CN118300890A - User login method, device, equipment and storage medium - Google Patents
User login method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN118300890A CN118300890A CN202410661177.XA CN202410661177A CN118300890A CN 118300890 A CN118300890 A CN 118300890A CN 202410661177 A CN202410661177 A CN 202410661177A CN 118300890 A CN118300890 A CN 118300890A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- key
- terminal
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 135
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012216 screening Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a user login method, a device, equipment and a storage medium, which relate to the field of network security and are applied to a user terminal and comprise the following steps: reading first key information in a self equipment certificate, and signing user information to obtain a first signature; encrypting the terminal information plaintext to obtain a terminal information ciphertext, and signing the terminal information plaintext according to the first key information to obtain a second signature; constructing a user login request based on the first signature, the second signature and the terminal information ciphertext and sending the user login request to a server so as to acquire a login result; the login result is determined by verifying the first signature by the server according to the second key information of the server, verifying the terminal information plaintext and verifying the validity of the verification result. By issuing the equipment certificate and signing the information according to the key negotiated by the equipment certificate and the server, the information is verified by ciphertext login, login verification is carried out without carrying user information, and the information security during user login is improved.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a user login method, device, apparatus, and storage medium.
Background
With the development of enterprises, terminal devices are increased correspondingly, related personnel need to log in when operating different terminal devices, but when a user logs in, the user needs to upload plaintext to a server for verification through information such as a user name, a password and the like, so that related information of the user can be intercepted in the transmission process, and the user information can be illegally used by other people, and therefore, how to improve the safety of the user during logging in is a problem to be solved in the field.
Disclosure of Invention
Accordingly, the present invention is directed to a user login method, apparatus, device, and storage medium, which are capable of improving the security of information during user login by issuing a device certificate, signing the information according to a key negotiated between the device certificate and a server, and performing login verification through ciphertext without carrying user information during verification of the information. The specific scheme is as follows:
In a first aspect, the present application provides a user login method, applied to a user terminal, including:
acquiring user information input when a user logs in, and reading first key information stored in a self device certificate to sign the user information based on the first key information to obtain a first signature;
encrypting self terminal information plaintext based on a preset first key to obtain a terminal information ciphertext, and signing the terminal information plaintext according to the first key information to obtain a second signature;
Constructing a user login request based on the first signature, the second signature and the terminal information ciphertext and sending the user login request to a server so as to acquire a login result of the user login request returned by the server; the login result is a login result of the user login request, which is determined according to the validity verification results of the first signing verification result and the second signing verification result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain a first signing verification result, and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result.
Optionally, signing the user information based on the first key information to obtain a first signature includes:
Acquiring an information storage record of the server, and screening target information with corresponding information in the server from the user information according to the information storage record;
And signing the target information by using a terminal private key in the first key information to obtain the first signature, so that the server performs signature verification on the first signature based on the user login request according to the terminal public key in the second key information of the server to obtain the first signature verification result.
Optionally, the encrypting the self terminal information plaintext based on the preset first key to obtain the terminal information ciphertext includes:
And randomly generating the preset first key according to a preset key generation algorithm, and encrypting the terminal information plaintext based on a preset symmetric encryption algorithm by using the preset first key to obtain the terminal information ciphertext.
Optionally, the encrypting the self terminal information plaintext based on the preset first key further includes:
Encrypting the preset first key by using a terminal private key in the first key information according to a preset asymmetric encryption algorithm to obtain a key ciphertext, and sending the key ciphertext to the server based on the user login request, so that the server decrypts the key ciphertext according to the terminal public key in the second key information to obtain the preset first key, and decrypts the terminal information ciphertext according to the preset first key to obtain the terminal information plaintext.
Optionally, when the user login request is constructed based on the first signature, the second signature and the terminal information ciphertext and sent to the server, the method further includes:
Determining a certificate identifier corresponding to the equipment certificate of the server, and sending the certificate identifier to the server based on the user login request, so that the server performs signature verification on the first signature after inquiring user terminal information corresponding to the user login request according to the certificate identifier; the user terminal information comprises the user information, the terminal information plaintext and a terminal public key.
In a second aspect, the present application provides a user login method, applied to a server, including:
Acquiring a user login request sent by a user terminal, and performing signature verification on a first signature based on the user login request according to second key information of the user terminal to obtain a first signature verification result; the user login request is constructed by the user terminal based on the first signature, the second signature and a terminal information ciphertext, wherein the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a self device certificate, then signing the user information based on the first key information, the second signature is obtained by the user terminal signing a self terminal information plaintext according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key;
Signing the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result, and determining a login result of the user login request according to the first signing verification result and a validity verification result of the second signing verification result;
and sending the login result of the user login request to the user terminal.
In a third aspect, the present application provides a user login device, applied to a user terminal, including:
The first information signing module is used for acquiring user information input when a user logs in and reading first key information stored in a self equipment certificate so as to sign the user information based on the first key information to obtain a first signature;
The second information signing module is used for encrypting the terminal information plaintext based on a preset first key to obtain a terminal information ciphertext, and signing the terminal information plaintext according to the first key information to obtain a second signature;
The request sending module is used for constructing a user login request based on the first signature, the second signature and the terminal information ciphertext and sending the user login request to a server so as to acquire a login result of the user login request returned by the server; the login result is a login result of the user login request, which is determined according to the validity verification results of the first signing verification result and the second signing verification result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain a first signing verification result, and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result.
In a fourth aspect, the present application provides a user login device, applied to a server, including:
The signature verification module is used for acquiring a user login request sent by a user terminal, and verifying a first signature based on the user login request according to second key information of the user terminal to obtain a first verification result; the user login request is constructed by the user terminal based on the first signature, the second signature and a terminal information ciphertext, wherein the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a self device certificate, then signing the user information based on the first key information, the second signature is obtained by the user terminal signing a self terminal information plaintext according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key;
The login judging module is used for carrying out signature verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signature verification result, and determining a login result of the user login request according to the first signature verification result and a validity verification result of the second signature verification result;
and the result sending module is used for sending the login result of the user login request to the user terminal.
In a fifth aspect, the present application provides an electronic device comprising a processor and a memory; the memory is used for storing a computer program, and the computer program is loaded and executed by the processor to realize the user login method.
In a sixth aspect, the present application provides a computer readable storage medium storing a computer program which when executed by a processor implements the user login method described above.
Firstly, acquiring user information input during user login, reading first key information stored in a self equipment certificate, signing the user information based on the first key information to obtain a first signature, encrypting a self terminal information plaintext based on a preset first key to obtain a terminal information ciphertext, signing the terminal information plaintext according to the first key information to obtain a second signature, constructing a user login request based on the first signature, the second signature and the terminal information ciphertext, sending the user login request to a server, and acquiring a login result of the user login request returned by the server; the login result is a login result of the user login request determined according to the first signing result and the validity verification result of the second signing result after the server signs the first signature based on the user login request according to the second key information of the server to obtain the first signing result, signs the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain the second signing result. According to the application, the device certificate is issued to the user, the information needing to be kept secret is signed according to the related secret key which is negotiated in advance between the device certificate and the server, the login request is carried out through the encrypted ciphertext generated during information verification, the user name and the password are not carried for login verification, and the server verifies the legality of the related information through a signature verification method, so that the purpose that the plaintext information of the user cannot be leaked in the transmission process is achieved, the account is prevented from being illegally logged in due to account leakage, the protection of the related rights of the user is facilitated, and the information security during the user login is improved.
The application also provides a user login method applied to the server, which has the same beneficial effects as the user login method.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a user login method applied to a user terminal;
FIG. 2 is a flowchart of a user login process according to the present application;
FIG. 3 is a flowchart of a user login method applied to a server according to the present application;
fig. 4 is a schematic diagram of a user login device applied to a user terminal according to the present application;
Fig. 5 is a schematic diagram of a user login device applied to a server according to the present application;
fig. 6 is a block diagram of an electronic device according to the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
When a user logs in, the user needs to upload plaintext to a server for verification through information such as a user name, a password and the like, so that related information of the user can be intercepted in the transmission process, and the user information can be illegally used by other people.
Referring to fig. 1, the embodiment of the invention discloses a user login method, which is applied to a user terminal and comprises the following steps:
Step S11, user information input during user login is obtained, and first key information stored in a device certificate of the user information is read, so that the user information is signed based on the first key information to obtain a first signature.
In this embodiment, when a user logs in at a Terminal (T, terminal), after information such as a user name and a password is input, the Terminal device may acquire relevant user information input during the user login, and since the local device certificate CA (Certificate) issued by the server, the Terminal private Key SK T (SK represents a private Key, PRIVATE KEY), and the server Public Key PK S (PK represents a Public Key) are stored in the Terminal device in advance, the Terminal device may read the first Key information including the Terminal private Key and the server Public Key stored in the device certificate of itself, so as to sign the user information based on the first Key information to obtain a first signature, as shown in fig. 2.
In this embodiment, when signing the user information based on the first key information, after the information storage record of the server is obtained, the target information with corresponding information in the server is screened out from the user information according to the information storage record, so that the terminal device signs the information including but not limited to the key such as the user name and the password and the stored server as Sgn U (Sgn represents the Signature) by using SK T, then signs the target information by using the terminal private key in the first key information to obtain the first Signature, so that the server signs the first Signature based on the user login request according to the terminal public key in the second key information of the server to obtain the first Signature checking result. Therefore, the server can verify the information in the user login request according to the information stored by the server, and the correctness of the user information is ensured.
And step S12, encrypting the terminal information plaintext based on a preset first key to obtain a terminal information ciphertext, and signing the terminal information plaintext according to the first key information to obtain a second signature.
In this embodiment, a plaintext of own terminal information ID T (ID represents an IDentity) may be encrypted based on a preset first key generated in advance to obtain a ciphertext of the terminal information, and information such as the plaintext ID T of the terminal information may be signed according to a server public key PK S in the first key information to obtain a second signature Sgn ID. The preset first key is randomly generated in advance according to a preset key generation algorithm, so that the terminal information ciphertext is obtained by encrypting the terminal information plaintext by using the preset first key based on a preset symmetric encryption algorithm. The terminal information ID T is encrypted by adopting a symmetric algorithm through the first Key Key which is randomly generated to obtain the terminal information ciphertext C T, so that the terminal information is ensured to be in a protection state when a login request is carried out, and the security of a user during login is further improved.
Step S13, constructing a user login request based on the first signature, the second signature and the terminal information ciphertext and sending the user login request to a server so as to acquire a login result of the user login request returned by the server; the login result is a login result of the user login request, which is determined according to the validity verification results of the first signing verification result and the second signing verification result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain a first signing verification result, and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result.
In this embodiment, the user login request may be constructed based on the information such as the first signature, the second signature, the terminal information ciphertext, and the like, and sent to the server, so as to obtain a login result of the user login request returned by the server. As shown in fig. 2, the login result is a login result of the user login request determined according to a validity verification result of the first signing result and the second signing result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain the first signing result and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by using the second key information to obtain the second signing result. In this way, the device certificate issued to the user during the user registration is utilized, and the key information is verified to be legal in a signature verification mode through the key negotiated by the device certificate and the server, so that the purpose that the plaintext information cannot be revealed in the transmission process is achieved.
In a specific embodiment, in combination with the above steps, after encrypting the plaintext of the terminal information, the embodiment may further encrypt the preset first Key with the terminal private Key in the first Key information according to a preset asymmetric encryption algorithm to obtain a Key ciphertext, and send the Key ciphertext to the server based on the user login request, so that the server decrypts the Key ciphertext according to the terminal public Key in the second Key information to obtain the preset first Key, and decrypts the terminal information ciphertext according to the preset first Key to obtain the plaintext of the terminal information. The SK T is used for encrypting Key marked as C Key by adopting an asymmetric algorithm, so that the random Key for encrypting the terminal information is also in a ciphertext state in the information transmission process when a user logs in, and the security of the terminal information and the user information is further improved.
In another specific embodiment, in combination with the above steps, when the embodiment constructs a user login request and sends the user login request to the server, the server may further determine a certificate identifier ID CA corresponding to the device certificate of the server, and send the certificate identifier to the server based on the user login request, so that the server performs signature verification on the first signature after querying user terminal information corresponding to the user login request according to the certificate identifier. The user terminal information comprises user information, a terminal information plaintext and a terminal public key. Therefore, the device certificate can be verified when the user logs in, and the user login security can be further improved.
Through the above embodiment, as shown in fig. 2, the information request server such as ID CA、SgnU、CKey、CT、SgnID may be organized, so that the server may verify the relevant information in the user login request to obtain a corresponding login result. It is to be understood that the encryption or decryption algorithm in this embodiment is not limited, and the related encryption or decryption effect may be achieved.
In this embodiment, the terminal device obtains relevant user information when the user logs in, reads first key information including a terminal private key and a server public key stored in a device certificate of the terminal device, signs the user information to obtain a first signature, encrypts a terminal information plaintext of the terminal device based on a preset first key randomly generated according to a preset key generation algorithm to obtain a terminal information ciphertext, signs information such as the terminal information plaintext according to the server public key in the first key information to obtain a second signature, and then can construct a user login request and send the user login request to the server to obtain a login result of the user login request returned by the server. In this embodiment, the terminal private key may be used to encrypt the preset first key to obtain a key ciphertext, and the key ciphertext may be sent to the server based on the user login request, or the certificate identifier corresponding to the device certificate may be determined, and the certificate identifier may be sent to the server. According to the technical scheme, the device certificate is issued to the user, the information needing to be kept secret is signed according to the related key which is negotiated in advance between the device certificate and the server, the login request is carried out through the encrypted ciphertext generated during information verification, and login verification is carried out without carrying a user name and a password, so that the aim that the plaintext information of the user cannot be revealed in the transmission process is achieved, the account is prevented from being illegally logged in due to account leakage, the information safety during user login is improved, the preset first key is encrypted, the random key used for encrypting the terminal information is ensured to be in the ciphertext state during information transmission process during user login, and further improvement of the terminal information safety and the user information safety is facilitated.
Based on the above embodiment, the present application can sign the information to be kept secret by the related key pre-negotiated between the device certificate and the server when the user logs in the terminal device, and does not carry the user name and the password to perform login verification. Referring to fig. 3, an embodiment of the present application discloses a user login method, which is applied to a server and includes:
S21, acquiring a user login request sent by a user terminal, and performing signature verification on a first signature based on the user login request according to second key information of the user terminal to obtain a first signature verification result; the user login request is constructed by the user terminal based on the first signature, the second signature and the terminal information ciphertext, the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a self device certificate and then signing the user information based on the first key information, the second signature is obtained by the user terminal signing a self terminal information plaintext according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key.
In this embodiment, the server stores the device certificate CA and the terminal information ID T, the terminal public key PK T, the server private key SK S, and other information in advance, so, as shown in fig. 2, after the server obtains the user login request sent by the user terminal, according to the ID CA of the device certificate, the server can query the corresponding terminal public key PK T, the server private key SK S, the terminal information ID T, the user information, and the like stored locally in the server corresponding to the request, so as to obtain the first verification result by performing verification on the first signature Sgn U including but not limited to the key information such as the user name and the password based on the user login request according to the terminal public key PK T in the second key information of the server. The user login request is constructed by the user terminal based on a first signature, a second signature and a terminal information ciphertext, the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a device certificate of the user terminal, signing the user information based on the first key information, the second signature is obtained by the user terminal signing a terminal information plaintext of the user terminal according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key.
And S22, performing signature verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by using the second key information to obtain a second signature verification result, and determining a login result of the user login request according to the first signature verification result and a validity verification result of the second signature verification result.
In this embodiment, a second signature Sgn ID including a terminal information plaintext ID T obtained by decrypting a terminal information ciphertext is checked by using a server private key SK S in the second key information to obtain a second signature verification result, and then a login result of a user login request can be determined according to the first signature verification result and a validity verification result of the second signature verification result. And based on the above embodiment, the preset first Key used for encrypting the terminal information is in the ciphertext state, so when decrypting the terminal information ciphertext, the PK T needs to decrypt the ciphertext C Key of the preset first Key into the Key by adopting an asymmetric algorithm, so as to decrypt the terminal information ciphertext C T by adopting a symmetric algorithm by using the Key.
And step S23, sending the login result of the user login request to the user terminal.
In this embodiment, as shown in fig. 2, after the server performs validity verification based on the first verification result and the second verification result, the login result corresponding to the request may be returned to the terminal according to the validity verification result. And when the verification is successful, the required data corresponding to the user who logs in successfully is issued, and if the verification is failed, the corresponding failure information is returned.
In this embodiment, a user login request sent by a user terminal is first obtained, a first signature is checked based on the user login request according to second key information of the user terminal to obtain a first signature checking result, then a terminal information plaintext obtained by decrypting a terminal information ciphertext is checked by using the second key information to obtain a second signature checking result, and a login result of the user login request is determined according to the first signature checking result and a validity verification result of the second signature checking result, so that the login result of the user login request is sent to the user terminal. In this way, after the login request including the signature of the secret information by using the secret key of the local device certificate issued by the server is obtained, the server performs verification on the encrypted verification information, and the request does not carry an important user name and password during login verification, so that the login security of the user is ensured by combining with the device certificate, and illegal login infringement of the user rights and interests caused by account leakage is prevented.
Referring to fig. 4, the embodiment of the application also discloses a user login device, which is applied to a user terminal and comprises:
The first information signing module 11 is configured to obtain user information input when a user logs in, and read first key information stored in a device certificate of the first information signing module, so as to sign the user information based on the first key information to obtain a first signature;
The second information signing module 12 is configured to encrypt a terminal information plaintext thereof based on a preset first key to obtain a terminal information ciphertext, and sign the terminal information plaintext according to the first key information to obtain a second signature;
a request sending module 13, configured to construct a user login request based on the first signature, the second signature, and the terminal information ciphertext, and send the user login request to a server, so as to obtain a login result of the user login request returned by the server; the login result is a login result of the user login request, which is determined according to the validity verification results of the first signing verification result and the second signing verification result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain a first signing verification result, and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result.
Firstly, user information input during user login is obtained, first key information stored in a self equipment certificate is read, the user information is signed based on the first key information to obtain a first signature, then a terminal information plaintext of the user information is encrypted based on a preset first key to obtain a terminal information ciphertext, the terminal information plaintext is signed according to the first key information to obtain a second signature, a user login request is constructed based on the first signature, the second signature and the terminal information ciphertext and sent to a server, and a login result of the user login request returned by the server is obtained; the login result is a login result of the user login request determined according to the first signing result and the validity verification result of the second signing result after the server signs the first signature based on the user login request according to the second key information of the server to obtain the first signing result, signs the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain the second signing result. In this way, the device certificate is issued to the user, the information needing to be kept secret is signed according to the related secret key which is negotiated in advance between the device certificate and the server, the login request is carried out through the ciphertext generated through encryption during information verification, the user name and the password are not carried for login verification, and the server verifies the legitimacy of the related information through a signature verification method, so that the purpose that the plaintext information of the user cannot be leaked in the transmission process is achieved, the account is prevented from being illegally logged in due to account leakage, the related rights of the user are protected, and the information security during user login is improved.
In some embodiments, the first information signing module 11 specifically includes:
The information screening unit is used for acquiring the information storage record of the server and screening target information with corresponding information in the server from the user information according to the information storage record;
And the information signing unit is used for signing the target information by utilizing the terminal private key in the first key information to obtain the first signature, so that the server performs signature verification on the first signature based on the user login request according to the terminal public key in the second key information of the server to obtain the first signature verification result.
In some specific embodiments, the second information signing module 12 specifically includes:
The information encryption unit is used for randomly generating the preset first key according to a preset key generation algorithm, and encrypting the terminal information plaintext based on a preset symmetric encryption algorithm by utilizing the preset first key to obtain the terminal information ciphertext.
In some embodiments, the second information signature module 12 further includes:
And the key encryption unit is used for encrypting the preset first key by utilizing a terminal private key in the first key information according to a preset asymmetric encryption algorithm to obtain a key ciphertext, and sending the key ciphertext to the server based on the user login request, so that the server decrypts the key ciphertext according to the terminal public key in the second key information to obtain the preset first key, and decrypts the terminal information ciphertext according to the preset first key to obtain the terminal information plaintext.
In some specific embodiments, the request sending module 13 further includes:
The signature verification unit is used for determining a certificate identifier corresponding to the equipment certificate of the signature verification unit, and sending the certificate identifier to the server based on the user login request, so that the server can verify the first signature after inquiring user terminal information corresponding to the user login request according to the certificate identifier; the user terminal information comprises the user information, the terminal information plaintext and a terminal public key.
Referring to fig. 5, the embodiment of the application also discloses a user login device, which is applied to a server and comprises:
The signature verification module 21 is configured to obtain a user login request sent by a user terminal, and perform verification on a first signature based on the user login request according to second key information of the user terminal to obtain a first verification result; the user login request is constructed by the user terminal based on the first signature, the second signature and a terminal information ciphertext, wherein the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a self device certificate, then signing the user information based on the first key information, the second signature is obtained by the user terminal signing a self terminal information plaintext according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key;
The login judging module 22 is configured to perform signature verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by using the second key information to obtain a second signature verification result, and determine a login result of the user login request according to the first signature verification result and a validity verification result of the second signature verification result;
And a result sending module 23, configured to send the login result of the user login request to the user terminal.
In this embodiment, a user login request sent by a user terminal is first obtained, a first signature is checked based on the user login request according to second key information of the user terminal to obtain a first signature checking result, then a terminal information plaintext obtained by decrypting a terminal information ciphertext is checked by using the second key information to obtain a second signature checking result, and a login result of the user login request is determined according to the first signature checking result and a validity verification result of the second signature checking result, so that the login result of the user login request is sent to the user terminal. In this way, after the server obtains the login request including the signature of the secret information by using the secret key of the local equipment certificate issued by the server, the server performs verification on the encrypted verification information, the request does not carry an important user name and password during login verification, and the login security of the user is ensured by combining the equipment certificate, so that the illegal login infringement of the user rights caused by account leakage is prevented.
Further, the embodiment of the present application further discloses an electronic device, and fig. 6 is a block diagram of an electronic device 30 according to an exemplary embodiment, where the content of the figure is not to be considered as any limitation on the scope of use of the present application.
Fig. 6 is a schematic structural diagram of an electronic device 30 according to an embodiment of the present application. The electronic device 30 may specifically include: at least one processor 31, at least one memory 32, a power supply 33, a communication interface 34, an input-output interface 35, and a communication bus 36. The memory 32 is configured to store a computer program, which is loaded and executed by the processor 31 to implement relevant steps in the user login method disclosed in any of the foregoing embodiments. In addition, the electronic device 30 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 33 is configured to provide an operating voltage for each hardware device on the electronic device 30; the communication interface 34 can create a data transmission channel between the electronic device 30 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 35 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 32 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 321, a computer program 322, and the like, and the storage may be temporary storage or permanent storage.
The operating system 321 is used for managing and controlling various hardware devices on the electronic device 30 and the computer program 322, which may be Windows Server, netware, unix, linux, etc. The computer program 322 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the user login method performed by the electronic device 30 as disclosed in any of the previous embodiments.
Further, the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program, when executed by the processor, implements the previously disclosed user login method. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has outlined rather broadly the more detailed description of the application in order that the detailed description of the application that follows may be better understood, and in order that the present principles and embodiments may be better understood; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (10)
1. A user login method, applied to a user terminal, comprising:
acquiring user information input when a user logs in, and reading first key information stored in a self device certificate to sign the user information based on the first key information to obtain a first signature;
encrypting self terminal information plaintext based on a preset first key to obtain a terminal information ciphertext, and signing the terminal information plaintext according to the first key information to obtain a second signature;
Constructing a user login request based on the first signature, the second signature and the terminal information ciphertext and sending the user login request to a server so as to acquire a login result of the user login request returned by the server; the login result is a login result of the user login request, which is determined according to the validity verification results of the first signing verification result and the second signing verification result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain a first signing verification result, and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result.
2. The method of claim 1, wherein signing the user information based on the first key information results in a first signature, comprising:
Acquiring an information storage record of the server, and screening target information with corresponding information in the server from the user information according to the information storage record;
And signing the target information by using a terminal private key in the first key information to obtain the first signature, so that the server performs signature verification on the first signature based on the user login request according to the terminal public key in the second key information of the server to obtain the first signature verification result.
3. The user login method according to claim 1, wherein encrypting the own terminal information plaintext based on the preset first key to obtain the terminal information ciphertext comprises:
And randomly generating the preset first key according to a preset key generation algorithm, and encrypting the terminal information plaintext based on a preset symmetric encryption algorithm by using the preset first key to obtain the terminal information ciphertext.
4. The user login method according to claim 3, wherein after encrypting the own terminal information plaintext based on the preset first key to obtain the terminal information ciphertext, further comprising:
Encrypting the preset first key by using a terminal private key in the first key information according to a preset asymmetric encryption algorithm to obtain a key ciphertext, and sending the key ciphertext to the server based on the user login request, so that the server decrypts the key ciphertext according to the terminal public key in the second key information to obtain the preset first key, and decrypts the terminal information ciphertext according to the preset first key to obtain the terminal information plaintext.
5. The user login method according to any one of claims 1 to 4, wherein when the user login request is constructed based on the first signature, the second signature, and the terminal information ciphertext and transmitted to a server, the method further comprises:
Determining a certificate identifier corresponding to the equipment certificate of the server, and sending the certificate identifier to the server based on the user login request, so that the server performs signature verification on the first signature after inquiring user terminal information corresponding to the user login request according to the certificate identifier; the user terminal information comprises the user information, the terminal information plaintext and a terminal public key.
6. A user login method, applied to a server, comprising:
Acquiring a user login request sent by a user terminal, and performing signature verification on a first signature based on the user login request according to second key information of the user terminal to obtain a first signature verification result; the user login request is constructed by the user terminal based on the first signature, the second signature and a terminal information ciphertext, wherein the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a self device certificate, then signing the user information based on the first key information, the second signature is obtained by the user terminal signing a self terminal information plaintext according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key;
Signing the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result, and determining a login result of the user login request according to the first signing verification result and a validity verification result of the second signing verification result;
and sending the login result of the user login request to the user terminal.
7. A user login device, applied to a user terminal, comprising:
The first information signing module is used for acquiring user information input when a user logs in and reading first key information stored in a self equipment certificate so as to sign the user information based on the first key information to obtain a first signature;
The second information signing module is used for encrypting the terminal information plaintext based on a preset first key to obtain a terminal information ciphertext, and signing the terminal information plaintext according to the first key information to obtain a second signature;
The request sending module is used for constructing a user login request based on the first signature, the second signature and the terminal information ciphertext and sending the user login request to a server so as to acquire a login result of the user login request returned by the server; the login result is a login result of the user login request, which is determined according to the validity verification results of the first signing verification result and the second signing verification result after the server performs signing verification on the first signature based on the user login request according to the second key information of the server to obtain a first signing verification result, and performs signing verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signing verification result.
8. A user login device, for use with a server, comprising:
The signature verification module is used for acquiring a user login request sent by a user terminal, and verifying a first signature based on the user login request according to second key information of the user terminal to obtain a first verification result; the user login request is constructed by the user terminal based on the first signature, the second signature and a terminal information ciphertext, wherein the first signature is obtained by the user terminal obtaining user information input during user login, reading first key information stored in a self device certificate, then signing the user information based on the first key information, the second signature is obtained by the user terminal signing a self terminal information plaintext according to the first key information, and the terminal information ciphertext is obtained by the user terminal encrypting the terminal information plaintext based on a preset first key;
The login judging module is used for carrying out signature verification on the terminal information plaintext obtained by decrypting the terminal information ciphertext by utilizing the second key information to obtain a second signature verification result, and determining a login result of the user login request according to the first signature verification result and a validity verification result of the second signature verification result;
and the result sending module is used for sending the login result of the user login request to the user terminal.
9. An electronic device comprising a processor and a memory; wherein the memory is for storing a computer program that is loaded and executed by the processor to implement the user login method according to any one of claims 1 to 6.
10. A computer readable storage medium for storing a computer program which when executed by a processor implements a user login method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410661177.XA CN118300890A (en) | 2024-05-24 | 2024-05-24 | User login method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410661177.XA CN118300890A (en) | 2024-05-24 | 2024-05-24 | User login method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118300890A true CN118300890A (en) | 2024-07-05 |
Family
ID=91676380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410661177.XA Pending CN118300890A (en) | 2024-05-24 | 2024-05-24 | User login method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118300890A (en) |
-
2024
- 2024-05-24 CN CN202410661177.XA patent/CN118300890A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| US9847882B2 (en) | Multiple factor authentication in an identity certificate service | |
| Barker et al. | Recommendation for key management part 3: Application-specific key management guidance | |
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| US10567370B2 (en) | Certificate authority | |
| US7688975B2 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
| US7353383B2 (en) | System and method for single session sign-on with cryptography | |
| WO2018076365A1 (en) | Key negotiation method and device | |
| US7653713B2 (en) | Method of measuring round trip time and proximity checking method using the same | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| CN105471833A (en) | Safe communication method and device | |
| CN109302369B (en) | Data transmission method and device based on key verification | |
| CN106790183A (en) | Logging on authentication method of calibration, device | |
| CN101860540A (en) | Method and device for identifying legality of website service | |
| KR101452708B1 (en) | CE device management server, method for issuing DRM key using CE device management server, and computer readable medium | |
| CN109981287B (en) | Code signing method and storage medium thereof | |
| JP2001186122A (en) | Authentication system and authentication method | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| Barker et al. | Sp 800-57. recommendation for key management, part 1: General (revised) | |
| KR100970552B1 (en) | Method for generating secure key using certificateless public key | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| WO2018121394A1 (en) | Mobile terminal, alarm information acquisition and sending method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |