Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme of the embodiment of the invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention, rather than whole embodiment.Based on the described embodiment among the present invention, the every other embodiment that those skilled in the art are obtained under the prerequisite of not making creative work should belong to the scope of protection of the invention.
At first, in conjunction with the method 100 of Fig. 1 description according to the transmission password of the embodiment of the invention.
As shown in Figure 1, method 100 comprises: in S110, obtain password; In S120, password is divided into two parts content at least, two parts content is different at least; In S130, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, so that the partial content that each user terminal is received does not overlap mutually, user terminal obtains password according to the content of receiving of two parts at least.
For example, method 100 can be carried out by the device that is configured to password is handled and sent the each several part that obtains after the processing, and this device can be the network equipment independently, also can be integrated in the prior network device.Hereinafter, the device that password is handled and sent is also referred to as encryption processing apparatus.Next, detailed description is according to the S110 to S130 of the embodiment of the invention.
In S110, encryption processing apparatus can obtain password from the server that is used to generate password or storage password, and this encryption processing apparatus can be the independently network equipment or its part, also can be integrated in the server that is used for generating password or storage password.This server can generate password and send to encryption processing apparatus when receive the request message of the request generation password that the user sends, also can periodically send the random cipher that dynamically updates to encryption processing apparatus, the password that can also will store in advance when user's acquisition request password sends to encryption processing apparatus.
Encryption processing apparatus sets in advance the information relevant with the targeted customer in encryption processing apparatus by inquiry, can determine at least two user terminals corresponding with the targeted customer.User terminal can comprise mobile phone, personal computer, personal digital assistant etc.In encryption processing apparatus, the form of expression of user terminal can be a cell-phone number, also can be the IP address, can also be can unique definite terminal other forms.Certainly, the targeted customer can be not only one.
In S120, encryption processing apparatus becomes two parts content at least with the cryptographic processing of obtaining among the S110.Encryption processing apparatus can directly split password, also can decompose password according to cryptographic algorithm etc.The every partial content that obtains after the processing comprises at least one character.
According to one embodiment of present invention, password can be divided into the cryptopart of predetermined hop count, predetermined hop count is at least 2 sections.Like this, in S130, each user terminal at least two user terminals sends at least one section cryptopart in the cryptopart of being scheduled to hop count respectively.
The cryptopart that obtains after the fractionation comprises at least one character in the password, and all cryptoparts combine and can restore password.Encryption processing apparatus can split password neatly in order, and the number of characters that each cryptopart has can be provided with flexibly.The predetermined hop count of cryptopart can be set flexibly by encryption processing apparatus, but predetermined hop count to need at least be 2 sections, and need be not less than the number of the user terminal of giving to be sent.
For example, when in S120, password being divided into a plurality of cryptopart, can be in S130 respectively each user terminal at least two user terminals send at least one section cryptopart and the positional information of this cryptopart in password in the cryptopart of predetermined hop count so that user terminal obtains password according to positional information.
Encryption processing apparatus is except sending the cryptopart to user terminal, user terminal position-based information can also send and the corresponding positional information of being received of cryptopart to user terminal, so that can be known the residing arrangement position of the cryptopart of receiving when cryptopart is combined into password.
Positional information can be the hop count numbering of cryptopart in password, also can be the numbering of bebinning character in all characters of password of cryptopart, can also be other information that it may occur to persons skilled in the art that, can help cryptopart is combined into password by positional information.
Again for example, when in S120, password being divided into a plurality of cryptopart, can be according to the sequence of positions of cryptopart in password of being scheduled to hop count in S130, each user terminal at least two user terminals sends at least one section cryptopart in the cryptopart of being scheduled to hop count respectively, so that user terminal obtains password according to the time that receives cryptopart.
Password is split into after the cryptopart, preferentially send the forward cryptopart in position, it is corresponding with the sequence of positions of cryptopart in password to make that user terminal receives time of cryptopart.For example, when password " 123456 " is split into " 12 ", " 34 " and " 56 ", send earlier " 12 ", send again " 34 ", then send " 56 ", can make the time of reception of the time of reception of " 12 " early than " 34 " like this, the time of reception of " 34 " is early than the time of reception of " 56 ".User terminal makes up cryptopart according to time of reception, thereby restores password.
In addition, also might be provided with order to user terminal in advance, encryption processing apparatus splits out after the cryptopart, the cryptopart that the position is forward sends to the user terminal that is provided with the forward cryptopart of receiving position, and the cryptopart after the position is leaned on sends to the user terminal of the cryptopart after being provided with receiving position to lean on.Like this, after on user terminal, receiving the cryptopart that opsition dependent sends in proper order, according to the order of user terminal cryptopart is arranged and to restore password.Certainly, also might user terminal be provided with the positional information that in proper order, does not yet send cryptopart, the targeted customer also can finally obtain correct password by attempting the various modes that cryptopart is arranged.For example, two user terminals are received A and two cryptoparts of B, so password be not A preceding B after, be exactly B preceding A after, the user can be by attempting obtaining correct password.
According to one embodiment of present invention, in S120, cryptographic processing can be become first yard section of at least one section and second yard section of at least one section, constitute by first yard section first yard, second yard of decipher second yard section formation obtains password.
Can be first yard and second yard with cryptographic processing by predetermined enciphering and deciphering algorithm, can restore password for second yard by first yard deciphering.Predetermined enciphering and deciphering algorithm can adopt with prior art in identical enciphering and deciphering algorithm, also can set arbitrarily, the concrete form of enciphering and deciphering algorithm is not construed as limiting protection scope of the present invention.For example, can be as first yard regular code with as second yard latent sign indicating number with cryptographic processing, can restore password with the latent sign indicating number of regular code deciphering.For instance, when password is " 1234 ", cryptographic processing can be become latent sign indicating number " 2345 " and a regular code " 1111 ", corresponding decipherment algorithm is latent yard and deducts regular code and obtain password.Certainly, it may occur to persons skilled in the art that restore password according to latent sign indicating number and regular code and can also adopt other algorithms, the present invention does not carry out any qualification to the concrete form of algorithm.
Because the number of user terminal may be greater than the number of first yard and second yard these two character strings, so in order each user terminal can be obtained be used to the part of the information that constitutes password, each user terminal need carry out segmentation with first yard and second yard, so that can obtain a part of information of not coinciding mutually.
In S130, encryption processing apparatus sends at least two user terminals respectively with the content of two parts at least among the S120.Each user terminal can be received at least a portion content, and the partial content that any two user terminals are received is different mutually.When the partial content that each user terminal is received makes up, can constitute and the identical complete password of password among the S110.
For example, the hypothetical target user has A, B, three user terminals of C.If encryption processing apparatus will be treated to be divided into 5 sections successively to the password that the targeted customer sends, then encryption processing apparatus can send the 1st section and the 2nd section cryptopart to party A-subscriber's terminal, send the 3rd section cryptopart to party B-subscriber's terminal, send the 4th section and the 5th section cryptopart to the C user terminal.If encryption processing apparatus is divided into 3 sections successively with cryptopart, then can send the 1st section cryptopart to party A-subscriber's terminal, send the 2nd section cryptopart to party B-subscriber's terminal, send the 3rd section cryptopart to the C user terminal.With 3 everyone bank's properties of having is example, three everyone have A, B, three user terminals of C, when generating dynamic password " 135792468 " at 3 everyone bank accounts of having, encryption processing apparatus can be split as 3 parts " 135 ", " 792 ", " 468 " with the password that obtains according to the quantity of user terminal, again " 135 " are sent to party A-subscriber's terminal, " 792 " are sent to party B-subscriber's terminal, " 468 " are sent to the C user terminal, and such 3 everyone user terminals of holding separately just can obtain complete password.
According to embodiments of the invention, the number of user terminal can be identical with the part number that cryptographic processing is become.Like this, encryption processing apparatus can be handled password according to the number of user terminal, makes each user terminal can receive the part of password.
Because the partial information of password has been sent to different user terminals, therefore, if the hacker wishes to obtain password, not only need to break through a plurality of user terminals, also want the relevance between the different piece content that recognition code is processed into, this has improved the hacker and has obtained the difficulty of password, and has strengthened the fail safe that the user locates to preserve password.
Send in the process of the content of two parts at least of password at S130, can use identical traffic passage such as same communication network or same computer network to transmit the content of different piece.More preferably, can be by at least two transmission channels inequality, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively.Like this, help being reduced in the possibility of intercepting and capturing complete password in the transmission course of password, further strengthen the fail safe of password.Communication network can corresponding sms center, a communication network also can one of correspondence send USSD (Unstructured Supplementary Service Data, unstructured supplementary data traffic) server of message, a communication network can also be defined by a cell ID.Computer network all IP addresses in can a corresponding subnet network segment also can corresponding mail server.Certainly, those skilled in the art it will also be appreciated that other define the mode of communication network or computer network.
At least each in used at least two transmission channels of two parts content of transmission password can be corresponding with a transmission interface of encryption processing apparatus, the corresponding transmission channel of each transmission interface.Certainly, also might one the corresponding a plurality of transmission channels of transmission interface, when certain partial content of password after this transmission interface output, the transmission by network will be sent to the different transmission channels such as different telecommunication networks or various computing machine network.Like this, can not be truncated to complete password, thereby can further improve the fail safe of password, increase the difficulty of intercepting password in transmission course by a transmission channel.
For example, can pass through at least two communication networks, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, corresponding at least one user terminal of each communication network wherein, one of at least two communication networks of each user terminal correspondence.
For instance, at least two communication networks can be at least two sms centers, and encryption processing apparatus is split as cryptopart with password.The targeted customer has A, B, three user terminals of C, and A, party B-subscriber's terminal receive the note that sends from first sms center and obtain cryptopart, and the C user terminal receives the note that sends from second sms center and obtains cryptopart.
Again for example, can be by at least one communication network and at least one computer network, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, corresponding at least one user terminal of each communication network wherein, corresponding at least one user terminal of each computer network, one of one of corresponding at least one communication network of each user terminal or at least one computer network.
For instance, at least one communication network can be at least one sms center, and at least one computer network can be at least one IP subnet, and encryption processing apparatus is split as cryptopart with password.The targeted customer has A, B, three user terminals of C, and A, party B-subscriber's terminal receive the note that sends from sms center and obtain cryptopart, and the C user terminal receives cryptopart by computer network.At this moment, in the C user terminal client that is used to receive cryptopart can be installed, the C user terminal can receive encryption processing apparatus and push the cryptopart of coming by computer network by opening this client.
Again for example, can pass through at least two computer networks, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, corresponding at least one user terminal of each computer network wherein, one of at least two computer networks of each user terminal correspondence.
For instance, encryption processing apparatus is split as cryptopart with password.The targeted customer has A, B, three user terminals of C, party A-subscriber's terminal is arranged in the Ethernet that the network address is 221.68.0.0, party B-subscriber's terminal is arranged in the Ethernet that the network address is 69.156.0.0, the C user terminal is arranged in the Ethernet that the network address is 100.64.0.0, and these three user terminals can receive encryption processing apparatus via residing Ethernet and split the cryptopart that obtains.
Certainly, those skilled in the art it will also be appreciated that the different piece content of transmitting password by other transmission channel, the each several part content subchannel that makes the processing password obtain is delivered to different user terminals, be difficult to be truncated to complete password by same passage, thereby can further strengthen the fail safe of password.
The method of the transmission password that provides according to the embodiment of the invention, by cryptographic processing being become two parts content at least, the content of different piece can be sent to different user terminals, the potential safety hazard that can avoid like this on a user terminal, presenting complete password and exist, thereby the fail safe that can improve password.In addition, because the user still has only a password, original mechanism can not changed, thereby help system upgrade.
Below, referring to figs. 2 and 3 shown in schematic diagram the example that the method utilize the embodiment of the invention to provide is carried out password transmission is described.
In first example shown in Figure 2, encryption processing apparatus obtains the targeted customer's of giving to be sent password " 577345 " from the server that generates password.The server that generates password can generate password and send to encryption processing apparatus when receiving the request that the targeted customer sends.
Encryption processing apparatus is divided into multistage according to the number of the phone number that the targeted customer sets in advance with password, every section corresponding phone number of password, and each phone number obtains the cryptopart of a character at least.In this embodiment, be that example describes with two mobile phones, but the number of not getting rid of the phone number that the targeted customer sets in advance is more than two situation.
As seen from Figure 2, encryption processing apparatus is divided into password " 5773 " and " 45 " two sections, by the first note transmission interface " 5773 " this section is sent to first sms center, " 45 " this section is sent to second sms center by the second note transmission interface.Sms center in addition, also needs first phone number is sent to first sms center, second phone number sent to second sms center, so that can send to the cryptopart that obtains corresponding mobile phone.
First sms center sends to first mobile phone of the first phone number correspondence with " 5773 " this section, and second sms center sends to " 45 " this section second mobile phone of the second phone number correspondence.On first mobile phone, can present " land totally two sections in password, first section is 5773 ", on second mobile phone, can present " land totally two sections in password, second section is 45 ".
Like this, the targeted customer is according to short message content, the cryptopart received on first mobile phone and second mobile phone order according to short message prompt can be merged, thereby constitute complete password.
In second example shown in Figure 3, identical with first example, encryption processing apparatus obtains the password " 577345 " to the targeted customer to be sent from the server that generates password, and password is divided into " 5773 " and " 45 " two sections.
In second example, encryption processing apparatus sends to sms center by the note transmission interface with " 5773 " this section and targeted customer's phone number, by sms center " 5773 " this section sent to the mobile phone corresponding with this phone number, on mobile phone, can present " land totally two sections in password, first section is 5773 ".
In addition, encryption processing apparatus is pushed to personal computer that targeted customer have with " 45 " this section via computer network by the network transmission interface, and the passage that pushes cryptopart can be set up by client of installing in personal computer and starting and encryption processing apparatus.Via this passage cryptopart is pushed to after the personal computer, this client presents cryptopart information to the targeted customer, for example " land totally two sections in password, second section is 45 ".Client can be to insert USB flash disk and automatically actuated on personal computer.
The targeted customer can be combined into the cryptopart of receiving complete password by checking the content on SMS and the client.
The method of the transmission password that the embodiment of the invention provides goes for the supervision of community property, for example to the supervision of Company Account.When needs extract cash or when account transfer from Company Account, land on the mobile phone that password can be dealt into different responsible persons concerned, it is complete to have only note on whole supervisors' the mobile phone to collect, and just can obtain complete password, lands realizing.Collect in the process of password, the behavior this time of the known per capita road of related responsibility, thus can guarantee fail safe that community property is used.
The method of the transmission password that the embodiment of the invention provides can also be applicable to the protection scheme of the personal identification number that fail safe is had higher requirements.For example, the client software that obtains the partial content after the cryptographic processing can be placed in the USB flash disk, when needs receive password, insert USB flash disk, running client program.Owing to comprise a plurality of user terminals, therefore attack a user terminal separately and can not effectively get access to password, even break through a plurality of user terminals, the mutual order that also needs to identify between the different piece content just can be combined into password, and this has strengthened the difficulty of intercepting password.
Described method above, described the structured flowchart of device that is used to transmit password according to the embodiment of the invention below with reference to Fig. 4 and Fig. 5 according to the transmission password of the embodiment of the invention.
Fig. 4 is the structured flowchart of device 400 that is used to transmit password according to the embodiment of the invention.
Device 400 can be the network equipment independently, also can be integrated in the prior network device.Device 400 comprises acquisition module 410, processing module 420 and sending module 430, and acquisition module 410 can realize that processing module 420 can realize that sending module 430 can be realized by output interface by processor by input interface.Acquisition module 410 is used to obtain password.Processing module 420 is used for cryptographic processing is become two parts content at least, and two parts content is different at least.Sending module 430 is used for respectively each user terminal at least two user terminals and sends at least a portion content in two parts content at least, so that the partial content that each user terminal is received does not overlap mutually, user terminal obtains password according to the content of receiving of two parts at least.
Above-mentioned and other operations of acquisition module 410, processing module 420 and sending module 430 and/or function can for fear of repetition, not repeat them here with reference to S110 to the S130 step in the said method 100 and the description of other relevant portions.
The device that is used to transmit password that provides according to the embodiment of the invention, by cryptographic processing being become two parts content at least, the content of different piece can be sent to different user terminals, the potential safety hazard that can avoid like this on a user terminal, presenting complete password and exist, thereby the fail safe that can improve password.In addition, because the user still has only a password, original mechanism can not changed, thereby help system upgrade.
Fig. 5 is the structured flowchart of device 500 that is used to transmit password according to the embodiment of the invention.
The acquisition module 510 of device 500, processing module 520 and sending module 530 are basic identical with acquisition module 410, processing module 420 and the sending module 430 of device 400.
According to one embodiment of present invention, processing module 520 can be used for password is divided into the cryptopart of predetermined hop count, and predetermined hop count is at least 2 sections.In this case, sending module 530 can be used for respectively at least one section cryptopart in the cryptopart that each user terminal at least two user terminals sends predetermined hop count.In addition, according to one embodiment of present invention, sending module 530 can also be used for respectively at least one section cryptopart and the positional information of this cryptopart in password in the cryptopart that each user terminal at least two user terminals sends predetermined hop count, so that user terminal obtains password according to positional information.According to one embodiment of present invention, sending module 530 can also be used for according to the sequence of positions of the cryptopart of being scheduled to hop count at password, each user terminal at least two user terminals sends at least one section cryptopart in the cryptopart of being scheduled to hop count respectively, so that user terminal obtains password according to the time that receives cryptopart.
According to one embodiment of present invention, processing module 520 can be used for cryptographic processing is become first yard section of at least one section and second yard section of at least one section, and constitute by first yard section first yard, second yard of decipher second yard section formation obtains password.
According to embodiments of the invention, sending module 530 can be used for by at least two transmission channels inequality, and each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively.
For example, sending module 530 can comprise at least one item in first transmitting element 532, second transmitting element 534 and the 3rd transmitting element 536.First transmitting element 532 is used for by at least two communication networks, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, corresponding at least one user terminal of each communication network wherein, one of at least two communication networks of each user terminal correspondence.Second transmitting element 534 is used for by at least one communication network and at least one computer network, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, corresponding at least one user terminal of each communication network wherein, corresponding at least one user terminal of each computer network, one of one of corresponding at least one communication network of each user terminal or at least one computer network.The 3rd transmitting element 536 is used for by at least two computer networks, each user terminal at least two user terminals sends at least a portion content in two parts content at least respectively, corresponding at least one user terminal of each computer network wherein, one of at least two computer networks of each user terminal correspondence.
According to embodiments of the invention, the number of user terminal can be identical with the part number that cryptographic processing is become.
Above-mentioned and other operations of processing module 520, sending module 530, first transmitting element 532, second transmitting element 534 and the 3rd transmitting element 536 and/or function can reference method 100 S120 and the description of S130 step and other relevant portions, for fear of repetition, repeat no more.
The device that is used to transmit password that provides according to the embodiment of the invention, owing to transmit the different piece content that obtains after the cryptographic processing via transmission channel inequality, make and to be truncated to all partial contents that the processing password obtains by a transmission channel, can further improve the fail safe of password like this, increase the difficulty of intercepting password in transmission course.
The device that being used to of the embodiment of the invention can being provided transmitted password is applied to prior network device, also can transmit the device of password as a new network equipment with being used to.In the network equipment, comprise acquisition module, processing module and sending module.Acquisition module can be realized that processing module can be realized that sending module can be realized by a plurality of output interfaces by processor by input interface.For example sending module can comprise a plurality of sms center connecting interfaces, each sms center connecting interface can be connected to sms center, has the partial content that the processing password is obtained and sends to sms center, makes sms center partial content is forwarded to the ability of corresponding mobile phone again.Again for example, sending module can comprise network connection interface, network connection interface can be connected to computer network, have with cryptopart send to computer network, cryptopart is forwarded to the ability of the client that corresponding personal computer installs by computer network.
Those skilled in the art can recognize, in conjunction with various method steps of describing among the embodiment disclosed herein and unit, can realize with electronic hardware, computer software or the combination of the two, for the interchangeability of hardware and software clearly is described, step and the composition of each embodiment described prevailingly according to function in the above description.These functions still are that software mode is carried out with hardware actually, depend on the application-specific and the design constraint of technical scheme.Those skilled in the art can use distinct methods realize described function to each specific application, but this realization should not thought and exceeds scope of the present invention.
Can implement with hardware, the software program of processor execution or the combination of the two in conjunction with the method step that embodiment disclosed herein describes.Software program can place the storage medium of any other form known in random-access memory (ram), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the technical field.
Although illustrated and described some embodiments of the present invention, it should be appreciated by those skilled in the art that without departing from the principles and spirit of the present invention can carry out various modifications to these embodiment, such modification should fall within the scope of the present invention.