A system, method and device for page security login
By leveraging the collaborative efforts of the browser, server, operating system, and cryptographic chip, and utilizing the access key verification process and user authorization information, the problem of AI agents bypassing existing defenses has been solved, enabling secure defense of key data pages and ensuring data security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- ALIBABA (CHINA) CO LTD
- Filing Date
- 2026-04-08
- Publication Date
- 2026-07-14
AI Technical Summary
In existing technologies, AI agents can bypass defenses such as CAPTCHAs, DLP software, and device fingerprinting, failing to effectively protect users' critical data pages and leading to data leaks.
By constructing a secure login system, the system leverages the collaborative work of browsers, servers, operating systems, and cryptographic chips. It uses JavaScript to detect page status, triggers a key verification process, calculates a private key using user authorization information and a random number, and generates a response message for verification, ensuring that only human authorization allows access to critical data pages.
It effectively prevents uncontrolled data crawling by AI agents, protects user data security, reduces interference with normal users, and is easy to integrate into key data pages.
Smart Images

Figure CN122394847A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of network security technology, and more specifically, to a system, method, and apparatus for secure login to web pages. Background Technology
[0002] With the rapid development of artificial intelligence agents (AI agents), these AI agents can access users' mobile phones or computers on their office networks and crawl data uncontrollably, causing data leaks. There is an urgent need for defense measures to protect user data.
[0003] In existing technologies, CAPTCHAs, data loss prevention (DLP) software, or device fingerprints are used as defense methods. However, these methods can be bypassed by the aforementioned AI Agent and therefore cannot serve a defensive purpose.
[0004] In conclusion, how to effectively defend users' key data pages and protect their data security is a problem that needs to be solved. Summary of the Invention
[0005] In view of this, embodiments of the present invention provide a system, method, and apparatus for secure page login, which can provide secure and effective defense for users' key data pages and protect users' data security.
[0006] In a first aspect, embodiments of the present invention provide a system for secure login to a webpage, the system comprising: a browser, a server, an operating system, and a cryptographic chip; The browser sends current page status information via a JavaScript package at set intervals. The server receives the status information, determines that the current page's session has expired based on the status information, and sends a session expiration message. The browser receives the session expiration message, invokes the access key verification process, and sends a random number sent by the server to the operating system, wherein the random number is used in the access key verification process. The operating system pops up an access key system pop-up and receives an authorization command triggered by the user, sending the authorization information in the authorization command and the random number to the cryptographic chip. The cryptographic chip performs private key calculation on the authorization information and the random number, generates a response message, and sends the response message to the operating system. The operating system sends the response message to the browser. The browser sends the response message to the server. The server verifies the response message, and in response to successful verification, sends an updated session to the browser's current page. The browser receives the updated session.
[0007] Secondly, embodiments of the present invention provide a method for secure login to a page, the method comprising: sending current page status information via a Javascript package at set intervals, wherein the status information includes data indicating that the mouse is idle and the page is still open, and the Javascript package is embedded in the current page; receiving a session expiration message, wherein the session expiration message is used to indicate that the session of the current page has expired; invoking a pass key verification process; receiving a random number sent by a server and sending the random number to the operating system, wherein the random number is used in the pass key verification process; receiving a response message sent by the operating system, wherein the response message includes authorization information calculated using a private key and a random number; sending the response message to the server via the Javascript package; and receiving an updated session sent by the server, wherein the updated session is used to log in to the current page.
[0008] Optionally, the method further includes: responding to the Javascript package detecting that the current page has been registered and bound to the access key verification process.
[0009] Optionally, the invocation of the access key verification process specifically includes: invoking the access key interface using a set method to start the access key verification process.
[0010] Thirdly, embodiments of the present invention provide a method for secure login to a webpage, the method comprising: receiving status information sent by a browser, wherein the status information includes data indicating that the mouse is idle and the page is still open on the current page of the browser; in response to determining that the session of the current page has expired based on the status information, sending a session expiration message; receiving a pass key verification process start instruction sent by the browser, generating a random number, wherein the random number is used for the pass key verification process; sending the random number to the browser; receiving a response message sent by the browser, wherein the response message includes authorization information calculated using a private key and the random number; verifying the response message; and in response to successful verification, sending an updated session to the current page of the browser.
[0011] Optionally, verifying the response message specifically includes: using the public key to verify the random number calculated by the private key in the response message, and determining the rationality of the authorization information calculated by the private key in the response message.
[0012] Fourthly, embodiments of the present invention provide a method for secure login to a webpage, the method comprising: receiving a random number sent by a browser, wherein the random number is used for a pass key verification process; popping up a pass key system pop-up and receiving an authorization instruction triggered by a user, wherein the authorization instruction includes authorization information, the authorization information including user biometric information or personal identification code; sending the authorization information and the random number to a cryptographic chip; receiving a response message sent by the cryptographic chip, wherein the response message includes authorization information calculated using a private key and the random number; and sending the response message to the browser.
[0013] Optionally, the authorization information calculated from the private key includes the operation instruction (AC) field, the user password (UP) field, and the user verification information (UV) field.
[0014] Fifthly, embodiments of the present invention provide a method for secure login to a webpage, the method comprising: receiving authorization information and a random number sent by an operating system, wherein the authorization information includes user biometric information or personal identification code, and the random number is used for a pass key verification process; performing private key calculation on the authorization information and the random number according to a private key to generate a response message, wherein the response message includes the authorization information and the random number after private key calculation; and sending the response message to the operating system.
[0015] Sixthly, embodiments of the present invention provide a secure login device for a page, the device comprising: a first sending unit, configured to send current page status information via a Javascript package at set intervals, wherein the status information includes data indicating that the mouse is idle and the page is still open on the current page, and the Javascript package is embedded in the current page; a first receiving unit, configured to receive a session expiration message, wherein the session expiration message indicates that the session of the current page has expired; a calling unit, configured to call a pass key verification process; the first receiving unit is further configured to receive a random number sent by a server and send the random number to an operating system, wherein the random number is used in the pass key verification process; the first receiving unit is further configured to receive a response message sent by the operating system, wherein the response message includes authorization information calculated using a private key and a random number; the first sending unit is further configured to send the response message to a server via the Javascript package; the first receiving unit is further configured to receive an updated session sent by the server, wherein the updated session is used to log in to the current page.
[0016] Optionally, the device further includes a detection unit, which responds to the Javascript package detecting that the current page has been registered and bound to the access key verification process.
[0017] Optionally, the calling unit is specifically used to: call the access key interface in a set manner to start the access key verification process.
[0018] In a seventh aspect, embodiments of the present invention provide a device for secure page login, the device comprising: The second receiving unit is configured to receive status information sent by the browser, wherein the status information includes data indicating that the mouse is idle and the page is still open on the current page of the browser; the first processing unit is configured to send a session expiration message in response to determining that the session of the current page has expired based on the status information; the second receiving unit is further configured to receive a pass key verification process start instruction sent by the browser and generate a random number, wherein the random number is used for the pass key verification process; the second sending unit is configured to send the random number to the browser; the second receiving unit is further configured to receive a response message sent by the browser, wherein the response message includes authorization information calculated using the private key and the random number; the first processing unit is further configured to verify the response message; the second sending unit is further configured to send an updated session to the current page of the browser in response to successful verification.
[0019] Optionally, the first processing unit is specifically used to: verify the random number calculated by the private key in the response message using the public key, and determine the rationality of the authorization information calculated by the private key in the response message.
[0020] Eighthly, embodiments of the present invention provide a secure login device for a webpage, the device comprising: a third receiving unit, configured to receive a random number sent by a browser, wherein the random number is used for a pass key verification process; a second processing unit, configured to pop up a pass key system pop-up and receive an authorization instruction triggered by a user, wherein the authorization instruction includes authorization information, the authorization information including user biometric information or personal identification code; a third sending unit, configured to send the authorization information and the random number to a cryptographic chip; the third receiving unit is further configured to receive a response message sent by the cryptographic chip, wherein the response message includes authorization information calculated using a private key and the random number; the third sending unit is further configured to send the response message to the browser.
[0021] Optionally, the authorization information calculated from the private key includes the operation instruction (AC) field, the user password (UP) field, and the user verification information (UV) field.
[0022] In a ninth aspect, embodiments of the present invention provide a secure login device for a webpage, the device comprising: a fourth receiving unit, configured to receive authorization information and a random number sent by an operating system, wherein the authorization information includes user biometric information or a personal identification code, and the random number is used for a pass key verification process; a generating unit, configured to perform private key calculation on the authorization information and the random number based on a private key, and generate a response message, wherein the response message includes the authorization information and the random number after the private key calculation; the fourth sending unit is further configured to send the response message to the operating system.
[0023] In a tenth aspect, embodiments of the present invention provide an electronic device, including a memory and a processor, the memory being used to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement a method as described in any one of the second aspect, any possible second aspect, the third method, any possible third aspect, the fourth aspect, any possible fourth aspect, the fifth aspect, or any possible fifth aspect.
[0024] Eleventhly, embodiments of the present invention provide a computer-readable storage medium storing computer program instructions thereon, which, when executed by a processor, implement the method as described in any one of the second aspect, any possible second aspect, the third method, any possible third aspect, the fourth aspect, any possible fourth aspect, the fifth aspect, or any possible fifth aspect.
[0025] In this embodiment of the invention, a secure login system for a webpage is constructed. The system includes a browser, a server, an operating system, and a cryptographic chip. The browser sends current page status information via a JavaScript package at set intervals. The server receives the status information, determines that the current page's session has expired based on the status information, and sends a session expiration message. The browser receives the session expiration message, invokes a passkey verification process, and sends a random number sent by the server to the operating system, where the random number is used in the passkey verification process. The operating system pops up a passkey system popup and receives an authorization command triggered by the user, sending the authorization information in the authorization command and the random number to the cryptographic chip. The cryptographic chip performs private key calculation on the authorization information and the random number, generates a response message, and sends the response message to the operating system. The operating system sends the response message to the browser. The browser sends the response message to the server. The server verifies the response message, and upon successful verification, sends an updated session to the browser's current page. The browser receives the updated session. By embedding Javascript packages and using Passkeys on key data pages, the system ensures that access to these pages is only permitted with human authorization. This prevents uncontrolled data scraping by AI agents, effectively protecting users' data security. Attached Figure Description
[0026] The above and other objects, features and advantages of the present invention will become clearer from the following description of embodiments of the invention with reference to the accompanying drawings, in which: Figure 1 This is a schematic diagram of a secure login system for a webpage according to an embodiment of the present invention; Figure 2 This is a flowchart of a secure login method for a webpage according to an embodiment of the present invention; Figure 3 This is a flowchart of another secure login method for a webpage in an embodiment of the present invention; Figure 4 This is a flowchart of another secure login method for a webpage according to an embodiment of the present invention; Figure 5 This is a flowchart of another secure login method for a webpage in an embodiment of the present invention; Figure 6 This is a flowchart of a secure login method for a webpage according to an embodiment of the present invention; Figure 7 This is a flowchart of another secure login method for a webpage in an embodiment of the present invention; Figure 8 This is a schematic diagram of a secure login device for a webpage according to an embodiment of the present invention; Figure 9 This is a schematic diagram of another secure page login device in an embodiment of the present invention; Figure 10 This is a schematic diagram of another secure page login device in an embodiment of the present invention; Figure 11 This is a schematic diagram of another secure login device for a webpage in an embodiment of the present invention; Figure 12 This is a schematic diagram of an electronic device according to an embodiment of the present invention. Detailed Implementation
[0027] The present application is described below based on embodiments, but it is not limited to these embodiments. In the detailed description of the present application below, certain specific details are described in detail. Those skilled in the art can fully understand the present application without these details. To avoid obscuring the substance of the present application, well-known methods, processes, flows, elements, and circuits are not described in detail.
[0028] Furthermore, those skilled in the art should understand that the accompanying drawings provided herein are for illustrative purposes only and are not necessarily drawn to scale.
[0029] Unless the context explicitly requires it, words such as "including" or "contains" throughout the application should be interpreted as including rather than exclusive or exhaustive; that is, meaning "including but not limited to".
[0030] In the description of this application, it should be understood that the terms "first," "second," etc., are used for descriptive purposes only and should not be construed as indicating or implying relative importance. Furthermore, in the description of this application, unless otherwise stated, "a plurality of" means two or more.
[0031] In existing technologies, CAPTCHAs, Data Loss Prevention (DLP) software, or device fingerprinting are used as defense mechanisms. Specifically, with CAPTCHAs, an AI agent can use Optical Character Recognition (OCR) to recognize text or numbers in the CAPTCHA image and then automatically input the data via mouse and keyboard, thus bypassing the CAPTCHA. With DLP software, only package names, process names, or file names are recognized; if the AI agent changes the package name or recompiles, DLP cannot recognize it and can be bypassed. With device fingerprinting, since the AI agent resides within the device, not simulating it, it is difficult for the device fingerprint to distinguish it from the AI agent. In summary, the above methods can be bypassed by these AI agents and are ineffective in providing defense. Therefore, how to effectively protect users' key data pages and safeguard their data security is a problem that needs to be solved.
[0032] In this embodiment of the invention, to solve the above problems, a secure login system for web pages is proposed, specifically as follows: Figure 1 As shown, the system includes: a browser 101, a server 102, an operating system 103, and a cryptographic chip 104. The browser is an application with a complete webpage rendering engine, HTTP / HTTPS network request capabilities, and a Javascript execution environment. It is used to load, parse, and display page (also known as a webpage) content and supports user interaction to access internet resources; it is a tool for display and interaction. The server communicates with the browser via network protocols, receives and processes requests sent by the browser, and sends the request results back to the browser. The server is mainly used for storage, computation, permission verification, and data management. The operating system is used to implement the browser's functions; the browser can be considered an application running on the operating system. The cryptographic chip is independent of the operating system and is used for managing keys and calculating ciphertext.
[0033] The following is a complete interaction flowchart illustrating the interaction relationships between browser 101, server 102, operating system 103, and cryptographic chip 104, as detailed below. Figure 2 As shown, it includes the following: Step S201: The browser sends the current page status information via a Javascript package at set intervals.
[0034] Specifically, the JavaScript package is embedded in key data pages or key business pages, and the JavaScript package is used to implement specific functions; the status information of the current page includes data on whether the mouse is idle or the page is still open, and the status information also carries data such as request duration, Internet Protocol (IP) address and page validity.
[0035] Step S202: The server receives the status information and determines that the session of the current page has expired based on the status information.
[0036] Specifically, the server can determine request overload, IP address change, and page expiration based on the request duration, IP address, and page expiration. Combined with the data of mouse idleness and page still open, it can trigger the session expiration criterion and set the current page's session to invalid.
[0037] Step S203: The server sends a session expiration message to the browser.
[0038] Step S204: The browser receives the session expiration message.
[0039] Specifically, the JavaScript package in the browser receives the session expiration message sent by the server.
[0040] Step S205: The browser detects that the current page has already registered and bound a passkey credential, and invokes the passkey verification process.
[0041] Specifically, the access key verification process automatically invokes the browser's access key application programming interface (Passkey API).
[0042] In one possible implementation, the Passkey API is automatically invoked using the navigator.credentials.get() method.
[0043] Step S206: The browser sends access key verification process information to the server.
[0044] Step S207: The server generates a random number required to verify the Passkey.
[0045] Specifically, the random number is used for random number challenges and the pass key verification process.
[0046] Step S208: The server sends the random number to the browser.
[0047] Step S209: The server sends the received random number to the operating system.
[0048] Step S210: The operating system pops up the access key system pop-up and receives the authorization command triggered by the user.
[0049] Specifically, the authorization instruction includes authorization information, which includes user biometric information or personal identification PIN code, and the user biometric information includes fingerprints, faces, etc.; the authorization information also includes other simple proof of the user's existence.
[0050] In one possible implementation, the access key system pop-up has higher interaction permissions than ordinary programs, the AI Agent cannot replace user input, it can ensure that the user uses a real Passkey for interaction, and the user and the browser's terminal device are in the same space.
[0051] Step S211: The operating system sends the authorization information in the authorization instruction and the random number to the cryptographic chip.
[0052] Step S212: The cryptographic chip performs private key calculation on the authorization information and the random number to generate a response message.
[0053] Specifically, the response message includes authorization information calculated using the private key and a random number. The authorization information calculated using the private key includes an Attestation Certificate (AC) field, a User Presence (UP) field, and a User Verified (UV) field.
[0054] Step S213: The cryptographic chip sends the response message to the operating system.
[0055] Step S214: The operating system sends the response message to the browser.
[0056] Step S215: The browser's Javascript package obtains the response message.
[0057] Step S216: The browser sends the response message to the server.
[0058] Step S217: The server verifies the response message.
[0059] Specifically, the server uses a public key to verify whether the random number calculated from the private key in the response message was generated by the original private key, and determines whether the values of the AC field, the UP field, and the UV field in the authorization information are reasonable.
[0060] In one possible implementation, the AC field, the UP field, and the UV field are used to prevent some roaming authenticators from not requiring user authentication actions or falsely reporting user authentication actions.
[0061] Step S218: In response to successful verification, the server sends the updated session to the current page of the browser.
[0062] In this embodiment of the invention, the non-clonable and non-exportable characteristics of the Passkey and the cryptographic chip, as well as the non-automatic nature of the Passkey in the operating system, are used to resist automated access to pages by AI agents and prevent data leakage. Furthermore, due to the design of user authorization actions and session updates that do not require opening a new page, interference with normal users is minimized. The above functions can be implemented by integrating a Javascript package into the key data pages, making it easy to integrate.
[0063] In this embodiment of the invention, a method for secure page login is proposed, using a browser as the execution subject, as detailed below. Figure 3 As shown, the method includes: Step S301: Send the current page's status information via a Javascript package at set intervals.
[0064] Specifically, the status information includes data indicating that the mouse is idle or the page is still open on the current page, and the Javascript package is embedded in the current page.
[0065] Step S302: Receive session failure message.
[0066] Specifically, the session expiration message is used to indicate that the session of the current page has expired.
[0067] Step S303: Invoke the access key verification process.
[0068] In one possible implementation, the invocation of the access key verification process specifically includes: invoking the access key interface using a set method to start the access key verification process.
[0069] Step S304: Receive the random number sent by the server and send the random number to the operating system.
[0070] Specifically, the random number is used in the pass key verification process.
[0071] Step S305: Receive the response message sent by the operating system.
[0072] Specifically, the response message includes authorization information and a random number after private key calculation.
[0073] Step S306: Send the response message to the server via the Javascript package.
[0074] Step S307: Receive the updated session sent by the server.
[0075] Specifically, the updated session is used to log in to the current page.
[0076] In one possible implementation, after step S302 described above, other steps are included, specifically as follows: Figure 4 As shown, it includes the following: Step S308: In response to the Javascript package detecting that the current page has been registered and bound to the access key verification process.
[0077] In this embodiment of the invention, a method for secure page login is proposed, with the server as the execution entity, as detailed below. Figure 5 As shown, the method includes: Step S501: Receive status information sent by the browser.
[0078] Specifically, the status information includes data indicating that the mouse is idle or the page is still open on the current page of the browser.
[0079] Step S502: In response to determining that the session of the current page has expired based on the status information, a session expiration message is sent.
[0080] Step S503: Receive the access key verification process start instruction sent by the browser and generate a random number.
[0081] Specifically, the random number is used in the pass key verification process.
[0082] Step S504: Send the random number to the browser.
[0083] Step S505: Receive the response message sent by the browser.
[0084] Specifically, the response message includes authorization information and a random number after private key calculation.
[0085] Step S506: Verify the response message.
[0086] In one possible implementation, verifying the response message specifically includes: using the public key to verify the random number calculated from the private key in the response message, and determining the reasonableness of the authorization information calculated from the private key in the response message.
[0087] Step S507: In response to successful verification, send the updated session to the current page of the browser.
[0088] In this embodiment of the invention, an operating system is used as the execution subject to propose a method for secure page login, specifically as follows: Figure 6 As shown, the method includes: Step S601: Receive the random number sent by the browser.
[0089] Specifically, the random number is used in the pass key verification process.
[0090] Step S602: Pop up the access key system pop-up and receive the authorization command triggered by the user.
[0091] Specifically, the authorization instruction includes authorization information, which includes user biometric information or personal identification code.
[0092] Step S603: Send the authorization information and the random number to the cryptographic chip.
[0093] Step S604: Receive the response message sent by the cryptographic chip.
[0094] Specifically, the response message includes authorization information and a random number after private key calculation.
[0095] Step S605: Send the response message to the browser.
[0096] In this embodiment of the invention, a method for secure page login is proposed, using a cryptographic chip as the execution entity, as detailed below. Figure 7 As shown, the method includes: Step S701: Receive the authorization information and random number sent by the operating system.
[0097] Specifically, the authorization information includes user biometric information or personal identification code, and the random number is used for the access key verification process.
[0098] Step S702: Calculate the private key based on the authorization information and the random number using the private key, and generate a response message.
[0099] Specifically, the response message includes authorization information and a random number after private key calculation.
[0100] Step S703: Send the response message to the operating system.
[0101] Through the above embodiments, using Passkey access keys, defenses are deployed at key data page interfaces. Due to the characteristic that the Passkey system pop-up cannot be automatically clicked down by the AI Agent, it is guaranteed that such access is always accompanied by human presence, thus preventing large-scale access by the AI Agent. Furthermore, the browser uses timeout, page closure, request restrictions, mouse trajectory, etc., as conditions to re-enable Passkey, and the server requires verification of the AC field, UP field, or UV field to prevent the AI Agent from registering itself to simulate an authenticator, ensuring the security of data on the page.
[0102] In this embodiment of the invention, a device for secure page login is provided, such as... Figure 8 As shown, it specifically includes: a first sending unit 801, a first receiving unit 802, and a calling unit 803; The first sending unit 801 is configured to send the current page's status information via a Javascript package at set intervals. The status information includes data indicating that the mouse is idle but the page is still open. The Javascript package is embedded in the current page. The first receiving unit 802 is configured to receive a session expiration message, indicating that the current page's session has expired. The calling unit 803 is configured to call the access key verification process. The first receiving unit 802 is further configured to receive a random number sent by the server and send the random number to the operating system, where the random number is used in the access key verification process. The first receiving unit 802 is further configured to receive a response message sent by the operating system, where the response message includes authorization information calculated using the private key and a random number. The first sending unit 801 is further configured to send the response message to the server via the Javascript package. The first receiving unit 802 is further configured to receive an updated session sent by the server, where the updated session is used to log in to the current page.
[0103] Furthermore, the device also includes a detection unit, which responds to the Javascript package detecting that the current page has been registered and bound to the access key verification process.
[0104] Furthermore, the calling unit is specifically used to: call the access key interface in a set manner to start the access key verification process.
[0105] In this embodiment of the invention, a device for secure page login is provided, such as... Figure 9As shown, it specifically includes: a second receiving unit 901, a first processing unit 902, and a second transmitting unit 903; The second receiving unit 901 is configured to receive status information sent by the browser, wherein the status information includes data indicating that the mouse is idle and the page is still open on the current page of the browser; the first processing unit 902, in response to determining that the session of the current page has expired based on the status information, is configured to send a session expiration message; the second receiving unit 901 is further configured to receive a pass key verification process start instruction sent by the browser and generate a random number, wherein the random number is used for the pass key verification process; the second sending unit 903 is configured to send the random number to the browser; the second receiving unit 901 is further configured to receive a response message sent by the browser, wherein the response message includes authorization information calculated using the private key and the random number; the first processing unit 902 is further configured to verify the response message; the second sending unit 903 is further configured to, in response to successful verification, send an updated session to the current page of the browser.
[0106] Furthermore, the first processing unit is specifically used to: verify the random number calculated by the private key in the response message using the public key, and determine the rationality of the authorization information calculated by the private key in the response message.
[0107] In this embodiment of the invention, a device for secure page login is provided, such as... Figure 10 As shown, it specifically includes: a third receiving unit 1001, a second processing unit 1002, and a third transmitting unit 1003; The third receiving unit 1001 is configured to receive a random number sent by the browser, wherein the random number is used in the access key verification process; the second processing unit 1002 is configured to pop up the access key system pop-up and receive an authorization instruction triggered by the user, wherein the authorization instruction includes authorization information, which includes the user's biometric information or personal identification code; the third sending unit 1003 is configured to send the authorization information and the random number to the cryptographic chip; the third receiving unit 1001 is further configured to receive a response message sent by the cryptographic chip, wherein the response message includes authorization information after private key calculation and the random number; the third sending unit 1003 is further configured to send the response message to the browser.
[0108] Furthermore, the authorization information calculated from the private key includes the operation instruction (AC) field, the user password (UP) field, and the user verification information (UV) field.
[0109] In this embodiment of the invention, a device for secure page login is provided, such as... Figure 11As shown, it specifically includes: a fourth receiving unit 1101, a generating unit 1102, and a fourth transmitting unit 1103; The fourth receiving unit 1101 is used to receive authorization information and a random number sent by the operating system, wherein the authorization information includes user biometric information or personal identification code, and the random number is used for the access key verification process; the generating unit 1102 is used to perform private key calculation on the authorization information and the random number according to the private key, and generate a response message, wherein the response message includes the authorization information and the random number after private key calculation; the fourth sending unit 1103 is further used to send the response message to the operating system.
[0110] Figure 12 This is a schematic diagram of the structure of the electronic device described in an embodiment of the present invention. Figure 12 As shown, it includes a general computer hardware architecture, which includes at least a processor 1201 and a memory 1202. The processor 1201 and the memory 1202 are connected via a bus 1203. The memory 1202 is adapted to store instructions or programs executable by the processor 1201. The processor 1201 can be a standalone microprocessor or a collection of one or more microprocessors. Thus, the processor 1201 executes the instructions stored in the memory 1202 to perform the method flow of the embodiments of the present invention as described above, thereby realizing data processing and control of other devices. The bus 1203 connects the above-mentioned components together, and also connects the above-mentioned components to the display controller 1204, the display device, and the input / output (I / O) device 1205. The input / output (I / O) device 1205 can be a mouse, keyboard, modem, network interface, touch input device, motion-sensing input device, printer, and other devices known in the art. Typically, the input / output device 1205 is connected to the system via an input / output (I / O) controller 1206.
[0111] The instructions stored in memory 1202 are executed by at least one processor 1201 to achieve the following: sending the current page's status information via a Javascript package at set intervals; receiving the status information, determining that the current page's session has expired based on the status information, and sending a session expiration message; receiving the session expiration message, invoking the access key verification process, and sending the random number sent by the server to the operating system; popping up the access key system pop-up, receiving the authorization instruction triggered by the user, and sending the authorization information in the authorization instruction and the random number to the cryptographic chip; performing private key calculation on the authorization information and the random number, generating a response message, and sending the response message to the operating system; sending the response message to the browser; sending the response message to the server; verifying the response message, and in response to successful verification, sending an updated session to the current page of the browser; and receiving the updated session.
[0112] Specifically, the electronic device includes: one or more processors 1201 and a memory 1202. Figure 12 Take a processor 1201 as an example. The processor 1201 and the memory 1202 can be connected via a bus or other means. Figure 12 Taking a bus connection as an example, memory 1202, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. Processor 1201 executes various functional applications and data processing of the device by running the non-volatile software programs, instructions, and modules stored in memory 1202, thereby implementing the aforementioned method for determining secure login to the page.
[0113] The memory 1202 may include a program storage area and a data storage area. The program storage area may store the operating system and applications required for at least one function; the data storage area may store an option list, etc. Furthermore, the memory 1202 may include high-speed random access memory and may also include non-volatile memory, such as at least one disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, the memory 1202 may optionally include memory remotely located relative to the processor 1201, and these remote memories can be connected to external devices via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
[0114] One or more modules are stored in memory 1202, and when executed by one or more processors 1201, they execute the page secure login method in any of the above method embodiments.
[0115] As those skilled in the art will recognize, various aspects of the embodiments of the present invention can be implemented as a system, method, or computer program product. Therefore, various aspects of the embodiments of the present invention can take the form of a completely hardware implementation, a completely software implementation (including firmware, resident software, microcode, etc.), or an implementation combining software and hardware aspects, which may generally be referred to herein as a "circuit," "module," or "system." Furthermore, various aspects of the embodiments of the present invention can take the form of a computer program product implemented in one or more computer-readable media having computer-readable program code implemented thereon.
[0116] Any combination of one or more computer-readable media can be used. A computer-readable medium can be a computer-readable signal medium or a computer-readable storage medium. A computer-readable storage medium can be, for example, (but not limited to) an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or apparatus, or any suitable combination thereof. More specific examples (not an exhaustive list) of computer-readable storage media will include: an electrical connection having one or more wires, a portable computer floppy disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable optical disc read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In the context of embodiments of the present invention, a computer-readable storage medium can be any tangible medium capable of containing or storing a program used by or in conjunction with an instruction execution system, device, or apparatus.
[0117] Computer-readable signal media may include propagated digital signals having computer-readable program code implemented therein, such as in baseband or as part of a carrier wave. Such propagated signals may take any of a variety of forms, including, but not limited to, electromagnetic, optical, or any suitable combination thereof. A computer-readable signal medium may be any computer-readable medium that is not a computer-readable storage medium and can communicate, propagate, or transmit a program used by or in conjunction with an instruction execution system, device, or apparatus.
[0118] Program code implemented on a computer-readable medium may be transmitted using any suitable medium, including but not limited to wireless, wired, fiber optic cable, RF, or any suitable combination thereof.
[0119] Computer program code for performing operations relating to various aspects of embodiments of the present invention can be written in any combination of one or more programming languages, including: object-oriented programming languages such as Java, Smalltalk, C++, etc.; and conventional procedural programming languages such as the "C" programming language or similar programming languages. The program code can be executed as a standalone software package entirely on the user's computer, partially on the user's computer, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In the latter case, the remote computer can be connected to the user's computer via any type of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (e.g., via the Internet provided by an Internet service provider).
[0120] The flowchart illustrations and / or block diagrams of the methods, apparatus (systems), and computer program products according to embodiments of the present invention describe various aspects of the embodiments of the present invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, or other programmable data processing apparatus to produce a machine such that the instructions (executed via the processor of the computer or other programmable data processing apparatus) create means for implementing the functions / actions specified in the flowchart and / or block diagram blocks or blocks.
[0121] These computer program instructions may also be stored in a computer-readable medium that can direct a computer, other programmable data processing apparatus or other means to operate in a particular manner, such that the instructions stored in the computer-readable medium produce an article of writing that includes instructions that implement the functions / actions specified in flowchart and / or block diagram blocks or blocks.
[0122] Computer program instructions may also be loaded onto a computer, other programmable data processing apparatus or other device to cause a series of operable steps to be performed on the computer, other programmable apparatus or other device to produce a computer-implemented process, such that the instructions, which execute on the computer or other programmable apparatus, provide for implementing the functions / actions specified in flowchart and / or block diagram blocks or blocks.
[0123] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.
[0124] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, and displayed data) involved in this application are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, use, and processing of such data must comply with the relevant laws, regulations, and standards of the relevant countries and regions, and corresponding access points are provided for users to choose to authorize or refuse processing. A user's refusal to process personal information beyond what is necessary for basic functions will not affect the user's use of basic functions.
Claims
1. A system for secure login via a webpage, characterized in that, The system includes: a browser, a server, an operating system, and a cryptographic chip; The browser sends the current page status information via a Javascript package at set intervals. The server receives the status information, determines that the session of the current page has expired based on the status information, and sends a session expiration message; The browser receives the session expiration message, invokes the access key verification process, and sends the random number sent by the server to the operating system, wherein the random number is used for the access key verification process; The operating system pops up a key system pop-up and receives an authorization command triggered by the user, then sends the authorization information in the authorization command and the random number to the cryptographic chip; The cryptographic chip performs private key calculations on the authorization information and the random number, generates a response message, and sends the response message to the operating system; The operating system sends the response message to the browser; The browser sends the response message to the server; The server verifies the response message, and in response to successful verification, sends an updated session to the current page of the browser; The browser receives the updated session.
2. A method for secure login via a webpage, characterized in that, The method includes: At set intervals, the current page status information is sent via a Javascript package. The status information includes data indicating that the mouse is idle or the page is still open. The Javascript package is embedded in the current page. Receive a session expiration message, wherein the session expiration message is used to indicate that the session of the current page has expired; Invoke the access key verification process; The system receives a random number sent by the server and sends the random number to the operating system, wherein the random number is used for the access key verification process; The system receives a response message from the operating system, wherein the response message includes authorization information calculated using the private key and a random number. The response message is sent to the server via the Javascript package; The server sends an updated session, which is used to log in to the current page.
3. The method according to claim 2, characterized in that, The method further includes: The Javascript package detects that the current page has been registered and bound to the access key verification process.
4. The method according to claim 2, characterized in that, The access key verification process specifically includes: The access key interface is invoked using the specified method to initiate the access key verification process.
5. A method for secure login via a webpage, characterized in that, The method includes: The status information sent by the browser is received, wherein the status information includes data indicating that the mouse is idle and the page is still open on the current page of the browser; In response to determining that the session of the current page has expired based on the status information, a session expiration message is sent; Upon receiving the access key verification process start instruction sent by the browser, a random number is generated, wherein the random number is used for the access key verification process; Send the random number to the browser; Receive a response message sent by the browser, wherein the response message includes authorization information calculated using the private key and a random number; Verify the response message; Upon successful verification, an updated session is sent to the current page of the browser.
6. The method according to claim 5, characterized in that, The verification of the response message specifically includes: The public key is used to verify the random number calculated from the private key in the response message, and to determine the rationality of the authorization information calculated from the private key in the response message.
7. A method for secure login to a webpage, characterized in that, The method includes: A random number is received from the browser, wherein the random number is used in the access key verification process; A pop-up access key system layer appears, and an authorization command triggered by the user is received. The authorization command includes authorization information, which includes the user's biometric information or personal identification code. The authorization information and the random number are sent to the cryptographic chip; The system receives a response message from the cryptographic chip, wherein the response message includes authorization information and a random number after private key calculation; The response message is sent to the browser.
8. The method according to claim 7, characterized in that, The authorization information calculated from the private key includes the operation instruction (AC) field, the user password (UP) field, and the user verification information (UV) field.
9. A method for secure login to a webpage, characterized in that, The method includes: The system receives authorization information and a random number sent by the operating system, wherein the authorization information includes user biometric information or personal identification code, and the random number is used for the access key verification process; Based on the private key, a private key calculation is performed on the authorization information and the random number to generate a response message, wherein the response message includes the authorization information and the random number after the private key calculation; Send the response message to the operating system.
10. A device for secure login to a webpage, characterized in that, The device includes: The first sending unit is used to send the status information of the current page through a Javascript package at set intervals. The status information includes data on whether the mouse is idle or the page is still open on the current page. The Javascript package is embedded in the current page. The first receiving unit is configured to receive a session failure message, wherein the session failure message is used to indicate that the session of the current page has failed; The calling unit is used to invoke the access key verification process; The first receiving unit is further configured to receive a random number sent by the server and send the random number to the operating system, wherein the random number is used for the access key verification process; The first receiving unit is further configured to receive a response message sent by the operating system, wherein the response message includes authorization information calculated using the private key and a random number; The first sending unit is further configured to send the response message to the server via the Javascript package; The first receiving unit is further configured to receive an updated session sent by the server, wherein the updated session is used to log in to the current page.
11. A device for secure login to a webpage, characterized in that, The device includes: The second receiving unit is used to receive status information sent by the browser, wherein the status information includes data showing that the mouse is idle and the page is still open on the current page of the browser; The first processing unit, in response to determining that the session of the current page has expired based on the status information, is used to send a session expiration message; The second receiving unit is further configured to receive the access key verification process start instruction sent by the browser and generate a random number, wherein the random number is used for the access key verification process; The second sending unit is used to send the random number to the browser; The second receiving unit is further configured to receive a response message sent by the browser, wherein the response message includes authorization information calculated using the private key and a random number; The first processing unit is further configured to verify the response message; The second sending unit is further configured to, in response to successful verification, send an updated session to the current page of the browser.
12. A device for secure login to a webpage, characterized in that, The device includes: The third receiving unit is used to receive a random number sent by the browser, wherein the random number is used for the access key verification process; The second processing unit is used to pop up the access key system pop-up and receive the authorization instruction triggered by the user, wherein the authorization instruction includes authorization information, and the authorization information includes the user's biometric information or personal identification code; The third sending unit is used to send the authorization information and the random number to the cryptographic chip; The third receiving unit is further configured to receive a response message sent by the cryptographic chip, wherein the response message includes authorization information and a random number after private key calculation; The third sending unit is further configured to send the response message to the browser.
13. An electronic device comprising a memory and a processor, characterized in that, The memory is used to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method as described in any one of claims 2-9.
14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the method as described in any one of claims 2-9.