CN112511563A - Method for logging in terminal equipment by cloud user - Google Patents
Method for logging in terminal equipment by cloud user Download PDFInfo
- Publication number
- CN112511563A CN112511563A CN202011532395.1A CN202011532395A CN112511563A CN 112511563 A CN112511563 A CN 112511563A CN 202011532395 A CN202011532395 A CN 202011532395A CN 112511563 A CN112511563 A CN 112511563A
- Authority
- CN
- China
- Prior art keywords
- token
- cloud
- user
- security token
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 230000007246 mechanism Effects 0.000 claims abstract description 7
- 238000012545 processing Methods 0.000 abstract description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method for a cloud user to log in a terminal device, wherein the terminal device initiates a login request to a cloud; the cloud end creates a security token and an associated token; the cloud initiates a request for creating a token cache pool to the database; the cloud returns the created security token to the terminal equipment; the terminal equipment sends a service request to the cloud and reports a security token; and the cloud end carries out validity check on the reported arrangement token, and returns to resend the login request, returns to the associated token or triggers a terminal equipment locking mechanism according to a check result. The method includes the steps that a token cache pool is maintained for a cloud user and is arranged in an area in the token cache pool; maintaining a token cache pool; after the terminal equipment initiates a service request, the user security token carried by the terminal equipment is verified according to the token cache pool, the validity period and identity validity of the security token are judged, the safety and reliability of service processing of the cloud user on the same terminal equipment are maintained, and the risk of the user is reduced.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method for a cloud user to log in a terminal device.
Background
Under the combined promotion of the internet of things technology and the internet cloud service, the terminal equipment tends to be more intelligent. In the process of realizing data interaction with the cloud, the terminal equipment needs a legal identity, namely a cloud user, and maintaining the validity of the cloud user is a problem facing both the terminal equipment and the cloud. In this case, the user identity has the dual attributes of the cloud and the device, and faces a relatively complicated technical problem, most notably security and communication interaction between the cloud user and the device. In consideration of the service level, the safe login of the cloud user on the terminal equipment is realized, and the disorder and the conflict of service data can be avoided; in view of the security of the user information and the uniqueness of the user information, the user needs to limit the login of the user on a plurality of devices to ensure the security of the user information and the legality of the business operation. The prior art does not have a safe and efficient login method capable of meeting the requirements of safe login and business operation of a cloud user on terminal equipment.
Disclosure of Invention
The invention aims to provide a method for logging in a terminal device by a cloud user, which is used for solving the problem that no safe and efficient login method capable of meeting the login safety and business operation of the cloud user in the terminal device exists in the prior art.
The invention solves the problems through the following technical scheme:
a method for a cloud user to log in at a terminal device comprises the following steps:
step S100: the terminal equipment sends a login request to the cloud, wherein the login request comprises an equipment SN number, a user account and a password;
step S200: the cloud checks the legality of the user name, the equipment SN and the password in the login request, after the user name, the equipment SN and the password are checked, corresponding user information is inquired, a security token and an associated token are created according to the user information, whether login is carried out for the first time or not is judged according to the user information, and if yes, the step S300 is carried out; otherwise, entering step S400;
step S300: the cloud initiates a request for creating a token cache pool to the database, wherein the token cache pool is used for storing a security token, an association token, a corresponding relation between the security token and the association token, and a corresponding relation between the security token and a service identifier and a user name of the terminal equipment; the method comprises the steps that a token cache pool is established by a database, and a security token and an associated token which are established by the first login of a cloud are pushed into a security token area in the token cache pool; the cloud returns the created security token to the terminal equipment;
step S400: judging whether the user account logs in a plurality of different terminal devices in a short period or not according to the device SN number in the login request, if so, generating an interception token according to the terminal device information, and storing the interception token in an interception token area in a token cache pool; otherwise, updating the security token in the token cache pool as the created security token, writing the created security token in the last login into an invalid token queue, and returning the security token to the terminal equipment;
step S500: the terminal equipment sends a service request to the cloud and reports a security token; and the cloud end carries out validity check on the reported arrangement token, and returns to resend the login request, returns to the associated token or triggers a terminal equipment locking mechanism according to a check result.
The security token is a BASE64 standard character string obtained by encrypting hidden information, and the hidden information comprises an encryption password message and the valid time of the security token.
The association token is a BASE64 standard character string obtained by encrypting user information, and the user information comprises a cloud user name, a cloud user type, a device SN and cloud user information related to terminal device service.
The security token and the associated token are in one-to-one correspondence and have the same valid time.
The validity check in step S500 specifically includes:
the method comprises the steps that a security token reported by the terminal equipment is intercepted by the cloud end, and the security token, the interception token and the invalid token of a user in a token cache pool are inquired according to a user account;
if the security token of the user in the token cache pool is empty, returning security token failure information to the terminal equipment to remind the cloud user to initiate a login request again;
if the security token of the user in the token cache pool is not empty, comparing the security token of the user in the token cache pool with the reported security token, if the security token of the user is matched with the reported security token, checking to pass, releasing the limit for the service request of the terminal equipment, acquiring the associated token of the security token, and providing help for the service request; otherwise, judging whether the reported security token is in the interception token of the token cache pool, if so, triggering a terminal equipment locking mechanism, otherwise, returning security token failure information to the terminal equipment, and reminding the cloud user to initiate a login request again.
Compared with the prior art, the invention has the following advantages and beneficial effects:
the method includes the steps that a token cache pool is maintained for a cloud user logging in a terminal device, areas of security tokens, interception tokens and invalid tokens in the token cache pool are specified, the interception tokens are illegal tokens, the invalid tokens are expired tokens, the same cloud user account number logs in different terminal devices, the token cache pool is maintained, and the corresponding security token and the corresponding interception token areas are updated; after the terminal equipment initiates a service request, the user security token carried by the terminal equipment is verified according to the token cache pool, the validity period and identity validity of the security token are judged, and a limit rule is set for login of a cloud user account in different terminal equipment, so that the safety and reliability of service processing of the cloud user on the same terminal equipment are maintained, the risk of the user is reduced, and meanwhile, the terminal equipment is more intelligent in the internet security mechanism.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a diagram of partitioned storage tokens in a token cache pool according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples, but the embodiments of the present invention are not limited thereto.
Example (b):
with reference to fig. 1 and fig. 2, a method for a cloud user to log in a terminal device includes the following steps:
step S101, a cloud user initiates a login request at a terminal device for the first time, the cloud establishes and initializes a token cache pool, establishes a security token and pushes the security token into a region 1, and simultaneously establishes an associated token (associated token 1) of the security token, and the terminal device initiates the login request to the cloud according to a user name, a password and a device SN number which are input; the cloud end intercepts user information reported by the terminal equipment, and after the user name, the SN number and the like are verified, the legality of the password is verified; if the password is illegal, returning a prompt message of password error to the terminal equipment; if the password is legal, acquiring necessary basic data; creating a security token and an associated token according to the basic necessary data; splicing an SN number of a terminal device and a cloud user name as keys, initiating a request for creating a token cache pool and initializing the token cache pool to a noSql database by taking a security token as a value, and caching an associated token by taking the security token as a key and taking an associated token as a value; and returning the created latest security token and other cloud user data required by the terminal equipment service to the terminal equipment in a message.
S102, when the terminal device logs in for a non-first time, the cloud user maintains various types of tokens in the token cache pool, and for the same cloud user account, two maintenance modes of logging in the same device and different devices are divided. Firstly, analyzing according to the device SN number in the login message reported by the terminal device, analyzing the device SN number from the security token created by the last login of the user, comparing the two device SNs, if the matching is successful, maintaining a token cache pool according to the same terminal device mode, if the matching is unsuccessful, triggering different terminal device modes, and maintaining the corresponding token cache pool.
Same terminal device mode: replacing the security token in the token cache pool with a user security token created by the login, storing an associated token corresponding to the security token, and returning a login message to the terminal equipment;
in a plurality of terminal equipment modes, when the matching of the SN numbers of the equipment fails, the security token in the token cache pool is replaced by the security token of the user created by the login, the created security token of the previous login is pushed into an area 3 in the token cache pool, namely the position of an invalid token, and a login message containing the created security token is returned to the terminal equipment; if the same cloud user continuously logs in the multiple devices in a short time, the same cloud user is regarded as malicious operation, protection mechanisms of the cloud user and the terminal device are triggered, all illegal login interception is recorded to the area 2, namely the position of the interception token, and login and service requests of the terminal devices are intercepted at the outermost layer of the whole system and service.
The following is token verification of the service request, which does not involve maintenance of a token cache pool, and specifically includes:
s103, the terminal device carries the security token obtained by the latest login, initiates a service request to the cloud, and waits for a cloud response message.
S104, intercepting a service request initiated by terminal equipment by a cloud end, checking the validity and validity of a security token carried in the service request, firstly comparing the requested security token with the security token in the area 1 of a token cache pool, if the comparison is successful, checking to pass, and entering core service logic for the service request; if the comparison fails, the security token in the request is compared with the invalid token in the area 3 of the token cache pool, if the comparison succeeds, the token carried by the request is overdue, a message with the overdue login is returned to the terminal equipment, and the terminal equipment is prompted to log in again; if the comparison fails, the security token in the request is compared with the interception token in the area 2 of the token cache pool, and if the matching succeeds, the terminal equipment returns the token as a malicious token, limits login of the equipment and warns that the service request is illegal; if the comparison fails, the security token carried by the service request is judged to be an error token or a token which does not conform to the agreed rule, a message is returned to the terminal equipment, and the terminal equipment is reminded to reconfirm the information such as the cloud user name and the password and to log in again.
S105, the terminal device obtains the service response message returned by the cloud, analyzes the message content according to the agreed protocol specification, and triggers the subsequent service operation of the terminal device.
Although the present invention has been described herein with reference to the illustrated embodiments thereof, which are intended to be preferred embodiments of the present invention, it is to be understood that the invention is not limited thereto, and that numerous other modifications and embodiments can be devised by those skilled in the art that will fall within the spirit and scope of the principles of this disclosure.
Claims (5)
1. A method for logging in a cloud user at a terminal device is characterized by comprising the following steps:
step S100: the terminal equipment sends a login request to the cloud, wherein the login request comprises an equipment SN number, a user account and a password;
step S200: the cloud checks the legality of the user name, the equipment SN and the password in the login request, after the user name, the equipment SN and the password are checked, corresponding user information is inquired, a security token and an associated token are created according to the user information, whether login is carried out for the first time or not is judged according to the user information, and if yes, the step S300 is carried out; otherwise, entering step S400;
step S300: the cloud initiates a request for creating a token cache pool to the database, wherein the token cache pool is used for storing a security token, an association token, a corresponding relation between the security token and the association token, and a corresponding relation between the security token and a service identifier and a user name of the terminal equipment; the method comprises the steps that a token cache pool is established by a database, and a security token and an associated token which are established by the first login of a cloud are pushed into a security token area in the token cache pool; the cloud returns the created security token to the terminal equipment;
step S400: judging whether the user account logs in a plurality of different terminal devices in a short period or not according to the device SN number in the login request, if so, generating an interception token according to the terminal device information, and storing the interception token in an interception token area in a token cache pool; otherwise, updating the security token in the token cache pool as the created security token, writing the created security token in the last login into an invalid token queue, and returning the security token to the terminal equipment;
step S500: the terminal equipment sends a service request to the cloud and reports a security token; and the cloud end carries out validity check on the reported arrangement token, and returns to resend the login request, returns to the associated token or triggers a terminal equipment locking mechanism according to a check result.
2. The method of claim 1, wherein the security token is a BASE64 standard character string obtained by encrypting hidden information, and the hidden information includes an encryption password message and a security token valid time.
3. The method of claim 1, wherein the association token is a BASE64 standard string obtained by encrypting user information, and the user information includes a cloud user name, a cloud user type, a device SN, and cloud user information related to a service of the terminal device.
4. The method of claim 1, wherein the security token and the association token are in a one-to-one correspondence relationship and have the same valid time.
5. The method according to claim 1, wherein the validity check in step S500 specifically includes:
the method comprises the steps that a security token reported by the terminal equipment is intercepted by the cloud end, and the security token, the interception token and the invalid token of a user in a token cache pool are inquired according to a user account;
if the security token of the user in the token cache pool is empty, returning security token failure information to the terminal equipment to remind the cloud user to initiate a login request again;
if the security token of the user in the token cache pool is not empty, comparing the security token of the user in the token cache pool with the reported security token, if the security token of the user is matched with the reported security token, checking to pass, releasing the limit for the service request of the terminal equipment, acquiring the associated token of the security token, and providing help for the service request; otherwise, judging whether the reported security token is in the interception token of the token cache pool, if so, triggering a terminal equipment locking mechanism, otherwise, returning security token failure information to the terminal equipment, and reminding the cloud user to initiate a login request again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011532395.1A CN112511563A (en) | 2020-12-22 | 2020-12-22 | Method for logging in terminal equipment by cloud user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011532395.1A CN112511563A (en) | 2020-12-22 | 2020-12-22 | Method for logging in terminal equipment by cloud user |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112511563A true CN112511563A (en) | 2021-03-16 |
Family
ID=74921858
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011532395.1A Pending CN112511563A (en) | 2020-12-22 | 2020-12-22 | Method for logging in terminal equipment by cloud user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112511563A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208582A (en) * | 2022-07-14 | 2022-10-18 | 中国银行股份有限公司 | Terminal equipment verification method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980400A (en) * | 2014-04-08 | 2015-10-14 | 深圳市腾讯计算机系统有限公司 | Login access control method and login access control server |
| CN107147644A (en) * | 2017-05-10 | 2017-09-08 | 四川长虹电器股份有限公司 | It is a kind of to realize the method that mobile APP user logs in single equipment |
| US20180012012A1 (en) * | 2010-11-02 | 2018-01-11 | Ca, Inc. | System and method for controlling state tokens |
| CN109379192A (en) * | 2018-09-21 | 2019-02-22 | 广州小鹏汽车科技有限公司 | A kind of login authentication processing method, system and device |
-
2020
- 2020-12-22 CN CN202011532395.1A patent/CN112511563A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180012012A1 (en) * | 2010-11-02 | 2018-01-11 | Ca, Inc. | System and method for controlling state tokens |
| CN104980400A (en) * | 2014-04-08 | 2015-10-14 | 深圳市腾讯计算机系统有限公司 | Login access control method and login access control server |
| CN107147644A (en) * | 2017-05-10 | 2017-09-08 | 四川长虹电器股份有限公司 | It is a kind of to realize the method that mobile APP user logs in single equipment |
| CN109379192A (en) * | 2018-09-21 | 2019-02-22 | 广州小鹏汽车科技有限公司 | A kind of login authentication processing method, system and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208582A (en) * | 2022-07-14 | 2022-10-18 | 中国银行股份有限公司 | Terminal equipment verification method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107147644B (en) | Method for realizing login of mobile APP user in single device | |
| CN110445612B (en) | Method and system for enhancing login credential security via blockchain | |
| JP6730520B2 (en) | Immutable database supported by a cryptographically protected ledger | |
| US8515847B2 (en) | System and method for password-free access for validated users | |
| US20190190723A1 (en) | Authentication system and method, and user equipment, authentication server, and service server for performing same method | |
| WO2021130586A1 (en) | Destination addressing for transactions associated with a distributed ledger | |
| US8990567B2 (en) | Message originator token verification | |
| CN113452531A (en) | Data transmission method and device | |
| US7665127B1 (en) | System and method for providing access to protected services | |
| US11005853B1 (en) | Restriction transitivity for session credentials | |
| CN111182547B (en) | Login protection method, device and system | |
| KR102620268B1 (en) | Blockchain - based phishing prevention system, apparatus, and method thereof | |
| US11570168B2 (en) | Techniques for repeat authentication | |
| CN114268450B (en) | API interface authentication method and system | |
| CN103001770A (en) | A user verification method, server and system | |
| CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
| KR101879843B1 (en) | Authentication mehtod and system using ip address and short message service | |
| CN112511563A (en) | Method for logging in terminal equipment by cloud user | |
| CN110084031B (en) | Method for security authentication of information system account with customizable authentication logic | |
| CN112948783B (en) | Client login management method and device, server and storage medium | |
| US11271920B2 (en) | Method and system for account security of recycled phone numbers | |
| US10708301B2 (en) | Method of, and apparatus for, secure online electronic communication | |
| CN115250204B (en) | Method and system for centralized processing login authentication | |
| CN114500025B (en) | Account identifier acquisition method, device, server and storage medium | |
| US12294568B2 (en) | Connectionless-virtual private network for secure cloud to user communication over the internet using a plurality of servers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210316 |
|
| RJ01 | Rejection of invention patent application after publication |