[go: up one dir, main page]

CN113726774B - Client login authentication method, system and computer equipment - Google Patents

Client login authentication method, system and computer equipment Download PDF

Info

Publication number
CN113726774B
CN113726774B CN202111004304.1A CN202111004304A CN113726774B CN 113726774 B CN113726774 B CN 113726774B CN 202111004304 A CN202111004304 A CN 202111004304A CN 113726774 B CN113726774 B CN 113726774B
Authority
CN
China
Prior art keywords
client
verification result
challenge
server
local server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111004304.1A
Other languages
Chinese (zh)
Other versions
CN113726774A (en
Inventor
钱海锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tuya Information Technology Co Ltd
Original Assignee
Hangzhou Tuya Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tuya Information Technology Co Ltd filed Critical Hangzhou Tuya Information Technology Co Ltd
Publication of CN113726774A publication Critical patent/CN113726774A/en
Application granted granted Critical
Publication of CN113726774B publication Critical patent/CN113726774B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application relates to a client login authentication method, a system and computer equipment, which comprise the steps of receiving a login request sent by a user, and verifying user account information in the login request to obtain a first verification result of whether the user account information passes verification; if the first verification result is passed, requesting the local server to perform secondary verification on the login request to obtain a response generated by the local server, and verifying the response to obtain a second verification result; the local server is deployed in a local area network to which the user machine belongs; and determining whether to allow the user to log in according to the second verification result. According to the login authentication method, the user account is prevented from being bound with login equipment or other hardware equipment, the account is not required to be bound with an IP address, and only local services which can be accessed only in a limited range are required to be deployed, so that the limitation of the scheme is avoided, the implementation technical difficulty is low, and no other additional requirements are imposed on operators and factories.

Description

Client login authentication method, system and computer equipment
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a client login authentication method, system, and computer device.
Background
With the development of information technology, basically, each new application corresponds to a web page system, and the system can require a user to perform corresponding login operation to use the system so as to ensure the security of data. For some application systems, however, it is desirable that the restriction system be only available for login in the restriction area in order to provide special protection to the account. Factory production, such as graffiti, requires the use of PMS systems, and for ease of account logging, account usage in the factory may be unlimited in general and not necessarily require binding with humans. However, if staff of the factory jump to another factory, the account number may be taken away, so that a safety hazard exists. Therefore, it is necessary to restrict the account number to be registered in a certain area.
Conventionally, the ways of restricting the account number to log in a certain area are as follows: the account number is bound with the login device, the account number is bound with hardware, the account number is bound with the IP address, and the like. However, each of the above methods has a suitable scenario, such as binding an account with a login device, and because Js cannot obtain hardware information of the device due to security restrictions of a browser, it is quite difficult to bind the login account with the device. Secondly, for the binding mode of the account number and the hardware, js is generally required to be capable of directly or indirectly communicating with the hardware, and the FIDO series standard is available at present, but the problem exists that an operator needs to interact with the hardware to move the flow, and each computer needs to be connected with USB equipment, so that the cost is high. And for the binding mode of the IP address, the limitation is larger, and the factory is required to have a fixed IP address.
Disclosure of Invention
The application provides a client login authentication method, a client login authentication system and computer equipment, which are used for at least solving the problems of more limitation and higher implementation difficulty in a mode of limiting an account login area in the related technology.
In a first aspect, an embodiment of the present application provides a client login authentication method, where the method includes:
receiving a login request sent by a user, and verifying user account information in the login request to obtain a first verification result of whether the user account information passes verification;
if the first verification result is passed, requesting a local server to perform secondary verification on the login request to obtain a response generated by the local server, and verifying the response to obtain a second verification result; the local server is deployed in a local area network to which the user machine belongs;
and determining whether to allow the user to log in according to the second verification result.
In some embodiments, if the first verification result is passed, requesting the local server to perform a second verification on the login request to obtain a response generated by the local server, and performing verification on the response to obtain a second verification result, where the obtaining the second verification result includes:
if the first verification result is that the first verification result is passed, generating a challenge by a server corresponding to the client, and sending the challenge to the client;
after receiving the challenge, the client sends the challenge to the local server so as to request the local server to perform secondary verification on the login request;
the local server encrypts the challenge according to a first preset secret key and a preset encryption algorithm, generates a response corresponding to the challenge and sends the response to the client; the first preset key corresponds to a local area network to which the local server belongs;
the server performs secondary verification on the response according to a second preset secret key and a decryption algorithm corresponding to the preset encryption algorithm to obtain a second verification result; and the second preset key corresponds to a local area network to which the client belongs.
In some of these embodiments, after the client receives the challenge, sending the challenge to the local server includes:
the client requests a local server in an Ajax or websocket mode and sends the challenge to the local server; or alternatively, the first and second heat exchangers may be,
and sending the challenge to the local server through a plug-in installed in the client and capable of accessing the http service.
In some embodiments, the server performs the second verification on the response according to a second preset key and a decryption algorithm corresponding to the preset encryption algorithm, and obtaining the second verification result includes:
the server decodes the response according to the second preset key and the decryption algorithm;
if the obtained decoding result is consistent with the challenge, the second verification result is passed;
and if the obtained decoding result is inconsistent with the challenge or decoding cannot be completed, the second verification result is failed.
In some of these embodiments, the challenge includes a random number of at least 16 bytes.
In some embodiments, the local server is deployed on a PC, raspberry group, or single chip.
In some of these embodiments, the method further comprises: and if the second verification result is not passed, sending out warning information to the reserved equipment.
In a second aspect, an embodiment of the present application provides a client login authentication system, where the system includes:
the client is used for receiving a login request sent by a user;
the server side is corresponding to the client side and is used for verifying the user account information in the login request to obtain a first verification result of whether the user account information passes the verification;
the local server is deployed in the local area network to which the user machine belongs and is used for performing secondary verification on the login request to generate a response when the first verification result is passed;
the server is also used for verifying the response to obtain a second verification result;
the client is further configured to receive the second verification result, and determine whether to allow the user to log in according to the second verification result.
In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the client login authentication method according to the first aspect when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a client login authentication method as described in the first aspect above.
Compared with the related art, the client login authentication method provided by the embodiment of the application comprises the following steps: receiving a login request sent by a user, and verifying user account information in the login request to obtain a first verification result of whether the user account information passes verification; if the first verification result is passed, requesting a local server to perform secondary verification on the login request to obtain a response generated by the local server, and verifying the response to obtain a second verification result; the local server is deployed in a local area network to which the user machine belongs; and determining whether the user is allowed to log in according to the second verification result, so that the problems of more limitation and higher implementation difficulty in a mode of limiting an account login area in the related technology are solved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the other features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a flow diagram of a client login authentication method provided in one embodiment;
FIG. 2 is a block diagram of a client login authentication system provided in one embodiment;
FIG. 3 is an internal block diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described and illustrated below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present application, are within the scope of the present application based on the embodiments provided herein.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the embodiments described herein can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar terms herein do not denote a limitation of quantity, but rather denote the singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The term "plurality" as used herein refers to two or more. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The techniques described in this application may be applied to log in a client, where the client includes a web browser, such as that used by the world wide web, an email client when receiving and sending email, and client software for instant messaging, where the application is described using the client as a web browser.
Fig. 1 is a flowchart of a client login authentication method according to an embodiment, as shown in fig. 1, the client login authentication method includes steps 110 to 130; wherein:
step 110, receiving a login request sent by a user, and verifying the user account information in the login request to obtain a first verification result of whether the user account information passes verification.
The user account information may include a user name and password that the user registers for use. The client receives a login request of a user, and a server corresponding to the client verifies the user account password in the login request. Specifically, the user account information can be configured uniformly by a server administrator, and the assigned user account and the authority corresponding to the user account are bound. When a user logs in a client, the user account number and the corresponding password which are successfully registered before are required to be input, the server confirms the legitimacy of the user by verifying the account number and the password, and only the user which is legally registered in the client can perform subsequent operations.
Step 120, if the first verification result is passed, requesting the local server to perform a second verification on the login request to obtain a response generated by the local server, and verifying the response to obtain a second verification result; the local server is deployed in a local area network to which the user belongs.
If the account number and password of the user are correctly input, the login request of the user is secondarily verified, and whether the user is in the login allowing area or not is verified. In this embodiment, a local server is deployed in a local area network to which a user machine belongs, and a user can access the local server only by logging in the local area network. For example, there are two plants, a and B respectively. The first local server is deployed in the local area network to which the A factory belongs, and the second local server is deployed in the local area network to which the B factory belongs. When a user logs in the A factory, the user can only access the first local service deployed in the A factory, and the login area of the account is judged through the local service.
It will be appreciated that for any one plant, if it is required to ensure that the system can be logged in only inside the plant, then only one local service needs to be deployed in its own plant, ensuring that only the plant inside has access to this local service can effectively restrict personnel outside the plant from logging in to the system.
The local service is generally deployed on an independent machine, and can be a common PC, a small SOC single-board computer such as a raspberry pie, and even a single-chip microcomputer.
Step 130, determining whether to allow the user to log in according to the second verification result.
Because the server side itself is preset with the region in which the account can log in, the user can log in successfully only when comparing the data of the local server and the server side.
Compared with the prior art, the client login authentication method comprises the steps of receiving a login request sent by a user, and verifying user account information in the login request to obtain a first verification result of whether the user account information passes verification. If the first verification result is passed, requesting the local server to perform secondary verification on the login request to obtain a response generated by the local server, and verifying the response to obtain a second verification result; the local server is deployed in a local area network to which the user side belongs. And determining whether to allow the user to log in according to the second verification result. According to the login authentication method, the local service which can only be accessed within the limited range is arranged in the local area network to which the user belongs, after the user account information is verified, the local service is used for carrying out secondary verification on the login request of the user so as to verify whether the user logs in the local area network to which the client belongs, and if the secondary verification is passed, the user is allowed to log in, otherwise, the user is refused to log in, so that the client can be effectively limited to log in only a certain area. Because the method does not need to bind the user account with login equipment or other hardware equipment, and also does not need to bind the account with an IP address, only local services which can be accessed only in a limited range are deployed, the limitation of the scheme is avoided, the implementation technical difficulty is low, and no other additional requirements are imposed on operators and factories.
In some embodiments, if the first verification result is passing, requesting the local server to perform a second verification on the login request to obtain a response generated by the local server, and performing verification on the response to obtain a second verification result, where the obtaining the second verification result includes:
if the first verification result is passed, generating a challenge by a server corresponding to the client, and sending the challenge to the client;
after receiving the challenge, the client sends the challenge to the local server to request the local server to perform secondary verification on the login request;
the local server encrypts the challenge according to the first preset key and a preset encryption algorithm, generates a response corresponding to the challenge and sends the response to the client; the first preset key corresponds to a local area network to which the local server belongs;
the server performs secondary verification on the response according to the second preset secret key and a decryption algorithm corresponding to the preset encryption algorithm to obtain a second verification result; the second preset key corresponds to the local area network to which the client belongs.
In some of these embodiments, the challenge includes a random number of at least 16 bytes. The random number is used as the data to be confidential, i.e. the plaintext P. The local server encrypts the random number according to the first preset key and a preset encryption algorithm to obtain a first ciphertext, and sends the first ciphertext to the client as a response. The preset encryption algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm, and the type of the encryption algorithm is not specifically limited in this embodiment.
Because the first preset key stored in the local server corresponds to the local area network to which the local server belongs one by one, and the second preset key corresponds to the local area network to which the client belongs one by one, only when a user logs in the local area network to which the client belongs, the local server which can be accessed by the user belongs to the local area network to which the client belongs, and therefore the first preset key and the second preset key can be matched, the server can decode the first ciphertext according to the second preset key and a decryption algorithm corresponding to a preset encryption algorithm to obtain a challenge generated by the server, and the user is allowed to log in through second verification.
In some embodiments, the server performs a second verification on the response according to the second preset key and a decryption algorithm corresponding to the preset encryption algorithm, and obtaining a second verification result includes:
the server decodes the response according to the second preset key and the decryption algorithm;
if the obtained decoding result is consistent with the challenge, the second verification result is passed;
if the obtained decoding result is inconsistent with the challenge or decoding cannot be completed, the second verification result is failed.
In some of these embodiments, the client receiving the challenge and sending the challenge to the local server includes:
the client requests the local server in an Ajax or websocket mode and sends the challenge to the local server; or alternatively, the first and second heat exchangers may be,
and sending the challenge to a local server through a plug-in installed in the client and having access to the http service.
Typically, the browser may request the local server through Ajax or websocket. However, some browsers, such as Chrome, may be updated to improve data access security, and mixed mode access may be prohibited after the update. Typically, the online service is an https service, and the local service is mostly an http service, thus forming a mixed-mode page, and the access to the local http service may be forbidden. This embodiment proxies this local area network access through the browser plug-in by installing a plug-in the client that can access the http service.
In some of these embodiments, the method further comprises: and if the second verification result is not passed, sending out warning information to the reserved equipment.
The warning information can be a mobile phone short message or an alarm information sent to a preset alarm terminal.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 1 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of other steps or sub-steps of other steps.
The embodiment also provides a client login authentication system, which is used for implementing the embodiment and the preferred implementation, and the description of the embodiment is omitted here.
In one embodiment, as shown in FIG. 2, there is provided a client login authentication system, the system comprising:
the client is used for receiving a login request sent by a user;
the server side is corresponding to the client side and is used for verifying the user account information in the login request to obtain a first verification result of whether the user account information passes the verification;
the local server is deployed in the local area network to which the user belongs and is used for performing secondary verification on the login request to generate a response when the first verification result is passed;
the server is also used for verifying the response to obtain a second verification result;
the client is further configured to receive a second verification result, and determine whether to allow the user to log in according to the second verification result.
The specific login authentication flow is as follows:
1. a user logs in the system by using a user name and a password;
2. after the user name and the password are successfully verified, the server generates a challenge;
3. the server returns a challenge to require the client to perform additional authentication, namely secondary authentication;
4. the client requests local service through Ajax, websocket mode or through plug-in, and sends the challenge to the local server;
5. the local server calculates the challenge and the built-in key through a cryptography algorithm to generate a response;
6. the local server returns a response to the client;
7. the client submits the response to the server for verification;
8. the server uses the algorithm matched with the local server and the built-in key to verify whether the response is correct;
9. and returning the verification result to the client, if the verification is correct, successful login, otherwise, failed login.
According to the system, the local service which can only be accessed within the limited range is arranged in the local area network to which the user belongs, after the user account information verification is passed, the local service is used for carrying out secondary verification on the login request of the user so as to verify whether the user logs in the local area network to which the client belongs, and if the secondary verification is passed, the user is allowed to log in, otherwise, the user is refused to log in, so that the client can be effectively limited to log in only a certain area. Because the method does not need to bind the user account with login equipment or other hardware equipment, and also does not need to bind the account with an IP address, only local services which can be accessed only in a limited range are deployed, the limitation of the scheme is avoided, the implementation technical difficulty is low, and no other additional requirements are imposed on operators and factories.
In some embodiments, if the first verification result is passed, generating a challenge by a server corresponding to the client, and sending the challenge to the client; after receiving the challenge, the client sends the challenge to the local server so as to request the local server to perform secondary verification on the login request; the local server encrypts the challenge according to a first preset secret key and a preset encryption algorithm, generates a response corresponding to the challenge and sends the response to the client; the first preset key corresponds to a local area network to which the local server belongs; the server performs secondary verification on the response according to a second preset secret key and a decryption algorithm corresponding to the preset encryption algorithm to obtain a second verification result; and the second preset key corresponds to a local area network to which the client belongs.
In some embodiments, the client requests a local server through an Ajax or websocket mode, and sends the challenge to the local server; or, sending the challenge to the local server through a plug-in installed in the client and having access to an http service.
In some embodiments, the server is further configured to decode the response according to the second preset key and the decryption algorithm; if the obtained decoding result is consistent with the challenge, the second verification result is passed; and if the obtained decoding result is inconsistent with the challenge or decoding cannot be completed, the second verification result is failed.
In some of these embodiments, the challenge includes a random number of at least 16 bytes.
In some embodiments, the local server is deployed on a PC, raspberry group, or single chip.
In some embodiments, the system further includes an alarm module, configured to send a warning message to the reservation device if the second verification result is not passed.
For specific limitations on the client login authentication system, reference may be made to the above limitation on the client login authentication method, and no further description is given here.
In addition, the client login authentication method provided in the embodiment of the application described in connection with fig. 1 may be implemented by a computer device. Fig. 3 is a schematic hardware structure of a computer device according to an embodiment of the present application.
The computer device may comprise a processor 31 and a memory 32 storing computer program instructions.
In particular, the processor 31 may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), or may be configured to implement one or more integrated circuits of embodiments of the present application.
Memory 32 may include, among other things, mass storage for data or instructions. By way of example, and not limitation, memory 32 may comprise a Hard Disk Drive (HDD), floppy Disk Drive, solid state Drive (Solid State Drive, SSD), flash memory, optical Disk, magneto-optical Disk, tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of the foregoing. The memory 32 may include removable or non-removable (or fixed) media, where appropriate. The memory 32 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 32 is a Non-Volatile (Non-Volatile) memory. In a particular embodiment, the Memory 32 includes Read-Only Memory (ROM) and random access Memory (Random Access Memory, RAM). Where appropriate, the ROM may be a mask-programmed ROM, a programmable ROM (Programmable Read-Only Memory, abbreviated PROM), an erasable PROM (Erasable Programmable Read-Only Memory, abbreviated EPROM), an electrically erasable PROM (Electrically Erasable Programmable Read-Only Memory, abbreviated EEPROM), an electrically rewritable ROM (Electrically Alterable Read-Only Memory, abbreviated EAROM), or a FLASH Memory (FLASH), or a combination of two or more of these. The RAM may be Static Random-Access Memory (SRAM) or dynamic Random-Access Memory (Dynamic Random Access Memory DRAM), where the DRAM may be a fast page mode dynamic Random-Access Memory (Fast Page Mode Dynamic Random Access Memory FPMDRAM), extended data output dynamic Random-Access Memory (Extended Date Out Dynamic Random Access Memory EDODRAM), synchronous dynamic Random-Access Memory (Synchronous Dynamic Random-Access Memory SDRAM), or the like, as appropriate.
The memory 32 may be used to store or cache various data files that need to be processed and/or communicated, as well as possible computer program instructions for execution by the processor 32.
The processor 31 implements any of the client login authentication methods of the above embodiments by reading and executing computer program instructions stored in the memory 32.
In some of these embodiments, the computer device may also include a communication interface 33 and a bus 30. As shown in fig. 3, the processor 31, the memory 32, and the communication interface 33 are connected to each other through the bus 30 and perform communication with each other.
The communication interface 33 is used to implement communications between various modules, devices, units, and/or units in embodiments of the present application. The communication port 33 may also enable communication with other components such as: and the external equipment, the image/data acquisition equipment, the database, the external storage, the image/data processing workstation and the like are used for data communication.
Bus 30 includes hardware, software, or both, coupling components of the computer device to each other. Bus 30 includes, but is not limited to, at least one of: data Bus (Data Bus), address Bus (Address Bus), control Bus (Control Bus), expansion Bus (Expansion Bus), local Bus (Local Bus). By way of example, and not limitation, bus 30 may include a graphics acceleration interface (Accelerated Graphics Port), abbreviated AGP, or other graphics Bus, an enhanced industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) Bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an industry standard architecture (Industry Standard Architecture, ISA) Bus, a wireless bandwidth (InfiniBand) interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a micro channel architecture (Micro Channel Architecture, abbreviated MCa) Bus, a peripheral component interconnect (Peripheral Component Interconnect, abbreviated PCI) Bus, a PCI-Express (PCI-X) Bus, a serial advanced technology attachment (Serial Advanced Technology Attachment, abbreviated SATA) Bus, a video electronics standards association local (Video Electronics Standards Association Local Bus, abbreviated VLB) Bus, or other suitable Bus, or a combination of two or more of the foregoing. Bus 30 may include one or more buses, where appropriate. Although embodiments of the present application describe and illustrate a particular bus, the present application contemplates any suitable bus or interconnect.
The computer device may execute the client login authentication method in the embodiment of the present application based on the obtained program instruction, thereby implementing the client login authentication method described in connection with fig. 1.
In addition, in combination with the client login authentication method in the above embodiment, the embodiment of the application may be implemented by providing a computer readable storage medium. The computer readable storage medium has stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any of the client login authentication methods of the above embodiments.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the claims. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.

Claims (9)

1. A client login authentication method, the method comprising:
receiving a login request sent by a user, and verifying user account information in the login request to obtain a first verification result of whether the user account information passes verification;
if the first verification result is passed, a local server is requested to process the login request to obtain a response generated by the local server, and the response is verified to obtain a second verification result; the local server is deployed in a local area network to which the user machine belongs;
determining whether to allow the user to log in according to the second verification result;
if the first verification result is passing, requesting the local server to process the login request to obtain a response generated by the local server, and verifying the response to obtain a second verification result, wherein the obtaining the second verification result comprises:
if the first verification result is that the first verification result is passed, generating a challenge by a server corresponding to the client, and sending the challenge to the client;
the client sends the challenge to the local server after receiving the challenge;
the local server encrypts the challenge according to a first preset secret key and a preset encryption algorithm, generates a response corresponding to the challenge and sends the response to the client; the first preset key corresponds to a local area network to which the local server belongs;
the server performs secondary verification on the response according to a second preset secret key and a decryption algorithm corresponding to the preset encryption algorithm to obtain a second verification result; and the second preset key corresponds to a local area network to which the client belongs.
2. The method of claim 1, wherein after the client receives the challenge, sending the challenge to the local server comprises:
the client requests the local server in an Ajax or websocket mode and sends the challenge to the local server; or alternatively, the first and second heat exchangers may be,
and sending the challenge to the local server through a plug-in installed in the client and capable of accessing the http service.
3. The method of claim 1, wherein the server performs a second verification on the response according to a second preset key and a decryption algorithm corresponding to the preset encryption algorithm, and obtaining the second verification result includes:
the server decodes the response according to the second preset key and the decryption algorithm;
if the obtained decoding result is consistent with the challenge, the second verification result is passed;
and if the obtained decoding result is inconsistent with the challenge or decoding cannot be completed, the second verification result is failed.
4. The method of claim 1, wherein the challenge comprises a random number of at least 16 bytes.
5. The method of claim 1, wherein the local server is deployed on a PC, raspberry Pi, or single chip microcomputer.
6. The method according to claim 1, wherein the method further comprises:
and if the second verification result is not passed, sending out warning information to the reserved equipment.
7. A client login authentication system, the system comprising:
the client is used for receiving a login request sent by a user;
the server side is corresponding to the client side and is used for verifying the user account information in the login request to obtain a first verification result of whether the user account information passes the verification;
the local server is deployed in the local area network to which the user machine belongs and is used for performing secondary verification on the login request to generate a response when the first verification result is passed;
the server is also used for verifying the response to obtain a second verification result;
the client is further used for receiving the second verification result and determining whether the user is allowed to log in or not according to the second verification result;
wherein, the server is further configured to: if the first verification result is that the first verification result is passed, generating a challenge by a server corresponding to the client, and sending the challenge to the client;
the client sends the challenge to the local server after receiving the challenge;
the local server encrypts the challenge according to a first preset secret key and a preset encryption algorithm, generates a response corresponding to the challenge and sends the response to the client; the first preset key corresponds to a local area network to which the local server belongs;
the server performs secondary verification on the response according to a second preset secret key and a decryption algorithm corresponding to the preset encryption algorithm to obtain a second verification result; and the second preset key corresponds to a local area network to which the client belongs.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
CN202111004304.1A 2020-10-13 2021-08-30 Client login authentication method, system and computer equipment Active CN113726774B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2020110924158 2020-10-13
CN202011092415 2020-10-13

Publications (2)

Publication Number Publication Date
CN113726774A CN113726774A (en) 2021-11-30
CN113726774B true CN113726774B (en) 2023-05-02

Family

ID=78679065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111004304.1A Active CN113726774B (en) 2020-10-13 2021-08-30 Client login authentication method, system and computer equipment

Country Status (1)

Country Link
CN (1) CN113726774B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172714A (en) * 2021-12-02 2022-03-11 北京金山云网络技术有限公司 Account access authority control method and device and electronic equipment
CN114884687A (en) * 2022-03-21 2022-08-09 中国人寿保险股份有限公司 User authentication method, device, electronic equipment and storage medium
CN114679336B (en) * 2022-05-10 2024-04-12 北京自如信息科技有限公司 Authentication method, authentication system, authentication device, and readable storage medium
CN115696329B (en) * 2022-10-27 2024-06-25 中国联合网络通信集团有限公司 Zero trust authentication method and device, zero trust client device and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055371A (en) * 2021-03-09 2021-06-29 上海明略人工智能(集团)有限公司 Login authentication method and system for Internet of things TCP (Transmission control protocol) equipment
CN113079134A (en) * 2021-03-19 2021-07-06 南方电网数字电网研究院有限公司 Mobile terminal access method, mobile terminal access device, computer equipment and medium

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984139A (en) * 2012-11-16 2013-03-20 中兴通讯股份有限公司 Login method, system and user terminal of multi-user access device
US9374369B2 (en) * 2012-12-28 2016-06-21 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
AU2015215965B2 (en) * 2014-08-25 2016-12-22 Accenture Global Services Limited Secure short-distance-based communication and access control system
CN105704151B (en) * 2016-03-29 2019-04-05 中国联合网络通信集团有限公司 A kind of method and system limiting login position
CN106534219A (en) * 2016-12-31 2017-03-22 中国移动通信集团江苏有限公司 Security authentication method and device for desktop cloud portal
CN106686004B (en) * 2017-02-28 2019-07-12 飞天诚信科技股份有限公司 A kind of login authentication method and system
CN107612895B (en) * 2017-09-05 2020-07-10 网宿科技股份有限公司 Internet anti-attack method and authentication server
CN107634958A (en) * 2017-09-30 2018-01-26 河南职业技术学院 Computer security login method and computer security login device
CN107819786B (en) * 2017-11-28 2021-06-15 郑州云海信息技术有限公司 QQ authentication-based operating system login system and method
CN108769075B (en) * 2018-07-06 2021-05-18 广东微云科技股份有限公司 Method and system for addressing login server
CN110381084A (en) * 2019-08-07 2019-10-25 北京三快在线科技有限公司 Single-node login system and method, storage medium and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055371A (en) * 2021-03-09 2021-06-29 上海明略人工智能(集团)有限公司 Login authentication method and system for Internet of things TCP (Transmission control protocol) equipment
CN113079134A (en) * 2021-03-19 2021-07-06 南方电网数字电网研究院有限公司 Mobile terminal access method, mobile terminal access device, computer equipment and medium

Also Published As

Publication number Publication date
CN113726774A (en) 2021-11-30

Similar Documents

Publication Publication Date Title
CN113726774B (en) Client login authentication method, system and computer equipment
CN111177686B (en) Identity authentication method, device and related equipment
CN113395249A (en) Client login authentication method, system and computer equipment
US11811739B2 (en) Web encryption for web messages and application programming interfaces
CN112632521B (en) Request response method and device, electronic equipment and storage medium
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
CN112084234B (en) Data acquisition method, device, equipment and medium
CN111783068A (en) Device authentication method, system, electronic device and storage medium
CN105191208B (en) Method for activating the application program on user apparatus
EP3133791B1 (en) Double authentication system for electronically signed documents
WO2019215334A1 (en) System and method for securing disassociated security credentials
CN110798432A (en) Security authentication method, device and system, mobile terminal
CN112653556A (en) TOKEN-based micro-service security authentication method, device and storage medium
CN102984046A (en) Processing method of instant messaging business and corresponding network equipment
CN107040501B (en) Authentication method and device based on platform as a service
CN110798322B (en) Operation request method, device, storage medium and processor
CN114826692B (en) Information login system, method, electronic device and storage medium
CN112491559B (en) Identity verification method and device
CN114095277A (en) Power distribution network secure communication method, secure access device and readable storage medium
CN114826729B (en) Data processing method, page updating method and related hardware
CN114980012A (en) A vehicle networking device authentication method, device and storage medium
RU2633186C1 (en) Personal device for authentication and data protection
Köse et al. Development of a SIM card based key management system
CN116566744B (en) Data processing method and security verification system
CN115250450B (en) Method and equipment for acquiring group communication key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant