CN120750634A

CN120750634A - Method for generating default password, method, device and equipment for user authentication

Info

Publication number: CN120750634A
Application number: CN202511145167.1A
Authority: CN
Inventors: 李光达; 李超
Original assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Current assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Filing date: 2025-08-15
Publication date: 2025-10-03

Abstract

The present application provides a method for generating a default password, a method, an apparatus, and a device for performing user authentication, which can be applied to the field of user authentication and default password technology. The method for generating a default password includes: determining a preset default plaintext based on default password information, the default password information including an encryption timestamp field, an encryption algorithm identification field, and a ciphertext field; obtaining a default password based on the preset default plaintext and the current date; performing a first encryption on the default password using an encryption algorithm indicated by the encryption algorithm identification field; performing a second encryption on the first-encrypted default password based on the current timestamp to obtain a target ciphertext; and updating the encryption timestamp field and the ciphertext field based on the current timestamp and the target ciphertext, respectively.

Description

Method for generating default password, method, device and equipment for user authentication

Technical Field

The present application relates to the field of user authentication and default passwords, and more particularly, to a method for generating a default password, and a method, apparatus and device for performing user authentication.

Background

In a security protection mechanism of an electronic device, setting of a default password is a key link affecting the security of the device. The device manufacturer typically presets a default password for the electronic device to enable quick access by the user when first used.

However, the related default passwords for the electronic devices have the problems of simple password structure, easiness in cracking and leakage, low security and the like, and potential safety hazards can be buried in the electronic devices.

Disclosure of Invention

In view of the foregoing, the present application provides a method for generating a default password, a method, an apparatus and a device for performing user authentication, and further provides a storage medium and a program product.

According to one aspect of the application, a method for generating a default cipher is provided, which comprises the steps of determining a default plaintext based on default cipher information, wherein the default cipher information comprises a time stamp field for encryption, an encryption algorithm identification field and a ciphertext field, obtaining a default cipher according to the default plaintext and the current date, the default cipher being used for user verification, using an encryption algorithm indicated by the encryption algorithm identification field to perform first encryption on the default cipher, performing second encryption on the default cipher subjected to the first encryption according to the current time stamp to obtain a target ciphertext, and updating the time stamp field for encryption and the ciphertext field respectively based on the current time stamp and the target ciphertext.

The application provides a user authentication method, which comprises the steps of responding to the authentication password received from a user, obtaining default password information, wherein the default password information comprises an encryption timestamp field, an encryption algorithm identification field and a ciphertext field, performing third decryption on the ciphertext field by using a timestamp indicated by the encryption timestamp field, performing fourth decryption on the ciphertext field subjected to third decryption by using an encryption algorithm indicated by the encryption algorithm identification field to obtain a default password used for authentication, and performing consistency authentication on the authentication password based on the default password used for authentication to obtain an authentication result.

The application provides a device for generating a default password, which comprises a first determining module, a second determining module, a first encrypting module, a second encrypting module and an updating module, wherein the first determining module is used for determining a default plaintext based on default password information, the default password information comprises a timestamp field for encryption, an encryption algorithm identification field and a ciphertext field, the second determining module is used for obtaining the default password according to the default plaintext and the current date, the default password is used for user verification, the first encrypting module is used for carrying out first encryption on the default password by using an encryption algorithm indicated by the encryption algorithm identification field, the second encrypting module is used for carrying out second encryption on the default password subjected to first encryption according to the current timestamp so as to obtain a target ciphertext, and the updating module is used for respectively updating the timestamp field for encryption and the ciphertext field based on the current timestamp and the target ciphertext.

The application provides a device for user verification, which comprises a second acquisition module, a third decryption module, a fourth decryption module and a verification module, wherein the second acquisition module is used for acquiring default password information in response to receiving a verification password from a user, the default password information comprises a timestamp field for encryption, an encryption algorithm identification field and a ciphertext field, the third decryption module is used for performing third decryption on the ciphertext field by using a timestamp indicated by the timestamp field for encryption, the fourth decryption module is used for performing fourth decryption on the ciphertext field subjected to the third decryption by using an encryption algorithm indicated by the encryption algorithm identification field to obtain a default password for verification, and the verification module is used for performing consistency verification on the verification password based on the default password for verification to obtain a verification result.

In another aspect, the application provides an electronic device comprising one or more processors and a memory for storing one or more computer programs, wherein the one or more processors execute the one or more computer programs to implement the steps of the method.

Another aspect of the application also provides a computer readable storage medium having stored thereon a computer program or instructions which when executed by a processor performs the steps of the above method.

Another aspect of the application also provides a computer program product comprising a computer program or instructions which, when executed by a processor, performs the steps of the method described above.

According to the embodiment of the application, the default password of the target electronic equipment can be obtained according to the preset default plaintext and the current date, and the default password can be generated in real time according to the starting date after the target electronic equipment is powered on each time, so that the default password of the target electronic equipment is not fixed but dynamically updated along with the current date. The generated default password comprises a CODE part which can be customized according to a user and a DATE part which can be floated according to a DATE, so that a high risk mode that the default passwords of the same manufacturer and the same type of electronic equipment products are consistent is changed, and the security of the default password and the electronic equipment can be remarkably improved. And the target ciphertext is obtained by performing double dynamic encryption operation on the newly generated default password (plaintext) according to the encryption algorithm and the current timestamp, so that the security of the default password and the electronic equipment can be further improved. Therefore, even if the user does not update the default password, the default password for user authentication still has higher complexity and security, and the convenience of use of the user is not affected.

Drawings

The foregoing and other objects, features and advantages of the application will be apparent from the following description of embodiments of the application, which is to be read in connection with the accompanying drawings.

Fig. 1 shows an application scenario diagram of a method for generating a default password, a method for performing user authentication, and corresponding apparatuses, devices, media and program products according to an embodiment of the present application.

Fig. 2 shows a flow chart of a method of generating a default password according to an embodiment of the application.

Fig. 3 shows a data flow diagram associated with a radio wave receiving module according to one embodiment of the application.

Fig. 4 shows a flow chart of a method of user authentication according to an embodiment of the application.

FIG. 5 is a flow chart of generating a default password and performing user authentication according to an embodiment of the application.

Fig. 6 shows a block diagram of an apparatus for generating a default password according to an embodiment of the present application.

Fig. 7 shows a block diagram of a device for user authentication according to an embodiment of the present application.

Fig. 8 shows a block diagram of an electronic device adapted to implement a method of generating a default password and/or a method of user authentication according to an embodiment of the application.

Detailed Description

Hereinafter, embodiments of the present application will be described with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the application. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the application. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present application.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

In the technical scheme of the application, the related user information (including but not limited to user personal information, user image information, user equipment information, such as position information and the like) and data (including but not limited to data for analysis, stored data, displayed data and the like) are information and data authorized by a user or fully authorized by all parties, and the related data are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all comply with related laws and regulations and standards, necessary security measures are adopted, no prejudice to the public order is provided, and corresponding operation entries are provided for the user to select authorization or rejection.

Cryptography is the discipline of studying how information is securely stored and transmitted, and it provides a technical means of encryption and decryption. The default password is used as part of the information store and its design and use must follow the principles of cryptography. For example, the default password should be of sufficient complexity to avoid being broken by simple brute force or dictionary attacks. Meanwhile, the storage and transmission of the default password also need to be in a safe way to prevent theft or tampering.

In a security protection mechanism of an electronic device, setting of a default password is a key link affecting the security of the device. The device manufacturer typically presets a default password for the electronic device to enable quick access by the user when first used. This default password must be sufficiently complex and difficult to guess to ensure the security of the device. In addition, the device manufacturer also needs to consider how to provide guidance to the user to change the default password and encourage the user to change the password immediately upon first use.

However, the related default passwords for electronic devices often have security risk problems of 1, weak passwords that some devices, software or services may use too simple default passwords that are easily broken, 2, password disclosure that if the default passwords are compromised, an attacker may use the passwords to access the user's account and data, and 3, user neglect to change that although the device manufacturer will typically provide guidelines for changing the default passwords, some users may ignore this step and continue to use the default weak passwords.

In the related art, a default password for a device may be generated, for example, by a system (e.g., CPU (Central Processing Unit, central processing unit)) converting the default password (plaintext) into a string of fixed-length byte sequences using a hash function, resulting in a default password hash value, which may be stored, for example, in a/etc/shadow file. When a user attempts to log into the system, the system prompts the user for a user name and password (which should be the default password without the user modifying the default password). The user name and password entered by the user will be captured by the system and used in the subsequent authentication process. The system hashes the password entered by the user using the same hash function as when the user set the password. This hash process generates a hash value corresponding to the user's password. The system compares the hash value of the password entered by the user with the corresponding user's password hash value stored in the/etc/shadow file. If the two are matched, the user login is successful, and if the two are not matched, the login is failed. The default passwords of the same product are consistent, the default passwords are stored in a configuration file, the configuration file is loaded when the system is started, the loading of the default password system is realized, and the system is successfully logged in when the passwords input by a user are matched with the default passwords.

In the related art, a default password loading mode is based on a configuration file, and the problems that 1, the default password is written into the configuration file for storage, and is easily searched by an attacker so as to master the configuration and validation mechanism of the default password, 2, the default passwords of the same product of the same manufacturer are the same, the confidentiality of the default password is poor, and once the attacker breaks the default password of a certain product, a huge amount of same product is affected, and huge security risks are generated.

In view of this, embodiments of the present application provide a method of generating a default password, a method of performing user authentication, and corresponding apparatuses, devices, media, and program products. The method for generating the default password comprises the steps of determining a default plaintext based on default password information, obtaining the default password according to the default plaintext and the current date, performing first encryption on the default password by using an encryption algorithm indicated by the encryption algorithm identification field, performing second encryption on the default password subjected to first encryption according to the current timestamp to obtain a target ciphertext, and updating the encryption timestamp field and the ciphertext field respectively based on the current timestamp and the target ciphertext.

As shown in fig. 1, an application scenario 100 according to this embodiment may include a target electronic device 101 and a processor 102 for the target electronic device 101. By way of example, the target electronic device 101 may comprise a processor 102, and the processor 102 may be, for example, a CPU.

The target electronic device 101 may be a variety of electronic devices having a display screen and supporting user input, including but not limited to NAS (Network Attached Storage ) devices, smartphones, tablets, laptop and desktop computers, and the like.

It should be noted that, the method for generating the default password and the method for performing user authentication provided in the embodiments of the present application may be generally performed by the target electronic device 101. Accordingly, the device for generating the default password and the device for performing user authentication provided by the embodiments of the present application may be generally disposed in the target electronic device 101, or may be the target electronic device 101.

As shown in FIG. 2, the method 200 includes operations S210-S250.

In operation S210, a preset default plaintext is determined based on default cipher information including a time stamp field for encryption, an encryption algorithm identification field, and a ciphertext field.

In operation S220, a default password is obtained according to the preset default plaintext and the current date, and the default password is used for user authentication.

In operation S230, the default password is first encrypted using the encryption algorithm indicated by the encryption algorithm identification field.

In operation S240, the default password that is first encrypted is second encrypted according to the current timestamp to obtain the target ciphertext.

In operation S250, the encryption time stamp field and the ciphertext field are updated based on the current time stamp and the target ciphertext, respectively.

According to one embodiment of the application, the default password of the target electronic device can be obtained according to the preset default plaintext and the current date. For example, the default password for the target electronic device may be designed as a structure of [ fixed CODE portion+floating DATE portion ]. Where the CODE (as the name implies the password) portion corresponds to the default plaintext described above and the DATE (as the name implies the DATE) portion corresponds to the current DATE described above. It should be noted that the CODE portion may be set according to an application scenario or a requirement of a subscriber (for example, the CODE portion may be set to be fixed as a password), which is not limited herein. The DATE part floats according to the starting DATE of the target electronic equipment.

According to one embodiment of the present application, the default cipher information may include a time stamp field for encryption, an encryption algorithm identification field, and a ciphertext field, and the CODE portion of the default cipher may be determined based on the default cipher information.

In one embodiment, the CODE portion may be fixedly set to a password, and assuming that the start-up DATE of the target electronic device is 2025, 8, 1, then the DATE portion is 20250801, and the default password may be determined to be password20250801 (plaintext) according to the CODE portion and the DATE portion. In another embodiment, the CODE portion may be fixedly set as a password, and assuming that the start-up DATE of the target electronic device is 2025, 8, and 6, the DATE portion is 20250806, and the default password may be determined to be password20250806 (plaintext) according to the CODE portion and the DATE portion.

It can be understood that the default password includes a CODE part (i.e. preset default plaintext) that can be customized according to a user and a DATE part (i.e. current DATE) that can float according to a DATE, so that the default password of the target electronic device not only supports individual customization, but also can be updated in real time along with the starting DATE of the power on, thereby changing the high risk mode that the default passwords of the same manufacturer and the same type of electronic device products are the same, and significantly improving the security of the default password and the electronic device.

According to one embodiment of the present application, after the target electronic device is powered on and booted, a default password (e.g., password 20250806) is generated in real time according to the date of the power-on and the boot. The default password20250806 will be used for user authentication. The CODE part of the default password can be informed to be fixed to the password through the use instruction of the target electronic device, and the password verification is carried out by agreeing with the user that the password is required to be input and the date when the password is started is required to be input each time the user logs in with the default password. Therefore, even if the user does not change the default password, the default password of the target electronic device still has higher complexity and security, and the convenience of the user is not affected. It should be noted that, the default password20250806 is in a plaintext form, but for security reasons, the default password cannot be directly stored in the plaintext form, so that the encryption operation needs to be performed on the default password20250806 to store the target ciphertext corresponding to the default password 20250806.

In one embodiment, a default password (e.g., password 20250806) may be first encrypted using an encryption algorithm indicated by the encryption algorithm identification field to obtain a first ciphertext. The first encrypted default cipher (i.e., the first ciphertext) may be second encrypted based on the current timestamp to obtain the target ciphertext. The current timestamp may be determined based on a current boot-up time of the target electronic device.

In one embodiment, the encryption algorithm identification field indicates an encryption algorithm, and the newly generated default cipher (plaintext) may be first encrypted according to the encryption algorithm to obtain a first ciphertext. Those skilled in the art may select an appropriate encryption algorithm (preferably, a symmetric encryption algorithm) according to actual needs or application scenarios, etc., and include, but are not limited to, AES (Advanced Encryption Standard ) algorithm, DES (Data Encryption Standard, data encryption standard) algorithm, 3DES (TRIPLE DATA Encryption Standard, triple data encryption algorithm) algorithm, RC4 algorithm (abbreviation from RIVEST CIPHER, a stream encryption algorithm), etc., which are not particularly limited herein.

A Time stamp (Timestamp) is a data format used in a computer system to record the specific Time when an event occurs, and generally represents the number of seconds or milliseconds counted from some fixed point in Time (called Epoch Time). The time stamp encryption algorithm is a symmetric encryption algorithm that encrypts data together with a time stamp so that only the person holding the key can decrypt and verify the integrity and authenticity of the data. In one embodiment, a time stamp encryption algorithm may be employed to time stamp encrypt the first ciphertext based on the current time stamp to obtain the target ciphertext.

It will be appreciated that the current timestamp will also float with the moment of start-up, in other words the second encryption described above is dynamic. And performing double dynamic encryption operation on the newly generated default password according to the encryption algorithm and the current timestamp to obtain a target ciphertext, so that the security of the default password and the electronic equipment is further improved.

In the embodiment of the application, the encryption timestamp field of the default password information can be updated based on the current timestamp. The ciphertext field of the default ciphertext information may be updated based on the target ciphertext. For example, the current timestamp may be written to the encryption timestamp field, and the target ciphertext may be written to the ciphertext field.

According to an embodiment of the present application, the default cryptographic information is part of device configuration information stored in a preset non-volatile memory of the target electronic device.

According to one embodiment of the application, the device configuration information may be VPD (Vital Product Data ) information. The VPD can be used for recording information such as part numbers, serial numbers and the like of target electronic equipment, can be used for uniquely marking software and hardware of a system, and can also be used for storing system micro-instructions.

In one embodiment, the VPD may include a read-only key portion, such as may record information such as a device part number, a device serial number, etc., and a read-write key portion, such as may record default password information and other device key information (e.g., performance parameters of the target electronic device, error codes, etc.).

According to one embodiment of the application, the predetermined non-volatile memory may be selected, for example, as an EEPROM memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY ). An EEPROM memory is a memory that does not lose data after power failure, and that retains stored information without power, and is suitable for storing default cryptographic information.

According to an embodiment of the present application, the VPD information may be used to record default password information and generate a default password for user authentication according to the default password information. Compared with a mode based on configuration file loading, the method for generating the default password can better prevent attack of an attacker.

According to an embodiment of the application, determining the preset default plaintext based on the default password information may include obtaining the default password information in response to a power-on start-up instruction for starting up the target electronic device, performing a first decryption on the ciphertext field using a historical timestamp indicated by the timestamp field for encryption, and performing a second decryption on the ciphertext field subjected to the first decryption using an encryption algorithm indicated by the encryption algorithm identification field to obtain the preset default plaintext.

According to one embodiment of the application, the target electronic device generates a new default password according to the current date after each startup, and stores the target ciphertext corresponding to the newly generated default password into the ciphertext field. This results in the ciphertext field storing ciphertext (the target ciphertext generated at the last start) characterizing the complete information of the [ fixed CODE portion+floating DATE portion ] although the plaintext of the CODE portion is fixed. Therefore, before generating a new default password after each start, the target ciphertext generated at the last start and stored in the ciphertext field may be decrypted first, the default password (plaintext) generated at the last start may be restored, and then the plaintext of the CODE portion may be extracted from the default password (plaintext) generated at the last start.

In one embodiment, the historical timestamp may be understood as the "current timestamp" corresponding to the last time the target electronic device was booted. And responding to a starting instruction, powering on the target electronic equipment, and acquiring default password information. The default cryptographic information includes an encryption algorithm identification field, an encryption time stamp field, and a ciphertext field. The encryption timestamp field stores the "current timestamp", i.e., the historical timestamp, of the last time the device was started. The ciphertext field stores a "target ciphertext" (hereinafter referred to as a history target ciphertext) at the time of last startup.

The historical target ciphertext may be first decrypted using the historical timestamp indicated by the encryption timestamp field. The first decrypted historical target ciphertext may be second decrypted using the encryption algorithm indicated by the encryption algorithm identification field to obtain a default cipher plaintext at the last boot-up (hereinafter referred to as a historical default cipher). The CODE partial plaintext can be extracted from the historical default password to obtain a preset default plaintext. The foregoing description of the second encryption using the current timestamp may be referred to in the foregoing description of the first encryption using the encryption algorithm, and the foregoing description of the first encryption using the encryption algorithm may be referred to in the foregoing description, which is not repeated herein.

Only by taking the CODE part fixedly set as a password, the current date is 20250806, the last starting date is 20250801 as an example, and the flow of dynamically generating a new default password after the target electronic device is started up can be as follows:

1. and double decryption, namely obtaining a target ciphertext (namely a historical target ciphertext) stored in the ciphertext field and stored in the last starting time and a historical timestamp stored in the timestamp field for encryption. Double decryption is carried out on the historical target ciphertext according to the historical timestamp and the encryption algorithm indicated by the encryption algorithm identification field, and a default password plaintext (password 20250801) at the last starting time is restored;

2. the method comprises the steps of extracting a CODE, and extracting a fixed CODE partial plaintext (password) from a default password plaintext (password 20250801) at the last starting time;

3. dynamically generating, namely combining the CODE partial plaintext (password) with the current date (20250806) to obtain a new default password plaintext (password 20250806);

4. Double encryption is carried out according to an encryption algorithm indicated by an encryption algorithm identification field and a current timestamp pair, so that a target ciphertext corresponding to a new default password plaintext (password 20250806) is obtained;

5. updating and storing, storing the current time stamp in the time stamp field for encryption, and storing the target ciphertext in the ciphertext field.

According to the embodiment of the disclosure, the default password is designed into a combined password structure of [ fixed CODE part+floating DATE part ], and a double dynamic encryption and decryption mechanism of an encryption algorithm and a timestamp is combined, so that the closed loop of 'double decryption, CODE extraction, dynamic generation, double encryption, updating and storage' is formed, dynamic updating of the default password can be realized, high complexity and high security of the default password can be ensured, and stable traceability of a CODE plaintext can be ensured.

According to the embodiment of the application, obtaining the default password according to the preset default plaintext and the current date can comprise the steps of responding to a starting-up starting instruction for starting the target electronic equipment, determining the current date, wherein the current date represents the triggered date of the starting-up starting instruction, and combining the preset default plaintext and the current date to obtain the default password.

In one embodiment, assuming the user has booted the target electronic device at 2025, 8, 6, the current date may be determined to be 20250806 in response to a power-on boot instruction. A preset default plaintext (e.g., password) determined based on the default password information may be combined with the current date to obtain a newly generated default password20250806. Although the default password is generated in the embodiment in a manner that the default plaintext is directly concatenated with the current date, the present application is not limited thereto, and the manner that the default plaintext is combined with the current date is not limited thereto.

The method for generating the default password according to the embodiment of the application can further comprise receiving a standard time signal through the radio wave receiving module in response to a power-on start-up instruction for starting up the target electronic device, decoding the standard time signal to determine standard time data, and determining a current date and a current time stamp according to the standard time data.

According to one embodiment of the application, the standard time signal may be an electrical wave signal transmitted by a designated time service center via a short wave (or long wave) station. The radio wave receiving module may be configured to receive the standard time signal.

In one embodiment, the radio wave receiving module is powered up to receive the standard time signal in response to a power-on start-up instruction. The CPU may decode the standard time signal to determine standard time data, from which the current date and current timestamp may be determined.

As shown in fig. 3, the radio wave receiving module and various components such as a BMC (Baseboard Management Controller ), a BIOS (Basic Input/Output System), a PHC (Platform Controller Hub, integrated south bridge), and a CPU may have the following data flow processes:

scheme 1: the system is powered on, and BIOS on the BMC controls the powering on of the radio wave receiving module;

The process 2 is that after the radio wave receiving module is powered on, the feedback is carried out to the BIOS on the BMC;

The radio wave receiving module obtains standard time signals, analyzes and converts the standard time signals into electric signals and transmits the electric signals to the PCH system bus;

the PCH system bus transmits standard time data to the CPU according to the clock system;

the CPU writes the obtained standard time data into the memory;

The OS (Operation System) operating System sends a request, applies for obtaining standard time, and sends request information to the PCH System bus;

the PCH system bus calls the CPU thread to read the latest standard time value from the memory;

and 9, the PCH transmits the read standard time to an OS operating system, and the OS operating system performs user system internal time updating operation to determine the current date and the current time stamp according to the updated system time.

According to the embodiment of the application, the encryption algorithm identification field can comprise an encryption algorithm identification sequence, the encryption algorithm identification sequence comprises N pieces of identification information which are arranged according to a specified sequence, the N pieces of identification information respectively indicate N different encryption algorithms, N is a positive integer, and N is more than or equal to 3. The method of generating the default password may further include determining an encryption algorithm used for the second decryption based on identification information located at a last position in a direction (e.g., a left-to-right direction) in the encryption algorithm identification sequence, and determining an encryption algorithm used for the first encryption based on identification information located at a first position in the encryption algorithm identification sequence in the direction.

According to one embodiment of the present disclosure, the encryption algorithm identification field may store an encryption algorithm identification sequence.

As an example, the encryption algorithm identification sequence may be [ A, B, C, D ], where identification a indicates, for example, AES algorithm, identification B indicates, for example, DES algorithm, identification C indicates, for example, 3DES algorithm, and identification D indicates, for example, RC4 algorithm.

In one embodiment, the encryption algorithm identification sequence may be, for example, [ A, B, C, D ], which is a left-to-right direction. The encryption algorithm used for the first encryption may be determined to be an AES algorithm based on an identifier a located first in the left-to-right direction in the encryption algorithm identifier sequence. The encryption algorithm used for the second decryption may be determined to be the RC4 algorithm based on the identification D located last in the encryption algorithm identification sequence in the left-to-right direction.

In another alternative embodiment, the encryption algorithm identification sequence may be, for example, [ A, B, C, D ], the direction being a right-to-left direction. The encryption algorithm used for the first encryption may be determined to be an RC4 algorithm based on the identifier D located first in the right-to-left direction in the encryption algorithm identifier sequence. The encryption algorithm used for the second decryption may be determined to be an AES algorithm based on the identifier a located last in the right-to-left direction in the encryption algorithm identifier sequence.

The method for generating the default password according to the embodiment of the application can further comprise the steps of moving the identification information positioned at the first position along the direction in the encryption algorithm identification sequence to the last position along the direction in the encryption algorithm identification sequence after determining that the user passes verification, and enabling the rest sequence formed by the rest N-1 identification information to integrally move forwards by one bit along the opposite direction (for example, the right-to-left direction) in the encryption algorithm identification sequence to obtain the updated encryption algorithm identification sequence.

In one embodiment, the encryption algorithm identification sequence may include A, B, C, D total 4 identifications, identification a for example indicating AES algorithm, identification B for example indicating DES algorithm, identification C for example indicating 3DES algorithm, and identification D for example indicating RC4 algorithm. The 4 kinds of identifications are arranged according to a designated sequence, and after the user authentication is confirmed to pass, the designated sequence can be updated to obtain an updated encryption algorithm identification sequence. For example, at the time of the ith startup of the target electronic device, the aforementioned 4 kinds of identifications are arranged in the first order, and after it is determined that the user authentication is passed, the arrangement order of the 4 kinds of identifications is updated to the second order. When the target electronic device is started for the (i+1) th time, the 4 kinds of identifications are arranged according to the second sequence, after the user verification is confirmed to pass, the arrangement sequence of the 4 kinds of identifications is updated to be the third sequence, and so on.

The method of updating the specified order described above will be described in detail below with specific exemplary embodiments.

Assume that 4 bits in the encryption algorithm identification sequence are respectively marked as [ bit 1, bit 2, bit 3, bit 4 ] from left to right. For example, in the case where the direction is a left-to-right direction, the last digit in the direction is the 4-digit, and the first digit in the direction is the 1-digit. For another example, in the case where the direction is from right to left, the number 1 bit is located at the end in the direction, and the number 4 bit is located at the head in the direction.

In one embodiment, the direction is from left to right, so the method of updating the specified order may be referred to as a first-bit-to-back update scheme (note that the first bit here refers to bit 1 in the encryption algorithm identification sequence, not the first bit in the left to right direction). For ease of understanding, the first digits appearing in the examples below all refer to digits 1 described above, and the last digits appearing all refer to digits 4 described above. Illustratively:

When i=1, the encryption algorithm identification sequence (hereinafter simply referred to as identification sequence) is [ A, B, C, D ], and at this time, the encryption algorithm used for the second decryption may be determined to be the RC4 algorithm according to the identification D located at the last bit (i.e., bit No. 4) in the identification sequence. The encryption algorithm used for the first encryption may be determined to be the AES algorithm based on the identification a located in the first bit (i.e., bit 1) in the identification sequence. After determining that the user passes the verification, the first identifier a in the identifier sequence may be moved to the last identifier sequence, and the remaining sequence B, C, D formed by the remaining 3 identifiers may be moved forward one bit in the identifier sequence as a whole, to obtain an updated identifier sequence [ B, C, D, A ].

When i=2, the identification sequence is [ B, C, D, A ], and at this time, it may be determined that the encryption algorithm used for the second decryption is the AES algorithm according to the identification a located at the last position in the identification sequence. The encryption algorithm used for the first encryption may be determined to be a DES algorithm based on the first-located identifier B in the identifier sequence. After determining that the user passes the verification, the first identifier B in the identifier sequence may be moved to the last identifier sequence, and the remaining sequence C, D, A formed by the remaining 3 identifiers may be moved forward one bit in its entirety in the identifier sequence, to obtain an updated identifier sequence [ C, D, A, B ].

When i=3, the identification sequence is [ C, D, A, B ], and the encryption algorithm used for the second decryption can be determined to be the DES algorithm according to the identification B located at the last position in the identification sequence. The encryption algorithm used for the first encryption may be determined to be a 3DES algorithm according to the first identifier C in the identifier sequence. After the user verification is determined to pass, the first identifier C in the identifier sequence may be moved to the last identifier sequence, and the remaining sequence D, A, B formed by the remaining 3 identifiers may be moved forward by one bit in the identifier sequence as a whole, to obtain an updated identifier sequence [ D, A, B, C ].

I=4, the identification sequence is [ D, A, B, C ], and the encryption algorithm used for the second decryption can be determined to be a 3DES algorithm according to the identification C located at the last position in the identification sequence. The encryption algorithm used for the first encryption may be determined to be an RC4 algorithm based on the first-located identifier D in the identifier sequence. After the user authentication is determined, the first identifier D in the identifier sequence may be moved to the last identifier sequence, and the remaining sequence A, B, C formed by the remaining 3 identifiers may be moved forward by one bit in the identifier sequence as a whole, to obtain an updated identifier sequence [ A, B, C, D ].

When i=5, the same processing as when i=1 is performed, and so on.

In another alternative embodiment, the direction is a right-to-left direction, so the method of updating the specified order may be referred to as a last-bit-advanced update scheme (again, the last bit here refers to bit 4 in the encryption algorithm identification sequence, not the last bit in the right-to-left direction). Also, the identification sequence including A, B, C, D total 4 identifications is described above as an example, and for convenience of understanding, the first digits appearing in the following examples all refer to the number 1 digits, and the last digits appearing in the following examples all refer to the number 4 digits. Illustratively:

When i=1, the identification sequence is [ A, B, C, D ], and at this time, it may be determined that the encryption algorithm used for the second decryption is the AES algorithm according to the identification a located in the first bit (i.e., bit 1) in the identification sequence. The encryption algorithm used for the first encryption may be determined to be the RC4 algorithm based on the last (i.e., bit 4) identifier D in the identifier sequence. After the user verification is determined to pass, the identifier D located at the last position in the identifier sequence may be moved to the first position of the identifier sequence, and the remaining sequence B, C, D formed by the remaining 3 identifiers may be moved one position backwards in the identifier sequence as a whole, to obtain an updated identifier sequence [ D, A, B, C ].

I=2, the identification sequence is [ D, A, B, C ], and the encryption algorithm used for the second decryption can be determined to be the RC4 algorithm according to the identification D located at the first position in the identification sequence. The encryption algorithm used for the first encryption may be determined to be a 3DES algorithm based on the last identifier C in the identifier sequence. After the user verification is determined to pass, the identifier C located at the last position in the identifier sequence may be moved to the first position of the identifier sequence, and the remaining sequence D, A, B formed by the remaining 3 identifiers may be moved one position backwards in the identifier sequence as a whole, to obtain an updated identifier sequence [ C, D, A, B ].

I=3, the identification sequence is [ C, D, A, B ], and the encryption algorithm used for the second decryption can be determined to be a 3DES algorithm according to the identification C located at the first position in the identification sequence. The encryption algorithm used for the first encryption may be determined to be a DES algorithm based on the last-located identifier B in the identifier sequence. After the user authentication is determined to pass, the identifier B located at the last position in the identifier sequence may be moved to the first position in the identifier sequence, and the remaining sequence C, D, A formed by the remaining 3 identifiers may be moved one position backwards in the identifier sequence as a whole, to obtain the updated identifier sequence [ B, C, D, A ].

I=4, the identification sequence is [ B, C, D, A ], and the encryption algorithm used for the second decryption can be determined to be the DES algorithm according to the identification B located at the first position in the identification sequence. The encryption algorithm used for the first encryption may be determined to be an AES algorithm based on the last identifier a in the identifier sequence. After the user verification is determined to pass, the identifier a located at the last position in the identifier sequence may be moved to the first position of the identifier sequence, and the remaining sequence B, C, D formed by the remaining 3 identifiers may be moved one position backwards in the identifier sequence as a whole, so as to obtain an updated identifier sequence [ A, B, C, D ].

When i=5, the same processing as when i=1 is performed, and so on.

According to the embodiment of the application, the appointed sequence can be updated through the first-bit backward updating scheme or the last-bit forward updating scheme, so that an updated encryption algorithm identification sequence is obtained. The method for periodically updating the encryption algorithm identification sequence according to a certain rule can ensure that the encryption algorithm used in each generation of the default password is dynamically changed on the premise of ensuring the closed loop of 'double decryption, CODE extraction, dynamic generation, double encryption, updating and storage', so that the complexity and the safety of the default password can be further obviously increased, and the cracking difficulty of the default password is further increased.

As shown in FIG. 4, the method 400 includes operations S410-S440.

In response to receiving the authentication password from the user, default password information including a time stamp field for encryption, an encryption algorithm identification field, and a ciphertext field is acquired in operation S410.

In operation S420, the ciphertext field is third decrypted using the timestamp indicated by the encryption timestamp field.

In operation S430, the third decrypted ciphertext field is fourth decrypted using the encryption algorithm indicated by the encryption algorithm identification field, to obtain a default password for authentication.

In operation S440, the authentication password is authenticated based on the default password for authentication to obtain an authentication result.

According to one embodiment of the application, when a user uses the target electronic device each time, the target electronic device generates a new default password by the method for generating the default password provided by the embodiment of the application after being powered on, and updates default password information. The user may enter an authentication CODE comprising a CODE portion and a current date in accordance with the convention, and the target electronic device may authenticate the authentication CODE entered by the user.

In one embodiment, for example, the CODE portion is fixedly set to a password, and the date the target electronic device is started is 2025, 8, 6, and the default password (plaintext) newly generated corresponds to the password20250806. The updated default password information may be obtained in response to receiving an authentication password (plaintext) from the user. The ciphertext field may be third decrypted based on the timestamp indicated by the encrypt timestamp field. The third decrypted ciphertext field may be fourth decrypted using the encryption algorithm indicated by the encryption algorithm identification field, resulting in a default password (password 20250806) for authentication. The default password (password 20250806) for authentication may be used to perform consistency authentication on the authentication password from the user, so as to obtain an authentication result.

According to the embodiment of the application, the encryption algorithm identification field can comprise an encryption algorithm identification sequence, the encryption algorithm identification sequence comprises N pieces of identification information which are arranged according to a specified sequence, the N pieces of identification information respectively indicate N different encryption algorithms, N is a positive integer, and N is more than or equal to 3. The method of performing user authentication may further comprise determining the encryption algorithm used for the fourth decryption based on the identification information in the first place in a direction (e.g., a left-to-right direction) in the encryption algorithm identification sequence.

In one embodiment, the encryption algorithm identification sequence may be, for example, [ A, B, C, D ], which is a left-to-right direction. The encryption algorithm used for the fourth decryption may be determined to be the AES algorithm based on the identifier a located first in the left-to-right direction in the encryption algorithm identifier sequence.

In another alternative embodiment, the encryption algorithm identification sequence may be, for example, [ A, B, C, D ], the direction being a right-to-left direction. The encryption algorithm used for the fourth decryption may be determined to be the RC4 algorithm based on the identifier D located first in the right-to-left direction in the encryption algorithm identifier sequence.

According to the embodiment of the application, the method for user verification can further comprise the steps of logging in the target account under the condition that the verification result represents that consistency verification is passed, wherein the target account has control authority for the target electronic equipment, and rejecting to log in the target account in a preset time period under the condition that the verification result represents that the consistency verification failure times are greater than or equal to a preset threshold value.

In one embodiment, the target account is logged in, with the target account having control authority for the target electronic device, in the event that the verification result characterizes a pass of the compliance verification (i.e., the user entered verification password is consistent with the default password used for verification).

In another embodiment, in the case where the verification result indicates that the number of times of consistency verification fails (i.e., the verification password input by the user is inconsistent with the default password used for verification) is greater than or equal to a preset threshold, login to the target account is denied for a preset period of time. The preset threshold and the preset period can be reasonably set by a person skilled in the art according to actual requirements or application scenes, and the like, and are not particularly limited herein.

As shown in fig. 5, in response to a start-up instruction, the target electronic device is powered on, and the EEPROM is powered on, so as to obtain default password information in the VPD information. And meanwhile, the main board is electrified, a firmware program is started, and the radio wave receiving module acquires standard time radio waves. The default cryptographic information includes an encryption algorithm identification field, an encryption time stamp field, and a ciphertext field.

As shown in fig. 5, the ciphertext field may be first decrypted based on the encryption timestamp field. The encryption algorithm used may be determined from the encryption algorithm identification field, and the first decrypted ciphertext field may be second decrypted using the determined encryption algorithm to obtain the CODE plaintext (e.g., password).

As shown in fig. 5, the CPU can analyze the standard time wave to generate standard time data. The current DATE (e.g., 20250806) and current timestamp may be determined based on the standard time data.

As shown in fig. 5, the code+date may be combined to generate a default password (e.g., password 20250806). The encryption algorithm used may be determined from the encryption algorithm identification field, and the default password may be first encrypted using the determined encryption algorithm. The first encrypted default cipher may be second encrypted using the current timestamp to obtain the target cipher text. The encryption timestamp field and ciphertext field may be updated based on the current timestamp and the target ciphertext, respectively.

As shown in fig. 5, after the OS is started, the user may input a verification password for verification. In response to receiving the authentication password from the user, default password information may be obtained. The ciphertext field may be third decrypted using the encrypt timestamp field. The encryption algorithm used may be determined from the encryption algorithm identification field, and the third decrypted ciphertext field may be fourth decrypted using the determined encryption algorithm to obtain a default password for authentication. The authentication plane may be authenticated for consistency based on a default password used for authentication.

As shown in fig. 5, in the case where the consistency verification is passed, the user successfully logs in. In the event that the consistency verification is not passed, a password error may be prompted. If the number of failures exceeds 5, login is not allowed for half an hour.

As shown in fig. 5, after the user successfully logs in, if the user modifies the default password, the user newly sets the password to replace the default password, and the next time the device is started, the system loads the password set by the user for verification. If the user does not modify the default password, the default password is not regenerated under the condition that the current system is not restarted until the system is started next time, and the default password is regenerated.

As shown in fig. 6, the apparatus 600 includes a first determination module 610, a second determination module 620, a first encryption module 630, a second encryption module 640, and an update module 650.

The first determining module 610 is configured to determine a default plaintext based on default cryptographic information, where the default cryptographic information includes a time stamp field for encryption, an identification field for encryption algorithm, and a ciphertext field.

The second determining module 620 is configured to obtain a default password according to a preset default plaintext and a current date, where the default password is used for user authentication.

The first encryption module 630 is configured to perform a first encryption on the default password using the encryption algorithm indicated by the encryption algorithm identification field.

And the second encryption module 640 is configured to perform second encryption on the default password that is encrypted according to the current timestamp, so as to obtain the target ciphertext.

The updating module 650 is configured to update the encryption timestamp field and the ciphertext field based on the current timestamp and the target ciphertext, respectively.

According to an embodiment of the present application, the first determining module 610 includes a first acquiring sub-module, a first decrypting sub-module, and a second decrypting sub-module.

The first acquisition sub-module is used for responding to a starting-up starting instruction for starting the target electronic equipment and acquiring default password information.

And the first decryption submodule is used for performing first decryption on the ciphertext field by using the historical timestamp indicated by the timestamp field for encryption.

And the second decryption sub-module is used for performing second decryption on the ciphertext field subjected to the first decryption by using the encryption algorithm indicated by the encryption algorithm identification field so as to obtain a preset default plaintext.

According to an embodiment of the application, the second determination module 620 comprises a first determination sub-module and a combination sub-module.

The first determining submodule is used for determining a current date in response to a startup instruction for starting the target electronic equipment, wherein the current date represents the date on which the startup instruction is triggered.

And the combination sub-module is used for combining the preset default plaintext and the current date to obtain a default password.

According to the embodiment of the application, the device for generating the default password further comprises a receiving module, a decoding module and a third determining module.

And the receiving module is used for responding to a starting-up starting instruction for starting the target electronic equipment and receiving the standard time signal through the radio wave receiving module.

And the decoding module is used for decoding the standard time signal and determining standard time data.

And the third determining module is used for determining the current date and the current time stamp according to the standard time data.

According to the embodiment of the application, the encryption algorithm identification field comprises an encryption algorithm identification sequence, the encryption algorithm identification sequence comprises N pieces of identification information which are arranged according to a specified sequence, the N pieces of identification information respectively indicate N different encryption algorithms, N is a positive integer, and N is more than or equal to 3. The device for generating the default password further comprises a fourth confirmation module and a fifth confirmation module.

And the fourth confirmation module is used for determining the encryption algorithm used for the second decryption according to the identification information positioned at the last bit along one direction in the encryption algorithm identification sequence.

And the fifth confirmation module is used for determining the encryption algorithm used for the first encryption according to the identification information positioned at the first position along the direction in the encryption algorithm identification sequence.

According to an embodiment of the present application, the apparatus for generating a default password further includes an update module.

And the updating module is used for moving the identification information positioned at the first position along the direction in the encryption algorithm identification sequence to the last position along the direction in the encryption algorithm identification sequence after the user passes the verification, and enabling the rest sequence formed by the rest N-1 identification information to move one bit along the opposite direction of the direction in the encryption algorithm identification sequence, so as to obtain the updated encryption algorithm identification sequence.

Any of the first determination module 610, the second determination module 620, the first encryption module 630, the second encryption module 640, and the update module 650 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules according to an embodiment of the present application. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to embodiments of the application, at least one of the first determination module 610, the second determination module 620, the first encryption module 630, the second encryption module 640, and the update module 650 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or as any one of or a suitable combination of three of software, hardware, and firmware. Or at least one of the first determination module 610, the second determination module 620, the first encryption module 630, the second encryption module 640, and the update module 650 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.

As shown in fig. 7, the apparatus 700 includes a second acquisition module 710, a third decryption module 720, a fourth decryption module 730, and a verification module 740.

The second obtaining module 710 is configured to obtain, in response to receiving the authentication password from the user, default password information, where the default password information includes a time stamp field for encryption, an identification field for encryption algorithm, and a ciphertext field.

And a third decryption module 720, configured to perform third decryption on the ciphertext field using the timestamp indicated by the encryption timestamp field.

And a fourth decryption module 730, configured to perform fourth decryption on the ciphertext field decrypted by the third decryption using the encryption algorithm indicated by the encryption algorithm identification field, to obtain a default password for authentication.

The verification module 740 is configured to perform consistency verification on the verification password based on the default password for verification, so as to obtain a verification result.

According to the embodiment of the application, the encryption algorithm identification field comprises an encryption algorithm identification sequence, the encryption algorithm identification sequence comprises N pieces of identification information which are arranged according to a specified sequence, the N pieces of identification information respectively indicate N different encryption algorithms, N is a positive integer, and N is more than or equal to 3. The apparatus for performing user authentication further comprises a sixth validation module.

And the sixth confirmation module is used for determining the encryption algorithm used for the fourth decryption according to the identification information positioned at the first position along one direction in the encryption algorithm identification sequence.

According to an embodiment of the present application, the apparatus for performing user authentication further includes a first processing module and a second processing module.

The first processing module is used for logging in a target account under the condition that the verification result represents that the consistency verification is passed, and the target account has control authority for the target electronic equipment.

The second processing module is used for refusing to log in the target account in a preset period under the condition that the verification result represents that the consistency verification failure times are larger than or equal to a preset threshold value.

Any of the second acquisition module 710, the third decryption module 720, the fourth decryption module 730, and the verification module 740 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules according to an embodiment of the present application. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to an embodiment of the present application, at least one of the second acquisition module 710, the third decryption module 720, the fourth decryption module 730, and the verification module 740 may be implemented at least partially as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable way of integrating or packaging the circuits, or as any one of or a suitable combination of three of software, hardware, and firmware. Or at least one of the second acquisition module 710, the third decryption module 720, the fourth decryption module 730, and the verification module 740 may be at least partially implemented as computer program modules which, when run, may perform the corresponding functions.

As shown in fig. 8, an electronic device 800 according to an embodiment of the present application includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a ROM (read only memory) 802 or a program loaded from a storage section 808 into a RAM (random access memory) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 801 may also include on-board memory for caching purposes. The processor 801 may comprise a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the application.

In the RAM 803, various programs and data required for the operation of the electronic device 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flow according to the embodiment of the present application by executing programs in the ROM 802 and/or the RAM 803. Note that the program may be stored in one or more memories other than the ROM 802 and the RAM 803. The processor 801 may also perform various operations of the method flow according to embodiments of the present application by executing programs stored in the one or more memories.

According to an embodiment of the application, the electronic device 800 may further comprise an input/output (I/O) interface 805, the input/output (I/O) interface 805 also being connected to the bus 804. The electronic device 800 may also include one or more of an input portion 806 including a keyboard, a mouse, etc., an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc., a storage portion 808 including a hard disk, etc., and a communication portion 809 including a network interface card such as a LAN card, a modem, etc., connected to an input/output (I/O) interface 805. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to an input/output (I/O) interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.

The present application also provides a computer-readable storage medium that may be included in the apparatus/device/system described in the above embodiments, or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present application.

According to embodiments of the application, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the application, the computer-readable storage medium may include ROM 802 and/or RAM 803 and/or one or more memories other than ROM 802 and RAM 803 described above.

Embodiments of the present application also include a computer program product comprising a computer program containing program code for performing the method shown in the flowcharts. When the computer program product runs in a computer system, the program code is used for enabling the computer system to realize the method for generating the default password and the method for carrying out user authentication provided by the embodiment of the application.

The above-described functions defined in the system/apparatus of the embodiment of the present application are performed when the computer program is executed by the processor 801. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the application.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or from a removable medium 811 via a communication portion 809. The computer program may comprise program code that is transmitted using any appropriate network medium, including but not limited to wireless, wireline, etc., or any suitable combination of the preceding.

In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the embodiment of the present application are performed when the computer program is executed by the processor 801. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the application.

According to embodiments of the present application, program code for carrying out computer programs provided by embodiments of the present application may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or in assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Those skilled in the art will appreciate that the features recited in the various embodiments of the application can be combined and/or combined in a variety of ways, even if such combinations or combinations are not explicitly recited in the present application. In particular, the features recited in the various embodiments of the application can be combined and/or combined in various ways without departing from the spirit and teachings of the application. All such combinations and/or combinations fall within the scope of the application.

The embodiments of the present application are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present application. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the application, and such alternatives and modifications are intended to fall within the scope of the application.

Claims

1. A method for generating a default password, characterized in that the method comprises:

Determining a preset default plaintext based on default password information, wherein the default password information includes an encryption timestamp field, an encryption algorithm identification field, and a ciphertext field;

Obtaining a default password based on the preset default plain text and the current date, wherein the default password is used for user authentication;

Performing a first encryption on the default password using the encryption algorithm indicated by the encryption algorithm identification field;

Performing a second encryption on the first-encrypted default password according to the current timestamp to obtain a target ciphertext; and

Based on the current timestamp and the target ciphertext, the encryption timestamp field and the ciphertext field are updated respectively.

2. The method according to claim 1, wherein determining the preset default plaintext based on the default password information comprises:

Responding to a power-on instruction for starting a target electronic device, obtaining the default password information;

Performing a first decryption on the ciphertext field using the historical timestamp indicated by the encryption timestamp field;

The encryption algorithm indicated by the encryption algorithm identification field is used to perform a second decryption on the ciphertext field that has been decrypted for the first time to obtain the preset default plaintext.

3. The method according to claim 1, wherein obtaining a default password based on the preset default plain text and the current date comprises:

In response to a power-on instruction for starting a target electronic device, determining the current date, wherein the current date represents a date when the power-on instruction is triggered; and

The preset default plain text and the current date are combined to obtain the default password.

4. The method according to claim 1, further comprising:

In response to a power-on instruction for starting a target electronic device, receiving a standard time signal via a radio wave receiving module;

decoding the standard time signal to determine standard time data; and

The current date and the current timestamp are determined based on the standard time data.

5. The method according to claim 2, wherein the encryption algorithm identification field includes an encryption algorithm identification sequence, the encryption algorithm identification sequence includes N identification information arranged in a specified order, the N identification information respectively indicating N different encryption algorithms, where N is a positive integer and N ≥ 3; the method further comprising:

determining, according to identification information located at the last position in one direction in the encryption algorithm identification sequence, an encryption algorithm used for the second decryption;

The encryption algorithm used for the first encryption is determined according to the identification information located at the first position along the direction in the encryption algorithm identification sequence.

6. The method according to claim 5, further comprising:

After the user verification is passed, the identification information at the first position in the encryption algorithm identification sequence along the direction is moved to the last position in the encryption algorithm identification sequence along the direction, and the remaining sequence composed of the remaining N-1 identification information is moved one position in the opposite direction of the direction in the encryption algorithm identification sequence as a whole to obtain an updated encryption algorithm identification sequence.

7. The method according to any one of claims 1 to 6, wherein the default password information is part of device configuration information, and the device configuration information is stored in a preset non-volatile memory of the target electronic device.

8. A method for user verification, characterized in that the method comprises:

In response to receiving the verification password from the user, obtaining default password information, the default password information including an encryption timestamp field, an encryption algorithm identification field, and a ciphertext field;

Performing a third decryption on the ciphertext field using the timestamp indicated by the encryption timestamp field;

Using the encryption algorithm indicated by the encryption algorithm identification field, perform a fourth decryption on the ciphertext field that has been decrypted thirdly to obtain a default password for verification; and

The verification password is verified for consistency based on the default password used for verification to obtain a verification result.

9. The method according to claim 8, wherein the encryption algorithm identification field includes an encryption algorithm identification sequence, the encryption algorithm identification sequence includes N identification information arranged in a specified order, the N identification information respectively indicating N different encryption algorithms, where N is a positive integer and N ≥ 3; the method further comprising:

The encryption algorithm used for the fourth decryption is determined according to identification information located at the first position along a direction in the encryption algorithm identification sequence.

10. The method according to claim 8, further comprising:

If the verification result indicates that the consistency verification has passed, logging into the target account, where the target account has control authority over the target electronic device;

If the verification result indicates that the number of consistency verification failures is greater than or equal to a preset threshold, login to the target account is denied during a preset period of time.

11. A device for generating a default password, characterized in that the device comprises:

A first determining module is configured to determine a preset default plaintext based on default password information, wherein the default password information includes an encryption timestamp field, an encryption algorithm identification field, and a ciphertext field;

A second determining module is configured to obtain a default password based on the preset default plain text and the current date, wherein the default password is used for user authentication;

A first encryption module, configured to perform a first encryption on the default password using the encryption algorithm indicated by the encryption algorithm identification field;

a second encryption module, configured to perform a second encryption on the first encrypted default password according to a current timestamp to obtain a target ciphertext; and

An updating module is used to update the encryption timestamp field and the ciphertext field based on the current timestamp and the target ciphertext.

12. A device for user authentication, comprising:

a second obtaining module, configured to obtain default password information in response to receiving the verification password from the user, the default password information including an encryption timestamp field, an encryption algorithm identification field, and a ciphertext field;

A third decryption module, configured to perform a third decryption on the ciphertext field using the timestamp indicated by the encryption timestamp field;

a fourth decryption module, configured to perform a fourth decryption on the ciphertext field after the third decryption using the encryption algorithm indicated by the encryption algorithm identification field to obtain a default password for verification; and

The verification module is used to perform consistency verification on the verification password based on the default password for verification to obtain a verification result.

13. An electronic device comprising:

one or more processors;

a memory for storing one or more computer programs,

It is characterized in that the one or more processors execute the one or more computer programs to implement the steps of the method according to any one of claims 1 to 10.

14. A computer-readable storage medium having a computer program or instruction stored thereon, wherein the computer program or instruction, when executed by a processor, implements the steps of the method according to any one of claims 1 to 10.

15. A computer program product, comprising a computer program or instructions, wherein when the computer program or instructions are executed by a processor, the steps of the method according to any one of claims 1 to 10 are implemented.