment of the invention, described client also is used for user name is sent to described cloud server, so that described cloud server is verified described client according to described input message and user name.
In one embodiment of the invention, described positional information comprises order information or the coordinate information of described a plurality of character in described soft keyboard.
In one embodiment of the invention, described cloud server also is used for generating unique string according to described login authentication request, and described unique string is sent to described client, and sets up the corresponding relation between described unique string and the described checking character string.
In one embodiment of the invention, described client also is used for described unique string is fed back to described cloud server.
In one embodiment of the invention, described cloud server obtains corresponding checking character string according to described unique string, and concatenate into corresponding password expressly according to the checking character of described input message and described correspondence, and expressly described client is carried out login authentication according to described user name and described password.
In one embodiment of the invention, described client is portable terminal.
The embodiment of third aspect present invention has proposed a kind of cloud server, comprises login authentication request receiving module, checking character string administration module, input message receiver module and login authentication module.
Wherein, login authentication request receiving module is used for receiving the login authentication request that client sends; Checking character string administration module is used for generating the checking character string and described checking character string being sent to described client according to described login authentication request, wherein, described checking character string comprises a plurality of characters, and described a plurality of character random alignment, so that described client shows described user with described checking character string, and record described user for the input message of described checking character string; The input message receiver module is used for receiving the described input message that described client sends; The login authentication module is used for according to described input message described client being carried out login authentication.
Cloud server according to the embodiment of the invention carries out random alignment by the checking character string with character, and the checking character string of each user's login is all different, so button number information corresponding to each code characters do not fixed.Even password is obtained by the malice packet capturing, also be difficult to be resolved out.Thereby improved the fail safe of login system when the http agreement sends logging request, and the cryptographic algorithm amount of calculation is little, power consumption is low.
In one embodiment of the invention, described client generates corresponding soft keyboard according to the order of character in described checking character string and the described checking character string, and record the positional information of a plurality of characters in described soft keyboard in the described checking character string, and receive described user for the trigger action of described soft keyboard, and with the positional information that triggers as described input message.
In one embodiment of the invention, described login authentication module receives the user name that described client sends, and according to described input message and user name described client is verified.
In one embodiment of the invention, described checking character string administration module generates unique string according to described login authentication request, and described unique string is sent to described client, and sets up the corresponding relation between described unique string and the described checking character string.
In one embodiment of the invention, described login authentication request receiving module receives described unique string that described client sends.
In one embodiment of the invention, described login authentication module is obtained corresponding checking character string according to described unique string, and concatenate into corresponding password expressly according to the checking character of described input message and described correspondence, and expressly described client is carried out login authentication according to described user name and described password.
Additional aspect of the present invention and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment in conjunction with following accompanying drawing, wherein:
Fig. 1 is the safe login method flow chart according to the embodiment of the invention;
Fig. 2 is the schematic diagram according to the client soft keyboard of the embodiment of the invention;
Fig. 3 a is the schematic diagram of numbering with order information according to the character of the embodiment of the invention;
Fig. 3 b is the schematic diagram of numbering with coordinate information according to the character of the embodiment of the invention;
Fig. 4 is the structural representation according to the Security Login System of the embodiment of the invention; With
Fig. 5 is the structural representation according to the cloud server of the embodiment of the invention.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.
Below with reference to the safe login method of Fig. 1 description according to the embodiment of the invention, may further comprise the steps:
Step S110: cloud server receives the login authentication request that client sends.
Step S120: cloud server generates the checking character string and will verify that character string is sent to client according to the login authentication request, and wherein, the checking character string comprises a plurality of characters, and a plurality of character random alignment.
Further, request generates unique string to cloud server according to login authentication, and unique string is sent to client, and sets up the corresponding relation between unique string and the checking character string.
Step S130: client will verify that character string shows the user, and recording user is for the input message of checking character string.
Wherein, client will verify that character string shows the user, and recording user further comprises for the input message of verifying character string:
Step S131: client generates corresponding soft keyboard according to the order of character in checking character string and the checking character string, and the positional information of a plurality of characters in soft keyboard in the record checking character string.
Step S132: the client user is for the trigger action of soft keyboard, and with the positional information that triggers as input message.
Wherein, positional information comprises order information or the coordinate information of a plurality of characters in soft keyboard.
Step S140: client feeds back to cloud server with input message.
Wherein, client is sent to cloud server with user name, so that cloud server is verified client according to input message and user name.
In addition, client feeds back to cloud server with unique string.
Step S150: cloud server carries out login authentication according to input message to client.
Cloud server is verified further client according to input message and is comprised:
Step S151: cloud server obtains corresponding checking character string according to unique string.
Step S152: cloud server is concatenated into corresponding password expressly according to input message and corresponding checking character.
Step S153: cloud server expressly carries out login authentication to client according to username and password.
Wherein, client is portable terminal.
The below describes the complete skill implementation of this method, is understandable that, following implementation is not limited to this according to the embodiment of the invention only for illustrative purposes.
Step S210: before the user inputted user cipher, client sent the login authentication request to cloud server.When transmission can be chosen in the user send the login interface request opportunity, also can be after the user enters login interface, can also be when user's input focus enters the Password Input frame.
Step S220: cloud server receives the login authentication request, carries out following operation:
Step S221: cloud server generates a checking character string that is comprised of all effective code characters by random algorithm, the checking character string is out of order arrangement string, for example, all effective code characters are 0 to 9 these 10 when digital, 1369247805 and 2413956870 for wherein 2 effectively arrange string.
Step S222: generate a unique string by random algorithm.
Step S223: set up the corresponding relation between unique string and the checking character string, will deposit the cache module of cloud server in as the key-value pair of value take the checking character string take unique string as key, and unique string and checking character string are back to client.
Step S230: client is according to the order generating soft keyboard of character in checking character string and the checking character string.Soft keyboard is used for the input password, each character in the checking character string that client will receive is presented on each button of soft keyboard successively according to the button number order of soft keyboard, for example, the 1369247805th, the out of order arrangement string that receives, the self-defining soft keyboard of client is the matrix layout of 4 row * 3 row, and the soft keyboard that client shows to the user as shown in Figure 2.
Step S240: the user finishes Password Input by the different key of clicking on the password soft keyboard.Correspondingly, when the user clicks each button, corresponding positional information on the password soft keyboard that client records triggers, the numbering of positional information can be described in several ways, for example be described as order information, the for example subscript value of one dimension, the perhaps coordinate figure of button on soft keyboard, perhaps other describing modes.Be exemplified as example with the soft keyboard among Fig. 2, Fig. 3 a be the Position Number information of button with the exemplary plot of the subscript value of one dimension sign, Fig. 3 b is that the Position Number of button is with the exemplary plot of coordinate figure sign.For example, if user's password is 125125, a kind of expression way of the password number information of then describing with subscript value can be (0,4,9,0, a kind of expression way of the password number information of 4,9), describing with coordinate figure can be ((0,0) (1,1) (3,0) (0,0) (1,1) (3,0)).
Step S250: after the user clicks and submits logging request to, client is with the number information of user name, the corresponding key position of user cipher, and unique string that cloud server returns is sent to cloud server, wherein, with the positional information that triggers as input message.
Step S260: after cloud server receives logging request, carry out following operation:
Step S261: cloud server obtains corresponding checking character string according to unique string.
Step S262: cloud server is according to input message and generate the password plaintext that the user inputs.Wherein, the effect of checking character string in the generating cipher plaintext is equivalent to the dictionary that decryption is used, and input message comprises the password key number information.
Step S263: cloud server expressly judges whether to exist corresponding user account according to username and password.If there is no, then return error message to client; Otherwise cloud server allows the user account login, and generates corresponding login sessions information according to the relevant information of user account, and login sessions information is back to client.
Step S264: cloud server will be take unique string as key, the key-value pair deletion take the checking character string as value.
Step S270: client is finished the corresponding operating after the login after login sessions information, enters the user interface after the login.
In the method, the number information of each button of password soft keyboard itself is fixed, but in each process of user login, the code characters that is presented on each button is random.Therefore, in the different logging request, the same corresponding user cipher of button number information is basically different.Like this, even hacker's packet capturing has got access to the button number information in the request bag, also can't directly obtain user cipher.Only when being truncated to user's logging request bag, be truncated to the checking character that is sent to before this client by cloud server, and both have been mapped, just can crack user cipher.But this situation probability of happening is lower.
Improved fail safe when using the http agreement to send logging request according to the safe login method of the embodiment of the invention.And it is low that amount of calculation is compared the conventional cryptography algorithm, and power consumption is little.
Below with reference to the Security Login System 100 of Fig. 4 description according to the embodiment of the invention, comprise client 110 and cloud server 120.
Wherein, client is used for sending the login authentication request to cloud server, and receives the checking character string that cloud server sends, and will verify that character string shows the user, and recording user is for the input message of checking character string, and input message fed back to cloud server; Cloud server is used for generating the checking character string and will verifying that character string is sent to client according to the login authentication request, and wherein, the checking character string comprises a plurality of characters, and a plurality of character random alignment, and according to input message client is carried out login authentication.
In one embodiment of the invention, client generates corresponding soft keyboard according to the order of character in checking character string and the checking character string, and the positional information of a plurality of characters in soft keyboard in the record checking character string, and receive the user for the trigger action of soft keyboard, and with the positional information that triggers as input message.Client also is used for user name is sent to cloud server, so that cloud server is verified client according to input message and user name.Client also is used for unique string is fed back to cloud server.
Wherein, client is portable terminal.
Cloud server is used for also that request generates unique string according to login authentication, and unique string is sent to client, and sets up the corresponding relation between unique string and the checking character string.Cloud server obtains corresponding checking character string according to unique string, and concatenates into corresponding password expressly according to input message and corresponding checking character, and expressly client is carried out login authentication according to username and password.
Wherein, positional information comprises order information or the coordinate information of a plurality of characters in soft keyboard.
The below describes the complete skill implementation of native system, is understandable that, following implementation is not limited to this according to the embodiment of the invention only for illustrative purposes.
Step S310: before the user inputted user cipher, client sent the login authentication request to cloud server.When transmission can be chosen in the user send the login interface request opportunity, also can be after the user enters login interface, can also be when user's input focus enters the Password Input frame.
Step S320: cloud server receives the login authentication request.Cloud server generates a checking character string that is comprised of all effective code characters by random algorithm, the checking character string is out of order arrangement string, for example, all effective code characters are 0 to 9 these 10 when digital, 1369247805 and 2413956870 for wherein 2 effectively arrange string.Cloud server generates a unique string by random algorithm.Cloud server is set up the corresponding relation between unique string and the checking character string, will deposit the cache module of cloud server in as the key-value pair of value take the checking character string take unique string as key, and unique string and checking character string are back to client.
Step S330: client is according to the order generating soft keyboard of character in checking character string and the checking character string.Soft keyboard is used for the input password, each character in the checking character string that client will receive is presented on each button of soft keyboard successively according to the button number order of soft keyboard, for example, the 1369247805th, the out of order arrangement string that receives, the self-defining soft keyboard of client is the matrix layout of 4 row * 3 row, and the soft keyboard that client shows to the user as shown in Figure 2.
The user finishes Password Input by the different key of clicking on the password soft keyboard.Correspondingly, when the user clicks each button, corresponding positional information on the password soft keyboard that client records triggers, the numbering of positional information can be described in several ways, for example be described as order information, the for example subscript value of one dimension, the perhaps coordinate figure of button on soft keyboard, perhaps other describing modes.Be exemplified as example with the soft keyboard among Fig. 2, Fig. 3 a be the Position Number information of button with the exemplary plot of the subscript value of one dimension sign, Fig. 3 b is that the Position Number of button is with the exemplary plot of coordinate figure sign.For example, if user's password is 125125, a kind of expression way of the password number information of then describing with subscript value can be (0,4,9,0, a kind of expression way of the password number information of 4,9), describing with coordinate figure can be ((0,0) (1,1) (3,0) (0,0) (1,1) (3,0)).After the user clicked and submits logging request to, client was the number information of user name, the corresponding key position of user cipher, and unique string that cloud server returns is sent to cloud server, wherein, with the positional information that triggers as input message.
Step S340: after cloud server receives logging request, obtain corresponding checking character string according to unique string.Cloud server is according to input message and generate the password plaintext that the user inputs.Wherein, the effect of checking character string in the generating cipher plaintext is equivalent to the dictionary that decryption is used, and input message comprises the password key number information.Cloud server expressly judges whether to exist corresponding user account according to username and password.If there is no, then return error message to client; Otherwise cloud server allows the user account login, and generates corresponding login sessions information according to the relevant information of user account, and login sessions information is back to client.Cloud server will be take unique string as key, the key-value pair deletion take the checking character string as value.
Step S350: client is finished the corresponding operating after the login after login sessions information, enters the user interface after the login.
In native system, the number information of each button of password soft keyboard itself is fixed, but in each process of user login, the code characters that is presented on each button is random.Therefore, in the different logging request, the same corresponding user cipher of button number information is basically different.Like this, even hacker's packet capturing has got access to the button number information in the request bag, also can't directly obtain user cipher.Only when being truncated to user's logging request bag, be truncated to the checking character that is sent to before this client by cloud server, and both have been mapped, just can crack user cipher.But this situation probability of happening is lower.
Improved fail safe when using the http agreement to send logging request according to the Security Login System of the embodiment of the invention.And it is low that amount of calculation is compared the conventional cryptography algorithm, and power consumption is little.
Below with reference to the cloud server 200 of Fig. 5 description according to the embodiment of the invention, comprise login authentication request receiving module 210, checking character string administration module 220, input message receiver module 230 and login authentication module 240.
Login authentication request receiving module 210 is used for receiving the login authentication request that client sends; Checking character string administration module 220 is used for generating the checking character string and will verifying that character string is sent to client according to the login authentication request, wherein, the checking character string comprises a plurality of characters, and a plurality of character random alignment, so that client will verify that character string shows the user, and recording user is for the input message of checking character string; Input message receiver module 230 is used for receiving the input message that client sends; Login authentication module 240 is used for according to input message client being carried out login authentication.
In one embodiment of the invention, client generates corresponding soft keyboard according to the order of character in checking character string and the checking character string, and the positional information of a plurality of characters in soft keyboard in the record checking character string, and receive the user for the trigger action of soft keyboard, and with the positional information that triggers as input message.
In addition, login authentication module 230 receives the user name that client sends, and according to input message and user name client is verified.Login authentication request receiving module 210 receives unique string that client sends.
Request generates unique string according to login authentication for checking character string administration module 220, and unique string is sent to client, and sets up the corresponding relation between unique string and the checking character string.
The below describes the complete skill implementation of this cloud server, is understandable that, following implementation is not limited to this according to the embodiment of the invention only for illustrative purposes.
Before the user inputted user cipher, client sent the login authentication request to cloud server.
Login authentication request receiving module 210 receives the login authentication request.
Checking character string administration module 220 generates a checking character string that is comprised of all effective code characters by random algorithm, the checking character string is out of order arrangement string, for example, all effective code characters are 0 to 9 these 10 when digital, 1369247805 and 2413956870 for wherein 2 effectively arrange string.Checking character string administration module 220 generates a unique string by random algorithm.Checking character string administration module 220 is set up the corresponding relation between unique string and the checking character string, will deposit the cache module of cloud server in as the key-value pair of value take the checking character string take unique string as key, and unique string and checking character string are back to client.
Client is according to the order generating soft keyboard of character in checking character string and the checking character string.Soft keyboard is used for the input password, each character in the checking character string that client will receive is presented on each button of soft keyboard successively according to the button number order of soft keyboard, for example, the 1369247805th, the out of order arrangement string that receives, the self-defining soft keyboard of client is the matrix layout of 4 row * 3 row, and the soft keyboard that client shows to the user as shown in Figure 2.The user finishes Password Input by the different key of clicking on the password soft keyboard.Correspondingly, when the user clicks each button, corresponding positional information on the password soft keyboard that client records triggers, the numbering of positional information can be described in several ways, for example be described as order information, the for example subscript value of one dimension, the perhaps coordinate figure of button on soft keyboard, perhaps other describing modes.Be exemplified as example with the soft keyboard among Fig. 2, Fig. 3 a be the Position Number information of button with the exemplary plot of the subscript value of one dimension sign, Fig. 3 b is that the Position Number of button is with the exemplary plot of coordinate figure sign.For example, if user's password is 125125, a kind of expression way of the password number information of then describing with subscript value can be (0,4,9,0, a kind of expression way of the password number information of 4,9), describing with coordinate figure can be ((0,0) (1,1) (3,0) (0,0) (1,1) (3,0)).After the user clicked and submits logging request to, client was the number information of user name, the corresponding key position of user cipher, and unique string that cloud server returns is sent to cloud server, wherein, with the positional information that triggers as input message.
Input message receiver module 230 receives the input message that client sends, and login authentication request receiving module 210 receives unique string that client sends, and login authentication module 240 is obtained corresponding checking character string according to unique string.
Cloud server will be take unique string as key, the key-value pair deletion take the checking character string as value.
Client is finished the corresponding operating after the login after login sessions information, enter the user interface after the login.
In this cloud server, the number information of each button of password soft keyboard itself is fixed, but in each process of user login, the code characters that is presented on each button is random.Therefore, in the different logging request, the same corresponding user cipher of button number information is basically different.Like this, even hacker's packet capturing has got access to the button number information in the request bag, also can't directly obtain user cipher.Only when being truncated to user's logging request bag, be truncated to the checking character that is sent to before this client by cloud server, and both have been mapped, just can crack user cipher.But this situation probability of happening is lower.
Improved fail safe when using the http agreement to send logging request according to the cloud server of the embodiment of the invention.And it is low that amount of calculation is compared the conventional cryptography algorithm, and power consumption is little.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or the example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claims and be equal to and limit.
Claims (22)
1. a safe login method is characterized in that, may further comprise the steps:
Cloud server receives the login authentication request that client sends;
Described cloud server generates the checking character string and described checking character string is sent to described client according to described login authentication request, and wherein, described checking character string comprises a plurality of characters, and described a plurality of character random alignment;
Described client shows described user with described checking character string, and records described user for the input message of described checking character string;
Described client feeds back to described cloud server with described input message; And
Described cloud server carries out login authentication according to described input message to described client.
2. the method for claim 1 is characterized in that, described client shows described user with described checking character string, and records described user and further comprise for the input message of described checking character string:
Described client generates corresponding soft keyboard according to the order of character in described checking character string and the described checking character string, and records the positional information of a plurality of characters in described soft keyboard in the described checking character string;
The described user of described client is for the trigger action of described soft keyboard, and with the positional information that triggers as described input message.
3. method as claimed in claim 1 or 2 is characterized in that, also comprises:
Described client is sent to described cloud server with user name, so that described cloud server is verified described client according to described input message and user name.
4. method as claimed in claim 2 is characterized in that, described positional information comprises order information or the coordinate information of described a plurality of character in described soft keyboard.
5. such as claim 3 or 4 described methods, it is characterized in that, also comprise:
Described cloud server generates unique string according to described login authentication request, and described unique string is sent to described client, and sets up the corresponding relation between described unique string and the described checking character string.
6. method as claimed in claim 5 is characterized in that, also comprises:
Described client feeds back to described cloud server with described unique string.
7. method as claimed in claim 6 is characterized in that, described cloud server is verified further described client according to described input message and comprised:
Described cloud server obtains corresponding checking character string according to described unique string;
Described cloud server is concatenated into corresponding password expressly according to the checking character of described input message and described correspondence; And
Described cloud server expressly carries out login authentication to described client according to described user name and described password.
8. such as each described method of claim 1-7, it is characterized in that, described client is portable terminal.
9. a Security Login System is characterized in that, comprises client and cloud server, wherein,
Described client, be used for sending the login authentication request to described cloud server, and receive the checking character string that described cloud server sends, and described checking character string showed described user, and record described user for the input message of described checking character string, and described input message is fed back to described cloud server;
Described cloud server, be used for generating the checking character string and described checking character string being sent to described client according to described login authentication request, wherein, described checking character string comprises a plurality of characters, and described a plurality of character random alignment, and according to described input message described client is carried out login authentication.
10. Security Login System as claimed in claim 9, it is characterized in that, described client generates corresponding soft keyboard according to the order of character in described checking character string and the described checking character string, and record the positional information of a plurality of characters in described soft keyboard in the described checking character string, and receive described user for the trigger action of described soft keyboard, and with the positional information that triggers as described input message.
11. Security Login System as claimed in claim 9 is characterized in that, described client also is used for user name is sent to described cloud server, so that described cloud server is verified described client according to described input message and user name.
12. Security Login System as claimed in claim 10 is characterized in that, described positional information comprises order information or the coordinate information of described a plurality of character in described soft keyboard.
13. Security Login System as claimed in claim 11, it is characterized in that described cloud server also is used for generating unique string according to described login authentication request, and described unique string is sent to described client, and set up the corresponding relation between described unique string and the described checking character string.
14. Security Login System as claimed in claim 13 is characterized in that, described client also is used for described unique string is fed back to described cloud server.
15. Security Login System as claimed in claim 14, it is characterized in that, described cloud server obtains corresponding checking character string according to described unique string, and concatenate into corresponding password expressly according to the checking character of described input message and described correspondence, and expressly described client is carried out login authentication according to described user name and described password.
16. Security Login System as claimed in claim 9 is characterized in that, described client is portable terminal.
17. a cloud server is characterized in that, comprising:
Login authentication request receiving module is used for receiving the login authentication request that client sends;
Checking character string administration module, be used for generating the checking character string and described checking character string being sent to described client according to described login authentication request, wherein, described checking character string comprises a plurality of characters, and described a plurality of character random alignment, so that described client shows described user with described checking character string, and record described user for the input message of described checking character string;
The input message receiver module is used for receiving the described input message that described client sends; And
The login authentication module is used for according to described input message described client being carried out login authentication.
18. cloud server as claimed in claim 17, it is characterized in that, described client generates corresponding soft keyboard according to the order of character in described checking character string and the described checking character string, and record the positional information of a plurality of characters in described soft keyboard in the described checking character string, and receive described user for the trigger action of described soft keyboard, and with the positional information that triggers as described input message.
19. cloud server as claimed in claim 17 is characterized in that, described login authentication module receives the user name that described client sends, and according to described input message and user name described client is verified.
20. cloud server as claimed in claim 19, it is characterized in that, described checking character string administration module generates unique string according to described login authentication request, and described unique string is sent to described client, and sets up the corresponding relation between described unique string and the described checking character string.
21. cloud server as claimed in claim 20 is characterized in that, described login authentication request receiving module receives described unique string that described client sends.
22. cloud server as claimed in claim 21, it is characterized in that, described login authentication module is obtained corresponding checking character string according to described unique string, and concatenate into corresponding password expressly according to the checking character of described input message and described correspondence, and expressly described client is carried out login authentication according to described user name and described password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103031562A CN103327034A (en) | 2013-07-18 | 2013-07-18 | Safe login method, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103031562A CN103327034A (en) | 2013-07-18 | 2013-07-18 | Safe login method, system and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103327034A true CN103327034A (en) | 2013-09-25 |
Family
ID=49195564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103031562A Pending CN103327034A (en) | 2013-07-18 | 2013-07-18 | Safe login method, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103327034A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105719377A (en) * | 2016-01-25 | 2016-06-29 | 大连楼兰科技股份有限公司 | Remote authentication system and method based on random dictionaries and random encoding |
| CN106156662A (en) * | 2015-04-14 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Terminal safety protection method and device |
| CN106330448A (en) * | 2015-06-30 | 2017-01-11 | 华为软件技术有限公司 | User legality verification method and system, and devices |
| CN106789850A (en) * | 2015-11-24 | 2017-05-31 | ***通信集团公司 | Information processing method, the method for login service device, device, server and terminal |
| CN107395629A (en) * | 2017-08-23 | 2017-11-24 | 周口师范学院 | A kind of computer network security registration and verification method |
| CN107666470A (en) * | 2016-07-28 | 2018-02-06 | 腾讯科技(深圳)有限公司 | A kind of processing method and processing device of checking information |
| CN110247914A (en) * | 2019-06-19 | 2019-09-17 | 上海明我信息技术有限公司 | A kind of network cipher management method and device |
| CN112929350A (en) * | 2021-01-26 | 2021-06-08 | 维沃移动通信有限公司 | Information processing method, information processing device, electronic equipment and storage medium |
| CN113051595A (en) * | 2021-04-08 | 2021-06-29 | 武汉极意网络科技有限公司 | Encryption method of verification system |
| CN113179246A (en) * | 2021-03-19 | 2021-07-27 | 重庆扬成大数据科技有限公司 | Working method for carrying out government affair data fusion safety through four-in-one network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1825796A (en) * | 2006-03-29 | 2006-08-30 | 刘大扬 | Network encryption system based on picture keyboard and operating method thereof |
| CN101075873A (en) * | 2007-06-28 | 2007-11-21 | 腾讯科技(深圳)有限公司 | Method and system for inputting content |
| US20120144461A1 (en) * | 2010-12-07 | 2012-06-07 | Verizon Patent And Licensing Inc. | Mobile pin pad |
-
2013
- 2013-07-18 CN CN2013103031562A patent/CN103327034A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1825796A (en) * | 2006-03-29 | 2006-08-30 | 刘大扬 | Network encryption system based on picture keyboard and operating method thereof |
| CN101075873A (en) * | 2007-06-28 | 2007-11-21 | 腾讯科技(深圳)有限公司 | Method and system for inputting content |
| US20120144461A1 (en) * | 2010-12-07 | 2012-06-07 | Verizon Patent And Licensing Inc. | Mobile pin pad |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156662A (en) * | 2015-04-14 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Terminal safety protection method and device |
| CN106330448A (en) * | 2015-06-30 | 2017-01-11 | 华为软件技术有限公司 | User legality verification method and system, and devices |
| CN106330448B (en) * | 2015-06-30 | 2020-03-10 | 华为技术有限公司 | User validity verification method, device and system |
| CN106789850A (en) * | 2015-11-24 | 2017-05-31 | ***通信集团公司 | Information processing method, the method for login service device, device, server and terminal |
| CN105719377A (en) * | 2016-01-25 | 2016-06-29 | 大连楼兰科技股份有限公司 | Remote authentication system and method based on random dictionaries and random encoding |
| CN107666470B (en) * | 2016-07-28 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Verification information processing method and device |
| CN107666470A (en) * | 2016-07-28 | 2018-02-06 | 腾讯科技(深圳)有限公司 | A kind of processing method and processing device of checking information |
| CN107395629A (en) * | 2017-08-23 | 2017-11-24 | 周口师范学院 | A kind of computer network security registration and verification method |
| CN110247914A (en) * | 2019-06-19 | 2019-09-17 | 上海明我信息技术有限公司 | A kind of network cipher management method and device |
| CN112929350A (en) * | 2021-01-26 | 2021-06-08 | 维沃移动通信有限公司 | Information processing method, information processing device, electronic equipment and storage medium |
| CN113179246A (en) * | 2021-03-19 | 2021-07-27 | 重庆扬成大数据科技有限公司 | Working method for carrying out government affair data fusion safety through four-in-one network |
| CN113051595A (en) * | 2021-04-08 | 2021-06-29 | 武汉极意网络科技有限公司 | Encryption method of verification system |
| CN113051595B (en) * | 2021-04-08 | 2022-09-06 | 武汉极意网络科技有限公司 | Encryption method of verification system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103327034A (en) | Safe login method, system and device | |
| CN103428221B (en) | Safe login method, system and device to Mobile solution | |
| US9813400B2 (en) | Computer-implemented systems and methods of device based, internet-centric, authentication | |
| CN104219228B (en) | A kind of user's registration, user identification method and system | |
| CN109347835A (en) | Information transferring method, client, server and computer readable storage medium | |
| CN103391292A (en) | Mobile-application-oriented safe login method, system and device | |
| US20120254622A1 (en) | Secure Access to Electronic Devices | |
| CN107251035A (en) | Account recovers agreement | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN104660605A (en) | Multi-factor identity authentication method and system | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN111770088A (en) | Data authentication method, device, electronic equipment and computer readable storage medium | |
| CN109472130A (en) | Linux cipher management method, middle control machine, readable storage medium storing program for executing | |
| CN105099676A (en) | User login method, user terminal and server | |
| CN108111497A (en) | Video camera and server inter-authentication method and device | |
| CN105491073B (en) | Data downloading method, device and system | |
| CN102684877A (en) | Method and device for carrying out user information processing | |
| CN104394172A (en) | Single sign-on device and method | |
| CN107579903B (en) | Picture message secure transmission method and system based on mobile device | |
| CN101677269A (en) | Method and system for transmitting keys | |
| CN104283680A (en) | Data transmission method, client side, server and system | |
| CN104202163A (en) | Password system based on mobile terminal | |
| CN103701596A (en) | Document access method, system and equipment and document access request response method, system and equipment | |
| Rao et al. | Authentication using mobile phone as a security token | |
| CN113411187A (en) | Identity authentication method and system, storage medium and processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130925 |