CN107317791B - Login validation method, logging request method and Security Login System - Google Patents
Login validation method, logging request method and Security Login System Download PDFInfo
- Publication number
- CN107317791B CN107317791B CN201611176436.1A CN201611176436A CN107317791B CN 107317791 B CN107317791 B CN 107317791B CN 201611176436 A CN201611176436 A CN 201611176436A CN 107317791 B CN107317791 B CN 107317791B
- Authority
- CN
- China
- Prior art keywords
- client
- login
- logging request
- check code
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of login validation method, this method includes:If receiving the logging request of client transmission, the account name and combination pin of identity and the logging request carrying of the client are obtained;According to preset rule of combination, splits the combination pin and obtain login password and check code;It is recorded according to the identity of the client and preconfigured check code, verifies the check code;According to the account name and preconfigured login password database, the login password is verified;If the check code is by verification, and the login password then judges that the logging request by verification, allows the client to log in by verification.The invention also discloses a kind of logging request method, Security Login Systems.The present invention substantially increases the safety of login mode.
Description
Technical field
The present invention relates to a kind of field of information security technology more particularly to login validation method, logging request method and peaces
Full login system.
Background technology
Currently, more website and application software use the form of " account+password " to carry out login authentication, used when if logging in
The password of family input is identical as the preconfigured password of user, then allows user to log in.There is user due to that may be recorded in account
Personal information, even relate to the proprietary information of user, therefore, the safety of account information is always user's concern.
However, existing login mode only to login password carry out login authentication, can not effective guarantee account peace
Entirely.When user logs in WEB application or APP, account and corresponding login password are carried in the logging request that client is sent.
If attacker successfully intercepts the logging request of client transmission, Brute Force can be carried out, the login password of user is obtained,
To using obtained account information, steal the privacy information or fund of user.
Invention content
The main purpose of the present invention is to provide a kind of login validation method, logging request method and Security Login System,
Aim to solve the problem that the low technical problem of existing login mode safety.
To achieve the above object, the present invention provides a kind of login validation method, and the login validation method includes following step
Suddenly:
If receiving the logging request of client transmission, the identity of the client and the logging request are obtained
The account name and combination pin of carrying;
According to preset rule of combination, splits the combination pin and obtain login password and check code;
It is recorded according to the identity of the client and preconfigured check code, verifies the check code;
According to the account name and preconfigured login password database, the login password is verified;
If the check code is by verification, and the login password then judges the logging request by testing by verification
Card allows the client to log in;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password exists
Putting in order in combination pin;
Check code and putting in order for login password are sorted including front and back position, or will be after check code and login password fractionation
Obtained character or character combination reconfigures.
Preferably, the graphical verification code inputted based on identifying code picture, the login are also carried in the logging request
Verification method further includes:
It is recorded according to preconfigured graphical verification code, verifies the graphical verification code;
If the check code is by verification, and the login password then judges that the logging request is logical by verification
The step of crossing verification, the client is allowed to log in include:
If the check code by verification, and the login password by verification, and the graphical verification code by verification,
Then judge that the logging request by verification, allows the client to log in.
Preferably, if the logging request for receiving client transmission, obtains identity and the institute of the client
State logging request carrying account name and combination pin the step of include:
If receiving the logging request after the RSA public key encryptions of client transmission, stepped on using described in the decryption of preset private key
Record request obtains the account name and combination pin of identity and the logging request carrying of the client.
Preferably, if the logging request for receiving client transmission, obtains identity and the institute of the client
Before the step of stating the account name and combination pin of logging request carrying, further include:
When detecting that the client accesses login page, generates check code and return to the client, for the client
End configuration combination pin;
The identity of client described in corresponding record and the check code returned to the client, are saved in the verification
In code record.
Preferably, the check code is random number.
In addition, to achieve the above object, the present invention also provides a kind of logging request method, the logging request method includes
Following steps:
When accessing login page, the check code that server returns is received;
According to preset rule of combination, the login password of input is combined to obtain combination pin with the check code;
According to the account name of input and the combination pin, generation logging request is sent to the server and is verified;
Identity is sent to the server;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password exists
Putting in order in combination pin;
Check code and putting in order for login password are sorted including front and back position, or will be after check code and login password fractionation
Obtained character or character combination reconfigures.
Preferably, the login page includes identifying code picture, and the logging request method further includes:
Receive the graphical verification code inputted based on the identifying code picture;
The account name according to input and the combination pin, generation logging request are sent to the server and are tested
The step of card includes:
According to the account name of input, the combination pin and the graphical verification code, generation logging request is sent to described
Server.
Preferably, the logging request method further includes:
Using logging request described in preset RSA public key encryptions, encrypted logging request is sent to the server.
In addition, to achieve the above object, the present invention also provides a kind of Security Login System, the Security Login System includes
Server and client side, wherein:
The client, the check code returned for when accessing login page, receiving the server;According to preset
The login password of input is combined to obtain combination pin by rule of combination with the check code;According to the account name of input and described
Combination pin, generation logging request are sent to the server and are verified;
The server, if the logging request sent for receiving the client, obtains the identity of the client
The account name and combination pin that mark and the logging request carry;According to preset rule of combination, the combination pin is split
Obtain login password and check code;It is recorded according to the identity of the client and preconfigured check code, described in verification
Check code;According to the account name and preconfigured login password database, the login password is verified;If the check code
By verification, and the login password then judges that the logging request by verification, allows the client to step on by verification
Record;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password exists
Putting in order in combination pin;
Check code and putting in order for login password are sorted including front and back position, or will be after check code and login password fractionation
Obtained character or character combination reconfigures.
