CN108664778B - User identity authentication method and device and electronic equipment - Google Patents
User identity authentication method and device and electronic equipment Download PDFInfo
- Publication number
- CN108664778B CN108664778B CN201810252515.9A CN201810252515A CN108664778B CN 108664778 B CN108664778 B CN 108664778B CN 201810252515 A CN201810252515 A CN 201810252515A CN 108664778 B CN108664778 B CN 108664778B
- Authority
- CN
- China
- Prior art keywords
- password
- user
- prefix
- certificate
- main body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a user identity authentication method, a user identity authentication device and electronic equipment, wherein the method comprises the following steps: acquiring a user name and a password input by a user; searching whether a main body identifier matched with a user name exists in a pre-configured extensible markup language (XML) node; when the XML node exists, obtaining a certificate in the searched information of the XML node; and authenticating the identity of the user by using the obtained certificate and the password. The method has the advantages that the main body identification and the corresponding certificate are configured in the extensible markup language XML node, so that the main body identification and the certificate can be directly appointed in the XML node, and when the related main body is configured, the XML omits the processes of establishing a database and establishing a dependency relationship in the database, so that the more intuitive configuration of the related information of the main body can be realized; in addition, by configuring the information related to the main body in the XML node, when the XML node is used for identity authentication, only the related information needs to be searched from the node, and the flexibility of user identity authentication is higher.
Description
Technical Field
The invention relates to the technical field of computer science safety, in particular to a user identity authentication method and device and electronic equipment.
Background
In the field of computer science, security has been an important issue, large enough to prevent hacking, and small enough to prevent unauthorized users from accessing protected content. Safety is ubiquitous, and in the prior art, a plurality of modules and plug-ins capable of realizing related safety protection functions exist. In enterprise-level application development, Spring Security in the Spring mvc box is the most well known and commonly used. The skilled person typically accomplishes its function by implementing its associated interface.
The general process of implementing user identity authentication in Spring Security is illustrated in fig. 1, where an authentication manager (authentication manager) is an interface-based pluggable component and a provider manager (ProviderManager) is an implementation of an authentication manager that delegates responsibility for verifying identity to one or more authentication providers (authentication providers). Among them, daoauthenticationprovider is one of the most common authentication providers.
Daoa authentication provider supports simple database-oriented authentication, i.e., retrieval of user information from a relational database using a data access object (Dao). Specifically, daoauthationprovider retrieves user information (userdeails) from the database via the userdeailservice attribute. After the required username and password are obtained, the daoa authentication provider completes the authentication by comparing the username and password retrieved from the database with the principal and credentials that were passed in through the authentication object from the authentication manager. When the user name and the password are matched with the main body and the certificate, the user passes the identity verification and returns to the Authentication manager a filled Authentication object; otherwise, an authentication exception is thrown indicating that authentication failed.
However, the above-mentioned authentication provider daoa authentication provider has a limitation that it searches user information based on a database, that is, it needs to establish a database during configuration, and create a role table in the database to establish a dependency relationship between user information; when the user identity authentication is carried out, data needs to be extracted from the database, the operation process is complex, and the application flexibility is low.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for user identity authentication, and an electronic device, so as to solve the problem of low flexibility of user identity authentication.
The invention provides a user identity authentication method in a first aspect, which comprises the following steps:
acquiring a user name and a password input by a user;
searching whether a main body identifier matched with the user name exists in the pre-configured extensible markup language XML nodes or not, wherein the information of the extensible markup language XML nodes comprises the main body identifier and a certificate corresponding to the main body identifier, and each extensible markup language XML node corresponds to one main body identifier;
when the XML node exists, obtaining a certificate in the searched information of the XML node;
and authenticating the user identity by using the acquired certificate and the password.
The method can directly specify the subject identification and the certificate in the XML node by configuring the subject identification and the corresponding certificate in the XML node, and when configuring the related subject, the XML is relatively simple, so that the processes of establishing a database and establishing a dependency relationship in the database are omitted, and the more intuitive configuration of the related information of the subject can be realized; in addition, by configuring the information related to the main body in the XML node, when the method is used for identity authentication, only the related information needs to be searched from the node, so that the matching speed is high, the efficiency is high, and the flexibility of the user identity authentication is higher.
With reference to the first aspect, in a first implementation manner of the first aspect, the credential in the XML node information includes a first password prefix and a first encryption password, and the first password prefix corresponds to a body identifier corresponding to the credential.
In the invention, the certificate (namely the password set by the user) is stored in the XML node after being encrypted, namely the certificate is not the password set by the user but the first password prefix and the first encrypted password after encrypting the password set by the user, thereby avoiding the possibility that the password set by the user is directly obtained from the outside, ensuring the safe storage of the certificate in the XML node and improving the safety of the user identity authentication; in addition, in the process of encrypting the password set by the user, the reliability of verification is further improved by combining the user name.
With reference to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, authenticating the user identity by using the obtained credential and the password includes:
encrypting the password input by the user by using a preset encryption algorithm to obtain a second password prefix and a second encrypted password;
judging whether the second password prefix is the same as the first password prefix or not;
and when the user identity authentication is not the same, the user identity authentication fails.
In the process of verifying the password input by the user, whether the password input by the user is wrong can be determined only by comparing the second password prefix formed after encryption with the first password prefix in the certificate without carrying out complicated judgment, and the verification method has higher efficiency.
With reference to the second embodiment of the first aspect, in a third embodiment of the first aspect, the method further includes the following steps:
when the second password prefix is the same as the first password prefix, judging whether the second encryption password is the same as the first encryption password;
and when the identity is the same, the user identity authentication is passed.
In the invention, under the condition of matching the password prefixes, whether the encrypted passwords are matched needs to be judged, so that the safety of password verification is ensured. Specifically, when the user modifies the password, the password prefixes are the same, but the encrypted passwords are different, and if only the password prefixes are compared, user authentication errors can be caused, so that an unauthorized user can acquire protected content, and the reliability of user authentication is further improved.
With reference to the first aspect, in a fourth implementation manner of the first aspect, the information of the XML node further includes authority information; and when the authentication is passed, releasing the corresponding authority to the user according to the authority information.
With reference to the second embodiment of the first aspect, in a fifth embodiment of the first aspect, the method further includes:
receiving a request of a user for modifying the password and the modified password;
encrypting the modified password by using the preset encryption algorithm to obtain a third password prefix and an encrypted password, wherein the third password prefix is the same as the first password prefix;
and updating the certificate in the information of the extensible markup language XML node, wherein the encryption password is the updated first encryption password.
In the invention, after the user modifies the password, the encryption password in the information of the XML node is updated in time, the certificate stored in the information of the XML node is ensured to be the same as the certificate after the user modifies, the error caused by the time delay between modification and actual storage is avoided, and the reliability of user identity authentication is improved.
According to a second aspect, the present invention further provides a user identity authentication apparatus, including:
the first acquisition module is used for acquiring a user name and a password input by a user;
the searching module is used for searching whether a main body identifier matched with the user name exists in the pre-configured extensible markup language XML nodes or not, wherein the information of the extensible markup language XML nodes comprises the main body identifier and a certificate corresponding to the main body identifier, and each extensible markup language XML node corresponds to one main body identifier;
the second acquisition module is used for acquiring the found certificate in the information of the XML node when the main body identifier matched with the user name exists;
and the authentication module is used for authenticating the user identity by using the obtained certificate and the password.
The method can directly specify the subject identification and the certificate in the XML node by configuring the subject identification and the corresponding certificate in the XML node, and when configuring the related subject, the XML is relatively simple, so that the processes of establishing a database and establishing a dependency relationship in the database are omitted, and the more intuitive configuration of the related information of the subject can be realized; in addition, by configuring the information related to the main body in the XML node, when the method is used for identity authentication, only the related information needs to be searched from the node, so that the matching speed is high, the efficiency is high, and the flexibility of the user identity authentication is higher.
With reference to the second aspect, in a first implementation manner of the second aspect, the credential in the XML node information includes a first password prefix and a first encryption password, and the first password prefix corresponds to the body identifier corresponding to the credential.
According to a third aspect, the invention also provides an electronic device comprising: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing therein computer instructions, and the processor executing the computer instructions to perform the user identity authentication method according to the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, the present invention further provides a computer-readable storage medium storing computer instructions for causing a computer to execute the method for authenticating a user identity according to the first aspect or any one of the embodiments of the first aspect.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and not to be construed as limiting the invention in any way, and in which:
FIG. 1 is a block diagram of a system for implementing user identity authentication in the prior art;
fig. 2 shows a specific schematic method flowchart of a user identity authentication method in embodiment 1 of the present invention;
fig. 3 shows a specific schematic method flowchart of a user identity authentication method in embodiment 2 of the present invention;
fig. 4 shows a specific schematic method flowchart of a user identity authentication method in embodiment 3 of the present invention;
FIG. 5 shows a system block diagram of a specific schematic method for authenticating a user identity according to embodiment 4 of the present invention;
fig. 6 is a schematic structural diagram showing a specific schematic structure of a user identity authentication apparatus according to embodiment 5 of the present invention;
fig. 7 is a schematic structural diagram showing another specific schematic of the user authentication apparatus according to embodiment 5 of the present invention;
fig. 8 is a schematic structural diagram showing a specific example of an electronic device in embodiment 6 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The present embodiment provides a user identity authentication method, which can be used in a user identity authentication device, as shown in fig. 2, the method includes the following steps:
and S11, acquiring the user name and the password input by the user.
The user needs to enter a username and password before obtaining the protected content. And the user identity authentication device acquires the user name and the password for the subsequent authentication of the user identity.
S12, searching whether a main body mark matched with the user name exists in the pre-configured extensible markup language XML node, wherein the information of the extensible markup language XML node comprises the main body mark and a corresponding certificate, and each extensible markup language XML node corresponds to one main body mark.
The XML node is configured to store user identity-related information, that is, information of one node corresponds to all identity information of the same user. The information of the node comprises a subject identifier and a corresponding certificate, specifically, the subject identifier is matched with a user name, and the certificate is matched with a password preset by the user.
Optionally, the credential may be directly the same as a password preset by the user, may be formed by encrypting the password preset by the user once or multiple times in the user identity authentication device, or may be formed by performing other processing on the password preset by the user.
Furthermore, when a new user is needed, the dynamic configuration can be realized only by modifying XML and adding the node.
When the user name and the password input by the user are verified, the user identity authentication device searches whether a main body certificate matched with the user name exists in the XML, namely, the user identity is verified by whether the user name is matched or not.
When the extensible markup language XML node has a subject identifier matching the user name, executing step S13; otherwise, the user authentication fails.
And S13, when the XML node exists, obtaining the certificate in the searched information of the XML node.
When the user identity authentication device finds a main body identifier matched with a user name input by a user in an XML node, the user identity authentication device indicates that identity information corresponding to the user name exists in the XML at the moment; then, the password input by the user needs to be authenticated. Specifically, the user identity authentication apparatus obtains a credential corresponding to the principal identifier from the XML node.
And S14, authenticating the user identity by using the acquired certificate and the password.
The user identity authentication device carries out the same operation on the password input by the user according to the processing method for forming the certificate by the password preset by the user, so that the certificate and the processed password have the same comparison condition, and then the user identity authentication is carried out.
The method can directly specify the subject mark and the certificate in the XML node by configuring the subject mark and the certificate corresponding to the subject mark in the XML node, and when configuring the related subject, the XML is relatively simple, so that the processes of establishing a database and establishing a dependency relationship in the database are omitted, and the more intuitive configuration of the related information of the subject can be realized; in addition, by configuring the information related to the main body in the XML node, when the method is used for identity authentication, only the related information needs to be searched from the node, so that the matching speed is high, the efficiency is high, and the flexibility of the user identity authentication is higher.
Example 2
The present embodiment provides a user identity authentication method, which can be used in a user identity authentication device, as shown in fig. 3, the method includes the following steps:
and S21, acquiring the user name and the password input by the user.
Similar to step S11 in embodiment 1, the description is omitted here.
S22, searching whether a main body mark matched with the user name exists in the pre-configured extensible markup language XML node, wherein the information of the extensible markup language XML node comprises the main body mark and a corresponding certificate, and each extensible markup language XML node corresponds to one main body mark.
The credentials in the extensible markup language XML node information include a first cryptographic prefix and a first encrypted password. Specifically, the user identification device encrypts a preset password of the user by using a preset encryption algorithm, and combines a user name in an encryption process to form a first password prefix and a first encrypted password. The first password prefix corresponds to the principal identifier corresponding to the credential, that is, when the principal identifiers are the same, the first password prefix formed by encrypting the preset password of the user is the same.
For example, the password preset by the user is abc, and the encrypted credential is 0000+ sffwfwfwwf, where 0000 is the first password prefix and sffwfwwf is the first encryption password.
In addition, the preset encryption algorithm may be an encryption function, may be a random number, or in other forms, and only the preset password needs to be encrypted.
And S23, when the XML node exists, obtaining the certificate in the searched information of the XML node.
Similar to step S13 in embodiment 1, the description is omitted here.
And S24, authenticating the user identity by using the acquired certificate and the password.
The certificate comprises a first password prefix and a first encryption password, so that when the password input by the user is authenticated, the password also needs to be encrypted in the same way to form the password prefix and the encryption password corresponding to the password input by the user. Specifically, the method comprises the following steps:
and S241, encrypting the password input by the user by using a preset encryption algorithm to obtain a second password prefix and a second encrypted password.
The user identity authentication device encrypts the password input by the user according to the same encryption method of the preset password to obtain a second password prefix and a second encrypted password.
S242, determine whether the second cryptographic prefix is the same as the first cryptographic prefix.
The user identity authentication device firstly compares whether the first password prefix and the second password prefix are the same or not to judge whether the user identity authentication fails or not.
If the second cryptographic prefix is the same as the first cryptographic prefix, performing step S244; otherwise, step S243 is performed.
S243, the user authentication fails.
When the second password prefix is different from the first password prefix, the user identity authentication failure at the moment can be directly judged, and the authentication of the encrypted password is not required.
S244, determines whether the second encryption password is the same as the first encryption password.
When the two encryption passwords are the same, the user identity authentication device needs to judge whether the second encryption password is the same as the first encryption password, so that the reliability of user identity authentication is ensured.
And S245, passing the user identity authentication.
When the second encryption password is the same as the first encryption password, the user identity authentication is passed, and the user can obtain the corresponding protected content.
Optionally, the information of the XML node further includes authority information corresponding to the body identifier, and the authority corresponding to each body identifier may be the same or different. Therefore, the protected contents in the authority of the user can be only obtained by distinguishing the authority information, and the safety of the protected contents is further improved.
As an alternative implementation manner of this embodiment, step S244 may be omitted, that is, when the second password prefix is the same as the first password prefix, the user identity authentication may be considered to pass at this time.
The certificate stored in the XML node information (namely corresponding to the password set by the user) is stored in the XML node after being encrypted, namely the certificate is not the password set by the user but the first password prefix and the first encrypted password after the password set by the user is encrypted, so that the possibility that the password set by the user is directly acquired from the outside is avoided, the safe storage of the certificate in the XML node can be ensured, and the safety of user identity authentication is improved; in addition, in the process of encrypting the password set by the user, the reliability of verification is further improved by combining the user name.
In addition, in the process of verifying the password input by the user, the password input by the user is firstly encrypted by using a preset encryption algorithm to form a second password prefix, and whether the password input by the user is wrong can be determined only by comparing the second password prefix with the first password prefix in the certificate without carrying out complicated judgment.
Details of steps not described in detail in this embodiment are please refer to embodiment 1, which are not described herein again.
Example 3
The present embodiment provides a user identity authentication method, which can be used in a user identity authentication device, as shown in fig. 4, the method includes the following steps:
and S31, acquiring the user name and the password input by the user.
Similar to step S21 in embodiment 2, the description is omitted here.
S32, searching whether a main body mark matched with the user name exists in the pre-configured extensible markup language XML node, wherein the information of the extensible markup language XML node comprises the main body mark and a corresponding certificate, and each extensible markup language XML node corresponds to one main body mark.
Similar to step S22 in embodiment 2, the description is omitted here.
And S33, receiving a request of the user for modifying the password and the modified password.
The user can modify the password according to actual needs, and the user identity authentication device receives a request of the user for modifying the password and receives the password modified by the user.
And S34, encrypting the modified password by using a preset encryption algorithm to obtain a third password prefix and an encrypted password, wherein the third password prefix is the same as the first password prefix.
And the user identity authentication device encrypts the modified password by using the same preset encryption algorithm to obtain a third password prefix and an encrypted password corresponding to the modified password. Because the user name needs to be combined in the encryption process, the third password prefix obtained after encryption is the same as the first password prefix.
And S35, updating the certificate in the information of the XML node, wherein the encryption password is the updated first encryption password.
After the user identity authentication device encrypts the password modified by the user to obtain the third password prefix and the encrypted password, the credential in the information of the extensible markup language XML node needs to be updated in time. Specifically, the first encryption password is replaced by the encryption password, and the first encryption password is marked as expired.
For example, the username is 123, the password before modification is abc, and the credential stored in the XML node is 0000+ sffwfwwf; the same user, modified password is bcd and the credential stored in the XML node is 0000+ 122222212.
And S36, obtaining the voucher in the information of the searched XML node.
Similar to step S23 in embodiment 2, the description is omitted here.
And S37, authenticating the user identity by using the acquired certificate and the password.
Similar to step S24 in embodiment 2, the description is omitted here.
In the invention, after the user modifies the password, the encryption password in the information of the XML node is updated in time, the certificate stored in the information of the XML node is ensured to be the same as the certificate after the user modifies, and the error caused by the time delay between modification and actual storage is avoided, namely, the password before the user modifies can not be authenticated, thereby further improving the reliability of user identity authentication.
It should be noted that, in the present embodiment, the steps S33 to S35 are not limited to be after step S32, and it is only necessary to ensure that the steps S33 to S35 are before step S36.
Details of the steps not described in detail in this embodiment are please refer to embodiment 2, which are not described herein again.
Example 5
The embodiment provides a specific application example of a user identity authentication method, a system block diagram implemented by the method is shown in fig. 5,
1. first, for the authentication manager, Spring delegates the authentication process to the authentication provider interface for implementation. In the prior art, one of the default implementations of the interface, DaoAuthenticationProvider, has limitations in that the implementation method of the userbyusername object for obtaining the user detailed information has only one parameter (username) available for implementation, and the page password parameter cannot be transmitted in one time. The invention is mainly realized by rewriting in the XML, and the user password related information is obtained by utilizing the dynamically configurable XML to realize the authentication.
2. Referring to fig. 5, the xmlAuthenticationProvider obtains the related data in the XML by implementing the Abstract UserDetailsAuthentificationProvider and implementing the retrieveUser method through the username and password.
3. The obtained XML data contains the basic information, the authentication information and the authority information of the user, and the implementation process is as follows:
1) the user inputs the user name and password
2) And the SpringSecurity acquires the input information of the user, compares the user name with the information in the XML, acquires all authority information if the user information exists, and then verifies whether the password of the user is matched with the password prefix. The XML stores a user password prefix, when the password prefix of the user is matched with the XML configuration, the authentication is passed, otherwise, the authentication is failed.
3) User password changes do not affect the password prefix.
4) Therefore, the user does not need to create a role table in a database, add a record, and directly specify in XML.
Example 5
The present embodiment provides a user identity authentication apparatus, which can be used to execute the user identity authentication method described in any one of embodiments 1 to 3, as shown in fig. 6, the apparatus includes:
a first obtaining module 41, configured to obtain a user name and a password input by a user.
The searching module 42 is configured to search whether a body identifier matching the user name exists in a preconfigured XML node, where information of the XML node includes the body identifier and a credential corresponding to the body identifier, and each XML node corresponds to one body identifier.
And a second obtaining module 43, configured to obtain, when there is a body identifier matching the user name, a credential in the information of the found XML node.
And the authentication module 44 is used for authenticating the identity of the user by using the obtained certificate and the obtained password.
In the embodiment, the body identifier and the corresponding certificate are configured in the extensible markup language XML node, so that the body identifier and the certificate can be directly specified in the XML node, and when the related body is configured, the XML is relatively simple, the process of establishing a database and establishing a dependency relationship in the database is omitted, and the more intuitive configuration of the related information of the body can be realized; in addition, by configuring the information related to the main body in the XML node, when the method is used for identity authentication, only the related information needs to be searched from the node, so that the matching speed is high, the efficiency is high, and the flexibility of the user identity authentication is higher.
As an optional implementation manner of this embodiment, as shown in fig. 7, the authentication module 44 further includes:
the first encryption unit 441 is configured to encrypt the password input by the user by using a preset encryption algorithm, so as to obtain a second password prefix and a second encrypted password.
The first determining unit 442 is configured to determine whether the second cryptographic prefix is the same as the first cryptographic prefix.
The first authentication unit 443 is used for failing to authenticate the user identity.
Optionally, the authentication module 44 further includes:
the second determining unit 444 is configured to determine whether the second encryption password is the same as the first encryption password.
And a second authentication unit 445, configured to fail the user identity authentication.
As another optional implementation manner of this embodiment, as shown in fig. 7, the user identity authentication apparatus further includes:
and a receiving module 45, configured to receive a request of a user to modify a password and the modified password.
And a second encryption module 46, configured to encrypt the modified password by using a preset encryption algorithm to obtain a third password prefix and an encrypted password, where the third password prefix is the same as the first password prefix.
And the updating module 47 is configured to update the credential in the information of the XML node, where the encryption password is the updated first encryption password.
Example 6
An embodiment of the present invention further provides an electronic device, as shown in fig. 8, the electronic device may include a processor 51 and a memory 52, where the processor 51 and the memory 52 may be connected by a bus or in another manner, and fig. 8 takes the connection by the bus as an example.
The processor 51 may be a Central Processing Unit (CPU). The Processor 51 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 52, which is a non-transitory computer readable storage medium, can be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the user identity authentication method in the embodiment of the present invention (for example, the first obtaining module 41, the searching module 42, the second obtaining module 43, and the authentication module 44 shown in fig. 6). The processor 51 executes various functional applications and data processing of the processor by executing non-transitory software programs, instructions and modules stored in the memory 52, that is, implements the user identity authentication method in the above method embodiment.
The memory 52 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 51, and the like. Further, the memory 52 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 52 may optionally include memory located remotely from the processor 51, and these remote memories may be connected to the processor 51 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 52 and when executed by the processor 51 perform the user identity authentication method in the embodiment shown in fig. 2-4.
The details of the electronic device may be understood by referring to the corresponding descriptions and effects in the embodiments shown in fig. 2 to fig. 4, which are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (7)
1. A user identity authentication method is characterized by comprising the following steps:
acquiring a user name and a password input by a user;
searching whether a main body identifier matched with the user name exists in a pre-configured extensible markup language XML node or not, wherein the information of the extensible markup language XML node comprises the main body identifier and a certificate corresponding to the main body identifier, and each extensible markup language XML node corresponds to one main body identifier; the certificate in the extensible markup language XML node information comprises a first password prefix and a first encryption password, and the first password prefix corresponds to the main body identification corresponding to the certificate; the first password prefix and the first encryption password are obtained by encrypting a password preset by a user by using a preset encryption algorithm and combining the user name in the encryption process;
when the XML node exists, obtaining a certificate in the searched information of the XML node;
authenticating the user identity by using the obtained certificate and the password;
wherein the authenticating the user identity by using the obtained credential and the password comprises:
encrypting the password input by the user by using a preset encryption algorithm and combining the user name input by the user in the encryption process to obtain a second password prefix and a second encrypted password;
judging whether the second password prefix is the same as the first password prefix or not;
and when the user identity authentication is not the same, the user identity authentication fails.
2. The method for authenticating user identity according to claim 1, further comprising the steps of:
when the second password prefix is the same as the first password prefix, judging whether the second encryption password is the same as the first encryption password;
and when the identity is the same, the user identity authentication is passed.
3. The user identity authentication method according to claim 1, wherein the information of the XML node further includes authority information; and when the authentication is passed, releasing the corresponding authority to the user according to the authority information.
4. The method for authenticating user identity according to claim 1, further comprising:
receiving a request of a user for modifying the password and the modified password;
encrypting the modified password by using the preset encryption algorithm to obtain a third password prefix and an encrypted password, wherein the third password prefix is the same as the first password prefix;
and updating the certificate in the information of the extensible markup language XML node, wherein the encryption password is the updated first encryption password.
5. A user authentication apparatus, comprising:
the first acquisition module is used for acquiring a user name and a password input by a user;
the searching module is used for searching whether a main body identifier matched with the user name exists in a pre-configured extensible markup language XML node or not, wherein the information of the extensible markup language XML node comprises the main body identifier and a certificate corresponding to the main body identifier, and each extensible markup language XML node corresponds to one main body identifier; the certificate in the extensible markup language XML node information comprises a first password prefix and a first encryption password, and the first password prefix corresponds to the main body identification corresponding to the certificate; the first password prefix and the first encryption password are obtained by encrypting a password preset by a user by using a preset encryption algorithm and combining the user name in the encryption process;
the second acquisition module is used for acquiring the found certificate in the information of the XML node when the main body identifier matched with the user name exists;
the authentication module is used for authenticating the user identity by using the obtained certificate and the password;
wherein the authenticating the user identity by using the obtained credential and the password comprises: encrypting the password input by the user by using a preset encryption algorithm and combining the user name input by the user in the encryption process to obtain a second password prefix and a second encrypted password;
judging whether the second password prefix is the same as the first password prefix or not;
and when the user identity authentication is not the same, the user identity authentication fails.
6. An electronic device, comprising: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing therein computer instructions, and the processor executing the computer instructions to perform the user identity authentication method according to any one of claims 1 to 4.
7. A computer-readable storage medium storing computer instructions for causing a computer to perform the method of authenticating a user according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810252515.9A CN108664778B (en) | 2018-03-26 | 2018-03-26 | User identity authentication method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810252515.9A CN108664778B (en) | 2018-03-26 | 2018-03-26 | User identity authentication method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108664778A CN108664778A (en) | 2018-10-16 |
| CN108664778B true CN108664778B (en) | 2021-03-30 |
Family
ID=63782507
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810252515.9A Active CN108664778B (en) | 2018-03-26 | 2018-03-26 | User identity authentication method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108664778B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108664778B (en) * | 2018-03-26 | 2021-03-30 | 苏州科达科技股份有限公司 | User identity authentication method and device and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101656608A (en) * | 2008-08-21 | 2010-02-24 | 北京亿企通信息技术有限公司 | Method and system for single login of Web end of instant messaging device |
| CN102404349A (en) * | 2011-12-31 | 2012-04-04 | 山东中创软件工程股份有限公司 | Single sign-on method |
| CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
| CN104506542A (en) * | 2014-12-29 | 2015-04-08 | 深圳中兴网信科技有限公司 | Security certification method and security certification system |
| CN106790308A (en) * | 2017-03-28 | 2017-05-31 | 北京中电普华信息技术有限公司 | A kind of user authen method, apparatus and system |
| CN108664778A (en) * | 2018-03-26 | 2018-10-16 | 苏州科达科技股份有限公司 | Method for authenticating user identity, device and electronic equipment |
-
2018
- 2018-03-26 CN CN201810252515.9A patent/CN108664778B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101656608A (en) * | 2008-08-21 | 2010-02-24 | 北京亿企通信息技术有限公司 | Method and system for single login of Web end of instant messaging device |
| CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
| CN102404349A (en) * | 2011-12-31 | 2012-04-04 | 山东中创软件工程股份有限公司 | Single sign-on method |
| CN104506542A (en) * | 2014-12-29 | 2015-04-08 | 深圳中兴网信科技有限公司 | Security certification method and security certification system |
| CN106790308A (en) * | 2017-03-28 | 2017-05-31 | 北京中电普华信息技术有限公司 | A kind of user authen method, apparatus and system |
| CN108664778A (en) * | 2018-03-26 | 2018-10-16 | 苏州科达科技股份有限公司 | Method for authenticating user identity, device and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 《基于Liferay Portal技术的校园信息门户研究与实现》;戴勇;《中国优秀硕士学位论文全文数据库》;20100501;第41-48页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108664778A (en) | 2018-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102168502B1 (en) | Applying circuit delay-based physically unclonable functions (pufs) for masking operation of memory-based pufs to resist invasive and clone attacks | |
| US9923888B2 (en) | Single sign-on method for appliance secure shell | |
| US10135824B2 (en) | Method and system for determining whether a terminal logging into a website is a mobile terminal | |
| US9369458B2 (en) | Web-centric authentication protocol | |
| US8977857B1 (en) | System and method for granting access to protected information on a remote server | |
| JP6967449B2 (en) | Methods for security checks, devices, terminals and servers | |
| Ferry et al. | Security evaluation of the OAuth 2.0 framework | |
| KR102387865B1 (en) | Password generating device and password verification device | |
| US9619631B1 (en) | Role-based permissions for accessing computing resources | |
| CN106899563B (en) | Authentication method and device, authentication code generation method and device and authentication system | |
| CN109286620B (en) | User right management method, system, device and computer readable storage medium | |
| CN111031037A (en) | Authentication method and device for object storage service and electronic equipment | |
| US11681513B2 (en) | Controlled scope of authentication key for software update | |
| US10162950B2 (en) | Methods and apparatus for using credentials to access computing resources | |
| CN111988262B (en) | Authentication method, authentication device, server and storage medium | |
| CN113591121A (en) | Resource access authority configuration method, device, equipment and storage medium | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| US9948727B2 (en) | Securely transferring session information | |
| CN108664778B (en) | User identity authentication method and device and electronic equipment | |
| US9967248B1 (en) | System for authenticating and processing service requests | |
| CN111355583B (en) | Service providing system, method, device, electronic equipment and storage medium | |
| US11720660B2 (en) | Temporary partial authentication value provisioning for offline authentication | |
| US10423776B1 (en) | Systems and methods for password-based authentication | |
| US10440000B2 (en) | Secure data provisioning | |
| CN116662938B (en) | Authorization method, application running method and device based on container cluster management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |