Detailed Description
The present disclosure is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
FIG. 1 illustrates an exemplary system architecture 100 in which embodiments of a password recovery method, system, electronic device, and storage medium in an offline environment of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include a first terminal device 101, a second terminal device 102, a network 103, and a server 104. Wherein the first terminal device 101 is in an offline state and the second terminal device 102 is in an online state, the network 103 is configured to provide a communication link between the second terminal device 102 and the server 104. The network 103 may include various communication connection types, such as wired communication links, wireless communication links, and the like.
The user may interact with the server 104 via the network 103 using the second terminal device 102 to receive or send messages or the like. Various communication client applications, such as a voice interaction type application, a video conference type application, a short video social type application, a web browser application, a shopping type application, a search type application, an instant messaging tool, a mailbox client, social platform software, and the like, may be installed on the first terminal device 101 and the second terminal device 102.
The first terminal device 101 and the second terminal device 102 may be hardware or software. When the first terminal device 101 and the second terminal device 102 are hardware, various electronic devices having a microphone and a speaker may be used, including but not limited to a smart phone, a tablet computer, an electronic book reader, an MP3 player (Moving Picture Experts Group Audio LayerIII, dynamic video expert compression standard audio plane 3), an MP4 player (Moving Picture Experts Group Audio LayerIV, dynamic video expert compression standard audio plane 4), a portable computer, a desktop computer, and the like. When the first terminal apparatus 101 and the second terminal apparatus are software, they can be installed in the above-listed electronic apparatuses. It may be implemented as multiple software or software modules (e.g., in response to detecting that the user triggers the first password authentication data entry completion operation) or as a single software or software module. The present invention is not particularly limited herein.
The server 104 may be a server providing various services, for example, may be a background server that obtains the encrypted authentication two-dimensional code from the first terminal 101 at the second terminal device 102, and then obtains the second password authentication data based on the private key two-dimensional code and the encrypted authentication two-dimensional code. The background server can perform corresponding processing on the private key two-dimensional code and the encryption verification two-dimensional code to obtain second password verification data.
In some cases, the password recovery method under the offline environment provided by the present disclosure may be performed jointly by the first terminal device 101, the second terminal device 102, and the server 104, for example, the step of "generating a key pair corresponding to the first password authentication data in response to detecting that the user triggers the first password authentication data input completion operation" may be performed by the first terminal device 101, the step of "obtaining the private key two-dimensional code from the first terminal" may be performed by the second terminal device 102, and the step of "storing the private key two-dimensional code" may be performed by the server 104. The present disclosure is not limited in this regard. Accordingly, the password recovery system in the offline environment may also be respectively disposed in the first terminal device 101, the second terminal device 102, and the server 104.
In some cases, the password recovery method provided in the offline environment in the present disclosure may be executed by the first terminal device 101 and the second terminal device 102, and accordingly, the password recovery system in the offline environment may also be set in the first terminal device 101 and the second terminal device 102, where the system architecture 100 may also not include the server 104.
It should be noted that, the server 104 may be hardware, or may be software. When the server 104 is hardware, it may be implemented as a distributed server cluster formed by a plurality of servers, or as a single server. When server 104 is software, it may be implemented as multiple software or software modules (e.g., to provide distributed services), or as a single software or software module. The present invention is not particularly limited herein.
It should be understood that the number of first terminal devices, second terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of first terminal devices, second terminal devices, networks and servers, as desired for implementation.
The information, data and signals related to the present disclosure are all user-authorized or fully authorized by the parties, and the collection, use and processing of the relevant data complies with the relevant laws and regulations and standards of the relevant countries and regions.
With continued reference to fig. 2, fig. 2 illustrates a flow 200 of one embodiment of a password recovery method in an offline environment according to the present disclosure, and the password recovery method in an offline environment illustrated in fig. 2 is applicable to the first terminal device and the second terminal device illustrated in fig. 1. The flow 200 includes at least the following steps 201-206.
In step 201, the first terminal generates a key pair corresponding to the first password authentication data in response to detecting that the user triggers the first password authentication data input completion operation.
In this embodiment, the first terminal may refer to a computing device in an offline state, for example, the first terminal device 101 may be a Personal Computer (PC) or a mobile terminal device, for example, a smart phone, a tablet computer, or the like.
The first terminal may be installed with various communication client applications, such as a voice interaction type application, a video conference type application, a short video social type application, a web browser application, a shopping type application, a search type application, an instant messaging tool, a mailbox client, social platform software, and the like.
The first terminal generally has local data processing capability, but is limited by network connection in an actual use scenario, and cannot rely on an online service to complete authentication or password recovery operation.
The password recovery operation may be performed for various applications or software installed on the first terminal, etc.
For example, when a user forgets the first terminal operating system login password, the user can restore the access right by adopting the password restoration method of the present disclosure, and for a specific application (such as an email client, a database management system, etc.) installed on the first terminal, the user also adopts the password restoration method of the present disclosure to restore the password without relying on a network connection or an online service.
Specifically, the user may input the first password verification data in a verification password input interface of the first terminal, where the verification password input interface may refer to an interface that may refer to configuring one or more security questions and corresponding answers in a stage of registering an account or setting a password on the first terminal by the user.
The first password authentication data may refer to plaintext data of answers corresponding to one or more security questions.
When the password recovery operation is executed, the user can input one or more answers corresponding to the security questions in the password recovery interface of the first terminal, and the authenticity of the user identity is confirmed.
Here, after the user completes the input operation of the first password authentication data, the first password authentication data input completion operation may be triggered.
The first password authentication data entry completion operation may refer to a confirmation operation triggered by the user after the authentication password input interface completes the first password authentication data entry,
Specifically, the method may include clicking a "confirm" button, executing a preset gesture, selecting a completion option or other system-defined end input action, where the operation is used to inform the first terminal that the current password verification data input procedure is completed, and may initiate a key pair generation procedure.
At this time, the first terminal may generate a key pair corresponding to the first password authentication data in response to detecting that the user triggers the first password authentication data input completion operation.
The key pair is used for encrypting and decrypting the first password authentication data, wherein the key pair comprises public key data and private key data.
Here, the key pair may be generated using various known encryption techniques, and is not particularly limited herein.
In addition, considering the two-dimensional code delivery content size limitation, for example, a cryptographic algorithm may be used to generate a shorter key pair.
And 202, the first terminal generates an encryption verification two-dimensional code and a private key two-dimensional code according to the key pair and the first password verification data, and stores the encryption verification two-dimensional code.
In this embodiment, the encrypted verification two-dimensional code may refer to a result of encoding encrypted data generated after the first password verification data is encrypted into the two-dimensional code, and the encrypted verification two-dimensional code may be stored in the first terminal.
The private key two-dimensional code can be a result of encoding the private key data for decryption into the two-dimensional code, the private key two-dimensional code can be stored in the second terminal, and after the second terminal is stored, the private key two-dimensional code can be destroyed at the first terminal, so that an attacker is prevented from directly acquiring the private key two-dimensional code at the second terminal to decrypt the encrypted verification two-dimensional code.
Specifically, step 202 may include the following A1-A3.
A1, the first terminal generates encrypted password verification data according to the first password verification data and the public key data.
In this embodiment, the first terminal may encrypt the first password authentication data with the public key data to generate encrypted password authentication data, where the encrypted password authentication data may be ciphertext data corresponding to the first password authentication data encrypted with the public key data.
A2, the first terminal converts the encrypted password verification data into an encrypted verification two-dimensional code according to a preset two-dimensional code conversion method.
In this embodiment, the first terminal may convert the encrypted password authentication data into the encrypted authentication two-dimensional code according to various known two-dimensional code conversion methods, which is not particularly limited herein.
A3, the first terminal converts the private key data into a private key two-dimensional code according to a preset two-dimensional code conversion method.
In this embodiment, the first terminal may convert the private key data into the private key two-dimensional code according to various known two-dimensional code conversion methods, which is not limited herein.
And 203, the second terminal acquires the private key two-dimensional code from the first terminal and stores the private key two-dimensional code.
In this embodiment, after the first terminal generates the private key two-dimensional code, the private key two-dimensional code may be displayed at the first terminal, so that the second terminal may obtain the private key two-dimensional code from the first terminal.
The second terminal may refer to a computing device with a strong networking capability, for example, the second terminal device 102 may be a personal computer or a mobile terminal device, for example, a smart phone, a tablet computer, or the like.
The second terminal and the first terminal may be different terminal devices.
The second terminal may also be provided with various communication client applications, for example, a voice interaction application, a video conference application, a short video social application, a web browser application, a shopping application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like, so as to facilitate information interaction and operation of the user.
The second terminal not only has the local data processing capability, but also can interact with the server through the network, so that various online services and functions are supported.
In addition, the second terminal is usually equipped with a camera or other image acquisition device, and can be used for scanning the two-dimensional code.
In this embodiment, the second terminal may complete scanning and obtaining the private key two-dimensional code through the camera, thereby completing obtaining the private key two-dimensional code from the first terminal. After the second terminal obtains the private key two-dimensional code, the private key two-dimensional code can be stored.
Therefore, as the private key two-dimensional code and the encryption verification two-dimensional code are stored in two different terminal devices, the complete verification information can be prevented from being acquired due to the fact that any terminal device leaks the private key two-dimensional code or the encryption verification two-dimensional code, and therefore the safety of the password recovery process is remarkably improved.
In some optional embodiments, considering that the second terminal device is at risk of being lost or damaged, to prevent permanent loss of the private key two-dimensional code, the private key two-dimensional code may be securely stored in the cloud service platform.
Specifically, after the user can complete identity verification through a standard oauth2.0 authentication protocol, the private key two-dimensional code is uploaded and stored to a trusted cloud service platform. The trusted cloud service platforms provide standardized OAuth2 authentication interfaces to the outside, so that fast and safe cloud storage can be realized by means of the mature authentication mechanisms. Through the mode, even if the user changes the second terminal, the user can recover the private key two-dimensional code from the cloud by logging in the original account again, and then password recovery operation is completed.
In other optional embodiments, the user may also construct a local independent account and key management system, which is used to store the private key two-dimensional code safely, so as to ensure the security of the private key two-dimensional code in the local environment, and the method is suitable for the scene with higher privacy protection requirements or independent cloud service.
And 204, the first terminal responds to the detection of the user triggering the password recovery operation and displays the encrypted verification two-dimensional code.
In this embodiment, when the user needs to perform the password recovery operation, the encrypted authentication two-dimensional code may be displayed on the password recovery operation interface of the second terminal.
Here, the user may trigger a password recovery operation, which may refer to an operation triggered by the user at the password recovery operation interface to confirm that the password needs to be recovered.
Specifically, the method may include clicking a "confirm recovery password" button, executing a preset gesture, selecting a confirm recovery password option or other confirm recovery password action defined by the first terminal, where the operation is used to notify the first terminal that the user needs to recover the password, and may start a subsequent password recovery procedure.
And 205, the second terminal acquires the encrypted verification two-dimensional code from the first terminal, and acquires second password verification data according to the private key two-dimensional code and the encrypted verification two-dimensional code.
In this embodiment, after the first terminal displays the encrypted two-dimensional verification code, the second terminal may acquire the encrypted two-dimensional verification code from the first terminal, and the second terminal may complete scanning and acquiring the encrypted two-dimensional verification code through the camera, so as to complete acquiring the encrypted two-dimensional verification code from the first terminal.
Meanwhile, the first terminal can acquire the private key two-dimensional code from the local or cloud service platform, and then decrypt the encrypted verification two-dimensional code through the private key two-dimensional code to acquire second password verification data.
The second password authentication data may refer to plaintext data obtained by decrypting encrypted authentication data in the encrypted authentication two-dimensional code by the user.
In step 206, the first terminal performs the password recovery operation in response to detecting that the user triggers the second password authentication data input completion operation.
In this embodiment, after obtaining the second password authentication data, the user may input one or more answers (second password authentication data) corresponding to the security questions in the password recovery interface of the first terminal, so as to confirm the authenticity of the user identity.
Specifically, after the user completes the input operation of the second password authentication data, the second password authentication data input completion operation may be triggered.
The second password authentication data input completion operation may refer to an operation triggered by the user at the password recovery operation interface to confirm that the second password authentication data input is completed.
Specifically, the method may include clicking a "confirm" button, executing a preset gesture, selecting a completion option or other end input action defined by the first terminal, where the operation is used to notify the first terminal that the second password verification data input procedure is completed, and may initiate a subsequent password recovery operation.
In some alternative embodiments, step 206 may include the following B1-B2.
B1, the first terminal responds to the detection that the user triggers the second password verification data to input and finish operation, and whether the first password verification data and the second password verification data are matched or not is determined.
In this embodiment, the first terminal needs to verify the input second password authentication data to confirm whether the second password authentication data is consistent with the originally stored first password authentication data.
The first terminal can judge the authenticity of the user identity by comparing the two contents, and decide whether to allow the subsequent password recovery operation to be executed according to the authenticity.
Specifically, the first terminal compares the first password authentication data with the second password authentication data. If the first password verification data and the second password verification data are the same, the first terminal determines that the first password verification data and the second password verification data are matched. If the first password verification data and the second password verification data are different, the first terminal determines that the first password verification data and the second password verification data are not matched.
Here, if the first password authentication data and the second password authentication data are identical, it is indicated that the user can provide authentication information matched with the registration, thereby confirming the authenticity of the user's identity, and the first terminal can determine that the user's authentication passes according to the authentication information.
If the first password verification data and the second password verification data are different, the fact that the user cannot provide the identity verification information matched with the registration is indicated, and therefore the authenticity of the identity cannot be confirmed, and the first terminal can judge that the identity verification of the user fails according to the authentication information.
And B2, if the first terminal matches, the first terminal executes the password recovery operation.
When the user passes the authentication, the first terminal can execute the password recovery operation, and when the user fails the authentication, the first terminal can refuse to execute the subsequent password recovery operation and prompt the user that the password authentication data is wrong.
In this embodiment, the password recovery operation may refer to allowing the user to reset a new access password to replace an original forgotten or unavailable password after authentication is completed.
In the present disclosure, in order to further improve the security of the password recovery process, a secondary decryption protection mechanism may be introduced in the decryption flow.
With continued reference to fig. 3, fig. 3 illustrates a flow 300 of another embodiment of a password recovery method in an offline environment according to the present disclosure, and the password recovery method in an offline environment illustrated in fig. 3 is applicable to the first terminal device and the second terminal device illustrated in fig. 1. The flow 300 includes at least the following steps 301-310.
In step 301, the first terminal generates a key pair corresponding to the first password authentication data in response to detecting that the user triggers the first password authentication data input completion operation.
Wherein the key pair includes public key data and private key data.
And step 302, the first terminal generates an encryption verification two-dimensional code and a private key two-dimensional code according to the key pair and the first password verification data, and stores the encryption verification two-dimensional code.
And 303, the second terminal acquires the private key two-dimensional code from the first terminal and stores the private key two-dimensional code.
Specifically, step 303 may include the following C1-C4.
And C1, the first terminal generates encrypted password verification data according to the first password verification data and the public key data.
And C2, the first terminal converts the encrypted password verification data into an encrypted verification two-dimensional code according to a preset two-dimensional code conversion method.
The specific implementation and technical effects of steps 301, 302, C1 and C2 can refer to steps 201 to 203, and are not described herein.
And C3, the first terminal generates a first random character string and stores the first random character string.
In this embodiment, the first terminal may generate a first random string, which may be used as a key parameter for enhancing security in the password recovery process to generate additional authentication information (or a secondary protection password).
And C4, the first terminal converts the first random character string and the private key data into a private key two-dimensional code according to a preset two-dimensional code conversion method.
In this embodiment, the first random string and the private key data may be combined and converted into the private key two-dimensional code.
Specifically, the first random string and the private key data may be spliced or encrypted in a structured format to generate a data body containing dual authentication information, and then the data body containing the dual authentication information of the first random string and the private key data is converted into the private key two-dimensional code by the first terminal.
The private key two-dimensional code generated in the mode not only contains the private key data for decryption, but also fuses the first random character string as a key factor for generating the secondary protection password subsequently.
When the user uses the two-dimensional code to recover the password, the user can complete the complete authentication process only by providing the private key information and the first random character string, thereby realizing higher-level security protection.
In step 304, the first terminal responds to the detection of the user triggering the password recovery operation, and generates third password verification data according to the first random character string and the current time data.
The following may first introduce Time-based One-Time Password (TOTP) technology.
One-time cryptographic techniques based on time synchronization rely on a shared key and current time data for generating a dynamic password that is valid for a short period of time. The mechanism requires that a certain degree of time synchronization be maintained between the first terminal device and the second terminal device to ensure that both sides generate the same one-time password value within the same time window.
When the user tries to recover the password or perform sensitive operation, the first terminal device generates a one-time password according to the same input parameters (such as the shared key and the current timestamp), compares the one-time password with the one-time password value generated by the second terminal device, and considers that the identity verification is passed only when the two parameters are consistent.
In this embodiment, the first terminal may generate the third Password authentication data with the first random string and the current Time data using a Time-synchronized One-Time Password (TOTP) technique.
The third password verification data can be used as a one-time check value for enhancing the identity authentication strength in the password recovery process and preventing replay attack or illegal multiplexing.
For example, the first terminal may use HMAC-SHA256 algorithm to generate a 6-bit digital dynamic authentication code as the third password authentication data using the first random string as the shared key and the current time stamp (e.g., 30 seconds as a time window).
When the user recovers the password, the user needs to input the verification code, and after the first terminal equipment is consistent in comparison, the user can continue the subsequent process.
And 305, the second terminal analyzes the private key two-dimensional code to obtain a second random character string.
In this embodiment, the second terminal may parse the private key two-dimensional code, so as to obtain a second random string in the private key two-dimensional code, where the second random string may be the same as or different from the first random string.
And 306, the second terminal generates fourth password verification data according to the second random character string and the current time data.
Here, the second terminal may also generate the fourth password authentication data with the second random string and the current time data using a time-synchronized one-time password technique.
The fourth password authentication data may be used to compare with the third password authentication data to verify the authenticity of the user's identity and the legitimacy of the operation.
In step 307, the first terminal determines whether the third password authentication data and the fourth password authentication data match in response to detecting that the user triggers the fourth password authentication data input completion operation.
After the fourth password verification data is obtained, the user can input the fourth password verification data in the password recovery interface of the first terminal, and after the user finishes the input operation of the fourth password verification data, the user can trigger the fourth password verification data to be input to finish the operation.
The second password authentication data input completion operation may refer to an operation triggered by the user at the password recovery operation interface of the first terminal to confirm that the fourth password authentication data input is completed.
Specifically, the method may include clicking a "confirm" button, executing a preset gesture, selecting a completion option or other end input action defined by the first terminal device, where the operation is used to notify the first terminal that the fourth password verification data input procedure is completed, and may initiate a subsequent password recovery operation.
Specifically, the first terminal compares the third password authentication data with the fourth password authentication data. If the third password verification data and the fourth password verification data are the same, the first terminal determines that the third password verification data and the fourth password verification data are matched. If the third password verification data and the fourth password verification data are different, the first terminal determines that the third password verification data and the fourth password verification data are not matched.
If the third password verification data is the same as the fourth password verification data, the verification information provided by the user is an identity credential which is dynamically generated based on the current time information and matched with the first terminal equipment, so that the authenticity of the identity of the user is confirmed. The first terminal determines that the user authentication passes accordingly.
If the third password verification data is different from the fourth password verification data, the fact that the verification information provided by the user is not generated dynamically based on the current time information or the identity credential generated by the first correct random character string is not combined is indicated, so that the authenticity of the identity cannot be confirmed, and at the moment, the first terminal judges that the user identity verification fails.
And step 308, if the two-dimensional codes are matched, the first terminal displays the encrypted verification two-dimensional codes.
In this embodiment, when the first terminal determines that the third password authentication data and the fourth password authentication data are matched, the first terminal determines that the user authentication passes according to the matching, and the first terminal displays the encrypted authentication two-dimensional code on the password recovery interface, and then executes steps 205 to 206.
In this embodiment, when the first terminal determines that the third password authentication data and the fourth password authentication data do not match, the first terminal determines that the user authentication fails, and refuses to execute the subsequent password recovery operation.
And 309, the second terminal acquires the encrypted verification two-dimensional code from the first terminal, and acquires second password verification data according to the private key two-dimensional code and the encrypted verification two-dimensional code.
In step 310, the first terminal performs a password recovery operation in response to detecting that the user triggers the second password authentication data input completion operation.
The specific implementation and technical effects of step 309 and step 310 may refer to step 205 and step 206, and are not described herein.
The password recovery method in the offline environment includes the steps that a first terminal responds to detection of user triggering of first password verification data input completion operation to generate a key pair corresponding to first password verification data, the key pair comprises public key data and private key data, the first terminal generates an encryption verification two-dimensional code and a private key two-dimensional code according to the key pair and the first password verification data and stores the encryption verification two-dimensional code, a second terminal obtains the private key two-dimensional code from the first terminal and stores the private key two-dimensional code, the first terminal responds to detection of user triggering of password recovery operation to display the encryption verification two-dimensional code, the second terminal obtains the encryption verification two-dimensional code from the first terminal and obtains second password verification data according to the private key two-dimensional code and the encryption verification two-dimensional code, and the first terminal responds to detection of user triggering of second password verification data input completion operation to execute password recovery operation. According to the method and the device, the first password verification data are encrypted by the public key to generate the encrypted verification two-dimensional code, the corresponding private key is used for generating the private key two-dimensional code, and the private key two-dimensional code exists in two different terminal devices, so that the private key two-dimensional code can be conveniently transferred to the mobile phone and other devices with strong networking capability to be safely stored, and the encrypted verification two-dimensional code and the private key two-dimensional code are respectively stored in different terminal devices, so that complete verification information is prevented from being acquired due to leakage of any party, and the security of a password recovery process is remarkably improved. When the password recovery is needed, the user can decrypt the data in the encrypted verification two-dimensional code by scanning the private key two-dimensional code to obtain second password verification data, and the second password verification data is input into the first terminal equipment to finish the authentication and password resetting operation. The method does not need to rely on the user to memorize complex answers, avoids authentication failure or security risk caused by forgetting answers or answer leakage in the traditional secret security questions, and realizes a safe, convenient and anti-forgetting offline password recovery mechanism.
With further reference to fig. 4, as an implementation of the method shown in the foregoing figures, the present disclosure provides an embodiment of a password recovery system in an offline environment, where the system embodiment corresponds to the method embodiment shown in fig. 2, and the system may be specifically applied to the first terminal device and the second terminal device.
As shown in fig. 4, the system 400 includes a first terminal 401 and a second terminal 402. The first terminal 401 is configured to generate a key pair corresponding to first password verification data in response to detection of user triggering of a first password verification data input completion operation, wherein the key pair comprises public key data and private key data, the first terminal 401 is further configured to generate an encryption verification two-dimensional code and a private key two-dimensional code according to the key pair and the first password verification data and store the encryption verification two-dimensional code, the second terminal 402 is configured to acquire the private key two-dimensional code from the first terminal and store the private key two-dimensional code, the first terminal 401 is further configured to display the encryption verification two-dimensional code in response to detection of user triggering of a password recovery operation, the second terminal 402 is further configured to acquire the encryption verification two-dimensional code from the first terminal and obtain second password verification data according to the private key two-dimensional code and the encryption verification two-dimensional code, and the first terminal 401 is further configured to perform a password recovery operation in response to detection of user triggering of a second password verification data input completion operation.
In some alternative embodiments, the first terminal 401 is further configured to:
the first terminal generates encrypted password verification data according to the first password verification data and the public key data;
The first terminal converts the encrypted password verification data into an encrypted verification two-dimensional code according to a preset two-dimensional code conversion method;
the first terminal converts the private key data into a private key two-dimensional code according to a preset two-dimensional code conversion method.
In some alternative embodiments, the first terminal 401 is further configured to:
the first terminal responds to the detection that the user triggers the second password verification data to input and finish operation, and whether the first password verification data and the second password verification data are matched or not is determined;
if so, the first terminal executes the password recovery operation.
In some alternative embodiments, the first terminal 401 is further configured to:
The first terminal compares the first password verification data with the second password verification data;
if the first password verification data and the second password verification data are the same, the first terminal determines that the first password verification data and the second password verification data are matched;
if the first password verification data and the second password verification data are different, the first terminal determines that the first password verification data and the second password verification data are not matched.
In some alternative embodiments, the first terminal 401 is further configured to:
The first terminal generates a first random character string and stores the first random character string;
The first terminal converts the first random character string and the private key data into a private key two-dimensional code according to a preset two-dimensional code conversion method.
In some alternative embodiments, after the first terminal triggers the password recovery operation in response to detecting the user, the system 400 further includes:
the first terminal 401 is further configured to generate third password authentication data according to the first random string and the current time data;
The second terminal 402 is further configured to parse the private key two-dimensional code to obtain a second random string;
The second terminal 402 is further configured to generate fourth password authentication data from the second random string and the current time data, and
Before the first terminal displays the encrypted verification two-dimensional code, the system further comprises:
The first terminal 401 is further configured to determine whether the third password authentication data and the fourth password authentication data match in response to detecting that the user triggers the fourth password authentication data input completion operation;
If so, the first terminal 401 is further configured to display the encrypted authentication two-dimensional code.
It should be noted that, the implementation details and the technical effects of each unit in the password recovery device in the offline environment provided by the embodiments of the present disclosure may refer to the descriptions of other embodiments in the present disclosure, and are not described herein again.
Referring now to FIG. 5, there is illustrated a schematic diagram of a computer system 500 suitable for use in implementing the terminal devices of the present disclosure. The computer system 500 shown in fig. 5 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present disclosure.
As shown in fig. 5, a computer system 500 may include a processing device (e.g., a central processing unit, a graphics processor, etc.) 501 that may perform various suitable actions and processes in accordance with programs stored in a Read Only Memory (ROM) 502 or loaded from a storage device 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data required for the operation of the computer system 500 are also stored. The processing device 501, the ROM502, and the RAM503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
In general, devices may be connected to I/O interface 505 including input devices 506 such as a touch screen, touch pad, key pad, mouse, camera, microphone, etc., output devices 507 including a Liquid Crystal Display (LCD), speaker, vibrator, etc., storage devices 508 including magnetic tape, hard disk, etc., and communication devices 509. The communication means 509 may allow the computer system 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates a computer system 500 having electronic devices with various means, it should be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or from the storage means 508, or from the ROM 502. The above-described functions defined in the methods of the embodiments of the present disclosure are performed when the computer program is executed by the processing device 501.
It should be noted that the computer readable medium described in the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be included in the electronic device or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement a password recovery method in an offline environment as illustrated in the embodiment and alternative implementations of fig. 2.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++, python and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments described in the present disclosure may be implemented by means of software, or may be implemented by means of hardware. Wherein the name of the unit does not in some case constitute a limitation of the unit itself, e.g. the first terminal may also be described as "first terminal device".
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in this disclosure is not limited to the specific combinations of features described above, but also covers other embodiments which may be formed by any combination of features described above or equivalents thereof without departing from the spirit of the disclosure. Such as those described above, are mutually substituted with the technical features having similar functions disclosed in the present disclosure (but not limited thereto).