CN114844694A - Information processing method, device, equipment and storage medium - Google Patents

Information processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114844694A
CN114844694A CN202210455826.1A CN202210455826A CN114844694A CN 114844694 A CN114844694 A CN 114844694A CN 202210455826 A CN202210455826 A CN 202210455826A CN 114844694 A CN114844694 A CN 114844694A
Authority
CN
China
Prior art keywords
information
authentication
ciphertext
login
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210455826.1A
Other languages
Chinese (zh)
Other versions
CN114844694B (en
Inventor
李模楷
章文辉
管国亮
任若文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210455826.1A priority Critical patent/CN114844694B/en
Publication of CN114844694A publication Critical patent/CN114844694A/en
Application granted granted Critical
Publication of CN114844694B publication Critical patent/CN114844694B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure provides an information processing method, which can be applied to the field of finance or the technical field of computers. The method comprises the following steps: responding to the login request, and acquiring first account information and first password information carried in the login request; encrypting the first account information and the first password information to obtain a first authentication information ciphertext; determining first login credential information from a preset directory based on the first account information; encrypting the first login credential information to obtain a second authentication information ciphertext; and sending the first authentication information ciphertext and the second authentication information ciphertext to the server-side device, wherein the server-side device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext. In addition, the present disclosure also provides an information processing apparatus, a device, and a storage medium.

Description

Information processing method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of finance or computer technology, and more particularly, to an information processing method, apparatus, device, storage medium, and program product.
Background
With the rapid development of the internet, various applications are closely related to human life. The user identity authentication is an important link in the application program using process, and the implementation technology is continuously updated and iterated, and meanwhile, potential safety problems are more and more emphasized, so that the improvement of the safety of the user identity authentication is more important. However, in the course of implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: in order to ensure the information security of the user in the login operation process, a third-party medium is generally needed when the user is authenticated, so that the cost is increased, and the implementation is complex.
Disclosure of Invention
In view of the above, the present disclosure provides an information processing method, apparatus, device, and storage medium.
One aspect of the present disclosure provides an information processing method, including: responding to a login request, and acquiring first account information and first password information carried in the login request; encrypting the first account information and the first password information to obtain a first authentication information ciphertext; determining first login credential information from a preset directory based on the first account information; encrypting the first login credential information to obtain a second authentication information ciphertext; and sending the first authentication information ciphertext and the second authentication information ciphertext to a server device, wherein the server device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
According to an embodiment of the present disclosure, the determining the first login credential information from the preset directory based on the first account information includes: acquiring a machine identification code; determining target authentication identification information associated with the first account information from a plurality of authentication identification information under the preset directory; and splicing the target authentication identification information and the machine identification code to obtain the first login credential information.
According to an embodiment of the present disclosure, further comprising: responding to a registration request, and generating a timestamp based on response time information of the registration request; generating the authentication identification information based on the timestamp; and storing the authentication identification information into the preset directory.
According to an embodiment of the present disclosure, the generating the authentication identification information based on the timestamp includes: generating a random number by adopting a preset random number generation strategy; splicing the timestamp and the random number to obtain identification information; and encrypting the identification information to obtain the authentication identification information.
According to the embodiment of the disclosure, the registration request carries second account information and second password information; the method further comprises the following steps: splicing the authentication identification information and the machine identification code to obtain second login credential information; encrypting the second account information, the second password information and the second login credential information to obtain a third authentication information ciphertext; and sending the third authentication information ciphertext to the server device, wherein the server device decrypts the third authentication information ciphertext to obtain the second account information, the second password information, and the second login credential information, and stores the second account information, the second password information, and the second login credential information in a database by using the second account information as a main key.
According to an embodiment of the present disclosure, the generating, by the server device, a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext includes: the server device decrypts the first authentication information ciphertext and the second authentication information ciphertext respectively to obtain the first account information, the first password information and the first login credential information; acquiring target password information and target login credential information associated with the first account information from a database; matching the first password information with the target password information to obtain a first matching result; matching the first login credential information with the target login credential information to obtain a second matching result; and generating the login authentication result based on the first matching result and the second matching result.
Another aspect of the present disclosure also provides an information processing apparatus including: the acquisition module is used for responding to a login request and acquiring first account information and first password information carried in the login request; the first encryption module is used for encrypting the first account information and the first password information to obtain a first authentication information ciphertext; the determining module is used for determining first login credential information from a preset directory based on the first account information; the second encryption module is used for encrypting the first login credential information to obtain a second authentication information ciphertext; and a first sending module, configured to send the first authentication information ciphertext and the second authentication information ciphertext to a server device, where the server device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
Another aspect of the present disclosure also provides an electronic device including: one or more processors; a memory to store one or more instructions; wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to perform the information processing method.
Another aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described information processing method.
Another aspect of the present disclosure also provides a computer program product comprising computer-executable instructions for performing the above-mentioned information processing method when executed.
According to the embodiment of the disclosure, the server-side equipment authenticates the first authentication information and the second authentication information, so that double authentication of a user in a login process is realized, and the safety of the user in the login process is guaranteed; the method comprises the steps of responding to a login request, obtaining a first authentication information ciphertext and a second authentication information ciphertext, and sending the first information ciphertext and the second information ciphertext to a server to obtain an authentication result generated by the server according to the ciphertext information.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which the information processing method and apparatus may be applied, according to an embodiment of the present disclosure;
FIG. 2 schematically shows a flow chart of an information processing method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a process flow diagram for first login credential information in accordance with an embodiment of the present disclosure;
fig. 4 schematically shows a block diagram of an information processing apparatus according to an embodiment of the present disclosure;
fig. 5 schematically shows a block diagram of an electronic device adapted to implement an information processing method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the information processing method, apparatus, device, storage medium, and program product of the present disclosure may be used in the financial field or the computer technology field, or may be used in any field other than the financial field or the computer field, and the application fields of the information processing method, apparatus, device, storage medium, and program product are not limited by the present disclosure.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated. In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable control apparatus to produce a machine, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
With the rapid development of the internet, various applications are closely related to human life. User identity authentication is an important link in the application program using process, potential safety problems are more and more emphasized while the implementation technology is continuously updated and iterated, in order to reduce safety risks, a two-factor authentication technology can be selected for authenticating the user identity, and generally the two-factor authentication can be realized by combining one authentication mode of user static password authentication and mobile phone short message authentication, mailbox authentication, mobile phone token authentication, terminal equipment authentication and the like. However, in the related art, authentication of terminal devices generally requires the use of a third-party medium, such as a U shield, a fingerprint identification sensor, a face recognition sensor, and the like, and the implementation cost is high and the implementation is complex.
In view of this, embodiments of the present disclosure provide an information processing method, apparatus, device, storage medium, and computer program product. The information processing method comprises the steps of responding to a login request, and obtaining first account information and first password information carried in the login request; encrypting the first account information and the first password information to obtain a first authentication information ciphertext; determining first login credential information from a preset directory based on the first account information; encrypting the first login credential information to obtain a second authentication information ciphertext; and sending the first authentication information ciphertext and the second authentication information ciphertext to the server-side device, wherein the server-side device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
Fig. 1 schematically shows an exemplary system architecture to which the information processing method and apparatus may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired and/or wireless communication links, and so forth.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send login requests or registration requests or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, and/or social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having display screens and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The backend management server may analyze and perform other processing on the received data such as the login request or the registration request, and feed back a processing result (e.g., a web page, information, or data obtained or generated according to a user request) to the terminal device.
It should be noted that the information processing method provided by the embodiment of the present disclosure may be generally executed by the terminal device 101, 102, or 103. Accordingly, the information processing apparatus provided by the embodiment of the present disclosure may be generally provided in the terminal device 101, 102, or 103. The information processing method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster capable of communicating with the terminal devices 101, 102, 103. Accordingly, the information processing apparatus provided in the embodiments of the present disclosure may also be provided in a server or a server cluster capable of communicating with the terminal devices 101, 102, 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for an implementation.
Fig. 2 schematically shows a flow chart of an information processing method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S204.
In operation S201, in response to the login request, first account information and first password information carried in the login request are acquired.
In operation S202, the first account information and the first password information are encrypted to obtain a first authentication information ciphertext.
In operation S203, first login credential information is determined from a preset directory based on the first account information.
In operation S204, the first login credential information is encrypted to obtain a second authentication information ciphertext.
In operation S205, a first authentication information ciphertext and a second authentication information ciphertext are transmitted to the server device, where the server device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
According to an embodiment of the disclosure, the method may be performed by a client device. The login request may be initiated by the user under the user permission, specifically, the user may open a login interface of various communication client applications on the terminal device by operating the application, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, and/or social platform software, and perform an information input operation to trigger the login request. The first account information may be a login account number input by the user, and the first password information may be login password information input by the user.
According to an embodiment of the present disclosure, the first account information and the first password information are encrypted, or the Encryption Algorithm used when the first login credential information is encrypted may include Encryption algorithms such as an AES (Advanced Encryption Standard), an RSA (Rivest Shamir Adleman, RSA) Algorithm, and a 3DES (Triple Data Encryption Algorithm), and the Encryption Algorithm may be selected according to a specific application, which is not limited herein.
According to the embodiment of the disclosure, the preset directory may store login credential information associated with the login request, the preset directory may be a preset path in the registry or a specific file in the memory, and the preset path may also be adaptively adjusted according to a specific application scenario.
According to the embodiment of the disclosure, the first authentication information ciphertext and the second authentication information ciphertext transmitted to the server device may be transmitted to the server device through an HTTPS Protocol (Hyper Text Transfer Protocol over secure transport Protocol).
According to the embodiment of the disclosure, the server-side equipment authenticates the first authentication information and the second authentication information, so that double authentication of a user in a login process is realized, and the safety of the user in the login process is guaranteed; the first authentication information ciphertext and the second authentication information ciphertext are obtained by responding to the login request, and the first information ciphertext and the second information ciphertext are sent to the server side to obtain the authentication result generated by the server side according to the ciphertext information.
The method of fig. 2 is further described with reference to fig. 3 in conjunction with specific embodiments.
According to an embodiment of the present disclosure, the first login credential information may be a device credential of a terminal device used by the user to send the login request, and the first login credential information may include authentication identification information and a machine identification code, wherein the authentication identification information may be a unique identifier associated with the login request, and the machine identification code may be a code capable of identifying the terminal device.
Fig. 3 schematically shows a process flow diagram of first login credential information according to an embodiment of the present disclosure.
In operation S301, in response to a registration request, a timestamp is generated based on response time information of the registration request.
In operation S302, authentication identification information is generated based on the time stamp.
In operation S303, the authentication identification information is stored in a preset directory.
In operation S304, a machine identification code is acquired.
In operation S305, target authentication identification information associated with the first account information is determined from a plurality of authentication identification information under a preset directory.
In operation S306, the target authentication identification information is spliced with the machine identification code to obtain first login credential information.
According to embodiments of the present disclosure, the registration request may be initiated by the user with user permission, and the registration request may be initiated prior to the login request. Specifically, a user can open a registration interface of various communication client application programs on the terminal device, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, and/or social platform software, and input a customized registration account and a registration password to initiate a registration request, where the customized registration account can be used as a login account input in the login request, and the customized registration password can be used as a login password input in the login request. The input custom account and password can also be stored in a preset directory or database. The response time information may be a time of responding to the registration request, such as a time point of system display; a timestamp may be associated with the response time, in particular, the timestamp may be obtained by serializing the response time with an accuracy of the order of milliseconds.
According to an embodiment of the present disclosure, operation S302 may further include the operations of: generating a random number by adopting a preset random number generation strategy; splicing the timestamp and the random number to obtain identification information; and encrypting the identification information to obtain the authentication identification information.
According to the embodiment of the disclosure, the preset random number generation strategy can generate a random number by using an algorithm such as a square-of-middle method, an LCG (Least General Generalization) algorithm, a metson rotation algorithm and the like according to a bit number set in advance; the Unique Identifier (UID) with Unique attribute can be obtained by content-splicing the timestamp and the random number, and the authentication identification information can be obtained by encrypting the identification information, and can be an EUID (encrypted Unique Identifier).
According to the embodiment of the disclosure, the method for encrypting the UID may adopt a DES (Data Encryption Standard) Encryption algorithm, and the process of encrypting the UID to obtain the EUID may be as shown in formulas (1) to (2):
T UID =T mills +Random(n) (1)
T EUID =DES(T UID ,K 1 ) (2)
wherein T is UID Can represent UID, T with unique attributes mills Can represent a time stamp accurate to the order of milliseconds, random (n) is a function that can return an n-bit random number, n can be a positive integer greater than or equal to 1, T EUID The method can represent the EUID obtained by encrypting the UID, the DES (T, K) can represent a DES encryption function, T can represent the content to be encrypted, and K can represent an encryption key.
According to the embodiment of the present disclosure, the method for encrypting the identification information may also be other algorithms than the DES encryption algorithm, such as an RSA algorithm, a 3DES algorithm, and other encryption algorithms.
According to the embodiment of the disclosure, the encrypted EUID may also be stored in a Windows registry of the client device, and specifically, the EUID may be stored in a preset path in the Windows registry by using a preset Windows registry editing command (for example, vbs (MicroSoft Visual Basic Script Edition)) so as to support the application program to read the EUID in the Windows registry of the terminal device through the Windows registry reading command. Alternatively, the EUID may be stored in a specific file of the terminal device.
According to the embodiment of the disclosure, the acquisition of the machine identification code can acquire the machine identification code of the personal computer through the registry, and acquire the machine identification code of the terminal device. In another embodiment, operation S303 may also be performed simultaneously with operation S302.
According to the embodiment of the disclosure, the target authentication identification information is associated with the first account information, and specifically, may be associated with a login account number and a login password. Under the condition that the authentication identification information is stored in the preset directory, the authentication identification information can be bound with a registration account and a registration password input by a user, and the registration account can be used as the registration password and can also be used as a login account and a login password input during login, so that the target authentication identification information can be determined according to fields of the registration account and the registration password in the preset directory.
According to the embodiment of the disclosure, the target authentication identification information and the machine identification code determined by the above operation are subjected to content splicing to obtain the first login credential information, that is, the EUID and the machine identification code are subjected to content splicing to obtain the device credential of the terminal device.
According to the embodiment of the disclosure, the authentication identification information is obtained by encrypting the identification information, so that the complexity of the authentication identification information can be increased, and the authentication identification information is prevented from being forged. By setting the first login credential information, the information such as the equipment used by the user can be verified in addition to the account number and the password in the process of verifying the login of the user, so that the safety of the user in the login process is improved.
According to the embodiment of the disclosure, the registration request carries second account information and second password information; the information processing method may further include: splicing the authentication identification information and the machine identification code to obtain second login credential information; encrypting the second account information, the second password information and the second login credential information to obtain a third authentication information ciphertext; and sending a third authentication information ciphertext to the server-side device, wherein the server-side device decrypts the third authentication information ciphertext to obtain second account information, second password information and second login credential information, and stores the second account information, the second password information and the second login credential information into the database by taking the second account information as a main key.
According to an embodiment of the disclosure, the second account information and the second password information may be a customized registration account number and a customized registration password, respectively, which are input by the user in the registration request.
According to an embodiment of the present disclosure, the method for encrypting the second account information, the second password information, and the second login credential information may employ an AES (Advanced Encryption Standard) algorithm for Encryption. The third authentication information ciphertext may include the encrypted second account information ciphertext, the second password information ciphertext, and the second login credential information ciphertext. Specifically, the process of encrypting the second login credential information using the AES algorithm may be as shown in equation (3):
Token=AES(T EUID +T M ,K 2 ) (3)
wherein Token may represent the second login credential information ciphertext, T EUID May represent encrypted identification information, i.e. authentication identification information, e.g. by encrypting the UID to obtain the EUID, T M May represent a machine identification code, AES (T, K) may represent an AES encryption function, T may represent content to be encrypted, and K may represent an encryption key.
According to the embodiment of the disclosure, the encryption method for the second account information and the second password information by using the AES algorithm may be similar to formula (3), and the second account information ciphertext and the second password information ciphertext may be obtained after encryption, respectively. And performing content splicing on the second account information ciphertext, the second password information ciphertext and the second login credential information ciphertext to obtain a third authentication information ciphertext. In one embodiment, the AES algorithm may also be replaced with an encryption algorithm such as RSA, 3DES, etc.
According to the embodiment of the disclosure, the third authentication information ciphertext may be transmitted to the server device through an HTTPS protocol. The server-side device may decrypt the third authentication information ciphertext based on a decryption method corresponding to the AES encryption method to obtain second account information, second password information, and second login credential information. In an embodiment, the decryption method may be replaced by a decryption method corresponding to an encryption algorithm such as RSA, 3DES, and the like.
According to the embodiment of the disclosure, the server device may store the second account information, the second password information, and the second login credential information, which are obtained after decrypting the third authentication information ciphertext, in the database, specifically, the second account information may be stored according to a principle that the second account information is used as a priority, and the second password information and the second login credential information are sequentially or simultaneously stored with the second account information being used as a reference.
According to the embodiment of the disclosure, by encrypting the second account information, the second password information and the second login credential information, the complexity of the second account information, the second password information and the second login credential information can be increased, the information is prevented from being forged, and the security of the information in the transmission process is guaranteed.
According to an embodiment of the present disclosure, operation S205 may further include the operations of: the server-side equipment decrypts the first authentication information ciphertext and the second authentication information ciphertext respectively to obtain first account information, first password information and first login credential information; acquiring target password information and target login credential information associated with the first account information from a database; matching the first password information with the target password information to obtain a first matching result; matching the first login credential information with the target login credential information to obtain a second matching result; and generating a login authentication result based on the first matching result and the second matching result.
According to the embodiment of the disclosure, the server device may decrypt the first authentication information by using a decryption method corresponding to the encryption method for obtaining the first authentication information ciphertext to obtain the first account information and the first password information; and decrypting the second authentication information by adopting a decryption method corresponding to the encryption method for obtaining the second authentication information ciphertext to obtain the first login credential information.
According to an embodiment of the present disclosure, the target password information may be second account information and second password information stored in the database, and the target login credential information may be second login credential information pre-stored in the database. The server-side equipment can match the first account information and the first password information with the second account information and the second password information respectively to obtain a first matching result; and matching the first login credential information with the second login credential information to obtain a second matching result. Obtaining a login authentication result of successful authentication under the condition that the first matching result and the second matching result both indicate matching; and under the condition that at least one of the first matching result and the second matching result shows that the first matching result and the second matching result do not match, obtaining a login authentication result with authentication failure.
According to the embodiment of the disclosure, in the matching process, not only the account information and the password information are matched, but also the operation of matching the login credential information is added, so that the safety of the user in the login operation can be improved.
It should be noted that, unless explicitly stated that there is an execution sequence between different operations or there is an execution sequence between different operations in technical implementation, the execution sequence between multiple operations may not be sequential, or multiple operations may be executed simultaneously in the flowchart in this disclosure.
Fig. 4 schematically shows a block diagram of an information processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 4, the information processing apparatus 400 includes an acquisition module 410, a first encryption module 420, a determination module 430, a second encryption module 440, and a first transmission module 450.
The obtaining module 410 is configured to, in response to the login request, obtain first account information and first password information carried in the login request.
The first encryption module 420 is configured to encrypt the first account information and the first password information to obtain a first authentication information ciphertext.
The determining module 430 is configured to determine first login credential information from a preset directory based on the first account information.
The second encryption module 440 is configured to encrypt the first login credential information to obtain a second authentication information ciphertext.
The first sending module 450 is configured to send the first authentication information ciphertext and the second authentication information ciphertext to the server device, where the server device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
According to an embodiment of the present disclosure, the determining module 430 may further include a first obtaining unit, a determining unit, and a first splicing unit.
A first acquisition unit for acquiring the machine identification code.
The determining unit is used for determining target authentication identification information associated with the first account information from a plurality of authentication identification information in a preset directory.
And the first splicing unit is used for splicing the target authentication identification information and the machine identification code to obtain first login credential information.
According to an embodiment of the present disclosure, the information processing apparatus 400 may further include a first generation module, a second generation module, and a logging module.
And the first generation module is used for responding to the registration request and generating the time stamp based on the response time information of the registration request.
And the second generation module is used for generating the authentication identification information based on the time stamp.
And the storage module is used for storing the authentication identification information into a preset directory.
According to an embodiment of the present disclosure, the second generating module may further include: the device comprises a first generation unit, a second splicing unit and an encryption unit.
The first generating unit is used for generating the random number by adopting a preset random number generating strategy.
And the second splicing unit is used for splicing the timestamp and the random number to obtain the identification information.
And the encryption unit is used for encrypting the identification information to obtain the authentication identification information.
According to an embodiment of the present disclosure, the information processing apparatus may further include: the device comprises a splicing module, a third encryption module and a second sending module.
And the splicing module is used for splicing the authentication identification information and the machine identification code to obtain second login credential information.
And the third encryption module is used for encrypting the second account information, the second password information and the second login credential information to obtain a third authentication information ciphertext.
And the second sending module is used for sending a third authentication information ciphertext to the server-side equipment, wherein the server-side equipment decrypts the third authentication information ciphertext to obtain second account information, second password information and second login credential information, and stores the second account information, the second password information and the second login credential information into the database by taking the second account information as a main key.
According to an embodiment of the present disclosure, the first sending module 450 may further include a decryption unit, a second obtaining unit, a first matching unit, a second matching unit, and a second generating unit.
The decryption unit is used for the server side equipment to decrypt the first authentication information ciphertext and the second authentication information ciphertext respectively to obtain first account information, first password information and first login credential information;
the second acquisition unit is used for acquiring target password information and target login credential information which are associated with the first account information from the database;
the first matching unit is used for matching the first password information with the target password information to obtain a first matching result;
the second matching unit is used for matching the first login credential information with the target login credential information to obtain a second matching result; and
and a second generating unit configured to generate a login authentication result based on the first matching result and the second matching result.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the obtaining module 410, the first encryption module 420, the determining module 430, the second encryption module 440 and the first sending module 450 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the obtaining module 410, the first encrypting module 420, the determining module 430, the second encrypting module 440, and the first transmitting module 450 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable manner of integrating or packaging a circuit, or any one of three manners of implementation, or any suitable combination of any of them. Alternatively, at least one of the obtaining module 410, the first encryption module 420, the determining module 430, the second encryption module 440 and the first sending module 450 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
It should be noted that the information processing apparatus portion in the embodiments of the present disclosure corresponds to the information processing method portion in the embodiments of the present disclosure, and the description of the information processing apparatus portion specifically refers to the information processing method portion, and is not repeated herein.
Fig. 5 schematically shows a block diagram of an electronic device adapted to implement an information processing method according to an embodiment of the present disclosure. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, a computer electronic device 500 according to an embodiment of the present disclosure includes a processor 501 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. The processor 501 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 501 may also include onboard memory for caching purposes. Processor 501 may include a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the disclosure.
In the RAM 503, various programs and data necessary for the operation of the electronic apparatus 500 are stored. The processor 501, the ROM502, and the RAM 503 are connected to each other by a bus 504. The processor 501 performs various operations of the method flows according to embodiments of the present disclosure by executing programs in the ROM502 and/or RAM 503. Note that the programs may also be stored in one or more memories other than the ROM502 and the RAM 503. The processor 501 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, electronic device 500 may also include an input/output (I/O) interface 505, input/output (I/O) interface 505 also being connected to bus 504. The electronic device 500 may also include one or more of the following components connected to the I/O interface 505: an input portion 506 including a keyboard, a mouse, and the like; an output portion 507 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The driver 510 is also connected to the I/O interface 505 as necessary. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as necessary, so that a computer program read out therefrom is mounted into the storage section 508 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 509, and/or installed from the removable medium 511. The computer program, when executed by the processor 501, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include ROM502 and/or RAM 503 and/or one or more memories other than ROM502 and RAM 503 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being configured to cause the electronic device to implement the information processing method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 501, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, downloaded and installed through the communication section 509, and/or installed from the removable medium 511. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (10)

1. An information processing method comprising:
responding to a login request, and acquiring first account information and first password information carried in the login request;
encrypting the first account information and the first password information to obtain a first authentication information ciphertext;
determining first login credential information from a preset directory based on the first account information;
encrypting the first login credential information to obtain a second authentication information ciphertext; and
and sending the first authentication information ciphertext and the second authentication information ciphertext to a server-side device, wherein the server-side device generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
2. The method of claim 1, wherein the determining first login credential information from a pre-provisioned directory based on the first account information comprises:
acquiring a machine identification code;
determining target authentication identification information associated with the first account information from a plurality of authentication identification information under the preset directory; and
and splicing the target authentication identification information and the machine identification code to obtain the first login credential information.
3. The method of claim 2, further comprising:
responding to a registration request, and generating a timestamp based on response time information of the registration request;
generating the authentication identification information based on the timestamp; and
and storing the authentication identification information into the preset directory.
4. The method of claim 3, wherein the generating the authentication identification information based on the timestamp comprises:
generating a random number by adopting a preset random number generation strategy;
splicing the timestamp and the random number to obtain identification information; and
and encrypting the identification information to obtain the authentication identification information.
5. The method according to claim 3, wherein the registration request carries second account information and second password information;
the method further comprises the following steps:
splicing the authentication identification information and the machine identification code to obtain second login credential information;
encrypting the second account information, the second password information and the second login credential information to obtain a third authentication information ciphertext; and
and sending the third authentication information ciphertext to the server side equipment, wherein the server side equipment decrypts the third authentication information ciphertext to obtain the second account information, the second password information and the second login credential information, and stores the second account information, the second password information and the second login credential information into a database by taking the second account information as a main key.
6. The method of claim 1, wherein the server device generating a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext comprises:
the server-side equipment decrypts the first authentication information ciphertext and the second authentication information ciphertext respectively to obtain the first account information, the first password information and the first login credential information;
acquiring target password information and target login credential information associated with the first account information from a database;
matching the first password information with the target password information to obtain a first matching result;
matching the first login credential information with the target login credential information to obtain a second matching result; and
and generating the login authentication result based on the first matching result and the second matching result.
7. An information processing apparatus comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for responding to a login request and acquiring first account information and first password information carried in the login request;
the first encryption module is used for encrypting the first account information and the first password information to obtain a first authentication information ciphertext;
the determining module is used for determining first login credential information from a preset directory based on the first account information;
the second encryption module is used for encrypting the first login credential information to obtain a second authentication information ciphertext; and
and the first sending module is used for sending the first authentication information ciphertext and the second authentication information ciphertext to the server-side equipment, wherein the server-side equipment generates a login authentication result based on the first authentication information ciphertext and the second authentication information ciphertext.
8. An electronic device, comprising:
one or more processors;
a memory to store one or more instructions that,
wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-6.
9. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 6.
10. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 6 when executed.
CN202210455826.1A 2022-04-24 2022-04-24 Information processing method, apparatus, device and storage medium Active CN114844694B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210455826.1A CN114844694B (en) 2022-04-24 2022-04-24 Information processing method, apparatus, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210455826.1A CN114844694B (en) 2022-04-24 2022-04-24 Information processing method, apparatus, device and storage medium

Publications (2)

Publication Number Publication Date
CN114844694A true CN114844694A (en) 2022-08-02
CN114844694B CN114844694B (en) 2023-11-21

Family

ID=82566903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210455826.1A Active CN114844694B (en) 2022-04-24 2022-04-24 Information processing method, apparatus, device and storage medium

Country Status (1)

Country Link
CN (1) CN114844694B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130107394A (en) * 2012-03-22 2013-10-02 (주)네오위즈게임즈 Method and server for authenticatiing user in onlie game
CN108322461A (en) * 2018-01-31 2018-07-24 百度在线网络技术(北京)有限公司 Method, system, device, equipment and the medium of application program automated log on
CN108471426A (en) * 2018-06-25 2018-08-31 联想(北京)有限公司 Authentication method, login method, server and client side
CN110213195A (en) * 2018-02-28 2019-09-06 ***通信集团内蒙古有限公司 A kind of login authentication method, server and user terminal
CN110336807A (en) * 2019-06-28 2019-10-15 苏州浪潮智能科技有限公司 A kind of identity identifying method based on Web service, equipment and storage medium
CN113961888A (en) * 2021-09-23 2022-01-21 统信软件技术有限公司 Login request generation method and information verification method for verifying login request

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130107394A (en) * 2012-03-22 2013-10-02 (주)네오위즈게임즈 Method and server for authenticatiing user in onlie game
CN108322461A (en) * 2018-01-31 2018-07-24 百度在线网络技术(北京)有限公司 Method, system, device, equipment and the medium of application program automated log on
CN110213195A (en) * 2018-02-28 2019-09-06 ***通信集团内蒙古有限公司 A kind of login authentication method, server and user terminal
CN108471426A (en) * 2018-06-25 2018-08-31 联想(北京)有限公司 Authentication method, login method, server and client side
CN110336807A (en) * 2019-06-28 2019-10-15 苏州浪潮智能科技有限公司 A kind of identity identifying method based on Web service, equipment and storage medium
CN113961888A (en) * 2021-09-23 2022-01-21 统信软件技术有限公司 Login request generation method and information verification method for verifying login request

Also Published As

Publication number Publication date
CN114844694B (en) 2023-11-21

Similar Documents

Publication Publication Date Title
US10277591B2 (en) Protection and verification of user authentication credentials against server compromise
US9577829B1 (en) Multi-party computation services
US20150188698A1 (en) Systems, methods, and computer program products for providing application validation
US10382209B2 (en) Privacy control using unique identifiers associated with sensitive data elements of a group
US9111123B2 (en) Firmware for protecting data from software threats
US11023620B2 (en) Cryptography chip with identity verification
US11288381B2 (en) Calculation device, calculation method, calculation program and calculation system
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
US10897458B1 (en) Enhancing secure client experience through selective encryption of cookies
CN114584381A (en) Security authentication method and device based on gateway, electronic equipment and storage medium
US10049222B1 (en) Establishing application trust levels using taint propagation
CN110399706B (en) Authorization authentication method, device and computer system
CN114640524B (en) Method, apparatus, device and medium for processing transaction replay attack
CN112767142B (en) Processing method, device, computing equipment and medium for transaction file
CN114844694B (en) Information processing method, apparatus, device and storage medium
CN115001828A (en) Secure access method, system, electronic device and medium for transaction data
CN115051816A (en) Privacy protection-based cloud computing method and device and financial data cloud computing method and device
CN114491489A (en) Request response method and device, electronic equipment and storage medium
CN112769565A (en) Method and device for upgrading cryptographic algorithm, computing equipment and medium
CN111625850A (en) Access control method, device, electronic equipment and storage medium
CN114785560B (en) Information processing method, device, equipment and medium
CN114553570B (en) Method, device, electronic equipment and storage medium for generating token
KR101511451B1 (en) Method of encryption to keyboard input information
CN114826616B (en) Data processing method, device, electronic equipment and medium
CN115952518B (en) Data request method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant