CN113922973B - Ciphertext-based login method and equipment - Google Patents
Ciphertext-based login method and equipment Download PDFInfo
- Publication number
- CN113922973B CN113922973B CN202010573194.XA CN202010573194A CN113922973B CN 113922973 B CN113922973 B CN 113922973B CN 202010573194 A CN202010573194 A CN 202010573194A CN 113922973 B CN113922973 B CN 113922973B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- password
- identification information
- decrypted
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application provides a login method and equipment based on ciphertext, wherein the method comprises the following steps: receiving a first ciphertext transmitted by a terminal device, wherein the first ciphertext comprises encrypted identification information and a password; decrypting the first ciphertext to obtain decrypted identification information and a password; decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information; when the second ciphertext is successfully decrypted, consistency comparison is carried out on a prestored plaintext and a decrypted password to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information; and when the comparison results are consistent, determining that the login is successful. The method reduces the risk of information leakage and improves the safety of information and data.
Description
Technical Field
The present disclosure relates to the field of information processing, and in particular, to a ciphertext-based login method and apparatus.
Background
With the development of network technology, encryption and confidentiality of data have become very important. When a user logs in to some systems, the user needs to input a user name and a password, so as to perform data query, data processing and the like.
In the prior art, when logging in, key information logged in by a World Wide Web (Web) can be encrypted by an asymmetric encryption algorithm, and then the key information is decrypted by a back end and then sent to an application program for processing.
In the prior art, most of the existing encryption schemes encrypt the transmitted information and data through some static encryption technologies, the risk of information leakage faced by conventional static encryption is increased dramatically, and after a group of ciphertext is decrypted to obtain a secret key, other ciphertexts of the same system can be decrypted, so that the security is low.
Disclosure of Invention
The login method and the login device based on the ciphertext reduce the risk of information leakage and improve the safety of information and data.
In a first aspect, the present application provides a ciphertext-based login method, including:
receiving a first ciphertext transmitted by a terminal device, wherein the first ciphertext comprises encrypted identification information and a password;
decrypting the first ciphertext to obtain decrypted identification information and a password;
decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information;
when the second ciphertext is successfully decrypted, consistency comparison is carried out on a prestored plaintext and a decrypted password to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information;
and when the comparison results are consistent, determining that the login is successful.
Further, the first ciphertext is a ciphertext encrypted by the terminal equipment according to a public key; before the first ciphertext sent by the receiving terminal device, the method further comprises:
receiving a public key application request sent by the terminal equipment;
creating a key pair according to the public key application request, wherein the key pair comprises the public key and a private key;
and sending the public key to the terminal equipment and storing the private key.
Further, decrypting the first ciphertext to obtain decrypted identification information and a password, including:
and decrypting the first ciphertext by adopting the private key to obtain decrypted identification information and a password.
Further, the method further comprises:
and when the second ciphertext is determined to fail in decryption, determining that the decrypted password is wrong, and sending first prompt information to the terminal equipment, wherein the first prompt information represents that the password in the first ciphertext is wrong.
Further, the method further comprises:
and when the comparison result is inconsistent, determining login failure, and sending second prompt information to the terminal equipment, wherein the second prompt information characterizes the login failure.
In a second aspect, the present application provides a ciphertext-based login method, the method comprising:
obtaining a login request sent by a user, wherein the login request comprises identification information and a password;
encrypting the identification information and the password to obtain a first ciphertext, wherein the first ciphertext comprises the encrypted identification information and the encrypted password;
and sending the first ciphertext to a server to enable the server to decrypt the first ciphertext to obtain decrypted identification information and a password, decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information, so that the server can compare the consistency of the pre-stored plaintext with the decrypted password to obtain a comparison result when determining that the second ciphertext is successfully decrypted, wherein the plaintext is a password plaintext corresponding to the identification information, and determining that login is successful when determining that the comparison result is consistent.
Further, after the login request sent by the user is obtained, the method further comprises:
sending a public key application request to the server so that the server creates a key pair according to the public key application request, wherein the key pair comprises a public key and a private key, and the private key is used for decrypting the first ciphertext by the server;
receiving the public key sent by the server;
encrypting the identification information and the password to obtain a first ciphertext, wherein the method comprises the following steps: and encrypting the identification information and the password by adopting the public key to obtain a first ciphertext.
Further, the method further comprises:
and receiving first prompt information sent by the server, wherein the first prompt information characterizes that the password in the first ciphertext is wrong, and the first prompt information is sent by the server when the second ciphertext is determined to be failed in decryption.
Further, the method further comprises:
and receiving second prompt information sent by the server, wherein the second prompt information characterizes login failure, and the second prompt information is sent by the server when the comparison result is inconsistent.
In a third aspect, the present application provides a ciphertext-based login device, the device comprising:
the system comprises a ciphertext receiving unit, a first encryption unit and a second encryption unit, wherein the ciphertext receiving unit is used for receiving a first ciphertext sent by a terminal device, and the first ciphertext comprises encrypted identification information and a password;
the first decryption unit is used for decrypting the first ciphertext to obtain decrypted identification information and a password;
the second decryption unit is used for decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information;
the comparison unit is used for comparing the consistency of the prestored plaintext with the decrypted password when the second ciphertext is successfully decrypted, so as to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information;
and the determining unit is used for determining that the login is successful when the comparison result is consistent.
Further, the first ciphertext is a ciphertext encrypted by the terminal equipment according to a public key; the apparatus further comprises:
a request receiving unit, configured to receive a public key application request sent by a terminal device before receiving a first ciphertext sent by the terminal device;
a key pair creation unit, configured to create a key pair according to the public key application request, where the key pair includes the public key and a private key;
and the first sending unit is used for sending the public key to the terminal equipment and storing the private key.
Further, the first decryption unit is specifically configured to decrypt the first ciphertext by using the private key, so as to obtain decrypted identification information and a password.
Further, the determining unit is further configured to determine that the decrypted password is incorrect when determining that the second ciphertext fails to be decrypted;
the apparatus further comprises: a second transmitting unit;
the second sending unit is configured to send first prompt information to the terminal device, where the first prompt information characterizes that a password in the first secret is wrong.
Further, the determining unit is further configured to determine that the login fails when the comparison result is determined to be inconsistent;
the apparatus further comprises: a third transmission unit;
the third sending unit is configured to send second prompt information to the terminal device, where the second prompt information characterizes login failure.
In a fourth aspect, the present application provides a ciphertext-based login device, the device comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a login request sent by a user, and the login request comprises identification information and a password;
the encryption unit is used for encrypting the identification information and the password to obtain a first ciphertext, wherein the first ciphertext comprises the encrypted identification information and the encrypted password;
the ciphertext sending unit is used for sending the first ciphertext to the server, so that the server decrypts the first ciphertext to obtain decrypted identification information and a password, decrypts a pre-stored second ciphertext by adopting the decrypted password, and enables the server to compare the consistency of a pre-stored plaintext with the decrypted password to obtain a comparison result when the second ciphertext is successfully decrypted, wherein the plaintext is a password plaintext corresponding to the identification information, and determines that login is successful when the comparison result is consistent.
Further, the apparatus further comprises: a request transmitting unit and a first receiving unit;
the request sending unit is configured to send a public key application request to the server after the obtaining unit obtains a login request sent by a user, so that the server creates a key pair according to the public key application request, where the key pair includes the public key and a private key, and the private key is used for decrypting the first ciphertext by the server;
the first receiving unit is used for receiving the public key sent by the server;
the encryption unit is specifically configured to encrypt the identification information and the password by using the public key to obtain a first ciphertext.
Further, the apparatus further comprises: a second receiving unit;
the second receiving unit is configured to receive a first prompt message sent by the server, where the first prompt message characterizes that a password in the first ciphertext is wrong, and the first prompt message is sent by the server when determining that decryption of the second ciphertext fails.
Further, the apparatus further comprises: a third receiving unit;
the third receiving unit is configured to receive a second prompt message sent by the server, where the second prompt message characterizes login failure, and the second prompt message is sent by the server when the comparison result is determined to be inconsistent.
In a fifth aspect, the present application provides a terminal device, including: a memory and a processor;
the memory is used for storing a computer program;
wherein the processor executes the computer program in the memory to implement the method as in any of the implementations of the first aspect.
In a sixth aspect, the present application provides a server, the server comprising: a memory and a processor;
the memory is used for storing a computer program;
wherein the processor executes the computer program in the memory to implement the method as in any of the implementations of the second aspect.
In a seventh aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, are used in a method as in any implementation of the first and second aspects.
According to the login method and the login device based on the ciphertext, the first ciphertext sent by the terminal device is received, wherein the first ciphertext comprises encrypted identification information and a password, and the first ciphertext is decrypted to obtain the decrypted identification information and the decrypted password; decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information; when the second ciphertext is successfully decrypted, consistency comparison is carried out on a prestored plaintext and a decrypted password to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information; and when the comparison results are consistent, determining that the login is successful. The scheme is that a password input by a user is used as a secret key to decrypt a prestored password ciphertext, if the password is determined to be successfully decrypted, the decrypted password is compared with the password plaintext, and if the decrypted password is consistent with the password plaintext, the server determines that the login is successful; if the decryption fails, determining that the login fails. Further, loss caused by password leakage can be avoided, and the influence surface of the password leakage is ensured not to influence other data.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of a scenario provided in the present application;
fig. 2 is a flowchart of a ciphertext-based login method according to an embodiment of the present application;
fig. 3 is a flow chart of a login method based on ciphertext according to a second embodiment of the present application;
fig. 4 is a flow chart of a login method based on ciphertext according to a third embodiment of the present application;
fig. 5 is a flow chart of a login method based on ciphertext according to a fourth embodiment of the present application;
fig. 6 is a schematic structural diagram of a login device based on ciphertext according to a fifth embodiment of the present application;
fig. 7 is a schematic structural diagram of a login device based on ciphertext according to a sixth embodiment of the present application;
fig. 8 is a schematic structural diagram of a login device based on ciphertext according to a seventh embodiment of the present application;
fig. 9 is a schematic structural diagram of a login device based on ciphertext according to an eighth embodiment of the present application;
fig. 10 is a schematic structural diagram of a terminal device provided in a ninth embodiment of the present application;
fig. 11 is a schematic structural diagram of a server according to a tenth embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The conventional encryption scheme is used for encrypting transmitted information and data through some static encryption technologies, the risk of information leakage faced by conventional static encryption is increased dramatically, and after a group of ciphertext is decrypted to obtain a secret key, other ciphertexts of the same system can be decrypted, so that the security is low.
Based on the above, the application provides a login method and device based on ciphertext, the terminal device and the server are transmitted based on ciphertext, and the server stores the password which is encrypted by the password corresponding to the identification information, so that the risk of information leakage is reduced during login, and the safety of information and data is improved. Fig. 1 is a schematic view of a scenario provided in the present application, including: each terminal device 101 and the server 102 can log in according to the mode provided by the application when each terminal device 101 logs in, so that the data security is improved.
Fig. 2 is a flow chart of a ciphertext-based login method according to an embodiment of the present application, as shown in fig. 2, and the method is applied to a server for explanation, where the method includes:
In this embodiment, the server and the terminal device interact with each other by using ciphertext, so that the security of information and data in the transmission process can be improved. Specifically, the server receives a first ciphertext sent by the terminal device, where the first ciphertext is a ciphertext obtained by encrypting identification information and a password input by a user by the terminal device, where the identification information may be a user name, for example, a user name complete spelling, a mobile phone number, an identity card number, and the like, and the password may be a login password set during registration, or a dynamic code acquired by the terminal device, and the like.
In addition, each first ciphertext received by the server may be obtained by encrypting with different encryption keys, that is, the first ciphertexts respectively sent by different terminal devices to the server may be obtained by encrypting with different encryption keys, so that even if the first ciphertext of one user is cracked by a third party, the decryption processing of the first ciphertexts of other users cannot be completed according to the encryption key corresponding to the user, thereby increasing the cracking difficulty and reducing the risk of information leakage.
And 202, decrypting the first ciphertext to obtain decrypted identification information and a password.
In this embodiment, a decryption key for decrypting the first ciphertext may be stored in the server in advance, so that the first ciphertext is decrypted by the decryption key, thereby obtaining the decrypted identification information and the password.
And 203, decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information.
In this embodiment, when a user is created or registered, the user may set a password corresponding to identification information used for registration according to a password rule provided by a server, where the password rule includes, but is not limited to, one or a combination of several of the following: the number of bits of the password exceeds 8 bits, the password is formed by combining large letters, numbers and special characters, and 2 bits and more than 2 bits of continuous identical characters cannot exist in the password. Based on this, the server may use the password in the registration information submitted by the user as a key, encrypt the password with the key, obtain an encrypted password, that is, obtain an encrypted password corresponding to the identification information in the registration information of the user, and store the encrypted password, for example, may store the encrypted password in a corresponding field of the database.
Specifically, after the server decrypts the first ciphertext to obtain the decrypted identification information and the password, the encrypted password corresponding to the decrypted identification information can be decrypted by using the decrypted password.
And 204, when the second ciphertext is successfully decrypted, comparing the consistency of the prestored plaintext with the decrypted password to obtain a comparison result, wherein the plaintext is the password plaintext corresponding to the identification information.
In this embodiment, when the server successfully decrypts the second ciphertext corresponding to the decrypted identification information by using the decrypted password, the server further compares the prestored plaintext of the password corresponding to the decrypted identification information with the decrypted password to obtain a comparison result.
In this embodiment, if the server determines that the comparison result is consistent, that is, the prestored plaintext is consistent with the password obtained after decryption, the login is determined to be successful.
According to the login method and the login device based on the ciphertext, the first ciphertext sent by the terminal device is received, wherein the first ciphertext comprises encrypted identification information and a password, and the first ciphertext is decrypted to obtain the decrypted identification information and the decrypted password; decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information; when the second ciphertext is successfully decrypted, consistency comparison is carried out on a prestored plaintext and a decrypted password to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information; and when the comparison results are consistent, determining that the login is successful. The scheme is that a password input by a user is used as a secret key to decrypt a prestored password ciphertext, if the password is determined to be successfully decrypted, the decrypted password is compared with the password plaintext, and if the decrypted password is consistent with the password plaintext, the server determines that the login is successful; if the decryption fails, determining that the login fails. Further, loss caused by password leakage can be avoided, and the influence surface of the password leakage is ensured not to influence other data.
Fig. 3 is a flow chart of a login method based on ciphertext according to a second embodiment of the present application, as shown in fig. 3, and the method is applied to a server for explanation, where the method includes:
In this embodiment, the server first receives a public key application request sent by the terminal device, where the public key application request may be sent by the page JS script to the server when the terminal device presents the login page to the user.
In this embodiment, after receiving the public key application request, the server may randomly create a key pair with a length of 1028 bits and above by using the RSA algorithm, where the key pair includes a public key and a private key, where the public key is fed back to the terminal device, and the private key is stored in the server. That is, the server dynamically creates key pairs.
Step 303, sending the public key to the terminal device and storing the private key.
In this embodiment, the server sends the public key to the terminal device, so that the terminal device encrypts the identification information and the password currently input by the user according to the public key to obtain the first ciphertext, where after receiving the public key, the terminal device may store the public key in the JS variable, that is, store the public key in the form of the JS variable, so that disclosure of the public key can be avoided, and further, a problem of security risk caused to the terminal device is avoided. In addition, the server may deposit the private key in its session.
In this embodiment, when receiving the public key sent by the server, the terminal device encrypts the identification information and the password input by the user by using the public key to obtain a first ciphertext, and sends the first ciphertext to the server, so that the server can receive the first ciphertext sent by the terminal device.
And 305, decrypting the first ciphertext by adopting the private key to obtain decrypted identification information and the password.
In this embodiment, after receiving the first ciphertext, the server may decrypt the first ciphertext by using the private key stored in the session, and if decryption is successful, restore the identification information and the password, so as to obtain decrypted identification information and password; if decryption fails, there may be two possibilities:
firstly, a public key in the terminal equipment is tampered, so that a key pair is invalid;
secondly, the first ciphertext is tampered with in the transmission process.
Based on this, the server may prompt the user to retry, change the network environment, or refresh the page, etc. when decryption fails.
And 306, decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information.
In this embodiment, after the server decrypts the encrypted password, the server may decrypt the second ciphertext using the decrypted password as the AES key.
Optionally, the method may further include:
and when the second ciphertext is determined to fail in decryption, determining that the decrypted password is wrong, and sending first prompt information to the terminal equipment, wherein the first prompt information represents that the password in the first ciphertext is wrong.
In this embodiment, when it is determined that the decryption of the second ciphertext fails, it may be indicated that the password currently input by the user on the terminal device is incorrect, so that the server feeds back the error to the terminal device, that is, the server may send the first prompt information to the terminal device.
And 307, when the second ciphertext is successfully decrypted, comparing the consistency of the prestored plaintext with the decrypted password to obtain a comparison result, wherein the plaintext is the password plaintext corresponding to the identification information.
In this embodiment, step 307 can refer to the explanation of step 204 in the first embodiment, and will not be described here.
And 308, when the comparison results are consistent, determining that the login is successful.
In this embodiment, when the server determines that the comparison results are consistent, it determines that the terminal device login is successful, and deletes the private key in session.
Optionally, the method may further include:
and when the comparison result is inconsistent, determining login failure, and sending second prompt information to the terminal equipment, wherein the second prompt information characterizes the login failure.
In this embodiment, when the comparison result is inconsistent, it is determined that the login of the terminal device fails, and at this time, the server may return second prompt information to the terminal device to prompt the user to retry.
Fig. 4 is a flow chart of a method for logging in ciphertext according to a third embodiment of the present application, as shown in fig. 4, where the method is applied to a server, and the method includes:
And step 402, encrypting the identification information and the password to obtain a first ciphertext, wherein the first ciphertext comprises the encrypted identification information and the encrypted password.
In this embodiment, steps 401 to 403 may be explained with reference to the first embodiment, and will not be described herein.
The application provides a high-strength login authentication interaction and database sensitive information storage encryption method for WEB application through an RSA asymmetric encryption algorithm using a dynamic key and an AES symmetric encryption algorithm using a user independent key. The RSA encrypts the data between the terminal equipment and the server by dynamically generating a public/private key pair. The database stores a second ciphertext encrypted by AES by taking the user password as a key, the user can pass authentication after providing the correct password, and the user password is encrypted by the dynamic key RSA in the process of being sent from the terminal equipment to the server, so that the difficulty of cracking the data is greatly increased.
Fig. 5 is a flow chart of a method for logging in ciphertext according to a fourth embodiment of the present application, as shown in fig. 5, where the method is applied to a server, and the method includes:
Step 502, a public key application request is sent to a server, so that the server creates a key pair according to the public key application request, wherein the key pair comprises a public key and a private key, and the private key is used for decrypting a first ciphertext by the server.
Preferably, the method may further comprise:
and receiving first prompt information sent by the server, wherein the first prompt information represents that the password in the first ciphertext is wrong, and the first prompt information is sent by the server when the second ciphertext is determined to be failed in decryption.
Preferably, the method may further comprise:
and receiving second prompt information sent by the server, wherein the second prompt information characterizes login failure, and the second prompt information is sent by the server when the comparison result is inconsistent.
In this embodiment, steps 501 to 505 can be explained with reference to the second embodiment, and are not described herein.
Fig. 6 is a schematic structural diagram of a login device based on ciphertext according to a fifth embodiment of the present application, as shown in fig. 6, including:
a ciphertext receiving unit 601, configured to receive a first ciphertext sent by a terminal device, where the first ciphertext includes encrypted identification information and a password;
a first decryption unit 602, configured to decrypt the first ciphertext to obtain decrypted identification information and a password;
a second decryption unit 603, configured to decrypt a pre-stored second ciphertext using the decrypted password, where the second ciphertext is an encrypted password corresponding to the identification information;
the comparison unit 604 is configured to compare the consistency of the pre-stored plaintext with the decrypted password to obtain a comparison result when the second ciphertext is successfully decrypted, where the plaintext is a password plaintext corresponding to the identification information;
and the determining unit 605 is used for determining that the login is successful when the comparison results are consistent.
The ciphertext-based login device provided by the embodiment is similar to the technical scheme for implementing the ciphertext-based login method provided by any one of the previous embodiments, and the implementation principle and the technical effect are similar and are not repeated.
Fig. 7 is a schematic structural diagram of a login device based on ciphertext provided in a sixth embodiment of the present application, where on the basis of fig. 6, the first ciphertext is a ciphertext encrypted by a terminal device according to a public key; the apparatus further comprises:
a request receiving unit 701, configured to receive a public key application request sent by a terminal device before receiving a first ciphertext sent by the terminal device;
a key pair creation unit 702, configured to create a key pair according to a public key application request, where the key pair includes a public key and a private key;
a first sending unit 703, configured to send the public key to the terminal device, and store the private key.
Further, the first decryption unit 602 is specifically configured to decrypt the first ciphertext by using the private key, to obtain decrypted identification information and a password.
Further, the determining unit 605 is further configured to determine that the decrypted password is incorrect when determining that the decryption of the second ciphertext fails;
the apparatus further comprises: a second transmitting unit 704;
and the second sending unit 704 is configured to send first prompt information to the terminal device, where the first prompt information characterizes that the password in the first secret is wrong.
Further, the determining unit 605 is further configured to determine that the login fails when the comparison result is determined to be inconsistent;
the apparatus further comprises: a third transmission unit 705;
and a third sending unit 705, configured to send a second prompt to the terminal device, where the second prompt characterizes the login failure.
The ciphertext-based login device provided by the embodiment is similar to the technical scheme for implementing the ciphertext-based login method provided by any one of the previous embodiments, and the implementation principle and the technical effect are similar and are not repeated.
Fig. 8 is a schematic structural diagram of a login device based on ciphertext according to a seventh embodiment of the present application, as shown in fig. 7, including:
an obtaining unit 801, configured to obtain a login request sent by a user, where the login request includes identification information and a password;
an encryption unit 802, configured to encrypt the identification information and the password to obtain a first ciphertext, where the first ciphertext includes the encrypted identification information and the encrypted password;
the ciphertext sending unit 803 is configured to send a first ciphertext to the server, so that the server decrypts the first ciphertext to obtain decrypted identification information and a password, decrypts a pre-stored second ciphertext by using the decrypted password, where the second ciphertext is an encrypted password corresponding to the identification information, and when the server determines that the second ciphertext is successfully decrypted, compares the pre-stored plaintext with the decrypted password to obtain a comparison result, where the plaintext is a plaintext of the password corresponding to the identification information, and determines that the login is successful when the comparison result is determined to be consistent.
The ciphertext-based login device provided by the embodiment is similar to the technical scheme for implementing the ciphertext-based login method provided by any one of the previous embodiments, and the implementation principle and the technical effect are similar and are not repeated.
Fig. 9 is a schematic structural diagram of a ciphertext-based login device according to an eighth embodiment of the present application, and on the basis of fig. 8, as shown in fig. 9, the device further includes: a request transmitting unit 901 and a first receiving unit 902;
a request sending unit 901, configured to send a public key application request to a server after the obtaining unit obtains a login request sent by a user, so that the server creates a key pair according to the public key application request, where the key pair includes a public key and a private key, and the private key is used by the server to decrypt the first ciphertext;
a first receiving unit 902, configured to receive a public key sent by a server;
the encryption unit 802 is specifically configured to encrypt the identification information and the password with a public key to obtain a first ciphertext.
Further, the apparatus further comprises: a second receiving unit 903;
the second receiving unit 903 is configured to receive a first hint sent by the server, where the first hint characterizes that a password in the first ciphertext is wrong, and the first hint is sent by the server when determining that decryption of the second ciphertext fails.
Further, the apparatus further comprises: a third receiving unit 904;
and a third receiving unit 904, configured to receive a second prompt sent by the server, where the second prompt characterizes login failure, and the second prompt is sent by the server when the comparison result is determined to be inconsistent.
The ciphertext-based login device provided by the embodiment is similar to the technical scheme for implementing the ciphertext-based login method provided by any one of the previous embodiments, and the implementation principle and the technical effect are similar and are not repeated.
Fig. 10 is a schematic structural diagram of a terminal device provided in a ninth embodiment of the present application, as shown in fig. 10, where the terminal device includes:
a memory 1001 and a processor 1002;
a memory 1001 for storing a computer program;
the processor 1002 executes a computer program in the memory 1001 to implement the methods in the first and second embodiments.
Fig. 11 is a schematic structural diagram of a server according to a tenth embodiment of the present application, as shown in fig. 11, where the server includes:
a memory 1101 for storing a computer program;
the processor 1102 executes a computer program in the memory 1101 to implement the methods of the third and fourth embodiments.
The present application provides a computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, are for performing the method of any of the embodiments.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (14)
1. A ciphertext-based login method, the method comprising:
receiving a first ciphertext transmitted by a terminal device, wherein the first ciphertext comprises encrypted identification information and a password;
decrypting the first ciphertext to obtain decrypted identification information and a password;
decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information;
when the second ciphertext is successfully decrypted, consistency comparison is carried out on a prestored plaintext and a decrypted password to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information;
and when the comparison results are consistent, determining that the login is successful.
2. The method according to claim 1, wherein the first ciphertext is a ciphertext encrypted by the terminal device according to a public key; before the first ciphertext sent by the receiving terminal device, the method further comprises:
receiving a public key application request sent by the terminal equipment;
creating a key pair according to the public key application request, wherein the key pair comprises the public key and a private key;
and sending the public key to the terminal equipment and storing the private key.
3. The method of claim 2, wherein decrypting the first ciphertext to obtain decrypted identification information and a password comprises:
and decrypting the first ciphertext by adopting the private key to obtain decrypted identification information and a password.
4. A method according to any one of claims 1-3, wherein the method further comprises:
and when the second ciphertext is determined to fail in decryption, determining that the decrypted password is wrong, and sending first prompt information to the terminal equipment, wherein the first prompt information represents that the password in the first ciphertext is wrong.
5. A method according to any one of claims 1-3, wherein the method further comprises:
and when the comparison result is inconsistent, determining login failure, and sending second prompt information to the terminal equipment, wherein the second prompt information characterizes the login failure.
6. A ciphertext-based login method, the method comprising:
obtaining a login request sent by a user, wherein the login request comprises identification information and a password;
encrypting the identification information and the password to obtain a first ciphertext, wherein the first ciphertext comprises the encrypted identification information and the encrypted password;
and sending the first ciphertext to a server to enable the server to decrypt the first ciphertext to obtain decrypted identification information and a password, decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information, so that the server can compare the consistency of the pre-stored plaintext with the decrypted password to obtain a comparison result when determining that the second ciphertext is successfully decrypted, wherein the plaintext is a password plaintext corresponding to the identification information, and determining that login is successful when determining that the comparison result is consistent.
7. The method of claim 6, further comprising, after the obtaining the login request from the user:
sending a public key application request to the server so that the server creates a key pair according to the public key application request, wherein the key pair comprises the public key and a private key, and the private key is used for decrypting the first ciphertext by the server;
receiving the public key sent by the server;
encrypting the identification information and the password to obtain a first ciphertext, wherein the method comprises the following steps: and encrypting the identification information and the password by adopting the public key to obtain a first ciphertext.
8. The method according to claim 6 or 7, characterized in that the method further comprises:
and receiving first prompt information sent by the server, wherein the first prompt information characterizes that the password in the first ciphertext is wrong, and the first prompt information is sent by the server when the second ciphertext is determined to be failed in decryption.
9. The method according to claim 6 or 7, characterized in that the method further comprises:
and receiving second prompt information sent by the server, wherein the second prompt information characterizes login failure, and the second prompt information is sent by the server when the comparison result is inconsistent.
10. A ciphertext-based login device, the device comprising:
the system comprises a ciphertext receiving unit, a first encryption unit and a second encryption unit, wherein the ciphertext receiving unit is used for receiving a first ciphertext sent by a terminal device, and the first ciphertext comprises encrypted identification information and a password;
the first decryption unit is used for decrypting the first ciphertext to obtain decrypted identification information and a password;
the second decryption unit is used for decrypting a pre-stored second ciphertext by adopting the decrypted password, wherein the second ciphertext is the encrypted password corresponding to the identification information;
the comparison unit is used for comparing the consistency of the prestored plaintext with the decrypted password when the second ciphertext is successfully decrypted, so as to obtain a comparison result, wherein the plaintext is a password plaintext corresponding to the identification information;
and the login determining unit is used for determining that the login is successful when the comparison result is consistent.
11. A ciphertext-based login device, the device comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a login request sent by a user, and the login request comprises identification information and a password;
the encryption unit is used for encrypting the identification information and the password to obtain a first ciphertext, wherein the first ciphertext comprises the encrypted identification information and the encrypted password;
the sending unit is used for sending the first ciphertext to the server so that the server decrypts the first ciphertext to obtain decrypted identification information and a password, decrypts a pre-stored second ciphertext by adopting the decrypted password, and enables the server to compare the consistency of a pre-stored plaintext with the decrypted password to obtain a comparison result when the second ciphertext is successfully decrypted, wherein the plaintext is a plaintext of the password corresponding to the identification information, and determines that login is successful when the comparison result is consistent.
12. A terminal device, comprising: a memory and a processor;
the memory is used for storing a computer program;
wherein the processor executes the computer program in the memory to implement the method of any of claims 1-5.
13. A server, comprising: a memory and a processor;
the memory is used for storing a computer program;
wherein the processor executes the computer program in the memory to implement the method of any of claims 6-9.
14. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010573194.XA CN113922973B (en) | 2020-06-22 | 2020-06-22 | Ciphertext-based login method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010573194.XA CN113922973B (en) | 2020-06-22 | 2020-06-22 | Ciphertext-based login method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113922973A CN113922973A (en) | 2022-01-11 |
| CN113922973B true CN113922973B (en) | 2023-05-30 |
Family
ID=79231213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010573194.XA Active CN113922973B (en) | 2020-06-22 | 2020-06-22 | Ciphertext-based login method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113922973B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116668196B (en) * | 2023-07-28 | 2024-03-12 | 深圳市科力锐科技有限公司 | Login authentication method, login authentication device, login authentication equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6088799A (en) * | 1997-12-11 | 2000-07-11 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
| CN103701614A (en) * | 2014-01-15 | 2014-04-02 | 网易宝有限公司 | Authentication method and device |
| CN104506320A (en) * | 2014-12-15 | 2015-04-08 | 山东中创软件工程股份有限公司 | Method and system for identity authentication |
| CN104580256A (en) * | 2015-02-02 | 2015-04-29 | 北京嘀嘀无限科技发展有限公司 | Method and device for logging in through user equipment and verifying user's identity |
| GB201621278D0 (en) * | 2015-12-29 | 2017-01-25 | Ibm | Password-authenticated public key encryption and decryption |
| CN107070909A (en) * | 2017-04-01 | 2017-08-18 | 广东欧珀移动通信有限公司 | Method for sending information, message receiving method, apparatus and system |
| CN107920081A (en) * | 2017-12-01 | 2018-04-17 | 华为软件技术有限公司 | Login authentication method and device |
| US10212136B1 (en) * | 2014-07-07 | 2019-02-19 | Microstrategy Incorporated | Workstation log-in |
| CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
| CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
-
2020
- 2020-06-22 CN CN202010573194.XA patent/CN113922973B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6088799A (en) * | 1997-12-11 | 2000-07-11 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
| CN103701614A (en) * | 2014-01-15 | 2014-04-02 | 网易宝有限公司 | Authentication method and device |
| US10212136B1 (en) * | 2014-07-07 | 2019-02-19 | Microstrategy Incorporated | Workstation log-in |
| CN104506320A (en) * | 2014-12-15 | 2015-04-08 | 山东中创软件工程股份有限公司 | Method and system for identity authentication |
| CN104580256A (en) * | 2015-02-02 | 2015-04-29 | 北京嘀嘀无限科技发展有限公司 | Method and device for logging in through user equipment and verifying user's identity |
| GB201621278D0 (en) * | 2015-12-29 | 2017-01-25 | Ibm | Password-authenticated public key encryption and decryption |
| CN107070909A (en) * | 2017-04-01 | 2017-08-18 | 广东欧珀移动通信有限公司 | Method for sending information, message receiving method, apparatus and system |
| CN107920081A (en) * | 2017-12-01 | 2018-04-17 | 华为软件技术有限公司 | Login authentication method and device |
| CN109684790A (en) * | 2018-12-26 | 2019-04-26 | 佛山市瑞德物联科技有限公司 | Software start-up method, soft ware authorization verification method, equipment and storage medium |
| CN109756343A (en) * | 2019-01-31 | 2019-05-14 | 平安科技(深圳)有限公司 | Authentication method, device, computer equipment and the storage medium of digital signature |
Non-Patent Citations (2)
| Title |
|---|
| A New Password Authentication Based On The Dual Model Of Apollonian Network Model.《2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC)》.2020,全文. * |
| 基于混合密码技术的网络安全传输***设计与实现;石宏宇;;信息安全与技术(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113922973A (en) | 2022-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109471844B (en) | File sharing method and device, computer equipment and storage medium | |
| US10659220B2 (en) | Method and system for encrypting and decrypting two-dimensional code mask | |
| JP4881119B2 (en) | User authentication method, user side authentication device, and program | |
| US6959394B1 (en) | Splitting knowledge of a password | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| CN112751821B (en) | Data transmission method, electronic equipment and storage medium | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN110213247B (en) | Method and system for improving safety of pushed information | |
| CN105391734A (en) | Secure login system, secure login method, login server and authentication server | |
| CN110138548B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol | |
| CN112861148B (en) | Data processing method, server, client and encryption machine | |
| CN111327629B (en) | Identity verification method, client and server | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| CN114362946B (en) | Key agreement method and system | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN114143108A (en) | Session encryption method, device, equipment and storage medium | |
| CN110493177B (en) | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number | |
| CN110098925B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number | |
| CN111639357A (en) | Encryption network disk system and authentication method and device thereof | |
| CN113922973B (en) | Ciphertext-based login method and equipment | |
| WO2017202136A1 (en) | One-time-password authentication method and device | |
| CN109412799B (en) | System and method for generating local key | |
| WO2020121459A1 (en) | Authentication system, client, and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |