CN116684092B - Network-based password storage and recovery method and password recovery device - Google Patents
Network-based password storage and recovery method and password recovery device Download PDFInfo
- Publication number
- CN116684092B CN116684092B CN202310934135.4A CN202310934135A CN116684092B CN 116684092 B CN116684092 B CN 116684092B CN 202310934135 A CN202310934135 A CN 202310934135A CN 116684092 B CN116684092 B CN 116684092B
- Authority
- CN
- China
- Prior art keywords
- password
- user
- network
- key
- retrieving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000011084 recovery Methods 0.000 title claims abstract description 92
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004891 communication Methods 0.000 claims description 45
- 238000012795 verification Methods 0.000 claims description 27
- 238000012545 processing Methods 0.000 claims description 9
- 210000005252 bulbus oculi Anatomy 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000000739 chaotic effect Effects 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002864 sequence alignment Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
A password storage and recovery method and a password recovery device based on a network run in a network composed of the password recovery device and a cloud server; storing the user password and related information in a data block of the blockchain in an asymmetric encryption mode; the user password and the asymmetric encryption key of the related information are stored in a plurality of password retrieving devices in a copying, separating and random mode; when a user retrieves the password, the password retrieving device decrypts the user password and the data block stored by the related information by using the asymmetric encryption key stored by the password retrieving device, and the correct password is found out in a voting mode, so that the correctness of the retrieved password is ensured; the password retrieving device can be arranged in a home or widely arranged in a public place with higher safety, becomes a public service facility, and provides great convenience for users to store and retrieve passwords at any time.
Description
Technical Field
The invention relates to the technical field of internet data storage, in particular to a password storage and recovery method and a password recovery device based on a network.
Background
With the rapid development of information technology, the internet has been in deep reach of people's life. People can use various application platforms through the Internet to enjoy life convenience brought by the Internet. However, at the same time, account numbers and passwords required to be memorized for logging in various application platforms are more and more, so that users easily forget the account numbers or the passwords of the application platforms. In order to prevent the trouble caused by forgetting the account number and the password of the application platform, some users can record the account number and the password of the application platform on a book, in a mobile phone or in a computer, and the users can retrieve the account number or the password of the platform through an electronic mailbox or the mobile phone when forgetting, but the account number and the password of the application platform are possibly stolen, so that the security of the account number and the password of the platform cannot be ensured. Based on the above problems, it is necessary to establish a safe and reliable password storage and retrieval special platform to solve the practical application requirement of users for storing or retrieving passwords at any time.
Disclosure of Invention
In order to overcome the defects in the background technology, the invention discloses a network-based password storage and recovery method, which operates in a communication network consisting of a password recovery device and a cloud server; the user password and related information are stored in a data block of the blockchain in an asymmetric encryption mode, and the method has the characteristics of non-tamper resistance and non-volatility, so that the storage stability of the user password is ensured; the user password and the asymmetric encryption key and the asymmetric decryption key of the related information are stored in a plurality of password retrieving devices in a copying, separating and random distribution mode, so that the password decrypting device has the characteristic that the decryption password is not easy to find; when a user retrieves the password, the password retrieving device decrypts the user password and the data block stored by the related information by using the asymmetric encryption key or the asymmetric decryption key stored by the password retrieving device, and the correct password is found out in a voting mode, so that the correctness of the retrieving password is ensured; when an illegal user steals the user password, all nodes or a plurality of nodes forming a network by the password retrieving device and the cloud server need to be attacked to participate, so that the difficulty of the illegal user in stealing the user password is greatly increased.
In order to achieve the aim of the invention, the invention adopts the following technical scheme: a password storage and recovery method based on a network is operated in a network comprising a password recovery device and a cloud server; the user password and related information are stored in the data block of the block chain in an asymmetric encryption mode, and the invention adopts the block chain technology, so that the invention has the characteristics of non-tamper property and non-volatility, and ensures the storage stability of the user password; the asymmetric encryption key and the asymmetric decryption key of the user password and related information are stored in a plurality of password recovery devices in a copying, separating and random distribution mode, and have the characteristic that the position of a correct decryption password in a network is uncertain; when a user retrieves the password, the password retrieving device decrypts the data blocks stored by the user password and related information by using the asymmetric encryption key or the asymmetric decryption key stored by the password retrieving device, the decrypted data blocks are transmitted to the cloud server, the cloud server compares the decrypted data blocks, if a plurality of decrypted data blocks exist, namely, the voting results of a plurality of password retrieving devices are the same, the decrypted same data blocks are the passwords required to be retrieved by the user; in the process of retrieving the password, all nodes or a plurality of nodes of a network formed by the password retrieving device and the cloud server are needed to participate, so that when an illegal user steals the user password, the illegal user needs to attack almost all nodes of the network formed by the password retrieving device and the cloud server at the same time, the difficulty of stealing the user password by the illegal user is greatly increased, and the security of storing the password by the user is ensured; in addition, when the network scale is increased, the reliability and the security of the network-based password storage and recovery method are synchronously improved.
Further, a mapping table of the user password and related information is stored in the cloud server, and the mapping table is a storage area for storing data block hash values pointed by the hash values of the collected user face feature values when the user uses the password retrieving device for the first time, and is used for finding the data block storing the user password.
Further, the password recovery device and the cloud servers or the password recovery devices adopt asymmetric encryption communication; the password retrieving device is provided with a public key KTgi and a private key KTsi, and the cloud server is provided with a public key KTgf and a private key KTsf, wherein the public key KTgi and the public key KTgf are disclosed; when each password recovery device works for the first time, a pair of asymmetric encryption keys KJAi and encryption keys KJBi are randomly generated, in the subsequent network operation, the randomly generated encryption keys KJAi and encryption keys KJBi are copied, separated and randomly transferred and distributed and stored in a plurality of other password recovery devices, the copying, separation and random transfer and distribution storage of the keys KJAi and the keys KJBi are not performed at regular time, and when the keys KJAi and the keys KJBi are copied to a set number, the keys KJAi and the keys KJBi are not copied any more and only the random transfer and distribution storage is performed; after the key KJAi and the key KJBi generated by the first work of each password retrieving device are copied, separated and randomly transferred and distributed, the position of the key KJAi and the key KJBi in the network can become completely unknown, namely the distribution of the key KJAi and the key KJBi in the network is completely in a chaotic state; the separation and random transfer distribution of the secret keys KJAi and KJBi are continuously carried out in the network operation process, and as the number of times is increased, the quantity of each pair of secret keys KJAi and KJBi existing in the network password retrieving device finally is increased, but the maximum quantity is limited, and the specific maximum quantity is automatically adjusted according to the network scale; in the public key KTgi, the private key KTsi, the key KJAi, and the key KJBi, the subscript i indicates a sequence number.
Further, the password is stored or retrieved by a face recognition login password retrieving device; when the face recognition is carried out, the password recovery device prompts a user to read the verification text information, the verification text information is displayed in a row-by-row mode, and when the user reads the verification text information, the password recovery device synchronously collects the characteristic value of the face of the user, the reading voice, the mouth shape information when the verification text information is read and the rotation information of eyeballs when the verification text information is read; the face characteristic value is used for user identity identification authentication; the method for verifying the user as the real individual comprises the following specific steps of: the method comprises the steps of obtaining a plurality of syllables through decomposition of speaking voice, performing time sequence alignment on mouth shapes when the text information is recognized according to the syllables, setting '1' on mouth shapes with the same Chinese character, pinyin letter or Arabic number which are repeatedly appeared at random intervals in the text information, setting '0' on mouth shapes of other non-repeatedly appeared Chinese characters, pinyin letters or Arabic numbers in the text information, obtaining a string of binary codes, and comparing the binary codes with binary codes obtained by the text information in the same rule (the Chinese character, pinyin letter or Arabic number which are repeatedly appeared in the text information is recognized) to judge whether a user is in the text information; meanwhile, whether the left and right rotation and the up and down rotation of the eyeballs are consistent with the classification of the speakable text information or not is judged, and whether the user speaks the speakable text information or not is judged again, so that the attack of a pre-shot picture or a pre-recorded dynamic video on a face recognition system is prevented; the supplementary explanation is: in the face recognition method based on the network password storage and retrieval, although the means of recording the audio and video are adopted, the method of simultaneously carrying out voiceprint recognition and face recognition is not adopted, and the reason is that the voiceprint recognition and the face recognition have certain recognition error rate and success rate, and the combined recognition of the two can reduce the error rate, but can reduce the recognition success rate, thereby reducing the user experience; in addition, the existing face recognition system has been successfully applied to the payment system, and the error recognition rate and success rate of the face recognition system reach the available level, so that the focus of face recognition in the invention is on preventing illegal attack of the face recognition by pre-shot pictures or pre-recorded dynamic videos.
Further, the verification text information prompting the user to read comprises character strings formed by Chinese characters, phonetic letters or Arabic numerals randomly, wherein the character strings comprise short sentences with complete semantics and Chinese characters, english letters or Arabic numerals which randomly appear, and one or more Chinese characters or pronunciation, phonetic letters or Arabic numerals in the character strings repeatedly appear at random intervals; when a person speaks and verifies text information, because the syllable interval between short sentences with complete semantics is smaller in the process of speaking, and the syllables of randomly occurring Chinese characters, english letters or Arabic numbers are longer because of the incoherence of the semantics, if the artificial intelligence is adopted for speaking and verifying the text information, the syllable interval between the short sentences with complete semantics and the syllables of randomly occurring Chinese characters, english letters or Arabic numbers is equal, thereby being capable of helping to verify whether the user is a real individual.
Furthermore, the user retrieves the password to randomly display a plurality of bits on the password retrieving device, and the other non-displayed password bits are replaced by universal characters; or completely displaying the password retrieved by the user, wherein the password display method is generally used in the home and places with better privacy; the users of the two display methods can switch at any time according to the needs; after the user reads the retrieved password, the user clicks and deletes the retrieved password and related information, and the retrieved password and related information are thoroughly deleted from the password retrieving device and cannot be recovered.
The password retrieving device based on network for password storage and retrieving comprises a camera shooting unit, a display unit, an information input unit, a central processing unit, a storage unit and a communication unit;
the camera shooting unit is used for shooting dynamic images of a user;
the display unit is used for guiding the user to operate, displaying the user to read the verification text information and displaying the password which is retrieved by the user;
the information input unit is used for inputting passwords and related information by a user;
the central processing unit is used for generating user reading verification text information, processing user dynamic images, generating a public key KTgi, a private key KTsi, a secret key KJAi and a secret key KJBi, and encrypting and decrypting passwords;
the storage unit is used for storing a public key KTgi, a private key KTsi, a secret key KJAi, a secret key KJBi and a public key KTgf;
the communication unit is used for communicating with the cloud server and communicating with the password retrieving device.
Further, the communication unit communicates with a public wireless communication network using a wired communication network for communication of the password retrieving device provided in a public place with a high degree of security, and a public wireless communication network for communication of the mobile password retrieving device carried by the user.
Due to the adoption of the technical scheme, the invention has the following beneficial effects: the invention discloses a password storage and recovery method based on a network, which is operated in a network consisting of a password recovery device and a cloud server; the user password and related information are stored in a data block of the blockchain in an asymmetric encryption mode, and the method has the characteristics of non-tamper resistance and non-volatility, so that the storage stability of the user password is ensured; the user password and the asymmetric encryption key and the asymmetric decryption key of the related information are stored in a plurality of password recovery devices in a copying, separating and random distribution mode, so that the password recovery device has the characteristic that the decryption password is not easy to find; when a user retrieves the password, the password retrieving device decrypts the user password and the data block stored by the related information by using the asymmetric encryption key or the asymmetric decryption key stored by the password retrieving device, and the correct password is found out in a voting mode, so that the correctness of the retrieving password is ensured; when an illegal user steals the user password, the password retrieving device and the cloud server form almost all nodes of the network, so that the difficulty of the illegal user in stealing the user password is greatly increased; the password retrieving device can be arranged in a home or widely arranged in a public place with higher safety, becomes a public setting, and provides great convenience for users to store and retrieve passwords at any time.
Drawings
FIG. 1 is a schematic diagram of a password storage and retrieval network;
FIG. 2 is a schematic diagram showing the distribution state of the encryption key KJAi and the encryption key KJBi in the network;
FIG. 3 is a table of key distribution for password storage and recovery network communications.
Detailed Description
The invention will be explained in more detail by the following examples, the purpose of which is to protect all technical improvements within the scope of the invention.
A password storage and recovery method and a password recovery device based on a network run in a network comprising a password recovery device 1 and a cloud server 2; the password retrieving device 1 comprises an image pick-up unit, a display unit, an information input unit, a central processing unit, a storage unit and a communication unit; the camera shooting unit is used for shooting audio and video of dynamic images of users; the display unit is used for guiding the user to operate, displaying the user to read the verification text information and displaying the password which is retrieved by the user; the information input unit is used for inputting passwords and related information by a user; the central processing unit is used for generating user reading verification text information, processing user dynamic images, generating a communication public key KTgi, a communication private key KTsi, an encryption key KJAi and an encryption key KJBi, and encrypting and decrypting passwords; the storage unit is used for storing a communication public key KTgi, a communication private key KTsi, an encryption key KJAi, an encryption key KJBi and a server communication public key KTgf (the server communication private key KTsf is stored in the server); the communication unit adopts a wired communication network or a public wireless communication network and is used for communication with the cloud server 2 or the password recovery device 1 and communication between the password recovery devices 1.
When the user A starts the password retrieving device 1 for the first time to input the password, the user A aims at the camera unit according to the prompt of the password retrieving device 1, and the display unit displays verification text information to be read aloud: "the password displayed below is" ""1369A1963ACCBD8", wherein" the password displayed below is "displayed in the first row," 1369A "is displayed in the second row, wherein" 1963A "is displayed in the third row, and wherein" CCBD8 "is displayed in the fourth row; when a user reads the verification text information, the password retrieving device synchronously acquires a face characteristic value (a non-face picture) of the user, mouth shape information when the verification text information is read aloud, and rotation information of eyeballs when the verification text information is read aloud; verifying text information according to the principles of repeated pronunciation of Chinese characters ("showing", "being" same in pronunciation), pinyin letters or Arabic numerals set to "1" and the rest set to "0" to obtain "00010001011111111111000" binary codes; the method comprises the steps of obtaining twenty three syllables of 'lower', 'face', 'display', 'show', 'secret', 'code', 'yes', '1', '3', '6', '9', 'A', '1', '9', '6', '3', 'A', 'C', 'B', 'D', '8' by decomposing the read voice, aligning the mouth shape of the syllable with text information according to an audio-video synchronization principle, wherein 'show', 'yes' pronunciation is the same, '1', '3', '6', '9', 'A', 'C' are repeated, thus the mouth shape of the read is repeated, the repeated mouth shape is arranged '1', and the rest non-repeated mouth shapes are arranged '0', thus obtaining '00010001011111111111000' binary code; comparing the two binary codes, wherein the two binary codes are identical, namely the verification text information read by the user is identical to the verification text information prompted by the password retrieving device, and the user is initially determined to be a real individual; meanwhile, the password retrieving device 1 judges whether the eyeball rotates from left to right when a user reads four texts of 1369A, 1963A and CCBD8, and whether the eyeball rotates from right to left rapidly when the user reads 1963A and CCBD8 from 1963A when the password displayed under is from 1369A to 1963A; when the password retrieving device judges that the user is a non-real individual, randomly replacing the user to read the verification text information, reminding the user to verify again, and if the user does not pass the verification for three times, sending out alarm information; if the user passes the verification of the real individual, the password retrieving device 1 prompts the user to input a prestored password item, account number and password, such as a traffic bank card, 6222XXXXXXXXX 6077 and 6XXXX1, and meanwhile, the password retrieving device 1 randomly generates an asymmetric encryption key KJAi, an encryption key KJBi which are KJA and KJB1 respectively (see figure 2 of the specification), and an asymmetric communication public key KTgi and a communication private key KTsi which are KTg and KTs1 respectively, wherein the communication public key KTgi is disclosed in a network through broadcasting after being generated; the password retrieving device 1 encrypts the traffic bank card 1, the 6222XXXXXXXXX 6077 and the 6XXXX1 by using the encryption key KJA1 (or the encryption key KJB 1) to obtain the traffic bank card ciphertext 1, the card number ciphertext 1 and the password ciphertext 1; firstly, encrypting a 'user face characteristic value 1', 'traffic bank card ciphertext 1', 'card number ciphertext 1', 'password ciphertext 1' by using a server communication public key KTgf, secondly encrypting the ciphertext encrypted by the server communication public key KTgf by using a communication private key KTs1, and finally transmitting the encrypted ciphertext to a cloud server 2, and simultaneously deleting all user information from a memory by using a password recovery device 1;
after the cloud server 2 receives the secondary encrypted ciphertext, the secondary encrypted ciphertext is decrypted by the communication public key KTg and the server communication private key KTsf to obtain a user face characteristic value 1, a traffic bank card ciphertext 1, a card number ciphertext 1 and a password ciphertext 1, wherein the user face characteristic value 1 is stored in a storage area appointed by the cloud server 2; the cloud server 2 carries out hash operation on the user face characteristic value 1 to obtain a user face characteristic hash value 1, packages the user face characteristic hash value 1 and a traffic bank card ciphertext 1, a card number ciphertext 1 and a password ciphertext 1 to form a data block 1, carries out hash operation on the data block 1 to obtain a data block hash value 1, uses the data block hash value 1 as a data block 1 identifier, and is broadcasted outside by the cloud server 2, and all password recovery devices 1 in the network store the data block 1 and the identifier thereof; meanwhile, the cloud server 2 takes the 'user face characteristic hash value 1' as a pointer to point to a specific storage area of the cloud server 2, and stores the 'data block hash value 1' in the specific storage area pointed to by the 'user face characteristic hash value 1'; using the same process, starting other password retrieving devices 1 in the network, and finally forming a huge password storage and retrieving network of the network node; it is added that the security is not high in the initial stage of forming the whole network, so that the whole network and the initial data block chain are formed by manually inputting secret information which is not needed in the initial stage of the network;
see fig. 2 of the specification: after the whole password storage and recovery network is formed, the cloud server 2 regularly sends out a broadcast instruction, all the password recovery devices 1 in the network copy the encryption keys KJAi and KJBi stored in the network, and after the copied encryption keys KJAi and KJBi are separated and scattered (the original encryption keys KJAi and KJBi are a group of asymmetric encryption keys), the encryption keys are randomly transmitted to other password recovery devices 1 for storage, and meanwhile, the password recovery devices 1 delete the encryption keys KJAi and KJBi stored in the network; the copy numbers of the encryption keys KJAi and KJBi are related to the network scale, the copy number of the nodes is 100-200 when the number of the nodes is one hundred thousand to one million, the copy number of the nodes is 200-500 when the number of the nodes is one million to five million, and the copy number of the nodes is 1000 when the number of the nodes is more than one million; after the encryption keys KJAi and KJBi are copied, separated and randomly transferred and distributed, the number of the encryption keys KJAi and KJBi stored by each password retrieving device 1 is equal to the copy number; after the encryption key KJAi and the encryption key KJBi are copied, separated and randomly transferred, the distribution of the encryption key KJAi and the encryption key KJBi in the whole network is completely in a chaotic state, namely the distribution of the encryption key KJAi and the encryption key KJBi in the whole network is completely unknown, and at the moment, the password storage and recovery network is at an extremely high security level; supplementary explanation: the purpose of copying the encryption keys KJAi and KJBi is to prevent partial network nodes from being out of line, so that the decryption keys corresponding to the original cipher encryption keys are not existed or the number of the decryption keys is lower than two, and the decryption keys cannot be decrypted or voting results cannot be achieved; referring to fig. 2 of the specification, the diagram shows a distribution state of an encryption key KJAi and an encryption key KJBi in an initial generation in a network with ten password recovery devices 1 (nodes), and a distribution state after multiple copying, separating and random transfer distribution, wherein the copying number is three; referring to fig. 3 of the specification, in the running process of the password storage and recovery network, a server communication public key KTgf, a server communication private key KTsf, a communication public key KTgi of the password recovery device 1 and a communication private key KTsi remain unchanged;
the following is a network description of the asymmetric encryption key and the asymmetric decryption key in order to copy, separate, and randomly distribute only ten password recovery devices 1 and cloud servers 2 for convenience in describing the working method of the present invention; when the user uses the password retrieving apparatus 1 again to store the password, the process is different from the first time in that: 1. the password recovery device 1 does not randomly generate an asymmetric encryption key KJAi, an encryption key KJBi, an asymmetric communication public key KTgi and a communication private key KTsi any more, but uses the password recovery device 1 to copy, separate and randomly distribute the stored asymmetric encryption key KJAi, encryption key KJBi, and the stored asymmetric communication public key KTgi and communication private key KTsi, in a network with ten password recovery devices 1 (nodes) taking the figure 2 of the specification as an example, at this time, the number of the asymmetric encryption keys KJAi or the encryption keys KJBi of the password recovery device 1 is six, and the six encryption keys KJAi or the encryption keys KJBi have no relation, even if a user inputs a password through a certain password recovery device 1, the password is encrypted by any one of the six encryption keys KJAi or the encryption keys KJBi, and the password recovery device 1 cannot decrypt the encrypted password; 2. after the user face characteristic values acquired by the password retrieving device 1 are transmitted to the cloud server, the server firstly compares the user face characteristic values with a database to determine whether the user face characteristic values are existing users or not; if the user is the existing user, the finally generated data block hash value is stored in the existing specific storage area; if the user is a new user, storing the face characteristic value of the user in a specific storage area, and storing the hash value of the finally generated data block in the specific storage area pointed by the hash value of the face characteristic of the new user;
when the user A needs to retrieve the passwords of the traffic bank card, the 6222XXXXXXXXX 6077 and the 6 XXXXX 1, the user logs in the password retrieving device six through face recognition and inputs a password item of the pre-retrieving password, such as the pre-retrieving of the traffic bank card; the password retrieving device six transmits the acquired face characteristic values of the user and the password item 'traffic bank card' to the cloud server 2, and the cloud server 2 firstly compares the face characteristic values of the user with a database to determine whether the user is an existing user; if the user is the existing user, encrypting and transmitting the data block hash value 1 and other data block hash values (or other passwords possibly stored) stored in the specific storage area pointed by the user face characteristic hash value 1 to all the password recovery devices 1 in a broadcasting mode, finding corresponding data blocks by all the password recovery devices 1 according to the received data block hash value 1 and other data block hash values, and decrypting the traffic bank card ciphertext 1 or other password item ciphertext in the data blocks by using all the encryption keys KJAi and the encryption keys KJBI stored by the password recovery devices 1; taking a network with ten password recovery devices 1 in the attached figure 2 of the specification as an example, after four copying/separating/transferring, the distribution condition of the keys is that six total encryption keys KJAi or encryption keys KJBi are arranged in each password recovery device 1, each password recovery device 1 can obtain six decrypted plaintext after the encryption of a 'traffic bank card ciphertext 1' or other password project ciphertext, each password recovery device 1 transmits the six decrypted plaintext to a cloud server 2, the cloud server 2 compares all the received decrypted plaintext, if the ten password recovery devices 1 are all on line, three identical decrypted plaintext 'traffic bank cards' are obtained, namely, a plaintext decrypted by the password recovery device two, the password recovery device three, the password recovery device nine through the encryption key KJB1 (encrypted by the encryption key KJA) or a plaintext decrypted by the encryption key KJA1 (encrypted by the encryption key KXXJB 1), then the cloud server 2 informs the password recovery device two, the password recovery device three and the password recovery device nine, and the corresponding password XX1 of the corresponding password XX1 numbers are decrypted by the cloud server, wherein the password recovery device nine decrypted by the password recovery device is a plaintext XXXXXXXX 1, and the password recovery device is a plaintext group of which is decrypted by the corresponding to 60 XX 1; the password recovery device II, the password recovery device III and the password recovery device nine transmit six groups of decrypted plaintext encryption to the password recovery device six logged in by a user, meanwhile, the password recovery device II, the password recovery device III and the password recovery device nine delete the six groups of decrypted plaintext obtained by decryption from a memory, the password recovery device six logged in by the user compares the six groups of received decrypted plaintext, and three repetitions are generated, namely '6222 XXXXXXXXX 6077', '6 XXXXX 1' is the password account number and the password which are pre-found by the user, and then the password recovery device six is displayed in a mode set by the user; after the user inquires to obtain the pre-recovered password, the password recovery device logged in by the user automatically deletes the password account number and the password obtained by the user inquiry from the memory.
The invention is not described in detail in the prior art.
Claims (8)
1. A network-based password storage and recovery method is characterized in that: the system is operated in a network comprising a password retrieving device (1) and a cloud server (2); storing the user password and related information in a data block of the blockchain in an asymmetric encryption mode; when the password retrieving device (1) works for the first time, a secret key KJAi and a secret key KJBi are randomly generated; in network operation, the randomly generated secret key KJAi and secret key KJBi are copied, separated and randomly distributed and stored in a plurality of other password recovery devices (1);
when a user starts the password recovery device (1) for inputting a password for the first time, the password recovery device (1) prompts the user to input a prestored password item, account number and password, meanwhile, the password recovery device (1) randomly generates a pair of asymmetric encryption keys KJAi and KJB1 respectively, the password recovery device (1) encrypts the password item, account number and password by using the encryption key KJA or the encryption key KJB1 to obtain a corresponding ciphertext, the ciphertext is transmitted to the cloud server (2), and the ciphertext is processed by the cloud server (2) to obtain a data block and a data block hash value; the cloud server (2) broadcasts outwards, and all password retrieving devices (1) in the network store the data blocks and hash values of the data blocks; simultaneously, the password retrieving device (1) deletes all user information from the memory; the asymmetric encryption keys KJA and KJB1 of the user passwords and related information are stored in a plurality of password recovery devices in a copying, separating and random distribution mode;
when a user retrieves the password, all the password retrieving devices (1) in the network decrypt the data blocks stored by the user password and related information by using the key KJAi or the key KJBi stored by the user and transmit the data blocks to the cloud server (2) for comparison, and if a plurality of decrypted data blocks are the same, i.e. the voting results of a plurality of password retrieving devices are the same, the decrypted same data blocks are the passwords required to be retrieved by the user.
2. The network-based password storage and retrieval method of claim 1, wherein: the cloud server (2) stores a mapping table of user passwords and related information.
3. The network-based password storage and retrieval method of claim 1, wherein: the password recovery device (1) and the cloud servers (2) or the password recovery devices (1) are in asymmetric encryption communication with each other; the password retrieving device (1) is provided with a public key KTgi and a private key KTsi, and the cloud server (2) is provided with a public key KTgf and a private key KTsf, wherein the public key KTgi and the public key KTgf are disclosed.
4. The network-based password storage and retrieval method of claim 1, wherein: the password is stored or retrieved through a face recognition login password retrieving device (1); when face recognition is carried out, the password recovery device (1) prompts a user to read verification text information, and simultaneously the password recovery device (1) synchronously collects face characteristic values, reading voice, mouth shape information when the verification text information is read and eyeball rotation information when the verification text information is read; the mouth shape information of the speakable verification text information and the rotation information of the eyeballs when the speakable verification text information are combined to verify that the user is a real individual, and the face characteristic value is used for user identity authentication.
5. The network-based password storage and retrieval method of claim 4, wherein: the verification text information prompting the user to read comprises character strings formed by Chinese characters, pinyin letters or Arabic numerals randomly, wherein the character strings comprise short sentences with complete semantics and Chinese characters, english letters or Arabic numerals which randomly appear, and one or more Chinese characters, pinyin letters or Arabic numerals in the character strings repeatedly appear at random intervals.
6. The network-based password storage and retrieval method of claim 1, wherein: the user retrieving password randomly displays a plurality of bits on the password retrieving device (1), and the other bits which are not displayed are replaced by universal characters; or the password retrieved by the user is displayed completely.
7. A password storage and retrieval device based on a network is characterized in that: the device comprises an image pick-up unit, a display unit, an information input unit, a central processing unit, a storage unit and a communication unit;
the camera shooting unit is used for shooting dynamic images of a user;
the display unit is used for guiding the user to operate, displaying the user to read the verification text information and displaying the password which is retrieved by the user;
the information input unit is used for inputting passwords and related information by a user;
the central processing unit is used for generating user reading verification text information, processing user dynamic images, generating a public key KTgi, a private key KTsi, a secret key KJAi and a secret key KJBi, and encrypting and decrypting passwords;
the storage unit is used for storing a public key KTgi, a private key KTsi, a secret key KJAi, a secret key KJBi and a public key KTgf;
the communication unit is used for communicating with the cloud server (2) and communicating with the password retrieving device (1);
storing the user password and related information in a data block of the blockchain in an asymmetric encryption mode; when the password retrieving device (1) works for the first time, a secret key KJAi and a secret key KJBi are randomly generated; in network operation, the randomly generated secret key KJAi and secret key KJBi are copied, separated and randomly distributed and stored in a plurality of other password recovery devices (1);
when a user starts the password recovery device (1) for inputting a password for the first time, the password recovery device (1) prompts the user to input a prestored password item, account number and password, meanwhile, the password recovery device (1) randomly generates a pair of asymmetric encryption keys KJAi and KJB1 respectively, the password recovery device (1) encrypts the password item, account number and password by using the encryption key KJA or the encryption key KJB1 to obtain a corresponding ciphertext, the ciphertext is transmitted to the cloud server (2), and the ciphertext is processed by the cloud server (2) to obtain a data block and a data block hash value; the cloud server (2) broadcasts outwards, and all password retrieving devices (1) in the network store the data blocks and hash values of the data blocks; simultaneously, the password retrieving device (1) deletes all user information from the memory; the asymmetric encryption keys KJA and KJB1 of the user passwords and related information are stored in a plurality of password recovery devices in a copying, separating and random distribution mode;
when a user retrieves the password, all the password retrieving devices (1) in the network decrypt the data blocks stored by the user password and related information by using the key KJAi or the key KJBi stored by the user and transmit the data blocks to the cloud server (2) for comparison, and if a plurality of decrypted data blocks are the same, i.e. the voting results of a plurality of password retrieving devices are the same, the decrypted same data blocks are the passwords required to be retrieved by the user.
8. The network-based password storage and retrieval system according to claim 7, wherein: the communication units communicate using a wired communication network or a public wireless communication network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310934135.4A CN116684092B (en) | 2023-07-28 | 2023-07-28 | Network-based password storage and recovery method and password recovery device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310934135.4A CN116684092B (en) | 2023-07-28 | 2023-07-28 | Network-based password storage and recovery method and password recovery device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116684092A CN116684092A (en) | 2023-09-01 |
| CN116684092B true CN116684092B (en) | 2023-10-13 |
Family
ID=87789435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310934135.4A Active CN116684092B (en) | 2023-07-28 | 2023-07-28 | Network-based password storage and recovery method and password recovery device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116684092B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050071768A (en) * | 2004-01-02 | 2005-07-08 | 에스케이 텔레콤주식회사 | System and method for one time password service |
| CN102307089A (en) * | 2011-08-12 | 2012-01-04 | 黑龙江大学 | Chaotic encryption method based on variable initial value and pseudo decryption |
| CN104348786A (en) * | 2013-07-29 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method, device and system for password recovery |
| CN105763520A (en) * | 2014-12-18 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Network account password recovery method and device, client terminal device and server |
| CN109617677A (en) * | 2018-11-20 | 2019-04-12 | 深圳壹账通智能科技有限公司 | Code key based on symmetric cryptography loses method for retrieving and relevant device |
| CN109639724A (en) * | 2019-01-14 | 2019-04-16 | 平安科技(深圳)有限公司 | Password method for retrieving, password device for retrieving, computer equipment and storage medium |
| CN110741600A (en) * | 2017-06-13 | 2020-01-31 | 区块链控股有限公司 | Computer-implemented system and method for providing a decentralized protocol to retrieve encrypted assets |
| CN111008374A (en) * | 2019-11-26 | 2020-04-14 | 山东爱城市网信息技术有限公司 | Block chain-based password processing method, device and medium |
| CN114499859A (en) * | 2022-03-22 | 2022-05-13 | 深圳壹账通智能科技有限公司 | Password verification method, device, equipment and storage medium |
| CN114936924A (en) * | 2022-05-31 | 2022-08-23 | 中国银行股份有限公司 | Bank card password retrieving method and device based on block chain |
| CN115396099A (en) * | 2022-08-31 | 2022-11-25 | 北京神州数码方圆科技有限公司 | Trusted trusting method and system, and obtaining method and system for asymmetric key |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009062779A2 (en) * | 2007-11-15 | 2009-05-22 | Nokia Corporation | Integration of pre rel-8 home location registers in evolved packet system |
-
2023
- 2023-07-28 CN CN202310934135.4A patent/CN116684092B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050071768A (en) * | 2004-01-02 | 2005-07-08 | 에스케이 텔레콤주식회사 | System and method for one time password service |
| CN102307089A (en) * | 2011-08-12 | 2012-01-04 | 黑龙江大学 | Chaotic encryption method based on variable initial value and pseudo decryption |
| CN104348786A (en) * | 2013-07-29 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method, device and system for password recovery |
| CN105763520A (en) * | 2014-12-18 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Network account password recovery method and device, client terminal device and server |
| CN110741600A (en) * | 2017-06-13 | 2020-01-31 | 区块链控股有限公司 | Computer-implemented system and method for providing a decentralized protocol to retrieve encrypted assets |
| CN109617677A (en) * | 2018-11-20 | 2019-04-12 | 深圳壹账通智能科技有限公司 | Code key based on symmetric cryptography loses method for retrieving and relevant device |
| CN109639724A (en) * | 2019-01-14 | 2019-04-16 | 平安科技(深圳)有限公司 | Password method for retrieving, password device for retrieving, computer equipment and storage medium |
| CN111008374A (en) * | 2019-11-26 | 2020-04-14 | 山东爱城市网信息技术有限公司 | Block chain-based password processing method, device and medium |
| CN114499859A (en) * | 2022-03-22 | 2022-05-13 | 深圳壹账通智能科技有限公司 | Password verification method, device, equipment and storage medium |
| CN114936924A (en) * | 2022-05-31 | 2022-08-23 | 中国银行股份有限公司 | Bank card password retrieving method and device based on block chain |
| CN115396099A (en) * | 2022-08-31 | 2022-11-25 | 北京神州数码方圆科技有限公司 | Trusted trusting method and system, and obtaining method and system for asymmetric key |
Non-Patent Citations (2)
| Title |
|---|
| 密码以外的世界――提升数字化转型的安全性、效率和用户体验;Irfan Saif;Mike Wyatt;David Mapgaonkar;Lucy Rose;;科技中国(11);全文 * |
| 浅析各类网络应用密码找回问题;魏欣;;电子世界(13);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116684092A (en) | 2023-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11743041B2 (en) | Technologies for private key recovery in distributed ledger systems | |
| CN107147652A (en) | A kind of safety fusion authentication method of the polymorphic identity of user based on block chain | |
| CN105787324A (en) | Computer information security system | |
| CN1281608A (en) | Cryptographic key generation using biometric data | |
| US20140380040A1 (en) | Secure biometric cloud storage system | |
| CN110390191A (en) | Method and system for safe biologic identification verifying | |
| US20170364675A1 (en) | Methods for User Authentication | |
| CN111651516B (en) | Financial block chain big data processing system and method | |
| CN108733783A (en) | A kind of student status information management system based on privately owned block chain | |
| CN108696508A (en) | System and method based on CN39 code authentication resident identification card numbers | |
| CN105007255A (en) | Verification method, server and system | |
| CN116684092B (en) | Network-based password storage and recovery method and password recovery device | |
| Buhan et al. | Secure ad-hoc pairing with biometrics: SAfE | |
| CN101753300B (en) | Device and method thereof for producing and verifying voice signature of message | |
| CN115051853B (en) | Digital collection platform system | |
| CN114244518B (en) | Digital signature confusion encryption method, device, computer equipment and storage medium | |
| CN114422230B (en) | Information transmission system based on data encryption | |
| US7174459B2 (en) | Imprinting an identification certificate | |
| CN115310141A (en) | Document authentication method based on notarization and signing of notarization system | |
| CN108595920A (en) | Network video listens management support rights service subsystem | |
| KR101450335B1 (en) | Electronic document creation device and method for verifying authentic document based on fingerprint | |
| Johnson et al. | With vaulted voice verification my voice is my key | |
| JP2008033805A (en) | Personal information protection system, personal information protection method and personal information protection program | |
| CN110740112B (en) | Authentication method, apparatus and computer readable storage medium | |
| CN111970207A (en) | Safe real-time data transmission system and method based on video two-dimension code recognition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |