[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108833431B - Password resetting method, device, equipment and storage medium - Google Patents

Password resetting method, device, equipment and storage medium Download PDF

Info

Publication number
CN108833431B
CN108833431B CN201810700633.1A CN201810700633A CN108833431B CN 108833431 B CN108833431 B CN 108833431B CN 201810700633 A CN201810700633 A CN 201810700633A CN 108833431 B CN108833431 B CN 108833431B
Authority
CN
China
Prior art keywords
video file
user
token
password
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810700633.1A
Other languages
Chinese (zh)
Other versions
CN108833431A (en
Inventor
李建立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201810700633.1A priority Critical patent/CN108833431B/en
Publication of CN108833431A publication Critical patent/CN108833431A/en
Application granted granted Critical
Publication of CN108833431B publication Critical patent/CN108833431B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention discloses a password resetting method, a password resetting device, equipment and a storage medium, wherein the method comprises the steps of receiving a password resetting request and returning uploading information of a video file according to the request; acquiring a video file and a digital signature generated by encrypting a digital abstract of the video file; sequentially verifying the digital signature and the video file; when the digital signature and the video file are successfully verified, generating a token and verifying the token; acquiring a new password; and when the token passes the verification, returning the information of successful resetting of the new password. The invention can help the user reset the password more reliably or effectively.

Description

Password resetting method, device, equipment and storage medium
Technical Field
The present invention relates to the field of security authentication technologies, and in particular, to a method, an apparatus, a device, and a storage medium for password resetting.
Background
At present, terminal devices such as mobile phones and tablet computers can register user accounts and set user passwords on internet clients, so that internet service providers can provide various services for users conveniently. In order to secure information, a user may need to reset a password or modify a password.
In the prior art, the identity of a user is confirmed by uploading an identity card photo and a live video, and then the user is authorized to open an account or reset a password. Specifically, a user identity card photo needs to be shot and uploaded to a client interface inlet, the user identity card photo is sent to a background, and the background stores the identity card photo after receiving the identity card photo; further, the user is required to upload the live video of the user to a client interface and send the live video to a background; then, comparing the user characteristics in the video with the user characteristics in the identity card photo in the background; and if the comparison is successful, the user can reset the password or modify the password. However, in the prior art, the method is limited to identity documents, and identity document information or videos are easy to forge, so that the problem of potential safety hazards of users occurs. Therefore, there is a need to provide a more reliable or efficient solution to assist the user in resetting the password.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a password resetting method, a device, equipment and a storage medium; specifically, the method comprises the following steps:
in one aspect, a method of password resetting is provided, the method comprising:
receiving a password resetting request, and returning video file uploading information according to the request;
acquiring a video file and a digital signature generated by encrypting a digital abstract of the video file;
sequentially verifying the digital signature and the video file;
when the digital signature and the video file are successfully verified, generating a token and verifying the token;
acquiring a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
In another aspect, a password resetting method is provided, the method including:
sending a password resetting request and obtaining response information of uploading a video file;
acquiring a video file uploaded by a user, and encrypting a digital abstract of the video file to generate a digital signature;
sending the video file and the digital signature, so that the digital signature and the video file are sequentially verified;
when the digital signature and the video file are successfully verified, obtaining a verification result of the token;
acquiring a new password input by a user; and when the token passes the verification, acquiring response information of successful resetting of the new password.
Another aspect proposes a password resetting apparatus, the apparatus comprising:
the password resetting request acquisition module is used for receiving a password resetting request and returning the uploading information of the video file according to the request;
the video file and digital signature acquisition module is used for acquiring a video file and a digital signature generated by encrypting a digital abstract of the video file;
the digital signature and video file verification module is used for sequentially verifying the digital signature and the video file;
the token verification module generates a token when the digital signature and the video file are successfully verified; and verifying the token;
a reset success returning module for obtaining a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
Another aspect proposes a password resetting apparatus, the apparatus comprising:
the password resetting request sending module is used for sending a password resetting request and obtaining response information of the uploaded video file;
the video file encryption module is used for acquiring a video file uploaded by a user and encrypting a digital abstract of the video file to generate a digital signature;
the digital signature and video file verification module is used for sending the video file and the digital signature so that the digital signature and the video file are sequentially verified;
the token verification module is used for obtaining the verification result of the token when the digital signature and the video file are successfully verified;
the reset response module is used for acquiring a new password input by a user; and when the token passes the verification, acquiring response information of successful resetting of the new password.
Another aspect proposes a device comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the method of resetting a password as described in any one of the above aspects or the method of resetting a password as described in any one of the above aspects.
In another aspect, a computer-readable storage medium is provided, in which at least one instruction, at least one program, a set of codes, or a set of instructions is stored, and loaded and executed by a processor to implement the method for resetting a password according to any one of the above aspects or the method for resetting a password according to any one of the above aspects.
The password resetting method, the password resetting device, the password resetting equipment and the storage medium have the following beneficial effects that:
the invention encrypts the digital abstract of the video file for identity recognition to generate a digital signature, and verifies the digital signature; performing information verification on the video file under the condition that the digital signature verification is successful; then generating a token which allows password resetting under the condition that the living body characteristic verification in the video file passes; the server allows the client to reset the password only when the token is verified.
Therefore, the method and the device can only upload the video file, and do not need the user to input the identity document information and other operations; the whole operation process is simple, convenience is provided for users, and the efficiency of password resetting is improved; according to the invention, the video file can be confirmed to be uploaded from the own equipment of the user by the user in a digital signature verification mode; the security of the video file can be ensured through an encryption mode, and the video file is prevented from being damaged or tampered when being transmitted from the client to the server; the reliability of identity recognition is improved in a token verification mode; thereby improving the user experience and the user viscosity.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions and advantages of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of an implementation environment of an embodiment of the invention;
FIG. 2 is a flowchart of a password resetting method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method before a password reset request is sent according to an embodiment of the present invention;
fig. 4 is a schematic view of an interface operation performed by the client when obtaining the verification picture according to the embodiment of the present invention;
fig. 5 is a flowchart of a method before obtaining an authentication picture uploaded by a user according to an embodiment of the present invention;
fig. 6 is a schematic interface diagram of a client before acquiring a verification picture uploaded by a user according to an embodiment of the present invention;
FIG. 7 is a flowchart of another password resetting method according to an embodiment of the present invention;
fig. 8 is a flowchart of a method for sequentially verifying the digital signature and the video file according to an embodiment of the present invention;
fig. 9 is a flowchart of a method for verifying the video file according to an embodiment of the present invention;
FIG. 10 is a flow chart of a method for verifying the token according to an embodiment of the present invention;
FIG. 11 is a partial timing diagram of another password reset method according to an embodiment of the present invention;
FIG. 12 is a partial timing diagram of another embodiment of a password reset method;
fig. 13 is a structural diagram of a password resetting apparatus according to an embodiment of the present invention;
FIG. 14 is a block diagram of a picture verification module according to an embodiment of the present invention;
FIG. 15 is a block diagram of a user information verification module according to an embodiment of the present invention;
FIG. 16 is a block diagram of another password resetting apparatus according to an embodiment of the present invention;
FIG. 17 is a block diagram of the digital signature and video file verification module provided by the embodiments of the present invention;
fig. 18 is a block diagram of a video file authentication unit according to an embodiment of the present invention;
FIG. 19 is a block diagram of the token validation module provided by embodiments of the present invention;
fig. 20 is a schematic structural diagram of a server device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the current technical scheme, a living body identification and image identification technology may generate a forged video by using user photos collected on the internet through simulation software; thereby circumventing the detection of the server. In addition, in some existing schemes, in addition to recording a live video and uploading the live video to a server, a user needs to take photos of the front and back sides of an identity card or input certificate information of the identity card in operation, so that the operation is complicated and the limitation is large; the method comprises the following steps that the 'focusing' may be repeatedly carried out in the process of taking a picture by the identity card, and the poor focusing may cause incomplete effective extraction or wrong extraction in the identity card; the face image in the identity card and the face image in the user video have large difference, and the problem of matching failure of the images can occur. In addition, the existing scheme partially depends on a public security department or other real-name authentication interfaces to confirm the authenticity of the user identity; these third party services typically have limited support for concurrent access and may be charged a fee.
In view of the above technical problems, the present invention provides a technical solution for password resetting. As shown in fig. 1, a schematic diagram of an implementation environment provided by an embodiment of the invention is shown. The implementation environment includes: a server 02 and a terminal 01 which communicates information with the server 02.
The terminal 01 may be a mobile phone, a tablet computer, a laptop portable computer, a PAD or a desktop computer, etc. A client is operated in the terminal 01, and the client can be any client with a virtual resource transceiving function; for example, the client running in the terminal 01 may be a social application client, an instant messaging client, a payment-type application client, a game client, a reading client, a client dedicated to transceiving virtual resources, and the like. The server 02 may be a server, a server cluster composed of a plurality of servers, or a cloud computing service center. The server 02 establishes a communication connection with the terminal 01 through a network.
Specifically, an embodiment of the present specification provides a password resetting method, as shown in fig. 2, the method includes:
s202, sending a password resetting request, and obtaining response information of an uploaded video file according to the request;
when a user has a requirement for resetting a password, operating on an interface of a client side where the user is located to enable the client side to send a password resetting request to a server; and entering a password resetting service operation flow when the server receives the password resetting request.
Specifically, the client receives a response message returned by the server, namely a response message requesting to upload the video file; at this time, a message is given to the interface of the client (for example, "please shoot a segment of user video"), and an interface for the user to upload the video appears.
The embodiment of the invention does not need a long operation process, thereby improving the efficiency of resetting the password; the user does not need to carry certificate information, and convenience is provided for the user; only one section of video with the living body characteristics of the user needs to be shot by the user, and the password can be retrieved through comparison of the living body characteristics.
In this embodiment, the information may be verified in a living body characteristic comparison manner of the user, and the information is used as a detection for whether to enter the password resetting service; specifically, the live features of the user in the uploaded video file are matched with the live features in the pre-stored verification picture.
Specifically, the verification picture may be a picture already stored in the server, or a verification picture uploaded by the user at any time; therefore, in a possible implementation, sending the password reset request in step S202, as shown in fig. 3, may include:
s402, obtaining verification pictures uploaded by a user;
specifically, the user uploads the required verification picture to the client according to an interface used for uploading the picture on the interface, so that the client acquires the verification picture. The verification picture may be a picture imported from a terminal picture storage by a user, or a picture obtained by a terminal image collector at any time, and the verification picture may be selected through information appearing on an interface as shown in fig. 4.
S404, when the verification picture is detected to contain the living body characteristics, the verification picture is sent;
specifically, after acquiring a verification picture, a client detects the verification picture; wherein the verification picture is required to have a valid live user feature; and when the client detects the living characteristics of the effective user, sending the verification picture to a server, and further storing the verification picture by the server to prepare for the subsequent matching of the living characteristics.
Wherein the living body feature may comprise a user facial feature; in detail, the characteristics of the five sense organs of the user, the respective position characteristics and relative position characteristics of the five sense organs of the user on the face, and the like are included. Correspondingly, when the client detects the living body feature in the verification picture, the characteristics of the five sense organs of the user, the respective position features and the relative position features of the five sense organs of the user on the face, and the like can be acquired.
And S406, when response information that the verification picture is successfully sent is acquired, sending a password resetting request.
Specifically, the client sends a verification picture to the server, and when the server successfully receives the verification picture, response information of successful reception is returned; further, when the client acquires the response information, the client enters into a password resetting service, and then the client sends a password resetting request.
It should be noted that the verification picture can be stored in the server after the verification picture is sent from the client to the server in a manner set at the client; then only calling the verification picture; the pre-stored verification picture can be updated at any time, so that the efficiency of resetting the user password can be further improved, and the success rate of matching the living body characteristics can be improved through the updating selection of the verification picture. And the uploaded verification pictures can be a plurality of verification pictures, and before the living body characteristics are detected, the verification picture with the highest definition and the most clear living body characteristic information is judged, and the verification picture is used as a target verification picture and sent to the server for storage.
The trigger message of the interface for uploading the verification picture on the client interface may be that the verification picture is allowed to be uploaded only when the user information (including the user account and the user password) input by the user is verified correctly so as to verify the identity of the current user. Meanwhile, the client can generate a session key for a session with the server.
Therefore, in a possible implementation, the obtaining of the verification picture uploaded by the user in step S402, as shown in fig. 5, may include:
s602, generating a key pair and acquiring user information uploaded by a user; the key pair comprises a user public key and a user private key;
specifically, the user inputs user information (a user account and a user password) on the client interface, and as shown in fig. 6, the user identity may be verified once by inputting the user information.
And, each time the client makes an initial session with the server, the client generates a key pair using a key pair generation algorithm, so that there is a session key between the client and the server. The key pair generation algorithm may also be different according to different types of digital certificates, such as public and private key generation algorithms for RSA-based digital certificates and ECDH-based digital certificates.
In detail, the function of the public and private key generation algorithm of the RSA-based digital certificate is R _ generatepkeys: the function of the ECDH-based digital certificate public-private Key generation algorithm is ECDH _ generation _ Key.
S604, sending the user information and the user public key;
specifically, the client sends the user information to a server; further, the server compares the obtained user information with the user information in the memory for verification.
And the client sends the user public key in the key pair to the server to prepare for the generation of the subsequent digital certificate.
S606, obtaining the verification result of the user information and obtaining the user public key bound with the digital certificate.
And when the user information input by the user is successfully compared with the user information in the memory, the server returns the verification result to the client, so that the client interface enters a verification picture uploading stage.
After acquiring a user public key sent by a client, a server encrypts the user public key by using a root certificate to generate a digital certificate; specifically, the root certificate is used for carrying out digital signature on the user public key to generate a digital certificate. The digital certificate is a client-side digital certificate which is issued by the responsibility of a server-client-side (client authority) authentication center and used for authenticating the identity of a user; it binds both to the user ID and to the user's device ID, e.g., the client digital certificate will also fail when the device is replaced.
Further, the server sends the client digital certificate to the client, and stores the client digital certificate in the client; the client stores the digital certificate file, and can authenticate and check the certificate issuer and the validity period of the certificate, so that the server cannot be repudiated.
The following is a description of the root certificate, digital signature, and digital certificate:
the root certificate is a certificate issued by a CA (certificate authority) certificate authority; the CA authentication center is a third-party trust authority which is specially used for providing network identity authentication service and is responsible for issuing and managing digital certificates, has authority and fairness and acts like a company issuing certificates in real life, such as a passport transaction authority.
The digital signature is an electronic security mark that can be added to a document; the use of the device can verify the sender of the file and help to verify whether the file is changed after being digitally signed; if a file does not have a valid digital signature, there is no way to ensure that the file is indeed from the source it purports to be, or that it has not been tampered with (possibly by a virus) after release.
The digital certificate comprises four parts of user information, a user public key, information of the digital certificate and a digital signature of a CA center on the information in the digital certificate; to verify the authenticity of a digital certificate (i.e. to verify whether the digital signature of the CA center on the digital certificate information is valid), a public key of the CA center is used for verification; verifying the legality of the signature in the digital certificate of the client by using the public key of the CA, and reading out the public key of the client from the certificate content after the legality; and decrypting the digital signature of the client by using the public key of the client to verify the data integrity. It can be seen that the authenticity of the digital certificate is guaranteed by the issuing authority, so that said certificate cannot be forged and tampered with; the digital certificate matches the user's public key to a particular individual so that the certificate can know whether the user's public key bound to the certificate is valid.
S204, acquiring a video file uploaded by a user, and encrypting a digital abstract of the video file to generate a digital signature;
specifically, a user transmits a video file to a client through an interface, and after the client acquires the video file, the client generates the video file into a digital abstract; specifically, the video file and the user-related information are generated into the digital summary, and the following codes can be used to generate the digital summary in the embodiment:
Figure BDA0001714586730000101
and further encrypting the digital abstract of the video file by using the user private key to generate a digital signature, and digitally signing the digital abstract. Specifically, the digital signature may be generated by encrypting the digital digest through the following method flow:
Figure BDA0001714586730000102
here, the user-related information includes information such as a user uin (user identification code), a device id, and a time stamp.
The digital abstract is a binary value which maps a binary value corresponding to the video file into a short binary value with a fixed length; and, the digital abstract is a unique and extremely compact numerical representation; that is, the plaintext "digest" to be encrypted is formed into a string of ciphertext with a fixed length (e.g., 128 bits).
S206, sending the video file and the digital signature; and obtaining a verification result for sequentially verifying the digital signature and the video file;
specifically, a client sends a video file uploaded by a user and a digital signature generated by the video file to a server; and the server sequentially verifies the digital signature and the video file by using the user public key bound with the digital certificate, and then returns the obtained verification result to the client.
Wherein, the digital signature can be decrypted by the following method:
Figure BDA0001714586730000111
specifically, a digital signature is generated for digital digest encryption, and verification of the digital digest is explained by way of example:
(1) if the object is text information, 16 ASCII codes of the 1 st character, the 3 rd character and the 31 st character of the 1 st line, the 3 rd character and the 5 th character … … of the 5 th line of the text information, which are the first line, are taken, so as to obtain a 128-bit secret digital abstract, and if the 16-byte digital abstract is represented in decimal, the number is 092019000112120007180505110000130500190012001100050505000920;
(2) taking prime number and calculating
Figure BDA0001714586730000112
b and c, encrypting the digital abstract after obtaining the key;
if p is 47 and q is 5, n is p × q is 2773;
Figure BDA0001714586730000113
selecting and
Figure BDA0001714586730000114
an integer 157 that is prime to each other, i.e., b is 157;
Figure BDA0001714586730000115
it is calculated by the above procedure that e-17 satisfies
Figure BDA0001714586730000116
Then get the private key pair e-17, n-2773; public keyThe pair is as follows: 157, 2773;
encrypting the above digital digest according to signature algorithm Sigk(m)=memodn,m∈ZnThe ciphertext c which is brought into the corresponding numerical value to obtain 0920 is 0948; the ciphertext obtained by digitally signing the digital abstract can be obtained in the same way: 0948232410481444266329300778077402191665232414440778239016550948, respectively;
(3) the video file obtains a corresponding digital abstract in the manner of the example; further, the client side sends the video file and the corresponding digital abstract obtained through encryption to the server at the same time;
(4) the server decrypts the digital digest according to the public key of the user, wherein the decryption mode is as the following example;
the method for decrypting the ciphertext comprises the following steps: m ═ cbmod n, which brings the corresponding values to 0920; decryption is performed in the same manner to obtain the digital digest 092019000112120007180505110000130500190012001100050505000920.
(5) And comparing the digest obtained by decryption with the digest generated by re-encrypting the received video file on the server side, and if the two digests are consistent, indicating that the video file is not damaged or tampered, and verifying the video file.
S208, when the digital signature and the video file are successfully verified, obtaining a generated token and obtaining a verification result of the token;
when the verification results of the digital signature and the video file are verified successfully, the server side generates a token for allowing password resetting; the token is generally generated by a plurality of fields such as a timestamp, a user ID, a token type, a user equipment ID and the like, and is valid only in a limited time. The limited time of the token in this embodiment is that, in the password resetting service operation, after the password resetting service operation is completed, the token is invalid.
Specifically, the token is encrypted by using the user public key at the server side to obtain an encrypted token, and the encrypted token is sent to the client; further, the encrypted token is decrypted by using a user private key at the client side to obtain a token, the token obtained through decryption is sent to the server, and the server verifies the token obtained through decryption and a token which is generated in advance and stored in the server locally; and further returning the obtained verification result to the client.
Specifically, the Token belongs to a string of character strings generated by the server, so as to serve as a Token requested by the client; after successfully submitting this string, which is customized by the developer, the value of Token is saved to the server. Only the server and the client front-end know this string, so Token becomes the key between them, which can let the server confirm whether the request is from the client or a malicious third party; the use of Token can reduce the pressure of the server, reduce frequent database query and make the server more robust.
S210, acquiring a new password input by a user; and when the token passes the verification, obtaining response information of successful resetting of the new password.
Specifically, after a user uploads a video file on a client interface, a client background and a server are involved in a digital signature and each verification process; what appears on the subsequent client interface is an interface for the user to enter a new password; and under the condition that the encrypted token passes the verification, the server obtains the information that the new password is successfully reset and further returns the information to the client, so that the input new password is validated.
In the embodiment, the video file can be confirmed to be uploaded from the own equipment of the user by the user in a digital signature mode; the embodiment can ensure the security of the video file by an encryption mode, and prevent the video file from being damaged or tampered when being transmitted from the client to the server; in the embodiment, the user is allowed to reset the password only when the token is successfully verified, so that the user is ensured to be successfully operated to reset the password; in the prior art, after entering the step of resetting the password, a user may generate prompt information that the reset password is unsuccessful due to unsuccessful matching of video file information; at the moment, the user needs to return to the uploading step of the video file again to upload and verify the video, and the password can be reset only after multiple interaction processes; therefore, the password resetting method of the embodiment improves the efficiency and effectiveness of password resetting, reduces the possibility that the user identity authentication is forged, and further improves the user experience.
An embodiment of the present specification further provides a password resetting method, as shown in fig. 7, the method includes:
s802, receiving a password resetting request, and returning video file uploading information according to the request;
specifically, the server acquires a password resetting request sent by the client from the client, and then returns the uploading information of the video file to the client, so that a user can upload the video file through an interface of the client; and further, the client sends the video file uploaded by the user to the server.
S804, acquiring a video file and encrypting a digital abstract of the video file to generate a digital signature;
the server acquires a video file from the client, generates a digital abstract of the video file by using a Hash algorithm, and encrypts the video file by using a user private key to generate a digital signature. In this embodiment, the user private key is located at a client and is used for encrypting the video file; and the user public key is sent to the server side from the client side to prepare for the processing of the server side.
S806, sequentially verifying the digital signature and the video file;
specifically, the server sequentially verifies the received digital signature and the video file by using the acquired user public key bound with the digital certificate. In a specific embodiment, in step S806, sequentially verifying the digital signature and the video file, as shown in fig. 8, may include:
s1002, decrypting the digital signature to obtain a first digital abstract, and encrypting the video file to generate a second digital abstract;
specifically, the server decrypts the received digital signature by using the user public key to obtain a digital digest (a first digital digest), which can determine the client from which the video file corresponding to the digital digest comes. And, the server encrypts the received video file to generate a new digital digest (second digital digest).
S1004, comparing the first digital abstract with the second digital abstract;
s1006, when the first digital abstract is consistent with the second digital abstract in comparison, verifying the video file.
Specifically, when the server detects that the decrypted digital abstract is consistent with the new digital abstract in comparison, the video file transmitted from the client to the server is not tampered, so that the safety and the correctness of the video file are ensured; at this point, the next verification process for the video file may be entered.
Further, in step S1006, the verifying the video file, as shown in fig. 9, may include:
s1202, extracting first execution instruction information from the video file, and matching the first execution instruction information with second execution instruction information;
specifically, the server extracts execution instruction information (first execution instruction information) from the received video file, wherein the execution instruction information is an action instruction that needs to be completed by the user in the video. The sent execution instruction information (second execution instruction information) is the execution instruction information which is returned to the client side by the server after receiving the password resetting request and is prompted on the client side interface; the execution instruction information is information for instructing the user to perform action output, that is, prompting the user to record the video file according to the execution instruction information.
Such as: after video content of a normal face is collected, prompting that expression action information (such as 'please blink') made by a user is recorded in the video; or the gesture action information (such as 'please stretch out the scissor hand' and the like) prompted by the user in the collected video content of the normal face is recorded in the video, or lip language live detection based on a random verification code, or live detection based on screen reflection recognition, and the like.
S1204, when the first execution instruction information is successfully matched with the second execution instruction information, extracting a first living body feature from the video file;
the server verifies the execution instruction information in the video content, and verifies the living body characteristics of the user in the video file after the verification is passed.
S1206, matching the first living body characteristic with a second living body characteristic in a pre-stored verification picture;
the living body features may include facial features of the user, and in detail, may include features of the five sense organs of the user, and respective position features and relative position features of the five sense organs of the user on the face, and the like. Correspondingly, when the client detects the living body features in the verification picture, the characteristics of the five sense organs of the user, the respective position features and the relative position features of the five sense organs of the user on the face, and the like can be acquired. The pre-stored verification picture can be a picture which is transmitted through a client interface before video recording, and the picture needs to include living characteristics of a user.
S1208, when the first living body characteristic is successfully matched with the second living body characteristic, generating a token which allows a user to reset the password.
Specifically, when live body feature matching is successful, it can be seen that the live body in the picture is consistent with the live body in the video file; at this time, the server generates a token allowing the user to reset the password, further encrypts the token by using the user public key, and sends the encrypted token to the client.
S808, when the digital signature and the video file are verified successfully, generating a token; and verifying the token;
in a specific embodiment, in step S808, verifying the token may include, as shown in fig. 10:
s1402, encrypting the token to obtain an encrypted token; and sending the encrypted token;
and the server encrypts the received token by using the user public key and then sends the encrypted token to the client.
S1404, obtaining a token obtained by decrypting the encrypted token;
after receiving an encrypted token sent by a server, a client decrypts the encrypted token by using the user private key to obtain a token;
and S1406, verifying the token obtained by decryption and the generated token.
Specifically, the server verifies the token obtained by decryption and the generated token, and obtains a token verification result; when the verification is successful, a new password input by a user is successfully received; and the new password operation set in this case is successful based on the previous authentication process.
S810, acquiring a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
It should be noted that the server in this embodiment may include a service server and a picture server, where after the client sends the verification picture to the service server, the service server sends the verification picture to the picture server to store the verification picture; when the living body characteristics are compared, the service server pulls the verification picture from the picture server; the sharing of the picture server can reduce the occupation of the storage space of the service server, and further improve the processing efficiency of the service server and the interaction efficiency with the client.
In the embodiment of the description, a digital signature generated by a digital abstract of a video file is verified, and the video file is confirmed to be uploaded from own equipment by a user; the validity and correctness of information verification in the video file are further ensured; and then generating a token allowing password resetting when the information in the video file passes the verification, and acquiring the password information of the user password resetting when the token passes the verification, thereby ensuring the safety and reliability of the new password.
Moreover, before the password resetting request is received, a verification picture for comparing the living body characteristics in the video file can be obtained in a mode of uploading pictures from time to time, so that the selectivity and the convenience of a user are improved; meanwhile, matching of the instruction information is executed in a matching mode in the video file, and accuracy of identification is further improved.
It needs to be noted that, the client uses its own private key to encrypt the digital abstract, and forms a digital signature; the server sends the original plain text (video file) and the digital signature to the server together; the server decrypts the digital signature by using the public key of the client to obtain a digital abstract; simultaneously, generating a digital abstract by using the same one-way Hash function for the received plaintext; and comparing the two digital abstracts, and if the two digital abstracts are consistent, indicating that the video file is not damaged or tampered in the transmission process. The digital signature uses a key pair of the client, the client encrypts the signature with its own private key, and the server decrypts the signature with the public key transmitted from the client, which is a one-to-many relationship.
In addition, the digital certificate in the embodiment step is equivalent to the authenticated user public key, that is, who the owner of the user public key is can be verified through the digital certificate; the digital signature in the embodiment step is data obtained by encrypting a user private key, and the user public key and the user private key are in one-to-one correspondence; the user private key is only owned by the user, so that the identity of the sender of the related data can be authenticated by using the authenticated user public key to enable a digital signature mode; the embodiment ensures the safety and reliability of the resetting process and simultaneously ensures the success rate of the password resetting operation.
An embodiment of the present specification further provides a password resetting method, as shown in the timing diagram shown in fig. 11, where the method includes:
the client locally generates a key pair, wherein the key pair comprises a user public key and a user private key;
the client acquires a user password input by a user and sends the user password and the user public key to a service server;
the service server verifies the user password by using a prestored password;
the service server stores a user public key, and uses a root certificate to sign the user public key to generate a digital certificate, so that the user public key is bound with the digital certificate;
the service server returns the digital certificate to a client, and the client stores the digital certificate so as to bind the digital certificate with user information and a corresponding equipment account;
the service server uploads a verification picture uploading request to the client when the user password is successfully verified;
the client acquires the photo uploaded by the user in a mode of selecting or newly shooting a photo by the user;
the client detects whether the photo contains effective facial information or not, and when the photo contains the effective facial information, the photo is transmitted to a picture server and is stored in the picture server as a verification picture;
and the picture server returns a transmission success notice to the service server, and the service server returns a living body reset password service opening success to the client.
Further, as shown in the timing diagram of fig. 12, the method then includes:
the method comprises the steps that when a client acquires response information that verification pictures are successfully sent, a password resetting request is sent to a service server;
the service server generates a user action instruction and returns the user action instruction to the client;
after receiving the user action instruction, the client starts a camera to acquire a video image recorded by the user and provided with the user action instruction and effective facial information;
the client generates a data abstract from the video image by using a hash algorithm, and encrypts the data abstract by using a user private key to generate a digital signature;
the client sends the video image and the digital signature to a service server;
the service server verifies the digital signature by using a user public key;
when the digital signature is verified successfully, the service server acquires the verification picture from a picture server;
the service server matches the user action instruction in the video image with the generated user action instruction;
when the user action instruction is successfully matched, the service server matches the effective face information in the video image with the effective face information in the prestored picture;
when the effective face information is successfully matched, the business server generates a Token for resetting the password and stores the Token; encrypting the Token by using the user public key, and sending the encrypted Token to a client;
the client side obtains the encrypted Token which is decrypted by the user private key to obtain the Token; acquiring a new password input by a user;
the client side sends the Token and the new password obtained by decrypting the encrypted Token to the service server;
the service server verifies the received Token and the stored Token; and after the verification is successful, returning a successful result of setting the new password to the client.
An embodiment of the present specification further provides a password resetting apparatus, as shown in fig. 13, the apparatus includes:
a password reset request sending module 202, configured to send a password reset request and obtain response information for uploading a video file;
the video file encryption module 204 is configured to obtain a video file uploaded by a user, and encrypt a digital digest of the video file to generate a digital signature;
a digital signature and video file verification module 206, configured to send the video file and the digital signature, so that the digital signature and the video file are sequentially verified;
the token verification module 208 is configured to obtain a verification result of the token when both the digital signature and the video file are successfully verified;
a reset response module 210, configured to obtain a new password input by a user; and when the token passes the verification, acquiring response information of successful resetting of the new password.
In a possible embodiment, the apparatus may further include:
the picture verification module 212, as shown in fig. 14, includes:
a verification picture acquiring unit 402, configured to acquire a verification picture uploaded by a user;
a verification picture sending unit 404, configured to send the verification picture when it is detected that the verification picture includes a living body feature;
a sending success response unit 406, configured to send a password reset request when response information that the verification picture is successfully sent is obtained.
In a possible embodiment, the device, as shown in fig. 15, further includes:
the user information verification module 214 includes:
a user information and key pair obtaining unit 602, configured to generate a key pair and user information uploaded by a user, where the key pair includes a user private key and a user public key;
a user information and user public key sending unit 604, configured to send the user information and the user public key in the key pair;
a user information verification result obtaining unit 606, configured to obtain a verification result of the user information, and obtain a user public key bound with the digital certificate.
Embodiments of the present disclosure also provide a password resetting apparatus, as shown in fig. 16, the apparatus includes:
a password resetting request obtaining module 802, configured to receive a password resetting request, and return to video file uploading information according to the request;
a video file and digital signature obtaining module 804, configured to obtain a video file and a digital signature generated by encrypting a digital digest of the video file;
a digital signature and video file verification module 806, configured to sequentially verify the digital signature and the video file;
the token verification module 808 is used for generating a token when the digital signature and the video file are successfully verified; and verifying the token;
a reset success return module 810 for obtaining a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
Further, the digital signature and video file verification module 806, as shown in fig. 17, includes:
the digital signature decryption unit 1002 is configured to decrypt the digital signature to obtain a first digital digest, and encrypt the video file to generate a second digital digest;
a digital summary comparison unit 1004, configured to compare the first digital summary with the second digital summary;
and the video file verification unit 1006 is configured to verify the video file when the first digital summary is consistent with the second digital summary.
Further, the video file verification unit 1006, as shown in fig. 18, includes:
an execution instruction information extraction unit 1202, configured to extract first execution instruction information from the video file, and match the first execution instruction information with second execution instruction information;
a living body feature extraction unit 1204, configured to match the first living body feature with a second living body feature in a pre-stored verification picture;
a living body feature matching unit 1206, configured to match the first living body feature with a second living body feature in a pre-stored verification picture;
a token generating unit 1208, configured to generate a token that allows a user to reset a password when the first live feature and the second live feature are successfully matched.
Further, the token verifying module 808, as shown in fig. 19, includes:
a token encrypting unit 1402, configured to encrypt the token to obtain an encrypted token; and sending the encrypted token;
a token obtaining unit 1404, configured to obtain a token obtained by decrypting the encrypted token;
a token verifying unit 1406 is configured to verify the decrypted token with the generated token.
The present specification further provides a password resetting device, which includes a processor and a memory, where the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the method for resetting a password according to one embodiment or the method for resetting a password according to another embodiment. The one or more programs include instructions for performing the method on the backend server side, the instructions for performing:
sending a password resetting request and obtaining response information of uploading a video file;
acquiring a video file uploaded by a user, and encrypting a digital abstract of the video file to generate a digital signature;
sending the video file and the digital signature, so that the digital signature and the video file are sequentially verified;
when the digital signature and the video file are successfully verified, obtaining a verification result of the token;
acquiring a new password input by a user; and when the token passes the verification, acquiring response information of successful resetting of the new password.
Further, the sending the password reset request previously comprises:
acquiring a verification picture uploaded by a user;
when the verification picture is detected to contain living body features, the verification picture is sent;
and sending a password resetting request when response information that the verification picture is successfully sent is acquired.
Please refer to fig. 20, which shows a schematic structural diagram of a server device provided in an embodiment of the present specification. The server is used for implementing the password resetting method provided in the above embodiment. Specifically, the method comprises the following steps:
the server 2000 includes a Central Processing Unit (CPU)2001, a system memory 2004 including a Random Access Memory (RAM)2002 and a Read Only Memory (ROM)2003, and a system bus 2005 connecting the system memory 2004 and the central processing unit 2001. The server 2000 also includes a basic input/output system (I/O system) 2006 to facilitate transfer of information between devices within the computer, and a mass storage device 2007 to store an operating system 2013, application programs 2014, and other program modules 2015.
The basic input/output system 2006 includes a display 2008 for displaying information and an input device 2009 such as a mouse, keyboard, etc. for a user to input information. Wherein the display 2008 and the input devices 2009 are coupled to the central processing unit 2001 through an input-output controller 2010 coupled to the system bus 2005. The basic input/output system 2006 may also include an input/output controller 2010 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, the input-output controller 2010 also provides output to a display screen, a printer, or other type of output device.
The mass storage device 2007 is connected to the central processing unit 2001 through a mass storage controller (not shown) connected to the system bus 2005. The mass storage device 2007 and its associated computer-readable media provide non-volatile storage for the server 2000. That is, the mass storage device 2007 may include a computer-readable medium (not shown) such as a hard disk or CD-ROM drive.
Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 2004 and mass storage device 2007 described above may be collectively referred to as memory.
The server 2000 may also operate as a remote computer connected to a network via a network, such as the internet, according to various embodiments of the present invention. That is, the server 2000 may be connected to the network 2012 through a network interface unit 2011 that is coupled to the system bus 2005, or the network interface unit 2011 may be utilized to connect to other types of networks or remote computer systems (not shown).
The memory also includes one or more programs stored in the memory and configured to be executed by one or more processors; the one or more programs include instructions for performing the method on the backend server side, the instructions for performing:
receiving a password resetting request, and returning video file uploading information according to the request;
acquiring a video file and a digital signature generated by encrypting a digital abstract of the video file;
sequentially verifying the digital signature and the video file;
when the digital signature and the video file are successfully verified, generating a token and verifying the token;
acquiring a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
Further, the sequentially verifying the digital signature and the video file includes:
decrypting the digital signature to obtain a first digital abstract, and encrypting the video file to generate a second digital abstract;
comparing the first digital abstract with the second digital abstract;
and when the first digital abstract is consistent with the second digital abstract in comparison, verifying the video file.
Further, the verifying the video file includes:
extracting first execution instruction information from the video file, and matching the first execution instruction information with second execution instruction information;
when the first execution instruction information is successfully matched with the second execution instruction information, extracting a first living body feature from the video file;
matching the first living body characteristic with a second living body characteristic in a pre-stored verification picture;
generating a token that allows a user to reset a password when the first live characteristic and the second live characteristic are successfully matched.
Further, said verifying the token comprises:
encrypting the token to obtain an encrypted token and sending the encrypted token;
obtaining a token obtained by decrypting the encrypted token;
the embodiment of the present disclosure further provides a computer-readable storage medium, where at least one instruction, at least one program, a code set, or a set of instructions is stored in the storage medium, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by a processor to implement the method for resetting a password according to one embodiment of the foregoing embodiments, or the method for resetting a password according to another embodiment of the foregoing embodiments.
It should be noted that: the precedence order of the above embodiments of the present invention is only for description, and does not represent the merits of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the device and server embodiments, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the partial description of the method embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (14)

1. A password resetting method, characterized in that the method comprises:
receiving a password resetting request, and returning video file uploading information according to the request;
acquiring a video file uploaded based on the video file uploading information and acquiring a digital signature generated by encrypting a digital abstract of the video file; the video file comprises the living body characteristics of the user and action instruction information; the action instruction information comprises expression action information or gesture action information; the digital abstract of the video file is generated based on the video file and user related information, wherein the user related information comprises a user identification code and a user equipment ID;
based on the acquired digital certificate, sequentially carrying out user identity verification on the digital signature, action instruction information and user living body characteristics contained in the video file; the digital certificate has a binding relation with user information and an equipment account;
when the digital signature and the video file are successfully verified, generating a token and verifying the token;
acquiring a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
2. The password resetting method of claim 1, wherein the sequentially authenticating the digital signature and the video file comprises:
decrypting the digital abstract in the digital signature to obtain a first digital abstract, and encrypting the video file to generate a second digital abstract;
comparing the first digital abstract with the second digital abstract;
and when the first digital abstract is consistent with the second digital abstract in comparison, verifying the video file.
3. The password resetting method of claim 2, wherein said authenticating the video file comprises:
extracting first execution instruction information from the video file, and matching the first execution instruction information with second execution instruction information;
when the first execution instruction information is successfully matched with the second execution instruction information, extracting a first living body feature from the video file;
matching the first living body characteristic with a second living body characteristic in a pre-stored verification picture;
generating a token that allows a user to reset a password when the first live characteristic and the second live characteristic are successfully matched.
4. The password reset method of claim 1, wherein said authenticating the token comprises:
encrypting the token to obtain an encrypted token and sending the encrypted token;
obtaining a token obtained by decrypting the encrypted token;
and verifying the token obtained by decryption and the generated token.
5. A password resetting method, characterized in that the method comprises:
sending a password resetting request and obtaining response information of uploading a video file;
acquiring a video file uploaded by a user based on the response information, and encrypting a digital abstract of the video file to generate a digital signature; the video file comprises the living body characteristics of the user and action instruction information; the action instruction information comprises expression action information or gesture action information; the digital abstract of the video file is generated based on the video file and user related information, wherein the user related information comprises a user identification code and a user equipment ID;
sending the video file and the digital signature, and sequentially carrying out user identity verification on the digital signature, action instruction information and user living body characteristics contained in the video file based on the acquired digital certificate; the digital certificate has a binding relation with user information and an equipment account;
when the digital signature and the video file are successfully verified, obtaining a verification result of the token;
acquiring a new password input by a user; and when the token passes the verification, acquiring response information of successful resetting of the new password.
6. The password reset method of claim 5, wherein said sending a password reset request is preceded by:
acquiring a verification picture uploaded by a user;
when the verification picture is detected to contain living body features, the verification picture is sent;
and sending a password resetting request when response information that the verification picture is successfully sent is acquired.
7. A password reset apparatus, the apparatus comprising:
the password resetting request acquisition module is used for receiving a password resetting request and returning the uploading information of the video file according to the request;
the video file and digital signature acquisition module is used for acquiring a video file uploaded based on the video file uploading information and acquiring a digital signature generated by encrypting a digital abstract of the video file; the video file comprises the living body characteristics of the user and action instruction information; the action instruction information comprises expression action information or gesture action information; the digital abstract of the video file is generated based on the video file and user related information, wherein the user related information comprises a user identification code and a user equipment ID;
the digital signature and video file verification module is used for sequentially verifying the identity of the user according to the acquired digital certificate and action instruction information and the living body characteristics of the user contained in the digital signature and the video file; the digital certificate has a binding relation with user information and an equipment account;
the token verification module generates a token when the digital signature and the video file are successfully verified; and verifying the token;
a reset success returning module for obtaining a new password; and when the token passes the verification, returning the information of successful resetting of the new password.
8. The password resetting apparatus of claim 7, wherein the digital signature and video file verification module comprises:
the digital signature decryption unit is used for decrypting the digital abstract in the digital signature to obtain a first digital abstract and encrypting the video file to generate a second digital abstract;
the digital abstract comparison unit is used for comparing the first digital abstract with the second digital abstract;
and the video file verification unit is used for verifying the video file when the first digital abstract is consistent with the second digital abstract in comparison.
9. The password resetting apparatus according to claim 8, wherein the video file authentication unit includes:
the execution instruction information extraction unit is used for extracting first execution instruction information from the video file and matching the first execution instruction information with second execution instruction information;
the living body feature extraction unit is used for extracting a first living body feature from the video file when the first execution instruction information is successfully matched with the second execution instruction information;
the living body characteristic matching unit is used for matching the first living body characteristic with a second living body characteristic in a pre-stored verification picture;
a token generation unit for generating a token allowing a user to reset a password when the first live body characteristic and the second live body characteristic are successfully matched.
10. The password reset apparatus of claim 9, wherein the token authentication module comprises:
the token encryption unit is used for encrypting the token to obtain an encrypted token and sending the encrypted token;
a token obtaining unit configured to obtain a token obtained by decrypting the encrypted token;
and the token verifying unit is used for verifying the token obtained by decryption and the generated token.
11. A password reset apparatus, the apparatus comprising:
the password resetting request sending module is used for sending a password resetting request and obtaining response information of the uploaded video file;
the video file encryption module is used for acquiring a video file uploaded by a user based on the response information and encrypting the digital abstract of the video file to generate a digital signature; the video file comprises the living body characteristics of the user and action instruction information; the action instruction information comprises expression action information or gesture action information; the digital abstract of the video file is generated based on the video file and user related information, wherein the user related information comprises a user identification code and a user equipment ID;
the digital signature and video file verification module is used for sending the video file and the digital signature so as to sequentially verify the identity of the user on the basis of the acquired digital certificate and action instruction information and the living body characteristics of the user contained in the video file; the digital certificate has a binding relation with user information and an equipment account;
the token verification module is used for obtaining the verification result of the token when the digital signature and the video file are successfully verified;
the reset response module is used for acquiring a new password input by a user; and when the token passes the verification, acquiring response information of successful resetting of the new password.
12. The password reset apparatus of claim 11, wherein the apparatus further comprises: a picture verification module comprising:
the verification picture acquisition unit is used for acquiring a verification picture uploaded by a user;
the verification picture sending unit is used for sending the verification picture when the verification picture is detected to contain the living body characteristics;
and the sending success response unit is used for sending a password resetting request when the response information that the verification picture is successfully sent is acquired.
13. A server device, characterized in that the server device comprises a processor and a memory, in which at least one instruction, at least one program, a set of codes, or a set of instructions is stored, which is loaded and executed by the processor to implement the method of resetting a password according to any one of claims 1 to 4, or the method of resetting a password according to any one of claims 5 to 6.
14. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement the method of resetting a password of any of claims 1-4 or the method of resetting a password of any of claims 5-6.
CN201810700633.1A 2018-06-29 2018-06-29 Password resetting method, device, equipment and storage medium Active CN108833431B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810700633.1A CN108833431B (en) 2018-06-29 2018-06-29 Password resetting method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810700633.1A CN108833431B (en) 2018-06-29 2018-06-29 Password resetting method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108833431A CN108833431A (en) 2018-11-16
CN108833431B true CN108833431B (en) 2020-11-17

Family

ID=64134557

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810700633.1A Active CN108833431B (en) 2018-06-29 2018-06-29 Password resetting method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN108833431B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110460580B (en) 2019-07-11 2022-02-22 中国银联股份有限公司 Image acquisition device, server and encryption and decryption methods
CN112347458A (en) * 2019-08-06 2021-02-09 杭州海康威视数字技术股份有限公司 Password resetting method and device, terminal equipment and server
CN111565178B (en) * 2020-04-26 2022-06-14 天津中新智冠信息技术有限公司 Service information issuing method, device, server, client and storage medium
CN111984961B (en) * 2020-09-01 2023-10-10 杭州海康威视数字技术股份有限公司 Password resetting system, method, device, equipment and storage medium
US20230231712A1 (en) * 2022-01-14 2023-07-20 Micron Technology, Inc. Embedded tls protocol for lightweight devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101826170A (en) * 2009-03-06 2010-09-08 新奥特硅谷视频技术有限责任公司 Fingerprint authentication and digital watermark-based remote digital court trial system
CN102906818A (en) * 2010-05-25 2013-01-30 伊斯曼柯达公司 Storing video summary as metadata

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10164985B2 (en) * 2010-11-29 2018-12-25 Biocatch Ltd. Device, system, and method of recovery and resetting of user authentication factor
CN104618314B (en) * 2013-12-24 2018-03-09 腾讯科技(深圳)有限公司 A kind of password remapping method, device and system
CN105227964B (en) * 2014-06-03 2018-11-06 深圳先进技术研究院 Video-frequency identifying method and system
CN104883255A (en) * 2015-06-24 2015-09-02 郑州悉知信息技术有限公司 Password resetting method and device
CN105141615A (en) * 2015-09-07 2015-12-09 天地融科技股份有限公司 Method and system for opening account remotely, authentication method and system
CN106130987B (en) * 2016-07-01 2017-07-11 冯颖 Internet evidence collecting method, device and internet safety system
CN107786491A (en) * 2016-08-24 2018-03-09 腾讯科技(深圳)有限公司 account number verification method and device
CN107819807A (en) * 2016-09-14 2018-03-20 腾讯科技(深圳)有限公司 A kind of Information Authentication method, apparatus and equipment
CN106656505A (en) * 2016-11-16 2017-05-10 航天信息股份有限公司 Mobile terminal electronic signature system based on event certificate and mobile terminal electronic signature method thereof
CN106604023B (en) * 2016-11-29 2019-02-22 北京航天爱威电子技术有限公司 A kind of video flowing authenticity verification methods and system
CN108022194A (en) * 2017-11-28 2018-05-11 深圳市华德安科技有限公司 Law-enforcing recorder and its data safety processing method, server and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101826170A (en) * 2009-03-06 2010-09-08 新奥特硅谷视频技术有限责任公司 Fingerprint authentication and digital watermark-based remote digital court trial system
CN102906818A (en) * 2010-05-25 2013-01-30 伊斯曼柯达公司 Storing video summary as metadata

Also Published As

Publication number Publication date
CN108833431A (en) 2018-11-16

Similar Documents

Publication Publication Date Title
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN111859348B (en) Identity authentication method and device based on user identification module and block chain technology
EP3343831B1 (en) Identity authentication method and apparatus
CN108833431B (en) Password resetting method, device, equipment and storage medium
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
KR101853610B1 (en) Digital signature authentication system based on biometric information and digital signature authentication method thereof
CN109325342B (en) Identity information management method, device, computer equipment and storage medium
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
EP3065435A1 (en) Method for generating a digital identity for a user of a mobile device, digital user identity, and authentication method using said digital user identity
KR102137122B1 (en) Security check method, device, terminal and server
US20200196143A1 (en) Public key-based service authentication method and system
CN104618116A (en) Collaborative digital signature system and method
CN113836506A (en) Identity authentication method, device, system, electronic equipment and storage medium
US20230344643A1 (en) Digital signature system using scalable servers
CN110417740B (en) User data processing method, intelligent terminal, server and storage medium
CN108833105B (en) Electronic signature method and device
US20210344504A1 (en) Universal certified and qualified contracting method
CN111311172A (en) Electronic signing method, system and storage medium
CN113051623B (en) Data processing method and device and electronic equipment
CN111311412B (en) Decentralized transaction confirmation method and device and server
US20230048174A1 (en) Digital signature system using reliable servers
KR20170099339A (en) System and method for providing security membership and login hosting service
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
TWI684884B (en) Identity authentication method and device
CN116647371A (en) Identity authorization method and device based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant