CN106302316A - Cipher management method and device, system - Google Patents

Cipher management method and device, system Download PDF

Info

Publication number
CN106302316A
CN106302316A CN201510249859.0A CN201510249859A CN106302316A CN 106302316 A CN106302316 A CN 106302316A CN 201510249859 A CN201510249859 A CN 201510249859A CN 106302316 A CN106302316 A CN 106302316A
Authority
CN
China
Prior art keywords
password
encrypted message
management
management platform
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510249859.0A
Other languages
Chinese (zh)
Inventor
查桂峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510249859.0A priority Critical patent/CN106302316A/en
Priority to PCT/CN2016/075543 priority patent/WO2016184221A1/en
Publication of CN106302316A publication Critical patent/CN106302316A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of cipher management method and device, system, wherein, the method includes: management platform receives the encrypted message of the terminal transmission that this management platform is administered;Described management platform carries out Password Management according to described encrypted message to the password of described terminal, use the technique scheme that the present invention provides, solve in correlation technique, the bigger workload of needs that Password Management mode needs attendant to participate in and causes, affecting Password Management efficiency and Password Management safety cannot the normal problem such as guarantee, and then provide a kind of safe Password Management mode, substantially increase user experience.

Description

Cipher management method and device, system
Technical field
The present invention relates to the communications field, in particular to a kind of cipher management method and device, system.
Background technology
Under the current information age, on the one hand people IT technical ability becomes increasingly popular and improves, and requires the most more to come to IT application The most, userbase is the most increasing simultaneously;On the other hand, with communication technology, terminal technology and relevant information science Development, IT application get more and more, framework also becomes increasingly complex;It addition, along with security incident in recent years takes place frequently, letter Breathization safety requirements is more and more higher.These all make current IT maintenance task become complicated various, take great energy laborious.Mesh Before, the development built along with Intel Virtualization Technology and data 6+ center, the most great enterprise plays unified data center Carrying out being managed collectively, safeguarding, cloud and non-cloudization mutually and are deposited, and small enterprise the most constantly improves oneself IT platform, makes every effort to Unified management is safeguarded, cost-effective, ensures safety simultaneously.
According to the requirement of safe O&M, types of applications and data base host subscriber in government and enterprises need periodically to change password, as Fruit is applied less or framework is small, and operation maintenance personnel may go back easy care, but along with types of applications increases and all kinds of The increase of the complexity of framework, attendant has been difficult to periodically change and has recorded each user cipher, and can remember easily and safely Record is safeguarded.Subject matter is: apply more, user is more, Password Management safeguard be difficult to record safeguard, easily reveal; During periodic replacement password, record deviation or mistake easily occur;Application architecture is complicated, and corresponding change of secret code impact is relatively big, Possibly even cause the application cannot be the most properly functioning;When operation maintenance personnel substitutes, Password Management transmission takes time and effort;Daily Search password when safeguarding login system to waste time and energy, affect efficiency;Password Management is difficult to ensure that safely.
For in correlation technique, the bigger workload of needs that Password Management mode needs attendant to participate in and causes, impact Password Management efficiency and Password Management safety cannot the normal problem such as guarantee, effective solution is not yet proposed.
Summary of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of cipher management method and device, system.
According to an aspect of the invention, it is provided a kind of cipher management method, including: management platform receives this management and puts down The encrypted message that the terminal that platform is administered sends;The password of described terminal is entered by described management platform according to described encrypted message Row Password Management.
Preferably, management platform receives the encrypted message of the terminal transmission that this management platform is administered, including: described management Platform receives described terminal and is encrypted described encrypted message, obtains the encrypted message of encryption, wherein, according to described end Described encrypted message is encrypted by the PKI carried in the digital certificate that end obtains in advance.
Preferably, before management platform receives the encrypted message of the terminal transmission that this management platform is administered, also include: institute Stating management platform to be mutually authenticated according to digital certificate with described terminal, wherein, after being verified, described management is put down Platform receives the encrypted message of described encryption.
Preferably, described management platform carries out Password Management according to described encrypted message to the password of described terminal, including: Described management platform preserves password corresponding to described encrypted message, and/or this management platform is preserved by described management platform Password is revised as the password that the encrypted message that receives is corresponding, and/or the password being saved in this locality is sent out by described management platform Deliver to designated terminal.
Preferably, the password that this management platform preserves is revised as corresponding close of the encrypted message that receives by described management platform Code, including: the password that this management platform is preserved by described management platform sends to described terminal, wherein, described terminal root According to the private key carried in the digital certificate that described terminal obtains in advance, described password is decrypted;After successful decryption, institute State management platform and receive the encrypted message that described terminal sends, and be revised as receiving by the password that this management platform preserves The password that encrypted message is corresponding.
According to another aspect of the present invention, additionally provide a kind of Password Management device, be applied to manage platform, including: Receiver module, the encrypted message that the terminal administered for receiving this management platform sends;Management module, for according to institute State encrypted message and the password of described terminal is carried out Password Management.
Preferably, described receiver module, it is used for receiving described terminal and described encrypted message is encrypted, obtain encryption Encrypted message, wherein, described encrypted message is carried out by the PKI according to carrying in the digital certificate that described terminal obtains in advance Encryption.
Preferably, described device, also include: authentication module, for mutually testing according to digital certificate with described terminal Card, wherein, after being verified, receives the encrypted message of described encryption.
Preferably, described management module, including: storage unit, for preserving the password that described encrypted message is corresponding, and / or amendment unit, for the password that this management platform preserves being revised as the password that the encrypted message that receives is corresponding, and/ Or transmitting element, for the password being saved in this locality is sent to designated terminal.
According to another aspect of the present invention, additionally provide a kind of password management system, including: management platform, terminal, Described management platform, the encrypted message that the terminal administered for receiving this management platform sends, and according to described message in cipher Cease the password to described terminal and carry out Password Management.
By the present invention, the password that encrypted message is corresponding can be managed by management platform according to the encrypted message of terminal to report The technological means of reason, solves in correlation technique, and the needs that Password Management mode needs attendant to participate in and causes are bigger Workload, affect Password Management efficiency and Password Management safety cannot the normal problem such as guarantee, and then provide one The Password Management mode of safety, substantially increases user experience.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, the present invention Schematic description and description be used for explaining the present invention, be not intended that inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the cipher management method according to the embodiment of the present invention;
Fig. 2 is the system architecture diagram according to the embodiment of the present invention;
Fig. 3 is the initialization O&M flow chart according to the embodiment of the present invention;
Fig. 4 is the password typing flow chart according to the embodiment of the present invention;
Fig. 5 is the password change flow chart according to the embodiment of the present invention;
Fig. 6 is the password transmission flow chart according to the embodiment of the present invention;
Fig. 7 is the structured flowchart of the Password Management device according to the embodiment of the present invention;
Fig. 8 is another structured flowchart of the Password Management device according to the embodiment of the present invention;
Fig. 9 is the structured flowchart of the management module 72 of the Password Management device according to the embodiment of the present invention;
Figure 10 is the structured flowchart of the password management system according to the embodiment of the present invention.
Detailed description of the invention
Below with reference to accompanying drawing and describe the present invention in detail in conjunction with the embodiments.It should be noted that in the feelings do not conflicted Under condition, the embodiment in the application and the feature in embodiment can be mutually combined.
Other features and advantages of the present invention will illustrate in the following description, and, partly become from description It is clear that or understand by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Structure specifically noted in book, claims and accompanying drawing realizes and obtains.
In order to make those skilled in the art be more fully understood that the present invention program, attached below in conjunction with in the embodiment of the present invention Figure, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only It is the embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, this area is common The every other embodiment that technical staff is obtained under not making creative work premise, all should belong to the present invention and protect The scope protected.
In embodiments of the present invention, additionally providing a kind of cipher management method, Fig. 1 is the password according to the embodiment of the present invention The flow chart of management method, as it is shown in figure 1, comprise the following steps:
Step S102, management platform receives the encrypted message of the terminal transmission that this management platform is administered;
Step S104, management platform carries out Password Management according to encrypted message to the password of terminal.
By each step above-mentioned, the encrypted message of the terminal to report that management platform can be administered according to management platform, enter And the technological means that the password that encrypted message is corresponding is managed, solve in correlation technique, Password Management mode needs The bigger workload of needs that attendant participates in and causes, affects Password Management efficiency and Password Management safety cannot be just The problems such as often guarantee, and then provide a kind of safe Password Management mode, substantially increase user experience.
For the implementation of above-mentioned steps S102, safer in order to reach Password Management, in embodiments of the present invention, Additionally provide implemented below scheme: terminal is first encrypted according to the PKI in digital certificate to sent encrypted message, Obtain the encrypted message of encryption, and then the encrypted message of encryption is sent to managing platform, say, that management platform connects The password received is actually through encryption, even if management platform is broken, encrypted message is acquired, and it is not owing to having Having the PKI of the above-mentioned digital certificate mentioned, real password also cannot be obtained by the external world, certainly, receives at management platform Before the encrypted message that terminal sends, need to manage platform and terminal and according to the digital certificate each preserved, the other side is tested Demonstrate,proving, namely management platform is verified by terminal, management platform is also required to verify terminal.
It should be noted that above-mentioned management platform includes the unit being capable of above-mentioned functions, and can cross All functional entitys of the completed function of above-mentioned steps S102 to S104.
In actual application, the implementation of above-mentioned steps S104 includes but not limited to following several situation: 1) pipe Platform preserves the password that encrypted message is corresponding;2) password that this management platform preserves is revised as receiving by management platform Password corresponding to encrypted message, above-mentioned amendment process is it is to be understood that the password that preserved by this management platform of management platform Sending to terminal, wherein, the private key pair cryptography carried in the digital certificate that terminal obtains in advance according to terminal is decrypted; After successful decryption, management platform receives the encrypted message that terminal sends, and is revised as by the password that this management platform preserves The password that the encrypted message that receives is corresponding;3) password being saved in this locality is sent to designated terminal by management platform.
In order to be better understood from above-mentioned Password Management process, illustrate technique scheme below in conjunction with a preferred exemplary:
Fig. 2 is the system architecture diagram according to the embodiment of the present invention, including: certificate authority (Certificate Authority, referred to as CA) server, certifying device, management service platform (can be understood as above-described embodiment Management platform), crypting component (can be understood as parts in above-mentioned terminal, or the most only with above-mentioned terminal A vertical equipment), O&M main frame (being equivalent to above-mentioned terminal).CA server is used for application and the granting of certificate;Card Book equipment is used for depositing certificate, is the carrier of certificate, can be encryption device;Crypting component and management service platform are Core, realizes unified Password management services by both mutual and management;O&M main frame is that Password management services is real The object executed, it should be noted that for managing platform application certificate on CA server, and install.Follow-up management is put down Platform with CA server, crypting component and operation maintenance personnel alternately before all set up safe encrypted tunnel by digital certificate.
Here management service platform is responsible for the virtual machine under publicly-owned cloud, privately owned cloud environment, physical machine are carried out unified resource Management and O&M log in management;Unified cryptographic service serves management service platform, depends on crypting component, it is provided that right The password typing of main frame, novel maintenance, password change and password transmission operation;CA server is for raw for operation maintenance personnel Becoming digital certificate, its application is from O&M group account relevant in virtualization services platform, and digital certificate serves decryption component Ensure Password Management safety;The password that user is inputted by crypting component carries out encryption and decryption operation, depends in digital certificate PKI and private key, digital certificate can be stored in safety equipment, and crypting component drives safely reading phase by equipment Close certificate information.The account of main frame and password encryption are stored in management platform, encrypt and are used O&M number by crypting component The PKI of word certificate and AES, deciphering is then used private key and decipherment algorithm by crypting component.Cryptographic service and add solution Digital certificate identification and verification must be carried out, to guarantee safety when carrying out communication between seal assembly.
Fig. 3 is the initialization O&M flow chart according to the embodiment of the present invention, as shown in Figure 3:
Step S301, first upper-level management create relevant operation maintenance personnel group account on management service platform and are correlated with main The O&M authority of machine, can be 1 people or many people in a group.
Step S303, after creating successfully, management service platform thinks that CA server submits to certificate request (with group as list automatically Position).
Step S305, certificate request success after, certificate management person be operation maintenance personnel by certificate by corresponding instrument safety Cryptographically in write certifying device.
Following steps S307 to S309 is the most not shown, but in the protection domain that the present embodiments relate to.
Step S307, when operation maintenance personnel needs O&M, takes certifying device, such as USB device.
Step S309, operation maintenance personnel Access Management Access service platform, insert device certificate, safety mutually set up by certificate of utility After encrypted tunnel, the main frame of administration can be applied for Password Management, such as typing, change and transmit.
Fig. 4 is the password typing flow chart according to the embodiment of the present invention, and password typing is typically when initializing, or password The flow process performed during extraordinary failure, as shown in Figure 4:
Step S402, applies for typing.
Step S404, applies for typing;
Wherein, the crypting component installed on a client for managing service platform to call.
Step S406, crypting component is carried out mutually by digital certificate each other with the cryptographic service of management service platform Inspection, it is ensured that both sides are credible, and the place of applicant really group certificate, and after being proved to be successful, consult encryption and decryption Symmetry algorithm, inputs username and password in crypting component and submits to, and crypting component is by the public affairs in certifying device Key Crypted password, and the safe cryptographic service that passes to is to feed back to management service platform, wherein, manages service platform record Operation maintenance personnel Operation Log also stores the Crypted password that this main frame is corresponding.
Step S408, needs angle, such as, reads information between crypting component and certifying device.
Fig. 5 is the password change flow chart according to the embodiment of the present invention, and password change flow process is mainly used in periodically changing password Require or some other requirement, be also the important specification requirement of safety management O&M.Idiographic flow is as shown in Figure 5:
Step S502, the user name of selection change:;
Alternatively, between step S502 and S504, it is also possible to perform procedure below: confirm or arrange driving to process also Determine, the Run Script title the most usually set out after setting change password, in order to configuration makes application to run well; Can also be not provided with.
Step S504: management information desk calls client computer crypting component, and the cryptographic service in utilization service platform is carried out After same safety check, transmit previous encryption username and password, it is desirable to Change Password.
Step S506, crypting component, utilize private key decrypted user name and password, confirmation can be deciphered, the most just be shown Show original users name and password, and require to input different new passwords.
Step S508, operation maintenance personnel submission new password, crypting component is by the public key encryption user name in certifying device And password, and by the user name after deciphering and previous password, amended decodement passes to safely safety management platform In cryptographic service.
Step S510, cryptographic service is revised this host cryptographic and triggers corresponding driving configuration process, wherein, above-mentioned After step has performed, management service platform preserves new Crypted password log.
It should be noted that operate for normal O&M, cryptographic service can inquire true password to crypting component, adjusts Directly carry out effective integration connection with fastening means, it is not necessary to input password, the most no longer illustrate.
Need to update when encountering old certificate, or when some main frame needs to be assigned to other packet O&M, it is necessary to carry out password Transmission, Fig. 6 is the password transmission flow chart according to the embodiment of the present invention, and idiographic flow can be according to as shown in Figure 6:
Step S602, operation maintenance personnel selects transmission Password Operations to include: transmission application and reception transmission.
Step S604, transmission application or reception transmission;
Wherein, management service platform calls the crypting component installed on a client, and cryptographic service is looked into crypting component Ask out password after deciphering, and use the PKI of self to be encrypted to feed back to management platform and store temporarily, insert certificate, peace Full login manages service platform, selects corresponding main frame, selects to accept corresponding transmission operation.
Step S606, cryptographic service is with the encryption username and password of the interim storage of private key deciphering and to crypting component Shen Please CIPHERING REQUEST, and obtain the user name password after new encryption.
Step S608, deciphering returns or encryption returns;
Wherein, cryptographic service feeds back to management platform by newly adding confidential information, and management platform preserves new Crypted password, and more New transmission state terminates.
It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement, Because according to the present invention, some step can use other orders or carry out simultaneously.Secondly, those skilled in the art are also Should know, embodiment described in this description belongs to preferred embodiment, and involved action and module might not It is essential to the invention.
Additionally provide a kind of Password Management device in the present embodiment, be applied to manage platform, be used for realizing above-described embodiment And preferred implementation, carried out repeating no more of explanation, below the module related in this device had been illustrated. As used below, term " module " can realize the software of predetermined function and/or the combination of hardware.Although below Device described by embodiment preferably realizes with software, but hardware, or the realization of the combination of software and hardware is also May and be contemplated.Fig. 7 is the structured flowchart of the Password Management device according to the embodiment of the present invention.As it is shown in fig. 7, This device includes:
Receiver module 70, the encrypted message that the terminal administered for receiving this management platform sends;
Management module 72, is connected with receiver module 70, for the password of terminal being carried out Password Management according to encrypted message.
By the comprehensive function of above-mentioned modules, the terminal to report that management platform can be administered according to management platform close Code information, and then the technological means being managed the password that encrypted message is corresponding, solve in correlation technique, password pipe The bigger workload of needs that reason mode needs attendant to participate in and causes, affects Password Management efficiency and Password Management peace Full property cannot the normal problem such as guarantee, and then provide a kind of safe Password Management mode, substantially increase Consumer's Experience Degree.
Alternatively, receiver module 70, it is used for receiving terminal and encrypted message is encrypted, obtain the encrypted message of encryption, Wherein, encrypted message is encrypted by the PKI carried in the digital certificate obtained in advance according to terminal.
Fig. 8 is another structured flowchart of the Password Management device according to the embodiment of the present invention, and said apparatus also includes: test Card module 74, for being mutually authenticated according to digital certificate with terminal, wherein, after being verified, receives the close of encryption Code information.
Fig. 9 is the structured flowchart of the management module 72 of the Password Management device according to the embodiment of the present invention, as it is shown in figure 9, Management module 72, including: storage unit 720, for preserving the password that encrypted message is corresponding, and/or amendment unit 722, For the password that the encrypted message being revised as receiving by the password that this management platform preserves is corresponding, and/or transmitting element 724, For the password being saved in this locality is sent to designated terminal.
In embodiments of the present invention, additionally providing a kind of password management system, Figure 10 is close according to the embodiment of the present invention The structured flowchart of code management system, as shown in Figure 10, including: management platform 100, terminal 102, manage platform 100, The encrypted message that the terminal 102 administered for receiving this management platform sends, and according to the encrypted message password to terminal Carry out Password Management.
By the above-mentioned technical scheme mentioned of the embodiment of the present invention, management platform can be according to the encrypted message pair of terminal to report The technological means that the password that encrypted message is corresponding is managed, solves in correlation technique, and Password Management mode needs to safeguard The bigger workload of needs that personnel participate in and cause, affects Password Management efficiency and Password Management safety cannot normally be protected The problems such as card, and then provide a kind of safe Password Management mode, substantially increase user experience, simultaneously convenient enterprise Industry operation management, reduces maintenance cost, while improving efficiency, ensures cryptosecurity.
It should be noted that the embodiment of the present invention is modified also dependent on practical situation and safety requirements, such as encryption and decryption Can realize management by nonnumeric certificate mode, it can also be soft certificate that digital certificate is deposited.Embodiment of the present invention institute is real Existing unified Password management services is the mode of a kind of novelty, can be effectively by the Password Management in all kinds of management and maintenance platform Effectively combine with O&M, be substantially reduced complexity and the security risk of Password Management, improve O&M efficiency, to data The fields such as central platform construction, enterprise's IT O&M are built significant.
In sum, the embodiment of the present invention has reached techniques below effect: greatly reduces O&M complexity, improve visit Ask efficiency, can ensure that the safety of Password Management simultaneously.Operation maintenance personnel is without remembeing complicated password, directly with service and group The mode of part provides Man Machine Interface, meets complicated applications framework and arranges demand, it is provided that multi-stage protection and exception handler System, thus save a large amount of O&M cost for enterprise, improve enterprise's application access efficiency and experience, and, at password During O&M, realize password record and O&M by Password management services, it is not necessary to record password, password transmission be also Background encryption is carried out, and has ensured the complexity that password is revealed and safeguarded.
In another embodiment, additionally providing a kind of software, this software is used for performing above-described embodiment and being preferable to carry out Technical scheme described in mode.
In another embodiment, additionally providing a kind of storage medium, in this storage medium, storage has above-mentioned software, should Storage medium includes but not limited to: CD, floppy disk, hard disk, scratch pad memory etc..
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second " Etc. being for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that so use Object can exchange in the appropriate case, in order to embodiments of the invention described herein can be with except here illustrating Or the order enforcement beyond those described.Additionally, term " includes " and " having " and their any deformation, it is intended that Be to cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product or Equipment is not necessarily limited to those steps or the unit clearly listed, but can include the most clearly listing or for these Other step that process, method, product or equipment are intrinsic or unit.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general Calculating device to realize, they can concentrate on single calculating device, or be distributed in multiple calculating device and formed Network on, alternatively, they can realize, it is thus possible to by them with calculating the executable program code of device Storage is performed by calculating device in the storage device, and in some cases, can hold with the order being different from herein Step shown or described by row, or they are fabricated to respectively each integrated circuit modules, or by many in them Individual module or step are fabricated to single integrated circuit module and realize.So, the present invention is not restricted to any specific hardware Combine with software.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the technology of this area For personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made is any Amendment, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (10)

1. a cipher management method, it is characterised in that including:
Management platform receives the encrypted message of the terminal transmission that this management platform is administered;
Described management platform carries out Password Management according to described encrypted message to the password of described terminal.
Method the most according to claim 1, it is characterised in that management platform receives the terminal that this management platform is administered The encrypted message sent, including:
Described management platform receives described terminal and is encrypted described encrypted message, obtains the encrypted message of encryption, Wherein, described encrypted message is encrypted by the PKI carried in the digital certificate obtained in advance according to described terminal.
Method the most according to claim 2, it is characterised in that management platform receives the terminal that this management platform is administered Before the encrypted message sent, also include:
Described management platform is mutually authenticated according to digital certificate with described terminal, wherein, after being verified, Described management platform receives the encrypted message of described encryption.
Method the most according to claim 1, it is characterised in that described management platform according to described encrypted message to described The password of terminal carries out Password Management, including:
Described management platform preserves the password that described encrypted message is corresponding, and/or
The password that this management platform preserves is revised as the password that the encrypted message that receives is corresponding by described management platform, And/or
The password being saved in this locality is sent to designated terminal by described management platform.
Method the most according to claim 4, it is characterised in that the password that this management platform is preserved by described management platform It is revised as the password that the encrypted message that receives is corresponding, including:
Password that this management platform is preserved by described management platform sends to described terminal, wherein, described terminal according to Described password is decrypted by the private key carried in the digital certificate that described terminal obtains in advance;
After successful decryption, described management platform receives the encrypted message that described terminal sends, and by this management platform The password preserved is revised as the password that the encrypted message that receives is corresponding.
6. a Password Management device, is applied to manage platform, it is characterised in that including:
Receiver module, the encrypted message that the terminal administered for receiving this management platform sends;
Management module, for carrying out Password Management according to described encrypted message to the password of described terminal.
Device the most according to claim 6, it is characterised in that described receiver module, is used for receiving described terminal to institute State encrypted message to be encrypted, obtain the encrypted message of encryption, wherein, the numeral obtained in advance according to described terminal Described encrypted message is encrypted by the PKI carried in certificate.
Device the most according to claim 7, it is characterised in that described device, also includes:
Authentication module, for being mutually authenticated according to digital certificate with described terminal, wherein, after being verified, Receive the encrypted message of described encryption.
Device the most according to claim 6, it is characterised in that described management module, including:
Storage unit, for preserving the password that described encrypted message is corresponding, and/or
Amendment unit, for the password that this management platform preserves is revised as the password that the encrypted message that receives is corresponding, And/or
Transmitting element, for sending the password being saved in this locality to designated terminal.
10. a password management system, it is characterised in that including: management platform, terminal,
Described management platform, the encrypted message that the terminal administered for receiving this management platform sends, and according to institute State encrypted message and the password of described terminal is carried out Password Management.
CN201510249859.0A 2015-05-15 2015-05-15 Cipher management method and device, system Pending CN106302316A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510249859.0A CN106302316A (en) 2015-05-15 2015-05-15 Cipher management method and device, system
PCT/CN2016/075543 WO2016184221A1 (en) 2015-05-15 2016-03-03 Password management method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510249859.0A CN106302316A (en) 2015-05-15 2015-05-15 Cipher management method and device, system

Publications (1)

Publication Number Publication Date
CN106302316A true CN106302316A (en) 2017-01-04

Family

ID=57319361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510249859.0A Pending CN106302316A (en) 2015-05-15 2015-05-15 Cipher management method and device, system

Country Status (2)

Country Link
CN (1) CN106302316A (en)
WO (1) WO2016184221A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107204974A (en) * 2017-04-14 2017-09-26 努比亚技术有限公司 The management method and mobile terminal of a kind of user cipher
CN107506653A (en) * 2017-07-17 2017-12-22 深圳前海微众银行股份有限公司 Cipher management method, device and computer-readable recording medium
CN110401529A (en) * 2019-07-23 2019-11-01 南瑞集团有限公司 A kind of cipher management method
CN110691069A (en) * 2019-09-04 2020-01-14 中体彩科技发展有限公司 Method and system for maintaining and managing terminal high-authority password

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740124A (en) * 2019-09-20 2020-01-31 平安普惠企业管理有限公司 Account password distribution method and device, storage medium and computer equipment
CN110826030B (en) * 2019-11-08 2023-09-15 湖南长城医疗科技有限公司 Self-service software and related module authorization use method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
CN102014133B (en) * 2010-11-26 2013-08-21 清华大学 Method for implementing safe storage system in cloud storage environment
CN103916358B (en) * 2012-12-30 2017-06-30 航天信息股份有限公司 A kind of key diffusion and method of calibration and system
CN103237005A (en) * 2013-03-15 2013-08-07 福建联迪商用设备有限公司 Method and system for key management
US9467425B2 (en) * 2013-03-18 2016-10-11 Intel Corporation Key refresh between trusted units
CN103595730B (en) * 2013-11-28 2016-06-08 中国科学院信息工程研究所 A kind of ciphertext cloud storage method and system
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107204974A (en) * 2017-04-14 2017-09-26 努比亚技术有限公司 The management method and mobile terminal of a kind of user cipher
CN107204974B (en) * 2017-04-14 2020-12-22 深圳市恒腾网络有限公司 User password management method and mobile terminal
CN107506653A (en) * 2017-07-17 2017-12-22 深圳前海微众银行股份有限公司 Cipher management method, device and computer-readable recording medium
CN107506653B (en) * 2017-07-17 2020-11-24 深圳前海微众银行股份有限公司 Password management method, device and computer readable storage medium
CN110401529A (en) * 2019-07-23 2019-11-01 南瑞集团有限公司 A kind of cipher management method
CN110691069A (en) * 2019-09-04 2020-01-14 中体彩科技发展有限公司 Method and system for maintaining and managing terminal high-authority password
CN110691069B (en) * 2019-09-04 2022-05-17 中体彩科技发展有限公司 Method and system for maintaining and managing terminal high-authority password

Also Published As

Publication number Publication date
WO2016184221A1 (en) 2016-11-24

Similar Documents

Publication Publication Date Title
US8984295B2 (en) Secure access to electronic devices
Dasgupta et al. Multi-factor authentication: more secure approach towards authenticating individuals
US10560476B2 (en) Secure data storage system
US11968206B2 (en) Non-custodial tool for building decentralized computer applications
CN106302316A (en) Cipher management method and device, system
US11323274B1 (en) Certificate authority
CN101771699A (en) Method and system for improving SaaS application security
CN105027107A (en) Secure virtual machine migration
CN105337955A (en) Domestic, safe and controllable virtual desktop management control system
CN103152179A (en) Uniform identity authentication method suitable for multiple application systems
CN103152178B (en) cloud computing verification method and system
CN101510888A (en) Method, device and system for improving data security for SaaS application
CN105162808A (en) Safety login method based on domestic cryptographic algorithm
CN109981287A (en) A kind of code signature method and its storage medium
CN109660534A (en) Safety certifying method, device, electronic equipment and storage medium based on more trade companies
CN106533693A (en) Access method and device of railway vehicle monitoring and maintenance system
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
WO2011141579A2 (en) System and method for providing security for cloud computing resources using portable security devices
CN105119719A (en) Key management method of secure storage system
US10749689B1 (en) Language-agnostic secure application development
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
US11032708B2 (en) Securing public WLAN hotspot network access
CN105072136A (en) Method and system for security authentication between devices based on virtual drive
CN104935606A (en) Terminal login method in cloud computing network
Brauer Authentication and security aspects in an international multi-user network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170104