[go: up one dir, main page]

CN117439760A - Login method, login device, login equipment and storage medium - Google Patents

Login method, login device, login equipment and storage medium Download PDF

Info

Publication number
CN117439760A
CN117439760A CN202310971860.9A CN202310971860A CN117439760A CN 117439760 A CN117439760 A CN 117439760A CN 202310971860 A CN202310971860 A CN 202310971860A CN 117439760 A CN117439760 A CN 117439760A
Authority
CN
China
Prior art keywords
information
verified
encrypted
target
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310971860.9A
Other languages
Chinese (zh)
Inventor
闫泽龙
刘路
杨伊楠
党若楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310971860.9A priority Critical patent/CN117439760A/en
Publication of CN117439760A publication Critical patent/CN117439760A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9554Retrieval from the web using information identifiers, e.g. uniform resource locators [URL] by using bar codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure provides a login method, a login device, login equipment and a storage medium, which can be applied to the technical field of information security and the technical field of finance. The login method comprises the following steps: identifying a target image to obtain encrypted website information corresponding to the target image, wherein the encrypted website information is obtained by encrypting target website information of a card function management page of a target user by using a public key; decrypting the encrypted website information by using the private key to obtain target website information; sending target website information and information to be verified to a server; the information to be verified is generated by encrypting a private key by using a random number; and in response to the information to be verified being verified, logging in the card function management page.

Description

Login method, login device, login equipment and storage medium
Technical Field
The present disclosure relates to the field of information security technologies and financial technologies, and in particular, to a login method, device, apparatus, and storage medium.
Background
With the development of technology, applications for electronic transactions are being widely used, and in conventional applications, when a user performs an operation on a card management function setting page in advance, the user needs to jump to a plurality of pages to reach the card management function page.
In carrying out the above inventive concept, the inventors found that: when a user pre-modifies a card management function in an application program, the related technology has the technical problems of complex operation, long waiting time and poor use experience.
Disclosure of Invention
In view of the above, the present disclosure provides a login method, apparatus, device, and storage medium.
According to a first aspect of the present disclosure, there is provided a login method, applied to a client, including: identifying a target image to obtain encrypted website information corresponding to the target image, wherein the encrypted website information is obtained by encrypting target website information of a card function management page of a target user by using a public key; decrypting the encrypted website information by using the private key to obtain target website information; sending target website information and information to be verified to a server; the information to be verified is generated by encrypting a private key by using a random number; and in response to the information to be verified being verified, logging in the card function management page.
According to the embodiment of the disclosure, encrypting target website information and information to be verified to generate first encrypted identification information; and sending the target website information, the information to be verified and the first encrypted identification information to the server.
According to an embodiment of the present disclosure, encrypting target website information and information to be verified, generating first encrypted identification information includes: extracting a first target field from the target website information and the information to be verified according to a preset rule; encoding the first target field to obtain a first encoded field; and generating first encryption identification information according to the first coding field.
According to an embodiment of the present disclosure, the first encoding field includes M characters, M is an integer greater than 1, and generating the first encrypted identification information according to the first encoding field includes: multiplying the mth character with other M-1 fields in the first coding field in sequence to obtain an encrypted mth character, wherein M is an integer greater than or equal to 1 and less than or equal to M; in the case where it is determined that M is smaller than M, returning to perform the encryption operation for the mth character, and incrementing M; in the case where it is determined that M is equal to M, the first encrypted identification information is obtained.
A second aspect of the present disclosure provides a login method, applied to a server, including: responding to a login service request of a card function management page aiming at a target user, and acquiring target website information and information to be verified, wherein the information to be verified is obtained by encrypting a private key by a random number; inquiring private key encryption information for verifying a target user according to the target website information; comparing the information to be verified with the private key encryption information to obtain a verification result; and sending the parameter information of the card function management page to the client under the condition that the verification result is determined to pass the verification.
According to an embodiment of the present disclosure, first encrypted identification information is acquired; generating second encryption identification information according to the target website information and the information to be verified; and under the condition that the first encryption identification information and the second encryption identification information are identical, inquiring the private key encryption information for verifying the target user according to the target website information.
According to an embodiment of the present disclosure, generating second encrypted identification information according to target website information and information to be verified includes: extracting a second target field from the target website information and the information to be verified according to a preset rule; encoding the second target field to obtain a second encoded field; and generating second encrypted identification information according to the second coding field.
According to an embodiment of the present disclosure, the second encoding field includes N characters, N is an integer greater than 1, and generating the second encrypted identification information according to the second encoding field includes: multiplying the nth character with other N-1 fields in the second coding field in sequence to obtain an encrypted nth character, wherein N is an integer greater than or equal to 1 and less than or equal to N; returning to perform encryption operation for the nth character and incrementing N if N is determined to be less than N; and obtaining second encryption identification information under the condition that N is equal to N.
According to an embodiment of the present disclosure, in response to receiving encryption parameter information from a card function management page of a client; decrypting the encrypted parameter information to obtain parameter information and information to be verified; under the condition that the information to be verified is confirmed to pass verification, inquiring a target page according to the target website information; and modifying the page parameters of the target page according to the parameter information.
A third aspect of the present disclosure provides a login apparatus, applied to a client, including: the identification module is used for identifying the target image to obtain encrypted website information corresponding to the target image; the first decryption module is used for decrypting the encrypted website information by using the private key to obtain target website information; the first sending module is used for sending the target website information and the information to be verified to the server; the information to be verified is generated by encrypting a private key by using a random number; and a login module for logging in the card function management page in response to the verification information being verified.
A fourth aspect of the present disclosure provides a login device, applied to a server, including: the acquisition module is used for responding to a login service request of a card function management page aiming at a target user and acquiring target website information and information to be verified, wherein the information to be verified is obtained by encrypting a private key by a random number; the inquiry module is used for inquiring the private key encryption information for verifying the target user according to the target website information; the verification module is used for comparing the information to be verified with the private key encryption information to obtain a verification result; and the second sending module is used for sending the parameter information of the card function management page to the client under the condition that the verification result is determined to pass the verification.
A fifth aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method described above.
A sixth aspect of the present disclosure also provides a computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the above-described method.
A seventh aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above method.
According to the login method, the device, the equipment and the storage medium, as the encrypted website information is obtained by encrypting the target website information of the card function management page of the target user by utilizing the public key, the information to be verified is generated by encrypting the private key by utilizing the random number, and the card function management page can be directly logged in after the information to be verified passes verification, the technical problems that the card function management page is difficult to find by a user and the card function is difficult to manage are at least partially solved, the timely and convenient management of the card function by the user is realized, the user experience is improved, and the effect of data transmission safety is ensured.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a login method, apparatus, device, and storage medium according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a login method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of one-way encryption according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram for generating first encrypted identification information according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a program decision diagram of an encoding field according to an embodiment of the present disclosure;
FIG. 6 schematically illustrates a flow chart of a change operation according to an embodiment of the disclosure;
FIG. 7 schematically illustrates a flow chart of a login method according to another embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow chart of one-way encryption according to another embodiment of the present disclosure;
FIG. 9 schematically illustrates a flowchart of generating second encrypted identification information according to another embodiment of the present disclosure;
FIG. 10 schematically illustrates a flow chart of encoding fields according to another embodiment of the present disclosure;
FIG. 11 schematically illustrates a flow chart for modifying page parameters according to another embodiment of the present disclosure;
FIG. 12 schematically illustrates a block diagram of a logon device applied to a client according to an embodiment of the present disclosure;
FIG. 13 schematically illustrates a block diagram of a login device applied to a server according to another embodiment of the present disclosure; and
fig. 14 schematically illustrates a block diagram of an electronic device adapted to implement a login method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the disclosure, the related data (such as including but not limited to personal information of a user) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public welcome is not violated.
In the practical application process, because the time for logging in the application program is long, and in order to improve the management security, the research and development personnel set the card management function in a place which is not easy to find in the application program, and the user needs to jump a plurality of pages to reach the card function management page, so that the user is not easy to manage and modify the function of the bank card.
However, if the card management function is provided in a place that is easily found, management security cannot be ensured, raising use risks. Therefore, the related art has the technical problems of complicated operation, long waiting time and poor user experience.
In view of this, an embodiment of the present disclosure provides a login method, which is applied to a client, and includes: identifying a target image to obtain encrypted website information corresponding to the target image, wherein the encrypted website information is obtained by encrypting target website information of a card function management page of a target user by using a public key; decrypting the encrypted website information by using the private key to obtain target website information; sending target website information and information to be verified to a server; the information to be verified is generated by encrypting a private key by using a random number; and in response to the information to be verified being verified, logging in the card function management page.
Fig. 1 schematically illustrates an application scenario diagram of a login method according to an embodiment of the present disclosure.
As shown in fig. 1, an application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
For example, the user may send a service request to the server 105 equipped with the service system using a bank client installed in the first terminal device 101, the second terminal device 102, the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
For example, server 105 may be a distributed server, a cloud server, and a centralized server. The server 105 may be installed with both the old version service system and the new version service server and test the storage method of the service data.
The first terminal device 101, the second terminal device 102 and the third terminal device 103 can identify the target image to obtain encrypted website information corresponding to the target image, wherein the encrypted website information is obtained by encrypting the target website information of the card function management page of the target user by the server 105 by using a public key; decrypting the encrypted website information by using the private key to obtain target website information; the first terminal equipment 101, the second terminal equipment 102 and the third terminal equipment 103 send target website information and information to be verified to the server 105; the information to be verified is generated by encrypting the private key by using a random number. The server 105 responds to receiving a login service request aiming at a card function management page of a target user, and acquires target website information and information to be verified; inquiring private key encryption information for verifying a target user according to the target website information; comparing the information to be verified with the private key encryption information to obtain a verification result; under the condition that the verification result is determined to pass the verification, sending parameter information of a card function management page to the client; the first terminal device 101, the second terminal device 102, and the third terminal device 103 log in the card function management page in response to the information to be authenticated being authenticated.
It should be noted that, the login method applied to the client according to the embodiment of the present disclosure may be performed by the first terminal device 101, the second terminal device 102, or the third terminal device 103, and accordingly, the login apparatus applied to the client according to the embodiment of the present disclosure may also be set in the first terminal device 101, the second terminal device 102, or the third terminal device 103. The login method applied to the client provided in the embodiment of the present disclosure may also be performed by other terminal devices different from the first terminal device 101, the second terminal device 102 or the third terminal device 103 and capable of interacting with the server 105, and correspondingly, the login apparatus applied to the client provided in the embodiment of the present disclosure may also be performed by other terminals different from the first terminal device 101, the second terminal device 102 or the third terminal device 103 and capable of interacting with the server 105.
The login method applied to the server provided in the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the login device applied to the server provided in the embodiments of the present disclosure may be generally disposed in the server 105. The login method applied to the server provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the login device applied to the server provided in the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The login method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 11 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flowchart of a login method according to an embodiment of the present disclosure.
As shown in fig. 2, the login method 200 of this embodiment includes operations S210 to S240.
In operation S210, the target image is identified, and encrypted web address information corresponding to the target image is obtained.
According to embodiments of the present disclosure, the target image may be characterized as an image containing encrypted website information.
For example, the target image may be a static two-dimensional code printed on the bank card, where the static two-dimensional code includes url information for managing card functions and encrypted unique identification information.
According to an embodiment of the present disclosure, a user may identify a target image through an external device scan.
For example, a user scans a static two-dimensional code on a bank card through a mobile phone camera to obtain encrypted website information contained in the static two-dimensional code.
According to the embodiment of the disclosure, the encrypted website information is obtained by encrypting the target website information of the card function management page of the target user by using the public key.
According to embodiments of the present disclosure, the target user may be characterized as a user transacting a bank card at a financial institution.
According to the embodiment of the disclosure, while the financial institution makes the card for the target user, the bank generates a corresponding and unique public key according to url information managed by the card function.
According to embodiments of the present disclosure, url information of card function management may be characterized as a unique identification ciphertext corresponding to a bank card. When the financial institution makes the card, the unique identification ciphertext corresponding to the bank card is formed by carrying out one-way encryption on the combination of the bank card number and the user identification.
For example, the number of the bank card of the user is 6229 and 00293, the user identifier of the user is HK543778, and the financial institution encrypts the number of the bank card of the user and the user identifier to obtain the unique identification ciphertext yqcidhailgi 423RasjQ corresponding to the bank card.
According to embodiments of the present disclosure, the target web site information may be characterized as url (Uniform Resource Locator ) information of card function management of the target user.
In operation S220, the encrypted website information is decrypted using the private key to obtain the target website information.
According to embodiments of the present disclosure, the client may be an application of a mobile banking app (application).
According to the embodiment of the disclosure, when the server side of the financial institution generates the public key, a unique private key corresponding to the public key is generated at the same time. After the public key is used for encrypting the information, the unique private key corresponding to the public key is used for decrypting the encrypted information correspondingly, and similarly, after the private key is used for encrypting the information, the unique public key corresponding to the private key can only be used for decrypting the encrypted information.
According to the embodiment of the disclosure, when a user logs in an application program for the first time, a server side compares identity information acquired by a financial institution with identity information input by the user, and after the identity information is consistent with the comparison, the user logs in the application program, and meanwhile, a system of the financial institution sends a locally stored private key, namely a unique private key corresponding to a public key generated during card making, to the user application program, and the application program compares the received private key with the private key in the system of the financial institution according to an encryption mode, so that the private key is ensured to be correctly and completely sent to the application program, and the user application program can locally cache the private key in a mobile phone.
According to embodiments of the present disclosure, the identity information may include user identification information, a card management function password, a registered phone number, and a phone serial number.
According to the embodiment of the disclosure, the application program generally adopts an encryption mode such as MD5 (Message-Digest encryption Algorithm) and SHA-2 (Secure Hash Algorithm ) which is consistent with the system of the financial institution to verify whether the private key is properly and completely cached in the mobile phone, and the received private key is compared and verified whether the private key is consistent, but the encryption mode is not limited to the above two encryption modes.
For example, the user logs in the application program for the first time, the user identifier 1234, the card management function code 123456, the registered mobile phone number 12, the user identity 1234, the card management function code 5678, the registered mobile phone number 12, the mobile phone serial number 1234, the mobile phone serial number 1112, and the identity information collected by the financial institution are compared, and are consistent, the user logs in the application program successfully, the financial institution client sends the private key to the application program of the user, the application program decrypts the received private key through the MD5, and then compares the decrypted private key with the private key of the financial institution client, and the application program downloads the private key to the mobile phone local.
According to the embodiment of the disclosure, the mobile phone decrypts the encrypted target website information according to the locally stored private key to obtain the target website information.
For example, the mobile phone locally decrypts url information managed by the card function encrypted with the public key using the private key to obtain the target web address www.yqcidhaenlgi423RasjQ.cn.
In operation S230, the target website information and the information to be verified are transmitted to the server.
According to embodiments of the present disclosure, the server may include a financial institution computer-side system, i.e., the client may send information to the server.
According to embodiments of the present disclosure, a client that sends information to a server may include an application.
For example, the user's application sends target web site information and information to be verified to the financial institution system client.
According to an embodiment of the present disclosure, the message to be authenticated is generated by encrypting the private key with a random number.
According to the embodiment of the disclosure, the random number is generated according to the user identity information, and the application program obtains the random number required for encrypting the private key by generating the random number on the fingerprint, the face, the bank card management password, the registered mobile phone number, the registered mobile phone serial number, the current date and the current time of the user.
According to the embodiment of the disclosure, after the random number is generated, the client of the user encrypts the private key through the random number, generates an encrypted private key, stores the encrypted private key to the local of the mobile phone, and simultaneously, sends the encrypted private key to the server. After receiving the encrypted private key, the server verifies the encrypted private key in a verification mode which is the same as that of the private key, and after ensuring that the encrypted private key received by the server is consistent with the encrypted private key sent by the client, the server replaces the locally stored private key with the encrypted private key, so that the private key is stored only in the client, and the server only stores the encrypted private key.
According to embodiments of the present disclosure, the message to be authenticated may be characterized as an encrypted private key.
For example, the application program of the user generates a random number 654321 according to the mobile phone number 12345678910, the bank card management password 1×6, the login date 2080.13.18, the login time 00:00:00, the fingerprint and the face of the user, and the mobile phone banking app encrypts the locally stored private key by using 654321 and sends the encrypted private key to the financial institution system client. After receiving the encryption private key, the financial institution system client performs comparison verification on the encryption private key by adopting an MD5 encryption mode, and after the verification is consistent, the local stored private key is replaced by the received encryption private key.
In operation S240, the card function management page is logged in response to the information to be authenticated being authenticated.
According to the embodiment of the disclosure, after the information to be verified passes through the verification of the server, the mobile phone end can log in the card function management page to correct and manage the card function.
According to the embodiment of the disclosure, since the client saves the private key in the local of the mobile phone and generates the encrypted private key, the client sends the encrypted private key to the server, the server replaces the private key with the encrypted private key, the private key is only saved in the client, and only the encrypted private key is saved in the server, so that the user authentication security is improved, and even when the private key of the user is lost, the bank can authenticate the user login according to the encrypted private key. Meanwhile, after the client sends the target website information and the information to be verified to the server, the mobile phone can directly log in the card function management page only after the mobile phone passes the verification according to the server, so that the card function can be managed timely and conveniently by a user, and the user experience is improved.
Fig. 3 schematically illustrates a flow chart of one-way encryption according to an embodiment of the present disclosure.
As shown in fig. 3, the login method 300 of this embodiment includes operations S310 to S320.
In operation S310, the target web site information and the information to be verified are encrypted, and first encrypted identification information is generated.
According to the embodiment of the disclosure, the client encrypts the target website information and the information to be verified in a one-way encryption mode to generate the first encrypted identification information.
According to embodiments of the present disclosure, the one-way encryption scheme may be characterized as irreversible encryption, i.e., an encryption scheme that cannot be decrypted in the reverse direction after ciphertext is generated.
According to the embodiment of the disclosure, the client and the server both adopt the same set of one-way encryption mode to encrypt or verify the target website information and the information to be verified.
According to embodiments of the present disclosure, the first encrypted identification information may be used to authenticate the user.
In operation S320, the target website information, the information to be verified, and the first encrypted identification information are transmitted to the server.
According to the embodiment of the disclosure, after receiving the target website information, the information to be verified and the first encrypted identification information, the server verifies the target website information, the information to be verified and the first encrypted identification information according to the same one-way encryption mode as the client, and if the server performs one-way encryption on the target website information and the information to be verified, the first encrypted identification information is obtained, namely the verification is successful.
For example, after receiving url information, an encryption private key and first encryption identification information of card function management, the financial institution system performs unidirectional encryption on the url information and the encryption private key of card function management according to an MD5 unidirectional encryption mode, if the first encryption identification information which is the same as that sent by the client is obtained, the authentication is successful, and if the first encryption identification information which is different from that sent by the client is obtained, the authentication is failed.
According to the embodiment of the disclosure, the server verifies the received target website information and the information to be verified in the same one-way encryption mode as the client, and the consistency of the generated first encryption identifier is determined, so that transmission errors of the target website information and the information to be verified are further avoided, the risk of a bank account is increased due to loss of a private key, and the safety and the integrity of information transmission are improved.
Fig. 4 schematically illustrates a flowchart of generating first encrypted identification information according to an embodiment of the present disclosure.
As shown in fig. 4, the login method 400 of this embodiment includes operations S410 to S430.
According to an embodiment of the present disclosure, encrypting target website information and information to be verified, generating first encrypted identification information includes:
In operation S410, a first target field is extracted from the target web address information and the information to be verified according to a predetermined rule.
According to embodiments of the present disclosure, the predetermined rule may be characterized as a rule that the client and the server extract the field with consensus.
According to embodiments of the present disclosure, the first target field may be characterized as a field extracted within a prescribed range according to a predetermined rule.
For example, the predetermined rule is to extract the 10 th to 20 th bits of the target field, and the client extracts, as the first target field, the 10 th to 20 th bits of "gkfayawe4836 a.5fre5am" from the fields of url information and encrypted private key managed by the card function according to the predetermined rule.
In operation S420, the first target field is encoded, resulting in a first encoded field.
In accordance with embodiments of the present disclosure, encoding may be characterized as converting information from one form or format to another. The client can perform coding operation on the first target field according to the coding dictionary to obtain a first coding field corresponding to the first target field.
According to embodiments of the present disclosure, the encoding dictionary may be characterized as a collection containing each encoding character corresponding to each original character. The coding dictionary can be preset at the client and the server.
According to embodiments of the present disclosure, the encoded characters may include numbers, letters, or symbols.
For example, the coding dictionary includes a coding character 1 corresponding to the original character a, a coding character D corresponding to the original character B, a coding character 20 corresponding to the original character C, and a coding character "#" corresponding to the original character D.
For example, the application extracts a first target field "wst12$" from url information and an encryption private key managed by the card function according to a predetermined rule, and the application searches an encoding dictionary for an encoding character corresponding to "wst12$" according to "wst12$", to obtain a first encoding field "af#45a".
In operation S430, first encrypted identification information is generated according to the first encoding field.
According to the embodiment of the disclosure, the preset rule is set according to the common knowledge of the client and the server, so that the client can generate the first encrypted identification information by using the same preset rule before sending the information, and the client can send the information with the first encrypted identification information to the server completely, wait for the server to perform comparison verification, avoid the information from being lost in the transmission process, and improve the safety of information transmission.
Fig. 5 schematically illustrates a program judgment diagram of an encoding field according to an embodiment of the present disclosure.
As shown in fig. 5, the login method 500 of this embodiment includes operations S501 to S503.
According to an embodiment of the present disclosure, the first encoding field includes M characters, M is an integer greater than 1, and generating first encrypted identification information according to the first encoding field includes:
in operation S501, the mth character is multiplied by the other M-1 fields in the first encoded field in sequence, to obtain an encrypted mth character.
According to an embodiment of the present disclosure, M is an integer of 1 or more and M or less.
According to embodiments of the present disclosure, the mth character may be characterized as the mth character in the first encoding field.
For example, the first code field is "156849", and the third character is "6".
According to embodiments of the present disclosure, the other M-1 fields may be characterized as fields of all character combinations in the first encoded field except for the mth character.
For example, the first code field is "156849", the second character is "5", and the other M-1 fields are "16849".
According to embodiments of the present disclosure, the encrypted mth character may include a segment of a string.
For example, the first code field is "156849", the mobile banking app multiplies the 1 st character "1" by the other characters respectively, resulting in the encrypted first character being "56849", and multiplies the 2 nd character "5" by the other characters respectively, resulting in the encrypted second character being "530402045".
In operation S502, it is determined whether M is less than M. In the case where M is not less than M, operation S503 is entered; in the case where M is smaller than M, operation S504 is entered.
In operation S503, first encrypted identification information is obtained.
In operation S504, the encryption operation for the mth character is performed back and m is incremented.
According to an embodiment of the present disclosure, the first encrypted identification information is obtained after all the characters in the first encoded field are encrypted.
According to an embodiment of the present disclosure, the first encrypted identification information may include all encrypted characters, i.e., a character string encrypted for all characters in the first encoding field.
According to embodiments of the present disclosure, incrementing M may be characterized as adding one operation to M at a time until after incrementing M-M more times, incrementing M is complete. Wherein M-M is the total number of characters excluding M characters among the M characters.
For example, the first code field includes 10 characters in total, and the second character is encrypted, and then it needs to be incremented 8 more times to complete all the incrementing.
According to an embodiment of the present disclosure, if M is smaller than M, it may be characterized that in the first encoding field, only M characters are encrypted, and M-M characters remain unencrypted, so that the mth character needs to be incremented, the incremented character is returned to operation S501 again until all characters in the first encoding field are encrypted, and operation S503 is performed to obtain the first encrypted identification information.
For example, the first code field includes 10 characters in total, after encrypting the 3 rd character, judging that 3 is smaller than 10, increasing the 3 rd character to obtain the 4 th character, multiplying the 4 th character with the other 7 characters in the first code field in sequence to obtain the 4 th character after encryption, judging that 4 is smaller than 10, continuing to repeat the above operation until all 10 characters in the first code field are encrypted, and obtaining a character string composed of the 10 encrypted characters, namely the first encryption identification information.
According to the embodiment of the disclosure, since the mth character is multiplied by other fields in the first coding field in sequence to obtain the encrypted mth character, the information security is further improved, and meanwhile, when M is smaller than M, M is increased, so that each character in the first coding field is encrypted, missing characters is avoided, and complete first encryption identification information is obtained.
Fig. 6 schematically illustrates a flow chart of a change operation according to an embodiment of the present disclosure.
As shown in fig. 6, the login method 600 of this embodiment includes operations S610 to S630.
In operation S610, in response to a change operation of the function button state for the card function management page, changed parameter information of the function button is acquired.
According to embodiments of the present disclosure, the function buttons may be characterized as switches for different functions of the card.
For example, in card function management, a button of whether to turn on a small-amount privacy-free function or a button of whether to turn on an internet bank payment function.
According to embodiments of the present disclosure, a change operation of a function button state may be characterized as an operation of a certain function of a card from one state to another.
For example, the original small-forehead encryption-free function is turned off, and the small-forehead encryption-free function is now changed to an on state.
According to the embodiment of the disclosure, in the case where the function button is changed, the client acquires the parameter information after the change of the function button. The parameter information may be characterized as specific information data corresponding to each function after the function change.
According to the embodiment of the disclosure, the specific information data may include different limits corresponding to different functions, a bank card number, user identification information of a bank card owner, and a merchant blacklist.
According to embodiments of the present disclosure, the merchant blacklist may include a merchant number, a merchant name, and an industry code.
According to embodiments of the present disclosure, in the event that a merchant appears on a merchant blacklist, the bank card owner cannot use this bank card for consumption in the merchant.
For example, after changing the closed small amount encryption-free function to open, the application program of the user can acquire that the small amount encryption-free limit of each time of the user is 10000 yuan; after changing the closed withdrawal function to open, the application program of the user can acquire that the withdrawal limit of each time of the user is 50000 yuan; after changing the merchant blacklist of the merchant a from closed to open, the client may obtain the merchant number 0123, the merchant name a, and the industry code 453389 of the merchant a.
In operation S620, the parameter information and the information to be verified are encrypted to obtain encrypted parameter information.
According to the embodiment of the disclosure, the parameter information and the information to be verified are encrypted, namely, specific information data corresponding to the functions after the functions are changed and an encryption private key are encrypted.
According to embodiments of the present disclosure, the parameter information and the information to be verified are encrypted, which may be characterized as a two-way encryption. The bidirectional encryption mode can be characterized as reversible encryption, namely after ciphertext is generated, the ciphertext can be decrypted to obtain plaintext before encryption if needed.
According to embodiments of the present disclosure, the bidirectional encryption manner may include a symmetric encryption algorithm and an asymmetric encryption algorithm. The symmetric encryption algorithms may in turn include DES (Data Encryption Standard ), 3DES (Triple Data Encryption Algorithm, 3-fold data encryption algorithm) and AES (Advanced Encryption Standard ) encryption algorithms, and the asymmetric encryption algorithms may in turn include RSA (RSA algorithm) and ECC (Elliptic Curves Cryptography, elliptic encryption algorithm) encryption algorithms.
For example, the user's application may encrypt the parameter information and the information to be authenticated using a DES encryption algorithm.
According to embodiments of the present disclosure, the encrypted parameter information may be characterized as parameter information and information to be verified encrypted by a bidirectional encryption manner.
For example, after the small-amount encryption-free function is changed from off to on, the application program of the user encrypts the small-amount encryption-free limit of 10000 yuan and the encryption private key by adopting a DES encryption algorithm to obtain encryption parameter information.
In operation S630, encryption parameter information is transmitted to the server side.
For example, the user's application transmits encryption parameter information to the financial institution system client.
According to the embodiment of the disclosure, the user changes the state of the function button on the card function management page at the client, so that the management of the card function by the user is realized, and meanwhile, the client encrypts the changed parameter information and the information to be verified, so that the information transmission security related to the function management is further improved.
Fig. 7 schematically illustrates a flow chart of a login method according to another embodiment of the present disclosure.
As shown in fig. 7, the login method 700 of this other embodiment includes operations S710 to S740.
In operation S710, in response to receiving a login service request for a card function management page of a target user, target web address information and information to be verified are acquired.
According to embodiments of the present disclosure, a login service request may be characterized as a request for a login card management function page sent by a client of a target user.
According to embodiments of the present disclosure, the login service request may include target website information and information to be verified.
According to an embodiment of the present disclosure, the information to be verified is generated by encrypting the private key with a random number by the client.
According to the embodiment of the disclosure, the random number is generated according to the user identity information, and the application program obtains the random number required for encrypting the private key by generating the random number on the fingerprint, the face, the bank card management password, the registered mobile phone number, the registered mobile phone serial number, the current date and the current time of the user.
According to the embodiment of the disclosure, after the random number is generated, the client of the user encrypts the private key through the random number, generates an encrypted private key, and stores the encrypted private key to the local of the mobile phone.
According to embodiments of the present disclosure, the message to be authenticated may be characterized as an encrypted private key.
For example, the application program of the user generates a random number 654321 according to the mobile phone number 123 of the user, the bank card management password 123456, the login date 2080.13.18, the login time 00:00:00, the fingerprint and the face, encrypts the locally stored private key "adnka" by using 654321, and stores the encrypted private key "guash#fakjdhaj" locally in the mobile phone.
According to the embodiment of the disclosure, a server side responds to a received request for a login card management function page of a user transacting a bank card at a financial institution, and obtains url information and an encryption private key of card function management of the user transacting the bank card at the financial institution.
For example, in response to a received request from a user application to log in to a card management function page, the financial institution system obtains url information of card function management of the user as www.yqcidhaenlfi423RasjQ.cn and an encryption private key.
In operation S720, private key encryption information for authenticating the target user is queried according to the target web address information.
According to the embodiment of the disclosure, the server queries private key encryption information for verifying the target client in the local cache of the server according to the target website information.
According to embodiments of the present disclosure, the private key encryption information may be characterized as an encrypted private key stored locally at the server corresponding to the target web site information.
According to the embodiment of the disclosure, the encryption private key stored locally at the server is sent to the server by the client. After receiving the encrypted private key, the server verifies the encrypted private key in a verification mode which is the same as that of the private key, and after ensuring that the encrypted private key received by the server is consistent with the encrypted private key sent by the client, the server replaces the locally stored private key with the encrypted private key, so that the private key is stored only in the client, and the server only stores the encrypted private key.
For example, the user's application sends the encrypted private key "guash #fakjdhaj" to the financial institution system client. After receiving the encrypted private key 'guash#fakjdhaj', the financial institution system client adopts an MD5 encryption mode to compare and verify the encrypted private key 'guash#fakjdhaj', and after the verification is consistent, the locally stored private key 'adnka' is replaced by the received encrypted private key 'guash#fakjdhaj'.
According to the embodiment of the disclosure, the server locally searches an encryption private key corresponding to url information managed by the card function of the user according to the url information managed by the card function of the user.
In operation S730, the information to be verified and the private key encryption information are compared to obtain a verification result.
According to the embodiment of the disclosure, the server compares the queried local encryption private key stored in the server with the encryption private key obtained from the service request, if the comparison is consistent, the verification is passed, and if the comparison is inconsistent, the verification is not passed.
For example, the encryption private key which is queried locally by the financial institution system is "dhias", the encryption private key which is acquired from the login service request by the financial institution system is "dhias", and the authentication is passed if the encryption private key which is queried locally is confirmed to be consistent with the encryption private key which is acquired from the login service request; the encryption private key which is queried locally by the financial institution system is 'dhias', the encryption private key which is acquired from the login service request by the financial institution system is 'hdias', and the verification is not passed if the encryption private key which is queried locally is not consistent with the encryption private key which is acquired from the login service request.
In operation S740, in the case where it is determined that the verification result is verification pass, the parameter information of the card function management page is transmitted to the client.
According to embodiments of the present disclosure, the parameter information of the card function management page may be characterized as information containing the status of each card function.
According to embodiments of the present disclosure, the information of the card function status may include the status of the function being turned on or off, the value of each function allowance, and the merchant blacklist.
For example, in the case of verification passing, the financial institution system sends the current state of the small-amount secret-free function to the user's application program, the single small-amount secret-free limit is 10000 yuan, the transfer function current state is open, the single transfer limit is 20000 yuan, the online payment function current state is closed, the single online payment limit is 50000 yuan, and the merchant blacklist includes the parameter information of the a merchant.
According to the embodiment of the disclosure, the server compares the encryption private key which is locally searched and stored according to the target website information with the encryption private key which is obtained from the client to judge the consistency of the encryption private key and the encryption private key, so that verification safety is improved, and parameter information of the card function management page is sent to the client under the condition that the consistency of the encryption private key and the encryption private key is ensured, so that transmission errors are avoided.
Fig. 8 schematically illustrates a flow chart of one-way encryption according to another embodiment of the present disclosure.
As shown in fig. 8, the login method 800 of this other embodiment includes operations S810 to S830.
In operation S810, first encrypted identification information is acquired.
According to the embodiment of the disclosure, the server receives the first encrypted identification information sent from the client.
In operation S820, second encrypted identification information is generated according to the target web address information and the information to be verified.
According to the embodiment of the disclosure, the second encrypted identification information is obtained by encrypting the target website information and the information to be verified.
According to the embodiment of the disclosure, the server encrypts the target website information and the information to be verified in a one-way encryption mode to generate the second encrypted identification information.
According to embodiments of the present disclosure, the second encrypted identification information may be used to verify the first encrypted identification information.
According to the embodiment of the disclosure, the server compares the generated second encrypted identification information with the acquired first encrypted identification information to judge whether the information is consistent.
For example, the second encrypted identification information generated by the server is "hfalh15973", the first encrypted identification information acquired by the server is "hfalh15973", and whether the second encrypted identification information and the first encrypted identification information are consistent is determined.
In operation S830, in case it is determined that the first encrypted identification information and the second encrypted identification information are identical, private key encryption information for authenticating the target user is queried according to the target web address information.
For example, the second encrypted identification information generated by the server is "hfalh15973", the first encrypted identification information acquired by the server is "hfalh15973", it is determined that the second encrypted identification information is the same as the first encrypted identification information, and the encrypted private key stored locally at the server is queried according to url information managed by the card function of the user.
According to the embodiment of the disclosure, the server encrypts the received target website information and the information to be verified to obtain the second encrypted identification information, and after confirming that the first encrypted identification information and the second encrypted identification information are consistent, the server inquires the encrypted private key from the local cache, so that the consistency of the target website information and the information to be verified is ensured.
Fig. 9 schematically illustrates a flowchart of generating second encrypted identification information according to another embodiment of the present disclosure.
As shown in fig. 9, the login method 900 of this other embodiment includes operations S910 to S930.
According to an embodiment of the present disclosure, generating second encrypted identification information according to target website information and information to be verified includes:
In operation S910, a second target field is extracted from the target web address information and the information to be verified according to a predetermined rule.
According to an embodiment of the present disclosure, the predetermined rule of the server and the predetermined rule of the client are identical.
According to embodiments of the present disclosure, the predetermined rule may be characterized as a rule that the client and the server extract the field with consensus.
According to embodiments of the present disclosure, the second target field may be characterized as a field extracted within a prescribed range according to a predetermined rule.
For example, the predetermined rule is to extract the 10 th to 20 th bits of the target field, and the server side extracts the 10 th to 20 th bits of "gkfarybwe 4836 a.5fram" from the fields of url information and encryption private key of card function management as the second target field according to the predetermined rule.
In operation S920, the second target field is encoded, resulting in a second encoded field.
In accordance with embodiments of the present disclosure, encoding may be characterized as converting information from one form or format to another. The server side can perform coding operation on the second target field according to the coding dictionary to obtain a second coding field corresponding to the second target field.
According to embodiments of the present disclosure, the encoding dictionary may be characterized as a collection containing each encoding character corresponding to each original character. The coding dictionary can be preset at the client and the server.
According to embodiments of the present disclosure, the encoded characters may include numbers, letters, or symbols.
For example, the coding dictionary includes a coding character 1 corresponding to the original character a, a coding character D corresponding to the original character B, a coding character 20 corresponding to the original character C, and a coding character "#" corresponding to the original character D.
For example, the financial institution system extracts the second target field "wsa12$" from url information and an encryption private key managed by the card function according to a predetermined rule, and the banking system inquires the encoding dictionary for the encoding character corresponding to "wsa12$" according to "wsa12$", to obtain the second encoding field as "af@45a".
In operation S930, second encrypted identification information is generated according to the second encoding field.
According to the embodiment of the disclosure, the client and the server have the same preset rule, and the second encrypted identification information is obtained under the preset rule, so that the server can compare the first encrypted identification information with the second encrypted identification information, and therefore verification is performed through the same preset rule and the same encryption mode, the accuracy of information transmission is ensured, and the safety of user information authentication between the financial institution system and the user application program is improved.
Fig. 10 schematically illustrates a flow chart of encoding fields according to another embodiment of the present disclosure.
As shown in fig. 10, the login method 1000 of this embodiment includes operations S1001 to S1004.
According to an embodiment of the present disclosure, the second encoding field includes N characters, N is an integer greater than 1, and generating second encrypted identification information according to the second encoding field includes:
in operation S1001, the N-th character is multiplied by the other N-1 fields in the second encoded field in order, to obtain an encrypted N-th character.
According to an embodiment of the present disclosure, N is an integer of 1 or more and N or less.
According to embodiments of the present disclosure, the nth character may be characterized as the nth character in the second encoding field.
For example, the second code field is "2756849", and the third character is "5".
According to embodiments of the present disclosure, the other N-1 fields may be characterized as fields of all character combinations in the second encoded field except the nth character.
For example, the second code field is "2756849", the second character is "7", and the other N-1 fields are "256849".
According to embodiments of the present disclosure, the encrypted nth character may include a segment of a string.
For example, the second code field is "2756849", the bank system multiplies the 1 st character "2" by the other characters, respectively, to obtain the encrypted first character as "14101216818", and multiplies the 2 nd character "7" by the other characters, respectively, to obtain the encrypted second character as "143542562863".
In operation S1002, it is determined whether N is smaller than N. In the case where N is not less than N, the operation S1003 is entered; in the case where N is smaller than N, operation S1004 is entered.
In operation S1003, second encrypted identification information is obtained.
In operation S1004, the encryption operation for the nth character is performed back and n is incremented.
According to an embodiment of the present disclosure, the second encrypted identification information is obtained after all the characters in the second encoded field are encrypted.
According to an embodiment of the present disclosure, the second encrypted identification information may include all encrypted characters, i.e., a character string encrypted for all characters in the second encoding field.
According to embodiments of the present disclosure, incrementing N may be characterized as adding one operation to N at a time until after incrementing N-N more times, the incrementing N is complete. Wherein N-N is the total number of characters excluding N characters from the N characters.
For example, the second code field includes 10 characters in total, and the 2 nd character is encrypted, and then it needs to be incremented 8 times to complete all the increment.
According to an embodiment of the present disclosure, if N is smaller than N, it may be characterized that in the second encoding field, only N characters are encrypted, and N-N characters remain unencrypted, so that the nth character needs to be incremented, the incremented character is returned to operation S1001 again until all characters in the second encoding field are encrypted, and operation S1003 is performed to obtain the second encrypted identification information.
For example, the second coding field includes 10 characters in total, after encrypting the 4 th character, judging that 4 is smaller than 10, increasing the 4 th character to obtain the 5 th character, multiplying the 5 th character with the other 9 characters in the second coding field in sequence to obtain the 5 th character after encryption, judging that 5 is smaller than 10, continuing to repeat the above operation until all 10 characters in the second coding field are encrypted, and obtaining a character string composed of the 10 encrypted characters as the second encryption identification information.
According to the embodiment of the disclosure, since the nth character is multiplied by other fields in the second coding field in sequence to obtain the encrypted nth character, the information security is further improved, and meanwhile, when N is smaller than N, N is increased, so that each character in the second coding field is encrypted, missing characters is avoided, and complete second encrypted identification information is obtained.
Fig. 11 schematically illustrates a flow chart of modifying page parameters according to another embodiment of the present disclosure.
As shown in fig. 11, the login method 1100 of this other embodiment includes operations S1110 to S1140.
In operation S1110, encryption parameter information of a card function management page from a client is received in response.
According to embodiments of the present disclosure, the encrypted parameter information may be characterized as parameter information and information to be verified encrypted by a bidirectional encryption manner.
According to the embodiment of the disclosure, the parameter information can be characterized as specific information data corresponding to each function after the function is changed.
According to an embodiment of the disclosure, the specific information data may include different limits corresponding to different functions, a card number of a bank card, identity document information of a owner of the bank card, and a merchant blacklist.
According to embodiments of the present disclosure, the merchant blacklist may include a merchant number, a merchant name, and an industry code.
For example, after changing the closed small amount encryption-free function to open, the application program of the user can acquire that the small amount encryption-free limit of each time of the user is 10000 yuan; after changing the closed withdrawal function to open, the application program of the user can acquire that the withdrawal limit of each time of the user is 50000 yuan; after changing the merchant blacklist of the merchant a from closed to open, the client may obtain the merchant number 0123, the merchant name a, and the industry code 453389 of the merchant a.
According to embodiments of the present disclosure, the bidirectional encryption manner may include a symmetric encryption algorithm and an asymmetric encryption algorithm. The symmetric encryption algorithms may in turn include DES, 3DES and AES encryption algorithms, and the asymmetric encryption algorithms may in turn include RSA and ECC encryption algorithms.
For example, the financial institution system receives encrypted parameter information of the card function management page of the application program from the user, that is, parameter information and information to be authenticated encrypted using the DES encryption algorithm.
In operation S1120, the encrypted parameter information is decrypted to obtain the parameter information and the information to be verified.
According to an embodiment of the present disclosure, decryption may be characterized as that the server side discloses information encrypted using an encryption algorithm of the client side according to a rule of the encryption algorithm.
According to the embodiment of the disclosure, the client and the server adopt a consistent encryption algorithm to encrypt or decrypt the parameter information and the information to be verified, and the server has a secret key or a public key with the same encryption algorithm rule as the client.
For example, the client and the server both encrypt or decrypt the parameter information and the information to be verified by adopting a DES encryption algorithm, the client and the server each have the same key, the client encrypts the parameter information encrypted by using the DES encryption algorithm, that is, the encrypted parameter information and the information to be verified are sent to the server, and the server decrypts the encrypted parameter information by using the key to obtain the unencrypted parameter information and the information to be verified.
In operation S1130, in case it is determined that the information to be verified is verified, the target page is queried according to the target web address information.
According to embodiments of the present disclosure, the target page may be characterized as a card function management page.
According to the embodiment of the disclosure, when the server determines that the information to be verified is consistent with the private key encryption information, namely, when the encrypted private key inquired in the local cache according to url information managed by the card function is consistent with the encrypted private key sent by the client, the server inquires a card function management page according to url information managed by the card function.
In operation S1140, the page parameters of the target page are modified according to the parameter information.
According to the embodiment of the disclosure, the modification is to modify the original parameter information on the card function management page according to the received parameter information.
According to embodiments of the present disclosure, page parameters may be characterized as specific states and values of parameter information on a card function management page.
For example, the financial institution banking system modifies the original small-amount license-free 5000 element on the card function management page to 10000 element according to the received small-amount license-free 10000 element on the card function management page.
According to the embodiment of the disclosure, the encryption parameter information is decrypted to obtain the parameter information and the information to be verified, so that the safety of related information is improved, and further, under the condition that verification information passes verification, namely that the verification encryption private key is consistent, the parameter can be modified at the server, so that the modification is ensured to be correct, the risk of losing the user private key is avoided, and the safety of information transmission is improved.
Based on the login method, the disclosure also provides a login device applied to the client. The device will be described in detail below in connection with fig. 12 and 13.
Fig. 12 schematically shows a block diagram of a login device applied to a client according to an embodiment of the present disclosure.
As shown in fig. 12, the login apparatus 1200 of this embodiment includes an identification module 1210, a first decryption module 1220, a first transmission module 1230, and a login module 1240.
The identifying module 1210 is configured to identify the target image, and obtain encrypted website information corresponding to the target image.
The first decryption module 1220 is configured to decrypt the encrypted website information with the private key to obtain the target website information.
The first sending module 1230 is configured to send target website information and information to be verified to a server; the information to be verified is generated by encrypting the private key by using a random number.
A login module 1240 for logging in the card function management page in response to the authentication information being authenticated.
According to an embodiment of the present disclosure, the login device 1200 of this embodiment further includes a first encrypted identification information sub-module and a first transmission encrypted identification information sub-module.
And the first encryption identification information sub-module is used for encrypting the target website information and the information to be verified to generate first encryption identification information.
The first sending encryption identification information sub-module is used for sending the target website information, the information to be verified and the first encryption identification information to the server.
According to an embodiment of the present disclosure, the first encrypted identification information sub-module includes a first extraction field unit, a first encoding field unit, and a first generated encrypted identification unit.
And the first extraction field unit is used for extracting a first target field from the target website information and the information to be verified according to a preset rule.
And the first coding field unit is used for coding the first target field to obtain a first coding field.
The first generation encryption identification unit is used for generating first encryption identification information according to the first coding field.
According to an embodiment of the present disclosure, the first encoding field includes M characters, M being an integer greater than 1.
According to an embodiment of the present disclosure, the first generated encryption identification unit includes a first multiplication unit, a first smaller unit, and a first equal unit.
The first multiplication unit is used for multiplying the mth character with other M-1 fields in the first coding field in sequence to obtain the encrypted mth character, wherein M is an integer greater than or equal to 1 and less than or equal to M.
A first smaller unit for, in the case where it is determined that M is smaller than M, returning to perform the encryption operation for the mth character, and incrementing M.
A first equality unit for obtaining first encrypted identification information in case that M is determined to be equal to M.
According to an embodiment of the present disclosure, the login device 1200 of this embodiment further includes a first acquisition parameter information sub-module, a first encryption parameter information sub-module, and a first transmission encryption parameter information sub-module.
The first parameter information acquisition sub-module is used for responding to the change operation of the state of the function button of the card function management page and acquiring the parameter information after the change of the function button.
And the first encryption parameter information sub-module is used for encrypting the parameter information and the information to be verified to obtain encrypted parameter information.
The first sending encryption parameter information sub-module is used for sending the encryption parameter information to the server.
Any of the plurality of modules of the identification module 1210, the first decryption module 1220, the first transmission module 1230, and the login module 1240 may be combined in one module, or any of the plurality of modules may be split into a plurality of modules according to an embodiment of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. At least one of the identification module 1210, the first decryption module 122, the first transmission module 1230, and the logging module 1240 may be implemented, at least in part, as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware, such as any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware, according to embodiments of the present disclosure. Alternatively, at least one of the identification module 1210, the first decryption module 1220, the first transmission module 1230 and the login module 1240 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
Fig. 13 schematically illustrates a block diagram of a login device applied to a server according to another embodiment of the present disclosure.
As shown in fig. 13, the login device 1300 of this other embodiment includes an acquisition module 1310, a query module 1320, a verification module 1330, and a second transmission module 1340.
And the obtaining module 1310 is configured to obtain, in response to receiving a login service request for a card function management page of a target user, target website information and information to be verified, where the information to be verified is obtained by encrypting a private key with a random number by a client.
And a query module 1320, configured to query the private key encryption information for verifying the target user according to the target website information.
And the verification module 1330 is used for comparing the information to be verified with the private key encryption information to obtain a verification result.
And a second sending module 1340, configured to send parameter information of the card function management page to the client if the verification result is determined to be that verification is passed.
According to an embodiment of the present disclosure, the login device 1300 of this further embodiment further includes a first encrypted identification sub-module, a second encrypted identification information sub-module, and a second inquiry encrypted information sub-module.
And the first encryption identification sub-module is used for acquiring the first encryption identification information.
And the second encryption identification information sub-module is used for generating second encryption identification information according to the target website information and the information to be verified.
And the second inquiry encryption information sub-module is used for inquiring the private key encryption information for verifying the target user according to the target website information under the condition that the first encryption identification information and the second encryption identification information are determined to be the same.
According to an embodiment of the present disclosure, the second encrypted identification information submodule includes a second extraction field unit, a second encoding field unit, and a second generated encrypted identification unit.
And the second extraction field unit is used for extracting a second target field from the target website information and the information to be verified according to a preset rule.
And the second coding field unit is used for coding the second target field to obtain a second coding field.
And the second encryption identification generation unit is used for generating second encryption identification information according to the second coding field.
According to an embodiment of the present disclosure, the second encoding field includes N characters, N being an integer greater than 1.
According to an embodiment of the present disclosure, the second generated encrypted identification unit includes a second multiplying unit, a second smaller unit, and a second equivalent unit.
And the second multiplying unit is used for multiplying the nth character with other N-1 fields in the first coding field in sequence to obtain the encrypted nth character, wherein N is an integer greater than or equal to 1 and less than or equal to N.
And a second smaller unit for, in the case where it is determined that N is smaller than N, returning to perform the encryption operation for the mth character, and incrementing N.
And the second equivalent unit is used for obtaining the first encrypted identification information under the condition that N is determined to be equal to N.
According to an embodiment of the present disclosure, the login apparatus 1300 of this further embodiment further includes a second acquire encryption parameter information sub-module, a second decryption parameter information sub-module, a second inquiry target page sub-module, and a second modification parameter sub-module.
And the second encryption parameter information acquisition sub-module is used for responding to the received encryption parameter information of the card function management page from the client.
And the second decryption parameter information sub-module is used for decrypting the encryption parameter information to obtain the parameter information and the information to be verified.
And the second inquiry target page sub-module is used for inquiring the target page according to the target website information under the condition that the information to be verified is confirmed to pass.
And the second modification parameter sub-module is used for modifying the page parameters of the target page according to the parameter information.
Any of the acquisition module 1310, the query module 1320, the verification module 1330, and the second transmission module 1340 may be combined into one module to be implemented, or any of them may be split into a plurality of modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of acquisition module 1310, query module 1320, validation module 1330, and second transmission module 1340 may be implemented, at least in part, as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware, such as any other reasonable way of integrating or packaging circuitry, or in any one of or a suitable combination of any of three implementations of software, hardware, and firmware. Alternatively, at least one of the acquisition module 1310, the query module 1320, the verification module 1330, and the second transmission module 1340 may be at least partially implemented as a computer program module that, when executed, may perform the corresponding functions.
Fig. 14 schematically illustrates a block diagram of an electronic device adapted to implement a login method according to an embodiment of the present disclosure.
As shown in fig. 14, an electronic device 1400 according to an embodiment of the present disclosure includes a processor 1401 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1402 or a program loaded from a storage section 1408 into a Random Access Memory (RAM) 1403. The processor 1401 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1401 may also include on-board memory for caching purposes. The processor 1401 may include a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1403, various programs and data necessary for the operation of the electronic device 1400 are stored. The processor 1401, ROM 1402, and RAM 1403 are connected to each other through a bus 1404. The processor 1401 performs various operations of the method flow according to the embodiment of the present disclosure by executing programs in the ROM 1402 and/or the RAM 1403. Note that the program may be stored in one or more memories other than the ROM 1402 and the RAM 1403. The processor 1401 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 1400 may also include an input/output (I/O) interface 1405, the input/output (I/O) interface 1405 also being connected to the bus 1404. The electronic device 1400 may also include one or more of the following components connected to an input/output (I/O) interface 1405: an input section 1406 including a keyboard, a mouse, and the like; an output portion 1407 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 1408 including a hard disk or the like; and a communication section 1409 including a network interface card such as a LAN card, a modem, and the like. The communication section 1409 performs communication processing via a network such as the internet. The drive 1410 is also connected to an input/output (I/O) interface 1405 as needed. Removable media 1411, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memory, and the like, is installed as needed on drive 1410 so that a computer program read therefrom is installed as needed into storage portion 1408.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 1402 and/or RAM 1403 described above and/or one or more memories other than ROM 1402 and RAM 1403.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the item recommendation method provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1401. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program can also be transmitted, distributed over a network medium in the form of signals, and downloaded and installed via the communication portion 1409, and/or installed from the removable medium 1411. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1409 and/or installed from the removable medium 1411. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1401. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (14)

1. A login method is applied to a client and comprises the following steps:
identifying a target image to obtain encrypted website information corresponding to the target image, wherein the encrypted website information is obtained by encrypting target website information of a card function management page of a target user by using a public key;
Decrypting the encrypted website information by using a private key to obtain the target website information;
sending target website information and information to be verified to a server; the information to be verified is generated by encrypting the private key by using a random number; and
and responding to the information to be verified to pass verification, and logging in the card function management page.
2. The method of claim 1, further comprising:
encrypting the target website information and the information to be verified to generate first encrypted identification information; and
and sending the target website information, the information to be verified and the first encrypted identification information to a server.
3. The method of claim 2, wherein encrypting the target web site information and the information to be verified to generate first encrypted identification information comprises:
extracting a first target field from the target website information and the information to be verified according to a preset rule;
encoding the first target field to obtain a first encoded field; and
and generating first encryption identification information according to the first coding field.
4. The method of claim 3, wherein the first encoded field comprises M characters, M being an integer greater than 1, the generating first encrypted identification information from the first encoded field comprising:
Multiplying the mth character with other M-1 fields in the first coding field in sequence to obtain an encrypted mth character, wherein M is an integer greater than or equal to 1 and less than or equal to M;
in the case where it is determined that M is smaller than M, returning to perform the encryption operation for the mth character, and incrementing M;
in the case where it is determined that M is equal to M, the first encrypted identification information is obtained.
5. The method of claim 1, further comprising:
responding to the change operation of the state of the function button of the card function management page, and acquiring the changed parameter information of the function button;
encrypting the parameter information and the information to be verified to obtain encrypted parameter information; and
and sending the encryption parameter information to the server.
6. A login method is applied to a server and comprises the following steps:
responding to a login service request of a card function management page aiming at a target user, and acquiring target website information and information to be verified, wherein the information to be verified is obtained by encrypting a private key by a client side through a random number;
inquiring private key encryption information for verifying a target user according to the target website information;
Comparing the information to be verified with the private key encryption information to obtain a verification result; and
and under the condition that the verification result is determined to pass verification, sending the parameter information of the card function management page to the client.
7. The method of claim 6, further comprising:
acquiring first encryption identification information;
generating second encrypted identification information according to the target website information and the information to be verified; and
and under the condition that the first encryption identification information and the second encryption identification information are identical, inquiring private key encryption information for verifying a target user according to the target website information.
8. The method of claim 7, wherein the generating second encrypted identification information according to the target web site information and the information to be verified comprises:
extracting a second target field from the target website information and the information to be verified according to a preset rule;
encoding the second target field to obtain a second encoded field; and
and generating second encryption identification information according to the second coding field.
9. The method of claim 8, wherein the second encoded field comprises N characters, N being an integer greater than 1, the generating second encrypted identification information from the second encoded field comprising:
Multiplying the nth character with other N-1 fields in the second coding field in sequence to obtain an encrypted nth character, wherein N is an integer greater than or equal to 1 and less than or equal to N;
returning to perform encryption operation for the nth character and incrementing N if N is determined to be less than N;
and obtaining the second encrypted identification information under the condition that N is equal to N.
10. The method of claim 6, further comprising:
in response to receiving encryption parameter information from the card function management page of the client;
decrypting the encrypted parameter information to obtain parameter information and information to be verified;
under the condition that the information to be verified is confirmed to pass, inquiring a target page according to the target website information; and
and modifying the page parameters of the target page according to the parameter information.
11. A login device, applied to a client, comprising:
the identification module is used for identifying the target image to obtain encrypted website information corresponding to the target image;
the first decryption module is used for decrypting the encrypted website information by using a private key to obtain the target website information;
the first sending module is used for sending the target website information and the information to be verified to the server; the information to be verified is generated by encrypting the private key by using a random number; and
And the login module is used for responding to the verification information to be verified and logging in the card function management page.
12. A login device applied to a server, comprising:
the acquisition module is used for responding to a login service request of a card function management page aiming at a target user and acquiring target website information and information to be verified, wherein the information to be verified is obtained by encrypting a private key by using a random number by a client;
the inquiry module is used for inquiring private key encryption information for verifying the target user according to the target website information;
the verification module is used for comparing the information to be verified with the private key encryption information to obtain a verification result; and
and the second sending module is used for sending the parameter information of the card function management page to the client under the condition that the verification result is determined to pass verification.
13. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-10.
14. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1 to 10.
CN202310971860.9A 2023-08-03 2023-08-03 Login method, login device, login equipment and storage medium Pending CN117439760A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310971860.9A CN117439760A (en) 2023-08-03 2023-08-03 Login method, login device, login equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310971860.9A CN117439760A (en) 2023-08-03 2023-08-03 Login method, login device, login equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117439760A true CN117439760A (en) 2024-01-23

Family

ID=89552276

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310971860.9A Pending CN117439760A (en) 2023-08-03 2023-08-03 Login method, login device, login equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117439760A (en)

Similar Documents

Publication Publication Date Title
US11868997B2 (en) Secure payments using a mobile wallet application
US11683187B2 (en) User authentication with self-signed certificate and identity verification and migration
US11374749B2 (en) Key encryption key (KEK) rotation for multi-tenant (MT) system
US10951595B2 (en) Method, system and apparatus for storing website private key plaintext
US10796302B2 (en) Securely storing and using sensitive information for making payments using a wallet application
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11023620B2 (en) Cryptography chip with identity verification
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
CN114826733A (en) File transfer method, device, system, apparatus, medium, and program product
CN114553570B (en) Method, device, electronic equipment and storage medium for generating token
CN112565156B (en) Information registration method, device and system
CN114826729B (en) Data processing method, page updating method and related hardware
CN114448722B (en) Cross-browser login method and device, computer equipment and storage medium
US11502840B2 (en) Password management system and method
CN117439760A (en) Login method, login device, login equipment and storage medium
CN114386073A (en) Method and device for creating security certificate, electronic equipment and storage medium
KR101511451B1 (en) Method of encryption to keyboard input information
CN110490003B (en) User trusted data generation method, user trusted data acquisition method, device and system
CN116800519A (en) Login method, login device, login equipment and storage medium
CN118432935A (en) Information authentication method, apparatus, device, medium, and program product
CN119316145A (en) U-Shield-based identity authentication method, device, equipment, medium and product
CN118101215A (en) U-shield login method, device, equipment and medium
KR20170123222A (en) User authentication method for integrity and security enhancement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination