CN112671762A - Login authentication method and system for realizing brute force prevention based on workload certification - Google Patents
Login authentication method and system for realizing brute force prevention based on workload certification Download PDFInfo
- Publication number
- CN112671762A CN112671762A CN202011538252.1A CN202011538252A CN112671762A CN 112671762 A CN112671762 A CN 112671762A CN 202011538252 A CN202011538252 A CN 202011538252A CN 112671762 A CN112671762 A CN 112671762A
- Authority
- CN
- China
- Prior art keywords
- calculation data
- calculation
- client
- workload
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002265 prevention Effects 0.000 title claims abstract description 22
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000004364 calculation method Methods 0.000 claims abstract description 189
- 238000012795 verification Methods 0.000 claims abstract description 55
- 238000005336 cracking Methods 0.000 abstract description 10
- 238000004422 calculation algorithm Methods 0.000 description 12
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 201000009032 substance abuse Diseases 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of encryption and decryption, in particular to a login authentication method and system for realizing brute force prevention based on workload certification. The login authentication method for realizing brute force cracking prevention based on workload certification comprises the following steps: the client initiates a login verification request; the server side responds to the login verification request and returns first calculation data used for calculating the workload certification; the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side; and the server verifies the second calculation data and the calculation result. The client needs to do work with certain difficulty to obtain a result, so that the speed of brute force cracking of an attacker can be greatly reduced, verification code input operation does not need to be carried out manually, login is not limited due to misoperation, and user experience is greatly improved.
Description
Technical Field
The invention relates to the technical field of encryption and decryption, in particular to a login authentication method and system for realizing brute force prevention based on workload certification.
Background
With the popularization of the internet and 5G, people increasingly register their accounts on different websites to fill in personal privacy, and then more network security problems follow. Other attackers such as hackers often utilize different techniques to illegally obtain personal account data. The most common method includes brute force attack, which means that an attacker tries to break sensitive information such as account names and passwords of users by systematically combining all possibilities (such as account names and passwords used during login). An attacker will often use an automation script to combine the correct username and password. The existing defense against brute force attack comprises the following steps: verification code: and the verification is carried out through short messages and graphic codes. IP commit times limit: the number of errors in submitting the same IP or on the same account is limited.
The identifying code prevents violent decoding, and the design starting point is that the identifying code is easy to be decoded by human and not easy to be decoded by a computer, and the identifying code is required to be input by a user manually, so that the identifying code is not humanized. And the IP submission times are limited, and because a user has a plurality of passwords, the login is limited after the password is input normally, so that unnecessary unlocking and operation and maintenance problems are caused.
Disclosure of Invention
Therefore, a login authentication method for realizing brute force cracking prevention based on workload certification is needed to be provided, so that the technical problems of complex operation and poor humanization of the existing brute force cracking prevention mode are solved. The specific technical scheme is as follows:
a login authentication method for realizing brute force prevention based on workload certification comprises the following steps:
the client initiates a login verification request;
the server side responds to the login verification request and returns first calculation data used for calculating the workload certification;
the client receives the first calculation data and generates second calculation data;
the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side;
and the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client successfully logs in.
Further, the first calculation data and the second calculation data are random character strings;
the client performs corresponding calculation on the first calculation data and the second calculation data according to a preset rule, and specifically includes the following steps:
and the client performs hash operation on the first calculation data and the second calculation data, and after the hash operation is finished, the random number is modified or increased to continue the hash operation until the preset workload is reached.
Further, the step of verifying the second calculation data and the calculation result by the server, and if the second calculation data and the calculation result pass the verification, the client logs in successfully includes the specific steps of:
and the server side performs Hash operation according to the first calculation data and the second calculation data until a preset workload is reached to obtain a verification result, the verification result is compared with the calculation result sent by the client side, if the two calculation results are the same, the verification is passed, and the client side logs in successfully.
In order to solve the technical problems, the login authentication system for realizing brute force prevention based on the workload certification is also provided, and the specific technical scheme is as follows:
a login authentication system for realizing brute force prevention based on workload certification comprises: a client and a server;
the client side initiates a login verification request to the server side;
the server side responds to the login verification request and returns first calculation data used for calculating the workload certification;
the client receives the first calculation data and generates second calculation data;
the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side;
and the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client successfully logs in.
Further, the first calculation data and the second calculation data are random character strings;
the client is further configured to: and performing hash operation on the first calculation data and the second calculation data, and after the hash operation is finished, modifying or increasing random numbers to continue the hash operation until a preset workload is reached.
Further, the server is further configured to: and performing Hash operation according to the first calculation data and the second calculation data until a preset workload is reached to obtain a verification result, comparing the verification result with the calculation result sent by the client, and if the verification result is the same as the calculation result sent by the client, passing the verification and successfully logging in the client.
The invention has the beneficial effects that: initiating a login verification request through a client; the server side responds to the login verification request and returns first calculation data used for calculating the workload certification; the client receives the first calculation data and generates second calculation data; the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side; and the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client successfully logs in. The client needs to do work with certain difficulty to obtain a result, so that the speed of brute force cracking of an attacker can be greatly reduced, verification code input operation does not need to be carried out manually, login is not limited due to misoperation, and user experience is greatly improved.
Drawings
Fig. 1 is a flowchart of a login authentication method for implementing brute force attack prevention based on workload certification according to an embodiment;
fig. 2 is a schematic block diagram of a login authentication system for implementing brute force prevention based on workload certification according to an embodiment.
Description of reference numerals:
200. a login authentication system for realizing brute force prevention based on workload certification,
201. the client-side is connected with the server,
202. and a server side.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The core technical idea of the application is as follows: the login verification for preventing brute force cracking is realized through a workload proof algorithm, and the workload proof algorithm is an economic countermeasure for denial of service attack and other service abuses. The method is mainly characterized in that the client needs to do work with certain difficulty to obtain a result, and the verifier can easily check whether the client does corresponding work or not according to the result. One of the core features of this solution is the asymmetry, which requires a certain amount of computation by the initiator, meaning that it takes a certain time for the computer to work: the work is moderate for the requesting party and easy for the verifying party.
The essence of brute force cracking is that an enumeration process continually attempts to verify the correctness of the password until the correct password is tried. Numerous attempts are required in the process. The shorter the time of each attempt, the faster the attacker's speed of cracking, and the higher the difficulty and probability. Using workload proofs may lengthen the time per authentication password. Thereby reducing the speed of brute force use by attackers.
Referring to fig. 1, in the present embodiment, a specific implementation of a login authentication method for implementing brute force prevention based on workload certification is as follows:
step S101: the client initiates a login authentication request.
Step S102: and the server side responds to the login verification request and returns first calculation data used for calculating the workload certification.
Step S103: and the client receives the first calculation data and generates second calculation data.
Step S104: and the client correspondingly calculates the first calculation data and the second calculation data according to a preset rule.
Step S105: is the calculation up to a preset workload?
Step S106: and sending the second calculation data and the calculation result to a server.
Step S107: and the server verifies the second calculation data and the calculation result.
Step S108: is the authentication passed?
Step S109: the client logs in successfully.
In this embodiment, it is preferable that the first calculation data and the second calculation data are random character strings;
the client performs corresponding calculation on the first calculation data and the second calculation data according to a preset rule, and specifically includes the following steps:
and the client performs hash operation on the first calculation data and the second calculation data, and after the hash operation is finished, the random number is modified or increased to continue the hash operation until the preset workload is reached.
The judgment condition of the preset workload may be: and judging according to a preset rule. For example, the first few bits of the calculation requirement must be (0000), and the client stops the calculation after judging that the calculation requirement is met. And the random character string and the calculation result submitted by the client can be quickly checked by the server.
The method specifically comprises the following steps: the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client logs in successfully, and the method specifically comprises the following steps:
and the server side performs Hash operation according to the first calculation data and the second calculation data until a preset workload is reached to obtain a verification result, the verification result is compared with the calculation result sent by the client side, if the two calculation results are the same, the verification is passed, and the client side logs in successfully.
Initiating a login verification request through a client; the server side responds to the login verification request and returns first calculation data used for calculating the workload certification; the client receives the first calculation data and generates second calculation data; the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side; and the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client successfully logs in. The client needs to do work with certain difficulty to obtain a result, so that the speed of brute force cracking of an attacker can be greatly reduced, verification code input operation does not need to be carried out manually, login is not limited due to misoperation, and user experience is greatly improved.
In the present embodiment, the hash algorithm is a generic term of a class of algorithms. Common encryption algorithms can be classified into symmetric encryption, asymmetric encryption, and hash algorithms. The hash algorithm comprises MD5, SHA-1, SHA-2, SHA-256, SHA-512, RIPEMD-160, etc.
Referring to fig. 2, in the present embodiment, a specific implementation of a login authentication system 200 for implementing brute force prevention based on workload certification is as follows:
a login authentication system 200 for implementing brute force prevention based on workload proofs, comprising: a client 201 and a server 202;
the client 201 initiates a login authentication request to the server 202;
the server 202 responds to the login verification request and returns first calculation data used for calculating the workload certification;
the client 201 receives the first calculation data and generates second calculation data;
the client 201 performs corresponding calculation on the first calculation data and the second calculation data according to a preset rule, and sends the second calculation data and a calculation result to the server 202 when the calculation reaches a preset workload;
the server 202 verifies the second calculation data and the calculation result, and if the verification is passed, the client 201 logs in successfully.
Further, the first calculation data and the second calculation data are random character strings;
the client 201 is further configured to: and performing hash operation on the first calculation data and the second calculation data, and after the hash operation is finished, modifying or increasing random numbers to continue the hash operation until a preset workload is reached.
The judgment condition of the preset workload may be: and judging according to a preset rule. For example, the first few bits of the calculation requirement must be (0000), and the client 201 stops the calculation after determining that the calculation requirement is met. The random character string is submitted to the server 202, and the server 202 can also check quickly according to the random character string and the calculation result submitted by the client 201.
Further, the server 202 is further configured to: and performing hash operation according to the first calculation data and the second calculation data until a preset workload is reached to obtain a verification result, comparing the verification result with the calculation result sent by the client 201, and if the verification result is the same as the calculation result sent by the client 201, passing the verification and successfully logging in the client 201.
Initiating a login authentication request through the client 201; the server 202 responds to the login verification request and returns first calculation data used for calculating the workload certification; the client 201 receives the first calculation data and generates second calculation data; the client 201 performs corresponding calculation on the first calculation data and the second calculation data according to a preset rule, and sends the second calculation data and a calculation result to the server 202 when the calculation reaches a preset workload; the server 202 verifies the second calculation data and the calculation result, and if the verification is passed, the client 201 logs in successfully. The client 201 needs to do work with certain difficulty to obtain a result, so that the speed of brute force cracking by an attacker can be greatly reduced, verification code input operation does not need to be carried out manually, login is not limited due to misoperation, and user experience is greatly improved.
In the present embodiment, the hash algorithm is a generic term of a class of algorithms. Common encryption algorithms can be classified into symmetric encryption, asymmetric encryption, and hash algorithms. The hash algorithm comprises MD5, SHA-1, SHA-2, SHA-256, SHA-512, RIPEMD-160, etc.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.
Claims (6)
1. A login authentication method for realizing brute force prevention based on workload certification is characterized by comprising the following steps:
the client initiates a login verification request;
the server side responds to the login verification request and returns first calculation data used for calculating the workload certification;
the client receives the first calculation data and generates second calculation data;
the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side;
and the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client successfully logs in.
2. The login authentication method for achieving brute force prevention based on workload certification according to claim 1,
the first calculation data and the second calculation data are random character strings;
the client performs corresponding calculation on the first calculation data and the second calculation data according to a preset rule, and specifically includes the following steps:
and the client performs hash operation on the first calculation data and the second calculation data, and after the hash operation is finished, the random number is modified or increased to continue the hash operation until the preset workload is reached.
3. The login authentication method for realizing brute force prevention based on workload certification according to claim 1, wherein the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result are verified, the client logs in successfully, and the method specifically comprises the following steps:
and the server side performs Hash operation according to the first calculation data and the second calculation data until a preset workload is reached to obtain a verification result, the verification result is compared with the calculation result sent by the client side, if the two calculation results are the same, the verification is passed, and the client side logs in successfully.
4. A login authentication system for realizing brute force prevention based on workload certification is characterized by comprising: a client and a server;
the client side initiates a login verification request to the server side;
the server side responds to the login verification request and returns first calculation data used for calculating the workload certification;
the client receives the first calculation data and generates second calculation data;
the client side correspondingly calculates the first calculation data and the second calculation data according to a preset rule, and when the calculation reaches a preset workload, the second calculation data and a calculation result are sent to the server side;
and the server verifies the second calculation data and the calculation result, and if the second calculation data and the calculation result pass the verification, the client successfully logs in.
5. The login authentication system for achieving brute force prevention based on workload certification according to claim 4,
the first calculation data and the second calculation data are random character strings;
the client is further configured to: and performing hash operation on the first calculation data and the second calculation data, and after the hash operation is finished, modifying or increasing random numbers to continue the hash operation until a preset workload is reached.
6. The login authentication system for achieving brute force prevention based on workload certification according to claim 4,
the server is further configured to: and performing Hash operation according to the first calculation data and the second calculation data until a preset workload is reached to obtain a verification result, comparing the verification result with the calculation result sent by the client, and if the verification result is the same as the calculation result sent by the client, passing the verification and successfully logging in the client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011538252.1A CN112671762A (en) | 2020-12-23 | 2020-12-23 | Login authentication method and system for realizing brute force prevention based on workload certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011538252.1A CN112671762A (en) | 2020-12-23 | 2020-12-23 | Login authentication method and system for realizing brute force prevention based on workload certification |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112671762A true CN112671762A (en) | 2021-04-16 |
Family
ID=75408486
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011538252.1A Pending CN112671762A (en) | 2020-12-23 | 2020-12-23 | Login authentication method and system for realizing brute force prevention based on workload certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112671762A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117560204A (en) * | 2023-11-21 | 2024-02-13 | 中通服软件科技有限公司 | Webpage data transmission method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714298A (en) * | 2017-10-25 | 2019-05-03 | 腾讯科技(深圳)有限公司 | Verification method, device and storage medium |
CN109981262A (en) * | 2019-02-28 | 2019-07-05 | 深圳点猫科技有限公司 | A kind of client anti-violence crack method and device |
CN109981285A (en) * | 2019-03-11 | 2019-07-05 | 北京纬百科技有限公司 | A kind of password protection method, password method of calibration and system |
CN110874351A (en) * | 2018-08-29 | 2020-03-10 | 深圳启元信息服务有限公司 | Workload certification cooperative work method, block chain node and block chain system |
CN111107075A (en) * | 2019-12-13 | 2020-05-05 | 中国工商银行股份有限公司 | Request response method and device, electronic equipment and computer-readable storage medium |
-
2020
- 2020-12-23 CN CN202011538252.1A patent/CN112671762A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714298A (en) * | 2017-10-25 | 2019-05-03 | 腾讯科技(深圳)有限公司 | Verification method, device and storage medium |
CN110874351A (en) * | 2018-08-29 | 2020-03-10 | 深圳启元信息服务有限公司 | Workload certification cooperative work method, block chain node and block chain system |
CN109981262A (en) * | 2019-02-28 | 2019-07-05 | 深圳点猫科技有限公司 | A kind of client anti-violence crack method and device |
CN109981285A (en) * | 2019-03-11 | 2019-07-05 | 北京纬百科技有限公司 | A kind of password protection method, password method of calibration and system |
CN111107075A (en) * | 2019-12-13 | 2020-05-05 | 中国工商银行股份有限公司 | Request response method and device, electronic equipment and computer-readable storage medium |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117560204A (en) * | 2023-11-21 | 2024-02-13 | 中通服软件科技有限公司 | Webpage data transmission method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Sun et al. | oPass: A user authentication protocol resistant to password stealing and password reuse attacks | |
US8091120B2 (en) | Adaptive authentication methods, systems, devices, and computer program products | |
CN112425118B (en) | Public key-private key pair account login and key manager | |
Kim et al. | A design of user authentication system using QR code identifying method | |
US8533806B2 (en) | Method for authenticating a trusted platform based on the tri-element peer authentication(TEPA) | |
US20190281028A1 (en) | System and method for decentralized authentication using a distributed transaction-based state machine | |
US10367797B2 (en) | Methods, systems, and media for authenticating users using multiple services | |
US9514294B1 (en) | Accessing a computing resource | |
EP3319292A1 (en) | Method for checking security based on biological features, client and server | |
CN105516195B (en) | A kind of security certification system and its authentication method based on application platform login | |
US20090063850A1 (en) | Multiple factor user authentication system | |
EP3298531B1 (en) | Brute force attack prevention system | |
CN112425114A (en) | Password manager protected by public-private key pair | |
CN112989309B (en) | Login method, authentication method and system based on multi-party authorization and computing equipment | |
US20120221862A1 (en) | Multifactor Authentication System and Methodology | |
TW201426383A (en) | System and method for identifying users | |
US11930116B2 (en) | Securely communicating service status in a distributed network environment | |
Alqubaisi et al. | Should we rush to implement password-less single factor FIDO2 based authentication? | |
WO2010128451A2 (en) | Methods of robust multi-factor authentication and authorization and systems thereof | |
JP5186648B2 (en) | System and method for facilitating secure online transactions | |
CN102694776A (en) | Authentication system and method based on dependable computing | |
CN112671762A (en) | Login authentication method and system for realizing brute force prevention based on workload certification | |
Gupta et al. | Implementing high grade security in cloud application using multifactor authentication and cryptography | |
CN114389903B (en) | Digital identity information encryption and authentication method | |
CN114500074B (en) | Single-point system security access method and device and related equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210416 |