CN109446793A - A kind of account based on Windows agent changes decryption method and device - Google Patents
A kind of account based on Windows agent changes decryption method and device Download PDFInfo
- Publication number
- CN109446793A CN109446793A CN201811117508.4A CN201811117508A CN109446793A CN 109446793 A CN109446793 A CN 109446793A CN 201811117508 A CN201811117508 A CN 201811117508A CN 109446793 A CN109446793 A CN 109446793A
- Authority
- CN
- China
- Prior art keywords
- key
- random number
- client
- password
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of accounts based on Windows agent to change decryption method and device, is related to communication technique field.To the problem for solving because windows account is excessive, to cause management work comparatively laborious in the prior art.This method includes receiving the Modify password request of client transmission, the account password to be modified that the password request is carried with encryption keys;It is decrypted by the encryption key of storage to described with the account password to be modified of encryption keys, obtain the new password of the account to be modified, the account password to be modified is modified with the new password of the account to be modified, and modification information is completed to the client feedback, wherein, the encryption key is the key communicated between the client.
Description
Technical field
The present invention relates to communication technique field, more particularly relates to a kind of account based on Windows agent and change close side
Method and device.
Background technique
Traditional windows change it is close need administrator log in windows system change it is close, or by 445 ports it is long-range
Change close, 445 ports are the ports got both praise and censure, have it can easily access in a local network various Shared Folders or
Printer sharing, exactly because but also have it, hackers just have opportunity, and hacker can stealthily share you by the port
Hard disk, or even middle your hard disk form can be melted quiet.
In the prior art, since windows account is excessive, account management is always problem, at present windows account management
All be by labor management mode, log in each system or domain control look at there is which account, this method there are the problem of be,
If the time is long, may forget Password;Furthermore account excessively also causes the IT administrative staff of data center to need to manage
Large number of windows equipment;Further, since account is multiple, it is also possible to which will lead to administrator can not quickly determine
Franchise account belongs to which server or domain control equipment.
In conclusion leading to the problem that management work is comparatively laborious because windows account is excessive in the prior art.
Summary of the invention
The embodiment of the present invention provides a kind of account based on Windows agent and changes decryption method and device, existing to solve
There is the problem for because windows account is excessive, causing management work comparatively laborious in technology.
The embodiment of the present invention provides a kind of account based on Windows agent and changes decryption method, comprising:
The Modify password request of client transmission is received, the password request is carried with the to be repaired of encryption keys
Change account password;
It is decrypted, is obtained with the account password to be modified of encryption keys to described by the encryption key of storage
To the new password of the account to be modified, the account password to be modified is modified with the new password of the account to be modified, and to
The client feedback completes modification information, wherein the encryption key is the key communicated between the client.
Preferably, before the Modify password request for receiving client transmission, further includes:
The code key initialization requests that the client is sent are received, it is random that first is carried in the code key initialization requests
Number, obtains corresponding first check code of first random number and the second random number by data algorithm, described first is verified
Code and second random number be sent to the client so that the client to first check code and described first with
The corresponding check code of machine number is matched;
The second random number ciphertext that the client is sent is received, by the first key and the first iv of storage to described the
Two random numbers carry out it is discrete, obtain the 2nd key and the 2nd iv, by the 2nd key and the 2nd iv to described second with
Machine number encrypts to obtain the second new random ciphertext, when the described second random ciphertext is identical with the second new random ciphertext, by described the
Two key and the 2nd iv are confirmed as the encryption key with the client communication.
Preferably, before the code key initialization requests for receiving the client transmission, further includes:
The initial code key verification request of client transmission is received, it is random to carry third in the initial code key verification request
Several and third random number ciphertext;
To the initial password of storage carry out it is discrete obtain the first key and the first iv, by the first key and
First iv encrypts the third random number, obtains the new random number ciphertext of third, when the new random number of the third is close
When literary identical with the third random number ciphertext, confirmation and the initial code key of the client are verified successfully.
Preferably, described so that the client is to first check code and the corresponding check code of first random number
It is matched, is specifically included:
When the client confirms first check code and the corresponding check code of first random number mismatches, then
Confirmation initialization failure;Or
When the client confirms first check code and the corresponding check code successful match of first random number,
It is then discrete to second random number by the first key and the first iv, obtain the 2nd key and described second
Iv, and second random number is encrypted using the 2nd key and the 2nd iv, it is close to obtain second random number
Text.
Preferably, after the completion modification information to the client feedback, further includes:
So that the client completes information according to the modification, the close of the account to be modified is updated in the client
Code.
The embodiment of the invention also provides a kind of accounts based on Windows agent to change close device, comprising:
Receiving unit, for receiving the Modify password request of client transmission, the password request is carried to encrypt
The account password to be modified of key encryption;
Processing unit, for the encryption key by storage to described close with the account to be modified of encryption keys
Code is decrypted, and obtains the new password of the account to be modified, described to be modified with the new password modification of the account to be modified
Account password, and modification information is completed to the client feedback, wherein the encryption key is to lead between the client
The key of letter.
Preferably, the receiving unit is also used to:
The code key initialization requests that the client is sent are received, it is random that first is carried in the code key initialization requests
Number, obtains corresponding first check code of first random number and the second random number by data algorithm, described first is verified
Code and second random number be sent to the client so that the client to first check code and described first with
The corresponding check code of machine number is matched;
The second random number ciphertext that the client is sent is received, by the first key and the first iv of storage to described the
Two random numbers carry out it is discrete, obtain the 2nd key and the 2nd iv, by the 2nd key and the 2nd iv to described second with
Machine number encrypts to obtain the second new random ciphertext, when the described second random ciphertext is identical with the second new random ciphertext, by described the
Two key and the 2nd iv are confirmed as the encryption key with the client communication.
Preferably, the receiving unit is also used to:
The initial code key verification request of client transmission is received, it is random to carry third in the initial code key verification request
Several and third random number ciphertext;
To the initial password of storage carry out it is discrete obtain the first key and the first iv, by the first key and
First iv encrypts the third random number, obtains the new random number ciphertext of third, when the new random number of the third is close
When literary identical with the third random number ciphertext, confirmation and the initial code key of the client are verified successfully.
Preferably, the receiving unit specifically includes:
When the client confirms first check code and the corresponding check code of first random number mismatches, then
Confirmation initialization failure;Or
When the client confirms first check code and the corresponding check code successful match of first random number,
It is then discrete to second random number by the first key and the first iv, obtain the 2nd key and described second
Iv, and second random number is encrypted using the 2nd key and the 2nd iv, it is close to obtain second random number
Text.
Preferably, the processing unit is also used to:
So that the client completes information according to the modification, the close of the account to be modified is updated in the client
Code.
The embodiment of the present invention provides a kind of account based on Windows agent and changes decryption method and device, this method comprises:
The Modify password request of client transmission is received, the password request carries close with the account to be modified of encryption keys
Code;It is decrypted by the encryption key of storage to described with the account password to be modified of encryption keys, obtains institute
The new password for stating account to be modified modifies the account password to be modified with the new password of the account to be modified, and to described
Client feedback completes modification information, wherein the encryption key is the key communicated between the client.This method base
It is management philosophy in Windows agent account Modify password, this method is by being suitable for all data center's accounts
The requirement of centralization account password security management and control is realized in windows account management.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is that a kind of account based on Windows agent provided in an embodiment of the present invention changes decryption method flow diagram;
Fig. 2 is a kind of account management method flow diagram based on Windows agent provided in an embodiment of the present invention;
Fig. 3 is that a kind of account based on Windows agent provided in an embodiment of the present invention changes close apparatus structure schematic diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Fig. 1 illustratively shows a kind of account based on Windows agent provided in an embodiment of the present invention and changes close side
Method flow diagram, as described in Figure 1, this method mainly comprises the steps that
Step 101, the Modify password request of client transmission is received, the password request is carried to be added with encryption key
Close account password to be modified;
Step 102, by the encryption key of storage to the account password to be modified with encryption keys into
Row decryption, obtains the new password of the account to be modified, modifies the account to be modified with the new password of the account to be modified
Password, and modification information is completed to the client feedback, wherein it is communicated between the encryption key and the client
Key.
It should be noted that in embodiments of the present invention, Windows agent is the executing subject of this method, Windows
Agent completes the Port detecting operation between client, initial code key verification behaviour by the interaction between client
Make, procedure for cipher key initialization operates and change ciphertext data transmitting operation etc..
In practical applications, client is before password of modifying, it is also necessary to carry out sequence of operations.Specifically, it wraps
Include following operation:
Port detecting is first carried out, by the step, can determine port connection between client and server-side whether just
Often.It should be noted that in embodiments of the present invention, server-side is Windows agent.
Further, when normal connection between confirmation port, then key verification can be carried out:
Specifically, between client and server-side before carrying out key verification, need first client and server-side it
Between arrange an initial password, and the initial password of agreement is stored in client and server-side, so as to later period use.
After arranging initial password between client and server-side, client can actively be triggered to server-side and make key school
Test operation, when client to server-side carry out key verification operation when, will use initial password, obtained by mathematics discrete logarithm
Cryptographic operation is carried out to third random number to the first key and the first iv, and by obtained the first key and the first iv, obtains the
Three random number ciphertexts.Further, third random number and third random number ciphertext are sent to server-side.
In embodiments of the present invention, when server-side receives the third random number and third random number ciphertext of client transmission
Later, can also mathematics discrete logarithm be used to initial password, to obtain the first key and the first iv in server-side, then basis
It obtains being encrypted to the first key and the first iv to receiving third random number, obtains the new random number ciphertext of a third.
Further, server-side matches the new random number ciphertext of obtained third with the third random number ciphertext that customer side is sent,
If successful match, server-side confirmation and the initial code key of client are verified successfully;If matching is unsuccessful, server-side confirmation and visitor
The initial code key verification at family end is unsuccessful.
It in embodiments of the present invention, then can be into after server-side confirmation verifies successfully with the initial code key of client
The following operation of row, for example, carrying out code key initialization operation and password modification process.
Specifically, code key initialization operation includes: the client when client and server-side progress code key initialization operation
First random number can be generated at random, sent code key initialization requests to server-side, carried in the code key initialization requests
There is the first random number.
After server-side receives code key initialization requests, the can be then generated to the first random number by hash algorithm
One check code and the second random number, further, the first check code and the second random number are sent to client by server-side.
It in embodiments of the present invention, can be random to first after client receives the first check code and the second random number
Number obtains the corresponding check code of the first random number by hash algorithm, and by the first check code and the corresponding school of the first random number
It tests code to be matched, when matching unsuccessful, determines that cipher key initialization fails;After successful match, then client is according to
One key and the first iv carries out discrete operations to the second random number and further adopts so as to obtain the 2nd key and the 2nd iv
The second random number is encrypted with the 2nd key and the 2nd iv, to obtain the second random number ciphertext, and by obtain second with
Machine number ciphertext is sent to server-side.
Further, after server-side receives the second random number ciphertext, by the first key and for being stored in server-side
One iv carries out discrete operations to the second random number, obtains the 2nd key and the 2nd iv of server-side, and pass through the 2nd key and second
Iv encrypts the second random number, obtains the second new random ciphertext.By the obtain second new random ciphertext with receive the
Two random ciphertexts are matched, if successful match, confirmation the 2nd key and the 2nd iv is communicated between server-side and client
Encryption key.
Password modification process specifically includes that in a step 101, when receiving the Modify password request of client transmission,
Wherein, the account password to be modified crossed with encryption keys is carried in Modify password.In embodiments of the present invention, in client
There is no encryptions for the password for the account to be modified for including in end, and work as and the account password for storing client is needed to be sent to service
When end, need to execute by the Traffic encryption key(TEK) between client and server-side.That is the account to be modified that receives of server-side
Family password is by the information after encryption keys.
In a step 102, server-side, can be encrypted to what is received by the encryption key being stored in server-side
Operation is decrypted in account password to be modified, specifically, by the encryption key of storage can decrypt the encryption received to
Account password is modified, the new password of account to be modified is obtained, the password of account to be modified is replaced by the new password.In the present invention
In embodiment, encryption key is the 2nd key and the 2nd iv.Further, the detailed process of server-side Modify password is not done and is had
The restriction of body.
Further, after server-side modifies to account password to be modified, then it is close modification to be sent to client
Code completes feedback can update account password processing result to be modified after client receives Modify password feedback in system.
It introduces a kind of account based on Windows agent provided in an embodiment of the present invention in order to become apparent from and changes decryption method,
Below in conjunction with the account management method flow diagram based on Windows agent that Fig. 2 is provided, to introduce based on Windows
The account of agent changes decryption method.
Specifically, as shown in Fig. 2, mainly including spv client and app server in the flow chart, i.e. client is
Spv client, server-side are app server.
Account management method mainly includes following flow path block, and first is key verification process, and second at the beginning of key
Beginning process, third are to change ciphertext data process.
In practical applications, following below scheme is if desired executed, then need first to carry out Port detecting process: i.e. SPV is examined first
Whether ip and the port connection for measuring server-side agent are normal.
Key verification process the following steps are included:
Step 201, SPV and windows agent arranges initial password, and SPV and windows agent store agreement respectively
Initial password.
Step 202, it when SPV is actively triggered to windows agent and makees key verification operation, is obtained with initial password is discrete
First key and the first iv, and with the first key and the first iv to third random number encryption.By third random number and third random number
Ciphertext is sent to windows agent.
Step 203, after windows agent receives third random number and third random number ciphertext, using with SPV phase
With algorithm to initial password carry out it is discrete obtain the first key and the first iv, and with the first key and the first iv to the third received
Random number is encrypted.If the new random number of the third obtained after third random number encryption and the third random number ciphertext received
With success, then key verification success.
Procedure for cipher key initialization the following steps are included:
Step 301, SPV generates the first random number, and it is initial as code key that the first random number issued windows agent
Change request.
Step 302, windows agent receives the code key initialization requests of SPV transmission, carry in the request first with
Machine number calculates hash to the first random number and generates checkcode, while generating the second random number.Windows agent will
Checkcode and the second random number are sent to SPV.
Step 303, SPV receives checkcode and the second random number.It is same that hash first is calculated to the first random number
Checkcode compares, not identical, initializes failure.If they are the same, then it is obtained with the first key and the first iv are discrete to the second random number
The second random number ciphertext is returned to newkey and newiv using newkey and newiv to the second random number encryption
windows agent。
Step 304, windows agent similarly uses the first key and the first iv is discrete to the second random number obtains
Newkey and newiv, and by the second new random number ciphertext and SPV is received to the second random number encryption with newkey and newiv
The the second random ciphertext ciphertext value sent is matched, if successful match, the data after SPV and windows agent are logical
Courier uses newkey and newiv as encryption key.
Change ciphertext data transmittance process the following steps are included:
Step 401, SPV is added using above-mentioned newkey and newiv as password of the encryption key to account to be modified
It is close, encrypted data transmission to windows agent;
Step 402, windows agent receives encryption data, is decrypted using newkey and newiv data key;
Step 403, after ciphertext data, windows agent locally carries out password modification using the data of decryption, has modified
At return modification information to SPV;
Step 404, SPV receives windows agent processing information, changes close processing result in the update of spv new system, whole
A process terminates.
In summary.The embodiment of the present invention provides a kind of account based on Windows agent and changes decryption method, this method base
It is management philosophy in Windows agent account Modify password, this method is by being suitable for all data center's accounts
The requirement of centralization account password security management and control is realized in windows account management.
Based on the same inventive concept, the embodiment of the invention provides a kind of accounts based on Windows agent to change close dress
Set, due to the device solve the principle of technical problem and a kind of account based on Windows agent to change decryption method similar,
The implementation of the device may refer to the implementation of method, and overlaps will not be repeated.
Fig. 3 is that a kind of account based on Windows agent provided in an embodiment of the present invention changes close apparatus structure schematic diagram,
As shown in figure 3, the device mainly includes receiving units 31 and processing unit 32.
Receiving unit 31, for receiving the Modify password request of client transmission, the password request is carried to add
The account password to be modified of key encryption;
Processing unit 32, for the encryption key by storage to the account to be modified with encryption keys
Password is decrypted, and obtains the new password of the account to be modified, described to be repaired with the new password modification of the account to be modified
Change account password, and complete modification information to the client feedback, wherein the encryption key is between the client
The key of communication.
Preferably, the receiving unit 31 is also used to:
The code key initialization requests that the client is sent are received, it is random that first is carried in the code key initialization requests
Number, obtains corresponding first check code of first random number and the second random number by data algorithm, described first is verified
Code and second random number be sent to the client so that the client to first check code and described first with
The corresponding check code of machine number is matched;
The second random number ciphertext that the client is sent is received, by the first key and the first iv of storage to described the
Two random numbers carry out it is discrete, obtain the 2nd key and the 2nd iv, by the 2nd key and the 2nd iv to described second with
Machine number encrypts to obtain the second new random ciphertext, when the described second random ciphertext is identical with the second new random ciphertext, by described the
Two key and the 2nd iv are confirmed as the encryption key with the client communication.
Preferably, the receiving unit 31 is also used to:
The initial code key verification request of client transmission is received, it is random to carry third in the initial code key verification request
Several and third random number ciphertext;
To the initial password of storage carry out it is discrete obtain the first key and the first iv, by the first key and
First iv encrypts the third random number, obtains the new random number ciphertext of third, when the new random number of the third is close
When literary identical with the third random number ciphertext, confirmation and the initial code key of the client are verified successfully.
Preferably, the receiving unit 31 specifically includes:
When the client confirms first check code and the corresponding check code of first random number mismatches, then
Confirmation initialization failure;Or
When the client confirms first check code and the corresponding check code successful match of first random number,
It is then discrete to second random number by the first key and the first iv, obtain the 2nd key and described second
Iv, and second random number is encrypted using the 2nd key and the 2nd iv, it is close to obtain second random number
Text.
Preferably, the processing unit 32 is also used to:
So that the client completes information according to the modification, the close of the account to be modified is updated in the client
Code.
It should be appreciated that one of the above should according to changing unit that close device includes only based on the account of Windows agent
The logical partitioning that the function that apparatus is realized carries out in practical application, can carry out the superposition or fractionation of said units.And
A kind of account based on Windows agent that the embodiment provides changes the function that close device is realized and above-described embodiment provides
A kind of account based on Windows agent change decryption method one-to-one correspondence, the more detailed place realized for the device
Process is managed, has been described in detail in above method embodiment one, has been not described in detail herein.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of account based on Windows agent changes decryption method characterized by comprising
Receive the Modify password request of client transmission, the account to be modified that the password request is carried with encryption keys
Family password;
It is decrypted by the encryption key of storage to described with the account password to be modified of encryption keys, obtains institute
The new password for stating account to be modified modifies the account password to be modified with the new password of the account to be modified, and to described
Client feedback completes modification information, wherein the encryption key is the key communicated between the client.
2. the method as described in claim 1, which is characterized in that the Modify password for receiving client transmission requests it
Before, further includes:
The code key initialization requests that the client is sent are received, carry the first random number in the code key initialization requests,
Obtain corresponding first check code of first random number and the second random number by data algorithm, by first check code and
Second random number is sent to the client, so that the client is to first check code and first random number
Corresponding check code is matched;
Receive the second random number ciphertext that the client is sent, by the first key and the first iv of storage to described second with
The progress of machine number is discrete, the 2nd key and the 2nd iv is obtained, by the 2nd key and the 2nd iv to second random number
Encryption obtains the second new random ciphertext, when the described second random ciphertext with second it is new ciphertext is identical at random when, by the 2nd key
The encryption key with the client communication is confirmed as with the 2nd iv.
3. method according to claim 2, which is characterized in that the code key initialization requests for receiving the client and sending
Before, further includes:
Receive the initial code key verification request of client transmission, carried in the initial code key verification request third random number and
Third random number ciphertext;
To the initial password of storage carry out it is discrete obtain the first key and the first iv, by the first key and described
First iv encrypts the third random number, obtains the new random number ciphertext of third, when the new random number ciphertext of the third and
When the third random number ciphertext is identical, confirmation and the initial code key of the client are verified successfully.
4. method according to claim 2, which is characterized in that described so that the client is to first check code and institute
It states the corresponding check code of the first random number to be matched, specifically include:
When the client confirms first check code and the corresponding check code of first random number mismatches, then confirm
Initialization failure;Or
When the client confirms first check code and the corresponding check code successful match of first random number, then lead to
It crosses the first key and the first iv is discrete to second random number, obtain the 2nd key and the 2nd iv, and
Second random number is encrypted using the 2nd key and the 2nd iv, obtains the second random number ciphertext.
5. the method as described in claim 1, which is characterized in that after the completion modification information to the client feedback,
Further include:
So that the client completes information according to the modification, the password of the account to be modified is updated in the client.
6. a kind of account based on Windows agent changes close device characterized by comprising
Receiving unit, for receiving the Modify password request of client transmission, the password request is carried with encryption key
The account password to be modified of encryption;
Processing unit, for by storage the encryption key to the account password to be modified with encryption keys into
Row decryption, obtains the new password of the account to be modified, modifies the account to be modified with the new password of the account to be modified
Password, and modification information is completed to the client feedback, wherein it is communicated between the encryption key and the client
Key.
7. device as claimed in claim 6, which is characterized in that the receiving unit is also used to:
The code key initialization requests that the client is sent are received, carry the first random number in the code key initialization requests,
Obtain corresponding first check code of first random number and the second random number by data algorithm, by first check code and
Second random number is sent to the client, so that the client is to first check code and first random number
Corresponding check code is matched;
Receive the second random number ciphertext that the client is sent, by the first key and the first iv of storage to described second with
The progress of machine number is discrete, the 2nd key and the 2nd iv is obtained, by the 2nd key and the 2nd iv to second random number
Encryption obtains the second new random ciphertext, when the described second random ciphertext with second it is new ciphertext is identical at random when, by the 2nd key
The encryption key with the client communication is confirmed as with the 2nd iv.
8. device as claimed in claim 7, which is characterized in that the receiving unit is also used to:
Receive the initial code key verification request of client transmission, carried in the initial code key verification request third random number and
Third random number ciphertext;
To the initial password of storage carry out it is discrete obtain the first key and the first iv, by the first key and described
First iv encrypts the third random number, obtains the new random number ciphertext of third, when the new random number ciphertext of the third and
When the third random number ciphertext is identical, confirmation and the initial code key of the client are verified successfully.
9. device as claimed in claim 7, which is characterized in that the receiving unit specifically includes:
When the client confirms first check code and the corresponding check code of first random number mismatches, then confirm
Initialization failure;Or
When the client confirms first check code and the corresponding check code successful match of first random number, then lead to
It crosses the first key and the first iv is discrete to second random number, obtain the 2nd key and the 2nd iv, and
Second random number is encrypted using the 2nd key and the 2nd iv, obtains the second random number ciphertext.
10. device as claimed in claim 6, which is characterized in that the processing unit is also used to:
So that the client completes information according to the modification, the password of the account to be modified is updated in the client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811117508.4A CN109446793B (en) | 2018-09-21 | 2018-09-21 | Account encryption method and device based on Windows agent |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811117508.4A CN109446793B (en) | 2018-09-21 | 2018-09-21 | Account encryption method and device based on Windows agent |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109446793A true CN109446793A (en) | 2019-03-08 |
CN109446793B CN109446793B (en) | 2021-07-20 |
Family
ID=65530781
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811117508.4A Active CN109446793B (en) | 2018-09-21 | 2018-09-21 | Account encryption method and device based on Windows agent |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109446793B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110890959A (en) * | 2019-10-24 | 2020-03-17 | 广州江南科友科技股份有限公司 | Account password changing method, system and device |
CN112115437A (en) * | 2020-09-04 | 2020-12-22 | 上海上讯信息技术股份有限公司 | Method and device for remotely modifying Windows device password through Linux device |
CN114519184A (en) * | 2022-04-20 | 2022-05-20 | 北京圣博润高新技术股份有限公司 | Account number encryption method, account number encryption device, account number encryption equipment and medium based on Agent process |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09153014A (en) * | 1995-11-30 | 1997-06-10 | Eiji Watanabe | Terminal equipment for electronic network |
CN1972290A (en) * | 2005-11-07 | 2007-05-30 | 华为技术有限公司 | Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client |
CN102143190A (en) * | 2011-05-11 | 2011-08-03 | 江汉大学 | Safe login method and device |
US20150242617A1 (en) * | 2012-01-25 | 2015-08-27 | Sony Corporation | Information processing device, information processing method, and computer program |
CN106452752A (en) * | 2016-10-24 | 2017-02-22 | 北京明华联盟科技有限公司 | Method and system of modifying cipher, client, server and smart device |
CN108377189A (en) * | 2018-05-09 | 2018-08-07 | 深圳壹账通智能科技有限公司 | User's communication encrypting method, device, terminal device and storage medium on block chain |
-
2018
- 2018-09-21 CN CN201811117508.4A patent/CN109446793B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09153014A (en) * | 1995-11-30 | 1997-06-10 | Eiji Watanabe | Terminal equipment for electronic network |
CN1972290A (en) * | 2005-11-07 | 2007-05-30 | 华为技术有限公司 | Modification method for authentication password based on SIP, subscriber proxy server and subscriber proxy client |
CN102143190A (en) * | 2011-05-11 | 2011-08-03 | 江汉大学 | Safe login method and device |
US20150242617A1 (en) * | 2012-01-25 | 2015-08-27 | Sony Corporation | Information processing device, information processing method, and computer program |
CN106452752A (en) * | 2016-10-24 | 2017-02-22 | 北京明华联盟科技有限公司 | Method and system of modifying cipher, client, server and smart device |
CN108377189A (en) * | 2018-05-09 | 2018-08-07 | 深圳壹账通智能科技有限公司 | User's communication encrypting method, device, terminal device and storage medium on block chain |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110890959A (en) * | 2019-10-24 | 2020-03-17 | 广州江南科友科技股份有限公司 | Account password changing method, system and device |
CN110890959B (en) * | 2019-10-24 | 2023-04-25 | 广州江南科友科技股份有限公司 | Account encryption method, system and device |
CN112115437A (en) * | 2020-09-04 | 2020-12-22 | 上海上讯信息技术股份有限公司 | Method and device for remotely modifying Windows device password through Linux device |
CN112115437B (en) * | 2020-09-04 | 2023-12-29 | 上海上讯信息技术股份有限公司 | Method and device for remotely modifying Windows device password through Linux device |
CN114519184A (en) * | 2022-04-20 | 2022-05-20 | 北京圣博润高新技术股份有限公司 | Account number encryption method, account number encryption device, account number encryption equipment and medium based on Agent process |
Also Published As
Publication number | Publication date |
---|---|
CN109446793B (en) | 2021-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106161402B (en) | Encryption equipment key injected system, method and device based on cloud environment | |
US9674158B2 (en) | User authentication over networks | |
CN106548345B (en) | Method and system for realizing block chain private key protection based on key partitioning | |
CN110519260B (en) | Information processing method and information processing device | |
CN104980477B (en) | Data access control method and system under cloud storage environment | |
CN105103488B (en) | By the policy Enforcement of associated data | |
CN100432889C (en) | System and method providing disconnected authentication | |
CN109756338A (en) | The unclonable function of physics remotely re-registers | |
CN109714168A (en) | Trusted remote method of proof, device and system | |
CN105871538A (en) | Quantum key distribution system, quantum key distribution method and device | |
CN106790261B (en) | Distributed file system and method for authenticating communication between its interior joint | |
CN109639697A (en) | Cloud mobile phone safe throws method, mobile terminal and the server of screen | |
JP6040313B2 (en) | Multi-party secure authentication system, authentication server, multi-party secure authentication method and program | |
CN108809633B (en) | Identity authentication method, device and system | |
CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
CN102984273B (en) | Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server | |
CN109446793A (en) | A kind of account based on Windows agent changes decryption method and device | |
WO2019061001A1 (en) | Access to secured information | |
CN109921902A (en) | A kind of key management method, safety chip, service server and information system | |
EP3738269A1 (en) | Secure distributed key management system | |
CN104767766A (en) | Web Service interface verification method, Web Service server and client side | |
KR101586439B1 (en) | User data integrity verification method and apparatus capable of guaranteeing privacy | |
CN109409109A (en) | Data processing method, device, processor and server in network service | |
Crocker et al. | Two factor encryption in cloud storage providers using hardware tokens |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |