Method and apparatus for authenticating login to system, and device and storage medium
By encrypting and forwarding the login password locally on the smart device or system, the convenience problem when users forget their login password is solved, and a secure and convenient login process is achieved.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- BEIJING THREATBOOK TECHNOLOGY CO LTD
- Filing Date
- 2025-01-24
- Publication Date
- 2026-07-02
AI Technical Summary
When users forget their login password on a smart device or system, the process of retrieving the password is cumbersome, resulting in poor login convenience.
The system retrieves the current login password locally on the smart device or system, encrypts it, generates encrypted information, and forwards it to the security server through a preset request interface for decryption to obtain the login password.
While ensuring security, it improves the convenience and security of users logging into smart devices or systems when they forget their login password.
Smart Images

Figure CN2025074944_02072026_PF_FP_ABST
Abstract
Description
Methods, apparatus, equipment and storage media for authentication login systems
[0001] Cross-reference to related applications
[0002] This disclosure claims priority to Chinese Patent Application No. 2024119317680, filed on December 26, 2024, entitled “Method, Apparatus, Device and Storage Medium for Authentication Login System”, the entire contents of which are incorporated herein by reference. Technical Field
[0003] This disclosure relates to the field of login authentication technology, and more specifically, to a method, apparatus, device, and storage medium for an authentication login system. Background Technology
[0004] With the development of internet technology, the application of various smart devices or systems has become increasingly widespread. Smart devices or systems typically provide administrator accounts, allowing users to log in to the management program of the smart device or system using the administrator account and its corresponding login password to manage the smart device or system.
[0005] For security reasons, smart devices or systems are usually configured to require users to change their login password after they log in to the management program for the first time, in order to prevent others from logging in to the management program with the default password.
[0006] However, in practice, users often forget their changed login passwords and need to retrieve or restore the default password before they can log back into the management program. To improve device management security, the steps for retrieving or restoring passwords are usually very cumbersome, making it inconvenient for users to log in to smart devices or systems when they forget their passwords.
[0007] Application content
[0008] The purpose of this disclosure is to provide a method, apparatus, device, and storage medium for authenticating and logging into a system, so as to improve the convenience for users to log into smart devices or systems when they forget their login password.
[0009] This disclosure provides a method for authenticating and logging into a system, including:
[0010] In response to a user's request to obtain the login password for the target system, the current login password of the target system is obtained, and the current login password is encrypted to obtain encrypted information;
[0011] The system receives the login password to be authenticated input by the user, authenticates the login password to be authenticated based on the current login password, and determines whether to allow the user to log in to the target system based on the authentication result.
[0012] The login password to be authenticated is obtained by parsing the encrypted information.
[0013] In this embodiment of the disclosure, by obtaining and encrypting the current login password locally on the smart device or system, the user can forward the encrypted information to the security server for decryption and to obtain the corresponding login password. This improves the convenience for users to log in to the smart device or system when they forget their login password, while ensuring security.
[0014] In some possible embodiments, before receiving the login password to be authenticated entered by the user, the method further includes:
[0015] A request string is generated based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, and the security server can parse the encrypted information to obtain the login password to be authenticated.
[0016] In this embodiment of the disclosure, by pre-setting a request interface locally on the smart device or system and combining it with encrypted information to generate a request string for requesting a security server, the efficiency of forwarding encrypted information is further improved.
[0017] In some possible embodiments, generating a request string based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, includes:
[0018] A request string is generated based on the encrypted information and a preset request interface, and the request string is converted into an image recognition code. The user can then scan the image recognition code with their mobile terminal and forward the encrypted information to the security server based on the request string obtained by parsing the image recognition code.
[0019] In this embodiment of the disclosure, the flexibility of forwarding encrypted information is further improved by converting the request string into a graphic identification code for mobile terminals to scan and identify and send a request to the security server.
[0020] In some possible embodiments, the encrypted information is obtained by encrypting the current login password and the device identifier of the target system;
[0021] The security server is configured as follows:
[0022] Receive encrypted information forwarded by the user, and parse the encrypted information to obtain the corresponding current login password and device identifier;
[0023] The registration terminal number bound to the device identifier is obtained based on the pre-stored registration information database, and the current login password is sent to the target mobile terminal corresponding to the registration terminal number.
[0024] In this embodiment of the disclosure, by setting up a registration information database to manage login passwords for different devices, the flexibility of smart device login authentication is further improved.
[0025] In some possible embodiments, the encrypted information is obtained by encrypting the current login password and the target terminal number preset in the target system;
[0026] The security server is configured as follows:
[0027] Receive encrypted information forwarded by the user, and parse the encrypted information to obtain the corresponding current login password and target terminal number;
[0028] The current login password is sent to the target mobile terminal corresponding to the target terminal number.
[0029] In this embodiment of the disclosure, by pre-storing the mobile phone number corresponding to the user (administrator) locally on the smart device or system, and encrypting the mobile phone number together with the current login password and forwarding it to the security server, the security server can directly send the current login password back to the mobile terminal corresponding to the mobile phone number after parsing the encrypted information, thereby further improving the convenience for users to log in to the smart device or system when they forget their login password.
[0030] In some possible embodiments, the method of the authentication login system further includes:
[0031] In response to a user's account registration request for the target system, the system obtains the terminal number to be registered specified in the account registration request, and encrypts the terminal number to be registered with the device identifier of the target system to obtain encrypted registration information.
[0032] The security server is also configured to:
[0033] Receive the registration encryption information forwarded by the user, and parse the registration encryption information to obtain the corresponding terminal number to be registered and device identifier;
[0034] Authentication information is sent to the mobile terminal corresponding to the terminal number to be registered to authenticate the identity of the terminal number to be registered, and after the identity authentication is successful, the terminal number to be registered and the device identifier are bound and stored in the registration information database.
[0035] In this embodiment of the disclosure, the security of user registration and login accounts is further improved by authenticating the registration information submitted by the user on the smart device through a security server.
[0036] In some possible embodiments, the step of responding to a user's request to obtain a login password for the target system, obtaining the current login password of the target system, and encrypting the current login password to obtain encrypted information includes:
[0037] In response to a user's request to obtain a login password for a target system, a preset login password corresponding to the target account specified in the login password request is obtained and used as the current login password for the target system.
[0038] The target account and the current login password are encrypted to obtain encrypted information.
[0039] In this embodiment of the disclosure, by obtaining the previously preset login password of different users based on the account as the current login password, the smart device can authenticate the login of different users by means of password retrieval, thereby further improving the convenience of users logging into the smart device or system when they forget their login password.
[0040] In some possible embodiments, obtaining the current login password of the target system in response to a user's request to obtain the login password for the target system includes:
[0041] In response to a user's request to obtain the login password for the target system, a random login password is generated based on a preset random algorithm and used as the current login password for the target system.
[0042] In this embodiment of the disclosure, by using a randomly generated login password as the current login password, login authentication of the device is achieved in the form of a random password, which further improves the security of logging into the smart device or system when the user forgets the login password.
[0043] In some possible embodiments, the method of the authentication login system further includes:
[0044] After generating the random login password, if no authentication login password matching the random login password is received within a preset valid time period, the current login password of the target system is reset.
[0045] In this embodiment of the disclosure, by configuring an expiration period for the random login password and invalidating the current random login password when authentication fails within the timeout period, the security of logging into smart devices or systems when users forget their login password is further improved.
[0046] In some possible embodiments, the method of the authentication login system further includes:
[0047] If the number of failed authentication attempts based on the current login password exceeds a preset threshold, the user's login account will be locked.
[0048] In this embodiment of the disclosure, by locking user accounts that have exceeded the limit for consecutive authentication failures, the security of users logging into smart devices or systems when they forget their login password is further improved.
[0049] In some possible embodiments, encrypting the current login password to obtain encrypted information includes:
[0050] Select a target encryption rule from a variety of preset encryption rules to encrypt the current login password, obtain encrypted information, and record the encryption identifier corresponding to the target encryption rule;
[0051] The process of generating a request string based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, specifically involves:
[0052] A request string is generated based on the encrypted information, the encrypted identifier, and the preset request interface, so that the user can forward the encrypted information and the encrypted identifier to the security server based on the request string;
[0053] The security server is configured as follows:
[0054] The system receives the encrypted information and the encrypted identifier forwarded by the user, obtains the corresponding target decryption rule based on the encrypted identifier, parses the encrypted information based on the target decryption rule to obtain the corresponding current login password, and then sends the current login password back to the user.
[0055] In this embodiment of the disclosure, information such as login passwords is encrypted by dynamically selecting encryption rules, thereby further improving the security of logging into smart devices or systems when users forget their login passwords.
[0056] This disclosure also provides an apparatus for an authentication login system, including:
[0057] The password encryption module is configured to respond to a user's request to obtain the login password of the target system, obtain the current login password of the target system, encrypt the current login password, and obtain encrypted information.
[0058] The login authentication module is configured to receive the login password to be authenticated input by the user, authenticate the login password to be authenticated based on the current login password, and determine whether to allow the user to log in to the target system based on the authentication result.
[0059] The login password to be authenticated is obtained by parsing the encrypted information.
[0060] This disclosure also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the program, can implement the method described in any of the embodiments of the first aspect.
[0061] This disclosure also provides a computer-readable storage medium storing a computer program that, when executed by a processor, can implement the method described in any embodiment of the first aspect.
[0062] This disclosure also provides a computer program product, which includes a computer program that, when executed by a processor, can implement the method described in any embodiment of the first aspect. Attached Figure Description
[0063] To more clearly illustrate the technical solutions of the embodiments of this disclosure, the accompanying drawings used in the embodiments of this disclosure will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this disclosure and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0064] Figure 1 is a flowchart illustrating a method for an authentication login system provided in an embodiment of this disclosure;
[0065] Figure 2 is an interactive system architecture diagram of the authentication login system method provided in the embodiments of this disclosure;
[0066] Figure 3 is a schematic diagram of the structure of an authentication login system device provided in an embodiment of this disclosure;
[0067] Figure 4 is a schematic diagram of the structure of an electronic device provided in an embodiment of this disclosure. Detailed Implementation
[0068] The technical solutions of the embodiments of this disclosure will now be described with reference to the accompanying drawings.
[0069] It should be noted that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. Furthermore, in the description of this disclosure, the terms "first," "second," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0070] As shown in Figure 1, this embodiment of the present disclosure provides a method for authenticating and logging into a system, which may include the following steps:
[0071] S1. In response to the user's request to obtain the login password for the target system, obtain the current login password of the target system, encrypt the current login password, and obtain encrypted information.
[0072] It should be noted that the authentication login system method of this disclosure embodiment can be executed by a smart device or system. A smart device or system can be any device or system with certain processing capabilities, such as a smart bracelet, smart home appliances, IoT devices, or network devices. The target system refers to the management program within the smart device or system.
[0073] Optionally, when a user needs to log in to the management program (target system) of a smart device or system and forgets their login password, they can send a request to the smart device or system to retrieve the login password (login password retrieval request). For example, a login password retrieval request can be initiated by clicking the "Forgot Password" button on the visual interface of the smart device or system.
[0074] When a smart device or system receives a user's login password request, it retrieves the current login password used to log in to the target system from its local storage. This current login password can be a previously set fixed password or a randomly generated password.
[0075] Then, the current login password is encrypted to obtain encrypted information.
[0076] The encryption process can be implemented using a symmetric encryption algorithm or an asymmetric encryption algorithm (public key and private key) negotiated in advance with a security server (such as a pre-configured cloud server), so that the security server can decrypt the encrypted information using the corresponding decryption strategy.
[0077] S2. Receive the login password to be authenticated entered by the user, authenticate the login password to be authenticated based on the current login password, and determine whether to allow the user to log in to the target system based on the authentication result.
[0078] The login password to be authenticated can be obtained by parsing the encrypted information.
[0079] In one possible implementation, the encrypted information can be parsed using a local security decryption program to obtain the login password to be authenticated.
[0080] In another possible implementation, the user can forward the encrypted information to a security server, which will then parse the encrypted information to obtain the login password to be authenticated.
[0081] It should be noted that after generating encrypted information, the intelligent device or system can display the encrypted information through its visual interface; alternatively, it can also be displayed through a web-based interface (such as a management host) connected to the intelligent device or system. Then, the user can obtain the encrypted information via some communication method (such as a mobile terminal like a smartphone) and forward it to the security server. The security server then parses the encrypted information and returns the corresponding login password. For example, the encrypted information can be a string, which the user can send to the security server via a URL request on a mobile terminal or web interface to request decryption.
[0082] For example, the security server can use a decryption algorithm corresponding to the encryption algorithm to decrypt the encrypted information, obtain the current login password, and then send the current login password back to the user.
[0083] For example, the security server can return the decrypted current login password directly through the same link that the user sent the encrypted information.
[0084] Optionally, the encrypted information may include a device identifier. After the security server parses the encrypted information to obtain the current login password and device identifier, it can send the current login password back to the target mobile terminal corresponding to the registered terminal number based on the registered terminal number corresponding to the device identifier.
[0085] Optionally, the encrypted information may also include the target terminal number. After the security server parses the encrypted information to obtain the current login password and the target terminal number, it can directly send the current login password to the target mobile terminal corresponding to the target terminal number.
[0086] If a user possesses a target mobile terminal corresponding to the registered terminal number (target terminal number), after the target mobile terminal obtains the login password returned by the security server, it can enter the login password into the smart device or system for login authentication. At this time, the smart device or system receives the login password entered by the user (the login password to be authenticated), and authenticates it based on the currently recorded login password. For example, if the login password to be authenticated matches the current login password, authentication is successful, allowing the user to log in to the target system; otherwise, authentication fails, and the user's login is denied.
[0087] In this embodiment of the disclosure, the current login password is obtained locally on the smart device or system and encrypted so that the user can forward the encrypted information to the security server for decryption and to obtain the corresponding login password. This not only ensures the security of the login password acquisition, but also enables the smart device or system to log in without establishing a communication connection with the mobile terminal and the security server. This effectively improves the convenience for users to log in to the smart device or system when they forget their login password.
[0088] It should be noted that because the login password is encrypted on the smart device or system side and decrypted on the security server side, and is transmitted in ciphertext during transmission, the security of the login password during transmission is guaranteed. Furthermore, to enhance the reliability of encryption and decryption, a public-private key method can be used to encrypt and decrypt the login password; alternatively, public key encryption can be used on the smart device or system side, and private key decryption can be used on the security server side. In this way, even if the smart device or system is cracked, as long as the private key on the security server side is not leaked, the confidentiality of information during the login password retrieval process can still be guaranteed.
[0089] In some possible embodiments, prior to step S2, the following may also be included:
[0090] S101. Generate a request string based on the encrypted information and the preset request interface, so that the user can forward the encrypted information to the security server based on the request string.
[0091] It should be noted that the request string used to request the security server, such as the URL (uniform resource locator), can be generated locally on the smart device or system. For example, encrypted information can be used as an API parameter and combined with a pre-defined request interface (the request API for the security server) to generate the request string; then, the user can use this request string to directly initiate a connection request to the security server and forward the encrypted information to the security server.
[0092] For example, the smart device and system can display a generated request string, which the user can manually enter on their mobile terminal (or use a method such as text recognition after taking a photo) to trigger a request to be sent to the security server; or, the smart device and system can send the request string to the user's mobile terminal via wired or wireless means (such as Bluetooth, hotspot network, etc.) so that the user's mobile terminal can trigger a request to be sent to the security server.
[0093] Based on this, by pre-setting a request interface locally on the smart device or system, a request string for encrypted information can be generated locally on the smart device or system, eliminating the need to organize and generate the request string on the user's mobile terminal, thereby further improving the efficiency and reliability of forwarding encrypted information.
[0094] In some possible embodiments, step S101, generating a request string based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, may include:
[0095] S1011. Generate a request string based on the encrypted information and the preset request interface, and convert the request string into an image recognition code so that the user can scan the image recognition code with their mobile terminal. Then, based on the request string obtained by parsing the image recognition code, forward the encrypted information to the security server.
[0096] Optionally, after generating a request string for encrypted information locally, the smart device or system can further convert it into a graphic identification code (such as a QR code) and display it. Since the request string can be a URL string carrying encrypted information, the user can scan and parse the graphic identification code using a mobile terminal to automatically connect to the URL corresponding to the graphic identification code, thereby directly establishing a connection with the security server and sending encrypted information. After receiving the corresponding API request, the security server can obtain the encrypted information, decrypt it, and send the login password back to the target mobile terminal corresponding to the registered number.
[0097] Based on this, by scanning the code to identify the request string and automatically connecting to the security server and sending encrypted information, the flexibility of forwarding encrypted information is effectively improved, which in turn helps to further improve the convenience of retrieving login passwords.
[0098] In some possible embodiments, the encrypted information is obtained by encrypting the current login password and the device identifier of the target system;
[0099] The security server is configured as follows:
[0100] Receive encrypted information forwarded by the user, parse the encrypted information to obtain the corresponding current login password and device identifier;
[0101] The system retrieves the registered terminal number bound to the device identifier from the pre-stored registration information database and sends the current login password to the target mobile terminal corresponding to the registered terminal number.
[0102] It should be noted that in scenarios where smart devices or systems only support single-user management, there is a one-to-one binding relationship between device identifiers and users. Security servers can use device identifiers to parse and manage login passwords for different smart devices or systems.
[0103] Optionally, after parsing the encrypted information forwarded by the user and obtaining the corresponding current login password and device identifier, the security server can search for the registered terminal number bound to that device identifier in a pre-stored registration information database. Based on this registered terminal number, the server sends the current login password to the corresponding target mobile terminal. If the user possesses the target mobile terminal corresponding to that registered terminal number, the user can obtain the current login password returned by the security server through that target mobile terminal. The registration information database stores different device identifiers and their corresponding bound registered terminal numbers.
[0104] In some possible embodiments, in scenarios where smart devices or systems support multi-user management, multiple user accounts can be registered and bound to the same device identifier.
[0105] Optionally, a username (user account) field needs to be added when registering an administrator account. Based on this, the registration information database can store registration terminal number information for different device identifiers and their corresponding bound usernames. Correspondingly, during the password retrieval process, when a user initiates a password retrieval request for the target system, they need to enter the username field. Then, the smart device or system encrypts the username, device identifier, and corresponding current login password (corresponding to the username) to generate encrypted information. After the security server decrypts the username, device identifier, and corresponding current login password, it first searches for the corresponding user and device registration terminal number information in the pre-stored registration information database based on the username and device identifier, and then sends the current login password based on the registration terminal number.
[0106] Based on this, by setting up a registration information database to bind and store registration information for different devices and accounts, it is possible to manage login passwords for different devices and user accounts, thereby further improving the flexibility of smart device login authentication.
[0107] In some possible embodiments, the encrypted information is obtained by encrypting the current login password and the target terminal number preset in the target system;
[0108] The security server is configured as follows:
[0109] Receive encrypted information forwarded by the user, parse the encrypted information to obtain the corresponding current login password and target terminal number;
[0110] Send the current login password to the target mobile terminal corresponding to the target terminal number.
[0111] It should be noted that, in some possible embodiments, in addition to encrypting the device identifier and forwarding it to the security server, and having the security server determine the target mobile terminal based on the decrypted device identifier, the pre-stored target terminal number corresponding to the administrator can also be directly obtained locally on the smart device or system, and the target terminal number is encrypted together with the current login password, so that the user can forward the encrypted information to the security server. In this way, after receiving and parsing the encrypted information, the security server can directly feed back the current login password to the corresponding target mobile terminal according to the target terminal number.
[0112] The smart device or system can pre-store one or more terminal numbers corresponding to administrators locally. If multiple terminal numbers corresponding to administrators are pre-stored, when a user initiates a login password retrieval request, they can enter their user account. The smart device or system can then retrieve the target terminal number of the corresponding administrator based on the user account, which is used for encryption with the current login password. Accordingly, the current login password can be a randomly generated login password or a preset login password corresponding to the user account entered by the user.
[0113] In some possible embodiments, the method for authenticating and logging into the system may further include the steps of:
[0114] S3. In response to the user's account registration request for the target system, obtain the terminal number to be registered specified in the account registration request, encrypt the terminal number to be registered and the device identifier of the target system to obtain the registration encrypted information;
[0115] The security server is also configured as follows:
[0116] Receive encrypted registration information forwarded by the user, and parse the encrypted registration information to obtain the corresponding terminal number to be registered and device identifier;
[0117] Authentication information is sent to the mobile terminal corresponding to the terminal number to be registered in order to authenticate the identity of the terminal number to be registered, and after successful authentication, the terminal number to be registered and the device identifier are bound and stored in the registration information database.
[0118] It should be noted that the user account registration process can be set up as an interactive flow similar to steps S1 to S2. Optionally, when a user needs to register an administrator account for a target system, they can initiate an account registration request on the smart device or system and enter the mobile phone number they want to register (in scenarios where multiple users are supported on the same device, the username they want to register also needs to be entered); then the smart device or system obtains the terminal number to be registered entered by the user based on the account registration request submitted by the user, and encrypts the terminal number to be registered with the device identifier of the current smart device or system to obtain the registration encrypted information.
[0119] Then, the user forwards the encrypted registration information to the security server through some communication method (e.g., by sending a connection URL request via their mobile terminal); for example, the user can forward the encrypted registration information to the security server by entering the encrypted registration information on the mobile terminal or by scanning a QR code (derived from the encrypted registration information) using the mobile terminal.
[0120] After receiving the encrypted registration information forwarded by the user, the security server decrypts the information using a corresponding decryption algorithm based on a pre-determined encryption / decryption protocol for the smart device, obtaining the terminal number to be registered and the device identifier. Then, for example, the security server can send a random verification code to the corresponding target mobile terminal based on the terminal number to be registered, and simultaneously return a verification page for inputting the verification code along the same path as the link where the user forwarded the encrypted registration information. If the user possesses the terminal number to be registered and is on the corresponding target mobile terminal, they can receive the random verification code on the target mobile terminal, input the verification code on the verification page, and submit the verification code to the security server. Finally, the security server authenticates the identity of the currently registered user by comparing the user-input verification code with the previously generated random verification code. Upon successful authentication, the security server binds and stores the terminal number and device identifier requested by the user in the registration information database.
[0121] In some possible embodiments, in step S1, in response to a user's request to obtain the login password for the target system, the current login password of the target system is obtained, and the current login password is encrypted to obtain encrypted information, which may include:
[0122] S111. In response to the user's request to obtain the login password for the target system, obtain the preset login password corresponding to the target account specified in the login password request, and use it as the current login password for the target system.
[0123] S112. Encrypt the target account and the current login password to obtain encrypted information.
[0124] It should be noted that when a smart device or system responds to a user's request to obtain the login password for a target system, it may use a pre-set and recorded login password as the current login password for the target system.
[0125] Optionally, in scenarios where smart devices or systems support multi-user account management, different users can register and set a corresponding login password for the same smart device or system. When a user forgets their password and needs to retrieve it, they can enter their registered username (target account) when initiating a password retrieval request. The smart device or system can then retrieve a pre-recorded default login password based on this target account as the current login password for the target system. After password encryption and decryption by a security server, the user can retrieve their previously set login password and use it to log in to the target system.
[0126] Based on this, by implementing login authentication for smart devices through password retrieval, login authentication can be achieved in multi-user account management scenarios, further improving the convenience for users to log in to smart devices or systems when they forget their login password.
[0127] In some possible embodiments, step S1, in response to a user's request to obtain the login password for the target system, obtaining the current login password for the target system may include:
[0128] S121. In response to the user's request to obtain the login password for the target system, a random login password is generated based on a preset random algorithm and used as the current login password for the target system.
[0129] It should be noted that if a user forgets their password, in addition to retrieving the password to log in to the target system, they can also log in by obtaining a random password.
[0130] Optionally, when responding to a user's request to retrieve the login password for a target system, the smart device or system can generate a random login password based on a preset random algorithm, which will then serve as the current login password for the target system. This eliminates the need for the smart device or system to distinguish between different user accounts to retrieve passwords; instead, it uniformly uses a random password for system login authentication, further improving the convenience for users logging into the smart device or system when they forget their password. Simultaneously, by generating a random password, it prevents preset passwords from being cracked or stolen by other users, thereby further enhancing the security of login authentication for the smart device or system.
[0131] In some possible embodiments, the method for authenticating and logging into the system may further include the steps of:
[0132] S4. After generating a random login password, if no login password matching the random login password is received within the preset valid time period, the current login password of the target system is reset.
[0133] It should be noted that in scenarios where random login passwords are used for login authentication, a valid login time limit can be set to further improve the security of login authentication.
[0134] Optionally, a timer is started each time a random login password is generated. If successful authentication is not achieved within a preset valid time period, that is, if no login password matching the current random login password is received within the preset valid time period, the current login password of the target system is reset.
[0135] Resetting the target system's current login password can be achieved by either generating a new random login password and using it as the current password, or by resetting the target system's current login password to a preset fixed password. In this case, even if the user obtains the previously generated random login password, they will not be able to pass the target system's authentication. If the user wants to retrieve their password and log in to the system again, they need to initiate the password retrieval process again.
[0136] Based on this, by configuring an expiration period for random login passwords and invalidating the current random login password if authentication fails within the timeout period, the security of login authentication for smart devices or systems is further improved.
[0137] In some possible embodiments, the method for authenticating and logging into the system may further include the steps of:
[0138] S5. If the number of times the authentication attempts based on the current login password fail to reach the preset threshold, the user's login account will be locked.
[0139] It should be noted that, to prevent brute-force attacks, login authentication protection policies can also be set. Optionally, after a user initiates a password retrieval process, if the number of failed authentication attempts using the same current login password against the user's entered login password exceeds a preset limit, the user's login account will be locked.
[0140] Optionally, after locking a user's login account, a preset lock time can be set, such as three days. During this lock time, the user will no longer be able to log in to the system using that account. Additionally, an unlock function can be set up to handle locked accounts. After a user's login account is locked, the user can request authentication and unlock through other more advanced security verification methods (such as manual appeals).
[0141] Therefore, by locking user accounts that have exceeded the limit for consecutive authentication failures, brute-force attacks can be effectively prevented, thereby further improving the security of login authentication for smart devices or systems.
[0142] In some possible embodiments, step S1, encrypting the current login password to obtain encrypted information, may include:
[0143] Select the target encryption rule from a variety of preset encryption rules, encrypt the current login password, obtain the encrypted information, and record the encryption identifier corresponding to the target encryption rule;
[0144] Step S101: Generate a request string based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string. Specifically:
[0145] A request string is generated based on the encrypted information, encrypted identifier, and preset request interface, so that the user can forward the encrypted information and encrypted identifier to the security server based on the request string;
[0146] The security server is configured as follows:
[0147] Receive encrypted information and encryption identifier forwarded by the user, obtain the corresponding target decryption rule based on the encryption identifier, parse the encrypted information based on the target decryption rule to obtain the corresponding current login password, and then send the current login password back to the user.
[0148] It should be noted that during each encryption process, one of the various locally preset encryption rules (or algorithms) can be selected. The user then forwards the currently used encryption rule information (encryption identifier) along with the encrypted information to the security server, so that the security server can obtain the corresponding decryption rule (or algorithm) based on the encryption identifier and decrypt the current encrypted information.
[0149] Based on this, by using different encryption rules to encrypt information such as login passwords during the password retrieval process, the security of users logging into smart devices or systems when they forget their login passwords is further improved.
[0150] As shown in Figure 2, the authentication login system method of this exemplary embodiment mainly involves the interaction between the following three parts: smart device or system, mobile phone and security server.
[0151] As an example, the authentication login system method of this disclosure embodiment can be implemented through the following steps:
[0152] 1. In response to a user's request to retrieve a password, the program in the smart device or system randomly generates a login password, and then encrypts this login password and the device identifier (or mobile phone number) to obtain an encrypted string;
[0153] 2. Use the encrypted string as an API parameter, and combine this API parameter with the request API corresponding to the security server to form a request URL string to be sent to the security server;
[0154] 3. Convert the request URL string into a QR code and display it on the web interface;
[0155] 4. Users (administrators) scan the QR code using their mobile phones;
[0156] 5. After scanning the QR code with a mobile phone, the system automatically connects to the corresponding URL and transmits the corresponding encrypted string to the security server.
[0157] 6. After receiving the corresponding API request, the security server retrieves the encrypted string from the request, and then decrypts it to obtain the device identifier (or mobile phone number) and login password;
[0158] 7. The security server notifies the administrator of the login password through a reliable channel; for example: obtaining the pre-registered mobile phone number based on the device identifier (or directly parsing the encrypted string to obtain the mobile phone number), and then sending an SMS to the mobile phone number of that mobile phone number to inform it of the login password; or, verbally notifying the administrator after confirming the administrator's identity, etc.
[0159] 8. After receiving the login password, the administrator uses this login password to log in to the smart device or system;
[0160] 9. After receiving the login password entered by the administrator, the smart device or system compares it with the previously determined login password. If the comparison matches, the authentication is successful and the administrator is allowed to log in to the system; otherwise, the login is rejected.
[0161] Please refer to Figure 3, which shows a block diagram of the apparatus of an authentication login system provided in some embodiments of this disclosure. It should be understood that the apparatus of this authentication login system corresponds to the method embodiment of Figure 1 above and is capable of performing the various steps involved in the method embodiment above. The specific functions of the apparatus of this authentication login system can be found in the description above. To avoid repetition, detailed descriptions are appropriately omitted here.
[0162] The authentication login system apparatus of Figure 3 includes at least one software function module that can be stored in a memory or embedded in the authentication login system apparatus in the form of software or firmware. The authentication login system apparatus includes:
[0163] The password encryption module 310 is configured to respond to a user's request to obtain the login password of the target system, obtain the current login password of the target system, encrypt the current login password, and obtain encrypted information.
[0164] The login authentication module 320 is configured to receive the login password to be authenticated input by the user, authenticate the login password to be authenticated based on the current login password, and determine whether to allow the user to log in to the target system based on the authentication result.
[0165] The login password to be authenticated is obtained by the security server after the user forwards the encrypted information to the security server, which then parses the encrypted information and returns the password.
[0166] It is understood that the above-described apparatus embodiments correspond to the method embodiments of this disclosure. The apparatus for an authentication login system provided by the embodiments of this disclosure can implement the method of the authentication login system provided by any one of the method embodiments of this disclosure.
[0167] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working process of the device described above can be referred to the corresponding process in the aforementioned method, and will not be elaborated further here.
[0168] As shown in FIG4, some embodiments of the present disclosure provide an electronic device 400, which includes a memory 410, a processor 420, and a computer program stored on the memory 410 and executable on the processor 420. When the processor 420 reads the program from the memory 410 via a bus 430 and executes the program, it can implement any of the methods included in the above-described authentication login system method.
[0169] Processor 420 can process digital signals and may include various computing architectures. For example, it may be a complex instruction set computer architecture, a reduced instruction set computer architecture, or an architecture that implements multiple instruction set combinations. In some examples, processor 420 may be a microprocessor.
[0170] Memory 410 may be configured to store instructions executed by processor 420 or data related to instruction execution. These instructions and / or data may include code configured to implement some or all of the functions of one or more modules described in embodiments of this disclosure. Processor 420 of embodiments of this disclosure may be configured to execute instructions in memory 410 to implement the methods described above. Memory 410 includes dynamic random access memory, static random access memory, flash memory, optical memory, or other memories well known to those skilled in the art.
[0171] Some embodiments of this disclosure also provide a computer-readable storage medium storing a computer program that, when executed by a processor, performs the methods described in the method embodiments.
[0172] Some embodiments of this disclosure also provide a computer program product that, when run on a computer, causes the computer to perform the methods described in the method embodiments.
[0173] It should be noted that the various embodiments in this specification are described in a progressive manner, with each embodiment focusing on the differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For apparatus embodiments, since they are basically similar to method embodiments, the description is relatively simple; relevant parts can be referred to the descriptions in the method embodiments.
[0174] It should be understood, in the several embodiments provided in this disclosure, that the disclosed apparatus and methods can also be implemented in other ways. The apparatus embodiments described above are merely illustrative; for example, the flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods, and computer program products according to various embodiments of this disclosure. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions marked in the blocks may occur in a different order than those marked in the drawings. For example, two consecutive blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram and / or flowchart, and combinations of blocks in block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or action, or using a combination of dedicated hardware and computer instructions.
[0175] In addition, the functional modules in the various embodiments of this disclosure can be integrated together to form an independent part, or each module can exist independently, or two or more modules can be integrated to form an independent part.
[0176] If the aforementioned functions are implemented as software functional modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this disclosure, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this disclosure. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0177] The above description is merely an embodiment of this disclosure and is not intended to limit the scope of protection of this disclosure. Various modifications and variations can be made to this disclosure by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this disclosure should be included within the scope of protection of this disclosure. It should be noted that similar reference numerals and letters in the following figures denote similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures.
[0178] The above description is merely a specific embodiment of this disclosure, but the scope of protection of this disclosure is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this disclosure should be included within the scope of protection of this disclosure. Therefore, the scope of protection of this disclosure should be determined by the scope of the claims.
[0179] It should be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element. Industrial applicability
[0180] This disclosure provides a method, apparatus, device, and storage medium for authenticating and logging into a system, which can improve the convenience for users to log into smart devices or systems when they forget their login password, while ensuring security.
Claims
1. A method for an authentication login system, characterized in that, include: In response to a user's request to obtain the login password for the target system, the current login password of the target system is obtained, and the current login password is encrypted to obtain encrypted information; The system receives the login password to be authenticated input by the user, authenticates the login password to be authenticated based on the current login password, and determines whether to allow the user to log in to the target system based on the authentication result. The login password to be authenticated is obtained by parsing the encrypted information.
2. The method for authentication login system according to claim 1, characterized in that, Before receiving the login password to be authenticated input by the user, the method also includes: A request string is generated based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, and the security server can parse the encrypted information to obtain the login password to be authenticated.
3. The method for authentication login system according to claim 2, characterized in that, The step of generating a request string based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, includes: A request string is generated based on the encrypted information and a preset request interface, and the request string is converted into an image recognition code. The user can then scan the image recognition code with their mobile terminal and forward the encrypted information to the security server based on the request string obtained by parsing the image recognition code.
4. The method for authentication login system according to claim 2, characterized in that, The encrypted information is obtained by encrypting the current login password and the device identifier of the target system. The security server is configured as follows: Receive encrypted information forwarded by the user, and parse the encrypted information to obtain the corresponding current login password and device identifier; The registration terminal number bound to the device identifier is obtained based on the pre-stored registration information database, and the current login password is sent to the target mobile terminal corresponding to the registration terminal number.
5. The method for authentication login system according to claim 2, characterized in that, The encrypted information is obtained by encrypting the current login password and the target terminal number preset in the target system. The security server is configured as follows: Receive encrypted information forwarded by the user, and parse the encrypted information to obtain the corresponding current login password and target terminal number; The current login password is sent to the target mobile terminal corresponding to the target terminal number.
6. The method for authentication login system according to claim 4, characterized in that, Also includes: In response to a user's account registration request for the target system, the system obtains the terminal number to be registered specified in the account registration request, and encrypts the terminal number to be registered with the device identifier of the target system to obtain encrypted registration information. The security server is also configured to: Receive the registration encryption information forwarded by the user, and parse the registration encryption information to obtain the corresponding terminal number to be registered and device identifier; Authentication information is sent to the mobile terminal corresponding to the terminal number to be registered to authenticate the identity of the terminal number to be registered, and after the identity authentication is successful, the terminal number to be registered and the device identifier are bound and stored in the registration information database.
7. The method for authentication login system according to claim 1, characterized in that, In response to a user's request to obtain a login password for the target system, the current login password of the target system is obtained, and the current login password is encrypted to obtain encrypted information, including: In response to a user's request to obtain a login password for a target system, a preset login password corresponding to the target account specified in the login password request is obtained and used as the current login password for the target system. The target account and the current login password are encrypted to obtain encrypted information.
8. The method for authentication login system according to claim 1, characterized in that, The step of responding to a user's request to obtain the login password for the target system, and obtaining the current login password for the target system, includes: In response to a user's request to obtain the login password for the target system, a random login password is generated based on a preset random algorithm and used as the current login password for the target system.
9. The method for authentication login system according to claim 8, characterized in that, Also includes: After generating the random login password, if no authentication login password matching the random login password is received within a preset valid time period, the current login password of the target system is reset.
10. The method for authentication login system according to claim 1, characterized in that, Also includes: If the number of failed authentication attempts based on the current login password exceeds a preset threshold, the user's login account will be locked.
11. The method for authentication login system according to claim 2, characterized in that, The step of encrypting the current login password to obtain encrypted information includes: Select a target encryption rule from a variety of preset encryption rules to encrypt the current login password, obtain encrypted information, and record the encryption identifier corresponding to the target encryption rule; The process of generating a request string based on the encrypted information and a preset request interface, so that the user can forward the encrypted information to the security server based on the request string, specifically involves: A request string is generated based on the encrypted information, the encrypted identifier, and the preset request interface, so that the user can forward the encrypted information and the encrypted identifier to the security server based on the request string; The security server is configured as follows: The system receives the encrypted information and the encrypted identifier forwarded by the user, obtains the corresponding target decryption rule based on the encrypted identifier, parses the encrypted information based on the target decryption rule to obtain the corresponding current login password, and sends the current login password back to the user.
12. An apparatus for an authentication login system, characterized in that, include: The password encryption module is used to respond to a user's request to obtain the login password of the target system, obtain the current login password of the target system, encrypt the current login password, and obtain encrypted information. The login authentication module is used to receive the login password to be authenticated input by the user, authenticate the login password to be authenticated based on the current login password, and determine whether to allow the user to log in to the target system based on the authentication result. The login password to be authenticated is obtained by parsing the encrypted information.
13. An electronic device, characterized in that, The system includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the program, implements the method of the authentication login system according to any one of claims 1-11.
14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, performs the method of the authentication login system as described in any one of claims 1-11.