CN110740124A - Account password distribution method and device, storage medium and computer equipment - Google Patents
Account password distribution method and device, storage medium and computer equipment Download PDFInfo
- Publication number
- CN110740124A CN110740124A CN201910893867.7A CN201910893867A CN110740124A CN 110740124 A CN110740124 A CN 110740124A CN 201910893867 A CN201910893867 A CN 201910893867A CN 110740124 A CN110740124 A CN 110740124A
- Authority
- CN
- China
- Prior art keywords
- password
- account
- application server
- request data
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides account password distribution methods, which comprise the steps of receiving request data sent by an application server and encrypted by a pre-allocated private key, wherein the request data is used for requesting to acquire an account and a password of a target database to be accessed or a target system, acquiring a pre-stored public key of the application server, determining that the identity authentication of the application server is successful according to the request data and the public key, acquiring the account and the password of the target database or the target system according to the request data after the identity authentication is successful, encrypting the account and the password, and feeding back the encrypted account and the encrypted password to the application server.
Description
Technical Field
The invention relates to the technical field of data management, in particular to account password distribution methods and devices, a computer-readable storage medium and computer equipment.
Background
At present, connection accounts and passwords of a plurality of databases or systems are stored in a local configuration file of a server to be connected with the databases or systems, the storage mode of the account passwords has a great security risk, once a hacker invades the server, the passwords in the configuration file can be directly stolen, so that the databases or the systems are invaded, in addition, the configuration work of generating the accounts and the passwords of the hacker on the server or the system is also carried out by the human being to go to the server, and a great leakage risk is also generated in the configuration process.
Disclosure of Invention
To at least solve of the above technical drawbacks, the present invention provides an account password distribution method, a corresponding device, a computer-readable storage medium, and a computer device.
According to aspects, the embodiment of the invention provides a account password distribution method, which comprises the following steps:
receiving request data which is sent by an application server and is encrypted by a pre-allocated private key, wherein the request data is used for requesting to acquire an account and a password of a target database or a target system to be accessed;
acquiring a prestored public key of the application server; determining that the identity authentication of the application server is successful according to the request data and the public key;
after the identity authentication is successful, acquiring an account and a password of the target database or the target system according to the request data, and encrypting the account and the password;
and feeding back the encrypted account and the encrypted password to the application server.
In embodiments, before receiving the request data sent by the application server and processed by encryption through the pre-allocated private key, the method further includes:
the application server is assigned a public key and a private key for asymmetric encryption.
In embodiments, the assigning public and private keys for asymmetric encryption to an application server includes:
determining a public and private key for asymmetric encryption assigned to the application server;
writing the private key into a preset code file, and compiling and obfuscating the preset code file containing the private key;
and sending the public key and the compiled obfuscated preset code file to the application server.
In embodiments, the determining that the identity authentication of the application server is successful according to the request data and the public key includes:
decrypting the request data by adopting the public key of the application server;
and if the decryption is successful, determining that the identity authentication of the application server is successful.
In embodiments, before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further includes:
extracting the timestamp carried by the request data from the request data;
judging whether the timestamp is within a preset valid time range or not;
if yes, the steps of obtaining the account and the password of the target database or the target system and encrypting the account and the password are executed.
In embodiments, the obtaining an account and a password of the target database or the target system according to the request data, and encrypting the account and the password includes:
extracting address information carried by the encrypted request data from the encrypted request data;
determining the target database or the target system to be accessed according to the address information;
and acquiring an account and a password of the target database or the target system, and encrypting the account and the password based on the public key of the application server.
In embodiments, before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further includes:
and pre-storing the account and the password of the target database or the target system.
Furthermore, according to another aspects, embodiments of the present invention provide account password distribution apparatuses, including:
the data receiving module is used for receiving request data which is sent by an application server and is encrypted by a pre-allocated private key, wherein the request data is used for requesting to acquire an account and a password of a target database or a target system to be accessed;
the identity authentication module is used for acquiring a prestored public key of the application server and determining that the identity authentication of the application server is successful according to the request data and the public key;
the encryption module is used for acquiring the account and the password of the target database or the target system according to the request data after the identity authentication is successful, and encrypting the account and the password;
and the account password feedback module is used for feeding back the encrypted account and the encrypted password to the application server.
According to yet another aspect, embodiments of the present invention provide computer-readable storage media having stored thereon a computer program that, when executed by a processor, implements the account password distribution method described above.
Embodiments of the present invention provide, in accordance with yet another aspect, computer apparatus comprising or more processors, a memory, or more computer programs, wherein the or more computer programs are stored in the memory and configured to be executed by the or more processors, and the or more computer programs are configured to perform the account password distribution method described above.
Compared with the prior art, the invention has the following beneficial effects:
according to the account password distribution method, the account password distribution device, the computer readable storage medium and the computer equipment, the account and the password of the database or the system are stored and distributed through the system , the risk that the account and the password are leaked when an application server is configured or operated can be remarkably reduced, and the identity authentication function is realized based on the asymmetric encryption technology, so that powerful data security guarantee can be provided for the system for storing and distributing the account and the password.
In addition, by distributing a public key and a private key to the application server, the public key and the private key can be used for data encryption and decryption and identity verification, so that the security of account and password transmission and the authenticity of duplicate identities are ensured; and the private key is written into the preset code file and compiled and obfuscated, so that the private key cannot be cracked manually, and the data safety is guaranteed.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a flowchart of a method of distributing an account password according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an account password distribution apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
It will be understood by those within the art that, unless specifically stated otherwise, as used herein, the singular forms "", "", "said" and "the" can include the plural forms as well, it should be further understood at that the term "comprising" as used in the specification of the present invention is intended to specify the presence of stated features, integers, steps, operations, elements, and/or components, but does not preclude the presence or addition of or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein as .
The embodiment of the invention provides account password distribution methods, as shown in fig. 1, the method comprises:
step S110: and receiving request data which is sent by the application server and is encrypted by a pre-allocated private key, wherein the request data is used for requesting to acquire an account and a password of a target database or a target system to be accessed.
For the embodiment, a central password management server is established in advance, and the central password management server is used for storing accounts and passwords of various types, wherein the central password management server can be specifically used for storing accounts and passwords of a database or other systems which need to be accessed through login. The use of a central server to distribute accounts and passwords for a database or system can significantly reduce the risk of the application server revealing accounts and passwords during configuration or operation.
For this embodiment, the central password management server generates pairs of public keys (public keys) and private keys (private keys) for asymmetric encryption for each application server in advance, where the private keys can only be distributed and securely kept by the party, for example, the private keys are kept by the application server and cannot be leaked out, and the public keys can be disclosed to the outside.
For this embodiment, when the application server is ready to access the target database or the target system, the application server needs to obtain the account and the password of the corresponding target database or target system from the central password management server. The application server encrypts data for requesting to acquire an account and a password of a target database or a target system to be accessed by adopting a pre-allocated private key to obtain the request data encrypted by the pre-allocated private key, and sends the request data to the central password management server, and correspondingly, the central password management server receives the request data sent by the application server.
Step S120: acquiring a prestored public key of the application server; and determining that the identity authentication of the application server is successful according to the request data and the public key.
For the embodiment, the asymmetric encryption provides a very secure method for identity authentication in the data interaction process. The method comprises the steps that identity authentication logics of an application server and a password center management server are preset on the basis of an asymmetric encryption technology, and the identity of a sender of request data is authenticated on the basis of the identity authentication logics according to the request data and a public key of the application server, namely whether the sender of the request data is a corresponding application server is authenticated; and if the identity authentication logic is not met, the identity authentication of the application server is determined to be failed, and the operation of acquiring the account and the password of the target database or the target system is not executed any more.
Step S130: and after the identity authentication is successful, acquiring the account and the password of the target database or the target system according to the request data, and encrypting the account and the password.
For this embodiment, after it is determined that the identity authentication of the application server is successful, the target database or the target system to be accessed by the application server is determined according to the request data, and further , an account and a password of the target database or the target system are obtained, and the account and the password are encrypted to obtain the encrypted account and password, so as to ensure the security of the account and the password in the transmission process.
Step S140: and feeding back the encrypted account and the encrypted password to the application server.
For this embodiment, after encrypting the account and the password, the password center management server feeds back the encrypted account and password to the application server, so that the application server decrypts the account and password and accesses a target database or a target system according to the account and password.
According to the account password distribution method provided by the invention, the account and the password of the database or the system are stored and distributed through the system , the risk of revealing the account and the password when the application server is configured or operated can be obviously reduced, and the identity authentication function is realized based on the asymmetric encryption technology, so that powerful data security guarantee can be provided for the system for storing and distributing the account and the password.
In embodiments, before receiving the request data sent by the application server and processed by encryption through the pre-allocated private key, the method further includes:
the application server is assigned a public key and a private key for asymmetric encryption.
For this embodiment, the central cryptographic management server generates a public key (public key) and a private key (private key) for each application server in advance, where the private key can only be securely kept by , for example, by the application server, and cannot be leaked to the outside, and the public key can be disclosed to the outside.
For this embodiment, after the public key and the secret key for asymmetric encryption are generated for the application server, the public key and the private key are distributed to the application server, so that the application server and the crypto center management server can use the public key and the private key for data encryption and decryption and identity authentication of both parties, thereby ensuring the security of account and crypto transmission and the authenticity of duplicate identities.
In embodiments, the assigning public and private keys for asymmetric encryption to an application server includes:
determining a public and private key for asymmetric encryption assigned to the application server;
writing the private key into a preset code file, and compiling and obfuscating the preset code file containing the private key;
and sending the public key and the compiled obfuscated preset code file to the application server.
For this embodiment, the central password management server generates the public key and the private key for asymmetric encryption for each application server in advance, so the public key and the private key corresponding to the current application server need to be determined first during distribution.
With the present embodiment, the public key allocated to the application server is externally publicable, so that it is not necessary to allocate the public key to the application server via encryption processing. A private key assigned to an application server can be kept only by the application server and cannot be leaked to the outside, and therefore the private key should be assigned to the application server through encryption processing.
The encryption processing of the private key can be specifically realized by writing the private key into a preset code file in advance by a password center management server, and packaging and obfuscating the preset code file to make the private key unrecognizable in a code, the code file is written by using Java, so the preset code file can be obfuscated based on an obfuscating tool of the preset obfuscated Java code file, for example, the code can be obfuscated by using an obfuscating tool ProGuard comprising two using modes of a client and a jar package, and jar of a plug-in of ProGuard is introduced into maven to achieve obfuscation of the code.
In embodiments, the determining that the identity authentication of the application server is successful according to the request data and the public key includes:
decrypting the request data by adopting the public key of the application server;
and if the decryption is successful, determining that the identity authentication of the application server is successful.
For this embodiment, of the application server is used for identity authentication of the public key and the secret key which are asymmetrically encrypted, wherein, the identity authentication logic which is preset based on the asymmetric encryption technology and is used for the application server and the password center management server is specifically the request data which is encrypted by the private key of the application server, and if the password center management server can successfully decrypt by using the public key of the application server, the identity authentication of the application server is realized.
For the embodiment, the identity authentication specifically includes: the method comprises the steps that the application server encrypts data for requesting to acquire an account and a password of a target database or a target system to be accessed by adopting a pre-allocated private key to obtain request data encrypted by the pre-allocated private key, and sends the request data to the central password management server, correspondingly, the central password management server receives the request data sent by the application server, the central password management server tries to decrypt the request data by adopting a public key of the application server, if decryption is successful, the identity of a sender of the request data can be identified as the application server, and the identity authentication of the application server is determined to be successful.
In embodiments, before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further includes:
extracting the timestamp carried by the request data from the request data;
judging whether the timestamp is within a preset valid time range or not;
if yes, the steps of obtaining the account and the password of the target database or the target system and encrypting the account and the password are executed.
Therefore, after the central password management server succeeds in decryption and determines that the identity authentication of the application server succeeds, steps need to be performed to judge whether the timestamp is within a preset valid time range, and only when the timestamp is within the preset valid time range, that is, the time interval between the timestamp and the current time is within the preset valid time range, steps need to be performed to acquire the account and the password of the target database or the target system to encrypt the account and the password while excluding the possibility that the request data is intercepted by other people.
It should be explicitly noted that, a person skilled in the art may determine a specific value of the preset valid time range according to an actual application requirement, which is not limited in the embodiment of the present invention.
For example, the preset valid duration range may be minutes, that is, it is determined whether the time interval between the timestamp and the current time is minutes, if yes, is performed to obtain the account and the password of the target database or the target system, and encrypt the account and the password.
In embodiments, the obtaining an account and a password of the target database or the target system according to the request data, and encrypting the account and the password includes:
extracting address information carried by the encrypted request data from the encrypted request data;
determining the target database or the target system to be accessed according to the address information;
and acquiring an account and a password of the target database or the target system, and encrypting the account and the password based on the public key of the application server.
For this embodiment, after it is determined that the identity authentication of the application server is successful, the address information of the target database or the target system carried by the application server is extracted from the request data, the target database or the target system to be accessed by the application server, that is, the target database or the target system to which the application server wants to acquire the account and the password, is determined according to the address information, then, is further performed to acquire the account and the password of the target database or the target system and encrypt the account and the password based on the public key of the application server, so as to ensure the security of the account and the password in the transmission process, and after the application server receives the encrypted account and password, the application server decrypts the account and the password based on the corresponding private key, so as to acquire the account and the password and realize the login access of the target database or the target system.
In embodiments, before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further includes:
and pre-storing the account and the password of the target database or the target system.
For the embodiment, when the database or the account and the password of the system are created, the corresponding account and password are stored in the password center management server.
In addition, the embodiment of the present invention provides kinds of account password distribution apparatuses, as shown in fig. 2, the apparatuses include a data receiving module 21, an identity authentication module 22, an encryption module 23, and an account password feedback module 24, wherein,
the data receiving module 21 is configured to receive request data sent by an application server and encrypted by a pre-allocated private key, where the request data is used to request to acquire an account and a password of a target database or a target system to be accessed;
the identity authentication module 22 is configured to obtain a pre-stored public key of the application server, and determine that the identity authentication of the application server is successful according to the request data and the public key;
the encryption module 23 is configured to, after the identity authentication is successful, obtain an account and a password of the target database or the target system according to the request data, and encrypt the account and the password;
the account password feedback module 24 is configured to feed back the encrypted account and password to the application server.
In embodiments, before receiving the request data sent by the application server and processed by encryption through the pre-allocated private key, the method further includes:
the application server is assigned a public key and a private key for asymmetric encryption.
In embodiments, the assigning public and private keys for asymmetric encryption to an application server includes:
determining a public and private key for asymmetric encryption assigned to the application server;
writing the private key into a preset code file, and compiling and obfuscating the preset code file containing the private key;
and sending the public key and the compiled obfuscated preset code file to the application server.
In embodiments, the identity authentication module 22 is specifically configured to:
decrypting the request data by adopting the public key of the application server;
and if the decryption is successful, determining that the identity authentication of the application server is successful.
In embodiments, before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further includes:
extracting the timestamp carried by the request data from the request data;
judging whether the timestamp is within a preset valid time range or not;
if yes, the steps of obtaining the account and the password of the target database or the target system and encrypting the account and the password are executed.
In embodiments, the encryption module 23 is specifically configured to:
extracting address information carried by the encrypted request data from the encrypted request data;
determining the target database or the target system to be accessed according to the address information;
and acquiring an account and a password of the target database or the target system, and encrypting the account and the password based on the public key of the application server.
In embodiments, before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further includes:
and pre-storing the account and the password of the target database or the target system.
The account password distribution device provided by the invention can realize that the risk of revealing accounts and passwords during configuration or operation of an application server can be obviously reduced by storing and distributing the accounts and the passwords of a database or a system through the system , the powerful data security guarantee can be provided for the system storage and distribution of the accounts and the passwords by realizing the identity authentication function based on the asymmetric encryption technology, the public key and the private key can be used for data encryption and decryption and identity verification by distributing the public key and the private key to the application server, so that the security of account and password transmission and the authenticity of double identity are ensured, and the private key can be ensured not to be cracked manually and the data security is ensured by writing the private key into a preset code file and performing compiling and obfuscating treatment.
The account password distribution device provided by the embodiment of the present invention can implement the method embodiment provided above, and for specific function implementation, reference is made to the description in the method embodiment, which is not described herein again.
Moreover, the present invention provides computer-readable storage media having stored thereon a computer program that, when executed by a processor, implements the account password distribution method described in the above embodiments, wherein the computer-readable storage media includes, but is not limited to, any type of disk (including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks), ROMs (Read-Only memories), RAMs (Random Access S memories), EPROMs (EraSable Programmable Read-Only memories), EEPROMs (Electrically EraSable Programmable Read-Only memories), flash memories, magnetic cards, or light cards.
The computer-readable storage medium can realize that the account and the password of a database or a system are stored and distributed through the system , the risk of revealing the account and the password when an application server is configured or operated can be obviously reduced, the identity authentication function is realized based on the asymmetric encryption technology, powerful data security guarantee can be provided for the system storage and distribution of the account and the password, the public key and the private key can be used for data encryption and decryption and identity verification by distributing the public key and the private key to the application server, the security of account and password transmission and the authenticity of double identity are ensured, and the private key can be ensured not to be cracked manually and the data security is ensured by writing the private key into a preset code file and performing compiling and obfuscating treatment.
The computer-readable storage medium provided in the embodiments of the present invention can implement the method embodiments provided above, and for specific function implementation, reference is made to the description in the method embodiments, which is not repeated herein.
In addition, computer devices are provided in embodiments of the present invention, such as those shown in FIG. 3, which may be devices such as servers, personal computers, and network devices, including processor 302, memory 303, input unit 304, and display unit 305. it will be understood by those skilled in the art that the structural devices of the devices shown in FIG. 3 do not constitute limitations on all devices, and may include more or less components than shown, or some combination of components.
The input unit 304 is used for receiving input of signals and receiving keywords input by a user, the input unit 304 may include a touch panel, which may collect touch operations by a user on or near the touch panel (such as operations by a user on or near the touch panel using any suitable object or attachment such as a finger, a stylus, etc.) and drive corresponding connection means according to a preset program, and other input devices, which may include, but are not limited to, or more of a physical keyboard, function keys (such as play control keys, switch keys, etc.), a trackball, a mouse, a joystick, etc., the display unit 305 may be used to display information input by a user or information provided to a user and various menus of the computer device, the display unit 305 may take the form of a liquid crystal display, an organic light emitting diode, etc., the processor 302 is a control center of the computer device, connects various parts of the entire computer using various interfaces and wires, executes software programs and/or modules stored in the memory 302, and invokes data stored in the memory, thereby performing various functions and processing data.
As embodiments, the computer device includes or more processors 302, memory 303, or more computer programs 301, wherein the or more computer programs 301 are stored in memory 303 and configured to be executed by the or more processors 302, and the or more computer programs 301 are configured to perform the account password distribution method described above in any embodiment.
The computer equipment provided by the invention can realize that the risk of revealing accounts and passwords during configuration or operation of an application server can be obviously reduced by storing and distributing the accounts and the passwords of a database or a system through the system , the powerful data security guarantee can be provided for the system of the accounts and the passwords by realizing the identity authentication function based on the asymmetric encryption technology, the public key and the private key can be used for data encryption and decryption and identity verification by distributing the public key and the private key to the application server, so that the security of account and password transmission and the authenticity of double identity are ensured, and the private key can be ensured not to be cracked manually and the data security is ensured by writing the private key into a preset code file and performing compiling and obfuscating treatment.
The computer device provided in the embodiment of the present invention may implement the method embodiment provided above, and for specific function implementation, reference is made to the description in the method embodiment, which is not described herein again.
In addition, each functional unit in each embodiment of the present invention may be integrated into processing modules, or each unit may exist alone physically, or two or more units are integrated into modules.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1, kinds of account password distribution method, characterized by that, including the following steps:
receiving request data which is sent by an application server and is encrypted by a pre-allocated private key, wherein the request data is used for requesting to acquire an account and a password of a target database or a target system to be accessed;
acquiring a prestored public key of the application server; determining that the identity authentication of the application server is successful according to the request data and the public key;
after the identity authentication is successful, acquiring an account and a password of the target database or the target system according to the request data, and encrypting the account and the password;
and feeding back the encrypted account and the encrypted password to the application server.
2. The account password distribution method according to claim 1, wherein before receiving the request data sent by the application server and processed by encryption via the pre-allocated private key, the method further comprises:
the application server is assigned a public key and a private key for asymmetric encryption.
3. The account password distribution method of claim 2, wherein the allocating the public key and the private key for asymmetric encryption to the application server comprises:
determining a public and private key for asymmetric encryption assigned to the application server;
writing the private key into a preset code file, and compiling and obfuscating the preset code file containing the private key;
and sending the public key and the compiled obfuscated preset code file to the application server.
4. The method for distributing the account password according to claim 1, wherein the determining that the identity authentication of the application server is successful according to the request data and the public key comprises:
decrypting the request data by adopting the public key of the application server;
and if the decryption is successful, determining that the identity authentication of the application server is successful.
5. The account password distribution method according to claim 1, wherein before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further comprises:
extracting the timestamp carried by the request data from the request data;
judging whether the timestamp is within a preset valid time range or not;
if yes, the steps of obtaining the account and the password of the target database or the target system and encrypting the account and the password are executed.
6. The account password distribution method according to claim 1, wherein the obtaining the account and the password of the target database or the target system according to the request data, and encrypting the account and the password comprises:
extracting address information carried by the encrypted request data from the encrypted request data;
determining the target database or the target system to be accessed according to the address information;
and acquiring an account and a password of the target database or the target system, and encrypting the account and the password based on the public key of the application server.
7. The account password distribution method according to claim 1, wherein before acquiring the account and the password of the target database or the target system according to the request data and encrypting the account and the password, the method further comprises:
and pre-storing the account and the password of the target database or the target system.
8, kinds of account password distributor, characterized by that, includes:
the data receiving module is used for receiving request data which is sent by an application server and is encrypted by a pre-allocated private key, wherein the request data is used for requesting to acquire an account and a password of a target database or a target system to be accessed;
the identity authentication module is used for acquiring a prestored public key of the application server and determining that the identity authentication of the application server is successful according to the request data and the public key;
the encryption module is used for acquiring the account and the password of the target database or the target system according to the request data after the identity authentication is successful, and encrypting the account and the password;
and the account password feedback module is used for feeding back the encrypted account and the encrypted password to the application server.
A computer-readable storage medium , wherein the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the account password distribution method of any of claims 1 to 7 through .
10, computer apparatus, comprising:
or more processors;
a memory;
, wherein the or more computer programs are stored in the memory and configured to be executed by the or more processors, the or more computer programs configured to perform the account password distribution method of any of claims 1-7 .
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910893867.7A CN110740124A (en) | 2019-09-20 | 2019-09-20 | Account password distribution method and device, storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910893867.7A CN110740124A (en) | 2019-09-20 | 2019-09-20 | Account password distribution method and device, storage medium and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110740124A true CN110740124A (en) | 2020-01-31 |
Family
ID=69269368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910893867.7A Pending CN110740124A (en) | 2019-09-20 | 2019-09-20 | Account password distribution method and device, storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110740124A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111625850A (en) * | 2020-05-19 | 2020-09-04 | 北京达佳互联信息技术有限公司 | Access control method, device, electronic equipment and storage medium |
| CN111783071A (en) * | 2020-07-07 | 2020-10-16 | 支付宝(杭州)信息技术有限公司 | Password-based and privacy data-based verification method, device, equipment and system |
| CN112131590A (en) * | 2020-09-28 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Database connection establishing method and device, computer equipment and storage medium |
| CN112800448A (en) * | 2021-01-28 | 2021-05-14 | 杉德银卡通信息服务有限公司 | Database secure connection method, proxy server and storage medium |
| CN113360885A (en) * | 2021-06-25 | 2021-09-07 | 深圳市雪球科技有限公司 | Access method and device of security chip |
| CN113381855A (en) * | 2021-06-11 | 2021-09-10 | 上海哔哩哔哩科技有限公司 | Communication method and system |
| CN114710274A (en) * | 2022-03-28 | 2022-07-05 | 恒安嘉新(北京)科技股份公司 | Data calling method and device, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868732A (en) * | 2012-08-27 | 2013-01-09 | 北京小米科技有限责任公司 | Account password-based login implementation method, system and device |
| WO2016184221A1 (en) * | 2015-05-15 | 2016-11-24 | 中兴通讯股份有限公司 | Password management method, device and system |
| CN106656476A (en) * | 2017-01-18 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Password protecting method and device |
| CN106845177A (en) * | 2016-12-26 | 2017-06-13 | 广州市申迪计算机系统有限公司 | Cipher management method and system |
| CN107579972A (en) * | 2017-09-01 | 2018-01-12 | 掌阅科技股份有限公司 | Cipher management method, electronic equipment, computer-readable storage medium |
| CN108737080A (en) * | 2017-04-18 | 2018-11-02 | 阿里巴巴集团控股有限公司 | Storage method, device, system and the equipment of password |
| CN108964903A (en) * | 2018-07-12 | 2018-12-07 | 腾讯科技(深圳)有限公司 | password storage method and device |
-
2019
- 2019-09-20 CN CN201910893867.7A patent/CN110740124A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868732A (en) * | 2012-08-27 | 2013-01-09 | 北京小米科技有限责任公司 | Account password-based login implementation method, system and device |
| WO2016184221A1 (en) * | 2015-05-15 | 2016-11-24 | 中兴通讯股份有限公司 | Password management method, device and system |
| CN106845177A (en) * | 2016-12-26 | 2017-06-13 | 广州市申迪计算机系统有限公司 | Cipher management method and system |
| CN106656476A (en) * | 2017-01-18 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Password protecting method and device |
| CN108737080A (en) * | 2017-04-18 | 2018-11-02 | 阿里巴巴集团控股有限公司 | Storage method, device, system and the equipment of password |
| CN107579972A (en) * | 2017-09-01 | 2018-01-12 | 掌阅科技股份有限公司 | Cipher management method, electronic equipment, computer-readable storage medium |
| CN108964903A (en) * | 2018-07-12 | 2018-12-07 | 腾讯科技(深圳)有限公司 | password storage method and device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111625850A (en) * | 2020-05-19 | 2020-09-04 | 北京达佳互联信息技术有限公司 | Access control method, device, electronic equipment and storage medium |
| CN111783071A (en) * | 2020-07-07 | 2020-10-16 | 支付宝(杭州)信息技术有限公司 | Password-based and privacy data-based verification method, device, equipment and system |
| CN111783071B (en) * | 2020-07-07 | 2024-04-19 | 支付宝(杭州)信息技术有限公司 | Verification method, device, equipment and system based on password and privacy data |
| CN112131590A (en) * | 2020-09-28 | 2020-12-25 | 平安国际智慧城市科技股份有限公司 | Database connection establishing method and device, computer equipment and storage medium |
| CN112800448A (en) * | 2021-01-28 | 2021-05-14 | 杉德银卡通信息服务有限公司 | Database secure connection method, proxy server and storage medium |
| CN113381855A (en) * | 2021-06-11 | 2021-09-10 | 上海哔哩哔哩科技有限公司 | Communication method and system |
| CN113360885A (en) * | 2021-06-25 | 2021-09-07 | 深圳市雪球科技有限公司 | Access method and device of security chip |
| CN113360885B (en) * | 2021-06-25 | 2024-04-19 | 深圳市雪球科技有限公司 | Access method and device of security chip |
| CN114710274A (en) * | 2022-03-28 | 2022-07-05 | 恒安嘉新(北京)科技股份公司 | Data calling method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110740124A (en) | Account password distribution method and device, storage medium and computer equipment | |
| US9875368B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
| CN107465689B (en) | Key management system and method of virtual trusted platform module in cloud environment | |
| CN101051904B (en) | Method for landing by account number cipher for protecting network application sequence | |
| US20020178366A1 (en) | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server | |
| CN111277577A (en) | Digital identity verification method, device, equipment and storage medium | |
| US20200259637A1 (en) | Management and distribution of keys in distributed environments | |
| US8953805B2 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
| CN110059458B (en) | User password encryption authentication method, device and system | |
| CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| CN108199838B (en) | Data protection method and device | |
| JP5373852B2 (en) | Authentication system and authentication method | |
| CN111538977B (en) | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server | |
| TWI476629B (en) | Data security and security systems and methods | |
| CN111949999A (en) | Apparatus and method for managing data | |
| US8307209B2 (en) | Universal authentication method | |
| US20100146605A1 (en) | Method and system for providing secure online authentication | |
| CN111368271A (en) | Method and system for realizing password management based on multiple encryption | |
| Reedy et al. | A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE | |
| CN109936448A (en) | A kind of data transmission method and device | |
| CN108243158A (en) | A kind of method and apparatus of safety certification | |
| CN108184230B (en) | System and method for realizing encryption of soft SIM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200131 |
|
| RJ01 | Rejection of invention patent application after publication |