WO2014094389A1 - Password security system and password security method - Google Patents

Password security system and password security method Download PDF

Info

Publication number
WO2014094389A1
WO2014094389A1 PCT/CN2013/072392 CN2013072392W WO2014094389A1 WO 2014094389 A1 WO2014094389 A1 WO 2014094389A1 CN 2013072392 W CN2013072392 W CN 2013072392W WO 2014094389 A1 WO2014094389 A1 WO 2014094389A1
Authority
WO
WIPO (PCT)
Prior art keywords
image
user
password
cryptographic
information
Prior art date
Application number
PCT/CN2013/072392
Other languages
French (fr)
Chinese (zh)
Inventor
凯斯里·杰弗里·特伦斯
伊文思·朱利安·卢埃林·赛弗里德
程平
Original Assignee
北京网秦天下科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京网秦天下科技有限公司 filed Critical 北京网秦天下科技有限公司
Publication of WO2014094389A1 publication Critical patent/WO2014094389A1/en

Links

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present invention relates to the field of information security, and more particularly to a cryptographic security system and a cryptographic security method. Background technique
  • the present invention provides a password security system and a password security method.
  • the user's memory is greatly facilitated by using images (pictures, photos, etc.), so that the user does not have to memorize the answers to the complicated prompt questions; at the same time, since only the user knows the unique password image, the user password is greatly reduced. possibility. While improving the convenience of password retrieval, the security of the password is also improved.
  • a password security system including: a server and a terminal, wherein the terminal is configured to receive password information and an image input by a user; processing the image, The password information is integrated into the data of the image in a manner that does not affect the use of the image; and returns the processed image, the server is configured to receive the processed image input by the user; and perform the processed image input by the user Processing, extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; and returning the extracted password information.
  • a password security system including: a server And a terminal, wherein the server is configured to receive password information and an image input by a user; processing the image, integrating the password information into data of the image in a manner that does not affect use of the image; and returning The processed image, the terminal is configured to receive the processed image input by the user; and process the processed image input by the user, and extract the processed image into the processed image input by the user without affecting the image usage. Password information; and return the extracted password information.
  • a password security system including: a server and a terminal, wherein the server is configured to receive password information and an image input by a user; and process the image, and the password information is a method of not affecting the use of the image is integrated into the data of the image; and returning the processed image, the server is further configured to receive the processed image input by the user; and process the processed image input by the user, Extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; and returning the extracted password information.
  • a password security system including: a server and a terminal, wherein the terminal is configured to receive password information and an image input by a user; and process the image, and the password information is Integrating into the data of the image without affecting the use of the image; and returning the processed image, the terminal is further configured to receive the processed image input by the user; and process the processed image input by the user, Extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; and returning the extracted password information.
  • a password security method comprising: a password concealment process and a password retrieval process.
  • the password concealment process includes: receiving password information and an image input by a user; processing the image, integrating the password information into data of the image without affecting use of the image; and returning to processing Image.
  • the password retrieval process includes: receiving a processed image input by a user; processing the processed image input by the user, and extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; ; and return the extracted password information.
  • the image is an image that the user has specified or photographed in real time.
  • the processed image input by the user is the use An image selected from a plurality of randomly provided images, or an image designated by itself.
  • the password information is integrated into the data of the image in a manner that is not easily identifiable.
  • the password information is encrypted, and the encrypted password information is integrated into the data of the image.
  • the cryptographic information can be encrypted using one of the following encryption techniques: RSA, DES, AES. Accordingly, the password information is integrated into the data of the processed image input by the user in an unrecognizable manner. For example, the password information is decrypted and the decrypted password information is returned.
  • the cryptographic information can be decrypted using one of the following decryption techniques: RSA, DES, AES.
  • the cryptographic information is integrated into the data of the image using a digital watermark technique. Accordingly, the password information is extracted using digital watermarking techniques.
  • the password information is integrated into the exchangeable image file (EXIF) data of the image. Accordingly, the password information is extracted from the exchangeable image file (EXIF) data of the image.
  • the processed image is stored at the server or stored at the terminal.
  • the user can hide the password in an image (picture, photo, etc.) that he or she is familiar with or like, which is convenient for the user to remember.
  • the password concealment of the present invention does not affect the normal use of the image (and/or is not easily recognized), and can effectively hide the password and effectively use the image.
  • FIG. 1 is a schematic diagram showing an application scenario of the mobile communication system 3000 of the present invention.
  • 2 is a diagram showing the operation of the cryptographic security system 3000 in accordance with a first embodiment of the present invention.
  • Timing diagram 1100 is a schematic diagram showing an application scenario of the mobile communication system 3000 of the present invention.
  • FIG. 3 is a timing diagram 1200 showing the operation of cryptographic security system 3000 in accordance with a second embodiment of the present invention.
  • FIG. 4 is a timing diagram 1 300 showing the operation of cryptographic security system 3000 in accordance with a third embodiment of the present invention.
  • Figure 5 is a timing diagram 1400 showing the operation of cryptographic security system 3000 in accordance with a fourth embodiment of the present invention.
  • FIG. 6 is a flow chart showing a password concealment method 100 in accordance with an embodiment of the present invention.
  • FIG. 7 is a block diagram showing a cryptographic concealment apparatus 1000 in accordance with an embodiment of the present invention.
  • FIG. 8 is a flow chart showing a password retrieval method 200 in accordance with an embodiment of the present invention.
  • FIG. 9 is a block diagram showing a password retrieval device 2000 in accordance with an embodiment of the present invention.
  • the same or similar structures are identified by the same or similar reference numerals. detailed description
  • the present invention will be described in detail by taking the scenario in which the present invention is applied to a wireless mobile communication system as an example.
  • the present invention is not limited thereto, and the present invention can also be applied to a fixed communication system, a wired communication system, or an arbitrary hybrid structure of a fixed communication system, a wired communication system, a wireless mobile communication system, or the like.
  • the present invention is not limited to a specific mobile communication protocol, and may include, but is not limited to, 2G, 3G, 4G, 5G networks, WCDMA, CDMA2000, TD-SCDMA systems, etc., different mobile terminals may use the same
  • the communication protocol can also use different communication protocols.
  • the present invention is not limited to a specific operating system of a mobile terminal, and may include, but is not limited to, iOS, Windows Mobile, Symbian, Andro id, etc. Different mobile terminals may use the same operating system or may use different operations. system.
  • the present invention is not limited to a specific image format and may include, but is not limited to, JPEG, JPEG2000, TIFF, RIFF, PNG.
  • FIG. 1 is a schematic diagram showing an application scenario of the mobile communication system 3000 of the present invention.
  • the application scenario 3000 may include a server 300 and a mobile terminal 500.
  • the mobile terminal 500 can be operated by the user A.
  • the mobile terminal 500 can be connected to the server 300 via the communication network 400.
  • Examples of communication network 400 may include, but are not limited to: the Internet, a mobile communication network.
  • the communication link between server 300 and mobile terminal 500 may be secure or encrypted to ensure that User A's account and password information is not compromised.
  • the mobile terminal 500 can include a password security client (not shown) installed therein.
  • the password security client can be installed in the mobile terminal 500 by the user A in the form of software, or can be installed in the mobile terminal 500 in the form of hardware or firmware by the mobile terminal manufacturer.
  • User A accesses server 300 through mobile terminal 500, and can register or set account and password 520 to server 300, for example, via a web page or a password secure client installed on mobile terminal 500.
  • server 300 or mobile terminal 500 can prompt User A to set a password retrieval operation (described in more detail later in connection with Figures 2-5).
  • User A can retrieve the previously set password 520 through the server 300 or the mobile terminal 500 (Password Security Client).
  • 2 is a timing diagram 1100 showing the operation of cryptographic security system 3000 in accordance with a first embodiment of the present invention.
  • the mobile terminal 500 (Password Security Client) completes the processing of the covert password information 520
  • the server 300 completes the process of retrieving the password information 520.
  • step S110 the mobile terminal 500 (password security client) receives the password information 520 and the image 510.
  • the server 300 notifies the mobile terminal 500 (password security client) of the password retrieval operation setting request of the user A (which may include the password A of the user A 520). (S1105)), the mobile terminal 500 prompts the user A to provide the image 510.
  • the server 300 is accessed through the password security client (known user A's password 520) installed on the mobile terminal 500
  • the mobile terminal 500 can directly Prompt user A to provide Image 510.
  • user A may locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
  • the mobile terminal 500 processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates the processed image 510. '.
  • the mobile terminal 500 can integrate the password information 520 into the EXIF data of the image 510 to generate a processed image 510'.
  • the mobile terminal 500 can integrate the password information 520 into the data of the image 510 using a digital watermarking technique to generate a processed image 510'.
  • the mobile terminal 500 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an encryption technique.
  • Examples may include, but are not limited to, RSA, DES, AES, and the like.
  • the mobile terminal 500 returns the processed image 510'.
  • the mobile terminal 500 can prompt the user A to upload to the server 300, save it locally to the mobile terminal 5GG, or both to the server 300 and to the mobile terminal 500.
  • User A can save the generated image 510' to any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard drive, etc.).
  • the mobile terminal 500 uploads the generated image 510' to the server 300 for saving in step S1115 (the server 300 may store the image 510' in association with the account of the user A. ).
  • the user A can perform the password retrieval operation through the mobile terminal 500 (or other mobile terminal or fixed terminal as long as the server 300 can be accessed and the image 510 can be obtained).
  • User A provides the registered account to server 300 and chooses to retrieve the password graphically.
  • the server 300 receives the image 510'.
  • the server 300 can prompt the user A whether to select from the images provided by the system or upload the images themselves. If user A chooses to upload the image by itself, server 300 may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard disk). Wait). For example, as shown in FIG.
  • the server 300 receives an image uploaded by the user A from the mobile terminal 500 (S1125I. If the user A selects to select from the images provided by the system, the server 300 provides a plurality of images (for example, 20) Image) (which contains the image 510' saved to the server 300 by the user A) (other images in the multiple images may be added by the server 300 or added before the user A), by the user A select. After user A uploads or selects the correct image 510', in step S220, server 300 processes image 510' to extract cryptographic information 520 that is integrated into image 510' in a manner that does not affect the use of image 510'. At step S230, the server 300 returns the password information 520.
  • a plurality of images for example, 20) Image
  • the server 300 processes image 510' to extract cryptographic information 520 that is integrated into image 510' in a manner that does not affect the use of image 510'.
  • the server 300 returns the password information 520.
  • the server 300 can directly return the password information 520 to the mobile terminal 500 (S1135) for display, or return the password information 520 to the location (e.g., email address, mobile number, etc.) previously designated by the user A.
  • the location e.g., email address, mobile number, etc.
  • User A can only try (including image uploading and image selection) a limited number of times, for example, 3 times. If 3 times fail, it can't be tried again, but can only be retrieved by other means (for example, carrying The ID card is retrieved from the operator. It can also be set to clear all the contents of the account when it fails three times.
  • 3 is a timing diagram 1200 showing the operation of cryptographic security system 3000 in accordance with a second embodiment of the present invention.
  • the server 300 completes the processing of the covert password information 520
  • the mobile terminal 500 password security client
  • the server 300 receives the password information 520 and the image 510 in step S110.
  • the password information 520 can be obtained at the server 300, and the image 510 can be uploaded by the user A to the server 300 via the mobile terminal 500 (Password Security Client) (S1205).
  • Server 300 can prompt user A to provide image 510 via a web page or a password security client. For example, user A can locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
  • step S120 the server 300 processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates a processed image 510'.
  • server 300 may integrate cryptographic information 520 into EXIF data of image 510 to generate processed image 510'.
  • server 300 may utilize digital watermarking techniques to integrate cryptographic information 520 into the data of image 510 to generate processed image 510'.
  • the server 300 can integrate the password information 520 Prior to the data in the image 510, the password information 520 is encrypted, thereby integrating the encrypted password information (not easily identifiable) into the data of the image 510, as an example of the encryption technique, which may include, but is not limited to, RSA, DES, AES Wait.
  • the encryption technique which may include, but is not limited to, RSA, DES, AES Wait.
  • the server 300 returns the processed image 510'.
  • the server 300 can prompt the user A via the webpage or password security client to upload to the server 300, save it locally to the mobile terminal 500, or both to the server 300 and to the mobile terminal 500.
  • User A can store the generated image 510' in any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard drive, etc.).
  • SD card Secure Digital card
  • USB flash drive mobile hard drive
  • the server 300 transmits the generated image 510' to the mobile terminal 500 (Password Security Client) for saving in step S1215.
  • the mobile terminal 500 receives the image 510'.
  • the mobile terminal 500 can prompt the user A whether to select from the images provided by the system or to select images by themselves. If user A chooses to select the image by himself, mobile terminal 500 (password security client) may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD) Card, USB flash drive, mobile hard drive, etc.).
  • SD portable storage device
  • the mobile terminal 500 provides a plurality of images (for example, 20 images) (including the image 510' previously saved by the user A), by the user A. select.
  • the other images in the plurality of images may be added by the mobile terminal 500 (Password Security Client)/Server 300, or may be added before User A.
  • the mobile terminal 500 (password security client) can receive the image 510' from the server 300 (S1125) (at this time, the account information of the user A needs to be provided to the server 300), and the server 300 can return only the image. 510' may also return multiple images including the image 510'.
  • the mobile terminal 500 processes the image 510', extracting the image into the image 510' in a manner that does not affect the use of the image 510'. Password information 520.
  • the mobile terminal 500 returns the password information 520.
  • the mobile terminal 500 can directly display the password information 520 or return the password information 520 to The location previously specified by User A (eg, email address, mobile number, etc.). In addition, it can be stipulated that User A can only try (select images) a limited number of times, for example, 3 times.
  • FIG. 4 is a timing diagram 1300 showing the operation of cryptographic security system 3000 in accordance with a third embodiment of the present invention.
  • the server 300 performs both the processing of the covert password information 520 and the process of retrieving the password information 520.
  • the server 300 receives the password information 520 and the image 510 in step S110.
  • the password information 520 can be obtained at the server 300, and the image 510 can be uploaded by the user A to the server 300 via the mobile terminal 500 (password security client) (S1305).
  • Server 300 can prompt user A to provide image 510 via a web page or a password security client. For example, user A can locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
  • step S120 the server 300 processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates a processed image 510'.
  • server 300 can integrate cryptographic information 520 into the EXIF data of image 510 to generate processed image 510'.
  • server 300 may utilize digital watermarking techniques to integrate cryptographic information 520 into the data of image 510 to generate processed image 510'.
  • the server 300 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an example of the encryption technique.
  • the server 300 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an example of the encryption technique.
  • the server 300 returns the processed image 510'.
  • the server 300 can prompt the user A to upload to the server 300, save it to the mobile terminal 500, or both to the server 300 and to the mobile terminal 500 locally through the webpage or password security client.
  • User A can save the generated image 510' to any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device. Ready (SD card, U disk, mobile hard disk, etc.).
  • the server 300 transmits the generated image 510' to the mobile terminal 500 (password security client) for saving in step S1215.
  • the user A can perform the password retrieval operation through the mobile terminal 500 (or other mobile terminal or fixed terminal as long as the server 300 can be accessed and the image 510 can be obtained).
  • User A provides the registered account to server 300 and chooses to retrieve the password graphically.
  • the server 300 receives the image 510'.
  • the server 300 can prompt the user A whether to select from the images provided by the system or upload the images themselves. If user A chooses to upload the image by itself, server 300 may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard disk). Wait).
  • SD card Secure Digital card
  • USB flash drive Secure Digital
  • the server 300 for the user A selects 4 from the image (S1325) 500 receives the mobile user terminal A 0 uploaded image supplied from the system's choice
  • the server 300 provides a plurality of images (e.g., image 20 ) (which includes the image 510' previously saved by the user A to the server 300) (other images in the plurality of images may be added by the server 300 or added before the user A), and are selected by the user A.
  • server 300 processes image 510' to extract cryptographic information 520 that is integrated into image 510' in a manner that does not affect the use of image 510'.
  • the server 300 returns the password information 520.
  • the server 300 can directly return the password information 520 to the mobile terminal 500 (S1335) for display, or return the password information 520 to the location (e.g., email address, mobile number, etc.) previously designated by the user A.
  • the location e.g., email address, mobile number, etc.
  • User A can only try (including image uploading and image selection) a limited number of times, for example, 3 times. If 3 times fail, it can't be tried again, but can only be retrieved by other means (for example, carrying The ID card is retrieved from the operator. It can also be set to clear all the contents of the account when it fails three times.
  • FIG. 5 is a timing diagram 1400 showing the operation of cryptographic security system 3000 in accordance with a fourth embodiment of the present invention.
  • the mobile terminal 500 (Password Security Client) performs both the processing of the covert password information 520 and the process of retrieving the password information 520.
  • the user A selects the setting password retrieval operation, and in step S110, the mobile terminal 500 (password security client) receives the password information 520 and the image 510.
  • the server 300 notifies the mobile terminal 500 (password security client) of the password retrieval operation setting request of the user A (which may include the password A of the user A 520). (S1405)), the mobile terminal 500 prompts the user A to provide the image 510.
  • the server 300 is accessed through the password security client (known user A's password 520) installed on the mobile terminal 500, when the user A selects the setup password retrieval operation, the mobile terminal 500 (password security client) can directly User A is prompted to provide image 510.
  • user A may locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
  • the mobile terminal 500 processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates the processed image 510. '.
  • the mobile terminal 500 can integrate the password information 520 into the EXIF data of the image 510 to generate a processed image 510'.
  • the mobile terminal 500 can integrate the password information 520 into the data of the image 510 using a digital watermarking technique to generate a processed image 510'.
  • the mobile terminal 500 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an encryption technique.
  • Examples may include, but are not limited to, RSA, DES, AES, and the like.
  • the mobile terminal 500 returns the processed image 510'.
  • the mobile terminal 500 can prompt the user A to upload to the server 300, save it locally to the mobile terminal 5GG, or both to the server 300 and to the mobile terminal 500.
  • User A can save the generated image 510' to any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard drive, etc.).
  • the mobile terminal 500 uploads the generated image 510' to the server 300 for saving in step S1415 (the server 300 may store the image 510' in association with the account of the user A. ).
  • step S210 the mobile terminal 500 (password security client) End) receiving image 510'.
  • the mobile terminal 500 (Password Security Client) can prompt the user A whether to select from the images provided by the system or to select images by themselves. If user A chooses to select the image by himself, mobile terminal 500 (password security client) may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD) Card, USB flash drive, mobile hard drive, etc.).
  • SD portable storage device
  • the mobile terminal 500 provides a plurality of images (for example, 20 images) (including the image 510' previously saved by the user A), by the user A. select.
  • the other images in the plurality of images may be added by the mobile terminal 500 (Password Security Client)/Server 300, or may be added before User A.
  • the mobile terminal 500 (password security client) can receive the image 510' from the server 300 (S1425) (at this time, the account information of the user A needs to be provided to the server 300), and the server 300 can return only the image. 510' may also return multiple images including the image 510'.
  • FIG. 6 is a flow chart showing a password concealment method 100 in accordance with an embodiment of the present invention. As shown in FIG.
  • the password concealment method 100 may include steps S110, S120, and S130.
  • FIG. 7 is a block diagram showing a cryptographic concealment apparatus 1000 in accordance with an embodiment of the present invention.
  • the password masking apparatus 100 may include an input unit 1100, an image processing unit 1200, and an output unit 1300.
  • the input unit 1100 is configured to receive password information and an image input by a user.
  • the image processing unit 1200 is configured to process the image, and integrate the password information into data of the image in a manner that does not affect the use of the image.
  • Output unit 1300 Used to return the processed image.
  • the password concealment method 100 and the cryptographic concealment apparatus 1000 of the embodiments of the present invention may be implemented in the server 300 shown in FIG. 1 to FIG. 5, or may be implemented in the mobile terminal 500 shown in FIG. Not limited to this.
  • the input unit 1100 of the password concealing device 1000 receives the password information 520 and the image 510 input by the user A.
  • image 510 is an image that User A specifies or captures in real time.
  • step S120 the image processing unit 1200 of the cryptographic concealing apparatus 1000 processes the image 510, integrates the cryptographic information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates a processed image 510'.
  • image processing unit 1200 can integrate cryptographic information 520 into the EXIF data of image 510 to generate processed image 510'.
  • image processing unit 1200 can utilize digital watermarking techniques to integrate cryptographic information 520 into the data of image 510 to generate processed image 510'.
  • the image processing unit 1200 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an encryption technique.
  • Examples may include, but are not limited to, RSA, DES, AES, and the like.
  • step S130 the output unit 1300 of the cryptographic concealment device 1000 returns the processed image 510'.
  • the image 510' may be stored by the user A at any location, including but not limited to the mobile terminal 500, the server 300, the portable storage device of the user A (SD card, USB flash drive, mobile hard disk, etc.).
  • FIG. 8 is a flow chart showing a password retrieval method 200 in accordance with an embodiment of the present invention. As shown in FIG. 8, the password retrieval method 200 may include steps S202, S204, S210, S220, and S230. It should be noted that steps S202 and S204 are optional steps.
  • FIG. 9 is a block diagram showing a password retrieval device 2000 in accordance with an embodiment of the present invention. As shown in FIG.
  • the password masking apparatus 200 may include an input unit 2100, an image processing unit 2200, and an output unit 2300.
  • the input unit 2100 is for receiving an image input by a user.
  • the image processing unit 2200 is configured to process the image to extract cryptographic information integrated into the image in a manner that does not affect the use of the image.
  • the output unit 2300 is configured to return the extracted password information.
  • the password retrieval method 200 and the password retrieval device 2000 according to an embodiment of the present invention will be described in detail below with reference to FIGS. 1 to 5, 8, and 9. It should be noted that the password retrieval method 200 and the password retrieval device 2000 of the embodiment of the present invention may be implemented in the server 300 shown in FIG. 1 to FIG. 5 or in the mobile terminal 500 shown in FIG. The invention is not limited to this.
  • the password retrieval device 2000 (for example, the input unit 21 00 or the output unit 2300) prompts the user A to select an image.
  • the input unit 2100 of the password retrieval device 2000 receives the image 510' input by the user A.
  • the image 510' is an image selected by the user A from a plurality of randomly provided images, or an image designated by himself.
  • the image 510' may be specified by the user A from any location, including but not limited to the mobile terminal 500, the server 300, the portable storage device of the user A (SD card, USB flash drive, mobile hard disk, etc.).
  • step S220 the image processing unit 2200 of the password retrieval device 2000 processes the image 510' to extract the password information 520 integrated into the image 510' in a manner that does not affect the use of the image 510'.
  • the password information 520 may be integrated into the EXIF data of the image 510', and the image processing unit 2200 extracts the password information 520 from the EXIF data of the image 510'.
  • cryptographic information 520 may be integrated into data of image 510 using digital watermarking techniques, and image processing unit 2200 extracts cryptographic information 520 using digital watermarking techniques.
  • the password information 520 may be encrypted (not easily recognized) before being integrated into the data of the image 510', and the image processing unit 2200 decrypts the password information extracted from the image 510' to obtain the password information 520 as decryption.
  • Examples of technology which may include but are not limited In RSA, DES, AES, etc.
  • step S204 the password retrieval device 2000 (the image processing unit 2200 or the output unit 2300) judges whether or not the selected image is correct (i.e., whether the correct password information 520 is extracted (e.g., not empty)). If it is determined that the correct password information 520 is extracted (step S204: YES), step S230 is performed. If it is determined that the correct password information 520 has not been extracted (step S204: NO), it returns to step S202 to prompt the user A to reselect the image.
  • the loop of step S204 to step S202 can be limited to a predetermined limited number of times, for example, 3 times. If all 3 times fail, it cannot be tried again, but can only be retrieved by other means (for example, carrying an identity document to retrieve from the operator) ), you can also set to clear all the contents of the account when all 3 failures.
  • step S230 the output unit 2300 of the password retrieval device 2000 returns the extracted password information 520.
  • the password information 520 can be displayed directly on the screen of the mobile terminal 500, or the password information 520 can be returned to the location (e.g., email address, mobile number, etc.) previously designated by the user A.

Abstract

The present invention provides a password security system (3000), which comprises a server (300) and a terminal (500), wherein the terminal (500) is used for receiving password information and an image input by a user, processing the image, integrating the password information to data of the image in a way that does not affect image use, and returning a processed image. The server (300) is used for receiving the processed user-input image, processing the processed user-input image, extracting the password information integrated to the processed user-input image in the way that does not affect the image use, and returning the password information that is extracted. The present invention also provides a password security method.

Description

密码安全系统和密码安全方法 技术领域  Password security system and password security method
本发明涉及信息安全领域, 更具体地, 涉及一种密码安全系统和密 码安全方法。 背景技术  The present invention relates to the field of information security, and more particularly to a cryptographic security system and a cryptographic security method. Background technique
目前很多应用都需要用户设置密码, 例如,聊天软件、 电子邮箱等。 通常, 这些应用还允许用户设置忘记密码后取回密码的操作, 例如, 设 置回答提示问题, 在答对后, 直接将密码发送到事先指定的邮箱; 或者, 在答对后, 直接发送重新设置密码的链接等。  Many applications currently require users to set passwords, such as chat software, email, and so on. Usually, these applications also allow the user to set the password to retrieve the password, for example, to set the answer prompt question, after the answer, directly send the password to the pre-designated mailbox; or, after the correct answer, directly send the password reset Links, etc.
然而,这种密码取回方式容易被熟悉的人利用,导致安全信息泄露。 而且, 有时用户本人也可能忘记自己所设置的提示问题的答案, 而导致 最终无法取回密码, 严重影响用户的使用。 发明内容  However, this way of password retrieval is easily exploited by familiar people, resulting in the disclosure of security information. Moreover, sometimes the user may forget the answer to the prompt question set by himself, and eventually the password cannot be retrieved, which seriously affects the user's use. Summary of the invention
本发明提供了一种密码安全系统和密码安全方法。 利用本发明, 通 过使用图像(图片、 照片等) 而大大方便了用户的记忆, 使用户不必记 忆复杂的提示问题的答案; 同时, 由于只有用户知道唯一的密码图像, 大大降低了用户密码泄露的可能性。 在提高了密码取回便利性的同时, 也提高了密码的安全性。 具体地,根据本发明的第一方案,提供了一种密码安全系统, 包括: 服务器和终端, 其中所述终端用于接收用户输入的密码信息和图像; 对 所述图像进行处理, 将所述密码信息以不影响所述图像使用的方式集成 到所述图像的数据中; 以及返回处理后的图像, 所述服务器用于接收用 户输入的处理后的图像; 对用户输入的处理后的图像进行处理, 提取出 以不影响图像使用的方式集成到用户输入的处理后的图像中的密码信 息; 以及返回提取出的密码信息。  The present invention provides a password security system and a password security method. By using the invention, the user's memory is greatly facilitated by using images (pictures, photos, etc.), so that the user does not have to memorize the answers to the complicated prompt questions; at the same time, since only the user knows the unique password image, the user password is greatly reduced. possibility. While improving the convenience of password retrieval, the security of the password is also improved. Specifically, according to a first aspect of the present invention, a password security system is provided, including: a server and a terminal, wherein the terminal is configured to receive password information and an image input by a user; processing the image, The password information is integrated into the data of the image in a manner that does not affect the use of the image; and returns the processed image, the server is configured to receive the processed image input by the user; and perform the processed image input by the user Processing, extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; and returning the extracted password information.
根据本发明的第二方案, 提供了一种密码安全系统, 包括: 服务器 和终端, 其中所述服务器用于接收用户输入的密码信息和图像; 对所述 图像进行处理, 将所述密码信息以不影响所述图像使用的方式集成到所 述图像的数据中; 以及返回处理后的图像, 所述终端用于接收用户输入 的处理后的图像; 对用户输入的处理后的图像进行处理, 提取出以不影 响图像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及 返回提取出的密码信息。 According to a second aspect of the present invention, a password security system is provided, including: a server And a terminal, wherein the server is configured to receive password information and an image input by a user; processing the image, integrating the password information into data of the image in a manner that does not affect use of the image; and returning The processed image, the terminal is configured to receive the processed image input by the user; and process the processed image input by the user, and extract the processed image into the processed image input by the user without affecting the image usage. Password information; and return the extracted password information.
根据本发明的第三方案, 提供了一种密码安全系统, 包括: 服务器 和终端, 其中所述服务器用于接收用户输入的密码信息和图像; 对所述 图像进行处理, 将所述密码信息以不影响所述图像使用的方式集成到所 述图像的数据中; 以及返回处理后的图像, 所述服务器还用于接收用户 输入的处理后的图像; 对用户输入的处理后的图像进行处理, 提取出以 不影响图像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及返回提取出的密码信息。  According to a third aspect of the present invention, a password security system is provided, including: a server and a terminal, wherein the server is configured to receive password information and an image input by a user; and process the image, and the password information is a method of not affecting the use of the image is integrated into the data of the image; and returning the processed image, the server is further configured to receive the processed image input by the user; and process the processed image input by the user, Extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; and returning the extracted password information.
根据本发明的第四方案, 提供了一种密码安全系统, 包括: 服务器 和终端, 其中所述终端用于接收用户输入的密码信息和图像; 对所述图 像进行处理, 将所述密码信息以不影响所述图像使用的方式集成到所述 图像的数据中; 以及返回处理后的图像, 所述终端还用于接收用户输入 的处理后的图像; 对用户输入的处理后的图像进行处理, 提取出以不影 响图像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及 返回提取出的密码信息。  According to a fourth aspect of the present invention, a password security system is provided, including: a server and a terminal, wherein the terminal is configured to receive password information and an image input by a user; and process the image, and the password information is Integrating into the data of the image without affecting the use of the image; and returning the processed image, the terminal is further configured to receive the processed image input by the user; and process the processed image input by the user, Extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; and returning the extracted password information.
根据本发明的第五方案, 提供了一种密码安全方法, 包括: 密码隐 蔽过程和密码取回过程。 所述密码隐蔽过程包括: 接收用户输入的密码 信息和图像; 对所述图像进行处理, 将所述密码信息以不影响所述图像 使用的方式集成到所述图像的数据中; 以及返回处理后的图像。 所述密 码取回过程包括: 接收用户输入的处理后的图像; 对用户输入的处理后 的图像进行处理, 提取出以不影响图像使用的方式集成到用户输入的处 理后的图像中的密码信息; 以及返回提取出的密码信息。  According to a fifth aspect of the present invention, a password security method is provided, comprising: a password concealment process and a password retrieval process. The password concealment process includes: receiving password information and an image input by a user; processing the image, integrating the password information into data of the image without affecting use of the image; and returning to processing Image. The password retrieval process includes: receiving a processed image input by a user; processing the processed image input by the user, and extracting password information integrated into the processed image input by the user in a manner that does not affect image usage; ; and return the extracted password information.
在本发明的第一至第五方案中, 所述图像是所述用户自行指定或实 时拍摄的一幅图像。  In the first to fifth aspects of the invention, the image is an image that the user has specified or photographed in real time.
在本发明的第一至第五方案中, 用户输入的处理后的图像是所述用 户从随机提供的多幅图像中选择的一幅图像, 或者是自行指定的一幅图 像。 In the first to fifth aspects of the present invention, the processed image input by the user is the use An image selected from a plurality of randomly provided images, or an image designated by itself.
在本发明的第一至第五方案中, 将所述密码信息以不易识别的方式 集成到所述图像的数据中。 例如, 对所述密码信息进行加密, 并将加密 后的密码信息集成到所述图像的数据中。 可以釆用下述加密技术之一对 所述密码信息进行加密: RSA、 DES、 AES。 相应地, 所述密码信息是以不 易识别的方式集成到用户输入的处理后的图像的数据中的。 例如, 对所 述密码信息进行解密, 并返回解密后的密码信息。 可以釆用下述解密技 术之一对所述密码信息进行解密: RSA、 DES、 AES。  In the first to fifth aspects of the invention, the password information is integrated into the data of the image in a manner that is not easily identifiable. For example, the password information is encrypted, and the encrypted password information is integrated into the data of the image. The cryptographic information can be encrypted using one of the following encryption techniques: RSA, DES, AES. Accordingly, the password information is integrated into the data of the processed image input by the user in an unrecognizable manner. For example, the password information is decrypted and the decrypted password information is returned. The cryptographic information can be decrypted using one of the following decryption techniques: RSA, DES, AES.
可选地, 在本发明的第一至第五方案中, 利用数字水印技术, 将所 述密码信息集成到所述图像的数据中。 相应地, 利用数字水印技术, 提 取出所述密码信息。  Alternatively, in the first to fifth aspects of the present invention, the cryptographic information is integrated into the data of the image using a digital watermark technique. Accordingly, the password information is extracted using digital watermarking techniques.
可选地, 在本发明的第一至第五方案中, 将所述密码信息集成到所 述图像的可交换图像文件 (EXIF )数据中。 相应地, 从所述图像的可交 换图像文件(EXIF )数据中提取出所述密码信息。  Alternatively, in the first to fifth aspects of the invention, the password information is integrated into the exchangeable image file (EXIF) data of the image. Accordingly, the password information is extracted from the exchangeable image file (EXIF) data of the image.
在本发明的第一至第五方案中, 将所述处理后的图像存储在所述服 务器处, 或者存储在所述终端处。 利用本发明,用户可以将密码隐藏在自己熟悉或喜爱的图像(图片、 照片等) 中, 便于用户记忆。 而且, 即使是非常熟悉用户的人, 也很难 知晓用户釆用了哪张图像(图片、 照片等)作为密码取回图像, 因此, 能够提高密码的安全性。 与此同时, 本发明的密码隐藏并不影响图像的 正常使用 (和 /或不易识别), 可以实现密码的有效隐藏和图像的有效使 用。 附图说明  In the first to fifth aspects of the invention, the processed image is stored at the server or stored at the terminal. With the present invention, the user can hide the password in an image (picture, photo, etc.) that he or she is familiar with or like, which is convenient for the user to remember. Moreover, even a person who is very familiar with the user can hardly know which image (picture, photo, etc.) the user has used as the password to retrieve the image, and therefore, the security of the password can be improved. At the same time, the password concealment of the present invention does not affect the normal use of the image (and/or is not easily recognized), and can effectively hide the password and effectively use the image. DRAWINGS
通过下面结合附图说明本发明的优选实施例, 将使本发明的上述及 其它目的、 特征和优点更加清楚, 其中:  The above and other objects, features and advantages of the present invention will become more apparent from
图 1是示出了本发明的移动通信系统 3000的应用场景的示意图。 图 2是根据本发明第一实施例示出了密码安全系统 3000的操作的 时序图 1100。 FIG. 1 is a schematic diagram showing an application scenario of the mobile communication system 3000 of the present invention. 2 is a diagram showing the operation of the cryptographic security system 3000 in accordance with a first embodiment of the present invention. Timing diagram 1100.
图 3是根据本发明第二实施例示出了密码安全系统 3000的操作的 时序图 1200。  3 is a timing diagram 1200 showing the operation of cryptographic security system 3000 in accordance with a second embodiment of the present invention.
图 4是根据本发明第三实施例示出了密码安全系统 3000的操作的 时序图 1 300。  4 is a timing diagram 1 300 showing the operation of cryptographic security system 3000 in accordance with a third embodiment of the present invention.
图 5是根据本发明第四实施例示出了密码安全系统 3000的操作的 时序图 1400。  Figure 5 is a timing diagram 1400 showing the operation of cryptographic security system 3000 in accordance with a fourth embodiment of the present invention.
图 6是示出了根据本发明实施例的密码隐蔽方法 100的流程图。 图 7是示出了根据本发明实施例的密码隐蔽装置 1000的方框图。 图 8是示出了根据本发明实施例的密码取回方法 200的流程图。 图 9是示出了根据本发明实施例的密码取回装置 2000的方框图。 在本发明的所有附图中, 相同或相似的结构均以相同或相似的附图 标记标识。 具体实施方式  FIG. 6 is a flow chart showing a password concealment method 100 in accordance with an embodiment of the present invention. FIG. 7 is a block diagram showing a cryptographic concealment apparatus 1000 in accordance with an embodiment of the present invention. FIG. 8 is a flow chart showing a password retrieval method 200 in accordance with an embodiment of the present invention. FIG. 9 is a block diagram showing a password retrieval device 2000 in accordance with an embodiment of the present invention. In all the drawings of the present invention, the same or similar structures are identified by the same or similar reference numerals. detailed description
下面参照附图对本发明的优选实施例进行详细说明, 在描述过程中 省略了对于本发明来说是不必要的细节和功能, 以防止对本发明的理解 造成混淆。 以下, 以本发明应用于无线移动通信系统的场景为例, 对本 发明进行了详细描述。 但本发明并不局限于此, 本发明也可以应用于固 定通信系统、有线通信系统, 或者应用于固定通信系统、有线通信系统、 无线移动通信系统等的任意混合结构。 就移动通信系统而言, 本发明不 局限于具体的移动通信协议, 可以包括但不限于 2G、 3G、 4G、 5G网络, WCDMA, CDMA2000 , TD-SCDMA 系统等, 不同的移动终端可以釆用相同的 通信协议, 也可以釆用不同的通信协议。 本发明并不局限于移动终端的 具体操作系统, 可以包括但不限于 iOS、 Windows Mob i l e , Symb ian、 Andro id 等, 不同的移动终端可以釆用相同的操作系统, 也可以釆用不 同的操作系统。 另外, 本发明并不局限于具体的图像格式, 可以包括但 不限于: JPEG , JPEG2000 , TIFF , RIFF , PNG。  The preferred embodiments of the present invention are described in detail below with reference to the accompanying drawings, and the details and functions that are not necessary for the present invention are omitted in the description to avoid confusion of the understanding of the present invention. Hereinafter, the present invention will be described in detail by taking the scenario in which the present invention is applied to a wireless mobile communication system as an example. However, the present invention is not limited thereto, and the present invention can also be applied to a fixed communication system, a wired communication system, or an arbitrary hybrid structure of a fixed communication system, a wired communication system, a wireless mobile communication system, or the like. In the case of a mobile communication system, the present invention is not limited to a specific mobile communication protocol, and may include, but is not limited to, 2G, 3G, 4G, 5G networks, WCDMA, CDMA2000, TD-SCDMA systems, etc., different mobile terminals may use the same The communication protocol can also use different communication protocols. The present invention is not limited to a specific operating system of a mobile terminal, and may include, but is not limited to, iOS, Windows Mobile, Symbian, Andro id, etc. Different mobile terminals may use the same operating system or may use different operations. system. In addition, the present invention is not limited to a specific image format and may include, but is not limited to, JPEG, JPEG2000, TIFF, RIFF, PNG.
图 1是示出了本发明的移动通信系统 3000的应用场景的示意图。 如图 1所示, 应用场景 3000可以包括服务器 300和移动终端 500。 为了 清楚起见, 图中仅示出了一部移动终端 500, 但本发明并不局限于此, 可以包括两部或更多数目的移动终端。移动终端 500可以由用户 A操作。 移动终端 500可以通过通信网络 400与服务器 300相连。 通信网络 400 的示例可以包括但不限于: 互联网、 移动通信网络。 服务器 300与移动 终端 500之间的通信链路可以是安全的或加密的, 以确保用户 A的帐户 和密码信息不被泄露。 FIG. 1 is a schematic diagram showing an application scenario of the mobile communication system 3000 of the present invention. As shown in FIG. 1, the application scenario 3000 may include a server 300 and a mobile terminal 500. In order For clarity, only one mobile terminal 500 is shown in the figure, but the present invention is not limited thereto and may include two or more mobile terminals. The mobile terminal 500 can be operated by the user A. The mobile terminal 500 can be connected to the server 300 via the communication network 400. Examples of communication network 400 may include, but are not limited to: the Internet, a mobile communication network. The communication link between server 300 and mobile terminal 500 may be secure or encrypted to ensure that User A's account and password information is not compromised.
移动终端 500 可以包括安装在其中的密码安全客户端 (未示出)。 密码安全客户端可以由用户 A以软件的形式自行安装在移动终端 500中, 或者可以由移动终端生产厂商以硬件或固件的形式安装在移动终端 500 中。  The mobile terminal 500 can include a password security client (not shown) installed therein. The password security client can be installed in the mobile terminal 500 by the user A in the form of software, or can be installed in the mobile terminal 500 in the form of hardware or firmware by the mobile terminal manufacturer.
用户 A通过移动终端 500访问服务器 300, 可以向服务器 300注册 或设定帐户和密码 520 , 例如, 通过网页或安装在移动终端 500上的密 码安全客户端。 在用户 A注册或设定帐户和密码 520之后, 服务器 300 或移动终端 500 (密码安全客户端)可以提示用户 A是否设置密码取回 操作 (稍后将结合图 2 ~ 5进行详细描述)。 用户 A完成密码取回操作设 置之后, 一旦用户 A忘记密码 520, 用户 A可以通过服务器 300或移动 终端 500 (密码安全客户端)取回之前所设置的密码 520。 图 2是根据本发明第一实施例示出了密码安全系统 3000的操作的 时序图 1100。  User A accesses server 300 through mobile terminal 500, and can register or set account and password 520 to server 300, for example, via a web page or a password secure client installed on mobile terminal 500. After User A registers or sets account and password 520, server 300 or mobile terminal 500 (Password Security Client) can prompt User A to set a password retrieval operation (described in more detail later in connection with Figures 2-5). After User A completes the password retrieval operation setting, once User A forgets the password 520, User A can retrieve the previously set password 520 through the server 300 or the mobile terminal 500 (Password Security Client). 2 is a timing diagram 1100 showing the operation of cryptographic security system 3000 in accordance with a first embodiment of the present invention.
如图 2所示, 移动终端 500 (密码安全客户端) 完成隐蔽密码信息 520的处理, 服务器 300完成取回密码信息 520的处理。  As shown in FIG. 2, the mobile terminal 500 (Password Security Client) completes the processing of the covert password information 520, and the server 300 completes the process of retrieving the password information 520.
接续图 1 , 用户 A选择设置密码取回操作, 在步骤 S110, 移动终端 500 (密码安全客户端)接收密码信息 520和图像 510。 对于通过网页访 问服务器 300的情形, 当用户 A选择设置密码取回操作时, 服务器 300 向移动终端 500 (密码安全客户端)通知用户 A的密码取回操作设置请 求(可以包括用户 A的密码 520 ( S1105 ) ), 移动终端 500提示用户 A提 供图像 510。 对于通过安装在移动终端 500上的密码安全客户端 (已知 用户 A的密码 520 )访问服务器 300的情形, 当用户 A选择设置密码取 回操作时, 移动终端 500 (密码安全客户端)可以直接提示用户 A提供 图像 510。例如,用户 A可以从移动终端 500本地选取已存储的图像 510 或实时拍摄一幅图像 510。 Next, the user A selects the setting password retrieval operation, and in step S110, the mobile terminal 500 (password security client) receives the password information 520 and the image 510. For the case of accessing the server 300 through the webpage, when the user A selects the setting password retrieval operation, the server 300 notifies the mobile terminal 500 (password security client) of the password retrieval operation setting request of the user A (which may include the password A of the user A 520). (S1105)), the mobile terminal 500 prompts the user A to provide the image 510. For the case where the server 300 is accessed through the password security client (known user A's password 520) installed on the mobile terminal 500, when the user A selects the setup password retrieval operation, the mobile terminal 500 (password security client) can directly Prompt user A to provide Image 510. For example, user A may locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
在步骤 S120, 移动终端 500 (密码安全客户端)对用户 A所选择的 图像 510进行处理, 将密码信息 520以不影响图像 510使用的方式集成 到图像 510的数据中, 生成处理后的图像 510'。 例如, 作为不影响图像 510使用的操作的示例, 移动终端 500可以将密码信息 520集成到图像 510的 EXIF数据中, 生成处理后的图像 510'。 作为不影响图像 510使用 的操作的另一示例, 移动终端 500可以利用数字水印技术, 将密码信息 520集成到图像 510的数据中, 生成处理后的图像 510'。 此外, 移动终 端 500可以在将密码信息 520集成到图像 510的数据中之前, 对密码信 息 520进行加密,从而将加密后的密码信息(不易识别)集成到图像 510 的数据中, 作为加密技术的示例, 可以包括但不限于 RSA、 DES、 AES等。  In step S120, the mobile terminal 500 (password security client) processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates the processed image 510. '. For example, as an example of an operation that does not affect the use of the image 510, the mobile terminal 500 can integrate the password information 520 into the EXIF data of the image 510 to generate a processed image 510'. As another example of an operation that does not affect the use of the image 510, the mobile terminal 500 can integrate the password information 520 into the data of the image 510 using a digital watermarking technique to generate a processed image 510'. In addition, the mobile terminal 500 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an encryption technique. Examples may include, but are not limited to, RSA, DES, AES, and the like.
在步骤 S130, 移动终端 500 (密码安全客户端)返回处理后的图像 510'。 对于所生成的图像 510' , 移动终端 500可以提示用户 A是上传到 服务器 300、 保存在移动终端 5GG本地、 还是既上传到服务器 300又保 存在移动终端 500本地。 用户 A可以将所生成的图像 510'保存于任意位 置, 包括但不限于移动终端 500、服务器 300、 用户 A的便携式存储设备 ( SD卡、 U盘、 移动硬盘等)。 例如, 如图 2所示, 根据用户 A的选择, 在步骤 S1115 , 移动终端 500将所生成的图像 510'上传到服务器 300保 存(服务器 300可以将图像 510'与用户 A的帐户相关联地存储)。  At step S130, the mobile terminal 500 (password security client) returns the processed image 510'. For the generated image 510', the mobile terminal 500 can prompt the user A to upload to the server 300, save it locally to the mobile terminal 5GG, or both to the server 300 and to the mobile terminal 500. User A can save the generated image 510' to any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard drive, etc.). For example, as shown in FIG. 2, according to the selection of the user A, the mobile terminal 500 uploads the generated image 510' to the server 300 for saving in step S1115 (the server 300 may store the image 510' in association with the account of the user A. ).
当用户 A忘记密码时, 用户 A可以通过移动终端 500 (或其他移动 终端或固定终端, 只要能够访问服务器 300并能够得到图像 510'即可) 执行密码取回操作。 用户 A向服务器 300提供所注册的帐号, 并选择以 图像方式取回密码。在步骤 S210,服务器 300接收图像 510'。服务器 300 可以提示用户 A是从系统提供的图像中进行选择还是自行上传图像。 如 果用户 A选择自行上传图像, 则服务器 300可以从用户 A指定的任意位 置获得图像 510' , 包括但不限于移动终端 500、服务器 300、 用户 A的便 携式存储设备(SD卡、 U盘、 移动硬盘等)。 例如, 如图 2所示, 服务器 300从移动终端 500接收用户 A上传的图像 ( S1125 I 如果用户 A选择 从系统提供的图像中进行选择, 则服务器 300提供多幅图像(例如, 20 幅图像)(其中包含用户 A之前保存到服务器 300上的图像 510' ) (这多 幅图像中的其他图像, 可以是服务器 300 自行添加的, 也可以是用户 A 之前添加的), 由用户 A选择。 当用户 A上传或选择了正确的图像 510' 后, 在步骤 S220 , 服务器 300对图像 510'进行处理, 提取出以不影响图 像 510'使用的方式集成到图像 510'中的密码信息 520。 在步骤 S230, 服 务器 300返回密码信息 520。 服务器 300可以将密码信息 520直接返回 给移动终端 500 ( S1135 )进行显示, 或者将密码信息 520返回给用户 A 之前指定的位置(如, 电子邮件地址、 手机号码等)。 此外, 还可以规定 用户 A只能尝试(包括图像上传和图像选择)有限的次数, 例如, 3次, 如果 3次都失败, 则不能再试, 而只能利用其他方式取回 (比如, 携身 份证件向运营商取回 ),也可以设定在 3次都失败时,清空该帐号内的全 部内容。 图 3是根据本发明第二实施例示出了密码安全系统 3000的操作的 时序图 1200。 When the user A forgets the password, the user A can perform the password retrieval operation through the mobile terminal 500 (or other mobile terminal or fixed terminal as long as the server 300 can be accessed and the image 510 can be obtained). User A provides the registered account to server 300 and chooses to retrieve the password graphically. At step S210, the server 300 receives the image 510'. The server 300 can prompt the user A whether to select from the images provided by the system or upload the images themselves. If user A chooses to upload the image by itself, server 300 may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard disk). Wait). For example, as shown in FIG. 2, the server 300 receives an image uploaded by the user A from the mobile terminal 500 (S1125I. If the user A selects to select from the images provided by the system, the server 300 provides a plurality of images (for example, 20) Image) (which contains the image 510' saved to the server 300 by the user A) (other images in the multiple images may be added by the server 300 or added before the user A), by the user A select. After user A uploads or selects the correct image 510', in step S220, server 300 processes image 510' to extract cryptographic information 520 that is integrated into image 510' in a manner that does not affect the use of image 510'. At step S230, the server 300 returns the password information 520. The server 300 can directly return the password information 520 to the mobile terminal 500 (S1135) for display, or return the password information 520 to the location (e.g., email address, mobile number, etc.) previously designated by the user A. In addition, it can be stipulated that User A can only try (including image uploading and image selection) a limited number of times, for example, 3 times. If 3 times fail, it can't be tried again, but can only be retrieved by other means (for example, carrying The ID card is retrieved from the operator. It can also be set to clear all the contents of the account when it fails three times. 3 is a timing diagram 1200 showing the operation of cryptographic security system 3000 in accordance with a second embodiment of the present invention.
如图 3所示, 服务器 300完成隐蔽密码信息 520的处理, 移动终端 500 (密码安全客户端) 完成取回密码信息 520的处理。  As shown in FIG. 3, the server 300 completes the processing of the covert password information 520, and the mobile terminal 500 (password security client) completes the process of retrieving the password information 520.
接续图 1 ,用户 A选择设置密码取回操作,在步骤 S110 ,服务器 300 接收密码信息 520和图像 510。 密码信息 520可以在服务器 300处获得, 图像 510可以由用户 A通过移动终端 500 (密码安全客户端)上传至服 务器 300 ( S1205 )。 服务器 300可以通过网页或密码安全客户端提示用 户 A提供图像 510。 例如, 用户 A可以从移动终端 500本地选取已存储 的图像 510或实时拍摄一幅图像 510。  Next, the user A selects the setup password retrieval operation, and the server 300 receives the password information 520 and the image 510 in step S110. The password information 520 can be obtained at the server 300, and the image 510 can be uploaded by the user A to the server 300 via the mobile terminal 500 (Password Security Client) (S1205). Server 300 can prompt user A to provide image 510 via a web page or a password security client. For example, user A can locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
在步骤 S120,服务器 300对用户 A所选择的图像 510进行处理, 将 密码信息 520以不影响图像 510使用的方式集成到图像 510的数据中, 生成处理后的图像 510'。例如,作为不影响图像 510使用的操作的示例, 服务器 300可以将密码信息 520集成到图像 510的 EXIF数据中 ,生成处 理后的图像 510'。 作为不影响图像 510使用的操作的另一示例, 服务器 300可以利用数字水印技术,将密码信息 520集成到图像 510的数据中, 生成处理后的图像 510'。 此外, 服务器 300可以在将密码信息 520集成 到图像 510的数据中之前, 对密码信息 520进行加密, 从而将加密后的 密码信息(不易识别)集成到图像 510的数据中, 作为加密技术的示例, 可以包括但不限于 RSA、 DES、 AES等。 In step S120, the server 300 processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates a processed image 510'. For example, as an example of an operation that does not affect the use of image 510, server 300 may integrate cryptographic information 520 into EXIF data of image 510 to generate processed image 510'. As another example of an operation that does not affect the use of image 510, server 300 may utilize digital watermarking techniques to integrate cryptographic information 520 into the data of image 510 to generate processed image 510'. In addition, the server 300 can integrate the password information 520 Prior to the data in the image 510, the password information 520 is encrypted, thereby integrating the encrypted password information (not easily identifiable) into the data of the image 510, as an example of the encryption technique, which may include, but is not limited to, RSA, DES, AES Wait.
在步骤 S130 ,服务器 300返回处理后的图像 510'。对于所生成的图 像 510' , 服务器 300可以通过网页或密码安全客户端提示用户 A是上传 到服务器 300、 保存在移动终端 500本地、 还是既上传到服务器 300又 保存在移动终端 500本地。 用户 A可以将所生成的图像 510'保存于任意 位置, 包括但不限于移动终端 500、服务器 300、 用户 A的便携式存储设 备(SD卡、 U盘、移动硬盘等)。 例如, 如图 3所示, 根据用户 A的选择, 在步骤 S1215 ,服务器 300将所生成的图像 510'传送到移动终端 500 (密 码安全客户端)保存。  At step S130, the server 300 returns the processed image 510'. For the generated image 510', the server 300 can prompt the user A via the webpage or password security client to upload to the server 300, save it locally to the mobile terminal 500, or both to the server 300 and to the mobile terminal 500. User A can store the generated image 510' in any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard drive, etc.). For example, as shown in FIG. 3, according to the selection of the user A, the server 300 transmits the generated image 510' to the mobile terminal 500 (Password Security Client) for saving in step S1215.
当用户 A忘记密码时, 用户 A可以通过移动终端 500 (密码安全客 户端)执行密码取回操作。 在步骤 S210 , 移动终端 500 (密码安全客户 端)接收图像 510'。 移动终端 500 (密码安全客户端)可以提示用户 A 是从系统提供的图像中进行选择还是自行选择图像。 如果用户 A选择自 行选择图像, 则移动终端 500 (密码安全客户端)可以从用户 A指定的 任意位置获得图像 510' , 包括但不限于移动终端 500、 服务器 300、 用户 A的便携式存储设备(SD卡、 U盘、 移动硬盘等)。 如果用户 A选择从系 统提供的图像中进行选择, 则移动终端 500 (密码安全客户端)提供多 幅图像(例如, 20幅图像)(其中包含用户 A之前保存的图像 510' ), 由 用户 A选择。 这多幅图像中的其他图像, 可以是移动终端 500 (密码安 全客户端) /服务器 300自行添加的,也可以是用户 A之前添加的。例如, 如图 3所示, 移动终端 500 (密码安全客户端)可以从服务器 300接收 图像 510' ( S1125 ) (此时, 需向服务器 300提供用户 A的帐户信息), 服 务器 300可以仅返回图像 510' , 也可以也可以一并返回包含图像 510'在 内的多幅图像。 当用户 A选择了正确的图像 510'后, 在步骤 S220 , 移动 终端 500 (密码安全客户端)对图像 510'进行处理, 提取出以不影响图 像 510'使用的方式集成到图像 510'中的密码信息 520。 在步骤 S230, 移 动终端 500 (密码安全客户端)返回密码信息 520。 移动终端 500 (密码 安全客户端)可以直接显示密码信息 520, 或者将密码信息 520返回给 用户 A之前指定的位置(如, 电子邮件地址、 手机号码等)。 此外, 还可 以规定用户 A只能尝试(选择图像)有限的次数, 例如, 3次, 如果 3 次都失败, 则不能再试, 而只能利用其他方式取回 (比如, 携身份证件 向运营商取回),也可以设定在 3次都失败时,清空该帐号内的全部内容。 图 4是根据本发明第三实施例示出了密码安全系统 3000的操作的 时序图 1300。 When the user A forgets the password, the user A can perform a password retrieval operation through the mobile terminal 500 (password security client). At step S210, the mobile terminal 500 (password security client) receives the image 510'. The mobile terminal 500 (Password Security Client) can prompt the user A whether to select from the images provided by the system or to select images by themselves. If user A chooses to select the image by himself, mobile terminal 500 (password security client) may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD) Card, USB flash drive, mobile hard drive, etc.). If the user A chooses to select from the images provided by the system, the mobile terminal 500 (password security client) provides a plurality of images (for example, 20 images) (including the image 510' previously saved by the user A), by the user A. select. The other images in the plurality of images may be added by the mobile terminal 500 (Password Security Client)/Server 300, or may be added before User A. For example, as shown in FIG. 3, the mobile terminal 500 (password security client) can receive the image 510' from the server 300 (S1125) (at this time, the account information of the user A needs to be provided to the server 300), and the server 300 can return only the image. 510' may also return multiple images including the image 510'. After the user A selects the correct image 510', in step S220, the mobile terminal 500 (password security client) processes the image 510', extracting the image into the image 510' in a manner that does not affect the use of the image 510'. Password information 520. At step S230, the mobile terminal 500 (password security client) returns the password information 520. The mobile terminal 500 (password security client) can directly display the password information 520 or return the password information 520 to The location previously specified by User A (eg, email address, mobile number, etc.). In addition, it can be stipulated that User A can only try (select images) a limited number of times, for example, 3 times. If 3 times fail, it can't be tried again, but can only be retrieved by other means (for example, carrying an ID card to operate If you get back, you can also set all the contents of the account to be cleared when all three times fail. 4 is a timing diagram 1300 showing the operation of cryptographic security system 3000 in accordance with a third embodiment of the present invention.
如图 4所示, 服务器 300既完成隐蔽密码信息 520的处理, 又完成 取回密码信息 520的处理。  As shown in FIG. 4, the server 300 performs both the processing of the covert password information 520 and the process of retrieving the password information 520.
接续图 1 ,用户 A选择设置密码取回操作,在步骤 S110 ,服务器 300 接收密码信息 520和图像 510。 密码信息 520可以在服务器 300处获得, 图像 510可以由用户 A通过移动终端 500 (密码安全客户端)上传至服 务器 300 ( S1305 )。 服务器 300可以通过网页或密码安全客户端提示用 户 A提供图像 510。 例如, 用户 A可以从移动终端 500本地选取已存储 的图像 510或实时拍摄一幅图像 510。  Next, the user A selects the setup password retrieval operation, and the server 300 receives the password information 520 and the image 510 in step S110. The password information 520 can be obtained at the server 300, and the image 510 can be uploaded by the user A to the server 300 via the mobile terminal 500 (password security client) (S1305). Server 300 can prompt user A to provide image 510 via a web page or a password security client. For example, user A can locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
在步骤 S120,服务器 300对用户 A所选择的图像 510进行处理, 将 密码信息 520以不影响图像 510使用的方式集成到图像 510的数据中, 生成处理后的图像 510'。例如,作为不影响图像 510使用的操作的示例, 服务器 300可以将密码信息 520集成到图像 510的 EXIF数据中 ,生成处 理后的图像 510'。 作为不影响图像 510使用的操作的另一示例, 服务器 300可以利用数字水印技术,将密码信息 520集成到图像 510的数据中, 生成处理后的图像 510'。 此外, 服务器 300可以在将密码信息 520集成 到图像 510的数据中之前, 对密码信息 520进行加密, 从而将加密后的 密码信息(不易识别)集成到图像 510的数据中, 作为加密技术的示例, 可以包括但不限于 RSA、 DES、 AES等。  In step S120, the server 300 processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates a processed image 510'. For example, as an example of an operation that does not affect the use of image 510, server 300 can integrate cryptographic information 520 into the EXIF data of image 510 to generate processed image 510'. As another example of an operation that does not affect the use of image 510, server 300 may utilize digital watermarking techniques to integrate cryptographic information 520 into the data of image 510 to generate processed image 510'. Further, the server 300 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an example of the encryption technique. , may include but is not limited to RSA, DES, AES, and the like.
在步骤 S130 ,服务器 300返回处理后的图像 510'。对于所生成的图 像 510' , 服务器 300可以通过网页或密码安全客户端提示用户 A是上传 到服务器 300、 保存在移动终端 500本地、 还是既上传到服务器 300又 保存在移动终端 500本地。 用户 A可以将所生成的图像 510'保存于任意 位置, 包括但不限于移动终端 500、服务器 300、 用户 A的便携式存储设 备( SD卡、 U盘、移动硬盘等)。 例如, 如图 4所示, 根据用户 A的选择, 在步骤 S1215 ,服务器 300将所生成的图像 510'传送到移动终端 500 (密 码安全客户端)保存。 At step S130, the server 300 returns the processed image 510'. For the generated image 510', the server 300 can prompt the user A to upload to the server 300, save it to the mobile terminal 500, or both to the server 300 and to the mobile terminal 500 locally through the webpage or password security client. User A can save the generated image 510' to any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device. Ready (SD card, U disk, mobile hard disk, etc.). For example, as shown in FIG. 4, according to the selection of the user A, the server 300 transmits the generated image 510' to the mobile terminal 500 (password security client) for saving in step S1215.
当用户 A忘记密码时, 用户 A可以通过移动终端 500 (或其他移动 终端或固定终端, 只要能够访问服务器 300并能够得到图像 510'即可) 执行密码取回操作。 用户 A向服务器 300提供所注册的帐号, 并选择以 图像方式取回密码。在步骤 S210,服务器 300接收图像 510'。服务器 300 可以提示用户 A是从系统提供的图像中进行选择还是自行上传图像。 如 果用户 A选择自行上传图像, 则服务器 300可以从用户 A指定的任意位 置获得图像 510' , 包括但不限于移动终端 500、服务器 300、 用户 A的便 携式存储设备(SD卡、 U盘、 移动硬盘等)。 例如, 如图 4所示, 服务器 300从移动终端 500接收用户 A上传的图像 ( S1325 )0 如果用户 A选择 从系统提供的图像中进行选择, 则服务器 300提供多幅图像(例如, 20 幅图像)(其中包含用户 A之前保存到服务器 300上的图像 510' ) (这多 幅图像中的其他图像, 可以是服务器 300 自行添加的, 也可以是用户 A 之前添加的), 由用户 A选择。 当用户 A上传或选择了正确的图像 510' 后, 在步骤 S220 , 服务器 300对图像 510'进行处理, 提取出以不影响图 像 510'使用的方式集成到图像 510'中的密码信息 520。 在步骤 S230, 服 务器 300返回密码信息 520。 服务器 300可以将密码信息 520直接返回 给移动终端 500 ( S1335 )进行显示, 或者将密码信息 520返回给用户 A 之前指定的位置(如, 电子邮件地址、 手机号码等)。 此外, 还可以规定 用户 A只能尝试(包括图像上传和图像选择)有限的次数, 例如, 3次, 如果 3次都失败, 则不能再试, 而只能利用其他方式取回 (比如, 携身 份证件向运营商取回 ),也可以设定在 3次都失败时,清空该帐号内的全 部内容。 图 5是根据本发明第四实施例示出了密码安全系统 3000的操作的 时序图 1400。 When the user A forgets the password, the user A can perform the password retrieval operation through the mobile terminal 500 (or other mobile terminal or fixed terminal as long as the server 300 can be accessed and the image 510 can be obtained). User A provides the registered account to server 300 and chooses to retrieve the password graphically. At step S210, the server 300 receives the image 510'. The server 300 can prompt the user A whether to select from the images provided by the system or upload the images themselves. If user A chooses to upload the image by itself, server 300 may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard disk). Wait). For example, as shown, if the server 300 for the user A selects 4 from the image (S1325) 500 receives the mobile user terminal A 0 uploaded image supplied from the system's choice, the server 300 provides a plurality of images (e.g., image 20 ) (which includes the image 510' previously saved by the user A to the server 300) (other images in the plurality of images may be added by the server 300 or added before the user A), and are selected by the user A. After user A uploads or selects the correct image 510', in step S220, server 300 processes image 510' to extract cryptographic information 520 that is integrated into image 510' in a manner that does not affect the use of image 510'. At step S230, the server 300 returns the password information 520. The server 300 can directly return the password information 520 to the mobile terminal 500 (S1335) for display, or return the password information 520 to the location (e.g., email address, mobile number, etc.) previously designated by the user A. In addition, it can be stipulated that User A can only try (including image uploading and image selection) a limited number of times, for example, 3 times. If 3 times fail, it can't be tried again, but can only be retrieved by other means (for example, carrying The ID card is retrieved from the operator. It can also be set to clear all the contents of the account when it fails three times. FIG. 5 is a timing diagram 1400 showing the operation of cryptographic security system 3000 in accordance with a fourth embodiment of the present invention.
如图 5所示, 移动终端 500 (密码安全客户端) 既完成隐蔽密码信 息 520的处理, 又完成取回密码信息 520的处理。 接续图 1 , 用户 A选择设置密码取回操作, 在步骤 S110, 移动终端 500 (密码安全客户端)接收密码信息 520和图像 510。 对于通过网页访 问服务器 300的情形, 当用户 A选择设置密码取回操作时, 服务器 300 向移动终端 500 (密码安全客户端)通知用户 A的密码取回操作设置请 求(可以包括用户 A的密码 520 ( S1405 ) ), 移动终端 500提示用户 A提 供图像 510。 对于通过安装在移动终端 500上的密码安全客户端 (已知 用户 A的密码 520 )访问服务器 300的情形, 当用户 A选择设置密码取 回操作时, 移动终端 500 (密码安全客户端)可以直接提示用户 A提供 图像 510。例如,用户 A可以从移动终端 500本地选取已存储的图像 510 或实时拍摄一幅图像 510。 As shown in FIG. 5, the mobile terminal 500 (Password Security Client) performs both the processing of the covert password information 520 and the process of retrieving the password information 520. Next, the user A selects the setting password retrieval operation, and in step S110, the mobile terminal 500 (password security client) receives the password information 520 and the image 510. For the case of accessing the server 300 through the webpage, when the user A selects the setting password retrieval operation, the server 300 notifies the mobile terminal 500 (password security client) of the password retrieval operation setting request of the user A (which may include the password A of the user A 520). (S1405)), the mobile terminal 500 prompts the user A to provide the image 510. For the case where the server 300 is accessed through the password security client (known user A's password 520) installed on the mobile terminal 500, when the user A selects the setup password retrieval operation, the mobile terminal 500 (password security client) can directly User A is prompted to provide image 510. For example, user A may locally select a stored image 510 from mobile terminal 500 or capture an image 510 in real time.
在步骤 S120, 移动终端 500 (密码安全客户端)对用户 A所选择的 图像 510进行处理, 将密码信息 520以不影响图像 510使用的方式集成 到图像 510的数据中, 生成处理后的图像 510'。 例如, 作为不影响图像 510使用的操作的示例, 移动终端 500可以将密码信息 520集成到图像 510的 EXIF数据中, 生成处理后的图像 510'。 作为不影响图像 510使用 的操作的另一示例, 移动终端 500可以利用数字水印技术, 将密码信息 520集成到图像 510的数据中, 生成处理后的图像 510'。 此外, 移动终 端 500可以在将密码信息 520集成到图像 510的数据中之前, 对密码信 息 520进行加密,从而将加密后的密码信息(不易识别)集成到图像 510 的数据中, 作为加密技术的示例, 可以包括但不限于 RSA、 DES、 AES等。  In step S120, the mobile terminal 500 (password security client) processes the image 510 selected by the user A, integrates the password information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates the processed image 510. '. For example, as an example of an operation that does not affect the use of the image 510, the mobile terminal 500 can integrate the password information 520 into the EXIF data of the image 510 to generate a processed image 510'. As another example of an operation that does not affect the use of the image 510, the mobile terminal 500 can integrate the password information 520 into the data of the image 510 using a digital watermarking technique to generate a processed image 510'. In addition, the mobile terminal 500 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an encryption technique. Examples may include, but are not limited to, RSA, DES, AES, and the like.
在步骤 S130, 移动终端 500 (密码安全客户端)返回处理后的图像 510'。 对于所生成的图像 510' , 移动终端 500可以提示用户 A是上传到 服务器 300、 保存在移动终端 5GG本地、 还是既上传到服务器 300又保 存在移动终端 500本地。 用户 A可以将所生成的图像 510'保存于任意位 置, 包括但不限于移动终端 500、服务器 300、 用户 A的便携式存储设备 ( SD卡、 U盘、 移动硬盘等)。 例如, 如图 5所示, 根据用户 A的选择, 在步骤 S1415 , 移动终端 500将所生成的图像 510'上传到服务器 300保 存(服务器 300可以将图像 510'与用户 A的帐户相关联地存储)。  At step S130, the mobile terminal 500 (password security client) returns the processed image 510'. For the generated image 510', the mobile terminal 500 can prompt the user A to upload to the server 300, save it locally to the mobile terminal 5GG, or both to the server 300 and to the mobile terminal 500. User A can save the generated image 510' to any location, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD card, USB flash drive, mobile hard drive, etc.). For example, as shown in FIG. 5, according to the selection of the user A, the mobile terminal 500 uploads the generated image 510' to the server 300 for saving in step S1415 (the server 300 may store the image 510' in association with the account of the user A. ).
当用户 A忘记密码时, 用户 A可以通过移动终端 500 (密码安全客 户端)执行密码取回操作。 在步骤 S210 , 移动终端 500 (密码安全客户 端)接收图像 510'。 移动终端 500 (密码安全客户端)可以提示用户 A 是从系统提供的图像中进行选择还是自行选择图像。 如果用户 A选择自 行选择图像, 则移动终端 500 (密码安全客户端)可以从用户 A指定的 任意位置获得图像 510' , 包括但不限于移动终端 500、 服务器 300、 用户 A的便携式存储设备(SD卡、 U盘、 移动硬盘等)。 如果用户 A选择从系 统提供的图像中进行选择, 则移动终端 500 (密码安全客户端)提供多 幅图像(例如, 20幅图像)(其中包含用户 A之前保存的图像 510' ), 由 用户 A选择。 这多幅图像中的其他图像, 可以是移动终端 500 (密码安 全客户端) /服务器 300自行添加的,也可以是用户 A之前添加的。例如, 如图 5所示, 移动终端 500 (密码安全客户端)可以从服务器 300接收 图像 510' ( S1425 ) (此时, 需向服务器 300提供用户 A的帐户信息), 服 务器 300可以仅返回图像 510' , 也可以一并返回包含图像 510'在内的多 幅图像。当用户 A选择了正确的图像 510'后,在步骤 S220,移动终端 500When the user A forgets the password, the user A can perform a password retrieval operation through the mobile terminal 500 (password security client). In step S210, the mobile terminal 500 (password security client) End) receiving image 510'. The mobile terminal 500 (Password Security Client) can prompt the user A whether to select from the images provided by the system or to select images by themselves. If user A chooses to select the image by himself, mobile terminal 500 (password security client) may obtain image 510' from any location specified by user A, including but not limited to mobile terminal 500, server 300, user A's portable storage device (SD) Card, USB flash drive, mobile hard drive, etc.). If the user A chooses to select from the images provided by the system, the mobile terminal 500 (password security client) provides a plurality of images (for example, 20 images) (including the image 510' previously saved by the user A), by the user A. select. The other images in the plurality of images may be added by the mobile terminal 500 (Password Security Client)/Server 300, or may be added before User A. For example, as shown in FIG. 5, the mobile terminal 500 (password security client) can receive the image 510' from the server 300 (S1425) (at this time, the account information of the user A needs to be provided to the server 300), and the server 300 can return only the image. 510' may also return multiple images including the image 510'. After the user A selects the correct image 510', in step S220, the mobile terminal 500
(密码安全客户端)对图像 510'进行处理, 提取出以不影响图像 510'使 用的方式集成到图像 510'中的密码信息 520。在步骤 S230 ,移动终端 500(Password Security Client) processes image 510' to extract cryptographic information 520 that is integrated into image 510' in a manner that does not affect the use of image 510'. At step S230, the mobile terminal 500
(密码安全客户端)返回密码信息 520。移动终端 500 (密码安全客户端) 可以直接显示密码信息 520, 或者将密码信息 520返回给用户 A之前指 定的位置(如, 电子邮件地址、 手机号码等)。 此外, 还可以规定用户 A 只能尝试(选择图像)有限的次数, 例如, 3次, 如果 3次都失败, 则 不能再试,而只能利用其他方式取回(比如,携身份证件向运营商取回 ), 也可以设定在 3次都失败时, 清空该帐号内的全部内容。 图 6是示出了根据本发明实施例的密码隐蔽方法 100的流程图。 如 图 6所示, 密码隐蔽方法 100可以包括步骤 S110、 S120和 S130。 图 7是示出了根据本发明实施例的密码隐蔽装置 1000的方框图。 如图 7所示, 密码遮蔽装置 100可以包括输入单元 1100、 图像处理单元 1200和输出单元 1300。 输入单元 1100用于接收用户输入的密码信息和 图像。 图像处理单元 1200用于对所述图像进行处理,将所述密码信息以 不影响所述图像使用的方式集成到所述图像的数据中。 输出单元 1300 用于返回处理后的图像。 以下将结合图 1 ~ 7 ,对根据本发明实施例的密码隐蔽方法 100和密 码隐蔽装置 1000进行详细的描述。应当注意,本发明实施例的密码隐蔽 方法 100和密码隐蔽装置 1000既可以在图 1 ~ 5所示的服务器 300中实 现,也可以在图 1 ~ 5所示的移动终端 500中实现,本发明并不局限于此。 在步骤 S110 ,密码隐蔽装置 1000的输入单元 1100接收用户 A输入 的密码信息 520和图像 510。 例如, 图像 510是用户 A 自行指定或实时 拍摄的一幅图像。 (Password Security Client) returns password information 520. The mobile terminal 500 (Password Security Client) may directly display the password information 520 or return the password information 520 to a location (e.g., email address, mobile number, etc.) previously designated by the user A. In addition, it can be stipulated that User A can only try (select images) a limited number of times, for example, 3 times. If it fails 3 times, it can't be tried again, but can only be retrieved by other means (for example, carrying an ID card to operate You can also clear all the contents of the account when it fails three times. FIG. 6 is a flow chart showing a password concealment method 100 in accordance with an embodiment of the present invention. As shown in FIG. 6, the password concealment method 100 may include steps S110, S120, and S130. FIG. 7 is a block diagram showing a cryptographic concealment apparatus 1000 in accordance with an embodiment of the present invention. As shown in FIG. 7, the password masking apparatus 100 may include an input unit 1100, an image processing unit 1200, and an output unit 1300. The input unit 1100 is configured to receive password information and an image input by a user. The image processing unit 1200 is configured to process the image, and integrate the password information into data of the image in a manner that does not affect the use of the image. Output unit 1300 Used to return the processed image. The cryptographic concealing method 100 and the cryptographic concealing apparatus 1000 according to an embodiment of the present invention will be described in detail below with reference to FIGS. 1-7. It should be noted that the password concealment method 100 and the cryptographic concealment apparatus 1000 of the embodiments of the present invention may be implemented in the server 300 shown in FIG. 1 to FIG. 5, or may be implemented in the mobile terminal 500 shown in FIG. Not limited to this. In step S110, the input unit 1100 of the password concealing device 1000 receives the password information 520 and the image 510 input by the user A. For example, image 510 is an image that User A specifies or captures in real time.
在步骤 S120, 密码隐蔽装置 1000的图像处理单元 1200对图像 510 进行处理,将密码信息 520以不影响图像 510使用的方式集成到图像 510 的数据中, 生成处理后的图像 510'。 例如, 作为不影响图像 510使用的 操作的示例, 图像处理单元 1200可以将密码信息 520集成到图像 510 的 EXIF数据中,生成处理后的图像 510'。作为不影响图像 510使用的操 作的另一示例, 图像处理单元 1200可以利用数字水印技术,将密码信息 520集成到图像 510的数据中, 生成处理后的图像 510'。 此外, 图像处 理单元 1200可以在将密码信息 520集成到图像 510的数据中之前,对密 码信息 520进行加密, 从而将加密后的密码信息 (不易识别) 集成到图 像 510的数据中, 作为加密技术的示例, 可以包括但不限于 RSA、 DES、 AES等。  In step S120, the image processing unit 1200 of the cryptographic concealing apparatus 1000 processes the image 510, integrates the cryptographic information 520 into the data of the image 510 in a manner that does not affect the use of the image 510, and generates a processed image 510'. For example, as an example of an operation that does not affect the use of image 510, image processing unit 1200 can integrate cryptographic information 520 into the EXIF data of image 510 to generate processed image 510'. As another example of an operation that does not affect the use of image 510, image processing unit 1200 can utilize digital watermarking techniques to integrate cryptographic information 520 into the data of image 510 to generate processed image 510'. In addition, the image processing unit 1200 may encrypt the password information 520 before integrating the password information 520 into the data of the image 510, thereby integrating the encrypted password information (not easily recognized) into the data of the image 510 as an encryption technique. Examples may include, but are not limited to, RSA, DES, AES, and the like.
最后, 在步骤 S130, 密码隐蔽装置 1000的输出单元 1300返回处理 后的图像 510'。 图像 510'可由用户 A保存于任意位置, 包括但不限于移 动终端 500、 服务器 300、 用户 A的便携式存储设备(SD卡、 U盘、 移动 硬盘等)。 图 8是示出了根据本发明实施例的密码取回方法 200的流程图。 如 图 8所示, 密码取回方法 200可以包括步骤 S202、 S204、 S210、 S220 和 S230。 应当注意, 其中步骤 S202和 S204是可选步骤。 图 9是示出了根据本发明实施例的密码取回装置 2000的方框图。 如图 9所示, 密码遮蔽装置 200可以包括输入单元 2100、 图像处理单元 2200和输出单元 2300。 输入单元 2100用于接收用户输入的图像。 图像 处理单元 2200用于对所述图像进行处理,提取出以不影响所述图像使用 的方式集成到所述图像中的密码信息。输出单元 2300用于返回提取出的 密码信息。 以下将结合图 1 ~ 5、 8和 9 , 对根据本发明实施例的密码取回方法 200和密码取回装置 2000进行详细的描述。 应当注意, 本发明实施例的 密码取回方法 200和密码取回装置 2000既可以在图 1 ~ 5所示的服务器 300中实现, 也可以在图 1 ~ 5所示的移动终端 500中实现, 本发明并不 局限于此。 在步骤 S202 , 密码取回装置 2000 (例如, 输入单元 21 00或输出单 元 2300 )提示用户 A选择图像。 Finally, in step S130, the output unit 1300 of the cryptographic concealment device 1000 returns the processed image 510'. The image 510' may be stored by the user A at any location, including but not limited to the mobile terminal 500, the server 300, the portable storage device of the user A (SD card, USB flash drive, mobile hard disk, etc.). FIG. 8 is a flow chart showing a password retrieval method 200 in accordance with an embodiment of the present invention. As shown in FIG. 8, the password retrieval method 200 may include steps S202, S204, S210, S220, and S230. It should be noted that steps S202 and S204 are optional steps. FIG. 9 is a block diagram showing a password retrieval device 2000 in accordance with an embodiment of the present invention. As shown in FIG. 9, the password masking apparatus 200 may include an input unit 2100, an image processing unit 2200, and an output unit 2300. The input unit 2100 is for receiving an image input by a user. The image processing unit 2200 is configured to process the image to extract cryptographic information integrated into the image in a manner that does not affect the use of the image. The output unit 2300 is configured to return the extracted password information. The password retrieval method 200 and the password retrieval device 2000 according to an embodiment of the present invention will be described in detail below with reference to FIGS. 1 to 5, 8, and 9. It should be noted that the password retrieval method 200 and the password retrieval device 2000 of the embodiment of the present invention may be implemented in the server 300 shown in FIG. 1 to FIG. 5 or in the mobile terminal 500 shown in FIG. The invention is not limited to this. In step S202, the password retrieval device 2000 (for example, the input unit 21 00 or the output unit 2300) prompts the user A to select an image.
在步骤 S210 ,密码取回装置 2000的输入单元 2100接收用户 A输入 的图像 510'。 例如, 图像 510'是用户 A从随机提供的多幅图像中选择的 一幅图像, 或者是自行指定的一幅图像。 图像 510'可由用户 A从任意位 置指定, 包括但不限于移动终端 500、服务器 300、 用户 A的便携式存储 设备(SD卡、 U盘、 移动硬盘等)。  At step S210, the input unit 2100 of the password retrieval device 2000 receives the image 510' input by the user A. For example, the image 510' is an image selected by the user A from a plurality of randomly provided images, or an image designated by himself. The image 510' may be specified by the user A from any location, including but not limited to the mobile terminal 500, the server 300, the portable storage device of the user A (SD card, USB flash drive, mobile hard disk, etc.).
在步骤 S220 ,密码取回装置 2000的图像处理单元 2200对图像 510' 进行处理, 提取出以不影响图像 510'使用的方式集成到图像 510'中的密 码信息 520。 例如, 作为不影响图像 51 0'使用的操作的示例, 密码信息 520可以是集成到图像 510'的 EXIF数据中的, 图像处理单元 2200从图 像 510'的 EXIF数据中提取出密码信息 520。作为不影响图像 510'使用的 操作的另一示例,密码信息 520可以是利用数字水印技术集成到图像 510 的数据中的, 图像处理单元 2200 利用数字水印技术, 提取出密码信息 520。此外, 密码信息 520可以是在集成到图像 510'的数据中之前被加密 的 (不易识别), 图像处理单元 2200对从图像 510'中提取出的密码信息 进行解密, 得到密码信息 520 , 作为解密技术的示例, 可以包括但不限 于 RSA、 DES、 AES等。 In step S220, the image processing unit 2200 of the password retrieval device 2000 processes the image 510' to extract the password information 520 integrated into the image 510' in a manner that does not affect the use of the image 510'. For example, as an example of an operation that does not affect the use of the image 51 0', the password information 520 may be integrated into the EXIF data of the image 510', and the image processing unit 2200 extracts the password information 520 from the EXIF data of the image 510'. As another example of an operation that does not affect the use of image 510', cryptographic information 520 may be integrated into data of image 510 using digital watermarking techniques, and image processing unit 2200 extracts cryptographic information 520 using digital watermarking techniques. In addition, the password information 520 may be encrypted (not easily recognized) before being integrated into the data of the image 510', and the image processing unit 2200 decrypts the password information extracted from the image 510' to obtain the password information 520 as decryption. Examples of technology, which may include but are not limited In RSA, DES, AES, etc.
在步骤 S204 , 密码取回装置 2000 (图像处理单元 2200或输出单元 2300 )判断所选择的图像是否正确(即,是否提取出正确的密码信息 520 (例如,非空))。如果确定提取出正确的密码信息 520 (步骤 S204:是), 则执行步骤 S230。 如果确定未提取出正确的密码信息 520 (步骤 S204: 否 ),则返回步骤 S202 ,提示用户 A重新选择图像。步骤 S204至步骤 S202 的循环可以限制在预定的有限次数, 例如, 3次, 如果 3次都失败, 则 不能再试,而只能利用其他方式取回(比如,携身份证件向运营商取回 ), 也可以设定在 3次都失败时, 清空该帐号内的全部内容。  In step S204, the password retrieval device 2000 (the image processing unit 2200 or the output unit 2300) judges whether or not the selected image is correct (i.e., whether the correct password information 520 is extracted (e.g., not empty)). If it is determined that the correct password information 520 is extracted (step S204: YES), step S230 is performed. If it is determined that the correct password information 520 has not been extracted (step S204: NO), it returns to step S202 to prompt the user A to reselect the image. The loop of step S204 to step S202 can be limited to a predetermined limited number of times, for example, 3 times. If all 3 times fail, it cannot be tried again, but can only be retrieved by other means (for example, carrying an identity document to retrieve from the operator) ), you can also set to clear all the contents of the account when all 3 failures.
最后, 在步骤 S230, 密码取回装置 2000的输出单元 2300返回提取 出的密码信息 520。 可以将密码信息 520直接在移动终端 500的屏幕上 显示, 或者可以将密码信息 520返回给用户 A之前指定的位置 (如, 电 子邮件地址、 手机号码等)。  Finally, in step S230, the output unit 2300 of the password retrieval device 2000 returns the extracted password information 520. The password information 520 can be displayed directly on the screen of the mobile terminal 500, or the password information 520 can be returned to the location (e.g., email address, mobile number, etc.) previously designated by the user A.
至此已经结合优选实施例对本发明进行了描述。 应该理解, 本领域 技术人员在不脱离本发明的精神和范围的情况下, 可以进行各种其它的 改变、 替换和添加。 因此, 本发明的范围不局限于上述特定实施例, 而 应由所附权利要求所限定。 The invention has thus far been described in connection with the preferred embodiments. It will be appreciated that various other changes, substitutions and additions may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention is not limited to the specific embodiments described above, but by the appended claims.

Claims

权 利 要 求 Rights request
1. 一种密码安全系统( 3000 ),包括:服务器( 300 )和终端( 500 ), 所述终端 ( 500 )用于 A password security system (3000) comprising: a server (300) and a terminal (500), the terminal (500) being used for
接收用户输入的密码信息和图像;  Receiving password information and images input by the user;
对所述图像进行处理, 将所述密码信息以不影响所述图像 使用的方式集成到所述图像的数据中; 以及  Processing the image to integrate the cryptographic information into data of the image in a manner that does not affect the use of the image;
返回处理后的图像,  Return the processed image,
所述 Λ良务器( 300 )用于 The server (300) is used for
接收用户输入的处理后的图像;  Receiving a processed image input by a user;
对用户输入的处理后的图像进行处理, 提取出以不影响图 像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及  Processing the processed image input by the user, extracting the password information integrated into the processed image input by the user in a manner that does not affect the use of the image;
返回提取出的密码信息。  Returns the extracted password information.
2. 一种密码安全系统( 3000 ),包括:服务器( 300 )和终端( 500 ), 所述 Λ良务器( 300 )用于  2. A password security system (3000) comprising: a server (300) and a terminal (500), wherein the server (300) is used for
接收用户输入的密码信息和图像;  Receiving password information and images input by the user;
对所述图像进行处理, 将所述密码信息以不影响所述图像 使用的方式集成到所述图像的数据中; 以及  Processing the image to integrate the cryptographic information into data of the image in a manner that does not affect the use of the image;
返回处理后的图像,  Return the processed image,
所述终端 ( 500 )用于 The terminal (500) is used for
接收用户输入的处理后的图像;  Receiving a processed image input by a user;
对用户输入的处理后的图像进行处理, 提取出以不影响图 像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及  Processing the processed image input by the user, extracting the password information integrated into the processed image input by the user in a manner that does not affect the use of the image;
返回提取出的密码信息。  Returns the extracted password information.
3. 一种密码安全系统( 3000 ),包括:服务器( 300 )和终端( 500 ), 所述 Λ良务器( 300 )用于 3. A password security system (3000) comprising: a server (300) and a terminal (500), The server (300) is used for
接收用户输入的密码信息和图像;  Receiving password information and images input by the user;
对所述图像进行处理, 将所述密码信息以不影响所述图像 使用的方式集成到所述图像的数据中; 以及  Processing the image to integrate the cryptographic information into data of the image in a manner that does not affect the use of the image;
返回处理后的图像,  Return the processed image,
所述服务器( 300 )还用于  The server (300) is also used for
接收用户输入的处理后的图像;  Receiving a processed image input by a user;
对用户输入的处理后的图像进行处理, 提取出以不影响图 像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及  Processing the processed image input by the user, extracting the password information integrated into the processed image input by the user in a manner that does not affect the use of the image;
返回提取出的密码信息。  Returns the extracted password information.
4. 一种密码安全系统( 3000 ),包括:服务器( 300 )和终端( 500 ), 其中  4. A password security system (3000) comprising: a server (300) and a terminal (500), wherein
所述终端 ( 500 )用于  The terminal (500) is used for
接收用户输入的密码信息和图像;  Receiving password information and images input by the user;
对所述图像进行处理, 将所述密码信息以不影响所述图像 使用的方式集成到所述图像的数据中; 以及  Processing the image to integrate the cryptographic information into data of the image in a manner that does not affect the use of the image;
返回处理后的图像,  Return the processed image,
所述终端 ( 500 )还用于  The terminal (500) is also used for
接收用户输入的处理后的图像;  Receiving a processed image input by a user;
对用户输入的处理后的图像进行处理, 提取出以不影响图 像使用的方式集成到用户输入的处理后的图像中的密码信息; 以及  Processing the processed image input by the user, extracting the password information integrated into the processed image input by the user in a manner that does not affect the use of the image;
返回提取出的密码信息。  Returns the extracted password information.
5. 根据权利要求 1 ~ 4 之一所述的密码安全系统( 3000 ), 其中 所述图像是所述用户自行指定或实时拍摄的一幅图像。  The cryptographic security system (3000) according to any one of claims 1 to 4, wherein the image is an image that the user specifies or captures in real time.
6. 根据权利要求 1 ~ 5 之一所述的密码安全系统( 3000 ), 其中 将所述密码信息以不易识别的方式集成到所述图像的数据中。  6. A cryptographic security system (3000) according to any one of claims 1 to 5, wherein the cryptographic information is integrated into the data of the image in an unrecognizable manner.
7. 根据权利要求 6所述的密码安全系统( 3000 ) , 其中对所述密 码信息进行加密, 并将加密后的密码信息集成到所述图像的数据中。 7. The cryptographic security system (3000) of claim 6, wherein the cryptographic information is encrypted and the encrypted cryptographic information is integrated into the data of the image.
8. 根据权利要求 7所述的密码安全系统( 3000 ), 其中釆用下述 加密技术之一对所述密码信息进行加密: RSA、 DES、 AES。 8. The cryptographic security system (3000) of claim 7, wherein the cryptographic information is encrypted using one of the following encryption techniques: RSA, DES, AES.
9. 根据权利要求 1 ~ 8 之一所述的密码安全系统( 3000 ), 其中 利用数字水印技术, 将所述密码信息集成到所述图像的数据中。  9. A cryptographic security system (3000) according to any one of claims 1 to 8, wherein the cryptographic information is integrated into the data of the image using digital watermarking techniques.
10. 根据权利要求 1 ~ 8 之一所述的密码安全系统( 3000 ), 其中 将所述密码信息集成到所述图像的可交换图像文件(EXIF )数据中。  10. The cryptographic security system (3000) according to any one of claims 1 to 8, wherein the cryptographic information is integrated into exchangeable image file (EXIF) data of the image.
11. 根据权利要求 1 ~ 10之一所述的密码安全系统( 3000 ), 其中 将所述处理后的图像存储在所述服务器 ( 300 )处, 或者存储在所述终端 The cryptographic security system (3000) according to any one of claims 1 to 10, wherein the processed image is stored at the server (300) or stored at the terminal
( 500 )处。 (500).
12. 根据权利要求 1 ~ 11之一所述的密码安全系统( 3000 ), 其中 用户输入的处理后的图像是所述用户从随机提供的多幅图像中选择的一 幅图像, 或者是自行指定的一幅图像。  The cryptographic security system (3000) according to any one of claims 1 to 11, wherein the processed image input by the user is an image selected by the user from a plurality of randomly provided images, or is specified by itself. An image of one.
13. 根据权利要求 6所述的密码安全系统( 3000 ), 其中所述密码 信息是以不易识别的方式集成到用户输入的处理后的图像的数据中的。  13. The cryptographic security system (3000) according to claim 6, wherein the cryptographic information is integrated into data of the processed image input by the user in a manner that is not easily identifiable.
14. 根据权利要求 7所述的密码安全系统( 3000 ), 其中对所述密 码信息进行解密, 并返回解密后的密码信息。  14. The cryptographic security system (3000) of claim 7, wherein the cryptographic information is decrypted and the decrypted cryptographic information is returned.
15. 根据权利要求 8所述的密码安全系统( 3000 ), 其中釆用下述 解密技术之一对所述密码信息进行解密: RSA、 DES、 AES。  15. The cryptographic security system (3000) of claim 8, wherein the cryptographic information is decrypted using one of the following decryption techniques: RSA, DES, AES.
16. 根据权利要求 9所述的密码安全系统( 3000 ), 其中利用数字 水印技术, 提取出所述密码信息。  16. The cryptographic security system (3000) of claim 9, wherein the cryptographic information is extracted using a digital watermarking technique.
17. 根据权利要求 10 所述的密码安全系统( 3000 ), 其中从所述 图像的可交换图像文件 (EXIF )数据中提取出所述密码信息。  17. The cryptographic security system (3000) of claim 10, wherein the cryptographic information is extracted from exchangeable image file (EXIF) data of the image.
18. 一种密码安全方法, 包括: 密码隐蔽过程(100 )和密码取回 过程 ( 200 ), 其中  18. A method of password security, comprising: a password concealment process (100) and a password retrieval process (200), wherein
所述密码隐蔽过程(100 ) 包括:  The password concealment process (100) includes:
接收用户输入的密码信息和图像(S110 );  Receiving password information and an image input by the user (S110);
对所述图像进行处理, 将所述密码信息以不影响所述图像 使用的方式集成到所述图像的数据中 (S120 ); 以及 返回处理后的图像(S130 ),  Processing the image, integrating the password information into data of the image in a manner that does not affect the use of the image (S120); and returning the processed image (S130),
所述密码取回过程( 200 ) 包括: 接收用户输入的处理后的图像(S210 ); The password retrieval process (200) includes: Receiving a processed image input by the user (S210);
对用户输入的处理后的图像进行处理, 提取出以不影响图 像使用的方式集成到用户输入的处理后的图像中的密码信息 ( S220 ); 以及  Processing the processed image input by the user, extracting password information integrated into the processed image input by the user in a manner that does not affect the use of the image (S220);
返回提取出的密码信息 (S230 )。  The extracted password information is returned (S230).
19. 根据权利要求 18所述的密码安全方法, 其中所述图像是所述 用户自行指定或实时拍摄的一幅图像。  19. The cryptographic security method of claim 18, wherein the image is an image that is specified by the user or captured in real time.
20. 根据权利要求 18或 19所述的密码安全方法, 其中将所述密 码信息以不易识别的方式集成到所述图像的数据中。  20. A cryptographic security method according to claim 18 or 19, wherein the cryptographic information is integrated into the data of the image in an unrecognizable manner.
21. 根据权利要求 20所述的密码安全方法, 其中对所述密码信息 进行加密, 并将加密后的密码信息集成到所述图像的数据中。  21. The cryptographic security method of claim 20, wherein the cryptographic information is encrypted and the encrypted cryptographic information is integrated into the data of the image.
22. 根据权利要求 21所述的密码安全方法, 其中釆用下述加密技 术之一对所述密码信息进行加密: RSA、 DES、 AES。  22. The cryptographic security method of claim 21, wherein the cryptographic information is encrypted using one of the following encryption techniques: RSA, DES, AES.
23. 根据权利要求 18 ~ 22之一所述的密码安全方法, 其中利用数 字水印技术, 将所述密码信息集成到所述图像的数据中。  23. A cryptographic security method according to any one of claims 18 to 22, wherein the cryptographic information is integrated into the data of the image using a digital watermarking technique.
24. 根据权利要求 18 ~ 22之一所述的密码安全方法, 其中将所述 密码信息集成到所述图像的可交换图像文件(EXIF )数据中。  The cryptographic security method according to any one of claims 18 to 22, wherein said cryptographic information is integrated into exchangeable image file (EXIF) data of said image.
25. 根据权利要求 18 ~ 24之一所述的密码安全方法, 其中将所述 处理后的图像存储在服务器处, 或者存储在用户本地的存储器中。  The cryptographic security method according to any one of claims 18 to 24, wherein the processed image is stored at a server or stored in a memory local to the user.
26. 根据权利要求 18 ~ 25之一所述的密码安全方法, 其中用户输 入的处理后的图像是所述用户从随机提供的多幅图像中选择的一幅图 像, 或者是自行指定的一幅图像。  The cryptographic security method according to any one of claims 18 to 25, wherein the processed image input by the user is an image selected by the user from a plurality of randomly provided images, or a self-designated image image.
27. 根据权利要求 20所述的密码安全方法, 其中所述密码信息是 以不易识别的方式集成到用户输入的处理后的图像的数据中的。  27. The cryptographic security method according to claim 20, wherein the cryptographic information is integrated into data of the processed image input by the user in a manner that is not easily identifiable.
28. 根据权利要求 21所述的密码安全方法, 其中对所述密码信息 进行解密, 并返回解密后的密码信息。  28. The cryptographic security method of claim 21, wherein the cryptographic information is decrypted and the decrypted cryptographic information is returned.
29. 根据权利要求 22所述的密码安全方法, 其中釆用下述解密技 术之一对所述密码信息进行解密: RSA、 DES、 AES。  29. The cryptographic security method of claim 22, wherein the cryptographic information is decrypted using one of the following decryption techniques: RSA, DES, AES.
30. 根据权利要求 23所述的密码安全方法, 其中利用数字水印技 术, 提取出所述密码信息。 30. The cryptographic security method of claim 23, wherein the cryptographic information is extracted using a digital watermarking technique.
31. 根据权利要求 24所述的密码安全方法, 其中从所述图像的可 交换图像文件(EXIF )数据中提取出所述密码信息。 31. The cryptographic security method of claim 24, wherein the cryptographic information is extracted from exchangeable image file (EXIF) data of the image.
PCT/CN2013/072392 2012-12-21 2013-03-11 Password security system and password security method WO2014094389A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210560775.5 2012-12-21
CN201210560775.5A CN102970307B (en) 2012-12-21 2012-12-21 Cipher safety system and password safety method

Publications (1)

Publication Number Publication Date
WO2014094389A1 true WO2014094389A1 (en) 2014-06-26

Family

ID=47800193

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/072392 WO2014094389A1 (en) 2012-12-21 2013-03-11 Password security system and password security method

Country Status (2)

Country Link
CN (1) CN102970307B (en)
WO (1) WO2014094389A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103678971B (en) * 2013-11-15 2019-05-07 北京智谷睿拓技术服务有限公司 User information extracting method and user information extraction element
CN103677631A (en) * 2013-11-15 2014-03-26 北京智谷睿拓技术服务有限公司 Information interaction method and information interaction device
CN103616998B (en) * 2013-11-15 2018-04-06 北京智谷睿拓技术服务有限公司 User information acquiring method and user profile acquisition device
CN103631503B (en) * 2013-11-15 2017-12-22 北京智谷睿拓技术服务有限公司 Information interacting method and information interactive device
CN103685939B (en) * 2013-11-22 2016-07-13 杭州百航信息技术有限公司 The method that when taking pictures, photo is added a cover watermark
CN105989254A (en) * 2015-02-12 2016-10-05 深圳积友聚乐科技有限公司 Touch screen-based remote password verification system and method as well as electronic device
CN105550548A (en) * 2015-06-30 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Information processing method and terminal
CN105427234A (en) * 2016-01-25 2016-03-23 上海斐讯数据通信技术有限公司 Sharing method and sharing system for WIFI password
CN107994994A (en) * 2017-11-24 2018-05-04 深圳中兴网信科技有限公司 Image authentication code verification method, system, server and terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222710A1 (en) * 2007-03-05 2008-09-11 Microsoft Corporation Simplified electronic messaging system
CN101321066A (en) * 2008-05-20 2008-12-10 北京深思洛克数据保护中心 Information safety device for internetwork communication
CN101729256A (en) * 2008-10-24 2010-06-09 深圳宝嘉电子设备有限公司 Security certificate method based on fingerprint, cryptographic technology and fragile digital watermark
US20110016520A1 (en) * 2009-07-15 2011-01-20 Ira Cohen Authentication system and methods
CN102801724A (en) * 2012-08-09 2012-11-28 长城瑞通(北京)科技有限公司 Identity authentication method combining graphic image with dynamic password

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174948A (en) * 2006-11-02 2008-05-07 上海银晨智能识别科技有限公司 Network login system and method with face authentication
CN102164366A (en) * 2011-01-30 2011-08-24 广西师范大学 Message-hidden mobile phone information safety communication method based on JPEG (joint photographic experts group) image
CN102075547B (en) * 2011-02-18 2014-03-26 天地融科技股份有限公司 Dynamic password generating method and device and authentication method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222710A1 (en) * 2007-03-05 2008-09-11 Microsoft Corporation Simplified electronic messaging system
CN101321066A (en) * 2008-05-20 2008-12-10 北京深思洛克数据保护中心 Information safety device for internetwork communication
CN101729256A (en) * 2008-10-24 2010-06-09 深圳宝嘉电子设备有限公司 Security certificate method based on fingerprint, cryptographic technology and fragile digital watermark
US20110016520A1 (en) * 2009-07-15 2011-01-20 Ira Cohen Authentication system and methods
CN102801724A (en) * 2012-08-09 2012-11-28 长城瑞通(北京)科技有限公司 Identity authentication method combining graphic image with dynamic password

Also Published As

Publication number Publication date
CN102970307B (en) 2016-01-13
CN102970307A (en) 2013-03-13

Similar Documents

Publication Publication Date Title
WO2014094389A1 (en) Password security system and password security method
US8978120B2 (en) Communication control system and method, and communication device and method
JP4931924B2 (en) Media data processing apparatus and media data processing method
JP4992283B2 (en) Dynamic authentication method, dynamic authentication system, control program, and physical key
US10097666B2 (en) Accessing a service using an encrypted token
US8826398B2 (en) Password changing
US20120159603A1 (en) Mobile out-of-band authentication service
JP4520259B2 (en) Multimedia recording apparatus, multimedia recording method, and multimedia recording system
JP6351737B2 (en) Upload form attachment
CN112449102B (en) Private image encryption method and device
WO2014201940A1 (en) Photographing method and apparatus and storage medium
US9391778B2 (en) Secure password management systems, methods and apparatuses
WO2014094388A1 (en) Password hiding method and apparatus, and password retrieval method and apparatus
KR20150100602A (en) Data storing and reading methods, apparatuses and devices
CN113343260A (en) Data encryption method and device, electronic equipment and storage medium
JP2020140735A (en) Apparatus and method for camera-based user authentication for content access
TW201117042A (en) Computing system and method for encrypting files
EP4290857A1 (en) A method and a device for providing data from a network camera
JP7343680B2 (en) Authentication device, authentication support method, and program
WO2017210977A1 (en) Method and apparatus for management terminal to access wi-fi
KR20180104406A (en) A safe service method using an augmented reality and a mobile terminal providing the same
JP2005227830A (en) Image server and program
KR101107149B1 (en) Image apparatus, security memory card and authentication method therof
JP2004312500A (en) Image photographing device
JP5573108B2 (en) Digital camera

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13864480

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 06.11.15)

122 Ep: pct application non-entry in european phase

Ref document number: 13864480

Country of ref document: EP

Kind code of ref document: A1