CN107317791B - Login validation method, logging request method and Security Login System - Google Patents

Login validation method, logging request method and Security Login System Download PDF

Info

Publication number
CN107317791B
CN107317791B CN201611176436.1A CN201611176436A CN107317791B CN 107317791 B CN107317791 B CN 107317791B CN 201611176436 A CN201611176436 A CN 201611176436A CN 107317791 B CN107317791 B CN 107317791B
Authority
CN
China
Prior art keywords
client
login
logging request
check code
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611176436.1A
Other languages
Chinese (zh)
Other versions
CN107317791A (en
Inventor
秦伟强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201611176436.1A priority Critical patent/CN107317791B/en
Publication of CN107317791A publication Critical patent/CN107317791A/en
Application granted granted Critical
Publication of CN107317791B publication Critical patent/CN107317791B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a kind of login validation method, this method includes:If receiving the logging request of client transmission, the account name and combination pin of identity and the logging request carrying of the client are obtained;According to preset rule of combination, splits the combination pin and obtain login password and check code;It is recorded according to the identity of the client and preconfigured check code, verifies the check code;According to the account name and preconfigured login password database, the login password is verified;If the check code is by verification, and the login password then judges that the logging request by verification, allows the client to log in by verification.The invention also discloses a kind of logging request method, Security Login Systems.The present invention substantially increases the safety of login mode.

Description

Login validation method, logging request method and Security Login System
Technical field
The present invention relates to a kind of field of information security technology more particularly to login validation method, logging request method and peaces Full login system.
Background technology
Currently, more website and application software use the form of " account+password " to carry out login authentication, used when if logging in The password of family input is identical as the preconfigured password of user, then allows user to log in.There is user due to that may be recorded in account Personal information, even relate to the proprietary information of user, therefore, the safety of account information is always user's concern.
However, existing login mode only to login password carry out login authentication, can not effective guarantee account peace Entirely.When user logs in WEB application or APP, account and corresponding login password are carried in the logging request that client is sent. If attacker successfully intercepts the logging request of client transmission, Brute Force can be carried out, the login password of user is obtained, To using obtained account information, steal the privacy information or fund of user.
Invention content
The main purpose of the present invention is to provide a kind of login validation method, logging request method and Security Login System, Aim to solve the problem that the low technical problem of existing login mode safety.
To achieve the above object, the present invention provides a kind of login validation method, and the login validation method includes following step Suddenly:
If receiving the logging request of client transmission, the identity of the client and the logging request are obtained The account name and combination pin of carrying;
According to preset rule of combination, splits the combination pin and obtain login password and check code;
It is recorded according to the identity of the client and preconfigured check code, verifies the check code;
According to the account name and preconfigured login password database, the login password is verified;
If the check code is by verification, and the login password then judges the logging request by testing by verification Card allows the client to log in;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password exists Putting in order in combination pin;
Check code and putting in order for login password are sorted including front and back position, or will be after check code and login password fractionation Obtained character or character combination reconfigures.
Preferably, the graphical verification code inputted based on identifying code picture, the login are also carried in the logging request Verification method further includes:
It is recorded according to preconfigured graphical verification code, verifies the graphical verification code;
If the check code is by verification, and the login password then judges that the logging request is logical by verification The step of crossing verification, the client is allowed to log in include:
If the check code by verification, and the login password by verification, and the graphical verification code by verification, Then judge that the logging request by verification, allows the client to log in.
Preferably, if the logging request for receiving client transmission, obtains identity and the institute of the client State logging request carrying account name and combination pin the step of include:
If receiving the logging request after the RSA public key encryptions of client transmission, stepped on using described in the decryption of preset private key Record request obtains the account name and combination pin of identity and the logging request carrying of the client.
Preferably, if the logging request for receiving client transmission, obtains identity and the institute of the client Before the step of stating the account name and combination pin of logging request carrying, further include:
When detecting that the client accesses login page, generates check code and return to the client, for the client End configuration combination pin;
The identity of client described in corresponding record and the check code returned to the client, are saved in the verification In code record.
Preferably, the check code is random number.
In addition, to achieve the above object, the present invention also provides a kind of logging request method, the logging request method includes Following steps:
When accessing login page, the check code that server returns is received;
According to preset rule of combination, the login password of input is combined to obtain combination pin with the check code;
According to the account name of input and the combination pin, generation logging request is sent to the server and is verified;
Identity is sent to the server;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password exists Putting in order in combination pin;
Check code and putting in order for login password are sorted including front and back position, or will be after check code and login password fractionation Obtained character or character combination reconfigures.
Preferably, the login page includes identifying code picture, and the logging request method further includes:
Receive the graphical verification code inputted based on the identifying code picture;
The account name according to input and the combination pin, generation logging request are sent to the server and are tested The step of card includes:
According to the account name of input, the combination pin and the graphical verification code, generation logging request is sent to described Server.
Preferably, the logging request method further includes:
Using logging request described in preset RSA public key encryptions, encrypted logging request is sent to the server.
In addition, to achieve the above object, the present invention also provides a kind of Security Login System, the Security Login System includes Server and client side, wherein:
The client, the check code returned for when accessing login page, receiving the server;According to preset The login password of input is combined to obtain combination pin by rule of combination with the check code;According to the account name of input and described Combination pin, generation logging request are sent to the server and are verified;
The server, if the logging request sent for receiving the client, obtains the identity of the client The account name and combination pin that mark and the logging request carry;According to preset rule of combination, the combination pin is split Obtain login password and check code;It is recorded according to the identity of the client and preconfigured check code, described in verification Check code;According to the account name and preconfigured login password database, the login password is verified;If the check code By verification, and the login password then judges that the logging request by verification, allows the client to step on by verification Record;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password exists Putting in order in combination pin;
Check code and putting in order for login password are sorted including front and back position, or will be after check code and login password fractionation Obtained character or character combination reconfigures.
Preferably, the server is additionally operable to,
When detecting that the client accesses login page, identifying code picture is returned to the client;
The client is additionally operable to receive the graphical verification code inputted based on the identifying code picture;According to the account of input Name in an account book, the combination pin and the graphical verification code generate logging request and are sent to the server;
The server is additionally operable to be recorded according to preconfigured graphical verification code, verifies the graphical verification code;If institute State check code by verification, and the login password by verification, and the graphical verification code by verification, then judgement described in step on Record request allows the client to log in by verification.
A kind of login validation method, logging request method and the Security Login System that the embodiment of the present invention proposes, are carrying out When login authentication, if receiving the logging request of client transmission, the identity and logging request that obtain this client carry Account name and combination pin, to be verified to current logging request;Then, according to preset rule of combination, fractionation group Close password and obtain login password and check code, due in combination pin login password and check code there are many combination, and Preset rule of combination is that attacker is difficult to obtain, even if therefore attacker can not crack combination if intercepted logging request Password, also you can't get correct login passwords;Then, remembered according to the identity of client and preconfigured check code Check code is verified in record;According to account name and preconfigured login password database, login password is verified;If check code passes through Verification, and login password then judges that current logging request by verification, allows the login of client by verification.The present invention's It is not direct carrying login password in login mode, in the logging request that client is sent, but carries be difficult to crack, packet Combination pin containing check code and login password, check code and login password use and are difficult to guess that the combination of solution combines to obtain Combination pin greatly strengthens the explosion difficulty of login password, can effectively prevent the Brute Force of attacker.Also, this Invention further enhances the safety of single password by the twin check to check code and login password.It is of the invention as a result, It solves the low technical problem of existing login mode safety, substantially increases the safety of login mode.
Description of the drawings
Fig. 1 is the flow diagram of login validation method first embodiment of the present invention;
Fig. 2 is the flow diagram of login validation method second embodiment of the present invention;
Fig. 3 is the flow diagram of login validation method 3rd embodiment of the present invention;
Fig. 4 is the flow diagram of login validation method fourth embodiment of the present invention;
Fig. 5 is the flow diagram of logging request method first embodiment of the present invention;
Fig. 6 is the flow diagram of logging request method second embodiment of the present invention;
Fig. 7 is the flow diagram of logging request method 3rd embodiment of the present invention;
Fig. 8 is the module diagram of Security Login System first embodiment of the present invention, second embodiment.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, login validation method first embodiment of the present invention provides a kind of login validation method, the login authentication Method includes:
If step S110, receiving the logging request of client transmission, the identity of the client and described is obtained The account name and combination pin that logging request carries.
The present invention proposes a kind of new login mode, during carrying out login authentication, using comprising check code and very The combination pin of real login password, even if logging request can not be according to the password cracking in logging request if interception by attacker Obtain correct login password;And server can correctly parse the combination pin in logging request and obtain check code and true Login password carries out double verification to login password and check code, has ensured safety when Account Logon.
Specifically, as an implementation, when client is when receiving the logging request of client transmission, acquisition is objective The identity at family end, parsing logging request obtain the account name and combination pin of logging request carrying.
Wherein, the identity of client can uniquely characterize client identity, such as the ID of client, or visitor The Subscriber Identity Module number at family end, client device number etc..The identity of client can be carried in logging request, Can be that server is individually obtained to client request, it can flexible configuration according to actual needs.
The account name that the account name namely current request carried in logging request logs in;The combination carried in logging request is close Code is the current password verified.
Step S120, it according to preset rule of combination, splits the combination pin and obtains login password and check code.
After the combination pin carried in obtaining logging request, server splits this combination according to preset rule of combination Password obtains the check code carried in combination pin and true login password.
Preset combination be made an appointment by server and client side, be check code and login password combine it is close Putting in order in code.It should be noted that check code and login password putting in order in combination pin can be simple Front and back position sequence, can also be the character or character that will be obtained after fractionation after respectively splitting check code and login password Group reconfigures to obtain combination pin, can flexible configuration according to actual needs it is of course also possible to be other permutation and combination methods.
For example, the combination pin carried in current logging request is 123456ABCDEF.
If preset combination is:Check code is 6, and login password is 6, and the sequence of check code is close positioned at logging in Before code, then it is 123456 to split the check code that combination pin obtains, login password ABCDEF.
If preset combination is:Check code be 6, login password be 6, and check code and login password by by It splits to obtain character group according to original sequence trisection, arrangement is interted respectively according to check code successively in the posterior mode of preceding, login password Character group obtains combination pin, then according to preset combination, the check code that reverse fractionation combination pin obtains is server 1256CD, login password 34ABEF.
It can be seen that the arrangement mode of check code and login password is many in combination pin so that combination pin Difficulty is cracked to greatly increase.
Step S130, it is recorded according to the identity of the client and preconfigured check code, verifies the verification Code.
After splitting combination pin and obtaining check code and login password, check code and login password are separately verified.
Specifically, as an implementation, server inquires preconfigured verification according to the identity of client Code record obtains this client identity in check code record and identifies corresponding check code.
Then, judge to split the obtained check code of combination pin with inquire check code that check code records whether phase Together.
If it is identical as the check code that inquiry check code records to split the check code that combination pin obtains, judge to split The check code that combination pin obtains passes through verification.
If splitting the check code that the check code that combination pin obtains is recorded with inquiry check code to differ, judgement is torn open The check code that subassembly password obtains is not verified.
Step S140, according to the account name and preconfigured login password database, the login password is verified.
When carrying out the verification of login password, it can inquire preconfigured login password database according to account name, obtain Preconfigured, the correct login password to the corresponding login password of this account name in login password database namely user.
Then, judge to split the login password that the login password that combination pin obtains is obtained with inquiry login password database It is whether identical.
If it is identical as the login password that inquiry login password database obtains to split the login password that combination pin obtains, Judgement splits the login password that combination pin obtains and passes through verification.
If splitting the login password that the login password that combination pin obtains is obtained with inquiry login password database to differ, Then judge that the login password that fractionation combination pin obtains is not verified.
If step S150, the described check code is by verification, and the login password then judges that the login is asked by verification It asks through verification, the client is allowed to log in.
To splitting the obtained check code of combination pin and after login password verifies, if check code by verification, and Login password then can be determined that current logging request by verification, allows active client with current account at this time by verification Family logs in.
It should be noted that the password that the login password in the present embodiment uses when can be logon account, can also be The instruction password in the plurality of application scenes such as mobile payment is carried out, can be flexibly applied to need to carry out password according to actual needs The application scenarios of verification.
In the present embodiment, if receiving the logging request of client transmission, the identity of this client is obtained, and step on The account name and combination pin that record request carries, to be verified to current logging request;Then, it is advised according to preset combination Then, split combination pin and obtain login password and check code, due in combination pin login password and check code there are many group Conjunction mode, and preset rule of combination is attacker is difficult to obtain, even if therefore attacker can not intercepted logging request yet Combination pin is cracked, also you can't get correct login passwords;Then, according to the identity of client and preconfigured Check code records, and verifies check code;According to account name and preconfigured login password database, login password is verified;If school Code is tested by verification, and login password then judges that current logging request by verification, allows the login of client by verification. It not is that direct carry is stepped on when carrying out login authentication, in the logging request that client is sent in the login mode of the present embodiment Record password, but carry be difficult to it is cracking, include check code and the combination pin of login password, check code and login password make With being difficult to guess that the combination of solution combines to obtain combination pin, the explosion difficulty of login password is greatly strengthened, it can be effective Prevent the Brute Force of attacker.Also, the present embodiment is further enhanced by the twin check to check code and login password The safety of single password.The present embodiment solves the low technical problem of existing login mode safety as a result, carries significantly The high safety of login mode.
Further, with reference to Fig. 2, login validation method second embodiment of the present invention provides a kind of login validation method, base The graphical verification code inputted based on identifying code picture, institute are also carried in above-mentioned embodiment shown in FIG. 1, the logging request Stating login validation method further includes:
Step S160, it is recorded according to preconfigured graphical verification code, verifies the graphical verification code.
Server returns to identifying code picture when detecting that client accesses login page, to client, carries out identifying code The verification of picture.Meanwhile this identifying code picture is added in graphical verification code record by server, for subsequently being carried to client The verification of the graphical verification code of friendship.
Client is shown in after receiving image authentication code on login page, so that user identifies identifying code picture, input Corresponding graphical verification code.
After obtaining graphical verification code input by user, the group of account name, configuration that client is logged according to current request It closes password and graphical verification code input by user generates logging request, be sent to server.
Server after receiving the logging request of client, in combination pin login password and check code test Card, is carried out at the same time the verification of graphical verification code.
When carrying out the verification of graphical verification code, server inquires graphical verification code record, the figure that verification client is submitted Whether shape identifying code is correct, obtains check results.
Corresponding, the step S150 includes:
If step S151, the described check code is by verification, and the login password passes through verification, and the graphical verification code By verification, then judge that the logging request by verification, allows the client to log in.
When splitting the obtained check code of combination pin and login password all by verification, and the figure carried in logging request When shape identifying code is also by verification, server judges that current logging request by verification, allows active client with current account It logs in.
In the present embodiment, the graphical verification code inputted based on identifying code picture is also carried in logging request, then is being received To client send logging request when, according to preconfigured graphical verification code record, verify graphical verification code;If check code By verification, and login password by verification, and graphical verification code by verification, then judge logging request pass through verification, allow Client logs in.The present embodiment is added to graphical verification code on the basis of combination pin, further enhances to malicious attack Resistance, improve client login safety.
Further, with reference to Fig. 3, login validation method 3rd embodiment of the present invention provides a kind of login validation method, base In above-mentioned embodiment (the present embodiment is by taking Fig. 1 as an example) shown in fig. 1 or fig. 2, the step S110 includes:
If step S111, receiving the logging request after the RSA public key encryptions of client transmission, preset private key solution is used The close logging request obtains the account name and combination pin of identity and the logging request carrying of the client.
Client is encrypted logging request using RSA public keys before sending logging request, and encrypted login is asked It asks and is sent to server.
Wherein, RSA cryptographic algorithms are asymmetric arithmetic, and public key used in client encryption is disclosed, and server It is that secrecy is underground to decrypt the private key used, and encrypted information, which is only capable of the private key possessed by server, to decrypt.
Then server is after the encrypted logging request for receiving client transmission, using the private key of secrecy to logging request It is decrypted, obtains the account name and combination pin of logging request carrying.
If carrying graphical verification code in logging request, server obtains figure and tests after decrypting logging request Demonstrate,prove code, account name and combination pin.
If carrying the identity of client in logging request, server is also obtained after decrypting logging request The identity of client;If not carrying the identity of client in logging request, server is to its body of client request Part mark.
Further, as another embodiment, client only can add combination pin using RSA public keys It is close.
Then server obtains the identity of client, and parse login when receiving the logging request of client transmission Request obtains account name and encrypted combination pin.
Then, encrypted combination pin is decrypted using private key, obtains combination pin.
In the present embodiment, if receiving the logging request after the RSA public key encryptions that client is sent, preset private is used Key decrypts the logging request, obtains the account name and combination pin of identity and the logging request carrying of client.This reality Example is applied by the way that logging request is encrypted, further improves the safety of client login so that close in logging request Code is more difficult to be improved the safety of login mode by Brute Force.
Further, with reference to Fig. 4, login validation method fourth embodiment of the present invention provides a kind of login validation method, base Before above-mentioned Fig. 1, Fig. 2 or shown in Fig. 3 embodiment (the present embodiment is by taking Fig. 1 as an example), the step S110, further include:
When step S170, detecting that the client accesses login page, generates check code and return to the client, for The client configures combination pin.
When detecting that client accesses login page, server generates check code and the check code of generation is returned to client End.
Client is after the check code for receiving server transmission, according to the combination made an appointment with server, combination Check code and login password input by user, realize combination the configuration of password.
It should be noted that it includes that client opens login page, and refreshes log in page that client, which accesses login page, Face.When client accesses login page, server all regenerates check code and returns to client.Therefore, client is each When refreshing login page, server also can all regenerate check code and return to client.
Further, as an implementation, the check code is random number.
That is, server is handed down to client using the random number generated at random as check code every time, client makes Combination pin is configured with the random number that server issues.The random number that server generates can be preset length.
When using random number as check code, in conjunction with the multiple combinations mode of check code and login password so that obtain Combination pin is more difficult to be cracked, and further improves the safety of client login.
Step S180, the identity of client described in corresponding record and the check code returned to the client, preserve In being recorded to the check code.
Server is after generating check code, or after check code is handed down to client, the identity of this client of corresponding record The check code of this client is identified and be handed down to, and by this record storage to check code record, is used for subsequently to check code Verification.
In the present embodiment, it when detecting that client accesses login page, generates check code and returns to client, for client End configuration combination pin;Also, the identity of corresponding record client and the check code returned to client, are saved in verification In code record.The present embodiment can all regenerate check code and be handed down to client whenever detecting that client accesses login page End, ensure that timely updating for check code, improves the safety of login.If using random number as check code so that combination is close Code is more difficult to be further improved the safe coefficient of client login by Brute Force.
With reference to Fig. 5, logging request method first embodiment of the present invention provides a kind of logging request method, the logging request Method includes:
Step S210, when accessing login page, the check code that server returns is received.
The present invention proposes a kind of new login mode, and client is close using comprising check code and really logging in when logging in The combination pin of code, even if logging request can not obtain correctly if interception by attacker according to the password cracking in logging request Login password;And server can correctly parse the combination pin in logging request and obtain check code and really log in close Code carries out double verification to login password and check code, has ensured safety when Account Logon.
Specifically, as an implementation, when accessing login page, server generates check code and will give birth to client At check code return client.
Client receives the check code that server is sent.
It should be noted that it includes that client opens login page, and refreshes log in page that client, which accesses login page, Face.When client accesses login page, server all regenerates check code and returns to client.Therefore, client is each When refreshing login page, server also can all regenerate check code and return to client.
Step S220, according to preset rule of combination, the login password of input is combined with the check code Password.
After obtaining the check code that server issues, client is according to check code and login password configuration group input by user Close password
Specifically, as an implementation, preset combination is made an appointment by server and client side, is Check code and login password putting in order in combination pin.It should be noted that check code and login password are close in combination Putting in order in code can be the sequence of simple front and back position, can also be after respectively splitting check code and login password, It reconfigures the character obtained after fractionation or character group to obtain combination pin, it is of course also possible to be other permutation and combination methods, It can flexible configuration according to actual needs.
For example, the check code that server issues is 123456, password input by user is ABCDEF.
If preset combination is:The sequence of check code is located at before login password, then client combines check code The combination pin obtained with login password is 123456ABCDEF.
If preset combination is:Check code and login password are split to obtain character according to original sequence trisection Group interts each character group of arrangement in the posterior mode of preceding, login password according to check code and obtains combination pin, then client successively The combination pin that combination verification code and login password obtain is 12AB34CD56EF.
It can be seen that the arrangement mode of check code and login password is many in combination pin so that combination pin Difficulty is cracked to greatly increase.
It should be noted that login password input by user can also be stepping on of being preserved in client-cache in the present embodiment Record password.
Step S230, it according to the account name of input and the combination pin, generates logging request and is sent to the server It is verified.
After configuration obtains combination pin, client is generated according to account name input by user and the combination pin of configuration Logging request is sent to server and is verified.
Further, its identity can also be configured in log on request by client, with account name, combination pin one It rises and is sent to server.
Certainly, client can also send its identity when server asks its identity, then to server.
Wherein, the identity of client can uniquely characterize client identity, such as the ID of client, or visitor The Subscriber Identity Module number at family end, client device number etc..
Server after the logging request for receiving client transmission, take by the identity and logging request that obtain client The account name and combination pin of band;Then, it according to preset rule of combination, splits combination pin and obtains login password and verification Code;Then, it is recorded according to the identity of client and preconfigured check code, verifies check code;According to account name and in advance The login password database first configured verifies login password;If check code is by verification, and login password is then sentenced by verification Settled preceding logging request allows the login of client by verification.
Certainly, server can not also verify check code, only after splitting combination pin and obtaining check code and login password Only verify login password.
Further, as an implementation, the check code is random number.
That is, server is handed down to client using the random number generated at random as check code every time, client makes Combination pin is configured with the random number that server issues.The random number that server generates can be preset length.
When using random number as check code, in conjunction with the multiple combinations mode of check code and login password so that obtain Combination pin is more difficult to be cracked, and further improves the safety of client login.
In the present embodiment, when accessing login page, the check code that server returns is received, it is close to configure combination Code;Then, according to preset rule of combination, login password input by user is combined with check code to obtain combination pin, due to Login password and check code in combination pin are there are many combination, and to be attacker be difficult to obtain preset rule of combination , even if therefore attacker it is close you can't get correctly logging in if can not crack combination pin if intercepted logging request Code;Then, according to the account name of input and combination pin, generation logging request is sent to server and is verified.The present embodiment Login mode in, when asking to log in, in the logging request that client is sent be not it is direct carry login password, but take Band be difficult to it is cracking, include check code and the combination pin of login password, check code and login password are using being difficult to guess solution Combination combines to obtain combination pin, greatly strengthens the explosion difficulty of login password, can effectively prevent attacker's Brute Force.The present embodiment solves the low technical problem of existing login mode safety as a result, substantially increases login side The safety of formula.
Further, with reference to Fig. 6, logging request method second embodiment of the present invention provides a kind of logging request method, base In above-mentioned embodiment shown in fig. 5, the login page includes identifying code picture, and the logging request method further includes:
Step S240, the graphical verification code inputted based on the identifying code picture is received.
The step S230 includes:
Step S231, according to the account name of input, the combination pin and the graphical verification code, logging request hair is generated Give the server.
In order to further increase the safety of login, server is when detecting that client accesses login page, to client End returns to identifying code picture, carries out the verification of identifying code picture.Meanwhile this identifying code picture is added to graphic verification by server In code record, the verification of the graphical verification code for subsequently being submitted to client.
Client is shown in after receiving image authentication code in login page, so that user identifies identifying code picture, input Corresponding graphical verification code.
After obtaining graphical verification code input by user, the group of account name, configuration that client is logged according to current request It closes password and graphical verification code input by user generates logging request, be sent to server.
Server after receiving the logging request of client, in combination pin login password and check code test Card, is carried out at the same time the verification of graphical verification code.
When carrying out the verification of graphical verification code, server inquires graphical verification code record, the figure that verification client is submitted Whether shape identifying code is correct, obtains check results.
When splitting the obtained check code of combination pin and login password all by verification, and the figure carried in logging request When shape identifying code is also by verification, server judges that current logging request by verification, allows active client with current account It logs in.
In the present embodiment, login page includes identifying code picture, and client, which receives, is based on server authentication code picture The graphical verification code of input;Then, according to account name input by user, the obtained combination pin of configuration and figure input by user Identifying code generates logging request and is sent to server.The present embodiment is added to graphical verification code on the basis of combination pin, The resistance to malicious attack is further enhanced, the safety of client login is improved.
Further, with reference to Fig. 7, logging request method 3rd embodiment of the present invention provides a kind of logging request method, base In above-mentioned Fig. 6 or shown in Fig. 7 embodiments (the present embodiment is by taking Fig. 6 as an example), the logging request method further includes:
Step S250, using logging request described in preset RSA public key encryptions, encrypted logging request is sent to institute State server.
In order to further enhance the safety of log-on message, client is before sending logging request, using RSA public keys to stepping on Record request is encrypted, and encrypted logging request is sent to server.
Wherein, RSA cryptographic algorithms are asymmetric arithmetic, and public key used in client encryption is disclosed, and server It is that secrecy is underground to decrypt the private key used, and encrypted information, which is only capable of the private key possessed by server, to decrypt.
Then server is after the encrypted logging request for receiving client transmission, using the private key of secrecy to logging request It is decrypted, obtains the information of logging request carrying, include the identity mark of account name, combination pin, graphical verification code, client Know etc..
Further, as another embodiment, client only can add combination pin using RSA public keys It is close.
Then server obtains the identity of client, and parse login when receiving the logging request of client transmission Request obtains account name and encrypted combination pin.
Then, encrypted combination pin is decrypted using private key, obtains combination pin.
In the present embodiment, using preset RSA public key encryptions logging request, encrypted logging request is sent to clothes Business device, carries out the verification of logging request.The present embodiment further improves client login by the way that logging request is encrypted Safety so that the password in logging request is more difficult to be improved the safety of login mode by Brute Force.
With reference to Fig. 8, Security Login System first embodiment of the present invention provides a kind of Security Login System, the secure log System includes server 10 and client 20, wherein:
The client 20, the check code for when accessing login page, receiving the return of the server 10;According to pre- If rule of combination, the login password of input is combined to obtain combination pin with the check code;According to the account name of input and The combination pin, generation logging request are sent to the server 10 and are verified;
The server 10, if the logging request for receiving the transmission of the client 20, obtains the client 20 Identity and the logging request carry account name and combination pin;According to preset rule of combination, described group is split It closes password and obtains login password and check code;It is recorded according to the identity of the client 200 and preconfigured check code, Verify the check code;According to the account name and preconfigured login password database, the login password is verified;If institute Check code is stated by verification, and the login password then judges that the logging request by verification, allows the visitor by verification Family end 20 logs in.
The present invention proposes a kind of new login system, and client 20 is when logging in, using including check code and true log in The combination pin of password, even if logging request can not obtain just if interception by attacker according to the password cracking in logging request True login password;And server 10 can correctly parse the combination pin in logging request and obtain check code and true login Password carries out double verification to login password and check code, has ensured safety when Account Logon.
Specifically, as an implementation, for client 20 when accessing login page, server 10 generates check code simultaneously The check code of generation is returned into client 20.It should be noted that it includes that client 20 is opened that client 20, which accesses login page, Login page, and refresh login page.When client 20 accesses login page, server 10 all regenerates check code Return to client 20.Therefore, when client 20 refreshes login page every time, server 10 also can all regenerate check code return Client 20.
Client 20 receives the check code that server 10 is sent, according to check code and login password configuration group input by user Close password
Specifically, preset combination is made an appointment by server 10 and client 20, is check code and login Password putting in order in combination pin.It should be noted that the arrangement of check code and login password in combination pin is suitable Sequence can be simple front and back position sequence, can also be that after respectively splitting check code and login password, will be obtained after fractionation Character or character group reconfigure to obtain combination pin, can be according to practical need it is of course also possible to be other permutation and combination methods Want flexible configuration.
Since the arrangement mode of check code and login password is many in combination pin so that combination pin cracks difficulty Degree greatly increases.
It should be noted that login password input by user can also be to be preserved during client 20 caches in the present embodiment Login password.
After configuration obtains combination pin, client 20 is raw according to account name input by user and the combination pin of configuration At logging request, it is sent to server 10 and is verified.
Further, its identity can also be configured in log on request by client 20, with account name, combination pin Send jointly to server 10.Certainly, client 20 can also be when server 10 asks its identity, then to server 10 Send its identity.
Wherein, the identity of client 20 can uniquely characterize 20 identity of client, such as the ID of client 20, or Person is the Subscriber Identity Module number of client 20, client device number etc..
Server 10 obtains the identity of client 20, and log in after the logging request for receiving the transmission of client 20 Ask the account name and combination pin that carry.
Then, it according to preset rule of combination, splits combination pin and obtains login password and check code;Then, it tests respectively Demonstrate,prove check code and login password.
Specifically, being recorded according to the identity of client 20 and preconfigured check code, check code is verified;According to account Name in an account book and preconfigured login password database verify login password.
If check code is by verification, and login password then judges that current logging request by verification, allows visitor by verification The login at family end 20.
Certainly, server 10 can not also verify check code after splitting combination pin and obtaining check code and login password, Only verify login password.
Further, as an implementation, the check code is random number.
That is, server 10 is handed down to client 20, client using the random number generated at random as check code every time End 20 configures combination pin using the random number that server 10 issues.The random number that server 10 generates can be preset length Degree.
When using random number as check code, in conjunction with the multiple combinations mode of check code and login password so that obtain Combination pin is more difficult to be cracked, and further improves the safety of the login of client 20.
In the present embodiment, Security Login System includes client 20 and server 10, and client 20 is accessing log in page When face, the check code that server 10 returns is received, to configure combination pin;Then, according to preset rule of combination, by user The login password of input combines to obtain combination pin with check code, due to there are many login passwords and check code in combination pin Combination, and preset rule of combination is attacker is difficult to obtain, even if therefore attacker's nothing if intercepted logging request Method cracks combination pin, and also you can't get correct login passwords;Then, account name and combination of the client 20 according to input Password, generation logging request are sent to server 10 and are verified.If receiving the logging request of the transmission of client 20, server 10 obtain the account name and combination pin of the identity of this client 20 and logging request carrying, to be asked to currently logging in It asks and is verified;Then, it according to preset rule of combination, splits combination pin and obtains login password and check code;Then, it services Device 10 is recorded according to the identity of client 20 and preconfigured check code, verifies check code;According to account name and in advance The login password database of configuration verifies login password;If check code is by verification, and login password is then serviced by verification Device 10 judges that current logging request by verification, allows the login of client 20.In the login system of the present embodiment, stepped on When record verification, server 10 detects sends check code when client 20 accesses login page to client 20, for client 20 configure combination pin according to check code.It is not direct carrying login password in the logging request that client 20 is sent as a result, But carry be difficult to it is cracking, include check code and the combination pin of login password, check code and login password use are difficult to Guess that the combination of solution combines to obtain combination pin, greatly strengthen the explosion difficulty of login password, can effectively prevent from attacking The Brute Force for the person of hitting.Also, server 10 is further enhanced single by the twin check to check code and login password The safety of password.The present embodiment solves the low technical problem of existing login mode safety as a result, substantially increases and steps on The safety of record mode.
Further, with reference to Fig. 8, Security Login System second embodiment of the present invention provides a kind of Security Login System, base In aforementioned present invention Security Login System first embodiment, the server 10 is additionally operable to,
When detecting that the client 20 accesses login page, identifying code picture is returned to the client 20;
The client 20 is additionally operable to receive the graphical verification code inputted based on the identifying code picture;According to input Account name, the combination pin and the graphical verification code generate logging request and are sent to the server 10;
The server 10 is additionally operable to be recorded according to preconfigured graphical verification code, verifies the graphical verification code;If The check code by verification, and the login password by verification, and the graphical verification code by verification, then judgement described in Logging request allows the client 20 to log in by verification.
In order to further enhance the safety of login system, server 10 is detecting the access login page of client 20 When, identifying code picture is returned to client 20, carries out the verification of identifying code picture.Meanwhile server 10 is by this identifying code picture It is added in graphical verification code record, the verification of the graphical verification code for subsequently being submitted to client 20.
Client 20 is shown in after receiving image authentication code on login page, so that user identifies identifying code picture, defeated Enter corresponding graphical verification code.
After obtaining graphical verification code input by user, account name that client 20 is logged according to current request, configuration Combination pin and graphical verification code input by user generate logging request, are sent to server 10.
Server 10 after the logging request for receiving client 20, in combination pin login password and check code carry out Verification, is carried out at the same time the verification of graphical verification code.
When carrying out the verification of graphical verification code, server 10 inquires graphical verification code record, and verification client 20 is submitted Graphical verification code it is whether correct, obtain check results.
When splitting the obtained check code of combination pin and login password all by verification, and the figure carried in logging request When shape identifying code is also by verification, server 10 judges that current logging request by verification, allows active client 20 with current Account Logon.
In the present embodiment, increase graphical verification code, server 10 when detecting that client 20 accesses login page, Identifying code picture is returned to client 20, then also carries in the logging request that client 20 configures and is inputted based on identifying code picture Graphical verification code.Server 10 is when receiving the logging request of the transmission of client 20, according to preconfigured graphical verification code Record verifies graphical verification code;If check code by verification, and login password by verification, and graphical verification code by verification, Then judge that the logging request of active client 20 by verification, allows client 20 to log in.Base of the present embodiment in combination pin On plinth, it is added to graphical verification code, further enhances the resistance to malicious attack, improves the safety of client login Property.
The alternative embodiment that these are only the present invention, is not intended to limit the scope of the invention, every to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of login validation method, which is characterized in that the login validation method includes the following steps:
If receiving the logging request of client transmission, the identity and the logging request that obtain the client carry Account name and combination pin;
According to preset rule of combination, splits the combination pin and obtain login password and check code;
It is recorded according to the identity of the client and preconfigured check code, verifies the check code;
According to the account name and preconfigured login password database, the login password is verified;
If the check code is by verification, and the login password then judges that the logging request by verification, permits by verification Perhaps the described client logs in;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password is combining Putting in order in password;
Check code and putting in order for login password are sorted including front and back position, or are obtained after check code and login password are split Character or character combination reconfigure.
2. login validation method as described in claim 1, which is characterized in that also carried based on verification in the logging request The graphical verification code of code picture input, the login validation method further include:
It is recorded according to preconfigured graphical verification code, verifies the graphical verification code;
If the check code is by verification, and the login password then judges the logging request by testing by verification Card, the step of allowing the client to log in include:
If the check code by verification, and the login password by verification, and the graphical verification code by verification, then sentence The fixed logging request allows the client to log in by verification.
3. login validation method as described in claim 1, which is characterized in that if the login for receiving client transmission is asked Ask, then obtain the client identity and the logging request carry account name and combination pin the step of include:
If receiving the logging request after the RSA public key encryptions of client transmission, decrypts the login using preset private key and ask It asks, obtains the account name and combination pin of identity and the logging request carrying of the client.
4. login validation method as claimed in claim 1,2 or 3, which is characterized in that if described receive stepping on for client transmission The step of recording request, then obtaining the account name and combination pin of identity and logging request carrying of the client Before, further include:
When detecting that the client accesses login page, generates check code and return to the client, so that the client is matched Set combination pin;
The identity of client described in corresponding record and the check code returned to the client are saved in the check code note In record.
5. login validation method as claimed in claim 4, which is characterized in that the check code is random number.
6. a kind of logging request method, which is characterized in that the logging request method includes the following steps:
When accessing login page, the check code that server returns is received;
According to preset rule of combination, the login password of input is combined to obtain combination pin with the check code;
According to the account name of input and the combination pin, generation logging request is sent to the server and is verified;
Identity is sent to the server;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password is combining Putting in order in password;
Check code and putting in order for login password are sorted including front and back position, or are obtained after check code and login password are split Character or character combination reconfigure.
7. logging request method as claimed in claim 6, which is characterized in that the login page includes identifying code picture, The logging request method further includes:
Receive the graphical verification code inputted based on the identifying code picture;
The account name according to input and the combination pin generate logging request and are sent to what the server was verified Step includes:
According to the account name of input, the combination pin and the graphical verification code, generates logging request and be sent to the service Device.
8. logging request method as claimed in claims 6 or 7, which is characterized in that the logging request method further includes:
Using logging request described in preset RSA public key encryptions, encrypted logging request is sent to the server.
9. a kind of Security Login System, which is characterized in that the Security Login System includes server and client side, wherein:
The client, the check code returned for when accessing login page, receiving the server;According to preset combination The login password of input is combined to obtain combination pin by rule with the check code;According to the account name of input and the combination Password, generation logging request are sent to the server and are verified;
The server, if the logging request sent for receiving the client, obtains the identity of the client, And the account name and combination pin that the logging request carries;According to preset rule of combination, splits the combination pin and obtain Login password and check code;It is recorded according to the identity of the client and preconfigured check code, verifies the verification Code;According to the account name and preconfigured login password database, the login password is verified;If the check code passes through Verification, and the login password then judges that the logging request by verification, allows the client to log in by verification;
Wherein, preset rule of combination is made an appointment by server and client side, is check code and login password is combining Putting in order in password;
Check code and putting in order for login password are sorted including front and back position, or are obtained after check code and login password are split Character or character combination reconfigure.
10. Security Login System as claimed in claim 9, which is characterized in that the server is additionally operable to,
When detecting that the client accesses login page, identifying code picture is returned to the client;
The client is additionally operable to receive the graphical verification code inputted based on the identifying code picture;According to the account name of input, The combination pin and the graphical verification code generate logging request and are sent to the server;
The server is additionally operable to be recorded according to preconfigured graphical verification code, verifies the graphical verification code;If the school Test code by verification, and the login password by verification, and the graphical verification code by verification, then judge that the login is asked It asks through verification, the client is allowed to log in.
CN201611176436.1A 2016-12-15 2016-12-15 Login validation method, logging request method and Security Login System Active CN107317791B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611176436.1A CN107317791B (en) 2016-12-15 2016-12-15 Login validation method, logging request method and Security Login System

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611176436.1A CN107317791B (en) 2016-12-15 2016-12-15 Login validation method, logging request method and Security Login System

Publications (2)

Publication Number Publication Date
CN107317791A CN107317791A (en) 2017-11-03
CN107317791B true CN107317791B (en) 2018-07-31

Family

ID=60185232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611176436.1A Active CN107317791B (en) 2016-12-15 2016-12-15 Login validation method, logging request method and Security Login System

Country Status (1)

Country Link
CN (1) CN107317791B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108075880A (en) * 2017-11-28 2018-05-25 珠海金山网络游戏科技有限公司 A kind of network game server logs in security system and method
CN107835075A (en) * 2017-12-06 2018-03-23 北京深思数盾科技股份有限公司 The processing method and processing device of local password
CN108256344B (en) * 2018-01-22 2019-10-22 商客通尚景科技江苏有限公司 A kind of SaaS enterprise platform Database Systems and attaching method thereof
CN107995229A (en) * 2018-01-31 2018-05-04 苏州锦佰安信息技术有限公司 A kind of auth method and device
CN108306881A (en) * 2018-01-31 2018-07-20 苏州锦佰安信息技术有限公司 A kind of auth method and device
CN108306883A (en) * 2018-01-31 2018-07-20 苏州锦佰安信息技术有限公司 A kind of auth method and device
CN108650243B (en) * 2018-04-24 2021-04-23 平安科技(深圳)有限公司 Connection establishment method, system, device and computer readable storage medium
CN108769083A (en) * 2018-08-01 2018-11-06 北京奇虎科技有限公司 Login method, apparatus and system based on distributed server
CN109547428A (en) * 2018-11-14 2019-03-29 深圳市云歌人工智能技术有限公司 It verifies password and accesses method, system and the storage medium of server
CN110147658A (en) * 2019-04-16 2019-08-20 平安科技(深圳)有限公司 User information encipher-decipher method, system and computer equipment
CN111787005B (en) * 2020-06-30 2023-02-17 中国工商银行股份有限公司 Dynamic encrypted secure login method and device
CN112699396B (en) * 2021-01-15 2021-07-20 深圳市网信数码科技有限公司 Information security method, device, system and storage medium of instant communication software
CN114297623A (en) * 2021-12-07 2022-04-08 北京天融信网络安全技术有限公司 User permission setting method and system convenient for permission change
CN113901440B (en) * 2021-12-09 2022-04-08 北京网界科技有限公司 User login system and method, and user login setting system and method
CN114422270B (en) * 2022-03-28 2022-06-03 成都运荔枝科技有限公司 Method and device for safe login authentication of Internet platform system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051904A (en) * 2007-05-17 2007-10-10 成都金山互动娱乐科技有限公司 Method for landing by account number cipher for protecting network application sequence
CN102316112A (en) * 2011-09-16 2012-01-11 李建成 Password authentication method in network application and system
CN103067401A (en) * 2013-01-10 2013-04-24 天地融科技股份有限公司 Method and system for key protection
CN105337938A (en) * 2014-07-28 2016-02-17 阿里巴巴集团控股有限公司 Validity verification method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090031407A1 (en) * 2007-07-24 2009-01-29 Shaobo Kuang Method and system for security check or verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051904A (en) * 2007-05-17 2007-10-10 成都金山互动娱乐科技有限公司 Method for landing by account number cipher for protecting network application sequence
CN102316112A (en) * 2011-09-16 2012-01-11 李建成 Password authentication method in network application and system
CN103067401A (en) * 2013-01-10 2013-04-24 天地融科技股份有限公司 Method and system for key protection
CN105337938A (en) * 2014-07-28 2016-02-17 阿里巴巴集团控股有限公司 Validity verification method and device

Also Published As

Publication number Publication date
CN107317791A (en) 2017-11-03

Similar Documents

Publication Publication Date Title
CN107317791B (en) Login validation method, logging request method and Security Login System
CN104378376B (en) Single-point logging method, certificate server and browser based on SOA
US10027631B2 (en) Securing passwords against dictionary attacks
CN103685282B (en) A kind of identity identifying method based on single-sign-on
CN106330850A (en) Biological characteristic-based security verification method, client and server
CN107864115A (en) A kind of method that user account login authentication is carried out using portable terminal
CN106612180A (en) Method and device for realizing session identifier synchronization
JP2016502377A (en) How to provide safety using safety calculations
RU2670031C2 (en) System and method of identification and / or authentication
WO2016155281A1 (en) Application identifier management method and device
CN110011958A (en) Information ciphering method, device, computer equipment and storage medium
CN109347887A (en) A kind of identity authentication method and device
Bates et al. Forced perspectives: Evaluating an SSL trust enhancement at scale
CN112632593A (en) Data storage method, data processing method, device and storage medium
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
US20220070009A1 (en) Authentication system with reduced attack surface
US11245684B2 (en) User enrollment and authentication across providers having trusted authentication and identity management services
CN110912857B (en) Method and storage medium for sharing login between mobile applications
Rastogi et al. Secured identity management system for preserving data privacy and transmission in cloud computing
Karthiga et al. Enhancing performance of user authentication protocol with resist to password reuse attacks
US20240236066A9 (en) A method for authenticating a user towards a multi-node party
US20240137353A1 (en) A method for authenticating a user towards a multi-node party
CN109818903A (en) Data transmission method, system, device and computer readable storage medium
CN113454968B (en) Method and system for secure transactions
Chhabra et al. Strong authentication system along with virtual private network: A secure cloud solution for cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1238442

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant