WO2018072403A1 - Procédé de réinitialisation de mot de passe, appareil, dispositif terminal et serveur, et support lisible par ordinateur - Google Patents

Procédé de réinitialisation de mot de passe, appareil, dispositif terminal et serveur, et support lisible par ordinateur Download PDF

Info

Publication number
WO2018072403A1
WO2018072403A1 PCT/CN2017/079616 CN2017079616W WO2018072403A1 WO 2018072403 A1 WO2018072403 A1 WO 2018072403A1 CN 2017079616 W CN2017079616 W CN 2017079616W WO 2018072403 A1 WO2018072403 A1 WO 2018072403A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
slider
information input
user information
terminal device
Prior art date
Application number
PCT/CN2017/079616
Other languages
English (en)
Chinese (zh)
Inventor
郝梦茹
周志刚
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2018072403A1 publication Critical patent/WO2018072403A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • the present application relates to the field of Internet technologies, and in particular, to a password reset method, apparatus, terminal device, and server, and computer readable medium.
  • each website provides an account password login function.
  • the user needs to input a valid account and password on the website.
  • the website verifies the account and password. After the verification is passed, the user logs in successfully, otherwise the login fails.
  • the password resetting process in the related art is roughly as follows: the user inputs user information, such as a nickname and a mobile phone number, on the website page provided by the terminal device, and the terminal device sends the user information to the server, and the server verifies whether the user information is correct, if correct Then, the terminal device is used to guide the user to reset the password. If not, the user information is prompted to be incorrect through the terminal device.
  • user information such as a nickname and a mobile phone number
  • the terminal device sends the user information to the server, and the server guides the user to reset the password after verifying that the obtained user information is correct.
  • the communication protocol between the terminal device and the server in the related art is easily cracked by a hacker. After the hacker cracks the communication protocol between the terminal device and the server, the communication data between the terminal device and the server can be intercepted, or the terminal device can be bypassed. Communicate directly with the server, pretending to reset the password, causing the user's password to be stolen.
  • the purpose of the present application is to provide a password reset method, apparatus, terminal device, and server, computer readable medium, to improve the difficulty of cracking a communication protocol between a terminal device and a server, and to reduce the stolen user password. risk.
  • the embodiment of the present application provides a password resetting method, including: providing a password resetting interface according to a password resetting instruction of a user, where the password resetting interface includes one-to-one correspondence with each user information.
  • User information input box and slider puzzle the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and is received through the user information input box.
  • the information input flag corresponding to the user information is generated; when the user slides the slider puzzle, the slider operation mark corresponding to the slider puzzle is generated; When the plurality of the information input marks corresponding to the user information are one-to-one and the completion result of the slider puzzle is correct, each of the information input marks and the slider operation mark are sent to the server, so that the server according to each The information input tag and the slider operation flag direct the user to perform a password reset.
  • the embodiment of the present application provides the first possible implementation manner of the first aspect, wherein the generating the information input identifier corresponding to the user information comprises: using the first preset algorithm to the first preset The parameter performs an operation to generate an information input tag corresponding to the user information, where the first preset parameter includes a current date or all or part of the content of the user information.
  • the slider operation mark corresponding to the slider puzzle includes: calculating a second preset parameter by using a second preset algorithm, and generating a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter Includes current date.
  • the embodiment of the present application provides a third possible implementation manner of the first aspect, where the information parameter is set corresponding to the user information input box, and the information input identifier corresponding to the user information is generated, including: The information parameter is assigned a first preset protocol value, and an information input tag corresponding to the user information is generated.
  • the embodiment of the present application provides a fourth possible implementation manner of the first aspect, wherein the slider operation parameter is set by the corresponding slider operation, and the slider operation flag corresponding to the slider puzzle is generated, including: The slider parameter is assigned to the second preset protocol value, and the slider operation mark corresponding to the slider puzzle is generated.
  • the embodiment of the present application provides a fifth possible implementation manner of the first aspect, wherein after the user information input by the user is received by the user information input box, the method further includes: Sending the user information to the server, so that the server checks whether the user information is correct; after receiving the instruction that each user information sent by the server is verified to be correct, the sliding is performed. The block puzzle becomes slidable.
  • the embodiment of the present application provides the sixth possible implementation manner of the first aspect, wherein the sending the information input flag and the slider operation flag to the server include: Each of the information input tag and the slider operation flag is encrypted, and each of the information input tag and the ciphertext of the slider operation flag is transmitted to the server.
  • the embodiment of the present application provides a password resetting method, including: determining, during a user requesting password resetting process, whether multiple information input tags corresponding to each user information are received from a terminal device. And a slider operation mark corresponding to the slider puzzle; wherein the user information includes a user account, and further includes one or more of a user name, a user mobile phone number, and a user's answer to the specified question, and the information input is marked as
  • the terminal device is generated when the user information input by the user is received through the user information input box, and the user information input box is multiple, and the user operation information is in one-to-one correspondence with the user information, and the slider operation is marked as The terminal device is generated when the user slides the slider puzzle, and the user information input box and the slider puzzle are subordinate to the password reset interface, and the password reset interface is reset by the terminal device according to the password of the user.
  • the instruction Provided by the instruction; if receiving a plurality of information input marks corresponding to each user information from the terminal device and a slider corresponding to the slider puzzle Marking, verifying whether each of the information input mark and the slider operation mark meets a preset rule; if each of the information input mark and the slider operation mark conform to the preset rule, The terminal device sends a password reset command to guide the user to perform password reset.
  • the embodiment of the present application provides the first possible implementation manner of the second aspect, wherein the verifying whether each of the information input mark and the slider operation mark meet the preset rule includes: Parsing the information input flag by using a first preset algorithm, and verifying whether the parsing result is a first preset parameter, and if yes, determining that the information input flag conforms to the preset rule, where the first preset parameter includes a current The date or the information input all or part of the content of the user information corresponding to the mark.
  • verifying whether the slider operation flag meets a preset rule comprises: parsing the slider by using a second preset algorithm The operation mark is used to check whether the analysis result is a second preset parameter, and if yes, determining that the slider operation mark conforms to the preset rule, and the second preset parameter Includes current date.
  • the embodiment of the present application provides a third possible implementation manner of the second aspect, wherein the information input flag includes an information parameter, and the verification whether each of the information input tags meets a preset rule
  • the method includes: checking whether the value of the information parameter in the information input tag is a first preset protocol value, and if yes, determining that the information input tag conforms to a preset rule.
  • the embodiment of the present application provides a fourth possible implementation manner of the second aspect, wherein the slider operation flag includes a slider parameter, and whether the slider operation flag meets a preset rule includes : Verify that the value of the slider parameter in the slider operation tag is the second preset protocol value, and if so, determine that the slider operation flag conforms to the preset rule.
  • the embodiment of the present application provides a fifth possible implementation manner of the second aspect, wherein, in determining whether a plurality of information input tags and corresponding slidings corresponding to each user information from the terminal device are received, Before the slider operation of the block puzzle, the method further includes: receiving the user information sent by the terminal device, verifying whether the user information is correct; and when verifying that the user information is correct, the terminal is The device sends the user information to verify the correct instruction.
  • the embodiment of the present application provides a sixth possible implementation manner of the second aspect, wherein each of the information input mark and the slider operation mark are in a cipher text form, and the school Determining whether each of the information input mark and the slider operation mark meets a preset rule, comprising: decrypting each of the information input mark and the slider operation mark to obtain each of the information input marks and the The plaintext of the slider operation mark; whether the plaintext of each of the information input mark and the slider operation mark meets the preset rule.
  • the embodiment of the present application provides a password resetting apparatus, including: an interface providing module, configured to provide a password resetting interface according to a password resetting instruction of a user, where the password resetting interface includes each user a plurality of user information input boxes and slider puzzles corresponding to the information one by one, the user information includes a user account, and further includes one or more of a user name, a user mobile phone number, and an answer of the user to the specified question; a generating module, configured to generate an information input tag corresponding to the user information when the user information input by the user is received by the user information input box, and a second tag generating module, configured to determine that the user slides the slider puzzle And generating a slider operation mark corresponding to the slider puzzle; the mark sending module is configured to generate a plurality of the information input marks corresponding to each piece of the user information and the completion result of the slide puzzle When correct, each of the information input flag and the slider operation flag are sent to a server to cause the server to input according to
  • the embodiment of the present application provides a password resetting apparatus, including: a marking determining module, configured to determine, in a process of applying for a password resetting, whether to receive a one-to-one correspondence with each user information from a terminal device. a plurality of information input marks and a slider operation mark corresponding to the slider puzzle; wherein the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, The information input is generated by the terminal device when the user information input by the user is received through the user information input box, and the user information input box is multiple, and the user information is in one-to-one correspondence with each of the user information.
  • the slider operation flag is generated by the terminal device when determining a user sliding slider puzzle, the user information input box and the slider puzzle are subordinate to a password reset interface, and the password reset interface is the terminal device
  • the mark verification module is configured to receive one-to-one correspondence with each user information from the terminal device.
  • the information input flag and the slider operation mark corresponding to the slider puzzle verifying whether each of the information input mark and the slider operation mark meet the preset rule;
  • the command sending module is configured to input each of the information Mark and The slider operation marks all conform to the preset rule, and send a password reset instruction to the terminal device to guide the user to perform password reset.
  • an embodiment of the present application provides a terminal device, including: a memory configured to store a program, where the processor is configured to execute a method including the following steps by calling a program stored in the memory: according to a user
  • the password resetting instruction provides a password resetting interface, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, the user information including the user account, and the user One or more of a name, a user's mobile phone number, and a user's answer to the specified question; when the user information input box receives the user information input by the user, generating an information input flag corresponding to the user information; When the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle; when generating a plurality of the information input marks corresponding to each piece of the user information and completing the slider puzzle When the result is correct, each of the information input flag and the slider operation flag are sent to the server, so that the server Directing the operation flag of the input
  • an embodiment of the present application provides a server, where the server includes: a memory configured to store a program, and the processor is configured to execute a method including the following steps by calling a program stored in the memory: In the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user
  • the account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box.
  • the user information input box is a plurality of, corresponding to each of the user information
  • the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle
  • the user information is input.
  • the frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is based on the user's
  • the code resetting instruction provides; if receiving a plurality of information input marks corresponding to each user information from the terminal device and a slider operation mark corresponding to the slider puzzle, verifying each of the information input marks and the Whether the slider operation marks all conform to the preset rule; if each of the information input mark and the slider operation mark meets the preset rule, sending a password reset instruction to the terminal device to guide the user Perform a password reset.
  • a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the above method.
  • the method, the device, the terminal device, the server, and the computer readable medium in the embodiment of the present application provide a password reset interface according to the password reset command of the user, and the password reset interface includes one-to-one correspondence with each user information.
  • User information input box and slider puzzle when receiving a user information input by the user through a user information input box, generating an information input mark corresponding to the user information; determining a user to slide the slider puzzle to generate a slider puzzle Corresponding slider operation mark; when generating a plurality of information input marks corresponding to each user information one by one and the result of the completion of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server to make the server The user is prompted to perform a password reset based on each information input tag and slider action tag.
  • the device, the terminal device, the server, and the computer readable medium in the embodiment a plurality of information input marks and sliders are added to the communication content.
  • the operation mark that is, the original communication format and communication content are changed, so that the communication content is more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • FIG. 1 is a schematic diagram of interaction between a server and a terminal device according to a preferred embodiment of the present application
  • FIG. 2 is a schematic flowchart of a terminal device side of a password reset method provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of a password reset interface provided by an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a server side of a password reset method provided by an embodiment of the present application
  • FIG. 5 is a schematic diagram showing the module composition of the password resetting device located on the terminal device side provided by the embodiment of the present application;
  • FIG. 6 is a schematic diagram showing the module composition of the password resetting device on the server side provided by the embodiment of the present application.
  • FIG. 7 is a schematic block diagram of an electronic device provided by an embodiment of the present application.
  • FIG. 1 it is a schematic diagram of a server and a terminal device interacting with a preferred embodiment of the present invention.
  • the server is in communication with one or more terminal devices over a network for data communication or interaction.
  • the server may be a web server, a database server, or the like.
  • the terminal device may be a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), or the like.
  • the embodiment of the present application provides a password resetting method, device, terminal device, server, and computer.
  • the medium is read to improve the difficulty of cracking the communication protocol between the terminal device and the server, and the risk of the user password being stolen is reduced. The following is specifically described in conjunction with the embodiments.
  • FIG. 2 is a schematic flowchart of a terminal device side of a password reset method according to an embodiment of the present disclosure. The method is performed by a terminal device. As shown in FIG. 2, the method includes the following steps:
  • Step S102 providing a password resetting interface according to the password resetting instruction of the user, where the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, and the user information includes a user account, and Includes one or more of the user's name, the user's mobile number, and the user's answer to the specified question.
  • a specific application such as a website APP, or a specific application platform, such as a website page running through a browser, is installed in the terminal device, and the user resets the password through the application or the application platform.
  • the application or the application platform receives a password reset instruction input by the user, and provides a password reset interface to the user.
  • FIG. 3 is a schematic diagram of a password reset interface provided by an embodiment of the present application.
  • the password reset interface includes a plurality of user information input boxes, and each user information input box corresponds to a user information, and the user information includes at least a user account, and includes a user name, a user mobile phone number, and a user pair. One or more of the answers to the specified question, where the specified question can be a secret question that is reserved when the user registers.
  • the user information includes a user account and a user mobile phone number
  • the user information input box includes two, one for inputting a user account and the other for inputting a user mobile phone number.
  • the password reset interface further includes a slider puzzle. When the user drags the slider to the correct position, the application or the application platform determines that the slider puzzle completes the result correctly.
  • the puzzle may be moved while the slider is dragged as shown in FIG. 3, and the user drags the slider to the specified direction along the direction of the slider movement. When the position is, the puzzle is successful.
  • Step S104 When the user information input by the user is received through the user information input box, an information input flag corresponding to the user information is generated.
  • the user information includes a plurality of pieces of information, and each piece of user information corresponds to a user information input box.
  • the terminal device receives a piece of user information input by the user through a user information input box, the user information is generated.
  • Corresponding information input mark which is used to indicate the occurrence of a behavioral action by the user to input user information through the user information input box.
  • the user information input box is activated.
  • the terminal device receives the character information input by the user, and uses the character information as the user information.
  • Each user information input by the user through the user information input box has an information input mark
  • the specific process of the terminal device generating the information input mark corresponding to the user information may be: using the first preset algorithm to calculate the first preset parameter And generating an information input identifier corresponding to the user information, where the first preset parameter includes a current date or all or part of the content of the user information, and the first preset algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
  • the terminal device uses the current date, such as the “day” in the year-month-day as the first preset parameter, and uses the first preset algorithm to symmetrically encrypt the first preset parameter, and the obtained result is used as the user information.
  • Corresponding information input tag When the first preset parameter is the current date, the information input tags corresponding to each user information are consistent.
  • the first preset parameter may be set to all or part of the user information.
  • the first preset parameter is symmetrically encrypted by using the first preset algorithm, and the obtained result is used as the information input tag corresponding to the user information. Since the specific content of each user information is different, all or part of the user information is As the first preset parameter, the contents of each information input mark can be made different, thereby improving the flexibility of the information input mark.
  • the first preset parameter is the current date, such as 20 days, and the character "20" is symmetrically encrypted to obtain an information input mark.
  • the user information is a user account, and all characters of the user account are used as a first preset parameter, and all characters of the user account are asymmetrically encrypted, and an information input identifier corresponding to the user account is obtained;
  • the user information is the user's mobile phone number, and the last four digits of the mobile phone number are used as the first preset parameters, and the last four digits of the mobile phone number are symmetrically encrypted, and the information input mark corresponding to the mobile phone number of the user is obtained.
  • the specific process of the terminal device generating the information input tag corresponding to the user information may be: setting the information parameter corresponding to the user information input box, and receiving the information input by the user through the user information input box,
  • the parameter assignment is a first preset protocol value, and generates an information input tag corresponding to the user information.
  • the user account is a user nickname
  • the information parameter nicknameflag is set.
  • the information parameter nicknameflag is assigned the first preset protocol value of 1, indicating that the user has entered the nickname input action.
  • the user nickname corresponds to the information input tag.
  • the information parameter phoneflag is set, and when the user inputs the user information through the information input box corresponding to the user's mobile phone number, the information parameter nicknameflag is assigned the first preset protocol value of 1, indicating that the user has a mobile phone. Enter the information input tag corresponding to the user's mobile phone number of the action.
  • the specific value of the first preset protocol value is not limited, and different user information input boxes may have different first preset protocol values.
  • the terminal device when the terminal device receives a piece of user information input by the user through a user information input box, the information input tag corresponding to the user information is generated, thereby marking the behavior of the user inputting the user information on the page. Occurs, the purpose of recording user page operations.
  • step S106 when the user slides the slider puzzle, it is determined that the slider operation mark corresponding to the slider puzzle is generated.
  • the terminal device determines the slider puzzle on the user sliding password reset interface
  • the slider operation mark corresponding to the slider puzzle is generated.
  • the terminal device detects that the user clicks the slider on the password reset interface and drags the slider, the terminal device generates a slider operation mark corresponding to the slider puzzle, regardless of whether the completion result of the user's sliding puzzle is correct. , thereby marking the occurrence of the user's behavior of sliding the slider on the password generation interface, and recording the user's page operation.
  • the specific process of the terminal device generating the slider operation mark corresponding to the slider puzzle may be: calculating the second preset parameter by using the second preset algorithm, and generating a slider operation mark corresponding to the slider puzzle, wherein the second pre- The parameter includes a current date, and the second preset algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
  • the terminal device uses the current date, such as the “day” in the year-month-day as the second preset parameter, and symmetrically encrypts the second preset parameter by using the second preset algorithm, and uses the obtained result as a slider.
  • the slider operation mark corresponding to the puzzle is obtained.
  • the first preset parameter is the current date, for example, on the 25th, the character "25" is symmetrically encrypted, and the slider operation mark corresponding to the slider puzzle is obtained.
  • the specific process of generating the slider operation mark corresponding to the slider puzzle may also be: setting the slider parameter corresponding to the slider operation, and determining that the slider parameter is assigned to the second when the user slides the slider puzzle
  • the default protocol value is generated, and the slider operation mark corresponding to the slider puzzle is generated.
  • the specific value of the second preset protocol value is not limited, and the second preset protocol value may be the same as the first preset protocol value, or may be different from the first preset protocol value, and may be set according to actual requirements. .
  • the slider parameter slideflag is set, and when the user slides the slider puzzle, the slider parameter slideflag is assigned a second preset protocol value of 1, and a slider operation flag indicating that the user has slider sliding is obtained.
  • the slider operation mark corresponding to the slider puzzle is generated.
  • the behavior of the user sliding the slider on the page is marked, and the purpose of recording the user page operation is achieved.
  • Step S108 when a plurality of information input marks corresponding to each piece of user information are generated and the completion result of the slider puzzle is correct, each information input mark and the slider operation mark are sent to the server, so that the server inputs according to each information.
  • the tag and slider action tags guide the user through a password reset.
  • the user information includes a plurality of pieces of information, and each piece of user information corresponds to a user information input box.
  • the terminal device receives a piece of user information input by the user through a user information input box, the user information is generated.
  • the corresponding information is input with a flag, so when the user inputs all the user information through all the user information input boxes, the terminal device generates a plurality of information input flags equal to the number of user information (user information input boxes).
  • the terminal device verifies that the completion result of the slider puzzle is correct.
  • the terminal device generates a plurality of information input marks corresponding to each user information one by one and the result of the completion of the slider puzzle is correct.
  • the terminal device sends each information input tag and slider operation flag to the server, so that the server guides the user to perform password reset according to each information input tag and slider operation flag.
  • the method in the embodiment of the present application provides a password reset interface according to a password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information;
  • the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information;
  • the user information input box receives a user information input by the user, generates an information input mark corresponding to the user information;
  • when determining that the user slides the slider puzzle generates a slider operation mark corresponding to the slider puzzle; when generating and
  • each information input mark and the slider operation mark are sent to the server, so that the server guides the user according to each information input mark and the slider operation mark. Perform a password reset.
  • the communication between the terminal device and the server is performed by the method in the embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the terminal device records the page operation of the user by generating a plurality of information input tags and a slider operation flag, indicating that the user performs the actual operation of inputting information, sliding the slider, and the like on the website page. behavior. Since the hacker usually steals the user password and does not operate on the website page, but bypasses the terminal device to directly interact with the server, the information sent by the hacker to the server must not include multiple information input tags and slider operation tags, or include The erroneous information input flag and the slider operation flag, so that the method in the embodiment can also help the server to distinguish whether the received information is from a normal user or a hacker, thereby preventing the hacker from stealing the user password and improving the security of the password. .
  • the method in this embodiment after receiving the user information input by the user through the user information input box, includes:
  • the slider puzzle After receiving the correct command from each user information sent by the server, the slider puzzle is changed to a slidable state.
  • the terminal device can receive the user information in two ways and send the information to the server.
  • the first user information input box on the terminal device control interface is in an input state, and the first user information input box is a user.
  • the account input box the rest of the user information input boxes are not inputable, and the slider puzzle is also unavailable.
  • the terminal device receives When the first user information is input by the user, the terminal device sends the user information to the server, and after receiving the correct command of the user information sent by the server, the next user information input box on the interface is changed to The status can be input, so that the user inputs the next user information.
  • the terminal device receives the next user information input by the user, the next user information is sent to the server, and the next user information is verified at the server.
  • the terminal device When correct, the terminal device changes the next user information input box on the interface to the inputtable state, and repeats until all the user information of the user is input correctly. In this process, when there is a user information error and the number of errors exceeds At the preset value, the terminal device ends the password reset process. After the terminal device receives the correct instruction of verifying the last user information sent by the server, the slider puzzle is changed into a slidable state, so that the user performs the puzzle verification.
  • the terminal device receives the user information input by the user through each user information input box. After receiving all the user information, the terminal device sends all the user information to the server. After the terminal device receives the correct instruction that all the user information sent by the server is correct, The slider puzzle is changed into a slidable state, so that the user performs the puzzle verification.
  • the terminal device receives an instruction of the user information error sent by the server, the prompt information of the user information error is displayed, and when the user information is incorrect, When the number of errors exceeds the preset value, the terminal device ends the password reset process.
  • the server checks whether the user account exists.
  • the server verifies whether the user's mobile phone number exists and matches the user account, and when the user information is a user-specific problem.
  • the answer is that the server verifies that the answer is correct and that the answer matches the user account.
  • the user information includes a user account and a user mobile phone number
  • the terminal device first receives the user account input by the user through the user information input box, and sends the server account to the server to verify whether the user account exists. If yes, the password reset fails. If the account exists, the terminal device generates an information input tag corresponding to the user account, and changes the user mobile phone number input box to an input state, and receives the user mobile phone number through the user mobile phone number input box, and sends the The server verifies whether the mobile phone number matches the user account. If it does not match, the password reset fails. If it matches, the terminal device generates an information input tag corresponding to the user's mobile phone number, and changes the slider puzzle to a slidable state.
  • the terminal device monitors the user sliding the slider, the slider operation mark corresponding to the slider puzzle is generated.
  • the terminal device verifies that the user's slider puzzle completes the result, the password reset fails, and the terminal device verifies the user's slider.
  • the puzzle completes the result correctly, enter the above two information into the marker and a slider. Mark to the server so that the server user password reset flag of the guidance based on the information input two markers and a slide operation.
  • the server When the data received by the server does not exist in the above two information input tags and a slider operation tag or the existing tag content is wrong, the server considers the information to come from the hacker, ends the password reset process, and when the server receives the data, The user is redirected when there are two information input tags and one slider action tag and the tag content is correct.
  • the terminal device When the terminal device receives the non-empty user information, confirm that the user has the action of clicking the user information input box and inputting the information, generating an information input flag to record the user's page operation, and when the terminal device determines that the user slides the slider puzzle To determine that the user has a page operation, generate a slider action tag to record the user's page action.
  • the account number and the mobile phone number can verify which user has lost the password, and the sliding puzzle, the information input mark, and the slider operation mark are added to prevent the hacker from cracking the agreement between the terminal device and the server, bypassing the website page.
  • the slider puzzle also has a user moving the slider bar to move, and the hacker directly communicates with the server when bypassing the terminal device.
  • the operation will not be performed on the website page, and the terminal device will not generate the information input mark and the slider operation mark. Therefore, in the embodiment, the user operations are recorded as the basis for determining whether the password is reset for the normal user, and the user is gradually verified.
  • identity information and logging pages operate greatly enhances the security and reliability of the password reset feature.
  • each information input tag and the slider operation tag are encrypted and sent to the server, and the specific implementation is: encrypting each information input tag and the slider operation flag.
  • the ciphertext of each information input mark and the slider operation mark is sent to the server, thereby improving the security of data transmission by encrypting communication.
  • the encryption algorithm is preferably a DES encryption algorithm, and DES is called Data Encryption Standard, which is a data encryption standard, and is a block algorithm using key encryption.
  • the DES encryption algorithm requires a key value as an encrypted parameter.
  • the key value of the embodiment is randomly generated by the server and then sent to the terminal device.
  • the key values of the users are different, so that each tag is encrypted by the same DES algorithm, and the encryption results of the users are different.
  • the security of the communication protocol between the terminal device and the server correspondingly, in this embodiment, the terminal device encrypts each information input tag and the slider operation flag according to the encryption parameter (key value) corresponding to the current user delivered by the server, and inputs each information into the tag and the slider operation tag. The text is sent to the server.
  • the specific encryption process of the DES encryption algorithm is:
  • Flagencryptdata DES.encrypt(flagdata,key);
  • flagencryptdata is the result of all the tags encrypted, sent directly to the server, DES.encrypt is the encryption interface of the DES encryption algorithm, flagdata is the DES encrypted data, is a combination of all the above tags, the key is issued by the server The key value of the DES encryption algorithm.
  • the specific decryption process is as follows:
  • Flagdecryptdata is the final decrypted data
  • DES.decrypt is the decryption interface of the DES algorithm
  • flagencryptdata is the encrypted data reported by the terminal device
  • key is the encryption key sent by the server to the terminal device.
  • the encryption of each information input tag and the slider operation flag is performed, in particular, the DES encryption algorithm is used to encrypt the mutually different key values generated by the server for different users, thereby ensuring the security of the tag and preventing the hacker. Forged data.
  • the server After receiving the encrypted data sent by the terminal device, the server decrypts the data, and determines whether the decrypted data is each tag generated by the terminal device. If yes, it is determined to be a normal user, and the password reset is performed. If not, Then terminate the password reset process. It should be noted that the manner in which the terminal device generates each tag is agreed with the server in advance, so the server can determine whether the decrypted data is a tag generated by the terminal device, and if the server does not connect. Receiving the encrypted data also terminates the password reset process (this is because the hacker cannot crack the encrypted data, causing the hacker to send encrypted data to the server).
  • the embodiment of the present application further provides a password reset method performed by a server, where the method includes the following steps:
  • Step S302 in the process of the user requesting password reset, determining whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device;
  • the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device receiving the user input user information through the user information input box.
  • Time generation, user information input box is multiple, one-to-one correspondence with each user information
  • the slider operation mark is generated by the terminal device when determining the user sliding slider puzzle
  • the user information input box and the slider puzzle are subordinate to the password reset.
  • the interface and password reset interface are provided by the terminal device according to the user's password reset instruction.
  • each user information, each user information input box, and each information input mark are in one-to-one correspondence.
  • the server determines whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device.
  • the slider puzzle may be moved while the slider is dragged as shown in FIG. 3, and when the user drags the slider to the specified position along the direction of the slider movement, the puzzle success.
  • Step S304 if a plurality of information input marks corresponding to each piece of user information from the terminal device and a slider operation mark corresponding to the slider puzzle are received, verify whether each information input mark and the slider operation mark are consistent. Preset rules.
  • the manner in which the terminal device generates each tag is agreed with the server in advance, such as:
  • the terminal device uses the first preset algorithm to calculate the first preset parameter, and generates an information input flag corresponding to the user information, where the first preset parameter includes the current date or all or part of the user information.
  • the first preset algorithm is a symmetric encryption algorithm or an asymmetric encryption algorithm;
  • the terminal device uses the second preset algorithm to calculate the second preset parameter, and generates a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter includes the current date, and the second preset algorithm is symmetric encryption. Algorithm or asymmetric encryption algorithm.
  • the preset rule refers to the parameters and algorithms used when generating each mark, and the server verifies whether each information input mark and the slider operation mark meet the preset rule.
  • the server parses the information input tag by using the first preset algorithm, where the first preset algorithm is the same as the first preset algorithm used by the terminal device to generate the information input tag.
  • the server determines whether the parsing result is the first preset parameter, where the first preset parameter is the same as the first preset parameter used by the terminal device to generate the information input flag, and if it is the first preset parameter, determining that the information input tag is consistent Preset rules.
  • a specific implementation manner may be: the user information is a mobile phone number of the user, and the first preset algorithm is a symmetric encryption algorithm, where the first preset information is the last four digits of the mobile phone number of the user, and the terminal device performs the last four digits of the mobile phone number of the user. Symmetric encryption, which obtains the information input tag corresponding to the user's mobile phone number.
  • the server parses the information input tag by using the same symmetric encryption algorithm, and determines whether the analysis result is the last four digits of the user's mobile phone number. If yes, it determines that the information input tag conforms to the preset rule.
  • the server parses the slider operation flag by using a second preset algorithm, wherein the second preset algorithm is the same as the second preset algorithm used when the terminal device generates the slider operation flag.
  • the server determines whether the parsing result is a second preset parameter, where the second preset parameter is the same as the second preset parameter used by the terminal device to generate the slider operation flag, and if it is the second preset parameter, determining the slider operation
  • the tag complies with the preset rules.
  • a specific implementation manner may be: the terminal device is a current date, such as "day” in the year-month-day as the second preset parameter, and the second preset parameter is symmetrically encrypted by using the second preset algorithm, The result obtained is used as a slider operation mark corresponding to the slider puzzle.
  • the server receives the slider operation mark, it uses the same symmetric encryption algorithm to parse the slider operation mark to determine whether the analysis result is "day" in the current date, and if so, it determines that the slider operation mark conforms to the preset rule.
  • the information parameter is set corresponding to the user information input box, and the information parameter is assigned to the first preset protocol value, and the information input flag corresponding to the user information is generated;
  • the block operation sets the slider parameter to determine when the user slides the slider puzzle, assigns the slider parameter to the second preset protocol value, and generates a slider operation mark corresponding to the slider puzzle.
  • whether the server verification information input flag meets the preset rule may be: whether the value of the information parameter in the verification information input tag is the first preset protocol value, and if yes, determining that the information input tag conforms to the preset rule. Verify that the value of the slider parameter in the slider operation marker is the second default protocol value, and if so, determine that the slider operation marker conforms to the preset rule.
  • each mark can be verified is not specifically limited, and may be determined based on actual conditions.
  • Step S306 if each information input flag and the slider operation flag meet the preset rule, a password reset instruction is sent to the terminal device to guide the user to perform password reset.
  • a password reset instruction is sent to the terminal device to guide the user to perform password reset.
  • the error causes the hacker to send the data to the server including the various tags of the error, so when the server does not receive a plurality of information input tags corresponding to each user information and a slider operation flag corresponding to the slider puzzle, or the server
  • the confirmation data comes from the abnormal user, and the password reset process is ended.
  • the server determines whether a plurality of information input tags corresponding to each user information and a slider operation mark corresponding to the slider puzzle are received from the terminal device during the user application password reset process. If received, verify whether each information input mark and the slider operation mark meet the preset rule; if each information input mark and the slider operation mark meet the preset rule, send a password reset instruction to the terminal device, Guide the user to reset the password.
  • a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format and communication are changed. The content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the terminal device records the page operation of the user by generating a plurality of information input tags and a slider operation flag, indicating that the user performs the actual operation of inputting information, sliding the slider, and the like on the website page. behavior. Since the hacker usually steals the user password and does not operate on the website page, but bypasses the terminal device to directly interact with the server, the information sent by the hacker to the server must not include multiple information input tags and slider operation tags, or include The erroneous information input flag and the slider operation flag, so that the method in the embodiment can also help the server to distinguish whether the received information is from a normal user or a hacker, thereby preventing the hacker from stealing the user password and improving the security of the password. .
  • the server in this embodiment is also capable of verifying the user information sent by the terminal device, specifically, determining whether to receive the one-to-one correspondence with each user information from the terminal device.
  • the method in this embodiment further includes:
  • the server can verify whether the user information is correct in two ways.
  • One method is: when the terminal device sends user information one by one, the server receives the first user information sent by the terminal device, and verifies whether the first user information is correct, such as whether the account name exists, and if the verification passes, the method is The terminal device sends a correct verification command, and the server receives the second user information sent by the terminal device, such as a mobile phone number, and verifies whether the mobile phone number matches the account name. If it matches, the correct command is sent to the terminal device, and the loop is performed. Until the last user information is verified to be correct, and the verification result is sent to the terminal device.
  • Another way is that when the terminal device sends multiple user information at the same time, the server receives all user information, verifies all user information, and sends the verification result to the terminal device.
  • the verification of each user information ensures that the user is reset to the password when the user information is correct, thereby further ensuring the security of the password reset.
  • the server in this embodiment is also capable of parsing the encrypted tag. Specifically, each information input tag and the slider operation tag are in cipher text form, and each information input tag and slide are verified. Whether the block operation flags are consistent with the above preset rules may be:
  • each information input mark and the slider operation mark are decrypted according to the key value previously delivered to the terminal device, and the plaintext of each information input mark and the slider operation mark is obtained. And verify that the plaintext of each information input mark and the slider operation mark meet the above preset rules.
  • decryption process reference may be made to the description of the terminal device side, and details are not described herein again.
  • the server randomly generates a key value corresponding to each user, the tag encryption results of the respective users are mutually out of phase. In the same way, the security of the mark can be further ensured to prevent the hacker from forging data.
  • the password resetting method in the embodiment of the present application can improve the difficulty of cracking the communication protocol, reduce the risk of the user password being stolen, and help the server to discriminate and not receive the password. Whether the information comes from normal users or from hackers, thus preventing hackers from stealing user passwords and improving password security.
  • the embodiment of the present application further provides a password resetting device, which is located on the terminal device side, and may be located inside the terminal device or outside the terminal device, including :
  • the interface providing module 41 is configured to provide a password reset interface according to the password reset command of the user, where the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, and the user information includes the user.
  • the account number also includes one or more of the user name, the user's mobile phone number, and the user's answer to the specified question;
  • the first mark generating module 42 is configured to generate an information input mark corresponding to the user information when the user information input by the user is received by the user information input box;
  • a second mark generating module 43 is configured to: when the user slides the slider puzzle, generate a slider operation mark corresponding to the slider puzzle;
  • the tag sending module 44 is configured to: when generating a plurality of information input tags corresponding to each piece of user information and the completion result of the slider jig is correct, send each information input tag and the slider operation tag to the server, so that the server The user is prompted to perform a password reset based on each information input tag and slider action tag.
  • the first mark generating module 42 is specifically configured to: perform operation on the first preset parameter by using the first preset algorithm, and generate an information input mark corresponding to the user information, where the first preset parameter includes a current date or user information. All or part of the content.
  • the second mark generating module 43 is specifically configured to: use the second preset algorithm to calculate the second preset parameter, and generate a slider operation mark corresponding to the slider puzzle, wherein the second preset parameter includes the current date.
  • the device in the embodiment of the present application provides a password reset interface according to the password reset command of the user, and the password reset interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information;
  • the user information input box receives a user information input by the user, generates an information input mark corresponding to the user information; when determining that the user slides the slider puzzle, generates a slider operation mark corresponding to the slider puzzle; when generating and
  • each information input mark and the slider operation mark are sent to the server, so that the server guides the user according to each information input mark and the slider operation mark. Perform a password reset.
  • the communication between the terminal device and the server is performed by the device in this embodiment, a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the device in this embodiment further includes: an information sending module, configured to: after receiving the user information input by the user through the user information input box, the user information is included in the case that the user information input by the user equipment is incorrect. Send to the server, so that the server verifies that the user information is correct; the state transition module is configured to change the slider puzzle into a slidable state after receiving the correct instruction of each user information sent by the server.
  • the above-mentioned tag sending module 44 is specifically used for:
  • the information input tag and the slider operation tag are encrypted, and the ciphertext of each information input tag and slider operation tag is sent to the server.
  • the embodiment of the present application further provides a password resetting device, which is located on the server side, and may be located inside the server or outside the server, and includes:
  • the tag determining module 51 is configured to determine, during the user requesting password resetting process, whether to receive a plurality of information input tags and a slider operation flag corresponding to the slider puzzles corresponding to each user information from the terminal device;
  • the user information includes a user account, and further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, and the information input is marked by the terminal device receiving the user input user information through the user information input box.
  • Time generation, user information input box is multiple, one-to-one correspondence with each user information
  • the slider operation mark is generated by the terminal device when determining the user sliding slider puzzle
  • the user information input box and the slider puzzle are subordinate to the password reset.
  • the interface and the password reset interface are provided by the terminal device according to the user's password reset instruction;
  • the mark verification module 52 is configured to check each information input mark and the slider if receiving a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information from the terminal device. Whether the operation flags are consistent with the preset rules;
  • the command sending module 53 is configured to send a password reset command to the terminal device to guide the user to perform password reset if each information input flag and the slider operation flag meet the preset rule.
  • the tag verification module 52 includes: a first verification sub-module, configured to parse the information input tag by using the first preset algorithm, and verify whether the parsing result is the first preset parameter, and if yes, determine that the information input tag meets the pre-determination Setting a rule, the first preset parameter includes the current date or all or part of the content of the user information corresponding to the information input mark; the second syndrome module is configured to parse the slider operation mark by the second preset algorithm, and verify the analysis result. Whether it is the second preset parameter, if yes, it is determined that the slider operation mark conforms to the preset rule, and the second preset parameter includes the current date.
  • the server determines whether a plurality of information input tags corresponding to each user information and a slider operation mark corresponding to the slider puzzle are received from the terminal device during the user request password reset process. If received, verify whether each information input mark and the slider operation mark meet the preset rule; if each information input mark and the slider operation mark meet the preset rule, send a password reset instruction to the terminal device, Guide the user to reset the password.
  • a plurality of information input marks and slider operation marks are added to the communication content, that is, the original communication format is changed. And the communication content makes the communication content more, thereby improving the difficulty of cracking the communication protocol between the terminal device and the server, and reducing the risk of the user password being stolen.
  • the server in this embodiment is also capable of verifying the user information sent by the terminal device.
  • the device further includes: an information verification module, configured to determine whether to receive the user information from the terminal device. Before receiving the corresponding information input mark and the slider operation mark corresponding to the slider puzzle, receiving the user information sent by the terminal device, verifying whether the user information is correct; and the result sending module, when verifying that the user information is correct, to the terminal The device sends the user information to verify the correct command.
  • the verification of each user information ensures that the user is reset to the password when the user information is correct, thereby further ensuring the security of the password reset.
  • the server in this embodiment is also capable of parsing the encrypted mark.
  • each information input mark and the slider operation mark are in cipher text form, and the mark check module 52 includes: a decryption sub-module for each information.
  • the input mark and the slider operation mark are decrypted to obtain the plaintext of each information input mark and the slider operation mark; the plaintext check sub-module is used to check whether the plaintext of each information input mark and the slider operation mark conform to the preset rule. .
  • the server randomly generates the key value corresponding to each user, so that the tag encryption results of the respective users are different from each other, the security of the tag can be further ensured, and the hacker is prevented from forging data.
  • the password resetting device in the embodiment of the present application combined with the cooperation between the terminal device and the server side, can improve the difficulty of cracking the communication protocol, reduce the risk of the user password being stolen, and help the server identify the other receiving. Whether the information comes from normal users or from hackers, thus preventing hackers from stealing user passwords and improving password security.
  • the embodiment of the present application further provides an electronic device.
  • FIG. 7 is a schematic block diagram of an electronic device 60 in accordance with an embodiment of the present application.
  • the electronic device 60 provided by the embodiment of the present application includes: a memory 61 and a processor 62.
  • the memory 61 is for storing a program.
  • the processor 62 is configured to execute by calling a program stored in the memory 61.
  • the electronic device 60 may be the terminal device or the server described above.
  • the processor 62 calls a program stored in the memory 61 to perform a method including the following steps:
  • the password resetting interface includes a plurality of user information input boxes and slider puzzles corresponding to each user information, wherein the user information includes a user account, And including one or more of a user name, a user's mobile phone number, and a user's answer to the specified question; and when the user information input box receives the user information input by the user, generating an information input identifier corresponding to the user information;
  • the user slides the slider puzzle, generating a slider operation mark corresponding to the slider puzzle; when generating a plurality of the information input marks corresponding to each piece of the user information and the slider puzzle
  • each of the information input flag and the slider operation flag are sent to the server, so that the server guides the user to perform a password according to each of the information input flag and the slider operation flag.
  • the processor 62 calls a program stored in the memory 61 to perform a method including the following steps:
  • the terminal device determines whether a plurality of information input marks and a slider operation mark corresponding to the slider puzzle corresponding to each piece of user information are received from the terminal device; wherein the user information includes the user
  • the account number further includes one or more of a user name, a user's mobile phone number, and a user's answer to the specified question, the information input being marked by the terminal device receiving the user information input by the user through the user information input box.
  • the user information input box is a plurality of, corresponding to each of the user information
  • the slider operation mark is generated by the terminal device when determining a user sliding slider puzzle, and the user information is input.
  • the frame and the slider puzzle are subordinate to a password reset interface, and the password reset interface is provided by the terminal device according to a password reset command of the user; if receiving the one-to-one correspondence with each user information from the terminal device a plurality of information input marks and a slider operation mark corresponding to the slider puzzle, and verifying each of the information input marks and the slider operation target Whether comply with a preset rule; if each of the input information flag and the operation flag slider comply The preset rule sends a password reset instruction to the terminal device to guide the user to perform password reset.
  • the processor 62 executes various function applications and data processing by running the above-described programs stored in the memory 61.
  • the memory 61 may include, but is not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM), erasable read-only Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like.
  • the processor 62 may execute the foregoing method stored in the memory 61 after receiving the execution instruction, and implement the method defined by the flow disclosed in any of the foregoing embodiments of the present application.
  • Processor 62 can be an integrated circuit chip with signal processing capabilities.
  • the processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processor (DSP) or an application specific integrated circuit (ASIC). ), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • FIG. 7 is merely illustrative, and the electronic device 60 may further include more or less components than those shown in FIG. 7, or have a different configuration from that shown in FIG.
  • the components shown in Figure 7 can be implemented in hardware, software, or a combination thereof.
  • the modules and units of the apparatus in the foregoing embodiments may be implemented by software code.
  • the modules and units described above may be stored in the memory 601 of the electronic device 60.
  • the above modules and units can also be implemented by hardware such as an integrated circuit chip.
  • the password resetting device provided by the embodiment of the present application may be specific hardware on the device or software or firmware installed on the device.
  • the implementation principle and the technical effects of the device provided by the embodiment of the present application are the same as those of the foregoing method embodiment.
  • a person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working processes of the foregoing system, the device and the unit can refer to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some communication interface, device or unit, and may be electrical, mechanical or otherwise.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in the embodiment provided by the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present application, or the part contributing to the related art, or the part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

La présente invention concerne un procédé de réinitialisation de mot de passe, un appareil, un dispositif de traitement et un serveur, et un support lisible par ordinateur, le procédé consistant à : fournir une interface de réinitialisation de mot de passe en fonction d'une instruction de réinitialisation de mot de passe d'un utilisateur, l'interface de réinitialisation de mot de passe comprenant une pluralité de boîtes d'entrée d'informations d'utilisateur et des casse-têtes à blocs coulissants qui sont en correspondance biunivoque avec diverses informations d'utilisateur ; générer une marque d'entrée d'informations correspondant aux informations d'utilisateur lors de la réception des informations d'utilisateur entrées par l'utilisateur au moyen des boîtes d'entrée d'informations d'utilisateur ; générer une marque d'opération de coulissement de bloc correspondant à un casse-tête à blocs coulissants lors de la détermination selon laquelle l'utilisateur fait coulisser un bloc du casse-tête ; et envoyer à un serveur chaque marque d'entrée d'informations et les marques d'opération de coulissement de bloc lorsque la pluralité des marques d'entrée d'informations qui sont en correspondance biunivoque avec les diverses informations d'utilisateur sont générées et qu'un résultat d'achèvement du casse-tête à blocs coulissants est correct, de sorte que le serveur ordonne à l'utilisateur de réinitialiser un mot de passe en fonction de chaque marque d'entrée d'informations et des marques d'opération de coulissement de bloc. Au moyen du procédé, de l'appareil, du dispositif de traitement et du serveur de réinitialisation de mot de passe de la présente invention, la difficulté de craquage d'un protocole de communication entre un dispositif terminal et un serveur peut être augmentée, et le risque de vol d'un mot de passe d'utilisateur peut être réduit.
PCT/CN2017/079616 2016-10-20 2017-04-06 Procédé de réinitialisation de mot de passe, appareil, dispositif terminal et serveur, et support lisible par ordinateur WO2018072403A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610916303.7A CN106330437A (zh) 2016-10-20 2016-10-20 密码重设方法及装置
CN201610916303.7 2016-10-20

Publications (1)

Publication Number Publication Date
WO2018072403A1 true WO2018072403A1 (fr) 2018-04-26

Family

ID=57819191

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/079616 WO2018072403A1 (fr) 2016-10-20 2017-04-06 Procédé de réinitialisation de mot de passe, appareil, dispositif terminal et serveur, et support lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN106330437A (fr)
WO (1) WO2018072403A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511296A (zh) * 2020-11-17 2021-03-16 北京天融信网络安全技术有限公司 密码管理方法、装置、计算机设备和介质
CN113496017A (zh) * 2020-04-08 2021-10-12 阿里巴巴集团控股有限公司 验证方法、装置、设备和存储介质

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330437A (zh) * 2016-10-20 2017-01-11 武汉斗鱼网络科技有限公司 密码重设方法及装置
CN107770046B (zh) * 2017-09-29 2020-11-13 上海掌门科技有限公司 一种用于拼图的方法与设备
CN108494795A (zh) * 2018-04-11 2018-09-04 苏州锦佰安信息技术有限公司 一种身份验证方法和装置

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104378343A (zh) * 2014-05-21 2015-02-25 腾讯科技(深圳)有限公司 网络账号的密码找回方法、装置及***
CN104580104A (zh) * 2013-10-24 2015-04-29 深圳市腾讯计算机***有限公司 身份验证的方法、装置及***
CN104796428A (zh) * 2015-04-30 2015-07-22 中国联合网络通信集团有限公司 一种动态验证方法、客户端、服务器和***
CN104917720A (zh) * 2014-03-10 2015-09-16 腾讯科技(深圳)有限公司 密码重置的方法及装置
CN105323065A (zh) * 2014-07-21 2016-02-10 腾讯科技(深圳)有限公司 一种安全验证方法及装置
US20160226853A1 (en) * 2015-02-02 2016-08-04 Interactive Intelligence, Inc. Secret Supplemental Username
CN106330437A (zh) * 2016-10-20 2017-01-11 武汉斗鱼网络科技有限公司 密码重设方法及装置

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647461B (zh) * 2012-03-29 2016-05-04 北京奇虎科技有限公司 基于超文本传输协议的通信方法、服务器、终端
CN102801735A (zh) * 2012-08-28 2012-11-28 吴渊 基于行为方式的网络验证方法及***
CN105337940B (zh) * 2014-08-04 2018-11-02 优视科技有限公司 一种页面验证方法、客户端、服务器和***
CN105141631B (zh) * 2015-09-21 2019-06-11 宇龙计算机通信科技(深圳)有限公司 一种终端、服务器及账户安全登录的方法、装置和***

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580104A (zh) * 2013-10-24 2015-04-29 深圳市腾讯计算机***有限公司 身份验证的方法、装置及***
CN104917720A (zh) * 2014-03-10 2015-09-16 腾讯科技(深圳)有限公司 密码重置的方法及装置
CN104378343A (zh) * 2014-05-21 2015-02-25 腾讯科技(深圳)有限公司 网络账号的密码找回方法、装置及***
CN105323065A (zh) * 2014-07-21 2016-02-10 腾讯科技(深圳)有限公司 一种安全验证方法及装置
US20160226853A1 (en) * 2015-02-02 2016-08-04 Interactive Intelligence, Inc. Secret Supplemental Username
CN104796428A (zh) * 2015-04-30 2015-07-22 中国联合网络通信集团有限公司 一种动态验证方法、客户端、服务器和***
CN106330437A (zh) * 2016-10-20 2017-01-11 武汉斗鱼网络科技有限公司 密码重设方法及装置

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113496017A (zh) * 2020-04-08 2021-10-12 阿里巴巴集团控股有限公司 验证方法、装置、设备和存储介质
CN112511296A (zh) * 2020-11-17 2021-03-16 北京天融信网络安全技术有限公司 密码管理方法、装置、计算机设备和介质

Also Published As

Publication number Publication date
CN106330437A (zh) 2017-01-11

Similar Documents

Publication Publication Date Title
KR101883156B1 (ko) 인증 시스템 및 방법과 이를 수행하기 위한 사용자 단말, 인증 서버 및 서비스 서버
WO2018072403A1 (fr) Procédé de réinitialisation de mot de passe, appareil, dispositif terminal et serveur, et support lisible par ordinateur
US9231925B1 (en) Network authentication method for secure electronic transactions
US20160080157A1 (en) Network authentication method for secure electronic transactions
TWI454111B (zh) 用於確保通訊之鑑別及完備性的技術
RU2512118C2 (ru) Протокол привязки устройства к станции
CN112425114B (zh) 受公钥-私钥对保护的密码管理器
CN106326763B (zh) 获取电子文件的方法及装置
CN106790183A (zh) 登录凭证校验方法、装置
KR101744747B1 (ko) 휴대 단말기, 단말기 및 보안쿠키를 이용한 인증 방법
US20140351583A1 (en) Method of implementing a right over a content
KR102137122B1 (ko) 보안 체크 방법, 장치, 단말기 및 서버
CN110177111B (zh) 一种信息验证方法、***及装置
CN104283686A (zh) 一种数字版权保护方法及其***
JP2018519562A (ja) 取引セキュリティのための方法及びシステム
US20140304510A1 (en) Secure authentication system with automatic cancellation of fraudulent operations
CN106027574A (zh) 身份认证方法和装置
CN114244522A (zh) 信息保护方法、装置、电子设备及计算机可读存储介质
US10397217B2 (en) Authentication methods and authentication apparatuses
CN113630412B (zh) 资源下载方法、资源下载装置、电子设备以及存储介质
EP3716564B1 (fr) Procédé permettant de réinitialiser un mot de passe, terminal de demande et terminal de vérification
TWI546698B (zh) 基於伺服器的登入系統、登入驗證伺服器及其驗證方法
CN110659474A (zh) 应用间通信方法、装置、终端及存储介质
CN110968878A (zh) 信息传输方法、***、电子设备及可读介质
CN114124515A (zh) 标书传输方法、密钥管理方法、用户验证方法及对应装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17861426

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17861426

Country of ref document: EP

Kind code of ref document: A1