[go: up one dir, main page]

CN107483466B - A method and device for user login verification in a web application - Google Patents

A method and device for user login verification in a web application Download PDF

Info

Publication number
CN107483466B
CN107483466B CN201710765991.6A CN201710765991A CN107483466B CN 107483466 B CN107483466 B CN 107483466B CN 201710765991 A CN201710765991 A CN 201710765991A CN 107483466 B CN107483466 B CN 107483466B
Authority
CN
China
Prior art keywords
user
verification
client
stored
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710765991.6A
Other languages
Chinese (zh)
Other versions
CN107483466A (en
Inventor
殷武烁
袁鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN201710765991.6A priority Critical patent/CN107483466B/en
Publication of CN107483466A publication Critical patent/CN107483466A/en
Application granted granted Critical
Publication of CN107483466B publication Critical patent/CN107483466B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种Web应用中用户登录验证方法及装置,在接收到客户端发送的用户的会话请求时,首先根据客户端内存储的所述用户的验证数据,验证用户是否被允许登录;若客户端内存储的用户的验证数据与服务端当前存储的该用户的验证数据一致,则允许用户登录;若不一致则验证失败,进一步判断客户端内存储的用户的验证号与服务端当前存储的该用户的验证号是否一致,在不一致时,向客户端返回要求用户输入密码进行验证的信息。本发明Web应用中用户登录验证方法及装置,不需要用户每次访问时都需要输入密码,并且在客户端内不存储用户的密码,保障了用户登录信息的安全性。

Figure 201710765991

The invention discloses a user login verification method and device in a Web application. When a session request of a user sent by a client is received, it firstly verifies whether the user is allowed to log in according to the verification data of the user stored in the client; If the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, the user is allowed to log in; if they are inconsistent, the verification fails, and the verification number of the user stored in the client is further determined to be the same as the one currently stored in the server. Whether the verification number of the user is consistent, if not, return to the client the information requiring the user to enter the password for verification. The user login verification method and device in the web application of the present invention do not require the user to input a password every time he accesses, and the user's password is not stored in the client, thereby ensuring the security of the user's login information.

Figure 201710765991

Description

一种Web应用中用户登录验证方法及装置A method and device for user login verification in a web application

技术领域technical field

本发明涉及Web应用技术领域,特别是涉及一种Web应用中用户登录验证方法及装置。The invention relates to the technical field of Web applications, in particular to a method and device for user login verification in Web applications.

背景技术Background technique

在Web应用中用户登录功能是一个最基本的功能,但由于通常采用的网络协议比如超文本传输协议(Hyper Text Transfer Protocol,HTTP)是无状态的协议,也就是说这一协议无法记录用户的访问状态,每次请求都是独立的无关联的,而Web网站都是设计成多个页面的,在页面跳转过程中服务端需要对用户验证,验证用户是否被允许登录,这样在页面跳转后才知道是否可以让用户有权限来操作一些功能或是查看一些数据。The user login function is a basic function in Web applications, but because the commonly used network protocols such as Hyper Text Transfer Protocol (HTTP) are stateless protocols, that is to say, this protocol cannot record the user's information. Access status, each request is independent and unrelated, and Web sites are designed as multiple pages. During the page jump process, the server needs to verify the user to verify whether the user is allowed to log in, so that the page jumps Only after the transfer will I know whether users can have permission to operate some functions or view some data.

因此,在用户访问页面时验证用户是否能被允许登录,就成为Web应用中要面对的问题。为了提高用户体验,我们不能让用户每次访问页面都要重新输入用户名和密码,现有技术中,是利用浏览器的缓存文件,将用户的登录信息存放在客户端的缓存文件里,这样用户在访问页面时从这一缓存文件里获得用户的登录信息进行验证,验证用户是否能够被允许登录。但是,该方法存在许多隐患,首先Web应用允许浏览器缓存文件里记住用户的密码,而浏览器缓存文件没有保密措施,显然这样密码很容易被盗取,而即使密码是被加密保存的,但若盗取者将缓存文件整体拷走,也可以在其它设备上不输入密码而登录。Therefore, verifying whether the user is allowed to log in when the user accesses the page has become a problem to be faced in Web applications. In order to improve user experience, we cannot allow users to re-enter the user name and password every time they visit the page. In the prior art, the cache file of the browser is used to store the user's login information in the cache file of the client. When accessing the page, the user's login information is obtained from this cache file for verification, and it is verified whether the user can be allowed to log in. However, there are many hidden dangers in this method. First, the web application allows the browser to remember the user's password in the cache file, but the browser cache file has no security measures. Obviously, the password is easy to be stolen, and even if the password is encrypted and saved, However, if the thief copies the entire cache file away, he can also log in on other devices without entering a password.

可见,现有Web应用中对用户登录的验证方法,安全性有待提高。It can be seen that the security of the authentication method for user login in the existing web application needs to be improved.

发明内容SUMMARY OF THE INVENTION

鉴于此,本发明提供一种Web应用中用户登录验证方法及装置,提高了用户登录信息的安全性。In view of this, the present invention provides a user login verification method and device in a Web application, which improves the security of user login information.

为实现上述目的,本发明提供如下技术方案:To achieve the above object, the present invention provides the following technical solutions:

一种Web应用中用户登录验证方法,包括:A user login verification method in a Web application, comprising:

在接收到客户端发送的用户的会话请求时,判断所述客户端内存储的所述用户的验证数据与服务端当前存储的该用户的验证数据是否一致;When receiving the session request of the user sent by the client, determine whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server;

若是,则验证成功,允许所述用户登录,并更新所述客户端内存储的该用户的验证数据以及所述服务端内存储的该用户的验证数据;If so, the verification is successful, the user is allowed to log in, and the verification data of the user stored in the client and the verification data of the user stored in the server are updated;

若否,则验证失败,并判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号是否一致;If not, the verification fails, and it is judged whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server;

若否,则向所述客户端返回要求所述用户输入密码进行验证的信息,所述客户端内存储的用户的验证号以及所述服务端内存储的用户的验证号,在根据用户输入的密码验证成功并且允许所述用户登录时进行更新。If not, return information to the client that requires the user to input a password for verification. The verification number of the user stored in the client and the verification number of the user stored in the server are Password verification is successful and the user is allowed to log in to update.

可选地,还包括:判断所述客户端提供的用户输入的密码是否正确;Optionally, it also includes: judging whether the password input by the user provided by the client is correct;

若是,则允许所述用户登录,并更新所述客户端内存储的所述用户的验证号和验证数据,以及所述服务端内存储的所述用户的验证号和验证数据;If yes, then allow the user to log in, and update the verification number and verification data of the user stored in the client, and the verification number and verification data of the user stored in the server;

若否,则不允许所述用户登录。If not, the user is not allowed to log in.

可选地,还包括:若判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号不一致,则向所述客户端返回提示用户修改密码的信息。Optionally, it also includes: if it is judged that the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored by the server, then returning to the client information prompting the user to modify the password .

可选地,还包括:定期同时更新所述服务端内存储的用户的验证数据和验证号。Optionally, the method further includes: periodically updating the verification data and verification number of the user stored in the server at the same time.

可选地,在所述客户端内存储的用户的验证数据、验证号都经过加密,在所述服务端内存储的用户的验证数据、验证号都经过加密。Optionally, the verification data and verification number of the user stored in the client are encrypted, and the verification data and verification number of the user stored in the server are encrypted.

一种Web应用中用户登录验证装置,包括:A user login verification device in a Web application, comprising:

第一判断模块,用于在接收到客户端发送的用户的会话请求时,判断所述客户端内存储的所述用户的验证数据与服务端当前存储的该用户的验证数据是否一致;a first judging module, configured to judge whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server when receiving the session request of the user sent by the client;

登录模块,用于若所述客户端内存储的所述用户的验证数据与所述服务端当前存储的该用户的验证数据一致,则验证成功,允许所述用户登录,并更新所述客户端内存储的该用户的验证数据以及所述服务端内存储的该用户的验证数据;A login module, used for if the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, the verification is successful, allowing the user to log in, and updating the client The verification data of the user stored in the server and the verification data of the user stored in the server;

第二判断模块,用于若所述客户端内存储的所述用户的验证数据与所述服务端当前存储的该用户的验证数据不一致,判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号是否一致;The second judgment module is configured to judge the verification number of the user stored in the client if the verification data of the user stored in the client is inconsistent with the verification data of the user currently stored in the server Whether it is consistent with the verification number of the user currently stored by the server;

第一提示模块,用于若所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号不一致,则向所述客户端返回要求所述用户输入密码进行验证的信息,所述客户端内存储的用户的验证号以及所述服务端内存储的用户的验证号,在根据用户输入的密码验证成功并且允许所述用户登录时进行更新。The first prompting module is configured to return to the client to require the user to enter a password to perform a procedure if the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored in the server. The verification information, the user's verification number stored in the client and the user's verification number stored in the server, are updated when the verification is successful according to the password input by the user and the user is allowed to log in.

可选地,还包括:Optionally, also include:

第三判断模块,用于判断所述客户端提供的用户输入的密码是否正确;a third judging module for judging whether the password input by the user provided by the client is correct;

所述登录模块还用于若所述客户端提供的用户输入的密码正确,则允许所述用户登录,并更新所述客户端内存储的所述用户的验证号和验证数据,以及所述服务端内存储的所述用户的验证号和验证数据;若否,则不允许所述用户登录。The login module is further configured to allow the user to log in if the password input by the user provided by the client is correct, and update the verification number and verification data of the user stored in the client, and the service The verification number and verification data of the user stored in the terminal; if not, the user is not allowed to log in.

可选地,还包括:Optionally, also include:

第二提示模块,用于若判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号不一致,则向所述客户端返回提示用户修改密码的信息。The second prompting module is configured to return to the client information prompting the user to change the password if it is determined that the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored in the server .

可选地,还包括:Optionally, also include:

更新模块,用于定期同时更新所述服务端内存储的用户的验证数据和验证号。The updating module is used to periodically update the verification data and verification number of the user stored in the server at the same time.

可选地,在所述客户端内存储的用户的验证数据、验证号都经过加密,在所述服务端内存储的用户的验证数据、验证号都经过加密。Optionally, the verification data and verification number of the user stored in the client are encrypted, and the verification data and verification number of the user stored in the server are encrypted.

由上述技术方案可知,本发明所提供的Web应用中用户登录验证方法及装置,在接收到客户端发送的用户的会话请求时,首先根据客户端内存储的所述用户的验证数据,验证用户是否被允许登录;若客户端内存储的用户的验证数据与服务端当前存储的该用户的验证数据一致,则允许用户登录;若不一致则验证失败,进一步判断客户端内存储的用户的验证号与服务端当前存储的该用户的验证号是否一致,在不一致时,向客户端返回要求用户输入密码进行验证的信息。As can be seen from the above technical solutions, the method and device for user login verification in a Web application provided by the present invention, when receiving a user session request sent by a client, firstly verify the user according to the verification data of the user stored in the client. Whether the login is allowed; if the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, the user is allowed to log in; if it is inconsistent, the verification fails, and the verification number of the user stored in the client is further judged Whether it is consistent with the verification number of the user currently stored by the server, and if not, returns information to the client that requires the user to enter a password for verification.

可以看出,本发明Web应用中用户登录验证方法及装置,首先通过客户端内存储的验证数据和验证号对用户验证,不需要用户每次访问时都需要输入密码,并且在客户端内不需要存储用户的密码,保障了用户登录信息的安全性。It can be seen that, the user login verification method and device in the web application of the present invention first authenticate the user through the verification data and verification number stored in the client, without requiring the user to enter a password every time he accesses, and does not need to enter a password in the client. The user's password needs to be stored to ensure the security of the user's login information.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1为本发明实施例提供的一种Web应用中用户登录验证方法的流程图;1 is a flowchart of a user login verification method in a Web application provided by an embodiment of the present invention;

图2为本发明实施例中Web应用中客户端与服务端的示意图;2 is a schematic diagram of a client and a server in a Web application in an embodiment of the present invention;

图3为本发明又一实施例提供的一种Web应用中用户登录验证方法的流程图;3 is a flowchart of a user login verification method in a Web application provided by another embodiment of the present invention;

图4为本发明实施例提供的一种Web应用中用户登录验证装置的示意图;4 is a schematic diagram of a user login verification device in a Web application provided by an embodiment of the present invention;

图5为本发明又一实施例提供的一种Web应用中用户登录验证装置的示意图。FIG. 5 is a schematic diagram of a user login verification device in a Web application according to another embodiment of the present invention.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本发明中的技术方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

请参考图1,本发明实施例提供的一种Web应用中用户登录验证方法,包括步骤:Referring to FIG. 1, a method for user login verification in a Web application provided by an embodiment of the present invention includes steps:

S10:在接收到客户端发送的用户的会话请求时,判断所述客户端内存储的所述用户的验证数据与服务端当前存储的该用户的验证数据是否一致。S10: When receiving the user's session request sent by the client, determine whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server.

用户在访问某Web页面时,通过客户端向服务端发送用于访问页面的会话请求。When a user accesses a Web page, the client sends a session request to the server to access the page.

本实施例方法中,请参考图2,在客户端100内存储了用户的用户名、验证数据和验证号,相应的,在服务端101内也存储了用户的用户名、验证数据和验证号。其中,客户端100内存储的验证数据以及服务端101内存储的验证数据在用户每次发起会话请求时更新,即每次更新的验证数据只在一次登录会话中有效。客户端100内存储的验证号以及服务端101内存储的验证号在用户输入密码,并根据用户输入的密码验证成功并且允许所述用户登录时更新。In the method of this embodiment, please refer to FIG. 2 , the user name, verification data and verification number of the user are stored in the client 100 , and correspondingly, the user name, verification data and verification number of the user are also stored in the server 101 . The verification data stored in the client 100 and the verification data stored in the server 101 are updated each time the user initiates a session request, that is, the verification data updated each time is only valid in one login session. The verification number stored in the client 100 and the verification number stored in the server 101 are updated when the user enters a password, and the verification succeeds according to the password entered by the user and the user is allowed to log in.

本步骤中,在接收到客户端100发送的会话请求时,判断客户端100内存储的用户的验证数据与服务端101当前存储的该用户的验证数据是否一致。In this step, when the session request sent by the client terminal 100 is received, it is determined whether the verification data of the user stored in the client terminal 100 is consistent with the verification data of the user currently stored in the server 101 .

若是,则进入步骤S11。If yes, go to step S11.

S11:验证成功,允许所述用户登录,并更新所述客户端内存储的该用户的验证数据以及所述服务端内存储的该用户的验证数据。S11: The verification is successful, the user is allowed to log in, and the verification data of the user stored in the client and the verification data of the user stored in the server are updated.

本次访问用户被允许登录,用户登录成功。The user is allowed to log in this time, and the user logs in successfully.

若否,则进入步骤S12。If not, go to step S12.

S12:验证失败,并判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号是否一致。S12: The verification fails, and it is judged whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server.

若否,则进入步骤S13。If not, go to step S13.

S13:向所述客户端返回要求所述用户输入密码进行验证的信息。S13: Return information to the client that requires the user to input a password for verification.

客户端100内存储的验证号以及服务端101内存储的验证号是在用户输入密码,并根据用户输入的密码验证成功并且允许所述用户登录时更新,若出现客户端100内存储的用户的验证号与服务端101当前存储的该用户的验证号不一致,表明对于该用户可能存在利用密码的异常登录,则本步骤中要求用户重新输入密码进行验证。The verification number stored in the client 100 and the verification number stored in the server 101 are updated when the user enters the password, and the verification is successful according to the password entered by the user and the user is allowed to log in. The verification number is inconsistent with the verification number of the user currently stored in the server 101, indicating that there may be an abnormal login using the password for the user, and the user is required to re-enter the password for verification in this step.

可以看出,本实施例Web应用中用户登录验证方法,首先通过客户端内存储的验证数据和验证号对用户验证,不需要用户每次访问时都需要输入密码,并且在客户端内不需要存储用户的密码,保障了用户登录信息的安全性,与现有技术相比提高了用户登录的安全性。It can be seen that, the user login verification method in the Web application of this embodiment first authenticates the user through the verification data and verification number stored in the client, and does not require the user to enter a password every time he accesses, and does not require a password in the client. By storing the user's password, the security of the user's login information is guaranteed, and compared with the prior art, the security of the user's login is improved.

请参考图3,本发明又一实施例提供的一种Web应用中用户登录验证方法,包括步骤:Please refer to FIG. 3 , a method for user login verification in a Web application provided by another embodiment of the present invention includes steps:

S20:在接收到客户端发送的用户的会话请求时,判断所述客户端内存储的所述用户的验证数据与服务端当前存储的该用户的验证数据是否一致。S20: When receiving the session request of the user sent by the client, determine whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server.

用户在访问某Web页面时,通过客户端向服务端发送用于访问页面的会话请求。When a user accesses a Web page, the client sends a session request to the server to access the page.

本实施例方法中,请参考图2,在客户端100内存储了用户的用户名、验证数据和验证号,相应的,在服务端101内也存储了用户的用户名、验证数据和验证号。其中,客户端100内存储的验证数据以及服务端101内存储的验证数据在用户每次发起会话请求时更新,即每次更新的验证数据只在一次登录会话中有效。客户端100内存储的验证号以及服务端101内存储的验证号在用户输入密码,并根据用户输入的密码验证成功并且允许所述用户登录时更新。In the method of this embodiment, please refer to FIG. 2 , the user name, verification data and verification number of the user are stored in the client 100 , and correspondingly, the user name, verification data and verification number of the user are also stored in the server 101 . The verification data stored in the client 100 and the verification data stored in the server 101 are updated each time the user initiates a session request, that is, the verification data updated each time is only valid in one login session. The verification number stored in the client 100 and the verification number stored in the server 101 are updated when the user enters a password, and the verification succeeds according to the password entered by the user and the user is allowed to log in.

在接收到客户端100发送的会话请求时,判断客户端100内存储的用户的验证数据与服务端101当前存储的该用户的验证数据是否一致。When the session request sent by the client terminal 100 is received, it is determined whether the verification data of the user stored in the client terminal 100 is consistent with the verification data of the user currently stored in the server terminal 101 .

若是,则进入步骤S21。If yes, go to step S21.

S21:验证成功,允许所述用户登录,并更新所述客户端内存储的该用户的验证数据以及所述服务端内存储的该用户的验证数据。S21: The verification is successful, the user is allowed to log in, and the verification data of the user stored in the client and the verification data of the user stored in the server are updated.

本次会话用户验证成功,用户被允许登录。The user authentication for this session is successful, and the user is allowed to log in.

若否,则进入步骤S22。If not, go to step S22.

S22:验证失败,并判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号是否一致。S22: The verification fails, and it is judged whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server.

客户端100内存储的用户的验证数据与服务端101当前存储的该用户的验证数据不一致,表明服务端101内存储的验证数据已更改,则可能是本客户端内存储的用户的登录信息,包括用户名和验证数据被使用在其它设备上登录。The verification data of the user stored in the client 100 is inconsistent with the verification data of the user currently stored in the server 101, indicating that the verification data stored in the server 101 has been changed, it may be the login information of the user stored in the client, Including username and authentication data is used to log in on other devices.

此时,进一步判断客户端100内存储的用户的验证号与服务端101当前存储的该用户的验证号是否一致。At this time, it is further determined whether the verification number of the user stored in the client 100 is consistent with the verification number of the user currently stored in the server 101 .

若否,则进入步骤S23;若是,则进入步骤S24。If no, go to step S23; if yes, go to step S24.

S23:向所述客户端返回要求所述用户输入密码进行验证的信息。S23: Return information to the client that requires the user to input a password for verification.

基于客户端100内存储的验证号以及服务端101内存储的验证号在用户输入密码,并根据用户输入的密码验证成功并且允许所述用户登录时更新,因此,若客户端100内存储的用户的验证号与服务端101当前存储的该用户的验证号不一致,表明该用户账户在其它客户端设备上通过输入密码重新登录了。这种情况下可能是用户在其它设备通过输入密码重新登录,也存在用户密码被盗取的情况,则本步骤要求用户输入密码进行验证,用户可根据实际情况确定是否修改密码。Based on the verification number stored in the client 100 and the verification number stored in the server 101, when the user enters the password, and is updated according to the password entered by the user and the verification is successful and the user is allowed to log in, therefore, if the user stored in the client 100 The verification number of the user is inconsistent with the verification number of the user currently stored in the server 101, indicating that the user account has re-logged in by entering a password on other client devices. In this case, the user may log in again by entering the password on another device, or the user's password has been stolen. In this step, the user is required to enter the password for verification, and the user can determine whether to change the password according to the actual situation.

S25:判断所述客户端提供的用户输入的密码是否正确。S25: Determine whether the password input by the user provided by the client is correct.

在用户通过客户端100输入密码时,验证用户输入的密码是否正确。When the user inputs the password through the client terminal 100, it is verified whether the password input by the user is correct.

若是,则进入步骤S26;若否,进入步骤S27。If yes, go to step S26; if no, go to step S27.

S26:允许所述用户登录,并更新所述客户端内存储的所述用户的验证号和验证数据,以及所述服务端内存储的所述用户的验证号和验证数据。S26: Allow the user to log in, and update the verification number and verification data of the user stored in the client and the verification number and verification data of the user stored in the server.

本次访问验证成功,用户被允许登录。The access verification is successful, and the user is allowed to log in.

S27:不允许所述用户登录。本次访问用户验证失败。S27: The user is not allowed to log in. User authentication failed for this visit.

S24:向所述客户端返回提示用户修改密码的信息。S24: Return the information prompting the user to change the password to the client.

若客户端100内存储的用户的验证数据与服务端101当前存储的该用户的验证数据不一致,而客户端100内存储的用户的验证号与服务端101当前存储的该用户的验证号一致,表明服务端101内存储的验证数据已更改,可能是本客户端100内存储的验证数据被使用在其它客户端设备上登录,可能存在本客户端上的用户的验证数据和验证号被盗取的情况,则向客户端返回提示用户修改密码的信息。因此,本方法在登录异常时可以及时提示用户,提示用户及时修改密码,提高安全性。If the verification data of the user stored in the client 100 is inconsistent with the verification data of the user currently stored in the server 101, and the verification number of the user stored in the client 100 is consistent with the verification number of the user currently stored in the server 101, Indicates that the verification data stored in the server 101 has been changed, it may be that the verification data stored in the client 100 is used to log in on other client devices, and the verification data and verification number of the user on the client may have been stolen. In the case of , it will return information to the client to prompt the user to change the password. Therefore, the method can prompt the user in time when the login is abnormal, prompt the user to change the password in time, and improve the security.

进一步,在以上各实施例描述的Web应用中用户登录验证方法中,优选的,在所述客户端内存储的用户的验证数据、验证号都经过加密,在所述服务端内存储的用户的验证数据、验证号都经过加密。对客户端以及服务端内存储的用户的验证数据和验证号进行加密存储,进一步提高用户登录信息的安全性。在具体实施时,可选的,可采用安全散列算法(Secure Hash Algorithm,SHA)对验证数据和验证号加密,具体可以是SHA512,SHA512是一个很适合存储密码的散列算法,可以平衡系统的效率和安全性。散列是信息的提炼,通常其长度要比信息小得多,且为一个固定长度。加密性强的散列是不可逆的,这就意味着通过散列结果,无法推出任何部分的原始信息,可以有效提高用户登录信息的安全性。Further, in the user login verification method in the Web application described in the above embodiments, preferably, the user's verification data and verification number stored in the client are encrypted, and the user's verification number stored in the server is encrypted. The verification data and verification number are encrypted. The user's verification data and verification number stored in the client and server are encrypted and stored to further improve the security of user login information. In specific implementation, optionally, a secure hash algorithm (Secure Hash Algorithm, SHA) can be used to encrypt the verification data and verification number, specifically SHA512. SHA512 is a hash algorithm that is very suitable for storing passwords and can balance the system. efficiency and safety. Hash is the extraction of information, usually its length is much smaller than the information, and it is a fixed length. A strong cryptographic hash is irreversible, which means that no part of the original information can be derived from the hash result, which can effectively improve the security of user login information.

进一步,在以上各实施例描述的Web应用中用户登录验证方法,还包括:定期同时更新所述服务端内存储的用户的验证数据和验证号。本方法中定期地对服务端内存储的用户的验证数据和验证号同时更新,以防范用户的登录信息被破解。当用户在客户端登录时使用密码验证登录,会生成新的验证数据和验证号存入客户端中。Further, the user login verification method in the Web application described in the above embodiments further includes: periodically updating the verification data and verification number of the user stored in the server at the same time. In this method, the verification data and verification number of the user stored in the server are periodically updated at the same time, so as to prevent the user's login information from being cracked. When the user logs in with password authentication when logging in on the client, new verification data and verification number will be generated and stored in the client.

相应在上述步骤S22,当判断客户端内存储的用户的验证数据与服务端当前存储的该用户的验证数据不一致,验证失败,也可能是服务端101定期更新了存储的登录信息(包括验证数据和验证号),则同样通过后续过程要求用户输入密码进行重新验证,这样对客户端内的验证数据和验证号更新。Correspondingly in the above-mentioned step S22, when it is judged that the verification data of the user stored in the client is inconsistent with the verification data of the user currently stored in the server, and the verification fails, it may also be that the server 101 regularly updates the stored login information (including the verification data). and verification number), the user is also required to enter a password for re-authentication through the subsequent process, so that the verification data and verification number in the client are updated.

相应的,请参考图4,本发明实施例还提供一种Web应用中用户登录验证装置,包括:Correspondingly, referring to FIG. 4 , an embodiment of the present invention further provides a user login verification device in a Web application, including:

第一判断模块20,用于在接收到客户端发送的用户的会话请求时,判断所述客户端内存储的所述用户的验证数据与服务端当前存储的该用户的验证数据是否一致;The first judgment module 20 is used to judge whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server when receiving the session request of the user sent by the client;

登录模块21,用于若所述客户端内存储的所述用户的验证数据与所述服务端当前存储的该用户的验证数据一致,则验证成功,允许所述用户登录,并更新所述客户端内存储的该用户的验证数据以及所述服务端内存储的该用户的验证数据;The login module 21 is used for if the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, the verification is successful, the user is allowed to log in, and the client is updated The verification data of the user stored in the terminal and the verification data of the user stored in the server;

第二判断模块22,用于若所述客户端内存储的所述用户的验证数据与所述服务端当前存储的该用户的验证数据不一致,判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号是否一致;The second judgment module 22 is configured to judge the authentication data of the user stored in the client if the authentication data of the user stored in the client is inconsistent with the authentication data of the user currently stored in the server Whether the number is consistent with the verification number of the user currently stored by the server;

第一提示模块23,用于若所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号不一致,则向所述客户端返回要求所述用户输入密码进行验证的信息,所述客户端内存储的用户的验证号以及所述服务端内存储的用户的验证号,在根据用户输入的密码验证成功并且允许所述用户登录时进行更新。The first prompting module 23 is configured to return to the client and request the user to input a password if the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored in the server The verification information, the user's verification number stored in the client and the user's verification number stored in the server, are updated when the verification is successful according to the password input by the user and the user is allowed to log in.

可以看出,本实施例Web应用中用户登录验证装置,在接收到客户端发送的用户的会话请求时,首先第一判断模块根据客户端内存储的所述用户的验证数据,验证用户是否被允许登录;若客户端内存储的用户的验证数据与服务端当前存储的该用户的验证数据一致,则登录模块允许用户登录,并更新客户端内存储的该用户的验证数据以及服务端内存储的该用户的验证数据;若不一致则验证失败,第二判断模块判断客户端内存储的用户的验证号与服务端当前存储的该用户的验证号是否一致,在不一致时,第一提示模块向客户端返回要求用户输入密码进行验证的信息。It can be seen that, when the user login verification device in the web application of this embodiment receives the session request of the user sent by the client, the first judgment module firstly verifies whether the user is authenticated according to the verification data of the user stored in the client. Allow login; if the user's verification data stored in the client is consistent with the user's verification data currently stored in the server, the login module allows the user to log in, and updates the user's verification data stored in the client and the server. The verification data of the user; if it is inconsistent, the verification fails, and the second judgment module judges whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server. The client returns information that requires the user to enter a password for authentication.

本实施例Web应用中用户登录验证装置,首先通过客户端内存储的验证数据和验证号对用户验证,不需要用户每次访问时都需要输入密码,并且在客户端内不需要存储用户的密码,保障了用户登录信息的安全性,与现有技术相比提高了用户登录的安全性。The user login verification device in the Web application of this embodiment firstly verifies the user through the verification data and verification number stored in the client, without requiring the user to enter a password every time he accesses, and does not need to store the user's password in the client , the security of user login information is guaranteed, and the security of user login is improved compared with the prior art.

进一步的,请参考图5,在本实施例Web应用中用户登录验证装置中,还包括:Further, please refer to FIG. 5 , in the user login verification device in the Web application of this embodiment, it also includes:

第三判断模块24,用于判断所述客户端提供的用户输入的密码是否正确;The third judgment module 24 is used for judging whether the password input by the user provided by the client is correct;

所述登录模块21还用于若所述客户端提供的用户输入的密码正确,则允许所述用户登录,并更新所述客户端内存储的所述用户的验证号和验证数据,以及所述服务端内存储的所述用户的验证号和验证数据;若否,则不允许所述用户登录。The login module 21 is further configured to allow the user to log in if the password input by the user provided by the client is correct, and update the verification number and verification data of the user stored in the client, and the The verification number and verification data of the user stored in the server; if not, the user is not allowed to log in.

在用户通过客户端100输入密码时,验证用户输入的密码是否正确。若密码正确,则本次访问验证成功,用户被允许登录,并更新客户端内存储的用户的验证号和验证数据,以及服务端内存储的用户的验证号和验证数据。若密码错误,则本次访问用户登录失败。When the user inputs the password through the client terminal 100, it is verified whether the password input by the user is correct. If the password is correct, the access verification is successful, the user is allowed to log in, and the user's verification number and verification data stored in the client and the user's verification number and verification data stored in the server are updated. If the password is incorrect, the login of the access user will fail.

本实施例Web应用中用户登录验证装置中,还包括:In this embodiment, the user login verification device in the Web application further includes:

第二提示模块25,用于若判断所述客户端内存储的所述用户的验证号与所述服务端当前存储的该用户的验证号不一致,则向所述客户端返回提示用户修改密码的信息。The second prompting module 25 is configured to return to the client a message prompting the user to change the password if it is determined that the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored in the server information.

若客户端100内存储的用户的验证数据与服务端101当前存储的该用户的验证数据不一致,而客户端100内存储的用户的验证号与服务端101当前存储的该用户的验证号一致,表明服务端101内存储的验证数据已更改,可能是本客户端100内存储的验证数据被使用在其它客户端设备上登录,可能存在本客户端上的用户的登录信息,包括验证数据和验证号被盗取的情况,则向客户端返回提示用户修改密码的信息。因此,本装置在登录异常时可以及时提示用户,提示用户及时修改密码,提高安全性。If the verification data of the user stored in the client 100 is inconsistent with the verification data of the user currently stored in the server 101, and the verification number of the user stored in the client 100 is consistent with the verification number of the user currently stored in the server 101, Indicates that the verification data stored in the server 101 has been changed. It may be that the verification data stored in the client 100 is used to log in on other client devices. There may be user login information on the client, including verification data and verification. If the number is stolen, it will return to the client a message prompting the user to change the password. Therefore, the device can prompt the user in time when the login is abnormal, prompt the user to change the password in time, and improve the security.

进一步优选的,本实施例Web应用中用户登录验证装置中,还包括:更新模块,用于定期同时更新所述服务端内存储的用户的验证数据和验证号。本装置中定期地对服务端内存储的用户的验证数据和验证号同时更新,以防范用户的登录信息被破解。当用户在客户端登录时使用密码验证登录,会生成新的验证数据和验证号存入客户端中。Further preferably, the user login verification device in the web application of this embodiment further includes: an update module for periodically updating the verification data and verification number of the user stored in the server at the same time. The device periodically updates the user's verification data and verification number stored in the server at the same time, so as to prevent the user's login information from being cracked. When the user logs in with password authentication when logging in on the client, new verification data and verification number will be generated and stored in the client.

进一步优选的,本实施例装置中,在所述客户端内存储的用户的验证数据、验证号都经过加密,在所述服务端内存储的用户的验证数据、验证号都经过加密。对客户端以及服务端内存储的用户的验证数据和验证号进行加密存储,进一步提高用户登录信息的安全性。在具体实施时,可选的,可采用安全散列算法(Secure Hash Algorithm,SHA)对验证数据和验证号加密,具体可以是SHA512,SHA512是一个很适合存储密码的散列算法,可以平衡系统的效率和安全性。散列是信息的提炼,通常其长度要比信息小得多,且为一个固定长度。加密性强的散列是不可逆的,这就意味着通过散列结果,无法推出任何部分的原始信息,可以有效提高用户登录信息的安全性。Further preferably, in the device of this embodiment, the user's verification data and verification number stored in the client are encrypted, and the user's verification data and verification number stored in the server are encrypted. The user's verification data and verification number stored in the client and server are encrypted and stored to further improve the security of user login information. In specific implementation, optionally, a secure hash algorithm (Secure Hash Algorithm, SHA) can be used to encrypt the verification data and verification number, specifically SHA512. SHA512 is a hash algorithm that is very suitable for storing passwords and can balance the system. efficiency and safety. Hash is the extraction of information, usually its length is much smaller than the information, and it is a fixed length. A strong cryptographic hash is irreversible, which means that no part of the original information can be derived from the hash result, which can effectively improve the security of user login information.

以上对本发明所提供的一种Web应用中用户登录验证方法及装置进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The method and device for user login verification in a Web application provided by the present invention have been described above in detail. The principles and implementations of the present invention are described herein by using specific examples, and the descriptions of the above embodiments are only used to help understand the method and the core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principle of the present invention, several improvements and modifications can also be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (10)

1. A user login verification method in a Web application is characterized by comprising the following steps:
when a session request of a user sent by a client is received, judging whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in a server;
if so, the authentication is successful, the user is allowed to log in, and the authentication data of the user stored in the client and the authentication data of the user stored in the server are updated;
if not, the verification fails, and whether the verification number of the user stored in the client is consistent with the verification number of the user currently stored in the server is judged;
if not, returning information for requiring the user to input the password for verification to the client, wherein the verification number of the user stored in the client and the verification number of the user stored in the server are updated when the verification is successful according to the password input by the user and the user is allowed to log in; and if so, returning information for prompting the user to modify the password to the client.
2. The method of claim 1, further comprising: judging whether the password input by the user provided by the client is correct or not;
if so, allowing the user to log in, and updating the authentication number and the authentication data of the user stored in the client, and the authentication number and the authentication data of the user stored in the server;
if not, the user is not allowed to log in.
3. The method of claim 1, further comprising: and if the verification number of the user stored in the client is judged to be inconsistent with the verification number of the user currently stored in the server, returning information for prompting the user to modify the password to the client.
4. The method of claim 1, further comprising: and updating the verification data and the verification number of the user stored in the server at the same time regularly.
5. The method according to any one of claims 1 to 4, wherein the authentication data and the authentication number of the user stored in the client are encrypted, and the authentication data and the authentication number of the user stored in the server are encrypted.
6. A user login authentication apparatus for a Web application, comprising:
the first judgment module is used for judging whether the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server or not when receiving a session request of the user sent by the client;
the login module is used for successfully verifying the user if the verification data of the user stored in the client is consistent with the verification data of the user currently stored in the server, allowing the user to login and updating the verification data of the user stored in the client and the verification data of the user stored in the server;
the second judgment module is used for judging whether the verification number of the user stored in the client side is consistent with the verification number of the user currently stored in the server side or not if the verification data of the user stored in the client side is inconsistent with the verification data of the user currently stored in the server side;
the first prompting module is used for returning information for requiring the user to input a password for verification to the client if the verification number of the user stored in the client is inconsistent with the verification number of the user currently stored in the server, and the verification number of the user stored in the client and the verification number of the user stored in the server are updated when the verification is successful according to the password input by the user and the user is allowed to log in; and if the authentication number of the user stored in the client is consistent with the authentication number of the user currently stored in the server, returning information for prompting the user to modify the password to the client.
7. The apparatus for authenticating user login in a Web application according to claim 6, further comprising:
the third judging module is used for judging whether the password input by the user and provided by the client is correct or not;
the login module is also used for allowing the user to log in if the password input by the user provided by the client is correct, updating the authentication number and the authentication data of the user stored in the client, and updating the authentication number and the authentication data of the user stored in the server; if not, the user is not allowed to log in.
8. The apparatus for authenticating user login in a Web application according to claim 6, further comprising:
and the second prompting module is used for returning information for prompting the user to modify the password to the client if the verification number of the user stored in the client is judged to be inconsistent with the verification number of the user currently stored in the server.
9. The apparatus for authenticating user login in a Web application according to claim 6, further comprising:
and the updating module is used for updating the verification data and the verification number of the user stored in the server at the same time regularly.
10. The apparatus according to any one of claims 6 to 9, wherein the authentication data and the authentication number of the user stored in the client are encrypted, and the authentication data and the authentication number of the user stored in the server are encrypted.
CN201710765991.6A 2017-08-30 2017-08-30 A method and device for user login verification in a web application Active CN107483466B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710765991.6A CN107483466B (en) 2017-08-30 2017-08-30 A method and device for user login verification in a web application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710765991.6A CN107483466B (en) 2017-08-30 2017-08-30 A method and device for user login verification in a web application

Publications (2)

Publication Number Publication Date
CN107483466A CN107483466A (en) 2017-12-15
CN107483466B true CN107483466B (en) 2020-11-24

Family

ID=60603403

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710765991.6A Active CN107483466B (en) 2017-08-30 2017-08-30 A method and device for user login verification in a web application

Country Status (1)

Country Link
CN (1) CN107483466B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113221083B (en) * 2021-06-02 2023-05-16 湖北央中巨石信息技术有限公司 Block chain user session caching method capable of improving server performance

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025748A (en) * 2011-01-04 2011-04-20 深信服网络科技(深圳)有限公司 Method, device and system for acquiring user name of Kerberos authentication mode
CN104394141A (en) * 2014-11-21 2015-03-04 南京邮电大学 Unified authentication method based on distributed file system
CN106357686A (en) * 2016-10-26 2017-01-25 中企动力科技股份有限公司 Single-point authentication method and single-point authentication system
CN106933984A (en) * 2017-02-20 2017-07-07 周长英 The dispatching method and system of a kind of distributed file system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6993652B2 (en) * 2001-10-05 2006-01-31 General Instrument Corporation Method and system for providing client privacy when requesting content from a public server
CN105354482B (en) * 2015-12-09 2018-05-01 浪潮(北京)电子信息产业有限公司 A kind of single-point logging method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025748A (en) * 2011-01-04 2011-04-20 深信服网络科技(深圳)有限公司 Method, device and system for acquiring user name of Kerberos authentication mode
CN104394141A (en) * 2014-11-21 2015-03-04 南京邮电大学 Unified authentication method based on distributed file system
CN106357686A (en) * 2016-10-26 2017-01-25 中企动力科技股份有限公司 Single-point authentication method and single-point authentication system
CN106933984A (en) * 2017-02-20 2017-07-07 周长英 The dispatching method and system of a kind of distributed file system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于单点登录的开源课程群系统;陈云芳 等;《中国教育信息化》;20110610(第11期);第37-40页 *

Also Published As

Publication number Publication date
CN107483466A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
CN106612180B (en) Method and device for realizing session identification synchronization
US10009340B2 (en) Secure, automatic second factor user authentication using push services
RU2718237C2 (en) Systems and methods for authenticating online user using secure authorization server
JP5658745B2 (en) HTTP-based authentication
US9736131B2 (en) Secure login for subscriber devices
US10225260B2 (en) Enhanced authentication security
US10530763B2 (en) Late binding authentication
CN101699820B (en) Method and device for authenticating dynamic passwords
US20130297933A1 (en) Mobile enterprise smartcard authentication
KR101451359B1 (en) User account recovery
KR101516881B1 (en) User authentication method and apparatus
CN106161348B (en) Method, system and terminal for single sign-on
EP2798772A1 (en) Web authentication using client platform root of trust
CN104202162A (en) System for login based on mobile phone and login method
CN112600831B (en) Network client identity authentication system and method
CN106375348B (en) Portal authentication method and device
EP4376357A1 (en) Web authentication for native application
CN108076077A (en) A kind of conversation controlling method and device
CN105681350B (en) One kind is based on the similar zero interaction two-factor authentication system and method for environment
US8832812B1 (en) Methods and apparatus for authenticating a user multiple times during a session
EP2775658A2 (en) A password based security method, systems and devices
EP3036674B1 (en) Proof of possession for web browser cookie based security tokens
JP2009003501A (en) One-time password authentication system
CN107483466B (en) A method and device for user login verification in a web application
KR101637155B1 (en) A system providing trusted identity management service using trust service device and its methods of operation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201104

Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Address before: 450018 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601

Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Building 9, No.1, guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Wuzhong District, Suzhou City, Jiangsu Province

Patentee after: Suzhou Yuannao Intelligent Technology Co.,Ltd.

Country or region after: China

Address before: Building 9, No.1, guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Wuzhong District, Suzhou City, Jiangsu Province

Patentee before: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address