Preferably, the server is additionally operable to,
When detecting that the client accesses login page, identifying code picture is returned to the client;
The client is additionally operable to receive the graphical verification code inputted based on the identifying code picture;According to the account of input
Name in an account book, the combination pin and the graphical verification code generate logging request and are sent to the server;
The server is additionally operable to be recorded according to preconfigured graphical verification code, verifies the graphical verification code;If institute
State check code by verification, and the login password by verification, and the graphical verification code by verification, then judgement described in step on
Record request allows the client to log in by verification.
A kind of login validation method, logging request method and the Security Login System that the embodiment of the present invention proposes, are carrying out
When login authentication, if receiving the logging request of client transmission, the identity and logging request that obtain this client carry
Account name and combination pin, to be verified to current logging request;Then, according to preset rule of combination, fractionation group
Close password and obtain login password and check code, due in combination pin login password and check code there are many combination, and
Preset rule of combination is that attacker is difficult to obtain, even if therefore attacker can not crack combination if intercepted logging request
Password, also you can't get correct login passwords;Then, remembered according to the identity of client and preconfigured check code
Check code is verified in record;According to account name and preconfigured login password database, login password is verified;If check code passes through
Verification, and login password then judges that current logging request by verification, allows the login of client by verification.The present invention's
It is not direct carrying login password in login mode, in the logging request that client is sent, but carries be difficult to crack, packet
Combination pin containing check code and login password, check code and login password use and are difficult to guess that the combination of solution combines to obtain
Combination pin greatly strengthens the explosion difficulty of login password, can effectively prevent the Brute Force of attacker.Also, this
Invention further enhances the safety of single password by the twin check to check code and login password.It is of the invention as a result,
It solves the low technical problem of existing login mode safety, substantially increases the safety of login mode.
Description of the drawings
Fig. 1 is the flow diagram of login validation method first embodiment of the present invention;
Fig. 2 is the flow diagram of login validation method second embodiment of the present invention;
Fig. 3 is the flow diagram of login validation method 3rd embodiment of the present invention;
Fig. 4 is the flow diagram of login validation method fourth embodiment of the present invention;
Fig. 5 is the flow diagram of logging request method first embodiment of the present invention;
Fig. 6 is the flow diagram of logging request method second embodiment of the present invention;
Fig. 7 is the flow diagram of logging request method 3rd embodiment of the present invention;
Fig. 8 is the module diagram of Security Login System first embodiment of the present invention, second embodiment.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, login validation method first embodiment of the present invention provides a kind of login validation method, the login authentication
Method includes:
If step S110, receiving the logging request of client transmission, the identity of the client and described is obtained
The account name and combination pin that logging request carries.
The present invention proposes a kind of new login mode, during carrying out login authentication, using comprising check code and very
The combination pin of real login password, even if logging request can not be according to the password cracking in logging request if interception by attacker
Obtain correct login password;And server can correctly parse the combination pin in logging request and obtain check code and true
Login password carries out double verification to login password and check code, has ensured safety when Account Logon.
Specifically, as an implementation, when client is when receiving the logging request of client transmission, acquisition is objective
The identity at family end, parsing logging request obtain the account name and combination pin of logging request carrying.
Wherein, the identity of client can uniquely characterize client identity, such as the ID of client, or visitor
The Subscriber Identity Module number at family end, client device number etc..The identity of client can be carried in logging request,
Can be that server is individually obtained to client request, it can flexible configuration according to actual needs.
The account name that the account name namely current request carried in logging request logs in;The combination carried in logging request is close
Code is the current password verified.
Step S120, it according to preset rule of combination, splits the combination pin and obtains login password and check code.
After the combination pin carried in obtaining logging request, server splits this combination according to preset rule of combination
Password obtains the check code carried in combination pin and true login password.
Preset combination be made an appointment by server and client side, be check code and login password combine it is close
Putting in order in code.It should be noted that check code and login password putting in order in combination pin can be simple
Front and back position sequence, can also be the character or character that will be obtained after fractionation after respectively splitting check code and login password
Group reconfigures to obtain combination pin, can flexible configuration according to actual needs it is of course also possible to be other permutation and combination methods.
For example, the combination pin carried in current logging request is 123456ABCDEF.
If preset combination is:Check code is 6, and login password is 6, and the sequence of check code is close positioned at logging in
Before code, then it is 123456 to split the check code that combination pin obtains, login password ABCDEF.
If preset combination is:Check code be 6, login password be 6, and check code and login password by by
It splits to obtain character group according to original sequence trisection, arrangement is interted respectively according to check code successively in the posterior mode of preceding, login password
Character group obtains combination pin, then according to preset combination, the check code that reverse fractionation combination pin obtains is server
1256CD, login password 34ABEF.
It can be seen that the arrangement mode of check code and login password is many in combination pin so that combination pin
Difficulty is cracked to greatly increase.
Step S130, it is recorded according to the identity of the client and preconfigured check code, verifies the verification
Code.
After splitting combination pin and obtaining check code and login password, check code and login password are separately verified.
Specifically, as an implementation, server inquires preconfigured verification according to the identity of client
Code record obtains this client identity in check code record and identifies corresponding check code.
Then, judge to split the obtained check code of combination pin with inquire check code that check code records whether phase
Together.
If it is identical as the check code that inquiry check code records to split the check code that combination pin obtains, judge to split
The check code that combination pin obtains passes through verification.
If splitting the check code that the check code that combination pin obtains is recorded with inquiry check code to differ, judgement is torn open
The check code that subassembly password obtains is not verified.
Step S140, according to the account name and preconfigured login password database, the login password is verified.
When carrying out the verification of login password, it can inquire preconfigured login password database according to account name, obtain
Preconfigured, the correct login password to the corresponding login password of this account name in login password database namely user.
Then, judge to split the login password that the login password that combination pin obtains is obtained with inquiry login password database
It is whether identical.
If it is identical as the login password that inquiry login password database obtains to split the login password that combination pin obtains,
Judgement splits the login password that combination pin obtains and passes through verification.
If splitting the login password that the login password that combination pin obtains is obtained with inquiry login password database to differ,
Then judge that the login password that fractionation combination pin obtains is not verified.
If step S150, the described check code is by verification, and the login password then judges that the login is asked by verification
It asks through verification, the client is allowed to log in.
To splitting the obtained check code of combination pin and after login password verifies, if check code by verification, and
Login password then can be determined that current logging request by verification, allows active client with current account at this time by verification
Family logs in.
It should be noted that the password that the login password in the present embodiment uses when can be logon account, can also be
The instruction password in the plurality of application scenes such as mobile payment is carried out, can be flexibly applied to need to carry out password according to actual needs
The application scenarios of verification.
In the present embodiment, if receiving the logging request of client transmission, the identity of this client is obtained, and step on
The account name and combination pin that record request carries, to be verified to current logging request;Then, it is advised according to preset combination
Then, split combination pin and obtain login password and check code, due in combination pin login password and check code there are many group
Conjunction mode, and preset rule of combination is attacker is difficult to obtain, even if therefore attacker can not intercepted logging request yet
Combination pin is cracked, also you can't get correct login passwords;Then, according to the identity of client and preconfigured
Check code records, and verifies check code;According to account name and preconfigured login password database, login password is verified;If school
Code is tested by verification, and login password then judges that current logging request by verification, allows the login of client by verification.
It not is that direct carry is stepped on when carrying out login authentication, in the logging request that client is sent in the login mode of the present embodiment
Record password, but carry be difficult to it is cracking, include check code and the combination pin of login password, check code and login password make
With being difficult to guess that the combination of solution combines to obtain combination pin, the explosion difficulty of login password is greatly strengthened, it can be effective
Prevent the Brute Force of attacker.Also, the present embodiment is further enhanced by the twin check to check code and login password
The safety of single password.The present embodiment solves the low technical problem of existing login mode safety as a result, carries significantly
The high safety of login mode.
Further, with reference to Fig. 2, login validation method second embodiment of the present invention provides a kind of login validation method, base
The graphical verification code inputted based on identifying code picture, institute are also carried in above-mentioned embodiment shown in FIG. 1, the logging request
Stating login validation method further includes:
Step S160, it is recorded according to preconfigured graphical verification code, verifies the graphical verification code.
Server returns to identifying code picture when detecting that client accesses login page, to client, carries out identifying code
The verification of picture.Meanwhile this identifying code picture is added in graphical verification code record by server, for subsequently being carried to client
The verification of the graphical verification code of friendship.
Client is shown in after receiving image authentication code on login page, so that user identifies identifying code picture, input
Corresponding graphical verification code.
After obtaining graphical verification code input by user, the group of account name, configuration that client is logged according to current request
It closes password and graphical verification code input by user generates logging request, be sent to server.
Server after receiving the logging request of client, in combination pin login password and check code test
Card, is carried out at the same time the verification of graphical verification code.
When carrying out the verification of graphical verification code, server inquires graphical verification code record, the figure that verification client is submitted
Whether shape identifying code is correct, obtains check results.
Corresponding, the step S150 includes:
If step S151, the described check code is by verification, and the login password passes through verification, and the graphical verification code
By verification, then judge that the logging request by verification, allows the client to log in.
When splitting the obtained check code of combination pin and login password all by verification, and the figure carried in logging request
When shape identifying code is also by verification, server judges that current logging request by verification, allows active client with current account
It logs in.
In the present embodiment, the graphical verification code inputted based on identifying code picture is also carried in logging request, then is being received
To client send logging request when, according to preconfigured graphical verification code record, verify graphical verification code;If check code
By verification, and login password by verification, and graphical verification code by verification, then judge logging request pass through verification, allow
Client logs in.The present embodiment is added to graphical verification code on the basis of combination pin, further enhances to malicious attack
Resistance, improve client login safety.
Further, with reference to Fig. 3, login validation method 3rd embodiment of the present invention provides a kind of login validation method, base
In above-mentioned embodiment (the present embodiment is by taking Fig. 1 as an example) shown in fig. 1 or fig. 2, the step S110 includes:
If step S111, receiving the logging request after the RSA public key encryptions of client transmission, preset private key solution is used
The close logging request obtains the account name and combination pin of identity and the logging request carrying of the client.
Client is encrypted logging request using RSA public keys before sending logging request, and encrypted login is asked
It asks and is sent to server.
Wherein, RSA cryptographic algorithms are asymmetric arithmetic, and public key used in client encryption is disclosed, and server
It is that secrecy is underground to decrypt the private key used, and encrypted information, which is only capable of the private key possessed by server, to decrypt.
Then server is after the encrypted logging request for receiving client transmission, using the private key of secrecy to logging request
It is decrypted, obtains the account name and combination pin of logging request carrying.
If carrying graphical verification code in logging request, server obtains figure and tests after decrypting logging request
Demonstrate,prove code, account name and combination pin.
If carrying the identity of client in logging request, server is also obtained after decrypting logging request
The identity of client;If not carrying the identity of client in logging request, server is to its body of client request
Part mark.
Further, as another embodiment, client only can add combination pin using RSA public keys
It is close.
Then server obtains the identity of client, and parse login when receiving the logging request of client transmission
Request obtains account name and encrypted combination pin.
Then, encrypted combination pin is decrypted using private key, obtains combination pin.
In the present embodiment, if receiving the logging request after the RSA public key encryptions that client is sent, preset private is used
Key decrypts the logging request, obtains the account name and combination pin of identity and the logging request carrying of client.This reality
Example is applied by the way that logging request is encrypted, further improves the safety of client login so that close in logging request
Code is more difficult to be improved the safety of login mode by Brute Force.
Further, with reference to Fig. 4, login validation method fourth embodiment of the present invention provides a kind of login validation method, base
Before above-mentioned Fig. 1, Fig. 2 or shown in Fig. 3 embodiment (the present embodiment is by taking Fig. 1 as an example), the step S110, further include:
When step S170, detecting that the client accesses login page, generates check code and return to the client, for
The client configures combination pin.
When detecting that client accesses login page, server generates check code and the check code of generation is returned to client
End.
Client is after the check code for receiving server transmission, according to the combination made an appointment with server, combination
Check code and login password input by user, realize combination the configuration of password.
It should be noted that it includes that client opens login page, and refreshes log in page that client, which accesses login page,
Face.When client accesses login page, server all regenerates check code and returns to client.Therefore, client is each
When refreshing login page, server also can all regenerate check code and return to client.
Further, as an implementation, the check code is random number.
That is, server is handed down to client using the random number generated at random as check code every time, client makes
Combination pin is configured with the random number that server issues.The random number that server generates can be preset length.
When using random number as check code, in conjunction with the multiple combinations mode of check code and login password so that obtain
Combination pin is more difficult to be cracked, and further improves the safety of client login.
Step S180, the identity of client described in corresponding record and the check code returned to the client, preserve
In being recorded to the check code.
Server is after generating check code, or after check code is handed down to client, the identity of this client of corresponding record
The check code of this client is identified and be handed down to, and by this record storage to check code record, is used for subsequently to check code
Verification.
In the present embodiment, it when detecting that client accesses login page, generates check code and returns to client, for client
End configuration combination pin;Also, the identity of corresponding record client and the check code returned to client, are saved in verification
In code record.The present embodiment can all regenerate check code and be handed down to client whenever detecting that client accesses login page
End, ensure that timely updating for check code, improves the safety of login.If using random number as check code so that combination is close
Code is more difficult to be further improved the safe coefficient of client login by Brute Force.
With reference to Fig. 5, logging request method first embodiment of the present invention provides a kind of logging request method, the logging request
Method includes:
Step S210, when accessing login page, the check code that server returns is received.
The present invention proposes a kind of new login mode, and client is close using comprising check code and really logging in when logging in
The combination pin of code, even if logging request can not obtain correctly if interception by attacker according to the password cracking in logging request
Login password;And server can correctly parse the combination pin in logging request and obtain check code and really log in close
Code carries out double verification to login password and check code, has ensured safety when Account Logon.
Specifically, as an implementation, when accessing login page, server generates check code and will give birth to client
At check code return client.
Client receives the check code that server is sent.
It should be noted that it includes that client opens login page, and refreshes log in page that client, which accesses login page,
Face.When client accesses login page, server all regenerates check code and returns to client.Therefore, client is each
When refreshing login page, server also can all regenerate check code and return to client.
Step S220, according to preset rule of combination, the login password of input is combined with the check code
Password.
After obtaining the check code that server issues, client is according to check code and login password configuration group input by user
Close password
Specifically, as an implementation, preset combination is made an appointment by server and client side, is
Check code and login password putting in order in combination pin.It should be noted that check code and login password are close in combination
Putting in order in code can be the sequence of simple front and back position, can also be after respectively splitting check code and login password,
It reconfigures the character obtained after fractionation or character group to obtain combination pin, it is of course also possible to be other permutation and combination methods,
It can flexible configuration according to actual needs.
For example, the check code that server issues is 123456, password input by user is ABCDEF.
If preset combination is:The sequence of check code is located at before login password, then client combines check code
The combination pin obtained with login password is 123456ABCDEF.
If preset combination is:Check code and login password are split to obtain character according to original sequence trisection
Group interts each character group of arrangement in the posterior mode of preceding, login password according to check code and obtains combination pin, then client successively
The combination pin that combination verification code and login password obtain is 12AB34CD56EF.
It can be seen that the arrangement mode of check code and login password is many in combination pin so that combination pin
Difficulty is cracked to greatly increase.
It should be noted that login password input by user can also be stepping on of being preserved in client-cache in the present embodiment
Record password.
Step S230, it according to the account name of input and the combination pin, generates logging request and is sent to the server
It is verified.
After configuration obtains combination pin, client is generated according to account name input by user and the combination pin of configuration
Logging request is sent to server and is verified.
Further, its identity can also be configured in log on request by client, with account name, combination pin one
It rises and is sent to server.
Certainly, client can also send its identity when server asks its identity, then to server.
Wherein, the identity of client can uniquely characterize client identity, such as the ID of client, or visitor
The Subscriber Identity Module number at family end, client device number etc..
Server after the logging request for receiving client transmission, take by the identity and logging request that obtain client
The account name and combination pin of band;Then, it according to preset rule of combination, splits combination pin and obtains login password and verification
Code;Then, it is recorded according to the identity of client and preconfigured check code, verifies check code;According to account name and in advance
The login password database first configured verifies login password;If check code is by verification, and login password is then sentenced by verification
Settled preceding logging request allows the login of client by verification.
Certainly, server can not also verify check code, only after splitting combination pin and obtaining check code and login password
Only verify login password.
Further, as an implementation, the check code is random number.
That is, server is handed down to client using the random number generated at random as check code every time, client makes
Combination pin is configured with the random number that server issues.The random number that server generates can be preset length.
When using random number as check code, in conjunction with the multiple combinations mode of check code and login password so that obtain
Combination pin is more difficult to be cracked, and further improves the safety of client login.
In the present embodiment, when accessing login page, the check code that server returns is received, it is close to configure combination
Code;Then, according to preset rule of combination, login password input by user is combined with check code to obtain combination pin, due to
Login password and check code in combination pin are there are many combination, and to be attacker be difficult to obtain preset rule of combination
, even if therefore attacker it is close you can't get correctly logging in if can not crack combination pin if intercepted logging request
Code;Then, according to the account name of input and combination pin, generation logging request is sent to server and is verified.The present embodiment
Login mode in, when asking to log in, in the logging request that client is sent be not it is direct carry login password, but take
Band be difficult to it is cracking, include check code and the combination pin of login password, check code and login password are using being difficult to guess solution
Combination combines to obtain combination pin, greatly strengthens the explosion difficulty of login password, can effectively prevent attacker's
Brute Force.The present embodiment solves the low technical problem of existing login mode safety as a result, substantially increases login side
The safety of formula.
Further, with reference to Fig. 6, logging request method second embodiment of the present invention provides a kind of logging request method, base
In above-mentioned embodiment shown in fig. 5, the login page includes identifying code picture, and the logging request method further includes:
Step S240, the graphical verification code inputted based on the identifying code picture is received.
The step S230 includes:
Step S231, according to the account name of input, the combination pin and the graphical verification code, logging request hair is generated
Give the server.
In order to further increase the safety of login, server is when detecting that client accesses login page, to client
End returns to identifying code picture, carries out the verification of identifying code picture.Meanwhile this identifying code picture is added to graphic verification by server
In code record, the verification of the graphical verification code for subsequently being submitted to client.
Client is shown in after receiving image authentication code in login page, so that user identifies identifying code picture, input
Corresponding graphical verification code.
After obtaining graphical verification code input by user, the group of account name, configuration that client is logged according to current request
It closes password and graphical verification code input by user generates logging request, be sent to server.
Server after receiving the logging request of client, in combination pin login password and check code test
Card, is carried out at the same time the verification of graphical verification code.
When carrying out the verification of graphical verification code, server inquires graphical verification code record, the figure that verification client is submitted
Whether shape identifying code is correct, obtains check results.
When splitting the obtained check code of combination pin and login password all by verification, and the figure carried in logging request
When shape identifying code is also by verification, server judges that current logging request by verification, allows active client with current account
It logs in.
In the present embodiment, login page includes identifying code picture, and client, which receives, is based on server authentication code picture
The graphical verification code of input;Then, according to account name input by user, the obtained combination pin of configuration and figure input by user
Identifying code generates logging request and is sent to server.The present embodiment is added to graphical verification code on the basis of combination pin,
The resistance to malicious attack is further enhanced, the safety of client login is improved.
Further, with reference to Fig. 7, logging request method 3rd embodiment of the present invention provides a kind of logging request method, base
In above-mentioned Fig. 6 or shown in Fig. 7 embodiments (the present embodiment is by taking Fig. 6 as an example), the logging request method further includes:
Step S250, using logging request described in preset RSA public key encryptions, encrypted logging request is sent to institute
State server.
In order to further enhance the safety of log-on message, client is before sending logging request, using RSA public keys to stepping on
Record request is encrypted, and encrypted logging request is sent to server.
Wherein, RSA cryptographic algorithms are asymmetric arithmetic, and public key used in client encryption is disclosed, and server
It is that secrecy is underground to decrypt the private key used, and encrypted information, which is only capable of the private key possessed by server, to decrypt.
Then server is after the encrypted logging request for receiving client transmission, using the private key of secrecy to logging request
It is decrypted, obtains the information of logging request carrying, include the identity mark of account name, combination pin, graphical verification code, client
Know etc..
Further, as another embodiment, client only can add combination pin using RSA public keys
It is close.
Then server obtains the identity of client, and parse login when receiving the logging request of client transmission
Request obtains account name and encrypted combination pin.
Then, encrypted combination pin is decrypted using private key, obtains combination pin.
In the present embodiment, using preset RSA public key encryptions logging request, encrypted logging request is sent to clothes
Business device, carries out the verification of logging request.The present embodiment further improves client login by the way that logging request is encrypted
Safety so that the password in logging request is more difficult to be improved the safety of login mode by Brute Force.
With reference to Fig. 8, Security Login System first embodiment of the present invention provides a kind of Security Login System, the secure log
System includes server 10 and client 20, wherein:
The client 20, the check code for when accessing login page, receiving the return of the server 10;According to pre-
If rule of combination, the login password of input is combined to obtain combination pin with the check code;According to the account name of input and
The combination pin, generation logging request are sent to the server 10 and are verified;
The server 10, if the logging request for receiving the transmission of the client 20, obtains the client 20
Identity and the logging request carry account name and combination pin;According to preset rule of combination, described group is split
It closes password and obtains login password and check code;It is recorded according to the identity of the client 200 and preconfigured check code,
Verify the check code;According to the account name and preconfigured login password database, the login password is verified;If institute
Check code is stated by verification, and the login password then judges that the logging request by verification, allows the visitor by verification
Family end 20 logs in.
The present invention proposes a kind of new login system, and client 20 is when logging in, using including check code and true log in
The combination pin of password, even if logging request can not obtain just if interception by attacker according to the password cracking in logging request
True login password;And server 10 can correctly parse the combination pin in logging request and obtain check code and true login
Password carries out double verification to login password and check code, has ensured safety when Account Logon.
Specifically, as an implementation, for client 20 when accessing login page, server 10 generates check code simultaneously
The check code of generation is returned into client 20.It should be noted that it includes that client 20 is opened that client 20, which accesses login page,
Login page, and refresh login page.When client 20 accesses login page, server 10 all regenerates check code
Return to client 20.Therefore, when client 20 refreshes login page every time, server 10 also can all regenerate check code return
Client 20.
Client 20 receives the check code that server 10 is sent, according to check code and login password configuration group input by user
Close password
Specifically, preset combination is made an appointment by server 10 and client 20, is check code and login
Password putting in order in combination pin.It should be noted that the arrangement of check code and login password in combination pin is suitable
Sequence can be simple front and back position sequence, can also be that after respectively splitting check code and login password, will be obtained after fractionation
Character or character group reconfigure to obtain combination pin, can be according to practical need it is of course also possible to be other permutation and combination methods
Want flexible configuration.
Since the arrangement mode of check code and login password is many in combination pin so that combination pin cracks difficulty
Degree greatly increases.
It should be noted that login password input by user can also be to be preserved during client 20 caches in the present embodiment
Login password.
After configuration obtains combination pin, client 20 is raw according to account name input by user and the combination pin of configuration
At logging request, it is sent to server 10 and is verified.
Further, its identity can also be configured in log on request by client 20, with account name, combination pin
Send jointly to server 10.Certainly, client 20 can also be when server 10 asks its identity, then to server 10
Send its identity.
Wherein, the identity of client 20 can uniquely characterize 20 identity of client, such as the ID of client 20, or
Person is the Subscriber Identity Module number of client 20, client device number etc..
Server 10 obtains the identity of client 20, and log in after the logging request for receiving the transmission of client 20
Ask the account name and combination pin that carry.
Then, it according to preset rule of combination, splits combination pin and obtains login password and check code;Then, it tests respectively
Demonstrate,prove check code and login password.
Specifically, being recorded according to the identity of client 20 and preconfigured check code, check code is verified;According to account
Name in an account book and preconfigured login password database verify login password.
If check code is by verification, and login password then judges that current logging request by verification, allows visitor by verification
The login at family end 20.
Certainly, server 10 can not also verify check code after splitting combination pin and obtaining check code and login password,
Only verify login password.
Further, as an implementation, the check code is random number.
That is, server 10 is handed down to client 20, client using the random number generated at random as check code every time
End 20 configures combination pin using the random number that server 10 issues.The random number that server 10 generates can be preset length
Degree.
When using random number as check code, in conjunction with the multiple combinations mode of check code and login password so that obtain
Combination pin is more difficult to be cracked, and further improves the safety of the login of client 20.
In the present embodiment, Security Login System includes client 20 and server 10, and client 20 is accessing log in page
When face, the check code that server 10 returns is received, to configure combination pin;Then, according to preset rule of combination, by user
The login password of input combines to obtain combination pin with check code, due to there are many login passwords and check code in combination pin
Combination, and preset rule of combination is attacker is difficult to obtain, even if therefore attacker's nothing if intercepted logging request
Method cracks combination pin, and also you can't get correct login passwords;Then, account name and combination of the client 20 according to input
Password, generation logging request are sent to server 10 and are verified.If receiving the logging request of the transmission of client 20, server
10 obtain the account name and combination pin of the identity of this client 20 and logging request carrying, to be asked to currently logging in
It asks and is verified;Then, it according to preset rule of combination, splits combination pin and obtains login password and check code;Then, it services
Device 10 is recorded according to the identity of client 20 and preconfigured check code, verifies check code;According to account name and in advance
The login password database of configuration verifies login password;If check code is by verification, and login password is then serviced by verification
Device 10 judges that current logging request by verification, allows the login of client 20.In the login system of the present embodiment, stepped on
When record verification, server 10 detects sends check code when client 20 accesses login page to client 20, for client
20 configure combination pin according to check code.It is not direct carrying login password in the logging request that client 20 is sent as a result,
But carry be difficult to it is cracking, include check code and the combination pin of login password, check code and login password use are difficult to
Guess that the combination of solution combines to obtain combination pin, greatly strengthen the explosion difficulty of login password, can effectively prevent from attacking
The Brute Force for the person of hitting.Also, server 10 is further enhanced single by the twin check to check code and login password
The safety of password.The present embodiment solves the low technical problem of existing login mode safety as a result, substantially increases and steps on
The safety of record mode.
Further, with reference to Fig. 8, Security Login System second embodiment of the present invention provides a kind of Security Login System, base
In aforementioned present invention Security Login System first embodiment, the server 10 is additionally operable to,
When detecting that the client 20 accesses login page, identifying code picture is returned to the client 20;
The client 20 is additionally operable to receive the graphical verification code inputted based on the identifying code picture;According to input
Account name, the combination pin and the graphical verification code generate logging request and are sent to the server 10;
The server 10 is additionally operable to be recorded according to preconfigured graphical verification code, verifies the graphical verification code;If
The check code by verification, and the login password by verification, and the graphical verification code by verification, then judgement described in
Logging request allows the client 20 to log in by verification.
In order to further enhance the safety of login system, server 10 is detecting the access login page of client 20
When, identifying code picture is returned to client 20, carries out the verification of identifying code picture.Meanwhile server 10 is by this identifying code picture
It is added in graphical verification code record, the verification of the graphical verification code for subsequently being submitted to client 20.
Client 20 is shown in after receiving image authentication code on login page, so that user identifies identifying code picture, defeated
Enter corresponding graphical verification code.
After obtaining graphical verification code input by user, account name that client 20 is logged according to current request, configuration
Combination pin and graphical verification code input by user generate logging request, are sent to server 10.
Server 10 after the logging request for receiving client 20, in combination pin login password and check code carry out
Verification, is carried out at the same time the verification of graphical verification code.
When carrying out the verification of graphical verification code, server 10 inquires graphical verification code record, and verification client 20 is submitted
Graphical verification code it is whether correct, obtain check results.
When splitting the obtained check code of combination pin and login password all by verification, and the figure carried in logging request
When shape identifying code is also by verification, server 10 judges that current logging request by verification, allows active client 20 with current
Account Logon.
In the present embodiment, increase graphical verification code, server 10 when detecting that client 20 accesses login page,
Identifying code picture is returned to client 20, then also carries in the logging request that client 20 configures and is inputted based on identifying code picture
Graphical verification code.Server 10 is when receiving the logging request of the transmission of client 20, according to preconfigured graphical verification code
Record verifies graphical verification code;If check code by verification, and login password by verification, and graphical verification code by verification,
Then judge that the logging request of active client 20 by verification, allows client 20 to log in.Base of the present embodiment in combination pin
On plinth, it is added to graphical verification code, further enhances the resistance to malicious attack, improves the safety of client login
Property.
The alternative embodiment that these are only the present invention, is not intended to limit the scope of the invention, every to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of login validation method, which is characterized in that the login validation method includes the following steps:
If receiving the logging request of client transmission, the identity and the logging request that obtain the client carry
Account name and combination pin;
According to preset rule of combination, splits the combination pin and obtain login password and check code;
It is recorded according to the identity of the client and preconfigured check code, verifies the check code;
According to the account name and preconfigured login password database, the login password is verified;
If the check code is by verification, and the login password then judges that the logging request by verification, permits by verification
Perhaps the described client logs in;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password is combining
Putting in order in password;
Check code and putting in order for login password are sorted including front and back position, or are obtained after check code and login password are split
Character or character combination reconfigure.
2. login validation method as described in claim 1, which is characterized in that also carried based on verification in the logging request
The graphical verification code of code picture input, the login validation method further include:
It is recorded according to preconfigured graphical verification code, verifies the graphical verification code;
If the check code is by verification, and the login password then judges the logging request by testing by verification
Card, the step of allowing the client to log in include:
If the check code by verification, and the login password by verification, and the graphical verification code by verification, then sentence
The fixed logging request allows the client to log in by verification.
3. login validation method as described in claim 1, which is characterized in that if the login for receiving client transmission is asked
Ask, then obtain the client identity and the logging request carry account name and combination pin the step of include:
If receiving the logging request after the RSA public key encryptions of client transmission, decrypts the login using preset private key and ask
It asks, obtains the account name and combination pin of identity and the logging request carrying of the client.
4. login validation method as claimed in claim 1,2 or 3, which is characterized in that if described receive stepping on for client transmission
The step of recording request, then obtaining the account name and combination pin of identity and logging request carrying of the client
Before, further include:
When detecting that the client accesses login page, generates check code and return to the client, so that the client is matched
Set combination pin;
The identity of client described in corresponding record and the check code returned to the client are saved in the check code note
In record.
5. login validation method as claimed in claim 4, which is characterized in that the check code is random number.
6. a kind of logging request method, which is characterized in that the logging request method includes the following steps:
When accessing login page, the check code that server returns is received;
According to preset rule of combination, the login password of input is combined to obtain combination pin with the check code;
According to the account name of input and the combination pin, generation logging request is sent to the server and is verified;
Identity is sent to the server;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password is combining
Putting in order in password;
Check code and putting in order for login password are sorted including front and back position, or are obtained after check code and login password are split
Character or character combination reconfigure.
7. logging request method as claimed in claim 6, which is characterized in that the login page includes identifying code picture,
The logging request method further includes:
Receive the graphical verification code inputted based on the identifying code picture;
The account name according to input and the combination pin generate logging request and are sent to what the server was verified
Step includes:
According to the account name of input, the combination pin and the graphical verification code, generates logging request and be sent to the service
Device.
8. logging request method as claimed in claims 6 or 7, which is characterized in that the logging request method further includes:
Using logging request described in preset RSA public key encryptions, encrypted logging request is sent to the server.
9. a kind of Security Login System, which is characterized in that the Security Login System includes server and client side, wherein:
The client, the check code returned for when accessing login page, receiving the server;According to preset combination
The login password of input is combined to obtain combination pin by rule with the check code;According to the account name of input and the combination
Password, generation logging request are sent to the server and are verified;
The server, if the logging request sent for receiving the client, obtains the identity of the client,
And the account name and combination pin that the logging request carries;According to preset rule of combination, splits the combination pin and obtain
Login password and check code;It is recorded according to the identity of the client and preconfigured check code, verifies the verification
Code;According to the account name and preconfigured login password database, the login password is verified;If the check code passes through
Verification, and the login password then judges that the logging request by verification, allows the client to log in by verification;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password is combining
Putting in order in password;
Check code and putting in order for login password are sorted including front and back position, or are obtained after check code and login password are split
Character or character combination reconfigure.
10. Security Login System as claimed in claim 9, which is characterized in that the server is additionally operable to,
When detecting that the client accesses login page, identifying code picture is returned to the client;
The client is additionally operable to receive the graphical verification code inputted based on the identifying code picture;According to the account name of input,
The combination pin and the graphical verification code generate logging request and are sent to the server;
The server is additionally operable to be recorded according to preconfigured graphical verification code, verifies the graphical verification code;If the school
Test code by verification, and the login password by verification, and the graphical verification code by verification, then judge that the login is asked
It asks through verification, the client is allowed to log in.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611176436.1A CN107317791B (en) | 2016-12-15 | 2016-12-15 | Login validation method, logging request method and Security Login System |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611176436.1A CN107317791B (en) | 2016-12-15 | 2016-12-15 | Login validation method, logging request method and Security Login System |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107317791A CN107317791A (en) | 2017-11-03 |
CN107317791B true CN107317791B (en) | 2018-07-31 |
Family
ID=60185232
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611176436.1A Active CN107317791B (en) | 2016-12-15 | 2016-12-15 | Login validation method, logging request method and Security Login System |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107317791B (en) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108075880A (en) * | 2017-11-28 | 2018-05-25 | 珠海金山网络游戏科技有限公司 | A kind of network game server logs in security system and method |
CN107835075A (en) * | 2017-12-06 | 2018-03-23 | 北京深思数盾科技股份有限公司 | The processing method and processing device of local password |
CN108256344B (en) * | 2018-01-22 | 2019-10-22 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platform Database Systems and attaching method thereof |
CN107995229A (en) * | 2018-01-31 | 2018-05-04 | 苏州锦佰安信息技术有限公司 | A kind of auth method and device |
CN108306881A (en) * | 2018-01-31 | 2018-07-20 | 苏州锦佰安信息技术有限公司 | A kind of auth method and device |
CN108306883A (en) * | 2018-01-31 | 2018-07-20 | 苏州锦佰安信息技术有限公司 | A kind of auth method and device |
CN108650243B (en) * | 2018-04-24 | 2021-04-23 | 平安科技(深圳)有限公司 | Connection establishment method, system, device and computer readable storage medium |
CN108769083A (en) * | 2018-08-01 | 2018-11-06 | 北京奇虎科技有限公司 | Login method, apparatus and system based on distributed server |
CN109547428A (en) * | 2018-11-14 | 2019-03-29 | 深圳市云歌人工智能技术有限公司 | It verifies password and accesses method, system and the storage medium of server |
CN110147658A (en) * | 2019-04-16 | 2019-08-20 | 平安科技(深圳)有限公司 | User information encipher-decipher method, system and computer equipment |
CN111787005B (en) * | 2020-06-30 | 2023-02-17 | 中国工商银行股份有限公司 | Dynamic encrypted secure login method and device |
CN112699396B (en) * | 2021-01-15 | 2021-07-20 | 深圳市网信数码科技有限公司 | Information security method, device, system and storage medium of instant communication software |
CN114297623A (en) * | 2021-12-07 | 2022-04-08 | 北京天融信网络安全技术有限公司 | User permission setting method and system convenient for permission change |
CN113901440B (en) * | 2021-12-09 | 2022-04-08 | 北京网界科技有限公司 | User login system and method, and user login setting system and method |
CN114422270B (en) * | 2022-03-28 | 2022-06-03 | 成都运荔枝科技有限公司 | Method and device for safe login authentication of Internet platform system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051904A (en) * | 2007-05-17 | 2007-10-10 | 成都金山互动娱乐科技有限公司 | Method for landing by account number cipher for protecting network application sequence |
CN102316112A (en) * | 2011-09-16 | 2012-01-11 | 李建成 | Password authentication method in network application and system |
CN103067401A (en) * | 2013-01-10 | 2013-04-24 | 天地融科技股份有限公司 | Method and system for key protection |
CN105337938A (en) * | 2014-07-28 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Validity verification method and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090031407A1 (en) * | 2007-07-24 | 2009-01-29 | Shaobo Kuang | Method and system for security check or verification |
-
2016
- 2016-12-15 CN CN201611176436.1A patent/CN107317791B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051904A (en) * | 2007-05-17 | 2007-10-10 | 成都金山互动娱乐科技有限公司 | Method for landing by account number cipher for protecting network application sequence |
CN102316112A (en) * | 2011-09-16 | 2012-01-11 | 李建成 | Password authentication method in network application and system |
CN103067401A (en) * | 2013-01-10 | 2013-04-24 | 天地融科技股份有限公司 | Method and system for key protection |
CN105337938A (en) * | 2014-07-28 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Validity verification method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107317791A (en) | 2017-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107317791B (en) | Login validation method, logging request method and Security Login System | |
CN104378376B (en) | Single-point logging method, certificate server and browser based on SOA | |
US10027631B2 (en) | Securing passwords against dictionary attacks | |
CN103685282B (en) | A kind of identity identifying method based on single-sign-on | |
CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
CN107864115A (en) | A kind of method that user account login authentication is carried out using portable terminal | |
CN106612180A (en) | Method and device for realizing session identifier synchronization | |
JP2016502377A (en) | How to provide safety using safety calculations | |
RU2670031C2 (en) | System and method of identification and / or authentication | |
WO2016155281A1 (en) | Application identifier management method and device | |
CN110011958A (en) | Information ciphering method, device, computer equipment and storage medium | |
CN109347887A (en) | A kind of identity authentication method and device | |
Bates et al. | Forced perspectives: Evaluating an SSL trust enhancement at scale | |
CN112632593A (en) | Data storage method, data processing method, device and storage medium | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
US20220070009A1 (en) | Authentication system with reduced attack surface | |
US11245684B2 (en) | User enrollment and authentication across providers having trusted authentication and identity management services | |
CN110912857B (en) | Method and storage medium for sharing login between mobile applications | |
Rastogi et al. | Secured identity management system for preserving data privacy and transmission in cloud computing | |
Karthiga et al. | Enhancing performance of user authentication protocol with resist to password reuse attacks | |
US20240236066A9 (en) | A method for authenticating a user towards a multi-node party | |
US20240137353A1 (en) | A method for authenticating a user towards a multi-node party | |
CN109818903A (en) | Data transmission method, system, device and computer readable storage medium | |
CN113454968B (en) | Method and system for secure transactions | |
Chhabra et al. | Strong authentication system along with virtual private network: A secure cloud solution for cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1238442 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |