CN106302316A - Cipher management method and device, system - Google Patents
Cipher management method and device, system Download PDFInfo
- Publication number
- CN106302316A CN106302316A CN201510249859.0A CN201510249859A CN106302316A CN 106302316 A CN106302316 A CN 106302316A CN 201510249859 A CN201510249859 A CN 201510249859A CN 106302316 A CN106302316 A CN 106302316A
- Authority
- CN
- China
- Prior art keywords
- password
- encrypted message
- management
- management platform
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a kind of cipher management method and device, system, wherein, the method includes: management platform receives the encrypted message of the terminal transmission that this management platform is administered;Described management platform carries out Password Management according to described encrypted message to the password of described terminal, use the technique scheme that the present invention provides, solve in correlation technique, the bigger workload of needs that Password Management mode needs attendant to participate in and causes, affecting Password Management efficiency and Password Management safety cannot the normal problem such as guarantee, and then provide a kind of safe Password Management mode, substantially increase user experience.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of cipher management method and device, system.
Background technology
Under the current information age, on the one hand people IT technical ability becomes increasingly popular and improves, and requires the most more to come to IT application
The most, userbase is the most increasing simultaneously;On the other hand, with communication technology, terminal technology and relevant information science
Development, IT application get more and more, framework also becomes increasingly complex;It addition, along with security incident in recent years takes place frequently, letter
Breathization safety requirements is more and more higher.These all make current IT maintenance task become complicated various, take great energy laborious.Mesh
Before, the development built along with Intel Virtualization Technology and data 6+ center, the most great enterprise plays unified data center
Carrying out being managed collectively, safeguarding, cloud and non-cloudization mutually and are deposited, and small enterprise the most constantly improves oneself IT platform, makes every effort to
Unified management is safeguarded, cost-effective, ensures safety simultaneously.
According to the requirement of safe O&M, types of applications and data base host subscriber in government and enterprises need periodically to change password, as
Fruit is applied less or framework is small, and operation maintenance personnel may go back easy care, but along with types of applications increases and all kinds of
The increase of the complexity of framework, attendant has been difficult to periodically change and has recorded each user cipher, and can remember easily and safely
Record is safeguarded.Subject matter is: apply more, user is more, Password Management safeguard be difficult to record safeguard, easily reveal;
During periodic replacement password, record deviation or mistake easily occur;Application architecture is complicated, and corresponding change of secret code impact is relatively big,
Possibly even cause the application cannot be the most properly functioning;When operation maintenance personnel substitutes, Password Management transmission takes time and effort;Daily
Search password when safeguarding login system to waste time and energy, affect efficiency;Password Management is difficult to ensure that safely.
For in correlation technique, the bigger workload of needs that Password Management mode needs attendant to participate in and causes, impact
Password Management efficiency and Password Management safety cannot the normal problem such as guarantee, effective solution is not yet proposed.
Summary of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of cipher management method and device, system.
According to an aspect of the invention, it is provided a kind of cipher management method, including: management platform receives this management and puts down
The encrypted message that the terminal that platform is administered sends;The password of described terminal is entered by described management platform according to described encrypted message
Row Password Management.
Preferably, management platform receives the encrypted message of the terminal transmission that this management platform is administered, including: described management
Platform receives described terminal and is encrypted described encrypted message, obtains the encrypted message of encryption, wherein, according to described end
Described encrypted message is encrypted by the PKI carried in the digital certificate that end obtains in advance.
Preferably, before management platform receives the encrypted message of the terminal transmission that this management platform is administered, also include: institute
Stating management platform to be mutually authenticated according to digital certificate with described terminal, wherein, after being verified, described management is put down
Platform receives the encrypted message of described encryption.
Preferably, described management platform carries out Password Management according to described encrypted message to the password of described terminal, including:
Described management platform preserves password corresponding to described encrypted message, and/or this management platform is preserved by described management platform
Password is revised as the password that the encrypted message that receives is corresponding, and/or the password being saved in this locality is sent out by described management platform
Deliver to designated terminal.
Preferably, the password that this management platform preserves is revised as corresponding close of the encrypted message that receives by described management platform
Code, including: the password that this management platform is preserved by described management platform sends to described terminal, wherein, described terminal root
According to the private key carried in the digital certificate that described terminal obtains in advance, described password is decrypted;After successful decryption, institute
State management platform and receive the encrypted message that described terminal sends, and be revised as receiving by the password that this management platform preserves
The password that encrypted message is corresponding.
According to another aspect of the present invention, additionally provide a kind of Password Management device, be applied to manage platform, including:
Receiver module, the encrypted message that the terminal administered for receiving this management platform sends;Management module, for according to institute
State encrypted message and the password of described terminal is carried out Password Management.
Preferably, described receiver module, it is used for receiving described terminal and described encrypted message is encrypted, obtain encryption
Encrypted message, wherein, described encrypted message is carried out by the PKI according to carrying in the digital certificate that described terminal obtains in advance
Encryption.
Preferably, described device, also include: authentication module, for mutually testing according to digital certificate with described terminal
Card, wherein, after being verified, receives the encrypted message of described encryption.
Preferably, described management module, including: storage unit, for preserving the password that described encrypted message is corresponding, and
/ or amendment unit, for the password that this management platform preserves being revised as the password that the encrypted message that receives is corresponding, and/
Or transmitting element, for the password being saved in this locality is sent to designated terminal.
According to another aspect of the present invention, additionally provide a kind of password management system, including: management platform, terminal,
Described management platform, the encrypted message that the terminal administered for receiving this management platform sends, and according to described message in cipher
Cease the password to described terminal and carry out Password Management.
By the present invention, the password that encrypted message is corresponding can be managed by management platform according to the encrypted message of terminal to report
The technological means of reason, solves in correlation technique, and the needs that Password Management mode needs attendant to participate in and causes are bigger
Workload, affect Password Management efficiency and Password Management safety cannot the normal problem such as guarantee, and then provide one
The Password Management mode of safety, substantially increases user experience.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, the present invention
Schematic description and description be used for explaining the present invention, be not intended that inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the cipher management method according to the embodiment of the present invention;
Fig. 2 is the system architecture diagram according to the embodiment of the present invention;
Fig. 3 is the initialization O&M flow chart according to the embodiment of the present invention;
Fig. 4 is the password typing flow chart according to the embodiment of the present invention;
Fig. 5 is the password change flow chart according to the embodiment of the present invention;
Fig. 6 is the password transmission flow chart according to the embodiment of the present invention;
Fig. 7 is the structured flowchart of the Password Management device according to the embodiment of the present invention;
Fig. 8 is another structured flowchart of the Password Management device according to the embodiment of the present invention;
Fig. 9 is the structured flowchart of the management module 72 of the Password Management device according to the embodiment of the present invention;
Figure 10 is the structured flowchart of the password management system according to the embodiment of the present invention.
Detailed description of the invention
Below with reference to accompanying drawing and describe the present invention in detail in conjunction with the embodiments.It should be noted that in the feelings do not conflicted
Under condition, the embodiment in the application and the feature in embodiment can be mutually combined.
Other features and advantages of the present invention will illustrate in the following description, and, partly become from description
It is clear that or understand by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write
Structure specifically noted in book, claims and accompanying drawing realizes and obtains.
In order to make those skilled in the art be more fully understood that the present invention program, attached below in conjunction with in the embodiment of the present invention
Figure, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only
It is the embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, this area is common
The every other embodiment that technical staff is obtained under not making creative work premise, all should belong to the present invention and protect
The scope protected.
In embodiments of the present invention, additionally providing a kind of cipher management method, Fig. 1 is the password according to the embodiment of the present invention
The flow chart of management method, as it is shown in figure 1, comprise the following steps:
Step S102, management platform receives the encrypted message of the terminal transmission that this management platform is administered;
Step S104, management platform carries out Password Management according to encrypted message to the password of terminal.
By each step above-mentioned, the encrypted message of the terminal to report that management platform can be administered according to management platform, enter
And the technological means that the password that encrypted message is corresponding is managed, solve in correlation technique, Password Management mode needs
The bigger workload of needs that attendant participates in and causes, affects Password Management efficiency and Password Management safety cannot be just
The problems such as often guarantee, and then provide a kind of safe Password Management mode, substantially increase user experience.
For the implementation of above-mentioned steps S102, safer in order to reach Password Management, in embodiments of the present invention,
Additionally provide implemented below scheme: terminal is first encrypted according to the PKI in digital certificate to sent encrypted message,
Obtain the encrypted message of encryption, and then the encrypted message of encryption is sent to managing platform, say, that management platform connects
The password received is actually through encryption, even if management platform is broken, encrypted message is acquired, and it is not owing to having
Having the PKI of the above-mentioned digital certificate mentioned, real password also cannot be obtained by the external world, certainly, receives at management platform
Before the encrypted message that terminal sends, need to manage platform and terminal and according to the digital certificate each preserved, the other side is tested
Demonstrate,proving, namely management platform is verified by terminal, management platform is also required to verify terminal.
It should be noted that above-mentioned management platform includes the unit being capable of above-mentioned functions, and can cross
All functional entitys of the completed function of above-mentioned steps S102 to S104.
In actual application, the implementation of above-mentioned steps S104 includes but not limited to following several situation: 1) pipe
Platform preserves the password that encrypted message is corresponding;2) password that this management platform preserves is revised as receiving by management platform
Password corresponding to encrypted message, above-mentioned amendment process is it is to be understood that the password that preserved by this management platform of management platform
Sending to terminal, wherein, the private key pair cryptography carried in the digital certificate that terminal obtains in advance according to terminal is decrypted;
After successful decryption, management platform receives the encrypted message that terminal sends, and is revised as by the password that this management platform preserves
The password that the encrypted message that receives is corresponding;3) password being saved in this locality is sent to designated terminal by management platform.
In order to be better understood from above-mentioned Password Management process, illustrate technique scheme below in conjunction with a preferred exemplary:
Fig. 2 is the system architecture diagram according to the embodiment of the present invention, including: certificate authority (Certificate
Authority, referred to as CA) server, certifying device, management service platform (can be understood as above-described embodiment
Management platform), crypting component (can be understood as parts in above-mentioned terminal, or the most only with above-mentioned terminal
A vertical equipment), O&M main frame (being equivalent to above-mentioned terminal).CA server is used for application and the granting of certificate;Card
Book equipment is used for depositing certificate, is the carrier of certificate, can be encryption device;Crypting component and management service platform are
Core, realizes unified Password management services by both mutual and management;O&M main frame is that Password management services is real
The object executed, it should be noted that for managing platform application certificate on CA server, and install.Follow-up management is put down
Platform with CA server, crypting component and operation maintenance personnel alternately before all set up safe encrypted tunnel by digital certificate.
Here management service platform is responsible for the virtual machine under publicly-owned cloud, privately owned cloud environment, physical machine are carried out unified resource
Management and O&M log in management;Unified cryptographic service serves management service platform, depends on crypting component, it is provided that right
The password typing of main frame, novel maintenance, password change and password transmission operation;CA server is for raw for operation maintenance personnel
Becoming digital certificate, its application is from O&M group account relevant in virtualization services platform, and digital certificate serves decryption component
Ensure Password Management safety;The password that user is inputted by crypting component carries out encryption and decryption operation, depends in digital certificate
PKI and private key, digital certificate can be stored in safety equipment, and crypting component drives safely reading phase by equipment
Close certificate information.The account of main frame and password encryption are stored in management platform, encrypt and are used O&M number by crypting component
The PKI of word certificate and AES, deciphering is then used private key and decipherment algorithm by crypting component.Cryptographic service and add solution
Digital certificate identification and verification must be carried out, to guarantee safety when carrying out communication between seal assembly.
Fig. 3 is the initialization O&M flow chart according to the embodiment of the present invention, as shown in Figure 3:
Step S301, first upper-level management create relevant operation maintenance personnel group account on management service platform and are correlated with main
The O&M authority of machine, can be 1 people or many people in a group.
Step S303, after creating successfully, management service platform thinks that CA server submits to certificate request (with group as list automatically
Position).
Step S305, certificate request success after, certificate management person be operation maintenance personnel by certificate by corresponding instrument safety
Cryptographically in write certifying device.
Following steps S307 to S309 is the most not shown, but in the protection domain that the present embodiments relate to.
Step S307, when operation maintenance personnel needs O&M, takes certifying device, such as USB device.
Step S309, operation maintenance personnel Access Management Access service platform, insert device certificate, safety mutually set up by certificate of utility
After encrypted tunnel, the main frame of administration can be applied for Password Management, such as typing, change and transmit.
Fig. 4 is the password typing flow chart according to the embodiment of the present invention, and password typing is typically when initializing, or password
The flow process performed during extraordinary failure, as shown in Figure 4:
Step S402, applies for typing.
Step S404, applies for typing;
Wherein, the crypting component installed on a client for managing service platform to call.
Step S406, crypting component is carried out mutually by digital certificate each other with the cryptographic service of management service platform
Inspection, it is ensured that both sides are credible, and the place of applicant really group certificate, and after being proved to be successful, consult encryption and decryption
Symmetry algorithm, inputs username and password in crypting component and submits to, and crypting component is by the public affairs in certifying device
Key Crypted password, and the safe cryptographic service that passes to is to feed back to management service platform, wherein, manages service platform record
Operation maintenance personnel Operation Log also stores the Crypted password that this main frame is corresponding.
Step S408, needs angle, such as, reads information between crypting component and certifying device.
Fig. 5 is the password change flow chart according to the embodiment of the present invention, and password change flow process is mainly used in periodically changing password
Require or some other requirement, be also the important specification requirement of safety management O&M.Idiographic flow is as shown in Figure 5:
Step S502, the user name of selection change:;
Alternatively, between step S502 and S504, it is also possible to perform procedure below: confirm or arrange driving to process also
Determine, the Run Script title the most usually set out after setting change password, in order to configuration makes application to run well;
Can also be not provided with.
Step S504: management information desk calls client computer crypting component, and the cryptographic service in utilization service platform is carried out
After same safety check, transmit previous encryption username and password, it is desirable to Change Password.
Step S506, crypting component, utilize private key decrypted user name and password, confirmation can be deciphered, the most just be shown
Show original users name and password, and require to input different new passwords.
Step S508, operation maintenance personnel submission new password, crypting component is by the public key encryption user name in certifying device
And password, and by the user name after deciphering and previous password, amended decodement passes to safely safety management platform
In cryptographic service.
Step S510, cryptographic service is revised this host cryptographic and triggers corresponding driving configuration process, wherein, above-mentioned
After step has performed, management service platform preserves new Crypted password log.
It should be noted that operate for normal O&M, cryptographic service can inquire true password to crypting component, adjusts
Directly carry out effective integration connection with fastening means, it is not necessary to input password, the most no longer illustrate.
Need to update when encountering old certificate, or when some main frame needs to be assigned to other packet O&M, it is necessary to carry out password
Transmission, Fig. 6 is the password transmission flow chart according to the embodiment of the present invention, and idiographic flow can be according to as shown in Figure 6:
Step S602, operation maintenance personnel selects transmission Password Operations to include: transmission application and reception transmission.
Step S604, transmission application or reception transmission;
Wherein, management service platform calls the crypting component installed on a client, and cryptographic service is looked into crypting component
Ask out password after deciphering, and use the PKI of self to be encrypted to feed back to management platform and store temporarily, insert certificate, peace
Full login manages service platform, selects corresponding main frame, selects to accept corresponding transmission operation.
Step S606, cryptographic service is with the encryption username and password of the interim storage of private key deciphering and to crypting component Shen
Please CIPHERING REQUEST, and obtain the user name password after new encryption.
Step S608, deciphering returns or encryption returns;
Wherein, cryptographic service feeds back to management platform by newly adding confidential information, and management platform preserves new Crypted password, and more
New transmission state terminates.
It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of
Combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement,
Because according to the present invention, some step can use other orders or carry out simultaneously.Secondly, those skilled in the art are also
Should know, embodiment described in this description belongs to preferred embodiment, and involved action and module might not
It is essential to the invention.
Additionally provide a kind of Password Management device in the present embodiment, be applied to manage platform, be used for realizing above-described embodiment
And preferred implementation, carried out repeating no more of explanation, below the module related in this device had been illustrated.
As used below, term " module " can realize the software of predetermined function and/or the combination of hardware.Although below
Device described by embodiment preferably realizes with software, but hardware, or the realization of the combination of software and hardware is also
May and be contemplated.Fig. 7 is the structured flowchart of the Password Management device according to the embodiment of the present invention.As it is shown in fig. 7,
This device includes:
Receiver module 70, the encrypted message that the terminal administered for receiving this management platform sends;
Management module 72, is connected with receiver module 70, for the password of terminal being carried out Password Management according to encrypted message.
By the comprehensive function of above-mentioned modules, the terminal to report that management platform can be administered according to management platform close
Code information, and then the technological means being managed the password that encrypted message is corresponding, solve in correlation technique, password pipe
The bigger workload of needs that reason mode needs attendant to participate in and causes, affects Password Management efficiency and Password Management peace
Full property cannot the normal problem such as guarantee, and then provide a kind of safe Password Management mode, substantially increase Consumer's Experience
Degree.
Alternatively, receiver module 70, it is used for receiving terminal and encrypted message is encrypted, obtain the encrypted message of encryption,
Wherein, encrypted message is encrypted by the PKI carried in the digital certificate obtained in advance according to terminal.
Fig. 8 is another structured flowchart of the Password Management device according to the embodiment of the present invention, and said apparatus also includes: test
Card module 74, for being mutually authenticated according to digital certificate with terminal, wherein, after being verified, receives the close of encryption
Code information.
Fig. 9 is the structured flowchart of the management module 72 of the Password Management device according to the embodiment of the present invention, as it is shown in figure 9,
Management module 72, including: storage unit 720, for preserving the password that encrypted message is corresponding, and/or amendment unit 722,
For the password that the encrypted message being revised as receiving by the password that this management platform preserves is corresponding, and/or transmitting element 724,
For the password being saved in this locality is sent to designated terminal.
In embodiments of the present invention, additionally providing a kind of password management system, Figure 10 is close according to the embodiment of the present invention
The structured flowchart of code management system, as shown in Figure 10, including: management platform 100, terminal 102, manage platform 100,
The encrypted message that the terminal 102 administered for receiving this management platform sends, and according to the encrypted message password to terminal
Carry out Password Management.
By the above-mentioned technical scheme mentioned of the embodiment of the present invention, management platform can be according to the encrypted message pair of terminal to report
The technological means that the password that encrypted message is corresponding is managed, solves in correlation technique, and Password Management mode needs to safeguard
The bigger workload of needs that personnel participate in and cause, affects Password Management efficiency and Password Management safety cannot normally be protected
The problems such as card, and then provide a kind of safe Password Management mode, substantially increase user experience, simultaneously convenient enterprise
Industry operation management, reduces maintenance cost, while improving efficiency, ensures cryptosecurity.
It should be noted that the embodiment of the present invention is modified also dependent on practical situation and safety requirements, such as encryption and decryption
Can realize management by nonnumeric certificate mode, it can also be soft certificate that digital certificate is deposited.Embodiment of the present invention institute is real
Existing unified Password management services is the mode of a kind of novelty, can be effectively by the Password Management in all kinds of management and maintenance platform
Effectively combine with O&M, be substantially reduced complexity and the security risk of Password Management, improve O&M efficiency, to data
The fields such as central platform construction, enterprise's IT O&M are built significant.
In sum, the embodiment of the present invention has reached techniques below effect: greatly reduces O&M complexity, improve visit
Ask efficiency, can ensure that the safety of Password Management simultaneously.Operation maintenance personnel is without remembeing complicated password, directly with service and group
The mode of part provides Man Machine Interface, meets complicated applications framework and arranges demand, it is provided that multi-stage protection and exception handler
System, thus save a large amount of O&M cost for enterprise, improve enterprise's application access efficiency and experience, and, at password
During O&M, realize password record and O&M by Password management services, it is not necessary to record password, password transmission be also
Background encryption is carried out, and has ensured the complexity that password is revealed and safeguarded.
In another embodiment, additionally providing a kind of software, this software is used for performing above-described embodiment and being preferable to carry out
Technical scheme described in mode.
In another embodiment, additionally providing a kind of storage medium, in this storage medium, storage has above-mentioned software, should
Storage medium includes but not limited to: CD, floppy disk, hard disk, scratch pad memory etc..
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second "
Etc. being for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that so use
Object can exchange in the appropriate case, in order to embodiments of the invention described herein can be with except here illustrating
Or the order enforcement beyond those described.Additionally, term " includes " and " having " and their any deformation, it is intended that
Be to cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product or
Equipment is not necessarily limited to those steps or the unit clearly listed, but can include the most clearly listing or for these
Other step that process, method, product or equipment are intrinsic or unit.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general
Calculating device to realize, they can concentrate on single calculating device, or be distributed in multiple calculating device and formed
Network on, alternatively, they can realize, it is thus possible to by them with calculating the executable program code of device
Storage is performed by calculating device in the storage device, and in some cases, can hold with the order being different from herein
Step shown or described by row, or they are fabricated to respectively each integrated circuit modules, or by many in them
Individual module or step are fabricated to single integrated circuit module and realize.So, the present invention is not restricted to any specific hardware
Combine with software.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the technology of this area
For personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made is any
Amendment, equivalent, improvement etc., should be included within the scope of the present invention.
Claims (10)
1. a cipher management method, it is characterised in that including:
Management platform receives the encrypted message of the terminal transmission that this management platform is administered;
Described management platform carries out Password Management according to described encrypted message to the password of described terminal.
Method the most according to claim 1, it is characterised in that management platform receives the terminal that this management platform is administered
The encrypted message sent, including:
Described management platform receives described terminal and is encrypted described encrypted message, obtains the encrypted message of encryption,
Wherein, described encrypted message is encrypted by the PKI carried in the digital certificate obtained in advance according to described terminal.
Method the most according to claim 2, it is characterised in that management platform receives the terminal that this management platform is administered
Before the encrypted message sent, also include:
Described management platform is mutually authenticated according to digital certificate with described terminal, wherein, after being verified,
Described management platform receives the encrypted message of described encryption.
Method the most according to claim 1, it is characterised in that described management platform according to described encrypted message to described
The password of terminal carries out Password Management, including:
Described management platform preserves the password that described encrypted message is corresponding, and/or
The password that this management platform preserves is revised as the password that the encrypted message that receives is corresponding by described management platform,
And/or
The password being saved in this locality is sent to designated terminal by described management platform.
Method the most according to claim 4, it is characterised in that the password that this management platform is preserved by described management platform
It is revised as the password that the encrypted message that receives is corresponding, including:
Password that this management platform is preserved by described management platform sends to described terminal, wherein, described terminal according to
Described password is decrypted by the private key carried in the digital certificate that described terminal obtains in advance;
After successful decryption, described management platform receives the encrypted message that described terminal sends, and by this management platform
The password preserved is revised as the password that the encrypted message that receives is corresponding.
6. a Password Management device, is applied to manage platform, it is characterised in that including:
Receiver module, the encrypted message that the terminal administered for receiving this management platform sends;
Management module, for carrying out Password Management according to described encrypted message to the password of described terminal.
Device the most according to claim 6, it is characterised in that described receiver module, is used for receiving described terminal to institute
State encrypted message to be encrypted, obtain the encrypted message of encryption, wherein, the numeral obtained in advance according to described terminal
Described encrypted message is encrypted by the PKI carried in certificate.
Device the most according to claim 7, it is characterised in that described device, also includes:
Authentication module, for being mutually authenticated according to digital certificate with described terminal, wherein, after being verified,
Receive the encrypted message of described encryption.
Device the most according to claim 6, it is characterised in that described management module, including:
Storage unit, for preserving the password that described encrypted message is corresponding, and/or
Amendment unit, for the password that this management platform preserves is revised as the password that the encrypted message that receives is corresponding,
And/or
Transmitting element, for sending the password being saved in this locality to designated terminal.
10. a password management system, it is characterised in that including: management platform, terminal,
Described management platform, the encrypted message that the terminal administered for receiving this management platform sends, and according to institute
State encrypted message and the password of described terminal is carried out Password Management.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510249859.0A CN106302316A (en) | 2015-05-15 | 2015-05-15 | Cipher management method and device, system |
PCT/CN2016/075543 WO2016184221A1 (en) | 2015-05-15 | 2016-03-03 | Password management method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510249859.0A CN106302316A (en) | 2015-05-15 | 2015-05-15 | Cipher management method and device, system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106302316A true CN106302316A (en) | 2017-01-04 |
Family
ID=57319361
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510249859.0A Pending CN106302316A (en) | 2015-05-15 | 2015-05-15 | Cipher management method and device, system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106302316A (en) |
WO (1) | WO2016184221A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107204974A (en) * | 2017-04-14 | 2017-09-26 | 努比亚技术有限公司 | The management method and mobile terminal of a kind of user cipher |
CN107506653A (en) * | 2017-07-17 | 2017-12-22 | 深圳前海微众银行股份有限公司 | Cipher management method, device and computer-readable recording medium |
CN110401529A (en) * | 2019-07-23 | 2019-11-01 | 南瑞集团有限公司 | A kind of cipher management method |
CN110691069A (en) * | 2019-09-04 | 2020-01-14 | 中体彩科技发展有限公司 | Method and system for maintaining and managing terminal high-authority password |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740124A (en) * | 2019-09-20 | 2020-01-31 | 平安普惠企业管理有限公司 | Account password distribution method and device, storage medium and computer equipment |
CN110826030B (en) * | 2019-11-08 | 2023-09-15 | 湖南长城医疗科技有限公司 | Self-service software and related module authorization use method |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101989984A (en) * | 2010-08-24 | 2011-03-23 | 北京易恒信认证科技有限公司 | Electronic document safe sharing system and method thereof |
CN102014133B (en) * | 2010-11-26 | 2013-08-21 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
CN103916358B (en) * | 2012-12-30 | 2017-06-30 | 航天信息股份有限公司 | A kind of key diffusion and method of calibration and system |
CN103237005A (en) * | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | Method and system for key management |
US9467425B2 (en) * | 2013-03-18 | 2016-10-11 | Intel Corporation | Key refresh between trusted units |
CN103595730B (en) * | 2013-11-28 | 2016-06-08 | 中国科学院信息工程研究所 | A kind of ciphertext cloud storage method and system |
CN104506483A (en) * | 2014-10-21 | 2015-04-08 | 中兴通讯股份有限公司 | Method for encrypting and decrypting information and managing secret key as well as terminal and network server |
CN104580487A (en) * | 2015-01-20 | 2015-04-29 | 成都信升斯科技有限公司 | Mass data storage system and processing method |
-
2015
- 2015-05-15 CN CN201510249859.0A patent/CN106302316A/en active Pending
-
2016
- 2016-03-03 WO PCT/CN2016/075543 patent/WO2016184221A1/en active Application Filing
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107204974A (en) * | 2017-04-14 | 2017-09-26 | 努比亚技术有限公司 | The management method and mobile terminal of a kind of user cipher |
CN107204974B (en) * | 2017-04-14 | 2020-12-22 | 深圳市恒腾网络有限公司 | User password management method and mobile terminal |
CN107506653A (en) * | 2017-07-17 | 2017-12-22 | 深圳前海微众银行股份有限公司 | Cipher management method, device and computer-readable recording medium |
CN107506653B (en) * | 2017-07-17 | 2020-11-24 | 深圳前海微众银行股份有限公司 | Password management method, device and computer readable storage medium |
CN110401529A (en) * | 2019-07-23 | 2019-11-01 | 南瑞集团有限公司 | A kind of cipher management method |
CN110691069A (en) * | 2019-09-04 | 2020-01-14 | 中体彩科技发展有限公司 | Method and system for maintaining and managing terminal high-authority password |
CN110691069B (en) * | 2019-09-04 | 2022-05-17 | 中体彩科技发展有限公司 | Method and system for maintaining and managing terminal high-authority password |
Also Published As
Publication number | Publication date |
---|---|
WO2016184221A1 (en) | 2016-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8984295B2 (en) | Secure access to electronic devices | |
Dasgupta et al. | Multi-factor authentication: more secure approach towards authenticating individuals | |
US10560476B2 (en) | Secure data storage system | |
US11968206B2 (en) | Non-custodial tool for building decentralized computer applications | |
CN106302316A (en) | Cipher management method and device, system | |
US11323274B1 (en) | Certificate authority | |
CN101771699A (en) | Method and system for improving SaaS application security | |
CN105027107A (en) | Secure virtual machine migration | |
CN105337955A (en) | Domestic, safe and controllable virtual desktop management control system | |
CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
CN103152178B (en) | cloud computing verification method and system | |
CN101510888A (en) | Method, device and system for improving data security for SaaS application | |
CN105162808A (en) | Safety login method based on domestic cryptographic algorithm | |
CN109981287A (en) | A kind of code signature method and its storage medium | |
CN109660534A (en) | Safety certifying method, device, electronic equipment and storage medium based on more trade companies | |
CN106533693A (en) | Access method and device of railway vehicle monitoring and maintenance system | |
CN109815659A (en) | Safety certifying method, device, electronic equipment and storage medium based on WEB project | |
WO2011141579A2 (en) | System and method for providing security for cloud computing resources using portable security devices | |
CN105119719A (en) | Key management method of secure storage system | |
US10749689B1 (en) | Language-agnostic secure application development | |
KR101680536B1 (en) | Method for Service Security of Mobile Business Data for Enterprise and System thereof | |
US11032708B2 (en) | Securing public WLAN hotspot network access | |
CN105072136A (en) | Method and system for security authentication between devices based on virtual drive | |
CN104935606A (en) | Terminal login method in cloud computing network | |
Brauer | Authentication and security aspects in an international multi-user network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170104 |