CN103428221A - Safety logging method, system and device of mobile application - Google Patents
- ️Wed Dec 04 2013
CN103428221A - Safety logging method, system and device of mobile application - Google Patents
Safety logging method, system and device of mobile application Download PDFInfo
-
Publication number
- CN103428221A CN103428221A CN2013103762426A CN201310376242A CN103428221A CN 103428221 A CN103428221 A CN 103428221A CN 2013103762426 A CN2013103762426 A CN 2013103762426A CN 201310376242 A CN201310376242 A CN 201310376242A CN 103428221 A CN103428221 A CN 103428221A Authority
- CN
- China Prior art keywords
- cloud server
- encryption key
- mobile terminal
- user
- string Prior art date
- 2013-08-26 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a safety logging method of a mobile application. The safety logging method includes the following steps that the encryption key arrangement is performed on the mobile application in a cloud server and a mobile terminal, and an encryption key is stored in the cloud server and the mobile terminal respectively; the cloud server receives a logging verification request sent by the mobile application, wherein the logging verification request comprises a user name and a first encryption string, and the first encryption string comprises information obtained after a user code is encrypted through the encryption key; the cloud server decrypts the first encryption string according to the encryption key so as to obtain the user code; the cloud server performs logging verification on the mobile terminal according to the user code. According to the safety logging method of the mobile application, through the encryption key arrangement, safety of a logging system on the mobile application is ensured, and user privacy is protected. The invention further discloses a safety logging system and the cloud server for the mobile application.
Description
Technical field
The present invention relates to mobile interconnection technique field, particularly a kind of safe login method, system and device to mobile application.
Background technology
The development of the Internet also is accompanied by the growth of network security threats.Service in a lot of websites needs the user just can use after logining, and in login process, needs account and the password of transmission user.The user login information that many hackers are transmitted by intercepting, malice is stolen user account and password, has threatened user's individual account number safety.
General traditional login system, when submitting user's logging request to, in order to guarantee the user cipher safe transmission, generally can adopt the data transmission mechanism based on ssl protocol, as adopted the https agreement.
Under mobile network at home, use the https consultation following fatal problem to occur:
(1), the gateway of some mobile operator do not support the https agreement, as CMWAP gateway early.
(2), because mobile network's transmission speed itself is slower, add three SSL handshake process of https agreement existence and https certificate checking procedure, and certification authentication mechanism all abroad, these all cause the upper https of use of mobile network consultation at home the problem that response speed is very slow to occur.
For fear of cause the user to experience sharply because of the problems referred to above, worsen, many movements are applied in while submitting user's logging request to all directly uses the http agreement.If process but user cipher is not done to respective encrypted, directly use the http agreement, user cipher is easy to be got by operations such as network packet capturings by the hacker, causes user profile to reveal, and threatens user information safety.In order to address this problem, great majority adopt the mobile application meeting of http agreement before sending logging request, first in client, by default fixed key, the password of user's input is done to symmetry or asymmetric encryption, then the password after encrypting is sent to service end, after service end receives the password of encryption, obtain the password of user's input by same fixed key deciphering, relatively carry out the validity of authentication of users password by the user's original password with the service end preservation.This mode has improved the fail safe of user cipher to a certain extent, but in fact, this login system is still safe not, and reason is as follows:
(1) if what adopt during the client encrypt user cipher is symmetric encipherment algorithm, the hacker can pass through reverse-engineering decompiling client-side program, know cryptographic algorithm details and default fixed key, serve, when the hacker obtains by the network packet capturing user cipher of encrypting, can obtain the real password of user according to corresponding decipherment algorithm.
(2) if what adopt during the client encrypt user cipher is rivest, shamir, adelman, the hacker can't utilize the method in () to obtain the real password of user.But the hacker can pass through the Replay Attack means, the user name obtained during by the network packet capturing and the password of encryption again are sent to service end and are logined, and obtain the subscriber sign-in conversation information that service end is returned, and obtain all operations power of user account.In like manner, during the customer end adopted symmetric encipherment algorithm, the hacker also can realize logining by this means victim's account.
To be client carrying out user cipher while encrypting to the main cause that the problems referred to above occur, the key adopted be immobilize, effectively permanent.Therefore account information is easily stolen, makes user profile reveal, and user account is endangered.
Summary of the invention
The present invention is intended at least solve one of technical problem existed in prior art.
For this reason, one object of the present invention is to propose a kind of safe login method for mobile application, by encrypted key exchange, guarantees the fail safe of the upper login system of mobile application, has protected privacy of user.
Second purpose of the present invention is to propose a kind of Security Login System for mobile application.
The 3rd purpose of the present invention is to propose a kind of cloud server.
For achieving the above object, the embodiment of first aspect present invention has proposed a kind of safe login method for mobile application, comprise the following steps: the mobile application in cloud server and mobile terminal is encrypted key agreement, and preserves encryption key respectively in described cloud server and mobile terminal; Described cloud server receives the login authentication request that described mobile application sends, and wherein, described login authentication request comprises user name and the first encryption string, and described first encrypts string comprises the information after by described encryption key, user cipher being encrypted; Described cloud server is encrypted string according to described encryption key to described first and is decrypted to obtain described user cipher; Described cloud server carries out login authentication according to described user cipher to described mobile terminal.
According to the safe login method for mobile application of the embodiment of the present invention, encryption key is stored in cloud server and mobile terminal through consultation, by encryption key, realizes encryption and decryption.The encryption key of consulting can personalize, even the password of encrypting is maliciously obtained also, can't obtain key, makes and adopts the http agreement to send request the fail safe that also can guarantee to move the login system in application, has protected privacy of user.
In one embodiment of the invention, described the first encryption string also comprises the information after by described encryption key, the current time being encrypted.
In one embodiment of the invention, also comprise: described cloud server is encrypted string according to described encryption key to described first and is decrypted to obtain the described current time; Described cloud server judged whether effectively according to the described current time; When judging, described cloud server returns to error message to described mobile terminal when invalid.During each login, the content of password encryption string effectively, can prevent Replay Attack to a certain extent in the configurable scope of time interval length.
In one embodiment of the invention, the mobile application in described cloud server and mobile terminal is encrypted key agreement and further comprises: store the acquiescence encryption key in described cloud server and mobile terminal; When described cloud server is logined for the first time at described mobile terminal, by described acquiescence encryption key and described mobile terminal, be encrypted key agreement.
The embodiment of second aspect present invention has proposed a kind of Security Login System for mobile application, comprises mobile terminal and cloud server.
Wherein, preserve respectively the encryption key after consulting in described cloud server and mobile terminal, wherein, described mobile terminal is for sending the login authentication request to described cloud server, wherein, described login authentication request comprises user name and the first encryption string, and described first encrypts string comprises the information after by described encryption key, user cipher being encrypted; Described cloud server is decrypted to obtain described user cipher for according to described encryption key, to described first, encrypting string, and according to described user cipher, described mobile terminal is carried out to login authentication.
According to the Security Login System for mobile application of the embodiment of the present invention, encryption key is stored in cloud server and mobile terminal through consultation, by encryption key, realizes encryption and decryption.The encryption key of consulting can personalize, even the password of encrypting is maliciously obtained also, can't obtain key, makes and adopts the http agreement to send request the fail safe that also can guarantee to move the login system in application, has protected privacy of user.
In one embodiment of the invention, described the first encryption string also comprises the information after by described encryption key, the current time being encrypted.
In one embodiment of the invention, described cloud server, also be decrypted to obtain the described current time for according to described encryption key, to described first, encrypting string, and judge whether effectively according to the described current time, and, when judgement is invalid, to described mobile terminal, return to error message.During each login, the content of password encryption string effectively, can prevent Replay Attack to a certain extent in the configurable scope of time interval length.
In one embodiment of the invention, store the acquiescence encryption key in described cloud server and mobile terminal, when described cloud server is logined for the first time at described mobile terminal, by described acquiescence encryption key and described mobile terminal, be encrypted key agreement.
The embodiment of third aspect present invention has proposed a kind of cloud server, preserve respectively the encryption key after consulting in described cloud server and mobile terminal, wherein, described cloud server comprises login authentication request receiving module, deciphering module and login authentication module.
Wherein, the login authentication request that login authentication request receiving module sends for receiving described mobile application, wherein, described login authentication request comprises user name and the first encryption string, and described first encrypts string comprises the information after by described encryption key, user cipher being encrypted; Deciphering module is decrypted to obtain described user cipher for according to described encryption key, to described first, encrypting string; The login authentication module is for carrying out login authentication according to described user cipher to described mobile terminal.
According to the cloud server of the embodiment of the present invention, encryption key is stored in cloud server and mobile terminal through consultation, by encryption key, realizes encryption and decryption.The encryption key of consulting can personalize, even the password of encrypting is maliciously obtained also, can't obtain key, makes and adopts the http agreement to send request the fail safe that also can guarantee to move the login system in application, has protected privacy of user.
In one embodiment of the invention, described the first encryption string also comprises the information after by described encryption key, the current time being encrypted.
In one embodiment of the invention, described deciphering module is encrypted to go here and there to described first according to described encryption key and is decrypted to obtain the described current time.
In one embodiment of the invention, described login authentication module judges whether effectively according to the described current time, when described cloud server judges, returns to error message to described mobile terminal when invalid.During each login, the content of password encryption string effectively, can prevent Replay Attack to a certain extent in the configurable scope of time interval length.
In one embodiment of the invention, store the acquiescence encryption key in described cloud server and mobile terminal, when described cloud server is logined for the first time at described mobile terminal, by described acquiescence encryption key and described mobile terminal, be encrypted key agreement.
Additional aspect of the present invention and advantage part in the following description provide, and part will become obviously from the following description, or recognize by practice of the present invention.
The accompanying drawing explanation
Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment in conjunction with following accompanying drawing, wherein:
Fig. 1 is the flow chart according to the safe login method for mobile application of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet according to the encrypted key exchange of the embodiment of the present invention;
Fig. 3 is the schematic flow sheet according to the secure log of the embodiment of the present invention;
Fig. 4 is the structural representation according to the Security Login System for mobile application of the embodiment of the present invention; With
Fig. 5 is the structural representation according to the cloud server of the embodiment of the present invention.
Embodiment
Below describe embodiments of the invention in detail, the example of described embodiment is shown in the drawings, and wherein same or similar label means same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not be interpreted as limitation of the present invention.
Describe the safe login method for mobile application according to the embodiment of the present invention below with reference to Fig. 1, comprise the following steps:
Step S110: the mobile application in cloud server and mobile terminal is encrypted key agreement, and preserves encryption key in server and mobile terminal beyond the clouds respectively.
Wherein, the mobile application in cloud server and mobile terminal is encrypted key agreement and further comprises:
Step S111: store the acquiescence encryption key in cloud server and mobile terminal.
Step S112: when cloud server is logined for the first time at mobile terminal, by acquiescence encryption key and mobile terminal, be encrypted key agreement.
Step S120: cloud server receives the login authentication request that mobile application sends, and wherein, the login authentication request comprises user name and the first encryption string, and first encrypts string comprises the information after by encryption key, user cipher being encrypted.
Wherein, the first encryption string also comprises the information after by encryption key, the current time being encrypted.
Step S130: cloud server is decrypted to obtain user cipher according to encryption key to the first encryption string.
Step S140: cloud server carries out login authentication according to user cipher to mobile terminal.
In one embodiment of the invention, also comprise:
Step S151: cloud server is decrypted to obtain the current time to the first encryption string according to encryption key.
Step S152: cloud server judged whether effectively according to the current time.
Step S153: when cloud server judges, return to error message to mobile terminal when invalid.
Below take Fig. 2 and Fig. 3 as example realizes describing to this method complete skill, be understandable that, following implementation method only for illustrative purposes, is not limited to this according to embodiments of the invention.
This method comprises encrypted key exchange and two subprocess of login.
At first, the mobile application in cloud server and mobile terminal is encrypted key agreement, and preserves encryption key in server and mobile terminal beyond the clouds respectively.
Store the acquiescence encryption key in cloud server and mobile terminal.
When mobile terminal is logined for the first time, by acquiescence encryption key and mobile terminal, be encrypted key agreement when cloud server.
Concrete, as shown in Figure 2, the user can also arrange encryption key, comprises the steps:
Step S210: the user logins mobile application, enters the interface that encryption key is set.
Step S220: the mobile application in mobile terminal is sent to cloud server by the encryption key of user's input.
Step S230: cloud server is according to active user's login sessions acquisition of information user account information.
Step S240: cloud server is preserved the user encryption key received as the part of user account information, and returns to corresponding response message to mobile terminal.
Step S250: the mobile application in mobile terminal is cached to the encryption key of user's input in respective storage medium.
After mobile application key agreement preservation in cloud server and mobile terminal, the user can apply and be logined by movement, and flow process as shown in Figure 3.
Step S310: the user submits logging request to.
Step S311: the encryption key be buffered in the mobile terminal respective storage medium is read in mobile application.If encryption key does not exist, using the acquiescence encryption key preset as encryption key
Step S312: mobile application is done symmetric cryptography according to encryption key by information such as user cipher and current network times, obtains the first encryption string.
Step S313: mobile application is submitted the login authentication request to cloud server, and the login authentication request comprises the information such as user name and the first encryption string.
Step S320: cloud server reads user account information corresponding to user name from database, and wherein, user account information comprises user's password plaintext and the encryption key set in advance.
Step S321: cloud server judges whether user account exists.
Step S322_1: if there is no, return to error message.And execution step S330..
Step S330: mobile application, for error message, is carried out the relative users prompting and is processed, and the guiding user re-enters user name, password.
Step S322: if exist, if the not default encryption key of user, the acquiescence encryption key that cloud server judges to preset is as user's encryption key.Wherein, the acquiescence encryption key is identical with acquiescence encryption key default on mobile terminal.
Step S323: the cloud server judgement is decrypted the first encryption string according to encryption key, obtains the password of user's input and the network time value that mobile terminal provides.
Step S324: whether the user cipher that cloud server checking deciphering obtains is expressly identical with the password in user account information.
Step S325_1: if different, cloud server returns to error message.Skip to step S330.
Step S325: if identical, the cloud server current time judges whether effectively.Particularly, whether the network time that cloud server inspection deciphering obtains and the difference of current system timestamp be in default threshold values, if in threshold values be effective.
Step S326_1: if judge invalidly, cloud server returns to error message.Skip to step S330.
Step S327: if effectively, cloud server generates user's login sessions information and it is returned to mobile terminal according to described user account information.
Step S340: the mobile application in mobile terminal receives login sessions information, completes the respective handling after login.
Wherein, the current network time can be obtained from network time server by Network Time Protocol by mobile terminal, also can when returning to user's login interface, with page content, be returned together by cloud server, can be perhaps by mobile terminal before sending the logging request bag, by the network interaction with cloud server, obtain.The current system timestamp that cloud server obtains is general and network time synchronization.
In addition, during due to each login, in password encryption string content, all contain timestamp, and this timestamp is only within a certain period of time, effective in the configurable scope of this time interval length, so can prevent Replay Attack to a certain extent.Even be reproduced the verification also be difficult to by cloud server, thereby can't successfully login.And, because each user's encryption key is different, even the hacker obtains cryptographic algorithm by reverse-engineering, the password encryption string that also can't obtain packet capturing is decrypted the password that obtains the user.Further, even the hacker has been known cryptographic algorithm, and obtained user's password by other means, as long as he can't obtain user's encryption key, account that also can't login user.In theory, encryption key only has user, user's mobile terminal and cloud server just can obtain.Therefore, fail safe of the present invention is relatively very high.
The safe login method for mobile application according to the embodiment of the present invention; carry out secure log based on user-defined encryption key; make and adopt the http agreement to send request the fail safe that also can guarantee to move the login system in application, protected privacy of user.
Describe the Security Login System 100 for mobile application according to the embodiment of the present invention below with reference to Fig. 4, comprise
mobile terminal110 and cloud server 120, wherein, preserve respectively the encryption key after consulting in cloud server 120 and
mobile terminal110, wherein,
110 is for sending the login authentication request to cloud server 120, and wherein, the login authentication request comprises user name and the first encryption string, and first encrypts string comprises the information after by encryption key, user cipher being encrypted; Cloud server 120 is for according to encryption key, the first encryption string being decrypted to obtain user cipher, and according to user cipher,
mobile terminal110 carried out to login authentication.
First encrypts string also comprises the information after by encryption key, the current time being encrypted.
Cloud server 120 is also for according to encryption key, the first encryption string being decrypted to obtain the current time, and judges whether effectively according to the current time, and, when judgement is invalid, to
mobile terminal110, returns to error message.
Store the acquiescence encryption key in cloud server 120 and
mobile terminal110, when cloud server 120 is logined for the first time at
mobile terminal110, by acquiescence encryption key and
mobile terminal110, be encrypted key agreement.
Below the native system complete skill is realized describing, be understandable that, following implementation method only for illustrative purposes, is not limited to this according to embodiments of the invention.
Native system comprises encrypted key exchange and two subprocess of login.
At first, cloud server 120 is encrypted key agreement with the mobile application in
mobile terminal110, and preserves encryption key in server 120 and
mobile terminal110 beyond the clouds respectively.
Store the acquiescence encryption key in cloud server 120 and
mobile terminal110.
When
mobile terminal110 is logined for the first time, by acquiescence encryption key and
mobile terminal110, be encrypted key agreement when cloud server 120.
Concrete, the user can also arrange encryption key, comprising: the user logins mobile application, enters the interface that encryption key is set; Mobile application in
mobile terminal110 is sent to cloud server 120 by the encryption key of user's input; Cloud server 120 is according to active user's login sessions acquisition of information user account information; Cloud server 120 is preserved the user encryption key received as the part of user account information, and returns to corresponding response message to
mobile terminal110; Mobile application in
mobile terminal110 is cached to the encryption key of user's input in respective storage medium.
After cloud server 120 is also preserved with the mobile application key agreement in
mobile terminal110, the user can apply and be logined by movement, comprising:
Step S410: the user submits logging request to.The encryption key be buffered in
mobile terminal110 respective storage medium is read in mobile application.If encryption key does not exist, using the acquiescence encryption key preset as encryption key.Mobile application is done symmetric cryptography according to encryption key by information such as user cipher and current network times, obtains the first encryption string.Mobile application is submitted the login authentication request to cloud server 120, and the login authentication request comprises the information such as user name and the first encryption string.
Step S420: cloud server 120 reads user account information corresponding to user name from database, and wherein, user account information comprises user's password plaintext and the encryption key set in advance.
Step S421: cloud server 120 judges whether user account exists.
Step S422: if exist, if the not default encryption key of user, the acquiescence encryption key that cloud server 120 judges to preset is as user's encryption key.Wherein, the acquiescence encryption key is identical with acquiescence encryption key default on
mobile terminal110.
Step S422_1: if there is no, return to error message.And execution step S430..
Step S430: mobile application, for error message, is carried out the relative users prompting and is processed, and the guiding user re-enters user name, password.
Step S423: cloud server 120 judgements are decrypted the first encryption string according to encryption key, obtain the password of user's input and the network time value that
mobile terminal110 provides.Whether the user cipher that cloud server 120 checking deciphering obtain is expressly identical with the password in user account information.
Step S424_1: if different, cloud server 120 returns to error message.Skip to step S430.
Step S424: if identical, 120 current time of cloud server judge whether effectively.Particularly, whether the difference that cloud server 120 checks network time that deciphering obtains and current system timestamp is in default threshold values, if in threshold values be effective.
Step S425_1: if judge invalidly, cloud server 120 returns to error message.Skip to step S330.
Step S425: if effectively, cloud server 120 generates user's login sessions information and it is returned to
mobile terminal110 according to described user account information.
Step S440: the mobile application in
mobile terminal110 receives login sessions information, completes the respective handling after login.
Wherein, the current network time can be obtained from network time server by Network Time Protocol by
mobile terminal110, also can when returning to user's login interface, with page content, be returned together by cloud server 120, can be perhaps by
mobile terminal110 before sending the logging request bag, by the network interaction with cloud server 120, obtain.The current system timestamp that cloud server 120 obtains is general and network time synchronization.
In addition, during due to each login, in password encryption string content, all contain timestamp, and this timestamp is only within a certain period of time, effective in the configurable scope of this time interval length, so can prevent Replay Attack to a certain extent.Even be reproduced the verification also be difficult to by cloud server 120, thereby can't successfully login.And, because each user's encryption key is different, even the hacker obtains cryptographic algorithm by reverse-engineering, the password encryption string that also can't obtain packet capturing is decrypted the password that obtains the user.Further, even the hacker has been known cryptographic algorithm, and obtained user's password by other means, as long as he can't obtain user's encryption key, account that also can't login user.In theory, encryption key only has user, user's
mobile terminal110 and cloud server 120 just can obtain.Therefore, fail safe of the present invention is relatively very high.
The Security Login System for mobile application according to the embodiment of the present invention; carry out secure log based on user-defined encryption key; make and adopt the http agreement to send request the fail safe that also can guarantee to move the login system in application, protected privacy of user.
Below with reference to Fig. 5, the cloud server 200 according to the embodiment of the present invention is described, preserve respectively the encryption key after consulting in cloud server and mobile terminal, wherein, cloud server 200 comprises login authentication
request receiving module210, deciphering
module220 and
login authentication module230.
Wherein, the login authentication request that login authentication
request receiving module210 sends for receiving mobile application, wherein, the login authentication request comprises user name and the first encryption string, first encrypts string comprises the information after by encryption key, user cipher being encrypted;
Deciphering module220 is for being decrypted to obtain user cipher according to encryption key to the first encryption string;
Login authentication module230 is for carrying out login authentication according to user cipher to mobile terminal.
Wherein, the first encryption string also comprises the information after by encryption key, the current time being encrypted.
Deciphering
module220 is decrypted to obtain the current time to the first encryption string according to encryption key.
230 judges whether effectively according to the current time, when cloud server judges, returns to error message to mobile terminal when invalid.
Store the acquiescence encryption key in cloud server and mobile terminal, when cloud server is logined for the first time at mobile terminal, by acquiescence encryption key and mobile terminal, be encrypted key agreement.
Below the complete skill of this cloud server is realized describing, be understandable that, following realization only for illustrative purposes, is not limited to this according to embodiments of the invention.
This cloud server participates in encrypted key exchange and two subprocess of login in the technical program.
At first, the mobile application in cloud server and mobile terminal is encrypted key agreement, and preserves encryption key in server and mobile terminal beyond the clouds respectively.
Store the acquiescence encryption key in cloud server and mobile terminal.
When mobile terminal is logined for the first time, by acquiescence encryption key and mobile terminal, be encrypted key agreement when cloud server.
The user can also arrange encryption key, comprising: the user logins mobile application, enters the interface that encryption key is set; Mobile application in mobile terminal is sent to cloud server by the encryption key of user's input; Cloud server is according to active user's login sessions acquisition of information user account information; Cloud server is preserved the user encryption key received as the part of user account information, and returns to corresponding response message to mobile terminal: the mobile application in mobile terminal is cached to the encryption key of user's input in respective storage medium.
After mobile application key agreement preservation in cloud server and mobile terminal, the user can apply and be logined by movement, comprising:
The user submits logging request to.The encryption key be buffered in the mobile terminal respective storage medium is read in mobile application.If encryption key does not exist, using the acquiescence encryption key preset as encryption key.Mobile application is done symmetric cryptography according to encryption key by information such as user cipher and current network times, obtains the first encryption string.Mobile application is submitted the login authentication request to cloud server, and the login authentication request comprises the information such as user name and the first encryption string.
Login authentication
request receiving module210 receives the login authentication request that mobile application sends.Cloud server 200 reads user account information corresponding to user name from database, and wherein, user account information comprises user's password plaintext and the encryption key set in advance.Cloud server 2000 judges whether user account exists.If there is no, return to error message.If exist, if the user does not preset encryption key, using the acquiescence encryption key the preset encryption key as the user.Wherein, the acquiescence encryption key is identical with acquiescence encryption key default on mobile terminal.
Deciphering
module220 is decrypted the first encryption string according to encryption key, obtains the password of user's input and the network time value that mobile terminal provides.
Whether the user cipher that the 230 judgement deciphering of login authentication module obtain is expressly identical with the password in user account information.If different,
login authentication module230 is returned to error message.If identical, the 230 judgement current time of login authentication module judge whether effectively.Particularly, whether the difference that login
authentication module230 checks network time that deciphering obtains and current system timestamp is in default threshold values, if in threshold values be effective.If it is invalid to judge,
login authentication module230 is returned to error message.If effectively,
login authentication module230 generates user's login sessions information and it is returned to mobile terminal according to described user account information.
Mobile application in mobile terminal receives login sessions information, completes the respective handling after login.Mobile application, for error message, is carried out the relative users prompting and is processed, and the guiding user re-enters user name, password.
Wherein, the current network time can be obtained from network time server by Network Time Protocol by mobile terminal, also can when returning to user's login interface, with page content, be returned together by cloud server, can be perhaps by mobile terminal before sending the logging request bag, by the network interaction with cloud server, obtain.The current system timestamp that cloud server obtains is general and network time synchronization.
In addition, during due to each login, in password encryption string content, all contain timestamp, and this timestamp is only within a certain period of time, effective in the configurable scope of this time interval length, so can prevent Replay Attack to a certain extent.Even be reproduced the verification also be difficult to by cloud server, thereby can't successfully login.And, because each user's encryption key is different, even the hacker obtains cryptographic algorithm by reverse-engineering, the password encryption string that also can't obtain packet capturing is decrypted the password that obtains the user.Further, even the hacker has been known cryptographic algorithm, and obtained user's password by other means, as long as he can't obtain user's encryption key, account that also can't login user.In theory, encryption key only has user, user's mobile terminal and cloud server just can obtain.Therefore, fail safe of the present invention is relatively very high.
According to the cloud server of the embodiment of the present invention, carry out secure log based on user-defined encryption key, make and adopt the http agreement to send request the fail safe that also can guarantee to move the login system in application, protected privacy of user.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claims and be equal to and limit.
Claims (13)
1. the safe login method for mobile application, is characterized in that, comprises the following steps:
Mobile application in cloud server and mobile terminal is encrypted key agreement, and preserves encryption key respectively in described cloud server and mobile terminal;
Described cloud server receives the login authentication request that described mobile application sends, and wherein, described login authentication request comprises user name and the first encryption string, and described first encrypts string comprises the information after by described encryption key, user cipher being encrypted;
Described cloud server is encrypted string according to described encryption key to described first and is decrypted to obtain described user cipher; And
Described cloud server carries out login authentication according to described user cipher to described mobile terminal.
2. the method for claim 1, is characterized in that, described first encrypts string also comprises the information after by described encryption key, the current time being encrypted.
3. method as claimed in claim 2, is characterized in that, also comprises:
Described cloud server is encrypted string according to described encryption key to described first and is decrypted to obtain the described current time; And
Described cloud server judged whether effectively according to the described current time;
When judging, described cloud server returns to error message to described mobile terminal when invalid.
4. as the described method of claim 1-3 any one, it is characterized in that, the mobile application in described cloud server and mobile terminal is encrypted key agreement and further comprises:
Store the acquiescence encryption key in described cloud server and mobile terminal;
When described cloud server is logined for the first time at described mobile terminal, by described acquiescence encryption key and described mobile terminal, be encrypted key agreement.
5. the Security Login System for mobile application, is characterized in that, comprises mobile terminal and cloud server, wherein, preserves respectively the encryption key after consulting in described cloud server and mobile terminal, wherein,
Described mobile terminal, for to described cloud server, sending the login authentication request, wherein, described login authentication request comprises user name and the first encryption string, described first encrypts string comprises the information after by described encryption key, user cipher being encrypted;
Described cloud server, be decrypted to obtain described user cipher for according to described encryption key, to described first, encrypting string, and according to described user cipher, described mobile terminal carried out to login authentication.
6. Security Login System as claimed in claim 5, is characterized in that, described first encrypts string also comprises the information after by described encryption key, the current time being encrypted.
7. Security Login System as claimed in claim 6, it is characterized in that, described cloud server, also for according to described encryption key, to described first, encrypting string, be decrypted to obtain the described current time, and judge whether effectively according to the described current time, and, when judgement is invalid, to described mobile terminal, return to error message.
8. Security Login System as claimed in claim 5, it is characterized in that, store the acquiescence encryption key in described cloud server and mobile terminal, when described cloud server is logined for the first time at described mobile terminal, by described acquiescence encryption key and described mobile terminal, be encrypted key agreement.
9. a cloud server, is characterized in that, preserves respectively the encryption key after consulting in described cloud server and mobile terminal, and wherein, described cloud server comprises:
Login authentication request receiving module, the login authentication request sent for receiving described mobile application, wherein, described login authentication request comprises user name and the first encryption string, and described first encrypts string comprises the information after by described encryption key, user cipher being encrypted;
Deciphering module, be decrypted to obtain described user cipher for according to described encryption key, to described first, encrypting string; And
The login authentication module, for carrying out login authentication according to described user cipher to described mobile terminal.
10. cloud server as claimed in claim 9, is characterized in that, described first encrypts string also comprises the information after by described encryption key, the current time being encrypted.
11. cloud server as claimed in claim 10, is characterized in that, described deciphering module is encrypted string according to described encryption key to described first and is decrypted to obtain the described current time.
12. cloud server as claimed in claim 11, is characterized in that, described login authentication module judges whether effectively according to the described current time, when described cloud server judges, returns to error message to described mobile terminal when invalid.
13. cloud server as claimed in claim 9, it is characterized in that, store the acquiescence encryption key in described cloud server and mobile terminal, when described cloud server is logined for the first time at described mobile terminal, by described acquiescence encryption key and described mobile terminal, be encrypted key agreement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310376242.6A CN103428221B (en) | 2013-08-26 | 2013-08-26 | Safe login method, system and device to Mobile solution |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310376242.6A CN103428221B (en) | 2013-08-26 | 2013-08-26 | Safe login method, system and device to Mobile solution |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103428221A true CN103428221A (en) | 2013-12-04 |
| CN103428221B CN103428221B (en) | 2017-04-05 |
Family
ID=49652397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310376242.6A Active CN103428221B (en) | 2013-08-26 | 2013-08-26 | Safe login method, system and device to Mobile solution |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103428221B (en) |
Cited By (18)
* Cited by examiner, † Cited by third party| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104767766A (en) * | 2015-05-08 | 2015-07-08 | 广州视源电子科技股份有限公司 | Web Service interface verification method, Web Service server and client |
| CN105338525A (en) * | 2014-05-29 | 2016-02-17 | 广州市动景计算机科技有限公司 | Login access processing method, apparatus and system |
| CN106355088A (en) * | 2015-07-15 | 2017-01-25 | 纬创资通股份有限公司 | Account management application strengthening method and device using same |
| CN106375267A (en) * | 2015-07-22 | 2017-02-01 | 无锡天脉聚源传媒科技有限公司 | Account login method and apparatus |
| CN108075880A (en) * | 2017-11-28 | 2018-05-25 | 珠海金山网络游戏科技有限公司 | A kind of network game server logs in security system and method |
| CN108092937A (en) * | 2016-11-23 | 2018-05-29 | 厦门雅迅网络股份有限公司 | Prevent the method and system of Web system unauthorized access |
| CN108737087A (en) * | 2018-04-17 | 2018-11-02 | 厦门市美亚柏科信息股份有限公司 | The guard method of Email Accounts password and computer readable storage medium |
| CN109451495A (en) * | 2014-05-30 | 2019-03-08 | 北京奇虎科技有限公司 | The acquisition methods and device of verification information |
| CN109889763A (en) * | 2019-03-20 | 2019-06-14 | 苏州科达科技股份有限公司 | Call-establishing method, device and the storage medium of TV conference system |
| CN110445768A (en) * | 2019-07-18 | 2019-11-12 | 阿里巴巴集团控股有限公司 | A kind of login method, device and electronic equipment |
| CN110971593A (en) * | 2019-11-19 | 2020-04-07 | 许昌许继软件技术有限公司 | Database secure network access method |
| WO2020093214A1 (en) * | 2018-11-05 | 2020-05-14 | 深圳市欢太科技有限公司 | Application program login method, application program login device and mobile terminal |
| CN111181952A (en) * | 2019-12-26 | 2020-05-19 | 紫光云(南京)数字技术有限公司 | Password protection method and device of mobile application program and computer storage medium |
| CN111193740A (en) * | 2019-12-31 | 2020-05-22 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
| CN113651326A (en) * | 2021-08-31 | 2021-11-16 | 重庆长风化学工业有限公司 | Platform system for generating phosgene |
| CN113656790A (en) * | 2021-08-31 | 2021-11-16 | 重庆长风化学工业有限公司 | Control method for generating phosgene platform system |
| CN113672011A (en) * | 2021-08-31 | 2021-11-19 | 重庆长风化学工业有限公司 | Safe phosgene control method for system cloud platform |
| CN114900338A (en) * | 2022-04-20 | 2022-08-12 | 岚图汽车科技有限公司 | Encryption and decryption method, device, equipment and medium |
Citations (8)
* Cited by examiner, † Cited by third party| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001011817A2 (en) * | 1999-08-06 | 2001-02-15 | Sarnoff Corporation | Network user authentication protocol |
| US20020178366A1 (en) * | 2001-05-24 | 2002-11-28 | Amiran Ofir | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server |
| CN101197677A (en) * | 2007-12-27 | 2008-06-11 | 腾讯科技(深圳)有限公司 | Internet product login method and apparatus supporting extra parameter login |
| CN101594233A (en) * | 2009-06-26 | 2009-12-02 | 成都市华为赛门铁克科技有限公司 | Method for uploading information, method and device for receiving information, and communication system |
| CN102118392A (en) * | 2011-01-18 | 2011-07-06 | 南京朗睿软件科技有限公司 | Encryption/decryption method and system for data transmission |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN102882858A (en) * | 2012-09-13 | 2013-01-16 | 江苏乐买到网络科技有限公司 | External data transmission method for cloud computing system |
| CN103152401A (en) * | 2013-02-07 | 2013-06-12 | 百度在线网络技术(北京)有限公司 | Mobile terminal, login method and system through mobile terminal, and cloud server |
-
2013
- 2013-08-26 CN CN201310376242.6A patent/CN103428221B/en active Active
Patent Citations (8)
* Cited by examiner, † Cited by third party| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001011817A2 (en) * | 1999-08-06 | 2001-02-15 | Sarnoff Corporation | Network user authentication protocol |
| US20020178366A1 (en) * | 2001-05-24 | 2002-11-28 | Amiran Ofir | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server |
| CN101197677A (en) * | 2007-12-27 | 2008-06-11 | 腾讯科技(深圳)有限公司 | Internet product login method and apparatus supporting extra parameter login |
| CN101594233A (en) * | 2009-06-26 | 2009-12-02 | 成都市华为赛门铁克科技有限公司 | Method for uploading information, method and device for receiving information, and communication system |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN102118392A (en) * | 2011-01-18 | 2011-07-06 | 南京朗睿软件科技有限公司 | Encryption/decryption method and system for data transmission |
| CN102882858A (en) * | 2012-09-13 | 2013-01-16 | 江苏乐买到网络科技有限公司 | External data transmission method for cloud computing system |
| CN103152401A (en) * | 2013-02-07 | 2013-06-12 | 百度在线网络技术(北京)有限公司 | Mobile terminal, login method and system through mobile terminal, and cloud server |
Cited By (29)
* Cited by examiner, † Cited by third party| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105338525B (en) * | 2014-05-29 | 2019-02-15 | 广州爱九游信息技术有限公司 | Log in access processing method, apparatus and system |
| CN105338525A (en) * | 2014-05-29 | 2016-02-17 | 广州市动景计算机科技有限公司 | Login access processing method, apparatus and system |
| CN109451495A (en) * | 2014-05-30 | 2019-03-08 | 北京奇虎科技有限公司 | The acquisition methods and device of verification information |
| CN104767766A (en) * | 2015-05-08 | 2015-07-08 | 广州视源电子科技股份有限公司 | Web Service interface verification method, Web Service server and client |
| CN104767766B (en) * | 2015-05-08 | 2018-03-27 | 广州视源电子科技股份有限公司 | Web Service interface verification method, Web Service server and client |
| CN106355088A (en) * | 2015-07-15 | 2017-01-25 | 纬创资通股份有限公司 | Account management application strengthening method and device using same |
| CN106355088B (en) * | 2015-07-15 | 2019-10-18 | 纬创资通股份有限公司 | Account management application strengthening method and device using same |
| CN106375267A (en) * | 2015-07-22 | 2017-02-01 | 无锡天脉聚源传媒科技有限公司 | Account login method and apparatus |
| CN108092937A (en) * | 2016-11-23 | 2018-05-29 | 厦门雅迅网络股份有限公司 | Prevent the method and system of Web system unauthorized access |
| CN108092937B (en) * | 2016-11-23 | 2021-04-20 | 厦门雅迅网络股份有限公司 | Method and system for preventing unauthorized access of Web system |
| CN108075880A (en) * | 2017-11-28 | 2018-05-25 | 珠海金山网络游戏科技有限公司 | A kind of network game server logs in security system and method |
| CN108737087A (en) * | 2018-04-17 | 2018-11-02 | 厦门市美亚柏科信息股份有限公司 | The guard method of Email Accounts password and computer readable storage medium |
| CN108737087B (en) * | 2018-04-17 | 2021-04-27 | 厦门市美亚柏科信息股份有限公司 | Protection method for mailbox account password and computer readable storage medium |
| WO2020093214A1 (en) * | 2018-11-05 | 2020-05-14 | 深圳市欢太科技有限公司 | Application program login method, application program login device and mobile terminal |
| CN112771826B (en) * | 2018-11-05 | 2023-01-10 | 深圳市欢太科技有限公司 | Application program registration method, application program registration device and mobile terminal |
| CN112771826A (en) * | 2018-11-05 | 2021-05-07 | 深圳市欢太科技有限公司 | Application program login method, application program login device and mobile terminal |
| CN109889763A (en) * | 2019-03-20 | 2019-06-14 | 苏州科达科技股份有限公司 | Call-establishing method, device and the storage medium of TV conference system |
| CN110445768B (en) * | 2019-07-18 | 2021-11-09 | 创新先进技术有限公司 | Login method and device and electronic equipment |
| CN110445768A (en) * | 2019-07-18 | 2019-11-12 | 阿里巴巴集团控股有限公司 | A kind of login method, device and electronic equipment |
| CN110971593A (en) * | 2019-11-19 | 2020-04-07 | 许昌许继软件技术有限公司 | Database secure network access method |
| CN110971593B (en) * | 2019-11-19 | 2022-04-08 | 许昌许继软件技术有限公司 | Database secure network access method |
| CN111181952A (en) * | 2019-12-26 | 2020-05-19 | 紫光云(南京)数字技术有限公司 | Password protection method and device of mobile application program and computer storage medium |
| CN111193740A (en) * | 2019-12-31 | 2020-05-22 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
| CN111193740B (en) * | 2019-12-31 | 2023-03-14 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
| CN113651326A (en) * | 2021-08-31 | 2021-11-16 | 重庆长风化学工业有限公司 | Platform system for generating phosgene |
| CN113656790A (en) * | 2021-08-31 | 2021-11-16 | 重庆长风化学工业有限公司 | Control method for generating phosgene platform system |
| CN113672011A (en) * | 2021-08-31 | 2021-11-19 | 重庆长风化学工业有限公司 | Safe phosgene control method for system cloud platform |
| CN114900338A (en) * | 2022-04-20 | 2022-08-12 | 岚图汽车科技有限公司 | Encryption and decryption method, device, equipment and medium |
| CN114900338B (en) * | 2022-04-20 | 2023-07-21 | 岚图汽车科技有限公司 | Encryption and decryption method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103428221B (en) | 2017-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103428221B (en) | 2017-04-05 | Safe login method, system and device to Mobile solution |
| CN113067828B (en) | 2023-05-12 | Message processing method, device, server, computer equipment and storage medium |
| CN102082796B (en) | 2014-04-09 | Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol) |
| CN103391292A (en) | 2013-11-13 | Mobile-application-oriented safe login method, system and device |
| US11736304B2 (en) | 2023-08-22 | Secure authentication of remote equipment |
| US20140298037A1 (en) | 2014-10-02 | Method, apparatus, and system for securely transmitting data |
| CN105721502A (en) | 2016-06-29 | Authorized access method for browser client and server |
| CN105516157B (en) | 2019-05-17 | Network information security input system and method based on independent encryption |
| Bali et al. | 2019 | Lightweight authentication for MQTT to improve the security of IoT communication |
| CN107483383A (en) | 2017-12-15 | A kind of data processing method, terminal and background server |
| CN111030996A (en) | 2020-04-17 | A method and device for accessing resources |
| CN103327034A (en) | 2013-09-25 | Safe login method, system and device |
| CN104901935A (en) | 2015-09-09 | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) |
| CN105491073B (en) | 2020-07-14 | Data downloading method, device and system |
| CN104283680A (en) | 2015-01-14 | Data transmission method, client side, server and system |
| CN108111497A (en) | 2018-06-01 | Video camera and server inter-authentication method and device |
| US20240414529A1 (en) | 2024-12-12 | Key negotiation and provisioning for devices in a network |
| US10015208B2 (en) | 2018-07-03 | Single proxies in secure communication using service function chaining |
| CN104243452A (en) | 2014-12-24 | Method and system for cloud computing access control |
| CN104168565A (en) | 2014-11-26 | Method for controlling safe communication of intelligent terminal under undependable wireless network environment |
| JP2012100206A (en) | 2012-05-24 | Cryptographic communication relay system, cryptographic communication relay method and cryptographic communication relay program |
| CN103716280A (en) | 2014-04-09 | Data transmission method, server and system |
| Imran et al. | 2024 | D4GW: DTLS for gateway multiplexed application to secure MQTT (SN)-based pub/sub architecture |
| CN104243435A (en) | 2014-12-24 | Communication method for HTTP based on OAuth |
| KR20190040443A (en) | 2019-04-18 | Apparatus and method for creating secure session of smart meter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 2013-12-04 | C06 | Publication | |
| 2013-12-04 | PB01 | Publication | |
| 2013-12-25 | C10 | Entry into substantive examination | |
| 2013-12-25 | SE01 | Entry into force of request for substantive examination | |
| 2017-04-05 | GR01 | Patent grant | |
| 2017-04-05 | GR01 | Patent grant |