WO2018072403A1 - Password reset method, apparatus, terminal device and server, and computer-readable medium - Google Patents

Password reset method, apparatus, terminal device and server, and computer-readable medium Download PDF

Info

Publication number
WO2018072403A1
WO2018072403A1 PCT/CN2017/079616 CN2017079616W WO2018072403A1 WO 2018072403 A1 WO2018072403 A1 WO 2018072403A1 CN 2017079616 W CN2017079616 W CN 2017079616W WO 2018072403 A1 WO2018072403 A1 WO 2018072403A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
slider
information input
user information
terminal device
Prior art date
Application number
PCT/CN2017/079616
Other languages
French (fr)
Chinese (zh)
Inventor
郝梦茹
周志刚
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2018072403A1 publication Critical patent/WO2018072403A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • the present application relates to the field of Internet technologies, and in particular, to a password reset method, apparatus, terminal device, and server, and computer readable medium.
  • each website provides an account password login function.
  • the user needs to input a valid account and password on the website.
  • the website verifies the account and password. After the verification is passed, the user logs in successfully, otherwise the login fails.
  • the password resetting process in the related art is roughly as follows: the user inputs user information, such as a nickname and a mobile phone number, on the website page provided by the terminal device, and the terminal device sends the user information to the server, and the server verifies whether the user information is correct, if correct Then, the terminal device is used to guide the user to reset the password. If not, the user information is prompted to be incorrect through the terminal device.
  • user information such as a nickname and a mobile phone number
  • the terminal device sends the user information to the server, and the server guides the user to reset the password after verifying that the obtained user information is correct.
  • the communication protocol between the terminal device and the server in the related art is easily cracked by a hacker. After the hacker cracks the communication protocol between the terminal device and the server, the communication data between the terminal device and the server can be intercepted, or the terminal device can be bypassed. Communicate directly with the server, pretending to reset the password, causing the user's password to be stolen.
  • the purpose of the present application is to provide a password reset method, apparatus, terminal device, and server, computer readable medium, to improve the difficulty of cracking a communication protocol between a terminal device and a server, and to reduce the stolen user password. risk.
  • the embodiment of the present application provides a password resetting method, including: providing a password resetting interface according to a password resetting instruction of a user, where the password resetting interface includes one-to-one correspondence with each user information.
  • User information input box and slider puzzle the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and is received through the user information input box.
  • the information input flag corresponding to the user information is generated; when the user slides the slider puzzle, the slider operation mark corresponding to the slider puzzle is generated; When the plurality of the information input marks corresponding to the user information are one-to-one and the completion result of the slider puzzle is correct, each of the information input marks and the slider operation mark are sent to the server, so that the server according to each The information input tag and the slider operation flag direct the user to perform a password reset.
  • the embodiment of the present application provides the first possible implementation manner of the first aspect, wherein the generating the information input identifier corresponding to the user information comprises: using the first preset algorithm to the first preset The parameter performs an operation to generate an information input tag corresponding to the user information, where the first preset parameter includes a current date or all or part of the content of the user information.
  • the slider operation mark corresponding to the slider puzzle includes: calculating a second preset parameter by using a second preset algorithm, and generating a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter Includes current date.
  • the embodiment of the present application provides a third possible implementation manner of the first aspect, where the information parameter is set corresponding to the user information input box, and the information input identifier corresponding to the user information is generated, including: The information parameter is assigned a first preset protocol value, and an information input tag corresponding to the user information is generated.
  • the embodiment of the present application provides a fourth possible implementation manner of the first aspect, wherein the slider operation parameter is set by the corresponding slider operation, and the slider operation flag corresponding to the slider puzzle is generated, including: The slider parameter is assigned to the second preset protocol value, and the slider operation mark corresponding to the slider puzzle is generated.
  • the embodiment of the present application provides a fifth possible implementation manner of the first aspect, wherein after the user information input by the user is received by the user information input box, the method further includes: Sending the user information to the server, so that the server checks whether the user information is correct; after receiving the instruction that each user information sent by the server is verified to be correct, the sliding is performed. The block puzzle becomes slidable.
  • the embodiment of the present application provides the sixth possible implementation manner of the first aspect, wherein the sending the information input flag and the slider operation flag to the server include: Each of the information input tag and the slider operation flag is encrypted, and each of the information input tag and the ciphertext of the slider operation flag is transmitted to the server.
  • the embodiment of the present application provides a password resetting method, including: determining, during a user requesting password resetting process, whether multiple information input tags corresponding to each user information are received from a terminal device. And a slider operation mark corresponding to the slider puzzle; wherein the user information includes a user account, and further includes one or more of a user name, a user mobile phone number, and a user's answer to the specified question, and the information input is marked as
  • the terminal device is generated when the user information input by the user is received through the user information input box, and the user information input box is multiple, and the user operation information is in one-to-one correspondence with the user information, and the slider operation is marked as The terminal device is generated when the user slides the slider puzzle, and the user information input box and the slider puzzle are subordinate to the password reset interface, and the password reset interface is reset by the terminal device according to the password of the user.
  • the instruction Provided by the instruction; if receiving a plurality of information input marks corresponding to each user information from the terminal device and a slider corresponding to the slider puzzle Marking, verifying whether each of the information input mark and the slider operation mark meets a preset rule; if each of the information input mark and the slider operation mark conform to the preset rule, The terminal device sends a password reset command to guide the user to perform password reset.
  • the embodiment of the present application provides the first possible implementation manner of the second aspect, wherein the verifying whether each of the information input mark and the slider operation mark meet the preset rule includes: Parsing the information input flag by using a first preset algorithm, and verifying whether the parsing result is a first preset parameter, and if yes, determining that the information input flag conforms to the preset rule, where the first preset parameter includes a current The date or the information input all or part of the content of the user information corresponding to the mark.
  • verifying whether the slider operation flag meets a preset rule comprises: parsing the slider by using a second preset algorithm The operation mark is used to check whether the analysis result is a second preset parameter, and if yes, determining that the slider operation mark conforms to the preset rule, and the second preset parameter Includes current date.
  • the embodiment of the present application provides a third possible implementation manner of the second aspect, wherein the information input flag includes an information parameter, and the verification whether each of the information input tags meets a preset rule
  • the method includes: checking whether the value of the information parameter in the information input tag is a first preset protocol value, and if yes, determining that the information input tag conforms to a preset rule.
  • the embodiment of the present application provides a fourth possible implementation manner of the second aspect, wherein the slider operation flag includes a slider parameter, and whether the slider operation flag meets a preset rule includes : Verify that the value of the slider parameter in the slider operation tag is the second preset protocol value, and if so, determine that the slider operation flag conforms to the preset rule.
  • the embodiment of the present application provides a fifth possible implementation manner of the second aspect, wherein, in determining whether a plurality of information input tags and corresponding slidings corresponding to each user information from the terminal device are received, Before the slider operation of the block puzzle, the method further includes: receiving the user information sent by the terminal device, verifying whether the user information is correct; and when verifying that the user information is correct, the terminal is The device sends the user information to verify the correct instruction.
  • the embodiment of the present application provides a sixth possible implementation manner of the second aspect, wherein each of the information input mark and the slider operation mark are in a cipher text form, and the school Determining whether each of the information input mark and the slider operation mark meets a preset rule, comprising: decrypting each of the information input mark and the slider operation mark to obtain each of the information input marks and the The plaintext of the slider operation mark; whether the plaintext of each of the information input mark and the slider operation mark meets the preset rule.
  • the embodiment of the present application provides a password resetting apparatus, including: an interface providing module, configured to provide a password resetting interface according to a password resetting instruction of a user, where the password resetting interface includes each user a plurality of user information input boxes and slider puzzles corresponding to the information one by one, the user information includes a user account, and further includes one or more of a user name, a user mobile phone number, and an answer of the user to the specified question; a generating module, configured to generate an information input tag corresponding to the user information when the user information input by the user is received by the user information input box, and a second tag generating module, configured to determine that the user slides the slider puzzle And generating a slider operation mark corresponding to the slider puzzle; the mark sending module is configured to generate a plurality of the information input marks corresponding to each piece of the user information and the completion result of the slide puzzle When correct, each of the information input flag and the slider operation flag are sent to a server to cause the server to input according to
  • the embodiment of the present application provides a password resetting apparatus, including: a marking determining module, configured to determine, in a process of applying for a password resetting, whether to receive a one-to-one correspondence with each user information from a terminal device. a plurality of information input marks and a slider operation mark corresponding to the slider puzzle; wherein the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, The information input is generated by the terminal device when the user information input by the user is received through the user information input box, and the user information input box is multiple, and the user information is in one-to-one correspondence with each of the user information.
  • the slider operation flag is generated by the terminal device when determining a user sliding slider puzzle, the user information input box and the slider puzzle are subordinate to a password reset interface, and the password reset interface is the terminal device
  • the mark verification module is configured to receive one-to-one correspondence with each user information from the terminal device.
  • the information input flag and the slider operation mark corresponding to the slider puzzle verifying whether each of the information input mark and the slider operation mark meet the preset rule;
  • the command sending module is configured to input each of the information Mark and The slider operation marks all conform to the preset rule, and send a password reset instruction to the terminal device to guide the user to perform password reset.
  • an embodiment of the present application provides a terminal device, including: a memory configured to store a program, where the processor is configured to execute a method including the following steps by calling a program stored in the memory: according to a user
  • the password resetting instruction provides a password resetting interface, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, the user information including the user account, and the user One or more of a name, a user's mobile phone number, and a user's answer to the specified question; when the user information input box receives the user information input by the user, generating an information input flag corresponding to the user information; When the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle; when generating a plurality of the information input marks corresponding to each piece of the user information and completing the slider puzzle When the result is correct, each of the information input flag and the slider operation flag are sent to the server, so that the server Directing the operation flag of the input
  • an embodiment of the present application provides a server, where the server includes: a memory configured to store a program, and the processor is configured to execute a method including the following steps by calling a program stored in the memory: In the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user
  • the account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box.
  • the user information input box is a plurality of, corresponding to each of the user information
  • the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle
  • the user information is input.
  • the frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is based on the user's
  • the code resetting instruction provides; if receiving a plurality of information input marks corresponding to each user information from the terminal device and a slider operation mark corresponding to the slider puzzle, verifying each of the information input marks and the Whether the slider operation marks all conform to the preset rule; if each of the information input mark and the slider operation mark meets the preset rule, sending a password reset instruction to the terminal device to guide the user Perform a password reset.
  • a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the above method.
  • the method, the device, the terminal device, the server, and the computer readable medium in the embodiment of the present application provide a password reset interface according to the password reset command of the user, and the password reset interface includes one-to-one correspondence with each user information.
  • User information input box and slider puzzle when receiving a user information input by the user through a user information input box, generating an information input mark corresponding to the user information; determining a user to slide the slider puzzle to generate a slider puzzle Corresponding slider operation mark; when generating a plurality of information input marks corresponding to each user information one by one and the result of the completion of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server to make the server The user is prompted to perform a password reset based on each information input tag and slider action tag.
  • the device, the terminal device, the server, and the computer readable medium in the embodiment a plurality of information input marks and sliders are added to the communication content.
  • the operation mark that is, the original communication format and communication content are changed, so that the communication content is more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • FIG. 1 is a schematic diagram of interaction between a server and a terminal device according to a preferred embodiment of the present application
  • FIG. 2 is a schematic flowchart of a terminal device side of a password reset method provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of a password reset interface provided by an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a server side of a password reset method provided by an embodiment of the present application
  • FIG. 5 is a schematic diagram showing the module composition of the password resetting device located on the terminal device side provided by the embodiment of the present application;
  • FIG. 6 is a schematic diagram showing the module composition of the password resetting device on the server side provided by the embodiment of the present application.
  • FIG. 7 is a schematic block diagram of an electronic device provided by an embodiment of the present application.
  • FIG. 1 it is a schematic diagram of a server and a terminal device interacting with a preferred embodiment of the present invention.
  • the server is in communication with one or more terminal devices over a network for data communication or interaction.
  • the server may be a web server, a database server, or the like.
  • the terminal device may be a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), or the like.
  • the embodiment of the present application provides a password resetting method, device, terminal device, server, and computer.
  • the medium is read to improve the difficulty of cracking the communication protocol between the terminal device and the server, and the risk of the user password being stolen is reduced. The following is specifically described in conjunction with the embodiments.
  • FIG. 2 is a schematic flowchart of a terminal device side of a password reset method according to an embodiment of the present disclosure. The method is performed by a terminal device. As shown in FIG. 2, the method includes the following steps:
  • Step S102 providing a password resetting interface according to the password resetting instruction of the user, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, and the user information includes a user account, and Includes one or more of the user's name, the user's mobile number, and the user's answer to the specified question.
  • a specific application such as a website APP, or a specific application platform, such as a website page running through a browser, is installed in the terminal device, and the user resets the password through the application or the application platform.
  • the application or the application platform receives a password reset instruction input by the user, and provides a password reset interface to the user.
  • FIG. 3 is a schematic diagram of a password reset interface provided by an embodiment of the present application.
  • the password reset interface includes a plurality of user information input boxes, and each user information input box corresponds to a user information, and the user information includes at least a user account, and includes a user name, a user mobile phone number, and a user pair. One or more of the answers to the specified question, where the specified question can be a secret question that is reserved when the user registers.
  • the user information includes a user account and a user mobile phone number
  • the user information input box includes two, one for inputting a user account and the other for inputting a user mobile phone number.
  • the password reset interface further includes a slider puzzle. When the user drags the slider to the correct position, the application or the application platform determines that the slider puzzle completes the result correctly.
  • the puzzle may be moved while the slider is dragged as shown in FIG. 3, and the user drags the slider to the specified direction along the direction of the slider movement. When the position is, the puzzle is successful.
  • Step S104 When the user information input by the user is received through the user information input box, an information input flag corresponding to the user information is generated.
  • the user information includes a plurality of pieces of information, and each piece of user information corresponds to a user information input box.
  • the terminal device receives a piece of user information input by the user through a user information input box, the user information is generated.
  • Corresponding information input mark which is used to indicate the occurrence of a behavioral action by the user to input user information through the user information input box.
  • the user information input box is activated.
  • the terminal device receives the character information input by the user, and uses the character information as the user information.
  • Each user information input by the user through the user information input box has an information input mark
  • the specific process of the terminal device generating the information input mark corresponding to the user information may be: using the first preset algorithm to calculate the first preset parameter And generating an information input identifier corresponding to the user information, where the first preset parameter includes a current date or all or part of the content of the user information, and the first preset algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
  • the terminal device uses the current date, such as the “day” in the year-month-day as the first preset parameter, and uses the first preset algorithm to symmetrically encrypt the first preset parameter, and the obtained result is used as the user information.
  • Corresponding information input tag When the first preset parameter is the current date, the information input tags corresponding to each user information are consistent.
  • the first preset parameter may be set to all or part of the user information.
  • the first preset parameter is symmetrically encrypted by using the first preset algorithm, and the obtained result is used as the information input tag corresponding to the user information. Since the specific content of each user information is different, all or part of the user information is As the first preset parameter, the contents of each information input mark can be made different, thereby improving the flexibility of the information input mark.
  • the first preset parameter is the current date, such as 20 days, and the character "20" is symmetrically encrypted to obtain an information input mark.
  • the user information is a user account, and all characters of the user account are used as a first preset parameter, and all characters of the user account are asymmetrically encrypted, and an information input identifier corresponding to the user account is obtained;
  • the user information is the user's mobile phone number, and the last four digits of the mobile phone number are used as the first preset parameters, and the last four digits of the mobile phone number are symmetrically encrypted, and the information input mark corresponding to the mobile phone number of the user is obtained.
  • the specific process of the terminal device generating the information input tag corresponding to the user information may be: setting the information parameter corresponding to the user information input box, and receiving the information input by the user through the user information input box,
  • the parameter assignment is a first preset protocol value, and generates an information input tag corresponding to the user information.
  • the user account is a user nickname
  • the information parameter nicknameflag is set.
  • the information parameter nicknameflag is assigned the first preset protocol value of 1, indicating that the user has entered the nickname input action.
  • the user nickname corresponds to the information input tag.
  • the information parameter phoneflag is set, and when the user inputs the user information through the information input box corresponding to the user's mobile phone number, the information parameter nicknameflag is assigned the first preset protocol value of 1, indicating that the user has a mobile phone. Enter the information input tag corresponding to the user's mobile phone number of the action.
  • the specific value of the first preset protocol value is not limited, and different user information input boxes may have different first preset protocol values.
  • the terminal device when the terminal device receives a piece of user information input by the user through a user information input box, the information input tag corresponding to the user information is generated, thereby marking the behavior of the user inputting the user information on the page. Occurs, the purpose of recording user page operations.
  • step S106 when the user slides the slider puzzle, it is determined that the slider operation mark corresponding to the slider puzzle is generated.
  • the terminal device determines the slider puzzle on the user sliding password reset interface
  • the slider operation mark corresponding to the slider puzzle is generated.
  • the terminal device detects that the user clicks the slider on the password reset interface and drags the slider, the terminal device generates a slider operation mark corresponding to the slider puzzle, regardless of whether the completion result of the user's sliding puzzle is correct. , thereby marking the occurrence of the user's behavior of sliding the slider on the password generation interface, and recording the user's page operation.
  • the specific process of the terminal device generating the slider operation mark corresponding to the slider puzzle may be: calculating the second preset parameter by using the second preset algorithm, and generating a slider operation mark corresponding to the slider puzzle, wherein the second pre- The parameter includes a current date, and the second preset algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
  • the terminal device uses the current date, such as the “day” in the year-month-day as the second preset parameter, and symmetrically encrypts the second preset parameter by using the second preset algorithm, and uses the obtained result as a slider.
  • the slider operation mark corresponding to the puzzle is obtained.
  • the first preset parameter is the current date, for example, on the 25th, the character "25" is symmetrically encrypted, and the slider operation mark corresponding to the slider puzzle is obtained.
  • the specific process of generating the slider operation mark corresponding to the slider puzzle may also be: setting the slider parameter corresponding to the slider operation, and determining that the slider parameter is assigned to the second when the user slides the slider puzzle
  • the default protocol value is generated, and the slider operation mark corresponding to the slider puzzle is generated.
  • the specific value of the second preset protocol value is not limited, and the second preset protocol value may be the same as the first preset protocol value, or may be different from the first preset protocol value, and may be set according to actual requirements. .
  • the slider parameter slideflag is set, and when the user slides the slider puzzle, the slider parameter slideflag is assigned a second preset protocol value of 1, and a slider operation flag indicating that the user has slider sliding is obtained.
  • the slider operation mark corresponding to the slider puzzle is generated.
  • the behavior of the user sliding the slider on the page is marked, and the purpose of recording the user page operation is achieved.
  • Step S108 when a plurality of information input marks corresponding to each piece of user information are generated and the completion result of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server, so that the server inputs according to each information.
  • the tag and slider action tags guide the user through a password reset.
  • the user information includes a plurality of pieces of information, and each piece of user information corresponds to a user information input box.
  • the terminal device receives a piece of user information input by the user through a user information input box, the user information is generated.
  • the corresponding information is input with a flag, so when the user inputs all the user information through all the user information input boxes, the terminal device generates a plurality of information input flags equal to the number of user information (user information input boxes).
  • the terminal device verifies that the completion result of the slider puzzle is correct.
  • the terminal device generates a plurality of information input marks corresponding to each user information one by one and the result of the completion of the slider puzzle is correct.
  • the terminal device sends each information input tag and slider operation flag to the server, so that the server guides the user to perform password reset according to each information input tag and slider operation flag.
  • the method in the embodiment of the present application provides a password reset interface according to a password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information;
  • the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information;
  • the user information input box receives a user information input by the user, generates an information input mark corresponding to the user information;
  • when determining that the user slides the slider puzzle generates a slider operation mark corresponding to the slider puzzle; when generating and
  • each information input mark and the slider operation mark are sent to the server, so that the server guides the user according to each information input mark and the slider operation mark. Perform a password reset.
  • the communication between the terminal device and the server is performed by the method in the embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the terminal device records the page operation of the user by generating a plurality of information input tags and a slider operation flag, indicating that the user performs the actual operation of inputting information, sliding the slider, and the like on the website page. behavior. Since the hacker usually steals the user password and does not operate on the website page, but bypasses the terminal device to directly interact with the server, the information sent by the hacker to the server must not include multiple information input tags and slider operation tags, or include The erroneous information input flag and the slider operation flag, so that the method in the embodiment can also help the server to distinguish whether the received information is from a normal user or a hacker, thereby preventing the hacker from stealing the user password and improving the security of the password. .
  • the method in this embodiment after receiving the user information input by the user through the user information input box, includes:
  • the slider puzzle After receiving the correct command from each user information sent by the server, the slider puzzle is changed to a slidable state.
  • the terminal device can receive the user information in two ways and send the information to the server.
  • the first user information input box on the terminal device control interface is in an input state, and the first user information input box is a user.
  • the account input box the rest of the user information input boxes are not inputable, and the slider puzzle is also unavailable.
  • the terminal device receives When the first user information is input by the user, the terminal device sends the user information to the server, and after receiving the correct command of the user information sent by the server, the next user information input box on the interface is changed to The status can be input, so that the user inputs the next user information.
  • the terminal device receives the next user information input by the user, the next user information is sent to the server, and the next user information is verified at the server.
  • the terminal device When correct, the terminal device changes the next user information input box on the interface to the inputtable state, and repeats until all the user information of the user is input correctly. In this process, when there is a user information error and the number of errors exceeds At the preset value, the terminal device ends the password reset process. After the terminal device receives the correct instruction of verifying the last user information sent by the server, the slider puzzle is changed into a slidable state, so that the user performs the puzzle verification.
  • the terminal device receives the user information input by the user through each user information input box. After receiving all the user information, the terminal device sends all the user information to the server. After the terminal device receives the correct instruction that all the user information sent by the server is correct, The slider puzzle is changed into a slidable state, so that the user performs the puzzle verification.
  • the terminal device receives an instruction of the user information error sent by the server, the prompt information of the user information error is displayed, and when the user information is incorrect, When the number of errors exceeds the preset value, the terminal device ends the password reset process.
  • the server checks whether the user account exists.
  • the server verifies whether the user's mobile phone number exists and matches the user account, and when the user information is a user-specific problem.
  • the answer is that the server verifies that the answer is correct and that the answer matches the user account.
  • the user information includes a user account and a user mobile phone number
  • the terminal device first receives the user account input by the user through the user information input box, and sends the server account to the server to verify whether the user account exists. If yes, the password reset fails. If the account exists, the terminal device generates an information input tag corresponding to the user account, and changes the user mobile phone number input box to an input state, and receives the user mobile phone number through the user mobile phone number input box, and sends the The server verifies whether the mobile phone number matches the user account. If it does not match, the password reset fails. If it matches, the terminal device generates an information input tag corresponding to the user's mobile phone number, and changes the slider puzzle to a slidable state.
  • the terminal device monitors the user sliding the slider, the slider operation mark corresponding to the slider puzzle is generated.
  • the terminal device verifies that the user's slider puzzle completes the result, the password reset fails, and the terminal device verifies the user's slider.
  • the puzzle completes the result correctly, enter the above two information into the marker and a slider. Mark to the server so that the server user password reset flag of the guidance based on the information input two markers and a slide operation.
  • the server When the data received by the server does not exist in the above two information input tags and a slider operation tag or the existing tag content is wrong, the server considers the information to come from the hacker, ends the password reset process, and when the server receives the data, The user is redirected when there are two information input tags and one slider action tag and the tag content is correct.
  • the terminal device When the terminal device receives the non-empty user information, confirm that the user has the action of clicking the user information input box and inputting the information, generating an information input flag to record the user's page operation, and when the terminal device determines that the user slides the slider puzzle To determine that the user has a page operation, generate a slider action tag to record the user's page action.
  • the account number and the mobile phone number can verify which user has lost the password, and the sliding puzzle, the information input mark, and the slider operation mark are added to prevent the hacker from cracking the agreement between the terminal device and the server, bypassing the website page.
  • the slider puzzle also has a user moving the slider bar to move, and the hacker directly communicates with the server when bypassing the terminal device.
  • the operation will not be performed on the website page, and the terminal device will not generate the information input mark and the slider operation mark. Therefore, in the embodiment, the user operations are recorded as the basis for determining whether the password is reset for the normal user, and the user is gradually verified.
  • identity information and logging pages operate greatly enhances the security and reliability of the password reset feature.
  • each information input tag and the slider operation tag are encrypted and sent to the server, and the specific implementation is: encrypting each information input tag and the slider operation flag.
  • the ciphertext of each information input mark and the slider operation mark is sent to the server, thereby improving the security of data transmission by encrypting communication.
  • the encryption algorithm is preferably a DES encryption algorithm, and DES is called Data Encryption Standard, which is a data encryption standard, and is a block algorithm using key encryption.
  • the DES encryption algorithm requires a key value as an encrypted parameter.
  • the key value of the embodiment is randomly generated by the server and then sent to the terminal device.
  • the key values of the users are different, so that each tag is encrypted by the same DES algorithm, and the encryption results of the users are different.
  • the security of the communication protocol between the terminal device and the server correspondingly, in this embodiment, the terminal device encrypts each information input tag and the slider operation flag according to the encryption parameter (key value) corresponding to the current user delivered by the server, and inputs each information into the tag and the slider operation tag. The text is sent to the server.
  • the specific encryption process of the DES encryption algorithm is:
  • Flagencryptdata DES.encrypt(flagdata,key);
  • flagencryptdata is the result of all the tags encrypted, sent directly to the server, DES.encrypt is the encryption interface of the DES encryption algorithm, flagdata is the DES encrypted data, is a combination of all the above tags, the key is issued by the server The key value of the DES encryption algorithm.
  • the specific decryption process is as follows:
  • Flagdecryptdata is the final decrypted data
  • DES.decrypt is the decryption interface of the DES algorithm
  • flagencryptdata is the encrypted data reported by the terminal device
  • key is the encryption key sent by the server to the terminal device.
  • the encryption of each information input tag and the slider operation flag is performed, in particular, the DES encryption algorithm is used to encrypt the mutually different key values generated by the server for different users, thereby ensuring the security of the tag and preventing the hacker. Forged data.
  • the server After receiving the encrypted data sent by the terminal device, the server decrypts the data, and determines whether the decrypted data is each tag generated by the terminal device. If yes, it is determined to be a normal user, and the password reset is performed. If not, Then terminate the password reset process. It should be noted that the manner in which the terminal device generates each tag is agreed with the server in advance, so the server can determine whether the decrypted data is a tag generated by the terminal device, and if the server does not connect. Receiving the encrypted data also terminates the password reset process (this is because the hacker cannot crack the encrypted data, causing the hacker to send encrypted data to the server).
  • the embodiment of the present application further provides a password reset method performed by a server, where the method includes the following steps:
  • Step S302 in the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device;
  • the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device receiving the user input user information through the user information input box.
  • Time generation, user information input box is multiple, one-to-one correspondence with each user information
  • the slider operation mark is generated by the terminal device when determining the user sliding slider puzzle
  • the user information input box and the slider puzzle are subordinate to the password reset.
  • the interface and password reset interface are provided by the terminal device according to the user's password reset instruction.
  • each user information, each user information input box, and each information input mark are in one-to-one correspondence.
  • the server determines whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device.
  • the slider puzzle may be moved while the slider is dragged as shown in FIG. 3, and when the user drags the slider to the specified position along the direction of the slider movement, the puzzle success.
  • Step S304 if a plurality of information input marks corresponding to each piece of user information from the terminal device and a slider operation mark corresponding to the slider puzzle are received, verify whether each information input mark and the slider operation mark are consistent. Preset rules.
  • the manner in which the terminal device generates each tag is agreed with the server in advance, such as:
  • the terminal device uses the first preset algorithm to calculate the first preset parameter, and generates an information input flag corresponding to the user information, where the first preset parameter includes the current date or all or part of the user information.
  • the first preset algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm;
  • the terminal device uses the second preset algorithm to calculate the second preset parameter, and generates a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter includes the current date, and the second preset algorithm is symmetric encryption. Algorithm or asymmetric encryption algorithm.
  • the preset rule refers to the parameters and algorithms used when generating each mark, and the server verifies whether each information input mark and the slider operation mark meet the preset rule.
  • the server parses the information input tag by using the first preset algorithm, where the first preset algorithm is the same as the first preset algorithm used by the terminal device to generate the information input tag.
  • the server determines whether the parsing result is the first preset parameter, where the first preset parameter is the same as the first preset parameter used by the terminal device to generate the information input flag, and if it is the first preset parameter, determining that the information input tag is consistent Preset rules.
  • a specific implementation manner may be: the user information is a mobile phone number of the user, and the first preset algorithm is a symmetric encryption algorithm, where the first preset information is the last four digits of the mobile phone number of the user, and the terminal device performs the last four digits of the mobile phone number of the user. Symmetric encryption, which obtains the information input tag corresponding to the user's mobile phone number.
  • the server parses the information input tag by using the same symmetric encryption algorithm, and determines whether the analysis result is the last four digits of the user's mobile phone number. If yes, it determines that the information input tag conforms to the preset rule.
  • the server parses the slider operation flag by using a second preset algorithm, wherein the second preset algorithm is the same as the second preset algorithm used when the terminal device generates the slider operation flag.
  • the server determines whether the parsing result is a second preset parameter, where the second preset parameter is the same as the second preset parameter used by the terminal device to generate the slider operation flag, and if it is the second preset parameter, determining the slider operation
  • the tag complies with the preset rules.
  • a specific implementation manner may be: the terminal device is a current date, such as "day” in the year-month-day as the second preset parameter, and the second preset parameter is symmetrically encrypted by using the second preset algorithm, The result obtained is used as a slider operation mark corresponding to the slider puzzle.
  • the server receives the slider operation mark, it uses the same symmetric encryption algorithm to parse the slider operation mark to determine whether the analysis result is "day" in the current date, and if so, it determines that the slider operation mark conforms to the preset rule.
  • the information parameter is set corresponding to the user information input box, and the information parameter is assigned to the first preset protocol value, and the information input flag corresponding to the user information is generated;
  • the block operation sets the slider parameter to determine when the user slides the slider puzzle, assigns the slider parameter to the second preset protocol value, and generates a slider operation mark corresponding to the slider puzzle.
  • whether the server verification information input flag meets the preset rule may be: whether the value of the information parameter in the verification information input tag is the first preset protocol value, and if yes, determining that the information input tag conforms to the preset rule. Verify that the value of the slider parameter in the slider operation marker is the second default protocol value, and if so, determine that the slider operation marker conforms to the preset rule.
  • each mark can be verified is not specifically limited, and may be determined based on actual conditions.
  • Step S306 if each information input flag and the slider operation flag meet the preset rule, a password reset instruction is sent to the terminal device to guide the user to perform password reset.
  • a password reset instruction is sent to the terminal device to guide the user to perform password reset.
  • the error causes the hacker to send the data to the server including the various tags of the error, so when the server does not receive a plurality of information input tags corresponding to each user information and a slider operation flag corresponding to the slider puzzle, or the server
  • the confirmation data comes from the abnormal user, and the password reset process is ended.
  • the server determines whether a plurality of information input tags corresponding to each user information and a slider operation mark corresponding to the slider puzzle are received from the terminal device during the user application password reset process. If received, verify whether each information input mark and the slider operation mark meet the preset rule; if each information input mark and the slider operation mark meet the preset rule, send a password reset instruction to the terminal device, Guide the user to reset the password.
  • a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format and communication are changed. The content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the terminal device records the page operation of the user by generating a plurality of information input tags and a slider operation flag, indicating that the user performs the actual operation of inputting information, sliding the slider, and the like on the website page. behavior. Since the hacker usually steals the user password and does not operate on the website page, but bypasses the terminal device to directly interact with the server, the information sent by the hacker to the server must not include multiple information input tags and slider operation tags, or include The erroneous information input flag and the slider operation flag, so that the method in the embodiment can also help the server to distinguish whether the received information is from a normal user or a hacker, thereby preventing the hacker from stealing the user password and improving the security of the password. .
  • the server in this embodiment is also capable of verifying the user information sent by the terminal device, specifically, determining whether to receive the one-to-one correspondence with each user information from the terminal device.
  • the method in this embodiment further includes:
  • the server can verify whether the user information is correct in two ways.
  • One method is: when the terminal device sends user information one by one, the server receives the first user information sent by the terminal device, and verifies whether the first user information is correct, such as whether the account name exists, and if the verification passes, the method is The terminal device sends a correct verification command, and the server receives the second user information sent by the terminal device, such as a mobile phone number, and verifies whether the mobile phone number matches the account name. If it matches, the correct command is sent to the terminal device, and the loop is performed. Until the last user information is verified to be correct, and the verification result is sent to the terminal device.
  • Another way is that when the terminal device sends multiple user information at the same time, the server receives all user information, verifies all user information, and sends the verification result to the terminal device.
  • the verification of each user information ensures that the user is reset to the password when the user information is correct, thereby further ensuring the security of the password reset.
  • the server in this embodiment is also capable of parsing the encrypted tag. Specifically, each information input tag and the slider operation tag are in cipher text form, and each information input tag and slide are verified. Whether the block operation flags are consistent with the above preset rules may be:
  • each information input mark and the slider operation mark are decrypted according to the key value previously delivered to the terminal device, and the plaintext of each information input mark and the slider operation mark is obtained. And verify that the plaintext of each information input mark and the slider operation mark meet the above preset rules.
  • decryption process reference may be made to the description of the terminal device side, and details are not described herein again.
  • the server randomly generates a key value corresponding to each user, the tag encryption results of the respective users are mutually out of phase. In the same way, the security of the mark can be further ensured to prevent the hacker from forging data.
  • the password resetting method in the embodiment of the present application can improve the difficulty of cracking the communication protocol, reduce the risk of the user password being stolen, and help the server to discriminate and not receive the password. Whether the information comes from normal users or from hackers, thus preventing hackers from stealing user passwords and improving password security.
  • the embodiment of the present application further provides a password resetting device, which is located on the terminal device side, and may be located inside the terminal device or outside the terminal device, including :
  • the interface providing module 41 is configured to provide a password reset interface according to the password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, and the user information includes the user.
  • the account number also includes one or more of the user name, the user's mobile phone number, and the user's answer to the specified question;
  • the first mark generating module 42 is configured to generate an information input mark corresponding to the user information when the user information input by the user is received by the user information input box;
  • a second mark generating module 43 is configured to: when the user slides the slider puzzle, generate a slider operation mark corresponding to the slider puzzle;
  • the tag sending module 44 is configured to: when generating a plurality of information input tags corresponding to each piece of user information and the completion result of the slider jig is correct, send each information input tag and the slider operation tag to the server, so that the server The user is prompted to perform a password reset based on each information input tag and slider action tag.
  • the first mark generating module 42 is specifically configured to: perform operation on the first preset parameter by using the first preset algorithm, and generate an information input mark corresponding to the user information, where the first preset parameter includes a current date or user information. All or part of the content.
  • the second mark generating module 43 is specifically configured to: use the second preset algorithm to calculate the second preset parameter, and generate a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter includes the current date.
  • the device in the embodiment of the present application provides a password reset interface according to the password reset command of the user, and the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information;
  • the user information input box receives a user information input by the user, generates an information input mark corresponding to the user information; when determining that the user slides the slider puzzle, generates a slider operation mark corresponding to the slider puzzle; when generating and
  • each information input mark and the slider operation mark are sent to the server, so that the server guides the user according to each information input mark and the slider operation mark. Perform a password reset.
  • the communication between the terminal device and the server is performed by the device in this embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the device in this embodiment further includes: an information sending module, configured to: after receiving the user information input by the user through the user information input box, the user information is included in the case that the user information input by the user equipment is incorrect. Send to the server, so that the server verifies that the user information is correct; the state transition module is configured to change the slider puzzle into a slidable state after receiving the correct instruction of each user information sent by the server.
  • the above-mentioned tag sending module 44 is specifically used for:
  • the information input tag and the slider operation tag are encrypted, and the ciphertext of each information input tag and slider operation tag is sent to the server.
  • the embodiment of the present application further provides a password resetting device, which is located on the server side, and may be located inside the server or outside the server, and includes:
  • the tag determining module 51 is configured to determine, during the user requesting password resetting process, whether to receive a plurality of information input tags and a slider operation flag corresponding to the slider puzzles corresponding to each user information from the terminal device;
  • the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device receiving the user input user information through the user information input box.
  • Time generation, user information input box is multiple, one-to-one correspondence with each user information
  • the slider operation mark is generated by the terminal device when determining the user sliding slider puzzle
  • the user information input box and the slider puzzle are subordinate to the password reset.
  • the interface and the password reset interface are provided by the terminal device according to the user's password reset instruction;
  • the mark verification module 52 is configured to check each information input mark and the slider if receiving a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information from the terminal device. Whether the operation flags are consistent with the preset rules;
  • the command sending module 53 is configured to send a password reset command to the terminal device to guide the user to perform password reset if each information input flag and the slider operation flag meet the preset rule.
  • the tag verification module 52 includes: a first verification sub-module, configured to parse the information input tag by using the first preset algorithm, and verify whether the parsing result is the first preset parameter, and if yes, determine that the information input tag meets the pre-determination Setting a rule, the first preset parameter includes the current date or all or part of the content of the user information corresponding to the information input mark; the second syndrome module is configured to parse the slider operation mark by the second preset algorithm, and verify the analysis result. Whether it is the second preset parameter, if yes, it is determined that the slider operation mark conforms to the preset rule, and the second preset parameter includes the current date.
  • the server determines whether a plurality of information input tags corresponding to each user information and a slider operation mark corresponding to the slider puzzle are received from the terminal device during the user request password reset process. If received, verify whether each information input mark and the slider operation mark meet the preset rule; if each information input mark and the slider operation mark meet the preset rule, send a password reset instruction to the terminal device, Guide the user to reset the password.
  • a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the server in this embodiment is also capable of verifying the user information sent by the terminal device.
  • the device further includes: an information verification module, configured to determine whether to receive the user information from the terminal device. Before receiving the corresponding information input mark and the slider operation mark corresponding to the slider puzzle, receiving the user information sent by the terminal device, verifying whether the user information is correct; and the result sending module, when verifying that the user information is correct, to the terminal The device sends the user information to verify the correct command.
  • the verification of each user information ensures that the user is reset to the password when the user information is correct, thereby further ensuring the security of the password reset.
  • the server in this embodiment is also capable of parsing the encrypted mark.
  • each information input mark and the slider operation mark are in cipher text form, and the mark check module 52 includes: a decryption sub-module for each information.
  • the input mark and the slider operation mark are decrypted to obtain the plaintext of each information input mark and the slider operation mark; the plaintext check sub-module is used to check whether the plaintext of each information input mark and the slider operation mark conform to the preset rule. .
  • the server randomly generates the key value corresponding to each user, so that the tag encryption results of the respective users are different from each other, the security of the tag can be further ensured, and the hacker is prevented from forging data.
  • the password resetting device in the embodiment of the present application combined with the cooperation between the terminal device and the server side, can improve the difficulty of cracking the communication protocol, reduce the risk of the user password being stolen, and help the server identify the other receiving. Whether the information comes from normal users or from hackers, thus preventing hackers from stealing user passwords and improving password security.
  • the embodiment of the present application further provides an electronic device.
  • FIG. 7 is a schematic block diagram of an electronic device 60 in accordance with an embodiment of the present application.
  • the electronic device 60 provided by the embodiment of the present application includes: a memory 61 and a processor 62.
  • the memory 61 is for storing a program.
  • the processor 62 is configured to execute by calling a program stored in the memory 61.
  • the electronic device 60 may be the terminal device or the server described above.
  • the processor 62 calls a program stored in the memory 61 to perform a method including the following steps:
  • the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, wherein the user information includes a user account, And including one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and when the user information input box receives the user information input by the user, generating an information input identifier corresponding to the user information;
  • the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle; when generating a plurality of the information input marks corresponding to each piece of the user information and the slider puzzle
  • each of the information input flag and the slider operation flag are sent to the server, so that the server guides the user to perform a password according to each of the information input flag and the slider operation flag.
  • the processor 62 calls a program stored in the memory 61 to perform a method including the following steps:
  • the terminal device determines whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user
  • the account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box.
  • the user information input box is a plurality of, corresponding to each of the user information
  • the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle, and the user information is input.
  • the frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is provided by the terminal device according to a password reset command of the user; if receiving the one-to-one correspondence with each user information from the terminal device a plurality of information input marks and a slider operation mark corresponding to the slider puzzle, and verifying each of the information input marks and the slider operation target Whether comply with a preset rule; if each of the input information flag and the operation flag slider comply The preset rule sends a password reset instruction to the terminal device to guide the user to perform password reset.
  • the processor 62 executes various function applications and data processing by running the above-described programs stored in the memory 61.
  • the memory 61 may include, but is not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM), erasable read-only Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like.
  • the processor 62 may execute the foregoing method stored in the memory 61 after receiving the execution instruction, and implement the method defined by the flow disclosed in any of the foregoing embodiments of the present application.
  • Processor 62 can be an integrated circuit chip with signal processing capabilities.
  • the processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processor (DSP) or an application specific integrated circuit (ASIC). ), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • FIG. 7 is merely illustrative, and the electronic device 60 may further include more or less components than those shown in FIG. 7, or have a different configuration from that shown in FIG.
  • the components shown in Figure 7 can be implemented in hardware, software, or a combination thereof.
  • the modules and units of the apparatus in the foregoing embodiments may be implemented by software code.
  • the modules and units described above may be stored in the memory 601 of the electronic device 60.
  • the above modules and units can also be implemented by hardware such as an integrated circuit chip.
  • the password resetting device provided by the embodiment of the present application may be specific hardware on the device or software or firmware installed on the device.
  • the implementation principle and the technical effects of the device provided by the embodiment of the present application are the same as those of the foregoing method embodiment.
  • a person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working processes of the foregoing system, the device and the unit can refer to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some communication interface, device or unit, and may be electrical, mechanical or otherwise.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in the embodiment provided by the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present application, or the part contributing to the related art, or the part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Provided by the present application are a password reset method, an apparatus, a processing device and server, and a computer-readable medium, the method comprising: providing a password reset interface according to a password reset instruction of a user, the password reset interface comprising a plurality of user information input boxes and slide block puzzles that are in one-to-one correspondence with various user information; generating an information input mark corresponding to the user information when receiving the user information input by the user by means of the user information input boxes; generating a slide block operation mark corresponding to a slide block puzzle when determining that the user slides the slide block puzzle; and sending each information input mark and the slide block operation marks to a server when the plurality of the information input marks that are in one-to-one correspondence with the various user information are generated and a completion result of the slide block puzzle is correct, so that the server instructs the user to reset a password according to each information input mark and the slide block operation marks. By means of the password reset method, apparatus, processing device and server of the present application, the difficulty in cracking a communication protocol between a terminal device and a server may be increased, and the risk of a user password being stolen may be reduced.

Description

密码重设方法、装置、终端设备及服务器、计算机可读介质Password reset method, device, terminal device and server, computer readable medium
本申请要求于2016年10月20日提交中国专利局、申请号为CN201610916303.7、发明名称为“密码重设方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application, filed on Oct. 20, 2016, the application Serial No. CN201610916303.7, entitled "Password Resetting Method and Apparatus", the entire contents of which are hereby incorporated by reference. in.
技术领域Technical field
本申请涉及互联网技术领域,具体而言,涉及一种密码重设方法、装置、终端设备及服务器、计算机可读介质。The present application relates to the field of Internet technologies, and in particular, to a password reset method, apparatus, terminal device, and server, and computer readable medium.
背景技术Background technique
目前,各个网站均提供账号密码登录功能,用户需要在网站中输入有效的账号和密码,网站对账号和密码进行校验,校验通过后用户登录成功,否则登录失败。At present, each website provides an account password login function. The user needs to input a valid account and password on the website. The website verifies the account and password. After the verification is passed, the user logs in successfully, otherwise the login fails.
当用户忘记密码时,能够通过网站提供的密码重设功能重设密码。相关技术中的密码重设流程大致如下:用户在终端设备提供的网站页面上输入用户信息,如昵称和手机号码,终端设备将用户信息发送至服务器,服务器校验该用户信息是否正确,如果正确,则通过终端设备引导用户重新设置密码,如果不正确,则通过终端设备提示上述用户信息错误。When the user forgets the password, he can reset the password through the password reset function provided by the website. The password resetting process in the related art is roughly as follows: the user inputs user information, such as a nickname and a mobile phone number, on the website page provided by the terminal device, and the terminal device sends the user information to the server, and the server verifies whether the user information is correct, if correct Then, the terminal device is used to guide the user to reset the password. If not, the user information is prompted to be incorrect through the terminal device.
相关技术中的密码重设流程,终端设备将用户信息发送至服务器,服务器在校验获取到的用户信息正确后引导用户重设密码。然而,相关技术中终端设备与服务器之间的通信协议很容易被黑客破解,黑客破解终端设备与服务器之间的通信协议后,能够拦截终端设备与服务器之间的通信数据,或者绕开终端设备直接与服务器通信,从而冒充用户重设密码,导致用户密码被盗。In the password reset process in the related art, the terminal device sends the user information to the server, and the server guides the user to reset the password after verifying that the obtained user information is correct. However, the communication protocol between the terminal device and the server in the related art is easily cracked by a hacker. After the hacker cracks the communication protocol between the terminal device and the server, the communication data between the terminal device and the server can be intercepted, or the terminal device can be bypassed. Communicate directly with the server, pretending to reset the password, causing the user's password to be stolen.
可见,相关技术中终端设备与服务器之间的通信协议破解难度低,用户密码被盗的风险大。It can be seen that in the related art, the communication protocol between the terminal device and the server is difficult to crack, and the risk of the user password being stolen is large.
发明内容Summary of the invention
有鉴于此,本申请的目的在于提供一种密码重设方法、装置、终端设备及服务器、计算机可读介质,以提高终端设备与服务器之间的通信协议的破解难度,降低用户密码被盗的风险。In view of this, the purpose of the present application is to provide a password reset method, apparatus, terminal device, and server, computer readable medium, to improve the difficulty of cracking a communication protocol between a terminal device and a server, and to reduce the stolen user password. risk.
第一方面,本申请实施例提供了一种密码重设方法,包括:根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;确定所述用户滑动所述滑块拼图时,生成所述滑块拼图对应的滑块操作标记;当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。In a first aspect, the embodiment of the present application provides a password resetting method, including: providing a password resetting interface according to a password resetting instruction of a user, where the password resetting interface includes one-to-one correspondence with each user information. User information input box and slider puzzle, the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and is received through the user information input box. When the user information is input by the user, the information input flag corresponding to the user information is generated; when the user slides the slider puzzle, the slider operation mark corresponding to the slider puzzle is generated; When the plurality of the information input marks corresponding to the user information are one-to-one and the completion result of the slider puzzle is correct, each of the information input marks and the slider operation mark are sent to the server, so that the server according to each The information input tag and the slider operation flag direct the user to perform a password reset.
结合第一方面,本申请实施例提供了第一方面第一种可能的实施方式,其中,所述生成所述用户信息对应的信息输入标记,包括:利用第一预设算法对第一预设参数进行运算,生成所述用户信息对应的信息输入标记,其中,所述第一预设参数包括当前日期或者所述用户信息的全部或部分内容。With reference to the first aspect, the embodiment of the present application provides the first possible implementation manner of the first aspect, wherein the generating the information input identifier corresponding to the user information comprises: using the first preset algorithm to the first preset The parameter performs an operation to generate an information input tag corresponding to the user information, where the first preset parameter includes a current date or all or part of the content of the user information.
结合第一方面,本申请实施例提供了第一方面第二种可能的实施方式,其中,所述生成所 述滑块拼图对应的滑块操作标记,包括:利用第二预设算法对第二预设参数进行运算,生成所述滑块拼图对应的滑块操作标记,其中,所述第二预设参数包括当前日期。With reference to the first aspect, the embodiment of the present application provides a second possible implementation manner of the first aspect, where The slider operation mark corresponding to the slider puzzle includes: calculating a second preset parameter by using a second preset algorithm, and generating a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter Includes current date.
结合第一方面,本申请实施例提供了第一方面第三种可能的实施方式,其中,对应用户信息输入框设置信息参数,所述生成所述用户信息对应的信息输入标记,包括:将所述信息参数赋值为第一预设协议值,生成用户信息对应的信息输入标记。With reference to the first aspect, the embodiment of the present application provides a third possible implementation manner of the first aspect, where the information parameter is set corresponding to the user information input box, and the information input identifier corresponding to the user information is generated, including: The information parameter is assigned a first preset protocol value, and an information input tag corresponding to the user information is generated.
结合第一方面,本申请实施例提供了第一方面第四种可能的实施方式,其中,对应滑块操作设置滑块参数,所述生成所述滑块拼图对应的滑块操作标记,包括:将滑块参数赋值为第二预设协议值,生成滑块拼图对应的滑块操作标记。结合第一方面,本申请实施例提供了第一方面第五种可能的实施方式,其中,在所述通过所述用户信息输入框接收到用户输入的用户信息后,所述方法还包括:将所述用户信息发送至所述服务器,以使所述服务器校验所述用户信息是否正确;在接收到所述服务器发送的各项所述用户信息均校验正确的指令后,将所述滑块拼图变为可滑动状态。With reference to the first aspect, the embodiment of the present application provides a fourth possible implementation manner of the first aspect, wherein the slider operation parameter is set by the corresponding slider operation, and the slider operation flag corresponding to the slider puzzle is generated, including: The slider parameter is assigned to the second preset protocol value, and the slider operation mark corresponding to the slider puzzle is generated. With reference to the first aspect, the embodiment of the present application provides a fifth possible implementation manner of the first aspect, wherein after the user information input by the user is received by the user information input box, the method further includes: Sending the user information to the server, so that the server checks whether the user information is correct; after receiving the instruction that each user information sent by the server is verified to be correct, the sliding is performed. The block puzzle becomes slidable.
结合第一方面上述的实施方式,本申请实施例提供了第一方面第六种可能的实施方式,其中,所述将各个所述信息输入标记和所述滑块操作标记发送至服务器,包括:对各个所述信息输入标记和所述滑块操作标记进行加密,将各个所述信息输入标记和所述滑块操作标记的密文发送至所述服务器。With reference to the above-mentioned embodiments of the first aspect, the embodiment of the present application provides the sixth possible implementation manner of the first aspect, wherein the sending the information input flag and the slider operation flag to the server include: Each of the information input tag and the slider operation flag is encrypted, and each of the information input tag and the ciphertext of the slider operation flag is transmitted to the server.
第二方面,本申请实施例提供了一种密码重设方法,包括:在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;若各个所述信息输入标记和所述滑块操作标记均符合所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。In a second aspect, the embodiment of the present application provides a password resetting method, including: determining, during a user requesting password resetting process, whether multiple information input tags corresponding to each user information are received from a terminal device. And a slider operation mark corresponding to the slider puzzle; wherein the user information includes a user account, and further includes one or more of a user name, a user mobile phone number, and a user's answer to the specified question, and the information input is marked as The terminal device is generated when the user information input by the user is received through the user information input box, and the user information input box is multiple, and the user operation information is in one-to-one correspondence with the user information, and the slider operation is marked as The terminal device is generated when the user slides the slider puzzle, and the user information input box and the slider puzzle are subordinate to the password reset interface, and the password reset interface is reset by the terminal device according to the password of the user. Provided by the instruction; if receiving a plurality of information input marks corresponding to each user information from the terminal device and a slider corresponding to the slider puzzle Marking, verifying whether each of the information input mark and the slider operation mark meets a preset rule; if each of the information input mark and the slider operation mark conform to the preset rule, The terminal device sends a password reset command to guide the user to perform password reset.
结合第二方面,本申请实施例提供了第二方面第一种可能的实施方式,其中,所述校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则,包括:通过第一预设算法解析所述信息输入标记,校验解析结果是否为第一预设参数,若是,则确定所述信息输入标记符合所述预设规则,所述第一预设参数包括当前日期或者所述信息输入标记对应的用户信息的全部或部分内容。With reference to the second aspect, the embodiment of the present application provides the first possible implementation manner of the second aspect, wherein the verifying whether each of the information input mark and the slider operation mark meet the preset rule includes: Parsing the information input flag by using a first preset algorithm, and verifying whether the parsing result is a first preset parameter, and if yes, determining that the information input flag conforms to the preset rule, where the first preset parameter includes a current The date or the information input all or part of the content of the user information corresponding to the mark.
结合第二方面,本申请实施例提供了第二方面第二种可能的实施方式,其中,校验所述滑块操作标记是否符合预设规则包括:通过第二预设算法解析所述滑块操作标记,校验解析结果是否为第二预设参数,若是,则确定所述滑块操作标记符合所述预设规则,所述第二预设参数 包括当前日期。With reference to the second aspect, the embodiment of the present application provides a second possible implementation manner of the second aspect, wherein verifying whether the slider operation flag meets a preset rule comprises: parsing the slider by using a second preset algorithm The operation mark is used to check whether the analysis result is a second preset parameter, and if yes, determining that the slider operation mark conforms to the preset rule, and the second preset parameter Includes current date.
结合第二方面,本申请实施例提供了第二方面第三种可能的实施方式,其中,所述信息输入标记中包括信息参数,所述校验各个所述信息输入标记是否均符合预设规则,包括:校验信息输入标记中信息参数的值是否为第一预设协议值,若是,则确定信息输入标记符合预设规则。With reference to the second aspect, the embodiment of the present application provides a third possible implementation manner of the second aspect, wherein the information input flag includes an information parameter, and the verification whether each of the information input tags meets a preset rule The method includes: checking whether the value of the information parameter in the information input tag is a first preset protocol value, and if yes, determining that the information input tag conforms to a preset rule.
结合第二方面,本申请实施例提供了第二方面第四种可能的实施方式,其中,所述滑块操作标记中包括滑块参数,校验所述滑块操作标记是否符合预设规则包括:校验滑块操作标记中滑块参数的值是否为第二预设协议值,若是,则确定滑块操作标记符合预设规则。With reference to the second aspect, the embodiment of the present application provides a fourth possible implementation manner of the second aspect, wherein the slider operation flag includes a slider parameter, and whether the slider operation flag meets a preset rule includes : Verify that the value of the slider parameter in the slider operation tag is the second preset protocol value, and if so, determine that the slider operation flag conforms to the preset rule.
结合第二方面,本申请实施例提供了第二方面第五种可能的实施方式,其中,在判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记之前,所述方法还包括:接收所述终端设备发送的所述用户信息,校验所述用户信息是否正确;当校验所述用户信息正确时,向所述终端设备发送所述用户信息校验正确的指令。With reference to the second aspect, the embodiment of the present application provides a fifth possible implementation manner of the second aspect, wherein, in determining whether a plurality of information input tags and corresponding slidings corresponding to each user information from the terminal device are received, Before the slider operation of the block puzzle, the method further includes: receiving the user information sent by the terminal device, verifying whether the user information is correct; and when verifying that the user information is correct, the terminal is The device sends the user information to verify the correct instruction.
结合第二方面上述的实施方式,本申请实施例提供了第二方面第六种可能的实施方式,其中,各个所述信息输入标记和所述滑块操作标记均为密文形式,所述校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则,包括:对各个所述信息输入标记和所述滑块操作标记进行解密,得到各个所述信息输入标记和所述滑块操作标记的明文;校验各个所述信息输入标记和所述滑块操作标记的明文是否均符合所述预设规则。With reference to the foregoing embodiments of the second aspect, the embodiment of the present application provides a sixth possible implementation manner of the second aspect, wherein each of the information input mark and the slider operation mark are in a cipher text form, and the school Determining whether each of the information input mark and the slider operation mark meets a preset rule, comprising: decrypting each of the information input mark and the slider operation mark to obtain each of the information input marks and the The plaintext of the slider operation mark; whether the plaintext of each of the information input mark and the slider operation mark meets the preset rule.
第三方面,本申请实施例提供了一种密码重设装置,包括:界面提供模块,用于根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;第一标记生成模块,用于通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;第二标记生成模块,用于确定所述用户滑动所述滑块拼图时,生成所述滑块拼图对应的滑块操作标记;标记发送模块,用于当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。In a third aspect, the embodiment of the present application provides a password resetting apparatus, including: an interface providing module, configured to provide a password resetting interface according to a password resetting instruction of a user, where the password resetting interface includes each user a plurality of user information input boxes and slider puzzles corresponding to the information one by one, the user information includes a user account, and further includes one or more of a user name, a user mobile phone number, and an answer of the user to the specified question; a generating module, configured to generate an information input tag corresponding to the user information when the user information input by the user is received by the user information input box, and a second tag generating module, configured to determine that the user slides the slider puzzle And generating a slider operation mark corresponding to the slider puzzle; the mark sending module is configured to generate a plurality of the information input marks corresponding to each piece of the user information and the completion result of the slide puzzle When correct, each of the information input flag and the slider operation flag are sent to a server to cause the server to input according to each of the information And directing the operation flag of the slider referred to reset user password.
第四方面,本申请实施例提供了一种密码重设装置,包括:标记判断模块,用于在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;标记校验模块,用于若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;指令发送模块,用于若各个所述信息输入标记和 所述滑块操作标记均符合所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。In a fourth aspect, the embodiment of the present application provides a password resetting apparatus, including: a marking determining module, configured to determine, in a process of applying for a password resetting, whether to receive a one-to-one correspondence with each user information from a terminal device. a plurality of information input marks and a slider operation mark corresponding to the slider puzzle; wherein the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, The information input is generated by the terminal device when the user information input by the user is received through the user information input box, and the user information input box is multiple, and the user information is in one-to-one correspondence with each of the user information. The slider operation flag is generated by the terminal device when determining a user sliding slider puzzle, the user information input box and the slider puzzle are subordinate to a password reset interface, and the password reset interface is the terminal device According to the user's password reset instruction, the mark verification module is configured to receive one-to-one correspondence with each user information from the terminal device. And the information input flag and the slider operation mark corresponding to the slider puzzle, verifying whether each of the information input mark and the slider operation mark meet the preset rule; and the command sending module is configured to input each of the information Mark and The slider operation marks all conform to the preset rule, and send a password reset instruction to the terminal device to guide the user to perform password reset.
第五方面,本申请实施例提供了一种终端设备,包括:存储器,被配置为存储程序,处理器,被配置为通过调用所述存储器中存储的程序,执行包括以下步骤的方法:根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;确定所述用户滑动所述滑块拼图时,生成所述滑块拼图对应的滑块操作标记;当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。In a fifth aspect, an embodiment of the present application provides a terminal device, including: a memory configured to store a program, where the processor is configured to execute a method including the following steps by calling a program stored in the memory: according to a user The password resetting instruction provides a password resetting interface, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, the user information including the user account, and the user One or more of a name, a user's mobile phone number, and a user's answer to the specified question; when the user information input box receives the user information input by the user, generating an information input flag corresponding to the user information; When the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle; when generating a plurality of the information input marks corresponding to each piece of the user information and completing the slider puzzle When the result is correct, each of the information input flag and the slider operation flag are sent to the server, so that the server Directing the operation flag of the input information flag of the slider and reset user password.
第六方面,本申请实施例提供了一种服务器,所述服务器包括:存储器,被配置为存储程序,处理器,被配置为通过调用所述存储器中存储的程序,执行包括以下步骤的方法:在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;若各个所述信息输入标记和所述滑块操作标记均符合所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。In a sixth aspect, an embodiment of the present application provides a server, where the server includes: a memory configured to store a program, and the processor is configured to execute a method including the following steps by calling a program stored in the memory: In the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user The account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box. And generating, the user information input box is a plurality of, corresponding to each of the user information, the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle, and the user information is input. The frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is based on the user's The code resetting instruction provides; if receiving a plurality of information input marks corresponding to each user information from the terminal device and a slider operation mark corresponding to the slider puzzle, verifying each of the information input marks and the Whether the slider operation marks all conform to the preset rule; if each of the information input mark and the slider operation mark meets the preset rule, sending a password reset instruction to the terminal device to guide the user Perform a password reset.
根据本发明再一方面,提供一种具有处理器可执行的非易失的程序代码的计算机可读介质,所述程序代码使所述处理器执行上述方法。According to still another aspect of the present invention, a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the above method.
本申请实施例中的方法、装置、终端设备及服务器、计算机可读介质,根据用户的密码重设指令,提供密码重设界面,该密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图;通过一个用户信息输入框接收到用户输入的一项用户信息时,生成该项用户信息对应的信息输入标记;确定用户滑动滑块拼图时,生成滑块拼图对应的滑块操作标记;当生成与各项用户信息一一对应的多个信息输入标记且滑块拼图的完成结果正确时,将各个信息输入标记和滑块操作标记发送至服务器,以使服务器根据各个信息输入标记和滑块操作标记引导用户进行密码重设。与相关技术相比,通过本实施例中的方法、装置、终端设备及服务器、计算机可读介质,终端设备与服务器之间在进行通信时,通信内容中增加了多个信息输入标记和滑块操作标记,也即改变了原有的通信格式和通信内容,使得通信内容更多,从而提高了终端设备与服务器之间的通信协议的破解难度,降低了用户密码被盗的风险。 The method, the device, the terminal device, the server, and the computer readable medium in the embodiment of the present application provide a password reset interface according to the password reset command of the user, and the password reset interface includes one-to-one correspondence with each user information. User information input box and slider puzzle; when receiving a user information input by the user through a user information input box, generating an information input mark corresponding to the user information; determining a user to slide the slider puzzle to generate a slider puzzle Corresponding slider operation mark; when generating a plurality of information input marks corresponding to each user information one by one and the result of the completion of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server to make the server The user is prompted to perform a password reset based on each information input tag and slider action tag. Compared with the related art, when the communication between the terminal device and the server is performed by the method, the device, the terminal device, the server, and the computer readable medium in the embodiment, a plurality of information input marks and sliders are added to the communication content. The operation mark, that is, the original communication format and communication content are changed, so that the communication content is more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
为使本申请的上述目的、特征和优点能更明显易懂,下文特举较佳实施例,并配合所附附图,作详细说明如下。The above described objects, features, and advantages of the present invention will become more apparent from the following description.
附图说明DRAWINGS
为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本申请的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings to be used in the embodiments will be briefly described below. It should be understood that the following drawings show only certain embodiments of the present application, and therefore It should be seen as a limitation on the scope, and those skilled in the art can obtain other related drawings according to these drawings without any creative work.
图1为本申请较佳实施例提供的服务器与终端设备进行交互的示意图;1 is a schematic diagram of interaction between a server and a terminal device according to a preferred embodiment of the present application;
图2示出了本申请实施例提供的密码重设方法的终端设备侧的流程示意图;2 is a schematic flowchart of a terminal device side of a password reset method provided by an embodiment of the present application;
图3示出了本申请实施例提供了的密码重设界面的示意图;FIG. 3 is a schematic diagram of a password reset interface provided by an embodiment of the present application;
图4示出了本申请实施例提供的密码重设方法的服务器侧的流程示意图;FIG. 4 is a schematic flowchart of a server side of a password reset method provided by an embodiment of the present application;
图5示出了本申请实施例所提供的位于终端设备侧的密码重设装置的模块组成示意图;FIG. 5 is a schematic diagram showing the module composition of the password resetting device located on the terminal device side provided by the embodiment of the present application;
图6示出了本申请实施例所提供的位于服务器侧的密码重设装置的模块组成示意图;FIG. 6 is a schematic diagram showing the module composition of the password resetting device on the server side provided by the embodiment of the present application;
图7是本申请的实施例所提供的一种电子设备的示意性方框图。FIG. 7 is a schematic block diagram of an electronic device provided by an embodiment of the present application.
具体实施方式detailed description
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。通常在此处附图中描述和示出的本申请实施例的组件可以以各种不同的配置来布置和设计。因此,以下对在附图中提供的本申请的实施例的详细描述并非旨在限制要求保护的本申请的范围,而是仅仅表示本申请的选定实施例。基于本申请的实施例,本领域技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present application. It is obvious that the described embodiments only It is a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in various different configurations. The detailed description of the embodiments of the present application, which is set forth in the claims All other embodiments obtained by a person skilled in the art based on the embodiments of the present application without creative efforts are within the scope of the present application.
如图1所示,是本发明较佳实施例提供的服务器与终端设备进行交互的示意图。所述服务器通过网络与一个或多个终端设备进行通信连接,以进行数据通信或交互。所述服务器可以是网络服务器、数据库服务器等。所述终端设备可以是个人电脑(personal computer,PC)、平板电脑、智能手机、个人数字助理(personal digital assistant,PDA)等。As shown in FIG. 1 , it is a schematic diagram of a server and a terminal device interacting with a preferred embodiment of the present invention. The server is in communication with one or more terminal devices over a network for data communication or interaction. The server may be a web server, a database server, or the like. The terminal device may be a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), or the like.
考虑到相关技术中终端设备与服务器之间的通信协议破解难度低,用户密码被盗的风险大的问题,本申请实施例提供了一种密码重设方法、装置、终端设备及服务器、计算机可读介质,以提高终端设备与服务器之间的通信协议的破解难度,降低用户密码被盗的风险,下面结合实施例进行具体描述。Considering the problem that the communication protocol between the terminal device and the server in the related art is low and the risk of the user password being stolen is large, the embodiment of the present application provides a password resetting method, device, terminal device, server, and computer. The medium is read to improve the difficulty of cracking the communication protocol between the terminal device and the server, and the risk of the user password being stolen is reduced. The following is specifically described in conjunction with the embodiments.
图2示出了本申请实施例提供的密码重设方法的终端设备侧的流程示意图,该方法由终端设备执行,如图2所示,该方法包括以下步骤:FIG. 2 is a schematic flowchart of a terminal device side of a password reset method according to an embodiment of the present disclosure. The method is performed by a terminal device. As shown in FIG. 2, the method includes the following steps:
步骤S102,根据用户的密码重设指令,提供密码重设界面,该密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项。 Step S102, providing a password resetting interface according to the password resetting instruction of the user, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, and the user information includes a user account, and Includes one or more of the user's name, the user's mobile number, and the user's answer to the specified question.
本实施例中,终端设备内安装有特定的应用程序,如网站APP,或者运行有特定的应用平台,如通过浏览器运行的网站页面,当用户通过该应用程序或者该应用平台输入密码重设指令时,如在该应用程序或者该应用平台提供的登录界面上点击“忘记密码”控件时,该应用程序或者该应用平台接收用户输入的密码重设指令,向用户提供密码重设界面。In this embodiment, a specific application, such as a website APP, or a specific application platform, such as a website page running through a browser, is installed in the terminal device, and the user resets the password through the application or the application platform. In the instruction, if the "forgot password" control is clicked on the login interface provided by the application or the application platform, the application or the application platform receives a password reset instruction input by the user, and provides a password reset interface to the user.
图3示出了本申请实施例提供了的密码重设界面的示意图。如图3所示,密码重设界面包括多个用户信息输入框,每个用户信息输入框与一项用户信息相对应,用户信息至少包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,其中指定问题可以是用户注册时预留的密保问题。图3中,用户信息包括用户账号和用户手机号,用户信息输入框包括两个,一个用于输入用户账号,另一个用于输入用户手机号。如图3所示,该密码重设界面还包括滑块拼图,当用户拖动滑块到正确位置时,该应用程序或者该应用平台确定滑块拼图完成结果正确。FIG. 3 is a schematic diagram of a password reset interface provided by an embodiment of the present application. As shown in FIG. 3, the password reset interface includes a plurality of user information input boxes, and each user information input box corresponds to a user information, and the user information includes at least a user account, and includes a user name, a user mobile phone number, and a user pair. One or more of the answers to the specified question, where the specified question can be a secret question that is reserved when the user registers. In FIG. 3, the user information includes a user account and a user mobile phone number, and the user information input box includes two, one for inputting a user account and the other for inputting a user mobile phone number. As shown in FIG. 3, the password reset interface further includes a slider puzzle. When the user drags the slider to the correct position, the application or the application platform determines that the slider puzzle completes the result correctly.
本实施例中,滑块拼图的实现方式有多种,具体可以是如图3所示的拖动滑块的同时拼图随之移动,当用户沿着滑块移动指示方向拖动滑块至指定位置时,拼图成功。In this embodiment, there are various implementations of the slider puzzle. Specifically, the puzzle may be moved while the slider is dragged as shown in FIG. 3, and the user drags the slider to the specified direction along the direction of the slider movement. When the position is, the puzzle is successful.
步骤S104,通过用户信息输入框接收到用户输入的用户信息时,生成该用户信息对应的信息输入标记。Step S104: When the user information input by the user is received through the user information input box, an information input flag corresponding to the user information is generated.
本实施例中,用户信息包括多项信息,每项用户信息均对应有一个用户信息输入框,当终端设备通过一个用户信息输入框接收到用户输入的一项用户信息时,生成该项用户信息对应的信息输入标记,信息输入标记用于表示用户通过用户信息输入框输入用户信息的行为动作的发生。In this embodiment, the user information includes a plurality of pieces of information, and each piece of user information corresponds to a user information input box. When the terminal device receives a piece of user information input by the user through a user information input box, the user information is generated. Corresponding information input mark, which is used to indicate the occurrence of a behavioral action by the user to input user information through the user information input box.
具体地,当用户点击用户信息输入框时,用户信息输入框被激活,当用户在用户信息输入框内输入字符信息时,终端设备接收用户输入的字符信息,将该字符信息作为用户信息。Specifically, when the user clicks the user information input box, the user information input box is activated. When the user inputs the character information in the user information input box, the terminal device receives the character information input by the user, and uses the character information as the user information.
用户通过用户信息输入框输入的每项用户信息都对应有一个信息输入标记,终端设备生成用户信息对应的信息输入标记的具体过程可以是:利用第一预设算法对第一预设参数进行运算,生成用户信息对应的信息输入标记,其中,第一预设参数包括当前日期或者用户信息的全部或部分内容,第一预设算法可以是对称加密算法,或者是非对称加密算法。Each user information input by the user through the user information input box has an information input mark, and the specific process of the terminal device generating the information input mark corresponding to the user information may be: using the first preset algorithm to calculate the first preset parameter And generating an information input identifier corresponding to the user information, where the first preset parameter includes a current date or all or part of the content of the user information, and the first preset algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
具体地,终端设备以当前日期,如年-月-日中的“日”作为第一预设参数,利用第一预设算法对第一预设参数进行对称加密,将得到的结果作为用户信息对应的信息输入标记。由于第一预设参数为当前日期时,各项用户信息对应的信息输入标记均一致,为了进一步提高信息输入标记的灵活性,还可以设置第一预设参数为用户信息的全部或者部分内容,利用第一预设算法对第一预设参数进行对称加密,将得到的结果作为用户信息对应的信息输入标记,由于每项用户信息的具体内容均不相同,因此将用户信息的全部或者部分内容作为第一预设参数,能够使得各个信息输入标记的内容均不相同,从而提高信息输入标记的灵活性。Specifically, the terminal device uses the current date, such as the “day” in the year-month-day as the first preset parameter, and uses the first preset algorithm to symmetrically encrypt the first preset parameter, and the obtained result is used as the user information. Corresponding information input tag. When the first preset parameter is the current date, the information input tags corresponding to each user information are consistent. To further improve the flexibility of the information input mark, the first preset parameter may be set to all or part of the user information. The first preset parameter is symmetrically encrypted by using the first preset algorithm, and the obtained result is used as the information input tag corresponding to the user information. Since the specific content of each user information is different, all or part of the user information is As the first preset parameter, the contents of each information input mark can be made different, thereby improving the flexibility of the information input mark.
一种具体的实施例中,第一预设参数为当前日期,如20日,对字符“20”进行对称加密,得到信息输入标记。另一种具体的实施例中,用户信息为用户账号,将用户账号的全部字符作为第一预设参数,对用户账号的全部字符进行非对称加密,得到用户账号对应的信息输入标记; 用户信息为用户手机号,将手机号后四位作为第一预设参数,对手机号后四位进行对称加密,得到用户手机号对应的信息输入标记。In a specific embodiment, the first preset parameter is the current date, such as 20 days, and the character "20" is symmetrically encrypted to obtain an information input mark. In another specific embodiment, the user information is a user account, and all characters of the user account are used as a first preset parameter, and all characters of the user account are asymmetrically encrypted, and an information input identifier corresponding to the user account is obtained; The user information is the user's mobile phone number, and the last four digits of the mobile phone number are used as the first preset parameters, and the last four digits of the mobile phone number are symmetrically encrypted, and the information input mark corresponding to the mobile phone number of the user is obtained.
当然,在本实施例中,终端设备生成用户信息对应的信息输入标记的具体过程也可以是:对应用户信息输入框设置信息参数,通过用户信息输入框接收到用户输入的用户信息时,将信息参数赋值为第一预设协议值,生成用户信息对应的信息输入标记。Certainly, in this embodiment, the specific process of the terminal device generating the information input tag corresponding to the user information may be: setting the information parameter corresponding to the user information input box, and receiving the information input by the user through the user information input box, The parameter assignment is a first preset protocol value, and generates an information input tag corresponding to the user information.
例如,用户账号为用户昵称,设置信息参数nicknameflag,用户通过用户账号对应的信息输入框输入用户昵称时,将该信息参数nicknameflag赋值为第一预设协议值1,得到表明用户发生了昵称输入动作的用户昵称对应的信息输入标记。若用户信息还包括用户手机号,设置信息参数phoneflag,用户通过用户手机号对应的信息输入框输入用户信息时,将该信息参数nicknameflag赋值为第一预设协议值1,得到表明用户发生了手机号输入动作的用户手机号对应的信息输入标记。可以理解的,第一预设协议值的具体值并不作为限定,并且,不同的用户信息输入框,其对应的第一预设协议值也可以不同。For example, the user account is a user nickname, and the information parameter nicknameflag is set. When the user inputs the user nickname through the information input box corresponding to the user account, the information parameter nicknameflag is assigned the first preset protocol value of 1, indicating that the user has entered the nickname input action. The user nickname corresponds to the information input tag. If the user information further includes the user's mobile phone number, the information parameter phoneflag is set, and when the user inputs the user information through the information input box corresponding to the user's mobile phone number, the information parameter nicknameflag is assigned the first preset protocol value of 1, indicating that the user has a mobile phone. Enter the information input tag corresponding to the user's mobile phone number of the action. It can be understood that the specific value of the first preset protocol value is not limited, and different user information input boxes may have different first preset protocol values.
本实施例中,当终端设备通过一个用户信息输入框接收到用户输入的一项用户信息时,生成该项用户信息对应的信息输入标记,从而标记用户在页面上输入该项用户信息的行为动作的发生,达到记录用户页面操作的目的。In this embodiment, when the terminal device receives a piece of user information input by the user through a user information input box, the information input tag corresponding to the user information is generated, thereby marking the behavior of the user inputting the user information on the page. Occurs, the purpose of recording user page operations.
步骤S106,确定用户滑动滑块拼图时,生成滑块拼图对应的滑块操作标记。In step S106, when the user slides the slider puzzle, it is determined that the slider operation mark corresponding to the slider puzzle is generated.
当终端设备确定用户滑动密码重设界面上的滑块拼图时,生成滑块拼图对应的滑块操作标记。When the terminal device determines the slider puzzle on the user sliding password reset interface, the slider operation mark corresponding to the slider puzzle is generated.
具体地,当终端设备监听到用户点击密码重设界面上的滑块并且拖动该滑块时,无论用户的滑动拼图的完成结果是否正确,终端设备均生成滑块拼图对应的滑块操作标记,从而标记用户在密码生成界面上滑动滑块的行为的发生,记录用户的页面操作。Specifically, when the terminal device detects that the user clicks the slider on the password reset interface and drags the slider, the terminal device generates a slider operation mark corresponding to the slider puzzle, regardless of whether the completion result of the user's sliding puzzle is correct. , thereby marking the occurrence of the user's behavior of sliding the slider on the password generation interface, and recording the user's page operation.
终端设备生成滑块拼图对应的滑块操作标记的具体地过程可以是:利用第二预设算法对第二预设参数进行运算,生成滑块拼图对应的滑块操作标记,其中,第二预设参数包括当前日期,第二预设算法可以是对称加密算法,或者是非对称加密算法。The specific process of the terminal device generating the slider operation mark corresponding to the slider puzzle may be: calculating the second preset parameter by using the second preset algorithm, and generating a slider operation mark corresponding to the slider puzzle, wherein the second pre- The parameter includes a current date, and the second preset algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
具体地,终端设备以当前日期,如年-月-日中的“日”作为第二预设参数,利用第二预设算法对第二预设参数进行对称加密,将得到的结果作为滑块拼图对应的滑块操作标记。一种具体的实施例中,第一预设参数为当前日期,如25日,对字符“25”进行对称加密,得到滑块拼图对应的滑块操作标记。Specifically, the terminal device uses the current date, such as the “day” in the year-month-day as the second preset parameter, and symmetrically encrypts the second preset parameter by using the second preset algorithm, and uses the obtained result as a slider. The slider operation mark corresponding to the puzzle. In a specific embodiment, the first preset parameter is the current date, for example, on the 25th, the character "25" is symmetrically encrypted, and the slider operation mark corresponding to the slider puzzle is obtained.
另外,在本实施例中,生成滑块拼图对应的滑块操作标记的具体过程也可以是:对应滑块操作设置滑块参数,确定用户滑动滑块拼图时,将滑块参数赋值为第二预设协议值,生成滑块拼图对应的滑块操作标记。该第二预设协议值的具体数值并不作为限定,并且,第二预设协议值可以和第一预设协议值相同,也可以和第一预设协议值不同,可以根据实际需求设定。In addition, in this embodiment, the specific process of generating the slider operation mark corresponding to the slider puzzle may also be: setting the slider parameter corresponding to the slider operation, and determining that the slider parameter is assigned to the second when the user slides the slider puzzle The default protocol value is generated, and the slider operation mark corresponding to the slider puzzle is generated. The specific value of the second preset protocol value is not limited, and the second preset protocol value may be the same as the first preset protocol value, or may be different from the first preset protocol value, and may be set according to actual requirements. .
例如,设置滑块参数slideflag,用户滑动所述滑块拼图时,将该滑块参数slideflag赋值为第二预设协议值1,得到表明用户发生了滑块滑动的滑块操作标记。For example, the slider parameter slideflag is set, and when the user slides the slider puzzle, the slider parameter slideflag is assigned a second preset protocol value of 1, and a slider operation flag indicating that the user has slider sliding is obtained.
本实施例中,当终端设备确定用户滑动滑块拼图时,生成滑块拼图对应的滑块操作标记, 从而标记用户在页面上滑动滑块的行为动作的发生,达到记录用户页面操作的目的。In this embodiment, when the terminal device determines that the user slides the slider puzzle, the slider operation mark corresponding to the slider puzzle is generated. Thus, the behavior of the user sliding the slider on the page is marked, and the purpose of recording the user page operation is achieved.
步骤S108,当生成与各项用户信息一一对应的多个信息输入标记且滑块拼图的完成结果正确时,将各个信息输入标记和滑块操作标记发送至服务器,以使服务器根据各个信息输入标记和滑块操作标记引导用户进行密码重设。Step S108, when a plurality of information input marks corresponding to each piece of user information are generated and the completion result of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server, so that the server inputs according to each information. The tag and slider action tags guide the user through a password reset.
本实施例中,用户信息包括多项信息,每项用户信息均对应有一个用户信息输入框,当终端设备通过一个用户信息输入框接收到用户输入的一项用户信息时,生成该项用户信息对应的信息输入标记,因此当用户通过所有用户信息输入框输入完所有用户信息时,终端设备生成与用户信息(用户信息输入框)的数量相等的多项信息输入标记。In this embodiment, the user information includes a plurality of pieces of information, and each piece of user information corresponds to a user information input box. When the terminal device receives a piece of user information input by the user through a user information input box, the user information is generated. The corresponding information is input with a flag, so when the user inputs all the user information through all the user information input boxes, the terminal device generates a plurality of information input flags equal to the number of user information (user information input boxes).
在用户滑动完成滑块拼图时,终端设备校验滑块拼图的完成结果是否正确,当终端设备生成与各项用户信息一一对应的多个信息输入标记且滑块拼图的完成结果正确时,终端设备将各个信息输入标记和滑块操作标记发送至服务器,以使服务器根据各个信息输入标记和滑块操作标记引导用户进行密码重设。When the user slides to complete the slider puzzle, the terminal device verifies that the completion result of the slider puzzle is correct. When the terminal device generates a plurality of information input marks corresponding to each user information one by one and the result of the completion of the slider puzzle is correct, The terminal device sends each information input tag and slider operation flag to the server, so that the server guides the user to perform password reset according to each information input tag and slider operation flag.
本申请实施例中的方法,根据用户的密码重设指令,提供密码重设界面,该密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图;通过一个用户信息输入框接收到用户输入的一项用户信息时,生成该项用户信息对应的信息输入标记;确定用户滑动滑块拼图时,生成滑块拼图对应的滑块操作标记;当生成与各项用户信息一一对应的多个信息输入标记且滑块拼图的完成结果正确时,将各个信息输入标记和滑块操作标记发送至服务器,以使服务器根据各个信息输入标记和滑块操作标记引导用户进行密码重设。与相关技术相比,通过本实施例中的方法,终端设备与服务器之间在进行通信时,通信内容中增加了多个信息输入标记和滑块操作标记,也即改变了原有的通信格式和通信内容,使得通信内容更多,从而提高了终端设备与服务器之间的通信协议的破解难度,降低了用户密码被盗的风险。The method in the embodiment of the present application provides a password reset interface according to a password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information; When the user information input box receives a user information input by the user, generates an information input mark corresponding to the user information; when determining that the user slides the slider puzzle, generates a slider operation mark corresponding to the slider puzzle; when generating and When the user information corresponds to a plurality of information input marks and the completion result of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server, so that the server guides the user according to each information input mark and the slider operation mark. Perform a password reset. Compared with the related art, when the communication between the terminal device and the server is performed by the method in the embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
另一方面来说,本实施例中的方法,终端设备通过生成多个信息输入标记和滑块操作标记记录用户的页面操作,表示用户在网站页面上进行过输入信息、滑动滑块等实际操作行为。由于黑客盗取用户密码时通常不在网站页面进行操作,而是绕过终端设备直接与服务器进行信息交互,因此黑客向服务器发送的信息必定不包括多个信息输入标记和滑块操作标记,或者包括错误的信息输入标记和滑块操作标记,因此通过本实施例中的方法,还能够帮助服务器辨别接收到的信息是来自正常用户还是来自黑客,从而防止黑客盗取用户密码,提高密码的安全性。On the other hand, in the method in this embodiment, the terminal device records the page operation of the user by generating a plurality of information input tags and a slider operation flag, indicating that the user performs the actual operation of inputting information, sliding the slider, and the like on the website page. behavior. Since the hacker usually steals the user password and does not operate on the website page, but bypasses the terminal device to directly interact with the server, the information sent by the hacker to the server must not include multiple information input tags and slider operation tags, or include The erroneous information input flag and the slider operation flag, so that the method in the embodiment can also help the server to distinguish whether the received information is from a normal user or a hacker, thereby preventing the hacker from stealing the user password and improving the security of the password. .
考虑到终端设备接收到的用户输入的用户信息存在错误的情况,本实施例中的方法,在通过用户信息输入框接收到用户输入的用户信息后,还包括:The method in this embodiment, after receiving the user information input by the user through the user information input box, includes:
(1)将用户信息发送至服务器,以使服务器校验用户信息是否正确;(1) Send the user information to the server, so that the server verifies that the user information is correct;
(2)在接收到服务器发送的各项用户信息均校验正确的指令后,将滑块拼图变为可滑动状态。(2) After receiving the correct command from each user information sent by the server, the slider puzzle is changed to a slidable state.
具体地,终端设备可以采用两种方式接收用户信息并发送至服务器,一种方式是,终端设备控制界面上的第一个用户信息输入框为可输入状态,第一个用户信息输入框为用户账号输入框,其余的用户信息输入框均为不可输入状态,滑块拼图也为不可用状态。当终端设备接收到 用户输入的第一项用户信息时,终端设备将该项用户信息发送至服务器,当接收到服务器发送的该项用户信息校验正确的指令后,将界面上的下一个用户信息输入框变为可输入状态,从而使用户输入下一项用户信息,当终端设备接收到用户输入的下一项用户信息时,将该下一项用户信息发送至服务器,在服务器校验该下一项用户信息正确时,终端设备将界面上的再下一个用户信息输入框变为可输入状态,如此重复,直至用户所有的用户信息均输入正确,在此过程中,当有一项用户信息错误且错误次数超过预设值时,终端设备都结束该密码重设流程。当终端设备接收到服务器发送的最后一项用户信息校验正确的指令后,将滑块拼图变为可滑动状态,从而使用户进行拼图验证。Specifically, the terminal device can receive the user information in two ways and send the information to the server. In one mode, the first user information input box on the terminal device control interface is in an input state, and the first user information input box is a user. In the account input box, the rest of the user information input boxes are not inputable, and the slider puzzle is also unavailable. When the terminal device receives When the first user information is input by the user, the terminal device sends the user information to the server, and after receiving the correct command of the user information sent by the server, the next user information input box on the interface is changed to The status can be input, so that the user inputs the next user information. When the terminal device receives the next user information input by the user, the next user information is sent to the server, and the next user information is verified at the server. When correct, the terminal device changes the next user information input box on the interface to the inputtable state, and repeats until all the user information of the user is input correctly. In this process, when there is a user information error and the number of errors exceeds At the preset value, the terminal device ends the password reset process. After the terminal device receives the correct instruction of verifying the last user information sent by the server, the slider puzzle is changed into a slidable state, so that the user performs the puzzle verification.
另一种方式是,终端设备控制界面上所有的用户信息输入框均为可输入状态,滑块拼图为不可用状态。终端设备通过各个用户信息输入框接收用户输入的用户信息,当接收到所有用户信息后,终端设备将所有用户信息发送至服务器,当终端设备接收到服务器发送的所有用户信息均正确的指令后,将滑块拼图变为可滑动状态,从而使用户进行拼图验证,当终端设备接收到服务器发送的某项用户信息错误的指令后,显示该项用户信息错误的提示信息,当存在用户信息错误且错误次数超过预设值时,终端设备都结束该密码重设流程。Another way is that all the user information input boxes on the terminal device control interface are all inputtable, and the slider puzzle is unavailable. The terminal device receives the user information input by the user through each user information input box. After receiving all the user information, the terminal device sends all the user information to the server. After the terminal device receives the correct instruction that all the user information sent by the server is correct, The slider puzzle is changed into a slidable state, so that the user performs the puzzle verification. When the terminal device receives an instruction of the user information error sent by the server, the prompt information of the user information error is displayed, and when the user information is incorrect, When the number of errors exceeds the preset value, the terminal device ends the password reset process.
当用户信息为用户账号时,服务器校验该用户账号是否存在,当用户信息为用户手机号时,服务器校验该用户手机号是否存在以及与用户账号是否匹配,当用户信息为用户对指定问题的回答时,服务器校验该回答是否正确以及该回答是否与该用户账号匹配。When the user information is a user account, the server checks whether the user account exists. When the user information is the user's mobile phone number, the server verifies whether the user's mobile phone number exists and matches the user account, and when the user information is a user-specific problem. The answer is that the server verifies that the answer is correct and that the answer matches the user account.
本实施例中,通过将用户信息发送至服务器进行校验,能够保证在各项用户信息均正确的情况下引导用户重设密码,进一步保证密码重设的安全性。In this embodiment, by sending the user information to the server for verification, it is ensured that the user is reset to reset the password when the user information is correct, thereby further ensuring the security of the password reset.
在本申请的一个具体实施例中,用户信息包括用户账号和用户手机号,终端设备首先通过用户信息输入框接收用户输入的用户账号,并发送至服务器校验该用户账号是否存在,如果账号不存在,则密码重设失败,如果账号存在,则终端设备生成用户账号对应的信息输入标记,并将用户手机号输入框变为可输入状态,通过用户手机号输入框接收用户手机号,并发送至服务器校验该手机号与用户账号是否匹配,如果不匹配,密码重设失败,如果匹配,则终端设备生成用户手机号对应的信息输入标记,并将滑块拼图变为可滑动状态,当终端设备监测到用户滑动滑块时,生成滑块拼图对应的滑块操作标记,当终端设备校验用户的滑块拼图完成结果错误时,密码重设失败,当终端设备校验用户的滑块拼图完成结果正确时,将上述两个信息输入标记和一个滑块操作标记发送至服务器,以使服务器根据上述两个信息输入标记和一个滑块操作标记引导用户重设密码。当服务器接收到的数据中不存在上述两个信息输入标记和一个滑块操作标记或者存在的标记内容错误时,服务器认为该信息来自于黑客,结束密码重设流程,当服务器接收到的数据中存在上述两个信息输入标记和一个滑块操作标记且标记内容正确时,引导用户重设密码。In a specific embodiment of the present application, the user information includes a user account and a user mobile phone number, and the terminal device first receives the user account input by the user through the user information input box, and sends the server account to the server to verify whether the user account exists. If yes, the password reset fails. If the account exists, the terminal device generates an information input tag corresponding to the user account, and changes the user mobile phone number input box to an input state, and receives the user mobile phone number through the user mobile phone number input box, and sends the The server verifies whether the mobile phone number matches the user account. If it does not match, the password reset fails. If it matches, the terminal device generates an information input tag corresponding to the user's mobile phone number, and changes the slider puzzle to a slidable state. When the terminal device monitors the user sliding the slider, the slider operation mark corresponding to the slider puzzle is generated. When the terminal device verifies that the user's slider puzzle completes the result, the password reset fails, and the terminal device verifies the user's slider. When the puzzle completes the result correctly, enter the above two information into the marker and a slider. Mark to the server so that the server user password reset flag of the guidance based on the information input two markers and a slide operation. When the data received by the server does not exist in the above two information input tags and a slider operation tag or the existing tag content is wrong, the server considers the information to come from the hacker, ends the password reset process, and when the server receives the data, The user is redirected when there are two information input tags and one slider action tag and the tag content is correct.
其中,当终端设备接收到不为空的用户信息时,确认用户存在点击用户信息输入框和输入信息的动作,生成信息输入标记以记录用户的页面操作,当终端设备确定用户滑动滑块拼图时,确定用户存在页面操作,生成滑块操作标记以记录用户的页面操作。 When the terminal device receives the non-empty user information, confirm that the user has the action of clicking the user information input box and inputting the information, generating an information input flag to record the user's page operation, and when the terminal device determines that the user slides the slider puzzle To determine that the user has a page operation, generate a slider action tag to record the user's page action.
该具体的实施例中,账号和手机号码可以验证是哪个用户丢失了密码,加入滑动拼图、信息输入标记和滑块操作标记是为了防止黑客破解终端设备与服务器之间的协议,绕过网站页面直接与服务器进行交换,伪造真实用户协议。对于正常用户而言,其会对页面的用户信息输入框有点击操作,并且有信息输入操作,滑块拼图也会有用户点击滑动条移动的操作,黑客在绕过终端设备直接与服务器通信时,不会在网站页面进行操作,终端设备不会生成信息输入标记和滑块操作标记,因此本实施例中将这些用户操作记录下来作为判断是否为正常用户重设密码的依据,通过逐步验证用户身份信息和记录页面操作的方式极大的加强了密码重设功能的安全性及可靠性。In this specific embodiment, the account number and the mobile phone number can verify which user has lost the password, and the sliding puzzle, the information input mark, and the slider operation mark are added to prevent the hacker from cracking the agreement between the terminal device and the server, bypassing the website page. Exchange directly with the server to forge real user protocols. For a normal user, it has a click operation on the user information input box of the page, and there is an information input operation, and the slider puzzle also has a user moving the slider bar to move, and the hacker directly communicates with the server when bypassing the terminal device. The operation will not be performed on the website page, and the terminal device will not generate the information input mark and the slider operation mark. Therefore, in the embodiment, the user operations are recorded as the basis for determining whether the password is reset for the normal user, and the user is gradually verified. The way identity information and logging pages operate greatly enhances the security and reliability of the password reset feature.
考虑到终端设备与服务器之间数据传输的安全性,图2中,将各个信息输入标记和滑块操作标记加密后发送至服务器,具体实现为:对各个信息输入标记和滑块操作标记进行加密,将各个信息输入标记和滑块操作标记的密文发送至服务器,从而通过加密通信的方式提高数据传输的安全性。Considering the security of data transmission between the terminal device and the server, in FIG. 2, each information input tag and the slider operation tag are encrypted and sent to the server, and the specific implementation is: encrypting each information input tag and the slider operation flag. The ciphertext of each information input mark and the slider operation mark is sent to the server, thereby improving the security of data transmission by encrypting communication.
具体地,加密算法优选为DES加密算法,DES全称为Data Encryption Standard,即数据加密标准,是一种使用密钥加密的块算法。DES加密算法需要一个key值做为加密的参数。本实施例的key值通过服务器随机生成后下发到终端设备,各个用户之间的key值均不同,从而保证各个标记通过同样的DES算法加密后,各个用户的加密结果互不相同,进一步提高终端设备与服务器之间通信协议的安全性。对应地,本实施例中,终端设备根据服务器下发的当前用户对应的加密参数(key值)对各个信息输入标记和滑块操作标记进行加密,将各个信息输入标记和滑块操作标记的密文发送至服务器。Specifically, the encryption algorithm is preferably a DES encryption algorithm, and DES is called Data Encryption Standard, which is a data encryption standard, and is a block algorithm using key encryption. The DES encryption algorithm requires a key value as an encrypted parameter. The key value of the embodiment is randomly generated by the server and then sent to the terminal device. The key values of the users are different, so that each tag is encrypted by the same DES algorithm, and the encryption results of the users are different. The security of the communication protocol between the terminal device and the server. Correspondingly, in this embodiment, the terminal device encrypts each information input tag and the slider operation flag according to the encryption parameter (key value) corresponding to the current user delivered by the server, and inputs each information into the tag and the slider operation tag. The text is sent to the server.
DES加密算法的具体加密过程为:The specific encryption process of the DES encryption algorithm is:
flagencryptdata=DES.encrypt(flagdata,key);Flagencryptdata=DES.encrypt(flagdata,key);
其中,flagencryptdata是所有标记加密后的结果,直接发送到服务器,DES.encrypt是DES加密算法的加密接口,flagdata是DES加密的数据,是上述所有标记组合成的一个数据,key是服务器下发的DES加密算法的key值。Among them, flagencryptdata is the result of all the tags encrypted, sent directly to the server, DES.encrypt is the encryption interface of the DES encryption algorithm, flagdata is the DES encrypted data, is a combination of all the above tags, the key is issued by the server The key value of the DES encryption algorithm.
服务器收到加密数据后具体解密过程如下:After the server receives the encrypted data, the specific decryption process is as follows:
Flagdecryptdata=DES.decrypt(flagencryptdata,key);Flagdecryptdata=DES.decrypt(flagencryptdata,key);
其中,Flagdecryptdata是最终解密得到数据,DES.decrypt是DES算法的解密接口,flagencryptdata是终端设备上报的加密数据,key是服务器下发到终端设备的加密key。Among them, Flagdecryptdata is the final decrypted data, DES.decrypt is the decryption interface of the DES algorithm, flagencryptdata is the encrypted data reported by the terminal device, and key is the encryption key sent by the server to the terminal device.
本实施例中,通过对各个信息输入标记和滑块操作标记进行加密,尤其是根据服务器针对不同用户生成的互不相同的key值采用DES加密算法进行加密,能够保证标记的安全性,防止黑客伪造数据。In this embodiment, the encryption of each information input tag and the slider operation flag is performed, in particular, the DES encryption algorithm is used to encrypt the mutually different key values generated by the server for different users, thereby ensuring the security of the tag and preventing the hacker. Forged data.
服务器接收到终端设备发送的加密数据后,对数据进行解密,并判断解密得到的数据是否为上述终端设备生成的各个标记,如果是,则确定是正常用户,引导进行密码重设,如果不是,则终止密码重设流程。需要说明的是,终端设备生成各个标记的方式与服务器事先约定好,因此服务器能够判断解密得到的数据是否为终端设备生成的各个标记,另外,如果服务器没有接 收到加密数据,也终止密码重设流程(这是由于黑客无法破解加密数据,导致黑客向服务器发送的数据中不存在加密数据的情况)。After receiving the encrypted data sent by the terminal device, the server decrypts the data, and determines whether the decrypted data is each tag generated by the terminal device. If yes, it is determined to be a normal user, and the password reset is performed. If not, Then terminate the password reset process. It should be noted that the manner in which the terminal device generates each tag is agreed with the server in advance, so the server can determine whether the decrypted data is a tag generated by the terminal device, and if the server does not connect. Receiving the encrypted data also terminates the password reset process (this is because the hacker cannot crack the encrypted data, causing the hacker to send encrypted data to the server).
对应图2中的终端设备执行的密码重设方法,如图4所示,本申请实施例还提供了一种由服务器执行的密码重设方法,该方法包括以下步骤:Corresponding to the password reset method performed by the terminal device in FIG. 2, as shown in FIG. 4, the embodiment of the present application further provides a password reset method performed by a server, where the method includes the following steps:
步骤S302,在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;Step S302, in the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device;
其中,用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,信息输入标记为终端设备在通过用户信息输入框接收到用户输入的用户信息时生成,用户信息输入框为多个,与各项用户信息一一对应,滑块操作标记为终端设备在确定用户滑动滑块拼图时生成,用户信息输入框和滑块拼图从属于密码重设界面,密码重设界面为终端设备根据用户的密码重设指令所提供。The user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device receiving the user input user information through the user information input box. Time generation, user information input box is multiple, one-to-one correspondence with each user information, the slider operation mark is generated by the terminal device when determining the user sliding slider puzzle, and the user information input box and the slider puzzle are subordinate to the password reset. The interface and password reset interface are provided by the terminal device according to the user's password reset instruction.
本实施例中,各项用户信息、各个用户信息输入框、各个信息输入标记之间一一对应。在用户申请密码重设过程中,服务器判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记。其中滑块拼图的实现方式有多种,具体可以是如图3所示的拖动滑块的同时拼图随之移动,当用户沿着滑块移动指示方向拖动滑块至指定位置时,拼图成功。In this embodiment, each user information, each user information input box, and each information input mark are in one-to-one correspondence. During the user request password reset process, the server determines whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device. There are a plurality of implementations of the slider puzzle. Specifically, the puzzle may be moved while the slider is dragged as shown in FIG. 3, and when the user drags the slider to the specified position along the direction of the slider movement, the puzzle success.
步骤S304,若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个信息输入标记和滑块操作标记是否均符合预设规则。Step S304, if a plurality of information input marks corresponding to each piece of user information from the terminal device and a slider operation mark corresponding to the slider puzzle are received, verify whether each information input mark and the slider operation mark are consistent. Preset rules.
本实施例中,终端设备生成各个标记的方式与服务器事先约定好,如:In this embodiment, the manner in which the terminal device generates each tag is agreed with the server in advance, such as:
(1)终端设备利用第一预设算法对第一预设参数进行运算,生成某项用户信息对应的信息输入标记,其中,第一预设参数包括当前日期或者该项用户信息的全部或部分内容,第一预设算法为对称加密算法或者非对称加密算法;(1) The terminal device uses the first preset algorithm to calculate the first preset parameter, and generates an information input flag corresponding to the user information, where the first preset parameter includes the current date or all or part of the user information. Content, the first preset algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm;
(2)终端设备利用第二预设算法对第二预设参数进行运算,生成滑块拼图对应的滑块操作标记,其中,第二预设参数包括当前日期,第二预设算法为对称加密算法或者非对称加密算法。(2) The terminal device uses the second preset algorithm to calculate the second preset parameter, and generates a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter includes the current date, and the second preset algorithm is symmetric encryption. Algorithm or asymmetric encryption algorithm.
对应地,预设规则指的是生成各个标记时所使用的参数和算法,服务器校验各个信息输入标记和滑块操作标记是否均符合预设规则具体可以为:Correspondingly, the preset rule refers to the parameters and algorithms used when generating each mark, and the server verifies whether each information input mark and the slider operation mark meet the preset rule.
(1)通过第一预设算法解析信息输入标记,校验解析结果是否为第一预设参数,若是,则确定信息输入标记符合预设规则,第一预设参数包括当前日期或者信息输入标记对应的用户信息的全部或部分内容;(1) parsing the information input flag by the first preset algorithm, and verifying whether the parsing result is the first preset parameter, and if yes, determining that the information input tag conforms to the preset rule, and the first preset parameter includes the current date or the information input tag. All or part of the corresponding user information;
(2)通过第二预设算法解析滑块操作标记,校验解析结果是否为第二预设参数,若是,则确定滑块操作标记符合预设规则,第二预设参数包括当前日期。(2) parsing the slider operation mark by the second preset algorithm to verify whether the analysis result is the second preset parameter, and if yes, determining that the slider operation mark conforms to the preset rule, and the second preset parameter includes the current date.
过程(1)中,服务器通过第一预设算法解析信息输入标记,其中第一预设算法与终端设备生成信息输入标记时所使用的第一预设算法相同。服务器判断解析结果是否为第一预设参数,其中第一预设参数与终端设备生成信息输入标记时所使用的第一预设参数相同,若为第一预设参数,则确定信息输入标记符合预设规则。 In the process (1), the server parses the information input tag by using the first preset algorithm, where the first preset algorithm is the same as the first preset algorithm used by the terminal device to generate the information input tag. The server determines whether the parsing result is the first preset parameter, where the first preset parameter is the same as the first preset parameter used by the terminal device to generate the information input flag, and if it is the first preset parameter, determining that the information input tag is consistent Preset rules.
一种具体的实施方式可以为:用户信息为用户手机号,第一预设算法为对称加密算法,第一预设信息为用户手机号的后四位,终端设备对用户手机号后四位进行对称加密,得到用户手机号对应的信息输入标记。服务器在收到用户手机号对应的信息输入标记时,利用相同的对称加密算法解析信息输入标记,判断解析结果是否为用户手机号后四位,如果是,则确定信息输入标记符合预设规则。A specific implementation manner may be: the user information is a mobile phone number of the user, and the first preset algorithm is a symmetric encryption algorithm, where the first preset information is the last four digits of the mobile phone number of the user, and the terminal device performs the last four digits of the mobile phone number of the user. Symmetric encryption, which obtains the information input tag corresponding to the user's mobile phone number. When receiving the information input tag corresponding to the mobile phone number of the user, the server parses the information input tag by using the same symmetric encryption algorithm, and determines whether the analysis result is the last four digits of the user's mobile phone number. If yes, it determines that the information input tag conforms to the preset rule.
过程(2)中,服务器通过第二预设算法解析滑块操作标记,其中第二预设算法与终端设备生成滑块操作标记时所使用的第二预设算法相同。服务器判断解析结果是否为第二预设参数,其中第二预设参数与终端设备生成滑块操作标记时所使用的第二预设参数相同,若为第二预设参数,则确定滑块操作标记符合预设规则。In the process (2), the server parses the slider operation flag by using a second preset algorithm, wherein the second preset algorithm is the same as the second preset algorithm used when the terminal device generates the slider operation flag. The server determines whether the parsing result is a second preset parameter, where the second preset parameter is the same as the second preset parameter used by the terminal device to generate the slider operation flag, and if it is the second preset parameter, determining the slider operation The tag complies with the preset rules.
一种具体的实施方式可以为:终端设备为当前日期,如年-月-日中的“日”作为第二预设参数,利用第二预设算法对第二预设参数进行对称加密,将得到的结果作为滑块拼图对应的滑块操作标记。服务器在收到滑块操作标记时,利用相同的对称加密算法解析滑块操作标记,判断解析结果是否为当前日期中的“日”,如果是,则确定滑块操作标记符合预设规则。A specific implementation manner may be: the terminal device is a current date, such as "day" in the year-month-day as the second preset parameter, and the second preset parameter is symmetrically encrypted by using the second preset algorithm, The result obtained is used as a slider operation mark corresponding to the slider puzzle. When the server receives the slider operation mark, it uses the same symmetric encryption algorithm to parse the slider operation mark to determine whether the analysis result is "day" in the current date, and if so, it determines that the slider operation mark conforms to the preset rule.
另外,若终端设备与服务器事先约定好的生成各个标记的方式为:对应用户信息输入框设置信息参数,将信息参数赋值为第一预设协议值,生成用户信息对应的信息输入标记;对应滑块操作设置滑块参数,确定用户滑动滑块拼图时,将滑块参数赋值为第二预设协议值,生成滑块拼图对应的滑块操作标记。In addition, if the terminal device and the server agree in advance to generate each tag, the information parameter is set corresponding to the user information input box, and the information parameter is assigned to the first preset protocol value, and the information input flag corresponding to the user information is generated; The block operation sets the slider parameter to determine when the user slides the slider puzzle, assigns the slider parameter to the second preset protocol value, and generates a slider operation mark corresponding to the slider puzzle.
则服务器校验信息输入标记是否均符合预设规则具体可以为,校验信息输入标记中信息参数的值是否为第一预设协议值,若是,则确定信息输入标记符合预设规则。校验滑块操作标记中滑块参数的值是否为第二预设协议值,若是,则确定滑块操作标记符合预设规则。Then, whether the server verification information input flag meets the preset rule may be: whether the value of the information parameter in the verification information input tag is the first preset protocol value, and if yes, determining that the information input tag conforms to the preset rule. Verify that the value of the slider parameter in the slider operation marker is the second default protocol value, and if so, determine that the slider operation marker conforms to the preset rule.
需要说明的是,本实施例中,可以校验各个标记的顺序不做具体限定,可以基于实际情况决定。It should be noted that, in this embodiment, the order in which each mark can be verified is not specifically limited, and may be determined based on actual conditions.
步骤S306,若各个信息输入标记和滑块操作标记均符合预设规则,向终端设备发送密码重设指令,以引导用户进行密码重设。Step S306, if each information input flag and the slider operation flag meet the preset rule, a password reset instruction is sent to the terminal device to guide the user to perform password reset.
若服务器校验各个信息输入标记和滑块操作标记通过,则向终端设备发送密码重设指令,以引导用户进行密码重设。If the server verifies that each information input flag and the slider operation flag pass, a password reset instruction is sent to the terminal device to guide the user to perform password reset.
考虑到黑客在绕开终端设备直接与服务器进行通信时,一种情况是无法破解通信协议中的各个标记,从而黑客向服务器发送的数据中不包括完整的各个标记,另一种情况是协议破解错误,导致黑客向服务器发送的数据中包括错误的各个标记,因此当服务器没有接收到与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记时,或者服务器接收到的各个标记中存在不符合预设规则的标记时,确认数据来自异常用户,结束密码重设流程。Considering that a hacker communicates directly with the server while bypassing the terminal device, it is impossible to crack each tag in the communication protocol, so that the data sent by the hacker to the server does not include the complete tag, and the other case is the protocol crack. The error causes the hacker to send the data to the server including the various tags of the error, so when the server does not receive a plurality of information input tags corresponding to each user information and a slider operation flag corresponding to the slider puzzle, or the server When there is a mark in the respective tags that does not meet the preset rule, the confirmation data comes from the abnormal user, and the password reset process is ended.
本申请实施例中的方法,服务器在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,若接收到,则校验各个信息输入标记和滑块操作标记是否均符合预设规则;若各个信息输入标记和滑块操作标记均符合预设规则,向终端设备发送密码重设指令,以引导用户进行密码重设。与相关技 术相比,通过本实施例中的方法,终端设备与服务器之间在进行通信时,通信内容中增加了多个信息输入标记和滑块操作标记,也即改变了原有的通信格式和通信内容,使得通信内容更多,从而提高了终端设备与服务器之间的通信协议的破解难度,降低了用户密码被盗的风险。In the method in the embodiment of the present application, the server determines whether a plurality of information input tags corresponding to each user information and a slider operation mark corresponding to the slider puzzle are received from the terminal device during the user application password reset process. If received, verify whether each information input mark and the slider operation mark meet the preset rule; if each information input mark and the slider operation mark meet the preset rule, send a password reset instruction to the terminal device, Guide the user to reset the password. Related technology In contrast, when the communication between the terminal device and the server is performed by the method in this embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format and communication are changed. The content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
另一方面来说,本实施例中的方法,终端设备通过生成多个信息输入标记和滑块操作标记记录用户的页面操作,表示用户在网站页面上进行过输入信息、滑动滑块等实际操作行为。由于黑客盗取用户密码时通常不在网站页面进行操作,而是绕过终端设备直接与服务器进行信息交互,因此黑客向服务器发送的信息必定不包括多个信息输入标记和滑块操作标记,或者包括错误的信息输入标记和滑块操作标记,因此通过本实施例中的方法,还能够帮助服务器辨别接收到的信息是来自正常用户还是来自黑客,从而防止黑客盗取用户密码,提高密码的安全性。On the other hand, in the method in this embodiment, the terminal device records the page operation of the user by generating a plurality of information input tags and a slider operation flag, indicating that the user performs the actual operation of inputting information, sliding the slider, and the like on the website page. behavior. Since the hacker usually steals the user password and does not operate on the website page, but bypasses the terminal device to directly interact with the server, the information sent by the hacker to the server must not include multiple information input tags and slider operation tags, or include The erroneous information input flag and the slider operation flag, so that the method in the embodiment can also help the server to distinguish whether the received information is from a normal user or a hacker, thereby preventing the hacker from stealing the user password and improving the security of the password. .
对应上述的终端设备的方法流程,本实施例中的服务器还能够对终端设备发送的用户信息进行校验,具体地,在判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记之前,本实施例中的方法还包括:Corresponding to the method flow of the foregoing terminal device, the server in this embodiment is also capable of verifying the user information sent by the terminal device, specifically, determining whether to receive the one-to-one correspondence with each user information from the terminal device. Before the information input mark and the slider operation mark corresponding to the slider puzzle, the method in this embodiment further includes:
(1)接收终端设备发送的用户信息,校验用户信息是否正确;(1) receiving user information sent by the terminal device, and verifying that the user information is correct;
(2)当校验用户信息正确时,向终端设备发送用户信息校验正确的指令。(2) When the verification user information is correct, an instruction to verify that the user information is correct is sent to the terminal device.
对应上述的终端设备的方法流程,本实施例中服务器能够采用两种方式校验用户信息是否正确。一种方式是在终端设备逐个发送用户信息的情况下,服务器接收终端设备发送的第一项用户信息,校验第一项用户信息是否正确,如账户名称是否存在,如果校验通过,则向终端设备发送校验正确指令,服务器接收终端设备发送的第二项用户信息,如手机号码,校验手机号码与账户名称是否匹配,如果匹配,则向终端设备发送校验正确指令,如此循环,直至校验最后一项用户信息是否正确,以及向终端设备发送校验结果。另一种方式是在终端设备将多项用户信息同时发送的情况下,服务器接收所有用户信息,对所有用户信息进行校验,并将校验结果发送至终端设备。Corresponding to the method flow of the foregoing terminal device, in this embodiment, the server can verify whether the user information is correct in two ways. One method is: when the terminal device sends user information one by one, the server receives the first user information sent by the terminal device, and verifies whether the first user information is correct, such as whether the account name exists, and if the verification passes, the method is The terminal device sends a correct verification command, and the server receives the second user information sent by the terminal device, such as a mobile phone number, and verifies whether the mobile phone number matches the account name. If it matches, the correct command is sent to the terminal device, and the loop is performed. Until the last user information is verified to be correct, and the verification result is sent to the terminal device. Another way is that when the terminal device sends multiple user information at the same time, the server receives all user information, verifies all user information, and sends the verification result to the terminal device.
本实施例中,对各项用户信息进行校验,能够保证在各项用户信息均正确的情况下引导用户重设密码,进一步保证密码重设的安全性。In this embodiment, the verification of each user information ensures that the user is reset to the password when the user information is correct, thereby further ensuring the security of the password reset.
对应上述的终端设备的方法流程,本实施例中的服务器还能够对加密的标记进行解析,具体地,各个信息输入标记和滑块操作标记均为密文形式,校验各个信息输入标记和滑块操作标记是否均符合上述预设规则具体可以是:Corresponding to the method flow of the foregoing terminal device, the server in this embodiment is also capable of parsing the encrypted tag. Specifically, each information input tag and the slider operation tag are in cipher text form, and each information input tag and slide are verified. Whether the block operation flags are consistent with the above preset rules may be:
(1)对各个信息输入标记和滑块操作标记进行解密,得到各个信息输入标记和滑块操作标记的明文;(1) Deciphering each information input mark and the slider operation mark to obtain plaintext of each information input mark and slider operation mark;
(2)校验各个信息输入标记和滑块操作标记的明文是否均符合上述预设规则。(2) Verify that the plaintext of each information input mark and slider operation mark meets the above preset rules.
对应上述的终端设备的方法流程,本实施例中,根据预先下发至终端设备的key值对各个信息输入标记和滑块操作标记进行解密,得到各个信息输入标记和滑块操作标记的明文,并校验各个信息输入标记和滑块操作标记的明文是否均符合上述预设规则。具体解密过程可以参考上述终端设备侧的描述,这里不再赘述。Corresponding to the method flow of the foregoing terminal device, in this embodiment, each information input mark and the slider operation mark are decrypted according to the key value previously delivered to the terminal device, and the plaintext of each information input mark and the slider operation mark is obtained. And verify that the plaintext of each information input mark and the slider operation mark meet the above preset rules. For the specific decryption process, reference may be made to the description of the terminal device side, and details are not described herein again.
由于服务器随机生成与各个用户对应的key值,从而使得各个用户的标记加密结果互不相 同,能够进一步保证标记的安全性,防止黑客伪造数据。Since the server randomly generates a key value corresponding to each user, the tag encryption results of the respective users are mutually out of phase. In the same way, the security of the mark can be further ensured to prevent the hacker from forging data.
综上,通过本申请实施例中的密码重设方法,结合终端设备与服务器侧的相互配合,能够提高通信协议的破解难度,降低用户密码被盗的风险,并有助于服务器辨别别接收到的信息是来自正常用户还是来自黑客,从而防止黑客盗取用户密码,提高密码的安全性。In summary, the password resetting method in the embodiment of the present application, combined with the cooperation between the terminal device and the server side, can improve the difficulty of cracking the communication protocol, reduce the risk of the user password being stolen, and help the server to discriminate and not receive the password. Whether the information comes from normal users or from hackers, thus preventing hackers from stealing user passwords and improving password security.
对应上述的终端设备的方法流程,如图5所示,本申请实施例还提供了一种密码重设装置,该装置位于终端设备侧,可以位于终端设备内部,也可以位于终端设备外部,包括:For the method flow of the foregoing terminal device, as shown in FIG. 5, the embodiment of the present application further provides a password resetting device, which is located on the terminal device side, and may be located inside the terminal device or outside the terminal device, including :
界面提供模块41,用于根据用户的密码重设指令,提供密码重设界面,密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;The interface providing module 41 is configured to provide a password reset interface according to the password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, and the user information includes the user. The account number also includes one or more of the user name, the user's mobile phone number, and the user's answer to the specified question;
第一标记生成模块42,用于通过用户信息输入框接收到用户输入的用户信息时,生成用户信息对应的信息输入标记;The first mark generating module 42 is configured to generate an information input mark corresponding to the user information when the user information input by the user is received by the user information input box;
第二标记生成模块43,用于确定用户滑动滑块拼图时,生成滑块拼图对应的滑块操作标记;a second mark generating module 43 is configured to: when the user slides the slider puzzle, generate a slider operation mark corresponding to the slider puzzle;
标记发送模块44,用于当生成与各项用户信息一一对应的多个信息输入标记且滑块拼图的完成结果正确时,将各个信息输入标记和滑块操作标记发送至服务器,以使服务器根据各个信息输入标记和滑块操作标记引导用户进行密码重设。The tag sending module 44 is configured to: when generating a plurality of information input tags corresponding to each piece of user information and the completion result of the slider jig is correct, send each information input tag and the slider operation tag to the server, so that the server The user is prompted to perform a password reset based on each information input tag and slider action tag.
其中,第一标记生成模块42具体用于:利用第一预设算法对第一预设参数进行运算,生成用户信息对应的信息输入标记,其中,第一预设参数包括当前日期或者用户信息的全部或部分内容。第二标记生成模块43具体用于:利用第二预设算法对第二预设参数进行运算,生成滑块拼图对应的滑块操作标记,其中,第二预设参数包括当前日期。The first mark generating module 42 is specifically configured to: perform operation on the first preset parameter by using the first preset algorithm, and generate an information input mark corresponding to the user information, where the first preset parameter includes a current date or user information. All or part of the content. The second mark generating module 43 is specifically configured to: use the second preset algorithm to calculate the second preset parameter, and generate a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter includes the current date.
本申请实施例中的装置,根据用户的密码重设指令,提供密码重设界面,该密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图;通过一个用户信息输入框接收到用户输入的一项用户信息时,生成该项用户信息对应的信息输入标记;确定用户滑动滑块拼图时,生成滑块拼图对应的滑块操作标记;当生成与各项用户信息一一对应的多个信息输入标记且滑块拼图的完成结果正确时,将各个信息输入标记和滑块操作标记发送至服务器,以使服务器根据各个信息输入标记和滑块操作标记引导用户进行密码重设。与相关技术相比,通过本实施例中的装置,终端设备与服务器之间在进行通信时,通信内容中增加了多个信息输入标记和滑块操作标记,也即改变了原有的通信格式和通信内容,使得通信内容更多,从而提高了终端设备与服务器之间的通信协议的破解难度,降低了用户密码被盗的风险。The device in the embodiment of the present application provides a password reset interface according to the password reset command of the user, and the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information; When the user information input box receives a user information input by the user, generates an information input mark corresponding to the user information; when determining that the user slides the slider puzzle, generates a slider operation mark corresponding to the slider puzzle; when generating and When the user information corresponds to a plurality of information input marks and the completion result of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server, so that the server guides the user according to each information input mark and the slider operation mark. Perform a password reset. Compared with the related art, when the communication between the terminal device and the server is performed by the device in this embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
考虑到终端设备接收到的用户输入的用户信息存在错误的情况,本实施例中的装置还包括:信息发送模块,用于在通过用户信息输入框接收到用户输入的用户信息后,将用户信息发送至服务器,以使服务器校验用户信息是否正确;状态转变模块,用于在接收到服务器发送的各项用户信息均校验正确的指令后,将滑块拼图变为可滑动状态。The device in this embodiment further includes: an information sending module, configured to: after receiving the user information input by the user through the user information input box, the user information is included in the case that the user information input by the user equipment is incorrect. Send to the server, so that the server verifies that the user information is correct; the state transition module is configured to change the slider puzzle into a slidable state after receiving the correct instruction of each user information sent by the server.
本实施例中,通过将用户信息发送至服务器进行校验,能够保证在各项用户信息均正确的情况下引导用户重设密码,进一步保证密码重设的安全性。In this embodiment, by sending the user information to the server for verification, it is ensured that the user is reset to reset the password when the user information is correct, thereby further ensuring the security of the password reset.
考虑到终端设备与服务器之间数据传输的安全性,上述标记发送模块44具体用于:对各个 信息输入标记和滑块操作标记进行加密,将各个信息输入标记和滑块操作标记的密文发送至服务器。Considering the security of data transmission between the terminal device and the server, the above-mentioned tag sending module 44 is specifically used for: The information input tag and the slider operation tag are encrypted, and the ciphertext of each information input tag and slider operation tag is sent to the server.
对应上述的服务器的方法流程,如图6所示,本申请实施例还提供了一种密码重设装置,该装置位于服务器侧,可以位于服务器内部,也可以位于服务器外部,包括:Corresponding to the method flow of the foregoing server, as shown in FIG. 6, the embodiment of the present application further provides a password resetting device, which is located on the server side, and may be located inside the server or outside the server, and includes:
标记判断模块51,用于在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;The tag determining module 51 is configured to determine, during the user requesting password resetting process, whether to receive a plurality of information input tags and a slider operation flag corresponding to the slider puzzles corresponding to each user information from the terminal device;
其中,用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,信息输入标记为终端设备在通过用户信息输入框接收到用户输入的用户信息时生成,用户信息输入框为多个,与各项用户信息一一对应,滑块操作标记为终端设备在确定用户滑动滑块拼图时生成,用户信息输入框和滑块拼图从属于密码重设界面,密码重设界面为终端设备根据用户的密码重设指令所提供;The user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device receiving the user input user information through the user information input box. Time generation, user information input box is multiple, one-to-one correspondence with each user information, the slider operation mark is generated by the terminal device when determining the user sliding slider puzzle, and the user information input box and the slider puzzle are subordinate to the password reset. The interface and the password reset interface are provided by the terminal device according to the user's password reset instruction;
标记校验模块52,用于若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个信息输入标记和滑块操作标记是否均符合预设规则;The mark verification module 52 is configured to check each information input mark and the slider if receiving a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information from the terminal device. Whether the operation flags are consistent with the preset rules;
指令发送模块53,用于若各个信息输入标记和滑块操作标记均符合预设规则,向终端设备发送密码重设指令,以引导用户进行密码重设。The command sending module 53 is configured to send a password reset command to the terminal device to guide the user to perform password reset if each information input flag and the slider operation flag meet the preset rule.
其中,标记校验模块52包括:第一校验子模块,用于通过第一预设算法解析信息输入标记,校验解析结果是否为第一预设参数,若是,则确定信息输入标记符合预设规则,第一预设参数包括当前日期或者信息输入标记对应的用户信息的全部或部分内容;第二校验子模块,用于通过第二预设算法解析滑块操作标记,校验解析结果是否为第二预设参数,若是,则确定滑块操作标记符合预设规则,第二预设参数包括当前日期。The tag verification module 52 includes: a first verification sub-module, configured to parse the information input tag by using the first preset algorithm, and verify whether the parsing result is the first preset parameter, and if yes, determine that the information input tag meets the pre-determination Setting a rule, the first preset parameter includes the current date or all or part of the content of the user information corresponding to the information input mark; the second syndrome module is configured to parse the slider operation mark by the second preset algorithm, and verify the analysis result. Whether it is the second preset parameter, if yes, it is determined that the slider operation mark conforms to the preset rule, and the second preset parameter includes the current date.
本申请实施例中的装置,服务器在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,若接收到,则校验各个信息输入标记和滑块操作标记是否均符合预设规则;若各个信息输入标记和滑块操作标记均符合预设规则,向终端设备发送密码重设指令,以引导用户进行密码重设。与相关技术相比,通过本实施例中的装置,终端设备与服务器之间在进行通信时,通信内容中增加了多个信息输入标记和滑块操作标记,也即改变了原有的通信格式和通信内容,使得通信内容更多,从而提高了终端设备与服务器之间的通信协议的破解难度,降低了用户密码被盗的风险。In the device in the embodiment of the present application, the server determines whether a plurality of information input tags corresponding to each user information and a slider operation mark corresponding to the slider puzzle are received from the terminal device during the user request password reset process. If received, verify whether each information input mark and the slider operation mark meet the preset rule; if each information input mark and the slider operation mark meet the preset rule, send a password reset instruction to the terminal device, Guide the user to reset the password. Compared with the related art, when the communication between the terminal device and the server is performed by the device in this embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
本实施例中的服务器还能够对终端设备发送的用户信息进行校验,具体地,该装置还包括:信息校验模块,用于在判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记之前,接收终端设备发送的用户信息,校验用户信息是否正确;结果发送模块,用于当校验用户信息正确时,向终端设备发送用户信息校验正确的指令。The server in this embodiment is also capable of verifying the user information sent by the terminal device. Specifically, the device further includes: an information verification module, configured to determine whether to receive the user information from the terminal device. Before receiving the corresponding information input mark and the slider operation mark corresponding to the slider puzzle, receiving the user information sent by the terminal device, verifying whether the user information is correct; and the result sending module, when verifying that the user information is correct, to the terminal The device sends the user information to verify the correct command.
本实施例中,对各项用户信息进行校验,能够保证在各项用户信息均正确的情况下引导用户重设密码,进一步保证密码重设的安全性。 In this embodiment, the verification of each user information ensures that the user is reset to the password when the user information is correct, thereby further ensuring the security of the password reset.
本实施例中的服务器还能够对加密的标记进行解析,具体地,各个信息输入标记和滑块操作标记均为密文形式,标记校验模块52,包括:解密子模块,用于对各个信息输入标记和滑块操作标记进行解密,得到各个信息输入标记和滑块操作标记的明文;明文校验子模块,用于校验各个信息输入标记和滑块操作标记的明文是否均符合预设规则。The server in this embodiment is also capable of parsing the encrypted mark. Specifically, each information input mark and the slider operation mark are in cipher text form, and the mark check module 52 includes: a decryption sub-module for each information. The input mark and the slider operation mark are decrypted to obtain the plaintext of each information input mark and the slider operation mark; the plaintext check sub-module is used to check whether the plaintext of each information input mark and the slider operation mark conform to the preset rule. .
由于服务器随机生成与各个用户对应的key值,从而使得各个用户的标记加密结果互不相同,能够进一步保证标记的安全性,防止黑客伪造数据。Since the server randomly generates the key value corresponding to each user, so that the tag encryption results of the respective users are different from each other, the security of the tag can be further ensured, and the hacker is prevented from forging data.
综上,通过本申请实施例中的密码重设装置,结合终端设备与服务器侧的相互配合,能够提高通信协议的破解难度,降低用户密码被盗的风险,并有助于服务器辨别别接收到的信息是来自正常用户还是来自黑客,从而防止黑客盗取用户密码,提高密码的安全性。In summary, the password resetting device in the embodiment of the present application, combined with the cooperation between the terminal device and the server side, can improve the difficulty of cracking the communication protocol, reduce the risk of the user password being stolen, and help the server identify the other receiving. Whether the information comes from normal users or from hackers, thus preventing hackers from stealing user passwords and improving password security.
进一步的,本申请实施例还提供了一种电子设备。Further, the embodiment of the present application further provides an electronic device.
图7是本申请一个实施例的一种电子设备60的示意性方框图。FIG. 7 is a schematic block diagram of an electronic device 60 in accordance with an embodiment of the present application.
如图7所示,本申请实施例提供的电子设备60包括:存储器61和处理器62。As shown in FIG. 7, the electronic device 60 provided by the embodiment of the present application includes: a memory 61 and a processor 62.
存储器61,用于存储程序。The memory 61 is for storing a program.
处理器62,用于通过调用所述存储器61中存储的程序并执行。The processor 62 is configured to execute by calling a program stored in the memory 61.
具体的,该电子设备60可以是上述的终端设备或者服务器。当该电子设备60是终端设备,处理器62调用所述存储器61中存储的程序,执行包括以下步骤的方法:Specifically, the electronic device 60 may be the terminal device or the server described above. When the electronic device 60 is a terminal device, the processor 62 calls a program stored in the memory 61 to perform a method including the following steps:
根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;确定所述用户滑动所述滑块拼图时,生成所述滑块拼图对应的滑块操作标记;当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。Providing a password resetting interface according to the password resetting instruction of the user, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, wherein the user information includes a user account, And including one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and when the user information input box receives the user information input by the user, generating an information input identifier corresponding to the user information; When the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle; when generating a plurality of the information input marks corresponding to each piece of the user information and the slider puzzle When the completion result is correct, each of the information input flag and the slider operation flag are sent to the server, so that the server guides the user to perform a password according to each of the information input flag and the slider operation flag. Assume.
当该电子设备60是服务器,处理器62调用所述存储器61中存储的程序,执行包括以下步骤的方法:When the electronic device 60 is a server, the processor 62 calls a program stored in the memory 61 to perform a method including the following steps:
在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;若各个所述信息输入标记和所述滑块操作标记均符合 所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。In the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user The account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box. And generating, the user information input box is a plurality of, corresponding to each of the user information, the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle, and the user information is input. The frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is provided by the terminal device according to a password reset command of the user; if receiving the one-to-one correspondence with each user information from the terminal device a plurality of information input marks and a slider operation mark corresponding to the slider puzzle, and verifying each of the information input marks and the slider operation target Whether comply with a preset rule; if each of the input information flag and the operation flag slider comply The preset rule sends a password reset instruction to the terminal device to guide the user to perform password reset.
需说明的是,关于上述方法的进一步描述具体参见前面方法流程中的详细描述,此处不再赘述。It should be noted that, for further description of the foregoing method, refer to the detailed description in the foregoing method flow, and details are not described herein again.
在本实施例中,处理器62通过运行存储在存储器61中的上述程序,从而执行各种功能应用以及数据处理。存储器61可以包括但不限于随机存取存储器(Random Access Memory,RAM),只读存储器(Read Only Memory,ROM),可编程只读存储器(Programmable Read-Only Memory,PROM),可擦除只读存储器(Erasable Programmable Read-Only Memory,EPROM),电可擦除只读存储器(Electric Erasable Programmable Read-Only Memory,EEPROM)等。其中,所述处理器62可以在接收到执行指令后,执行所述存储器61中存储的上述程序,相应地实现前述本申请实施例任一实施例揭示的流程所定义的方法。In the present embodiment, the processor 62 executes various function applications and data processing by running the above-described programs stored in the memory 61. The memory 61 may include, but is not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM), erasable read-only Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like. The processor 62 may execute the foregoing method stored in the memory 61 after receiving the execution instruction, and implement the method defined by the flow disclosed in any of the foregoing embodiments of the present application.
处理器62可以是一种集成电路芯片,具有信号处理能力。上述处理器可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理器(Network Processor,简称NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现成可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。其可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。Processor 62 can be an integrated circuit chip with signal processing capabilities. The processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processor (DSP) or an application specific integrated circuit (ASIC). ), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
可以理解的,图7所示的结构仅为示意,电子设备60还可以包括比图7中所示更多或者更少的组件,或者具有与图7所示不同的配置。图7中所示的各组件可以采用硬件、软件或其组合实现。It can be understood that the structure shown in FIG. 7 is merely illustrative, and the electronic device 60 may further include more or less components than those shown in FIG. 7, or have a different configuration from that shown in FIG. The components shown in Figure 7 can be implemented in hardware, software, or a combination thereof.
前述实施例中的装置的各模块和单元可以是由软件代码实现,此时,上述的各模块和单元可存储于电子设备60的存储器601内。以上各模块和单元同样可以由硬件例如集成电路芯片实现。The modules and units of the apparatus in the foregoing embodiments may be implemented by software code. In this case, the modules and units described above may be stored in the memory 601 of the electronic device 60. The above modules and units can also be implemented by hardware such as an integrated circuit chip.
本申请实施例所提供的密码重设装置可以为设备上的特定硬件或者安装于设备上的软件或固件等。本申请实施例所提供的装置,其实现原理及产生的技术效果和前述方法实施例相同,为简要描述,装置实施例部分未提及之处,可参考前述方法实施例中相应内容。所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,前述描述的***、装置和单元的具体工作过程,均可以参考上述方法实施例中的对应过程,在此不再赘述。The password resetting device provided by the embodiment of the present application may be specific hardware on the device or software or firmware installed on the device. The implementation principle and the technical effects of the device provided by the embodiment of the present application are the same as those of the foregoing method embodiment. For a brief description, where the device embodiment is not mentioned, reference may be made to the corresponding content in the foregoing method embodiment. A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working processes of the foregoing system, the device and the unit can refer to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的实施例中,应该理解到,所揭露装置和方法,可以通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,又例如,多个单元或组件可以结合或者可以集成到另一个***,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些通信接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some communication interface, device or unit, and may be electrical, mechanical or otherwise.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。 可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本申请提供的实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in the embodiment provided by the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对相关技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present application, or the part contributing to the related art, or the part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释,此外,术语“第一”、“第二”、“第三”等仅用于区分描述,而不能理解为指示或暗示相对重要性。It should be noted that similar reference numerals and letters indicate similar items in the following figures. Therefore, once an item is defined in a drawing, it is not necessary to further define and explain it in the subsequent drawings. Moreover, the terms "first", "second", "third", and the like are used merely to distinguish a description, and are not to be construed as indicating or implying a relative importance.
最后应说明的是:以上所述实施例,仅为本申请的具体实施方式,用以说明本申请的技术方案,而非对其限制,本申请的保护范围并不局限于此,尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,其依然可以对前述实施例所记载的技术方案进行修改或可轻易想到变化,或者对其中部分技术特征进行等同替换;而这些修改、变化或者替换,并不使相应技术方案的本质脱离本申请实施例技术方案的精神和范围。都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。 Finally, it should be noted that the above-mentioned embodiments are only specific embodiments of the present application, and are used to explain the technical solutions of the present application, and are not limited thereto. The scope of protection of the present application is not limited thereto, although reference is made to the foregoing. The present invention has been described in detail with reference to the embodiments of the present invention. It will be understood by those skilled in the art that the technical solutions described in the foregoing embodiments can still be modified within the technical scope of the present disclosure. The changes may be easily conceived, or equivalents may be substituted for some of the technical features. The modifications, variations, and substitutions of the present invention do not depart from the spirit and scope of the technical solutions of the embodiments of the present application. All should be covered by the scope of this application. Therefore, the scope of protection of the present application should be determined by the scope of the claims.

Claims (19)

  1. 一种密码重设方法,其特征在于,包括:A password reset method, comprising:
    根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;Providing a password resetting interface according to the password resetting instruction of the user, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, wherein the user information includes a user account, Including one or more of the user's name, the user's mobile phone number, and the user's answer to the specified question;
    通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;And when the user information input by the user is received by the user information input box, generating an information input identifier corresponding to the user information;
    确定所述用户滑动所述滑块拼图时,生成所述滑块拼图对应的滑块操作标记;Determining, when the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle;
    当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。Sending each of the information input flag and the slider operation flag to a server when generating a plurality of the information input tags that are in one-to-one correspondence with each of the user information, and the completion result of the slider puzzle is correct, The server is caused to cause the user to perform a password reset according to each of the information input flag and the slider operation flag.
  2. 根据权利要求1所述的方法,其特征在于,所述生成所述用户信息对应的信息输入标记,包括:The method according to claim 1, wherein the generating the information input tag corresponding to the user information comprises:
    利用第一预设算法对第一预设参数进行运算,生成所述用户信息对应的信息输入标记,其中,所述第一预设参数包括当前日期或者所述用户信息的全部或部分内容。The first preset parameter is used to calculate the information input identifier corresponding to the user information, where the first preset parameter includes the current date or all or part of the content of the user information.
  3. 根据权利要求1至2任一项所述的方法,其特征在于,所述生成所述滑块拼图对应的滑块操作标记,包括:The method according to any one of claims 1 to 2, wherein the generating a slider operation mark corresponding to the slider puzzle comprises:
    利用第二预设算法对第二预设参数进行运算,生成所述滑块拼图对应的滑块操作标记,其中,所述第二预设参数包括当前日期。The second preset parameter is used to calculate the slider operation flag corresponding to the slider puzzle, wherein the second preset parameter includes a current date.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,对应用户信息输入框设置信息参数,所述生成所述用户信息对应的信息输入标记,包括:The method according to any one of claims 1 to 3, wherein the information parameter is set corresponding to the user information input box, and the generating the information input flag corresponding to the user information comprises:
    将所述信息参数赋值为第一预设协议值,生成用户信息对应的信息输入标记。And assigning the information parameter to the first preset protocol value, and generating an information input identifier corresponding to the user information.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,对应滑块操作设置滑块参数,所述生成所述滑块拼图对应的滑块操作标记,包括:The method according to any one of claims 1 to 4, wherein the slider operation parameter is set corresponding to the slider operation, and the slider operation flag corresponding to the slider puzzle is generated, including:
    将滑块参数赋值为第二预设协议值,生成滑块拼图对应的滑块操作标记。The slider parameter is assigned to the second preset protocol value, and the slider operation mark corresponding to the slider puzzle is generated.
  6. 根据权利要求1至5任一项所述的方法,其特征在于,在所述通过所述用户信息输入框接收到用户输入的用户信息后,所述方法还包括:The method according to any one of claims 1 to 5, wherein after the receiving the user information input by the user through the user information input box, the method further comprises:
    将所述用户信息发送至所述服务器,以使所述服务器校验所述用户信息是否正确;Sending the user information to the server, so that the server verifies whether the user information is correct;
    在接收到所述服务器发送的各项所述用户信息均校验正确的指令后,将所述滑块拼图变为可滑动状态。After receiving the instruction that the user information sent by the server is verified to be correct, the slider puzzle is changed into a slidable state.
  7. 根据权利要求1至6任一项所述的方法,其特征在于,所述将各个所述信息输入标记和所述滑块操作标记发送至服务器,包括:The method according to any one of claims 1 to 6, wherein the transmitting the respective information input flag and the slider operation flag to a server comprises:
    对各个所述信息输入标记和所述滑块操作标记进行加密,将各个所述信息输入标记和所述滑块操作标记的密文发送至所述服务器。Each of the information input tag and the slider operation flag is encrypted, and each of the information input tag and the ciphertext of the slider operation flag is transmitted to the server.
  8. 一种密码重设方法,其特征在于,包括: A password reset method, comprising:
    在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;During the user application password reset process, it is determined whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each user information are received from the terminal device;
    其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;The user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device being received through the user information input box. When the user information is input by the user, the user information input box is multiple, and the user information is in one-to-one correspondence with the user information, and the slider operation mark is that the terminal device determines the user sliding slider puzzle. When generated, the user information input box and the slider puzzle are subordinate to a password reset interface, and the password reset interface is provided by the terminal device according to a password reset command of the user;
    若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;If a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device, verify whether each of the information input mark and the slider operation mark are both Meet the preset rules;
    若各个所述信息输入标记和所述滑块操作标记均符合所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。And if each of the information input mark and the slider operation mark meets the preset rule, sending a password reset instruction to the terminal device to guide the user to perform password reset.
  9. 根据权利要求8所述的方法,其特征在于,所述校验各个所述信息输入标记是否均符合预设规则,包括:The method according to claim 8, wherein the verifying whether each of the information input tags meets a preset rule comprises:
    通过第一预设算法解析所述信息输入标记,校验解析结果是否为第一预设参数,若是,则确定所述信息输入标记符合所述预设规则,所述第一预设参数包括当前日期或者所述信息输入标记对应的用户信息的全部或部分内容。Parsing the information input flag by using a first preset algorithm, and verifying whether the parsing result is a first preset parameter, and if yes, determining that the information input flag conforms to the preset rule, where the first preset parameter includes a current The date or the information input all or part of the content of the user information corresponding to the mark.
  10. 根据权利要求8至9任一项所述的方法,其特征在于,校验所述滑块操作标记是否符合预设规则包括:The method according to any one of claims 8 to 9, wherein verifying whether the slider operation flag conforms to a preset rule comprises:
    通过第二预设算法解析所述滑块操作标记,校验解析结果是否为第二预设参数,若是,则确定所述滑块操作标记符合所述预设规则,所述第二预设参数包括当前日期。Parsing the slider operation flag by using a second preset algorithm, and verifying whether the analysis result is a second preset parameter, and if yes, determining that the slider operation flag meets the preset rule, the second preset parameter Includes current date.
  11. 根据权利要求8至10任一项所述的方法,其特征在于,所述信息输入标记中包括信息参数,所述校验各个所述信息输入标记是否均符合预设规则,包括:The method according to any one of claims 8 to 10, wherein the information input flag includes an information parameter, and the verifying whether each of the information input tags meets a preset rule comprises:
    校验信息输入标记中信息参数的值是否为第一预设协议值,若是,则确定信息输入标记符合预设规则。The value of the information parameter in the verification information input tag is the first preset protocol value, and if so, it is determined that the information input tag conforms to the preset rule.
  12. 根据权利要求8至11任一项所述的方法,其特征在于,所述滑块操作标记中包括滑块参数,校验所述滑块操作标记是否符合预设规则包括:The method according to any one of claims 8 to 11, wherein the slider operation flag includes a slider parameter, and verifying whether the slider operation flag meets a preset rule comprises:
    校验滑块操作标记中滑块参数的值是否为第二预设协议值,若是,则确定滑块操作标记符合预设规则。Verify that the value of the slider parameter in the slider operation marker is the second default protocol value, and if so, determine that the slider operation marker conforms to the preset rule.
  13. 根据权利要求8至12任一项所述的方法,其特征在于,在判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记之前,所述方法还包括:The method according to any one of claims 8 to 12, characterized in that, in determining whether a plurality of information input marks and corresponding sliders corresponding to the respective user information from the terminal device are received, a slider operation of the corresponding slider puzzle is received. Before marking, the method further includes:
    接收所述终端设备发送的所述用户信息,校验所述用户信息是否正确;Receiving the user information sent by the terminal device, and verifying whether the user information is correct;
    当校验所述用户信息正确时,向所述终端设备发送所述用户信息校验正确的指令。When the user information is verified to be correct, an instruction to verify that the user information is correct is sent to the terminal device.
  14. 根据权利要求8至13任一项所述的方法,其特征在于,各个所述信息输入标记和所述滑块操作标记均为密文形式,所述校验各个所述信息输入标记和所述滑块操作标记是否均符 合预设规则,包括:The method according to any one of claims 8 to 13, wherein each of said information input mark and said slider operation mark are in ciphertext form, said verifying said each said information input mark and said Whether the slider operation flags are even Preset rules, including:
    对各个所述信息输入标记和所述滑块操作标记进行解密,得到各个所述信息输入标记和所述滑块操作标记的明文;Decrypting each of the information input mark and the slider operation mark to obtain plaintext of each of the information input mark and the slider operation mark;
    校验各个所述信息输入标记和所述滑块操作标记的明文是否均符合所述预设规则。Verifying whether each of the information input mark and the plaintext of the slider operation mark conform to the preset rule.
  15. 一种密码重设装置,其特征在于,包括:A password resetting device, comprising:
    界面提供模块,配置成根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;The interface providing module is configured to provide a password reset interface according to the password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, the user The information includes a user account, and also includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question;
    第一标记生成模块,配置成通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;a first mark generating module configured to generate an information input mark corresponding to the user information when the user information input by the user is received through the user information input box;
    第二标记生成模块,配置成确定所述用户滑动所述滑块拼图时,生成所述滑块拼图对应的滑块操作标记;a second mark generating module, configured to: when the user slides the slider puzzle, generate a slider operation mark corresponding to the slider puzzle;
    标记发送模块,配置成当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。a mark sending module configured to input each of the information into the mark and the slider when generating a plurality of the information input marks in one-to-one correspondence with each piece of the user information and the completion result of the slide puzzle is correct An operation flag is sent to the server to cause the server to direct the user to perform a password reset according to each of the information input tag and the slider operation flag.
  16. 一种密码重设装置,其特征在于,包括:A password resetting device, comprising:
    标记判断模块,配置成在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;The marking judging module is configured to determine, during the user requesting password resetting process, whether to receive a plurality of information input marks and a slider operation mark corresponding to the slider jigs corresponding to each piece of user information from the terminal device;
    其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;The user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device being received through the user information input box. When the user information is input by the user, the user information input box is multiple, and the user information is in one-to-one correspondence with the user information, and the slider operation mark is that the terminal device determines the user sliding slider puzzle. When generated, the user information input box and the slider puzzle are subordinate to a password reset interface, and the password reset interface is provided by the terminal device according to a password reset command of the user;
    标记校验模块,配置成若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;a mark verification module configured to: if received from the terminal device, a plurality of information input marks corresponding to each user information and a slider operation mark corresponding to the slider puzzle, verify each of the information input marks and the Whether the slider operation marks are consistent with the preset rules;
    指令发送模块,配置成若各个所述信息输入标记和所述滑块操作标记均符合所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。The command sending module is configured to send a password reset command to the terminal device to guide the user to perform password reset if each of the information input flag and the slider operation flag meets the preset rule.
  17. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    存储器,被配置为存储程序,a memory configured to store programs,
    处理器,被配置为通过调用所述存储器中存储的程序,执行包括以下步骤的方法:A processor configured to perform a method comprising the following steps by invoking a program stored in the memory:
    根据用户的密码重设指令,提供密码重设界面,所述密码重设界面包括与各项用户信息一一对应的多个用户信息输入框和滑块拼图,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项;通过所述用户信息输入框接收到用户输入的用户信息时,生成所述用户信息对应的信息输入标记;确定所述用户滑动所述滑块拼图时, 生成所述滑块拼图对应的滑块操作标记;当生成与各项所述用户信息一一对应的多个所述信息输入标记且所述滑块拼图的完成结果正确时,将各个所述信息输入标记和所述滑块操作标记发送至服务器,以使所述服务器根据各个所述信息输入标记和所述滑块操作标记引导所述用户进行密码重设。Providing a password resetting interface according to the password resetting instruction of the user, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, wherein the user information includes a user account, And including one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and when the user information input box receives the user information input by the user, generating an information input identifier corresponding to the user information; When the user slides the slider puzzle, Generating a slider operation mark corresponding to the slider puzzle; and when generating a plurality of the information input marks corresponding to each piece of the user information in one-to-one and the completion result of the slide puzzle is correct, each of the information is The input tag and the slider operation flag are sent to the server to cause the server to direct the user to perform a password reset according to each of the information input tag and the slider operation flag.
  18. 一种服务器,其特征在于,所述服务器包括:A server, wherein the server comprises:
    存储器,被配置为存储程序,a memory configured to store programs,
    处理器,被配置为通过调用所述存储器中存储的程序,执行包括以下步骤的方法:A processor configured to perform a method comprising the following steps by invoking a program stored in the memory:
    在用户申请密码重设过程中,判断是否接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记;其中,所述用户信息包括用户账号,还包括用户姓名、用户手机号、用户对指定问题的回答中的一项或多项,所述信息输入标记为所述终端设备在通过用户信息输入框接收到用户输入的所述用户信息时生成,所述用户信息输入框为多个,与各项所述用户信息一一对应,所述滑块操作标记为所述终端设备在确定用户滑动滑块拼图时生成,所述用户信息输入框和所述滑块拼图从属于密码重设界面,所述密码重设界面为所述终端设备根据用户的密码重设指令所提供;若接收到来自终端设备的与各项用户信息一一对应的多个信息输入标记和对应滑块拼图的滑块操作标记,则校验各个所述信息输入标记和所述滑块操作标记是否均符合预设规则;若各个所述信息输入标记和所述滑块操作标记均符合所述预设规则,向所述终端设备发送密码重设指令,以引导所述用户进行密码重设。In the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user The account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box. And generating, the user information input box is a plurality of, corresponding to each of the user information, the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle, and the user information is input. The frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is provided by the terminal device according to a password reset command of the user; if receiving the one-to-one correspondence with each user information from the terminal device a plurality of information input marks and a slider operation mark corresponding to the slider puzzle, and verifying each of the information input marks and the slider operation target Whether comply with a preset rule; if each of the input information flag of the slider and are in line with the operation flag preset rule, to the terminal device transmits the password reset instructions to guide the user to a password reset.
  19. 一种具有处理器可执行的非易失的程序代码的计算机可读介质,其特征在于,所述程序代码使所述处理器执行所述权利要求1-14任一项所述方法。 A computer readable medium having processor-executable non-volatile program code, the program code causing the processor to perform the method of any of claims 1-14.
PCT/CN2017/079616 2016-10-20 2017-04-06 Password reset method, apparatus, terminal device and server, and computer-readable medium WO2018072403A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610916303.7 2016-10-20
CN201610916303.7A CN106330437A (en) 2016-10-20 2016-10-20 Password resetting method and device

Publications (1)

Publication Number Publication Date
WO2018072403A1 true WO2018072403A1 (en) 2018-04-26

Family

ID=57819191

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/079616 WO2018072403A1 (en) 2016-10-20 2017-04-06 Password reset method, apparatus, terminal device and server, and computer-readable medium

Country Status (2)

Country Link
CN (1) CN106330437A (en)
WO (1) WO2018072403A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511296A (en) * 2020-11-17 2021-03-16 北京天融信网络安全技术有限公司 Password management method, device, computer equipment and medium
CN113496017A (en) * 2020-04-08 2021-10-12 阿里巴巴集团控股有限公司 Verification method, device, equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330437A (en) * 2016-10-20 2017-01-11 武汉斗鱼网络科技有限公司 Password resetting method and device
CN107770046B (en) * 2017-09-29 2020-11-13 上海掌门科技有限公司 Method and equipment for picture arrangement
CN108494795A (en) * 2018-04-11 2018-09-04 苏州锦佰安信息技术有限公司 A kind of auth method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104378343A (en) * 2014-05-21 2015-02-25 腾讯科技(深圳)有限公司 Network account password regain method, device and system
CN104580104A (en) * 2013-10-24 2015-04-29 深圳市腾讯计算机***有限公司 Method, device and system for identity verification
CN104796428A (en) * 2015-04-30 2015-07-22 中国联合网络通信集团有限公司 Dynamic verification method, client side, server and system
CN104917720A (en) * 2014-03-10 2015-09-16 腾讯科技(深圳)有限公司 Method and device for resetting password
CN105323065A (en) * 2014-07-21 2016-02-10 腾讯科技(深圳)有限公司 Safety verification method and device
US20160226853A1 (en) * 2015-02-02 2016-08-04 Interactive Intelligence, Inc. Secret Supplemental Username
CN106330437A (en) * 2016-10-20 2017-01-11 武汉斗鱼网络科技有限公司 Password resetting method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647461B (en) * 2012-03-29 2016-05-04 北京奇虎科技有限公司 Communication means based on HTTP, server, terminal
CN102801735A (en) * 2012-08-28 2012-11-28 吴渊 Network authentication method and system based on behavior mode
CN105337940B (en) * 2014-08-04 2018-11-02 优视科技有限公司 A kind of page verification method, client, server and system
CN105141631B (en) * 2015-09-21 2019-06-11 宇龙计算机通信科技(深圳)有限公司 The methods, devices and systems that a kind of terminal, server and account safety log in

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580104A (en) * 2013-10-24 2015-04-29 深圳市腾讯计算机***有限公司 Method, device and system for identity verification
CN104917720A (en) * 2014-03-10 2015-09-16 腾讯科技(深圳)有限公司 Method and device for resetting password
CN104378343A (en) * 2014-05-21 2015-02-25 腾讯科技(深圳)有限公司 Network account password regain method, device and system
CN105323065A (en) * 2014-07-21 2016-02-10 腾讯科技(深圳)有限公司 Safety verification method and device
US20160226853A1 (en) * 2015-02-02 2016-08-04 Interactive Intelligence, Inc. Secret Supplemental Username
CN104796428A (en) * 2015-04-30 2015-07-22 中国联合网络通信集团有限公司 Dynamic verification method, client side, server and system
CN106330437A (en) * 2016-10-20 2017-01-11 武汉斗鱼网络科技有限公司 Password resetting method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113496017A (en) * 2020-04-08 2021-10-12 阿里巴巴集团控股有限公司 Verification method, device, equipment and storage medium
CN112511296A (en) * 2020-11-17 2021-03-16 北京天融信网络安全技术有限公司 Password management method, device, computer equipment and medium

Also Published As

Publication number Publication date
CN106330437A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
WO2018072403A1 (en) Password reset method, apparatus, terminal device and server, and computer-readable medium
US9231925B1 (en) Network authentication method for secure electronic transactions
US20160080157A1 (en) Network authentication method for secure electronic transactions
TWI454111B (en) Techniques for ensuring authentication and integrity of communications
RU2512118C2 (en) Protocol for device to station association
CN112425114B (en) Password manager protected by public key-private key pair
CN106790183A (en) Logging on authentication method of calibration, device
KR101744747B1 (en) Mobile terminal, terminal and method for authentication using security cookie
US20140351583A1 (en) Method of implementing a right over a content
CN111625829A (en) Application activation method and device based on trusted execution environment
KR102137122B1 (en) Security check method, device, terminal and server
CN111178884A (en) Information processing method, device, equipment and readable storage medium
CN110177111B (en) Information verification method, system and device
CN104283686A (en) Digital right management method and system
JP2018519562A (en) Method and system for transaction security
US20140304510A1 (en) Secure authentication system with automatic cancellation of fraudulent operations
CN106027574A (en) Identity authentication method and device
US10397217B2 (en) Authentication methods and authentication apparatuses
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
EP3716564B1 (en) Method for resetting password, request terminal and check terminal
TWI546698B (en) Login system based on servers, login authentication server, and authentication method thereof
CN110659474A (en) Inter-application communication method, device, terminal and storage medium
CN110968878A (en) Information transmission method, system, electronic device and readable medium
CN114124515A (en) Bidding transmission method, key management method, user verification method and corresponding device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17861426

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17861426

Country of ref document: EP

Kind code of ref document: A1