阅读说明：本技术 一种扫码登录信息处理方法 (Code scanning login information processing method ) 是由 黄世昌 于 2019-06-28 设计创作，主要内容包括：本发明涉及一种扫码登录信息处理方法,包括：步骤S1：接收到第一设备的登录请求后,解析该登录请求并记录第一设备当前所连接的网络信息,生成全局唯一的登录密钥,并生成记录有该登录密钥的二维码返回给第一设备进行显示；步骤S2：接收到第二设备的登录请求后,解析该登录请求得到第二设备的网络信息,基于第一设备的网络信息和第二设备的网络信息判断第一设备和第二设备是否在同一局域网中,若为否,则拒绝第一设备的登录请求。与现有技术相比,本发明在扫码登录时,引入授权设备和登录设备之间的网络关系作为依据,可以杜绝远程钓鱼网站的攻击,这极大的提升了安全性,可以适用于企业管理网站的登录管理。(The invention relates to a code scanning login information processing method, which comprises the following steps: step S1: after a login request of first equipment is received, analyzing the login request, recording network information currently connected with the first equipment, generating a globally unique login key, generating a two-dimensional code recorded with the login key, and returning the two-dimensional code to the first equipment for displaying; step S2: after receiving a login request of a second device, analyzing the login request to obtain network information of the second device, judging whether the first device and the second device are in the same local area network or not based on the network information of the first device and the network information of the second device, and if not, rejecting the login request of the first device. Compared with the prior art, the invention introduces the network relationship between the authorization equipment and the login equipment as the basis when scanning the code to log in, can avoid the attack of the remote phishing website, greatly improves the safety and can be suitable for the login management of the enterprise management website.)

1. A code scanning login information processing method is characterized by comprising the following steps:

step S1: after a login request of first equipment is received, analyzing the login request, recording network information currently connected with the first equipment, generating a globally unique login key, generating a two-dimensional code recorded with the login key, and returning the two-dimensional code to the first equipment for displaying;

step S2: after receiving a login request of a second device, analyzing the login request to obtain network information of the second device, judging whether the first device and the second device are in the same local area network or not based on the network information of the first device and the network information of the second device, and if not, rejecting the login request of the first device.

2. The method as claimed in claim 1, wherein the login key is configured with expiration time.

3. The code scanning login information processing method of claim 1, wherein the login request of the first device is sent through a web application.

4. The method for processing code scanning login information according to claim 1, wherein the method further comprises:

and after receiving the login request of the second equipment, analyzing the login request to obtain a login key, judging whether the login key is a valid login key, and if not, rejecting the login request of the first equipment.

5. The method as claimed in claim 4, wherein the login key is configured with a first attribute for indicating whether the authentication is successful,

the method further comprises the following steps:

and when the login key analyzed from the login request of the second equipment is a valid key, judging whether the first attribute of the login key points to the unauthenticated success, and if not, rejecting the login request of the first equipment.

6. The method as claimed in claim 1, wherein the second device is a mobile phone.

7. The method as claimed in claim 1, wherein the second device is a tablet computer.

8. The method for processing code scanning login information according to claim 1, wherein the method further comprises:

after receiving the login request of the second device, analyzing the login request to obtain user information, and after the login request of the first device passes, logging in the account of the corresponding user on the first device based on the user information.

9. A code scanning login information processing method is characterized by comprising the following steps:

step S1: after a login request of first equipment is received, analyzing the login request, recording the current position information of the first equipment, generating a globally unique login key, generating a two-dimensional code recorded with the login key, and returning the two-dimensional code to the first equipment for displaying;

step S2: after receiving a login request of a second device, analyzing the login request to obtain the position information of the second device, judging whether the distance between the first device and the second device exceeds a set threshold value or not based on the position information of the first device and the position information of the second device, and if not, rejecting the login request of the first device.

Technical Field

The invention relates to an information security technology, in particular to a code scanning login information processing method.

Background

Conventional credential-based authentication systems dominate over any other alternative. But not without many drawbacks, from risks such as replay and phishing attacks to inherent problems such as "password fatigue" (users need to remember too many passwords in daily work), we leave a nontrivial design flaw to be solved.

Later, new approaches to these problems have emerged. One approach is a single sign-on system (also known as SSO) in which a user can simply have an account that enables him to authenticate to multiple services. This solves the above-mentioned problem of "password fatigue" to a certain extent, because the user no longer needs to remember his own burden with too many passwords and is no longer accustomed to getting bad habits of reusing the same password one time after another. It still does not have its own drawbacks, since in this case, losing one password would prevent access to all services associated with the SSO system; not to mention the potential risk of large-scale account leakage.

Another approach introduced is the so-called "one-time password" (OTP), which attempts to mitigate to some extent risks such as replay attacks and any potential phishing attacks. But on the disadvantage, these passwords are often difficult to remember, and therefore they require the deployment of other technologies.

Recently, to further address these drawbacks, a new SSO model relying on QR code based one-time passwords was introduced. In QR code based login, the user may only need to scan the QR code generated by the service he is attempting to authenticate, and then a client application on a trusted device, such as a smartphone, scans and sends the QR code to the identity provider in order to verify it and further verify the user to the target service. Thus, a seamless and secure login procedure can be performed even on a potentially compromised device.

At present, most of mobile phones of people are provided with various software such as WeChat, Paibao, Taobao, Tianmao and the like. Enterprises developing these APPs all have their corresponding web sites. In order to make it more convenient and secure for users to log on when using their websites. These businesses provide services that can be logged in using a mobile phone, scanning a sweep.

The standard two-dimensional code login process is as follows:

1. opening a web interface to enter login and then loading the two-dimensional code

2. The website starts polling to detect the state of the two-dimension code

3. Opening the mobile phone APP to enter a scanning mode and scan the two-dimensional code

4. The website detects that the two-dimensional code is scanned, enters a scanned interface, and continues polling to obtain the certificate

5. Mobile phone APP entering confirmation login interface

6, (when the login is confirmed by clicking) the website finishes polling to obtain the certificate, and the personal center is accessed; the website automatically refreshes the page (when log-in is cancelled) by polling the set time.

In the existing code scanning login service, code scanning verification is carried out on the basis of a mobile phone APP developed by an enterprise, and the development and maintenance cost and the use threshold are high. And the user A can be easily guided to scan to obtain the account authority of other people (the user A can remotely send the two-dimensional code of the user A to the user B, and the user B performs remote code scanning login to obtain the account authority of the user A).

Disclosure of Invention

The present invention provides a method for processing code scanning login information to overcome the above-mentioned drawbacks of the prior art.

The purpose of the invention can be realized by the following technical scheme:

a code scanning login information processing method comprises the following steps:

step S1: after a login request of first equipment is received, analyzing the login request, recording network information currently connected with the first equipment, generating a globally unique login key, generating a two-dimensional code recorded with the login key, and returning the two-dimensional code to the first equipment for displaying;

step S2: after receiving a login request of a second device, analyzing the login request to obtain network information of the second device, judging whether the first device and the second device are in the same local area network or not based on the network information of the first device and the network information of the second device, and if not, rejecting the login request of the first device.

The login key is configured with expiration time.

The login request of the first device is sent through a web application.

The method further comprises the following steps:

and after receiving the login request of the second equipment, analyzing the login request to obtain a login key, judging whether the login key is a valid login key, and if not, rejecting the login request of the first equipment.

The login key is configured with a first attribute for characterizing whether the authentication is successful,

the method further comprises the following steps:

and when the login key analyzed from the login request of the second equipment is a valid key, judging whether the first attribute of the login key points to the unauthenticated success, and if not, rejecting the login request of the first equipment.

The second device is a mobile phone.

The second device is a tablet computer.

The method further comprises the following steps:

after receiving the login request of the second device, analyzing the login request to obtain user information, and after the login request of the first device passes, logging in the account of the corresponding user on the first device based on the user information.

A code scanning login information processing method comprises the following steps:

step S1: after a login request of first equipment is received, analyzing the login request, recording the current position information of the first equipment, generating a globally unique login key, generating a two-dimensional code recorded with the login key, and returning the two-dimensional code to the first equipment for displaying;

step S2: after receiving a login request of a second device, analyzing the login request to obtain the position information of the second device, judging whether the distance between the first device and the second device exceeds a set threshold value or not based on the position information of the first device and the position information of the second device, and if not, rejecting the login request of the first device.

Compared with the prior art, the invention has the following beneficial effects:

1) when code scanning login is performed, the network relation between the authorization equipment and the login equipment is introduced as a basis, attack of the remote phishing website can be avoided, the safety is greatly improved, and the method and the device are suitable for login management of enterprise management websites.

2) Location-based authorization is less secure than network relationship determination, but is more practical and can be applied to login management of common internet applications.

Drawings

FIG. 1 is a schematic flow chart showing the main steps of the method of embodiment 1 of the present invention.

Detailed Description

The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.