CN108737094B - Domain password security detection method and related equipment - Google Patents
Domain password security detection method and related equipment Download PDFInfo
- Publication number
- CN108737094B CN108737094B CN201710268888.0A CN201710268888A CN108737094B CN 108737094 B CN108737094 B CN 108737094B CN 201710268888 A CN201710268888 A CN 201710268888A CN 108737094 B CN108737094 B CN 108737094B
- Authority
- CN
- China
- Prior art keywords
- password
- domain
- hash value
- target
- weak
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method for detecting the security of a domain password and related equipment. The method provided by the embodiment of the invention comprises the following steps: acquiring a target hash value of a domain password corresponding to a target account; comparing the target hash value with the weak password hash value set to determine whether the weak password hash value set contains a hash value matched with the target hash value, wherein the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords; and if the weak password hash value set contains the hash value matched with the target hash value, determining the domain password as the domain weak password. The embodiment of the invention also provides a domain control server and a device for detecting the security of the domain password, which can detect the weak password without multiple attempts and improve the efficiency of detecting the weak password under the condition of not generating conflict with the domain security mechanism.
Description
Technical Field
The present invention relates to the field of computers, and in particular, to a method and related device for detecting security of a domain password.
Background
The "domain" is a management boundary, is used for a group of computers to share a shared security database, is a combination of a group of servers and workstations, the domain (Active Directory, abbreviation: AD) is a centralized Directory management service in microsoft Windows Server, which is responsible for a large-scale network environment in the architecture, and handles network objects in the organization, and the objects can be users, groups, computers, domain control stations, mails, configuration files, organization units, trees, etc., as long as the objects are defined in an Active Directory structure definition file (schema), and can be stored in the Active Directory data file.
Currently, a large number of enterprises use domain management company devices. In the process of planning accounts, a unique domain account is created for each employee, the domain account is required to modify a domain password when logging in for the first time, the domain password becomes an authority control mechanism of employees of a company, but a part of employees with weak security consciousness set a simple weak password, and the authority of the employees is easy to crack due to the setting of the weak password, so that the information security of the whole domain system is threatened.
In order to reduce the information security hidden danger caused by the domain weak password, whether the weak password is stored in a database (ntds. For example, it is determined which of the four passwords "a", "b", "c", and "d" is the domain weak password set by the user, and through multiple attempts, one password is input at a time, and if "c" passes the authentication, it indicates that "c" is the domain weak password set by the employee. That is to say, this method needs multiple authentications to authenticate all the set weak domain passwords, the detection efficiency is low, and the number of false authentications generated by this detection method is too many, which may result in the account of the user being locked (the domain security mechanism, which may suspend the account by multiple false attempts), and the account may not log in for a period of time due to the conflict with the domain security mechanism.
Disclosure of Invention
The embodiment of the invention provides a method and related equipment for detecting the security of a domain password, which are used for improving the efficiency of detecting a weak password under the condition that the domain password does not conflict with a domain security mechanism.
In a first aspect, an embodiment of the present invention provides a method for detecting security of a domain password, including:
acquiring a target hash value of a domain password corresponding to a target account;
comparing the target hash value with a weak password hash value set to determine whether the weak password hash value set contains a hash value matched with the target hash value, wherein the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords;
and if the weak password hash value set contains the hash value matched with the target hash value, determining that the domain password is the domain weak password.
In a second aspect, an embodiment of the present invention provides a method for detecting security of a domain password, including:
receiving a domain password corresponding to a target account;
carrying out hash conversion on the domain password to obtain a target hash value of the domain password;
comparing the target hash value with a weak password hash value set to determine whether the weak password hash value set contains a hash value matched with the target hash value, wherein the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords;
when the weak password hash value set contains a hash value matched with the target hash value, determining the target hash value as a domain weak password;
and prompting the target account to reset the domain password.
In a third aspect, an embodiment of the present invention provides a domain control server, including:
the acquisition module is used for acquiring a target hash value of the domain password corresponding to the target account;
a comparison module, configured to compare the target domain password hash value obtained by the obtaining module with a weak password hash value set, and determine whether the weak password hash value set includes a hash value matched with the target hash value, where the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table includes a plurality of weak passwords;
a determining module, configured to determine that the domain password is the domain weak password when the comparing module determines that the weak password hash value set includes a hash value matched with the target hash value.
In a fourth aspect, an embodiment of the present invention provides an apparatus for detecting security of a domain password, including:
the receiving module is used for receiving a domain password corresponding to the target account;
the conversion module is used for carrying out hash conversion on the domain password received by the receiving module to obtain a target hash value of the domain password;
the comparison module is used for comparing the target hash value obtained by conversion of the conversion module with a weak password hash value set to determine whether the weak password hash value set contains a hash value matched with the target hash value, wherein the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords;
the determining module is used for determining the domain password as the domain weak password when the weak password hash value set contains the hash value matched with the target hash value;
and the prompting module is used for prompting the target account to reset the domain password.
According to the technical scheme, the embodiment of the invention has the following advantages:
acquiring a target hash value of a domain password corresponding to a target account; then, the target hash value is compared with a weak password hash value set, whether the weak password hash value set comprises a hash value matched with the target hash value is judged, the weak password hash value set is obtained by carrying out hash conversion on a weak password in a weak password table, and if the weak password hash value set comprises a hash value matched with the target hash value, the domain password is determined to be the domain weak password.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings.
FIG. 1 is a schematic diagram of a detection system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a method for security detection of a domain password according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an interface of a hash value generator in an embodiment of the invention;
FIG. 4 is a schematic diagram of a display interface in an embodiment of the invention;
FIG. 5 is a schematic diagram of a display interface in an embodiment of the invention;
FIG. 6 is a schematic diagram of a display interface in an embodiment of the invention;
FIG. 7 is a flowchart illustrating steps of a method for security detection of a domain password according to another embodiment of the present invention;
fig. 8 is a schematic diagram of a display interface of a terminal in an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an embodiment of a domain control server in the embodiment of the present invention;
fig. 10 is a schematic structural diagram of another embodiment of a domain control server in the embodiment of the present invention;
fig. 11 is a schematic structural diagram of another embodiment of a domain control server in the embodiment of the present invention;
fig. 12 is a schematic structural diagram of another embodiment of a domain control server in the embodiment of the present invention;
FIG. 13 is a block diagram of an embodiment of a device for security detection of a domain password according to the embodiment of the present invention;
FIG. 14 is a schematic structural diagram illustrating an apparatus for domain password security detection according to another embodiment of the present invention;
FIG. 15 is a schematic structural diagram illustrating an apparatus for domain password security detection according to another embodiment of the present invention;
fig. 16 is a schematic structural diagram of another embodiment of an apparatus for domain password security detection according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method and related equipment for detecting the security of a domain password, which are used for improving the efficiency of detecting a weak password under the condition that the domain password does not conflict with a domain security mechanism.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived from the embodiments of the present invention by a person of ordinary skill in the art are intended to fall within the scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, words involved in the embodiments of the present invention are explained first.
Hash (hash) function: also called hash function, is a one-way cryptosystem, i.e. an irreversible mapping from plaintext to ciphertext, i.e. only encryption process, and no decryption process. An input of arbitrary length, also called a pre-map, is transformed by a hashing algorithm into a fixed length output, which is a hash value. This transformation is a compression mapping, i.e. the space of hash values is usually much smaller than the space of inputs, different inputs may hash to the same output, so it is not possible to uniquely determine the input value from the hash value. In short, it is a function of compressing a message of an arbitrary length to a message digest of a certain fixed length.
The hash algorithm is applied to a storage strategy, the domain password of the account cannot be directly stored in the plaintext, the plaintext storage does not guarantee the safety of information, and the information needs to be stored in an encrypted manner, so that the hash algorithm can be applied to the domain password of the encrypted storage account. The hash algorithm can be used for guaranteeing the integrity and the resistance to the repudiation of information, belongs to a one-way algorithm, and even if a hash result is intercepted, the other party cannot restore a plaintext (domain password). There are many hash algorithms, and MD5 and SHA series are common, such as SHA-256 or SHA-512.
Weak password: easily broken passwords, regular character combinations, are very easy to guess by hackers, because hackers often try such weak password information first when cracking the passwords for specific targets. Weak ciphers include the following classes:
1. simple number combination, such as account number, mobile phone number, part of the identification number, such as the last six digits of the account number, the last six digits of the mobile phone number or the last six digits of the identification card, is used as the password.
2. Regular characters.
3. Adjacent keys on the keyboard.
4. The name pinyin is common.
5. Special meaning combinations and the like.
As will be appreciated with reference to table 1 below, table 1 below is an example that includes a weak cipher table. The weak password table comprises a plurality of weak passwords.
TABLE 1
It should be noted that the weak cipher in the weak cipher table in table 1 is only an example, and does not limit the present invention.
The weak password table in this embodiment may be updated by a weak password published by a third party password management application provider. For example, a weak password published annually or quarterly may be associated with a current event or movie of high popularity, such as 2016, which is associated with the movie "star wars" hot tide, such as "starwars", "solo", and "princess".
It should be noted that the password composition is generally a combination of any one of three characters, i.e., letters (26), numbers (0-9), and symbols, or a mixed combination including the three characters.
In the following, taking letters and numbers as an example, assuming a password composed of 26 letters and 10 numbers, if the combination of the 6-bit password has no rules, and the combination is complex, the number of times of cracking the password is about 22 hundred million times.
However, if the password is regular simple, the probability of being cracked is high, and the password can be cracked for nearly ten thousand times even if weak passwords are tried one by one, so that the weak passwords have great threat to the system safety.
The embodiment of the invention provides a method for detecting the security of a domain password, which can effectively detect a weak password, thereby reducing the threat of the weak password to the system security and greatly improving the security.
Fig. 1 shows a schematic diagram of an architecture of a detection system according to an embodiment of the present invention, and fig. 1 shows the schematic diagram. The detection system comprises a target device 110, wherein the target device 110 is used for modifying a domain password or setting a new domain password, and the target device can be a terminal 1101, a server 1102, a domain control server 120 and an alarm device 130. The target device 110 is configured to receive the domain password, perform hash conversion on the received domain password to obtain a target hash value, send the target hash value and information of a corresponding target account to the domain control server 120, where the domain control server 120 is configured to associate and store the target account and the target hash value, and compare the target hash value with the weak password hash value set to determine whether the domain password corresponding to the target hash value is a weak password, where if the domain password is a weak password, the detection is greatly improved, and further, the alarm device 130 prompts the user. And weak passwords in the detection system are prompted, so that the safety of the system is greatly improved.
The method is explained in detail from the domain control server side below. Please refer to fig. 2, wherein fig. 2 is a flowchart illustrating steps of an embodiment of a method for detecting security of a domain password.
In a possible implementation manner, a specific manner of obtaining the target hash value of the domain password corresponding to the target account may be: and receiving the hash value of the domain password corresponding to the target account sent by the target equipment, wherein the target equipment is a terminal or a server.
The target device may be a terminal, for example, in an application scenario, the terminal receives a domain password corresponding to a target account, and converts the domain password into a target hash value through hash conversion. For example, the domain password received by the terminal is tencent @123, and the domain password is converted into a Hash value, wherein the target Hash value may include two different ways of conversion, namely LM-Hash and NT-Hash, where LM-Hash and NT-Hash are two different encryption ways for the same password, please refer to fig. 3, and fig. 3 is an interface schematic diagram of a Hash value generator. The domain password is the tencent @123, and the obtained target hash value is as follows:
LM-HASH:C93423250DA51A58A3039E2D3EEB5D18;
NT-HASH:75A2327C9C096EC8EB69D5203B40DE08。
and the terminal sends the target hash value and the information of the target account corresponding to the target hash value to a domain control server, and the domain control server receives the target hash value and the corresponding target account A and stores the target hash value and the corresponding target account A in a correlation manner.
In another possible implementation manner, a specific manner of obtaining the target hash value of the domain password corresponding to the target account may be: and extracting a target hash value of the domain password corresponding to the target account from the domain database file, wherein the domain database file stores all accounts in the domain and the corresponding domain password hash values thereof.
In another application scenario, the domain control server may periodically detect whether a hash value of a weak password exists among hash values of a large number of domain passwords stored in a domain database file (ntds.
And performing hash conversion on each weak password included in the weak password table to obtain a weak password hash value set corresponding to the weak password table.
For example, the weak cipher table may be as described in table 1 above, with the set of weak cipher hash values being, for example, as shown in table 2 below:
TABLE 2
It should be noted that the hash values of the weak passwords in table 2 are only exemplified by two weak passwords "123994" and "tencent @ 123" and do not limit the present invention, and the hash values of the other weak passwords in table 1 are not exemplified here.
It should be noted that step 202 is an optional step, and may not be executed, but directly execute step 203, that is, the weak cipher table may be reused after being converted into the corresponding weak cipher hash value set, and does not need to be repeatedly converted each time, however, if the weak cipher table is updated, for example, a new weak cipher is newly added, step 202 needs to be executed to hash the updated weak cipher table to obtain the updated weak cipher hash value set.
The weak cipher hash value set is obtained by performing hash conversion on a weak cipher table, and the weak cipher table comprises a plurality of weak ciphers (as shown in the above table 2).
For example, the target hash value is: c93423250DA51a58a3039E2D3EEB5D18, it should be noted that the target Hash value may include a Hash value corresponding to LM-Hash and/or NT-Hash, and for convenience of description, the Hash value of LM-Hash is taken as an example.
Then, the target hash value is compared with the weak password hash value set shown in table 2, and the hash values included in the weak password hash value set are traversed one by one, so as to determine whether the password hash value set contains the same hash value as that of the C93423250DA51a58a3039E2D3EEB5D 18.
And step 204, if the weak password hash value set contains a hash value matched with the target hash value, determining the domain password as the domain weak password.
By contrast, it is determined that the C93423250DA51a58a3039E2D3EEB5D18 hash value is included in the weak password hash value set, and since the C93423250DA51a58a3039E2D3EEB5D18 hash value is converted from the weak password, it can be determined that the domain password corresponding to the target hash value is the domain password.
In the first application scenario, it is indicated that the domain password corresponding to the target hash value sent by the received target device is a weak password, and the system has a risk.
In the second application scenario, it is indicated that in the ntds.
And step 205, prompting that the domain password corresponding to the target account is a weak password.
In a possible implementation manner, please refer to fig. 4, where fig. 4 is a scene diagram of a terminal display interface. The domain control server may feed back response information to the terminal, where the response information is used to indicate that the domain password is a weak password and needs to be modified.
In another possible implementation manner, please refer to fig. 5, where fig. 5 is a schematic diagram of a terminal display interface. And prompting the target account to modify the domain password within a preset time limit, and stopping the use permission of the target account if the domain password is not changed after the preset time limit is exceeded.
For example, the preset time limit is 3 hours, and if the domain control server does not detect that the domain password corresponding to the target account is changed within 3 hours, the domain control server notifies the target account and stops using the right.
In another possible implementation manner, please refer to fig. 6, where fig. 6 is a schematic diagram of a display interface of an alarm device. And the domain control server sends the information of the target account (such as the account B) to an alarm device, and the alarm device prompts security monitoring personnel to track the modification condition of the domain password of the user corresponding to the target account.
In the embodiment of the present invention, the domain control server may compare the obtained target hash value with the weak password hash value set, and determine whether the weak password hash value set includes a hash value matched with the target hash value, thereby determining whether the target hash value is converted from a weak password, and if the weak password hash value set includes a hash value matched with the target hash value, determine that the domain password corresponding to the target hash value is a weak password, thereby determining the target account corresponding to the target hash value, that is, may determine which accounts in the system are corresponding to which domain weak passwords are set, and has high detection efficiency, and may further take corresponding measures for the accounts, so as to reduce risk of the system and improve security of the system.
In the above, the domain control server side is used to perform the method for detecting the security of the domain password in the embodiment of the present invention, in another embodiment, the target device may also detect the security of the domain password, and the target device may be described by taking a terminal as an example, please refer to fig. 7, where another embodiment of the method for detecting the security of the domain password provided in the embodiment of the present invention includes:
Application scenarios that may be applied may be:
in an application scenario, please refer to fig. 8 for understanding, and fig. 8 is a schematic view of a scenario displayed on an interface of a terminal. The user modifies the set password, and the terminal firstly detects whether the target account has the authority of modifying the domain password.
The terminal acquires a blacklist, in which accounts without modification authority are recorded, for example, an account without modification authority is an account with poor security, and the account with poor security may include, but is not limited to, the following categories: 1. accounts that have historically used domain weak passwords; 2. the domain weak password is used, and is not modified within the period notified by the domain control server; 3. the account number is revealed through the extranet, etc. The terminal can determine whether the target account has the modification authority or not by comparing the account with the accounts recorded in the blacklist, and if the target account does not have the modification authority, the account is prohibited from modifying the domain password. And if the target account has the authority of modifying the domain password, the terminal receives the modified domain password corresponding to the target account.
In this embodiment, by performing the authority detection on the target account, if the target account has the authority to modify the domain password, the user is allowed to modify the domain password corresponding to the target account, so that the number of times of modifying the domain password by the account with poor security is reduced, and the probability that the domain password is modified to the weak password by the account with poor security is reduced.
In another application scenario, the domain password is the domain password set for the target account for the first time. And the terminal receives a domain password corresponding to the target account input by the user.
The password setting policy conforms to a strength policy, which may be, for example:
1. the preset number of characters is satisfied, typically 6 characters or 8 characters.
2. It is necessary to include upper and lower case letters, including symbols, including numbers.
For example, if the domain password is "To & # 25# 9" which contains both upper and lower case letters and a number and the domain password satisfies a preset (e.g., 8) number of characters, it indicates that the domain password satisfies the strength policy, and step 703 is executed.
And if the domain password does not accord with the password setting strategy, prompting the target account to reset the domain password.
If the domain password meets the strength strategy, the probability that the domain password is a weak password is greatly reduced, and if the domain password does not meet the strength strategy, the domain password is shown to be a weak password possibly, the target account is prompted to reset the domain password, so that the probability that the domain password is a weak password is reduced. In this embodiment, the probability that the domain password set by the user is a weak password is reduced by layer protection.
It should be noted that, the step 702 is an optional step, and may not be executed, and the step 703 is directly executed.
And 703, performing hash conversion on each weak password in the weak password table to obtain a weak password hash value set corresponding to the weak password table.
For example, the weak cipher table may be as shown in table 1 and the weak cipher hash value set is as shown in table 2. And storing the obtained weak password hash value set to a storage area.
And performing hash conversion on each weak password included in the weak password table to obtain a weak password hash value set corresponding to the weak password table. For example, the weak cipher table may be as described above in table 1, with the set of weak cipher hash values being shown, for example, in table 2 below.
It should be noted that step 703 is an optional step, which may not be executed, but directly execute step 704, that is, the weak cipher table may be reused after being converted into the corresponding weak cipher hash value set, and does not need to be repeatedly converted each time, however, if the weak cipher table is updated, for example, a new weak cipher is added again, step 703 needs to be executed, and the updated weak cipher table is subjected to hash conversion, so as to obtain an updated weak cipher hash value set.
Step 704, comparing the target hash value with the weak password hash value set, and determining whether the weak password hash value set contains a hash value matching the target hash value.
If the weak password hash value set contains a hash value matching the target hash value, proceed to step 705.
The weak cipher hash value set is obtained by performing hash conversion on a weak cipher table, and the weak cipher table comprises a plurality of weak ciphers (as shown in the above table 2).
For example, the target hash value is: c93423250DA51a58a3039E2D3EEB5D18, it should be noted that the target Hash value may include a Hash value corresponding to LM-Hash and/or NT-Hash, and for convenience of description, the Hash value of LM-Hash is taken as an example.
Then, the target hash value is compared with the weak password hash value set shown in table 2, and the hash values included in the weak password hash value set are traversed one by one, so as to determine whether the password hash value set contains the same hash value as that of the C93423250DA51a58a3039E2D3EEB5D 18.
By contrast, it is determined that the C93423250DA51a58a3039E2D3EEB5D18 hash value is included in the weak password hash value set, and since the C93423250DA51a58a3039E2D3EEB5D18 hash value is converted from the weak password, it can be determined that the target hash value is also converted from the weak password, and the domain password corresponding to the target hash value is determined to be the domain password.
In a possible implementation manner, a display interface of the terminal displays prompt information, where the prompt information is: the domain password is a weak password and needs to be reset.
In another possible implementation manner, if the domain password is a weak password, the terminal does not perform the operation of "determining" the domain password, and forces the user to reset the domain password until the domain password is determined to be not the weak password.
And step 707, when the setting of the domain password is completed, sending the domain password and the corresponding target account to the domain control server.
And acquiring a domain password setting completion instruction, and sending the domain password and the corresponding target account to the domain control server by the terminal according to the domain password setting completion instruction so that the domain controller performs hash conversion on the domain password to obtain a hash value of the domain password, and storing the hash value of the domain password and the target account in an associated manner. Further, the domain control server may perform steps 201 to 205 in the corresponding embodiment of fig. 2.
The domain password setting completion instruction may be an instruction input by the user, or may be an instruction generated when the terminal determines that the domain password is a non-weak password.
In this embodiment, the terminal may detect the domain password, compare the target hash value with the weak password hash value set, determine whether the weak password hash value set includes a hash value matched with the target hash value, determine that the domain password is a weak password if the weak password hash value set includes a hash value matched with the target hash value, and prompt the target account to reset the password, so as to reduce the probability that the domain password corresponding to the target account is a weak password, and improve the security of the system.
Optionally, when the terminal obtains the instruction to modify the domain password, the terminal may display a Uniform Resource Locator (URL) link of the dedicated device that modifies the domain password, guide the user to modify the password through the platform, send the domain password to the server that detects the domain password, and the server may perform steps 701 to 706.
In this embodiment, in the detection system shown in fig. 1, the domain password may be detected by a plurality of devices, a terminal and a domain control server may perform double-layer protection, the terminal compares a target hash value with a weak password hash value set, and if the weak password hash value set includes a hash value matched with the target hash value, it may be determined that the domain password is a weak password, and prompt the target account to prompt that the domain password is a weak password, so as to reduce the probability that the domain password is a weak password.
Further, if the user has set the weak password, the domain control server may detect the hash value of the domain password stored in the ntds.
With reference to fig. 9, an embodiment of a domain control server according to the present invention includes:
an obtaining module 901, configured to obtain a target hash value of a domain password corresponding to a target account;
a comparison module 902, configured to compare the target domain password hash value obtained by the obtaining module 901 with a weak password hash value set, and determine whether the weak password hash value set includes a hash value matched with the target hash value, where the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table includes a plurality of weak passwords;
a determining module 903, configured to determine that the domain password is the domain weak password when the comparing module 902 determines that the weak password hash value set includes a hash value matching the target hash value.
Referring to fig. 10, on the basis of the embodiment corresponding to fig. 9, another embodiment of a domain control server 1000 according to the present invention includes:
also included are a prompt module 904 and an execution module 905;
a prompting module 904, configured to prompt the target account corresponding to the domain weak password determined by the determining module 903 to modify the domain password within a preset time limit;
and an executing module 905, configured to stop the usage right of the target account when the domain password is not changed after exceeding the preset expiration prompted by the prompting module 904.
Referring to fig. 11, on the basis of the embodiment corresponding to fig. 9, another embodiment of a domain control server 1100 according to the present invention includes:
also included is a conversion module 906;
the conversion module 906 is configured to perform hash conversion on each weak password in the weak password table to obtain a weak password hash value set corresponding to the weak password table.
Optionally, the obtaining module 901 is further configured to receive a target domain password hash value corresponding to a target account sent by a target device, where the target device is a terminal or a server.
Optionally, the obtaining module 901 is further configured to extract a target hash value of a domain password corresponding to the target account from a domain database file, where the domain database file stores all accounts in the domain and their corresponding domain password hash values.
Further, one of the domain control servers in fig. 9 to 11 is presented in the form of a function module. A "module" as used herein may refer to an application-specific integrated circuit (ASIC), an electronic circuit, a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that provide the described functionality. In a simple embodiment, one of the domain control servers in fig. 9 to 11 may take the form shown in fig. 12.
Fig. 12 is a schematic structural diagram of an apparatus for determining stability of a search function according to an embodiment of the present invention, where the apparatus for determining stability of a search function may be in the form of a server, and the domain control server 1200 may have a relatively large difference due to different configurations or performances, and may include one or more processors 1222 and a memory 1232, and one or more storage media 1230 (e.g., one or more mass storage devices) for storing an application 1242 or data 1244. Memory 1232 and storage media 1230 can be, among other things, transient storage or persistent storage. The program stored in the storage medium 1230 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 1222 may be configured to communicate with the storage medium 1230, to execute a series of instruction operations in the storage medium 1230 on the server 1200.
The Server 1200 may also include one or more power supplies 1226, one or more wired or wireless network interfaces 1250, one or more input-output interfaces 1258, and/or one or more operating systems 1241, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.
Specifically, the network interface 1250 is configured to obtain a domain password corresponding to the target account.
A processor 1222 for obtaining a target hash value of a domain password corresponding to a target account; comparing the target hash value with the weak password hash value set to determine whether the weak password hash value set contains a hash value matched with the target hash value, wherein the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords; and if the weak password hash value set contains the hash value matched with the target hash value, determining the domain password as the domain weak password.
Optionally, the processor 1222 is configured to prompt the target account to modify the domain password within a preset time limit; and if the domain password is not changed after the preset time limit, stopping the use permission of the target account.
Optionally, the processor 1222 is configured to perform hash conversion on each weak cipher in the weak cipher table to obtain a set of weak cipher hash values corresponding to the weak cipher table.
Optionally, the network interface 1250 is configured to receive a target hash value of the domain password corresponding to the target account sent by the target device, where the target device is a terminal or a server.
Optionally, the processor 1222 is configured to extract a target hash value of the domain password corresponding to the target account from a domain database file, where all accounts in the domain and their corresponding domain password hash values are stored.
Referring to fig. 13, an embodiment of an apparatus 1300 for domain password security detection according to the present invention includes:
a receiving module 1301, configured to receive a domain password corresponding to the target account;
a conversion module 1307, configured to perform hash conversion on the domain password received by the receiving module 1301 to obtain a target hash value of the domain password;
a comparison module 1302, configured to compare the target hash value obtained through conversion by the conversion module 1307 with a weak password hash value set, and determine whether the weak password hash value set includes a hash value matched with the target hash value, where the weak password hash value set is obtained by performing hash conversion on a weak password table, where the weak password table includes a plurality of weak passwords;
a determining module 1303, configured to determine that the domain password is the domain weak password when the comparing module 1302 determines that the weak password hash value set includes a hash value matched with the target hash value;
a prompt module 1304 for prompting the target account to reset the domain password.
Referring to fig. 14, on the basis of the embodiment corresponding to fig. 13, an embodiment of an apparatus 1400 for domain password security detection according to the present invention further includes:
the device also comprises a detection module;
the detection module is used for detecting whether the domain password accords with a password setting strategy;
the prompting module 1304 is further configured to prompt the target account to reset the domain password when the domain password does not meet the password setting policy.
Referring to fig. 15, based on the embodiment shown in fig. 13, an embodiment of an apparatus 1500 for detecting security of domain encryption according to the present invention further includes:
further comprising an obtaining module 1308 and a sending module 1306;
an obtaining module 1308, configured to obtain a domain password setting completion instruction;
the sending module 1306 is configured to send the target hash value of the domain password and the information of the corresponding target account to the domain control server when the domain password setting completion instruction is received, so that the domain controller stores the target hash value of the domain password in association with the target account.
Further, one of the devices for domain password security detection in fig. 13 to 15 is presented in the form of a functional module. A "module" as used herein may refer to an application-specific integrated circuit (ASIC), an electronic circuit, a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other devices that provide the described functionality. In a simple embodiment, one of the domain password security detection devices in fig. 13-15 may take the form shown in fig. 16.
As shown in fig. 16, for convenience of illustration, only the portion related to the embodiment of the present invention is shown, and the detailed technical details are not disclosed, please refer to the method portion of the embodiment of the present invention. The terminal may be any terminal device including a PC, a tablet computer, a PDA (Personal Digital Assistant), and the like, taking the terminal as the PC as an example:
fig. 16 is a block diagram showing a partial structure of a PC related to a terminal provided in an embodiment of the present invention. Referring to fig. 16, the PC includes: transceiver 1610, memory 1620, input unit 1630, display unit 1640, audio circuitry 1660, wireless fidelity (WiFi) module 1670, processor 1680, and power supply 1690. Those skilled in the art will appreciate that the PC configuration shown in fig. 16 is not intended to be limiting and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
The following describes each component of the PC in detail with reference to fig. 16:
The memory 1620 may be used to store software programs and modules, and the processor 1680 executes various functional applications and data processing of the PC by operating the software programs and modules stored in the memory 1620. The memory 1620 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required by at least one function, and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the PC, and the like. Further, the memory 1620 may comprise high speed random access memory, and may also comprise non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 1630 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control. The input unit 1630 may also include other input devices 1632. In particular, other input devices 1632 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 1640 may be used to display information input by or provided to the user and various menus of the PC. The Display unit 1640 may include a Display panel 1641, and optionally, the Display panel 1641 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The processor 1680 is a control center of the PC, connects various parts of the entire PC using various interfaces and lines, performs various functions of the PC and processes data by running or executing software programs and/or modules stored in the memory 1620, and calling data stored in the memory 1620, thereby performing overall monitoring of the PC. Alternatively, processor 1680 may include one or more processing units; preferably, the processor 1680 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It is to be appreciated that the modem processor described above may not be integrated into processor 1680.
The PC also includes a power supply 1690 (e.g., a battery) for powering the various components, which may preferably be logically connected to the processor 1680 via a power management system to manage charging, discharging, and power consumption management functions via the power management system.
The processor 1680 is configured to enable the apparatus to perform the method of the corresponding embodiment of fig. 2.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A method for security detection of domain password, wherein the method is applied to a domain control server in a scenario of using a domain management company device, and the method comprises:
periodically detecting whether the hash value of the weak password exists in the hash values of the domain passwords stored in the domain database file, and enabling the corresponding account to modify the corresponding domain password when the hash value of the weak password is determined to exist;
when receiving information of a target account and a domain password corresponding to the target account, which are sent by a target device, performing hash conversion on the domain password corresponding to the target account to obtain a target hash value of the domain password corresponding to the target account, storing the target hash value and the target account in a domain database file in an associated manner, and acquiring the target hash value from the domain database file; the domain password corresponding to the target account is a modified domain password corresponding to the target account and received when the target device detects a domain password setting completion instruction, wherein the domain password setting completion instruction is an instruction input by a user, or an instruction generated when the target device determines that the received modified domain password is a non-weak password;
comparing the target hash value with a weak password hash value set to determine whether the weak password hash value set contains a hash value matched with the target hash value, wherein the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords;
if the weak password hash value set contains a hash value matched with the target hash value, determining that the domain password corresponding to the target account is the domain weak password;
prompting the target account to modify the domain password corresponding to the target account within a preset time limit;
and if the domain password corresponding to the target account is not changed after the preset time limit is exceeded, stopping the use permission of the target account.
2. The method of claim 1, wherein prior to comparing the target hash value to the set of weak cryptographic hash values, the method further comprises:
and carrying out hash conversion on each weak password in the weak password table to obtain a weak password hash value set corresponding to the weak password table.
3. A method for security detection of domain password, wherein the method is applied to a target device in a scenario of using a domain management company device, and then the method comprises:
receiving a domain password corresponding to a target account;
carrying out hash conversion on the domain password to obtain a target hash value of the domain password;
comparing the target hash value with a weak password hash value set, and determining whether the weak password hash value set contains a hash value matched with the target hash value;
when the weak password hash value set contains a hash value matched with the target hash value, determining the domain password as a domain weak password;
prompting the target account to reset a domain password;
when a domain password setting completion instruction is detected, sending the reset domain password and information of a corresponding target account to a domain control server, wherein the domain password setting completion instruction is an instruction input by a user, or when the reset domain password is determined to be a non-weak password, generating an instruction so that the domain control server performs hash conversion on the reset domain password to obtain a target hash value of the reset domain password, and storing the target hash value of the reset domain password and the target account in a domain database file in an associated manner; and the domain control server acquires the target hash value of the reset domain password from the domain database file, compares the target hash value of the reset domain password with a weak password hash value set, and determines whether the weak password hash value set contains a hash value matched with the target hash value of the reset domain password; and when the domain control server contains a hash value matched with the target hash value of the reset domain password in the weak password hash value set, determining the reset domain password as the domain weak password; and causing the domain control server to prompt the target account to modify the reset domain password within a preset time limit; and when the reset domain password is not changed after the preset time limit, the domain control server stops the use authority of the target account; the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords.
4. The method of claim 3, wherein before the hash transformation of the domain password to obtain the target hash value of the domain password, the method further comprises:
detecting whether the domain password accords with a password setting strategy;
and if the domain password does not accord with the password setting strategy, prompting the target account to reset the domain password.
5. A domain control server, wherein the domain control server is applied to a scenario of using a domain management company device, and the domain control server comprises:
an obtaining module, configured to, when receiving information of a target account and a domain password corresponding to the target account, sent by a target device, perform hash conversion on the domain password corresponding to the target account to obtain a target hash value of the domain password corresponding to the target account, store the target hash value and the target account in a domain database file in an associated manner, and obtain the target hash value from the domain database file, where the domain password corresponding to the target account is a modified domain password corresponding to the target account received when the target device detects a domain password setting completion instruction, where the domain password setting completion instruction is an instruction input by a user, or a generated instruction when the target device determines that the received modified domain password is a non-weak password;
a comparison module, configured to compare the target hash value received by the acquisition module with a weak password hash value set, and determine whether the weak password hash value set includes a hash value matched with the target hash value, where the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table includes a plurality of weak passwords;
a determining module, configured to determine that the domain password corresponding to the target account is the domain weak password when the comparing module determines that the weak password hash value set includes a hash value matched with the target hash value;
the prompting module is used for prompting the target account to modify the domain password corresponding to the target account within a preset time limit;
and the execution module is used for stopping the use permission of the target account when the domain password corresponding to the target account is not changed after the preset time limit is exceeded.
6. The domain control server of claim 5, further comprising a translation module;
the conversion module is used for performing hash conversion on each weak password in the weak password table to obtain a weak password hash value set corresponding to the weak password table.
7. An apparatus for security detection of domain password, wherein the apparatus is applied in a scenario of using a domain management company device, the apparatus comprises:
the receiving module is used for receiving a domain password corresponding to the target account;
the conversion module is used for carrying out hash conversion on the domain password received by the receiving module to obtain a target hash value of the domain password;
the comparison module is used for comparing the target hash value obtained by conversion of the conversion module with a weak password hash value set and determining whether the weak password hash value set contains a hash value matched with the target hash value;
the determining module is used for determining the domain password as the domain weak password when the weak password hash value set contains the hash value matched with the target hash value;
the prompting module is used for prompting the target account corresponding to the domain password determined by the determining module to reset the domain password;
a sending module, configured to send the reset domain password and information of the corresponding target account to a domain control server when a domain password setting completion instruction is detected, where the domain password setting completion instruction is an instruction input by a user, or a generated instruction when it is determined that the reset domain password is a non-weak password, so that the domain control server performs hash conversion on the reset domain password to obtain a target hash value of the reset domain password, and stores the target hash value of the reset domain password and the target account in a domain database file in association; and the domain control server acquires the target hash value of the reset domain password from the domain database file, compares the target hash value of the reset domain password with a weak password hash value set, and determines whether the weak password hash value set contains a hash value matched with the target hash value of the reset domain password; and when the domain control server contains a hash value matched with the target hash value of the reset domain password in the weak password hash value set, determining the reset domain password as the domain weak password; and causing the domain control server to prompt the target account to modify the reset domain password within a preset time limit; and when the reset domain password is not changed after the preset time limit, the domain control server stops the use authority of the target account; the weak password hash value set is obtained by performing hash conversion on a weak password table, and the weak password table comprises a plurality of weak passwords.
8. The apparatus of claim 7, further comprising a detection module;
the detection module is used for detecting whether the domain password accords with a password setting strategy;
and the prompting module is further used for prompting the target account to reset the domain password when the domain password does not accord with the password setting strategy.
9. A computer-readable storage medium, in which a program is stored, the program being loaded and executed by a processor to implement the method for domain cryptographic security detection as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710268888.0A CN108737094B (en) | 2017-04-21 | 2017-04-21 | Domain password security detection method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710268888.0A CN108737094B (en) | 2017-04-21 | 2017-04-21 | Domain password security detection method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108737094A CN108737094A (en) | 2018-11-02 |
| CN108737094B true CN108737094B (en) | 2021-12-14 |
Family
ID=63934076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710268888.0A Active CN108737094B (en) | 2017-04-21 | 2017-04-21 | Domain password security detection method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108737094B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110084034B (en) * | 2019-05-06 | 2020-10-30 | 重庆天蓬网络有限公司 | Password setting method based on weak password detection, storage medium and electronic equipment |
| CN110633565A (en) * | 2019-09-27 | 2019-12-31 | 上海赛可出行科技服务有限公司 | Domain user weak password detection method based on hash collision |
| CN112287073A (en) * | 2020-11-20 | 2021-01-29 | 北京微步在线科技有限公司 | Information security processing method and device and computer readable storage medium |
| CN112613028A (en) * | 2020-12-29 | 2021-04-06 | 北京天融信网络安全技术有限公司 | Weak password detection method and device, electronic equipment and readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119342A (en) * | 2007-09-21 | 2008-02-06 | 腾讯科技(深圳)有限公司 | Method and system for logging in instant communication software |
| CN101155214A (en) * | 2006-09-27 | 2008-04-02 | 中国电信股份有限公司 | Bluetooth network system and PIN code amending method for Bluetooth access point |
| CN101316220A (en) * | 2008-06-27 | 2008-12-03 | 华为技术有限公司 | Method, system and device for modifying cipher of virtual private net |
| CN103701805A (en) * | 2013-12-26 | 2014-04-02 | 山石网科通信技术有限公司 | Method and device for detecting weak password in network |
| CN103973651A (en) * | 2013-02-01 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Account password identification setting and inquiring method and device based on salt password bank |
| CN104933352A (en) * | 2015-06-10 | 2015-09-23 | 北京北信源软件股份有限公司 | Weak password detection method and device |
| CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
| CN105760748A (en) * | 2016-02-26 | 2016-07-13 | 北京齐尔布莱特科技有限公司 | Weak password detection method and device and server |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100257356A1 (en) * | 2007-10-02 | 2010-10-07 | Fraunhofer-Gesellschaft Zur Foerderung Der Angewandten Forschung E.V | Concept for a key management in a drm system |
| CN104468484B (en) * | 2013-09-22 | 2019-01-18 | 深圳市腾讯计算机系统有限公司 | The method and device of password setting is carried out in network communication |
| FR3015839A1 (en) * | 2013-12-23 | 2015-06-26 | Orange | METHOD FOR SLOWING COMMUNICATION IN A NETWORK |
| CN105095737B (en) * | 2014-04-16 | 2019-03-01 | 阿里巴巴集团控股有限公司 | The method and apparatus for detecting weak password |
| CN104580197A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Code detection method and code detection system |
| CN106411531A (en) * | 2016-10-25 | 2017-02-15 | 国家电网公司 | Weak password screening method |
-
2017
- 2017-04-21 CN CN201710268888.0A patent/CN108737094B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155214A (en) * | 2006-09-27 | 2008-04-02 | 中国电信股份有限公司 | Bluetooth network system and PIN code amending method for Bluetooth access point |
| CN101119342A (en) * | 2007-09-21 | 2008-02-06 | 腾讯科技(深圳)有限公司 | Method and system for logging in instant communication software |
| CN101316220A (en) * | 2008-06-27 | 2008-12-03 | 华为技术有限公司 | Method, system and device for modifying cipher of virtual private net |
| CN103973651A (en) * | 2013-02-01 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Account password identification setting and inquiring method and device based on salt password bank |
| CN103701805A (en) * | 2013-12-26 | 2014-04-02 | 山石网科通信技术有限公司 | Method and device for detecting weak password in network |
| CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
| CN104933352A (en) * | 2015-06-10 | 2015-09-23 | 北京北信源软件股份有限公司 | Weak password detection method and device |
| CN105760748A (en) * | 2016-02-26 | 2016-07-13 | 北京齐尔布莱特科技有限公司 | Weak password detection method and device and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108737094A (en) | 2018-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10700861B2 (en) | System and method for generating a recovery key and managing credentials using a smart blockchain contract | |
| CN106656476B (en) | Password protection method and device and computer readable storage medium | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN108737094B (en) | Domain password security detection method and related equipment | |
| US10715320B2 (en) | Password generation with key and derivation parameter | |
| US20070039042A1 (en) | Information-security systems and methods | |
| US20200145389A1 (en) | Controlling Access to Data | |
| CN111475832B (en) | Data management method and related device | |
| CN110493207A (en) | A kind of data processing method, device, electronic equipment and storage medium | |
| CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
| WO2013170822A2 (en) | Method and device for processing password for logging into server | |
| JP5568696B1 (en) | Password management system and program for password management system | |
| CN114039726B (en) | Key generation method, key acquisition method, related device and medium | |
| Bakro et al. | Hybrid blockchain-enabled security in cloud storage infrastructure using ECC and AES algorithms | |
| US11606196B1 (en) | Authentication system for a multiuser device | |
| US10708267B2 (en) | Method and associated processor for authentication | |
| Sharma et al. | Authentication issues and techniques in cloud computing security: A review | |
| US20140096211A1 (en) | Secure identification of intranet network | |
| US11210407B2 (en) | Electronic communications device and messaging application therefor | |
| GB2587000A (en) | Method of testing and improving security in a password-based authentication system | |
| US11949772B2 (en) | Optimized authentication system for a multiuser device | |
| Shen et al. | Enhanced remote password-authenticated key agreement based on smart card supporting password changing | |
| US20240031132A1 (en) | Stateless system to protect data | |
| Saxena | Dynamic authentication: Need than a choice | |
| EP3686764A1 (en) | Electronic communications device and messaging application therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |