CN104717195A - Service system password management method and device - Google Patents
Service system password management method and device Download PDFInfo
- Publication number
- CN104717195A CN104717195A CN201310695652.7A CN201310695652A CN104717195A CN 104717195 A CN104717195 A CN 104717195A CN 201310695652 A CN201310695652 A CN 201310695652A CN 104717195 A CN104717195 A CN 104717195A
- Authority
- CN
- China
- Prior art keywords
- cryptogam
- key
- cipher
- file
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a service system password management method and device. The service system password management method comprises the steps of invoking user password clear-text data in a service system, adopting first secret keys in password file headers to encrypt the user password clear-text data so as to generate password file bodies, adopting core secret keys to encrypt the password file headers and writing encrypted password file headers and the password file bodies into the same file to generate an encrypted merged file, adopting second secret keys to encrypt the encrypted merged file so as to generate a password file to be saved. In the mode that local password files are accessed through an API, the password using process can be independent of a password system and be self-existent, and convenience is brought to fast application deployment. In addition, the password files are encrypted in a three-layer encryption mode, and password safety is ensured to the maximum extent.
Description
Technical field
The present invention relates to Ciphor safety technology field in the communications field, particularly, relate to operation system cipher management method and device.
Background technology
Along with the development of information technology, while bringing efficient, information sharing, also bring much new problem to information security.Password is in occupation of very important position in security assurance information, and the Password Management of operation system is particularly important.In Mobile Service Support System, due to the growth of user, the development of business, generally have multiple database and a large amount of application servers, the interactive access therefore between them is absolutely necessary.In order to ensure the safety of operation system, Password Management and the setting of operating system and database are indispensable.
Existing operation system Password Management mode is traditional local management, namely in system all devices all at its password of local management, application program is by reading local configuration file, or obtained the operating system password of respective host by the password preserved in accessing database, and password is preserved with form expressly in configuration file or code.
The change of password is also carry out in this locality simultaneously, if when certain operating system or database need to change, the application program of all needs access all needs to do corresponding configuration change.If the application program related to is more, workload is large, loaded down with trivial details, and the omission that easily makes mistakes.
In Password Management in existing business support system, at least there are the following problems:
1. fail safe is not good enough, and current most background process uses expressly configuration to realize Password Management, and this makes the password of database and host cryptographic be easy to be revealed.And process is distributed in different main frames, just can be unblocked in whole system by the configuration of the program of checking after likely entering a main frame, cause the collapse of whole system.
2. management is more complicated, application process is distributed on different main frame, when causing the password change of operating system and database, need the change carrying out password configuration on different main frames, loaded down with trivial details and easily omit, cause user to change user cipher, this makes system use a password for a long time, brings very large potential safety hazard to system.
Summary of the invention
The present invention is to overcome the unsafe defect of the Password Management of operation system in prior art, according to an aspect of the present invention, proposes a kind of operation system cipher management method.
According to the operation system cipher management method of the embodiment of the present invention, comprising:
Call the user cipher clear data in operation system, adopt the first double secret key user cipher clear data in cryptogam head to be encrypted generating cipher file body;
Adopt core double secret key cryptogam head to be encrypted, and the cryptogam head after encryption and cryptogam body write identical file are generated encryption merge file;
Adopt the second key pair encryption merge file to be encrypted, generating cipher file is preserved.
The present invention is to overcome the unsafe defect of the Password Management of operation system in prior art, according to another aspect of the present invention, proposes a kind of operation system cipher management method.
According to the operation system cipher management method of the embodiment of the present invention, comprising:
Call the cryptogam in operation system, adopt the second double secret key cryptogam to be decrypted generating cipher file header and cryptogam body;
Adopt core double secret key cryptogam head to be decrypted, extract the first key stored in the cryptogam head after deciphering;
Adopt cryptogam body described in the first double secret key to be decrypted, generate user cipher clear data.
The present invention is to overcome the unsafe defect of the Password Management of operation system in prior art, according to an aspect of the present invention, proposes a kind of operation system Password Management device.
According to the operation system Password Management device of the embodiment of the present invention, comprising:
Calling encrypting module, for calling the user cipher clear data in operation system, adopting the first double secret key user cipher clear data in cryptogam head to be encrypted generating cipher file body;
Encryption merges module, for adopting cryptogam head described in core double secret key to be encrypted, and the cryptogam head after encryption and cryptogam body write identical file is generated encryption merge file;
Encryption generation module, encrypts merge file described in the second double secret key be encrypted for adopting, and generating cipher file is preserved.
The present invention is to overcome the unsafe defect of the Password Management of operation system in prior art, according to an aspect of the present invention, proposes a kind of operation system Password Management device.
According to the operation system Password Management device of the embodiment of the present invention, comprising:
Calling deciphering module, for calling the cryptogam in operation system, adopting the second double secret key cryptogam to be decrypted generating cipher file header and cryptogam body;
Deciphering extraction module, for adopting core double secret key cryptogam head to be decrypted, extracts the first key stored in the cryptogam head after deciphering;
Deciphering generation module, for adopting cryptogam body described in the first double secret key to be decrypted, generates user cipher clear data.
Operation system cipher management method of the present invention and device, adopt the mode of API Access local password file, application deployment is simple and convenient, wherein core key is kept in API dynamic base, variable cipher is kept in the password style head of cryptogam, makes the use procedure of password can depart from cryptographic system and independently exists, and provides conveniently to application rapid deployment, adopt the mode of 3 infill layers to be encrypted cryptogam simultaneously, ensure that the safety of password to greatest extent.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write specification, claims and accompanying drawing and obtain.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the structural representation of operation system Password Management platform of the present invention;
Fig. 2 is the structural representation of cryptogam encrypting and decrypting of the present invention;
Fig. 3 is the database password configuration of operation system Password Management platform of the present invention and the flow chart of use;
Fig. 4 is the structural representation of operation system Password Management device embodiment 1 of the present invention;
Fig. 5 is the structural representation of operation system Password Management device embodiment 2 of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail, but is to be understood that protection scope of the present invention not by the restriction of embodiment.
The present invention is directed to the unsafe problem of Password Management in existing business system, abstract design goes out general simply centralized operation system Password Management platform, fabric anomaly, Host Administration, data base administration, password management, password file management, parameter configuration and file distribution inquiry and Operation Log query function is realized by WEB, there is provided the API of C/C++ and Java for corresponding application process simultaneously, realize unified management and the issue of password.
The cryptogam used in operation system (i.e. business platform) adopts encryption format to preserve, adopt the cryptographic algorithm such as AES, DES, 3DES (EDE), Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5, whole cryptogam have employed 3 infill layer modes, and cryptogam comprises cryptogam head and cryptogam body.First the double secret key cryptogam body in cryptogam head is adopted to be encrypted, core double secret key cryptogam head is then used to be encrypted, cryptogam head and cryptogam body merge use fixed key and are encrypted rear write cryptogam, consider that Blowfish algorithm is quick, safe class is according to the different variable characteristic of key length, overall file uses fixed password to adopt Blowfish algorithm to be encrypted, this key just loaded at the cryptographic system design initial stage, if need change must revise rear recompility encryption dynamic base, simultaneously releasing pin file and encryption dynamic base again, other two-layer cipher modes can adopt different encryption method, ensure that the fail safe of password.
Basic thought of the present invention is: at business host deployments Agent, realizes the interactive function between Password Management device and each business main frame; Cryptogam, according to configuration generating cipher file, is published to each business main frame by Agent by Password Management device; From the cryptogam of each business main frame, obtain the configuration of corresponding password during application program launching, realize password by decipher function and use.
Above-mentioned basic thought is exactly the cryptogam needing access system and database at each business host deployments local program, each application process can obtain the configuration of corresponding cryptogam from cryptogam, and keeper can carry out the amendment issue of cryptogam by Web simultaneously.
As shown in Figure 1, operation system Password Management platform of the present invention comprises:
Web administration service module: the operating terminal of user by being connected with web administration service module, provide a unification, intuitively, easily operation interface better carry out Password Management and object information displaying etc. to user.
Administrative center: generate for all kinds of configurations in management database, user cipher and cryptogam, API dynamic base, issue cryptogam to Agent simultaneously.
Database: preserve operation system all kinds of password configuration, host configuration, password configuration, configure the preservation etc. of dictionary data and user operation data.
Password Management Client Agent: be deployed on each business main frame, realizes the amendment and issue etc. in the cryptogam of local management, API storehouse.
Client application process: the API dynamic base compiling provided by operation system Password Management platform uses, and realizes the function obtaining password from cryptogam.
As shown in Figure 2, the invention provides a kind of operation system cipher management method embodiment, the present embodiment mainly stresses the ciphering process of cryptogam.Cryptogam comprises cryptogam head and cryptogam body, and cryptogam body preserves user cipher clear data, and cryptogam head comprises cipher mode and the encryption key of cryptogam head.The present embodiment comprises:
Step 102: call the user cipher clear data in operation system, adopts the first double secret key user cipher clear data in cryptogam head to be encrypted generating cipher file body;
In a step 102, the first key is changeable key, comprises: AES, DES, 3DES(EDE to the cipher mode that user cipher clear data is encrypted), Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
Step 104: adopt core double secret key cryptogam head to be encrypted, and the cryptogam head after encryption and cryptogam body write identical file are generated encryption merge file;
At step 104, the cipher mode adopting core double secret key cryptogam head to be encrypted comprises: AES, DES, 3DES(EDE), Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
Step 106: adopt the second key pair encryption merge file to be encrypted, generating cipher file is kept in business main frame.
In step 106, the second key is fixed key, and the concrete Blowfish algorithm that adopts is encrypted.
It should be noted that, this step adopts Blowfish algorithm to be encrypted, and mainly considers the characteristic that Blowfish algorithm is quick, safe class is variable according to key length difference.Certainly, this step also can adopt other algorithm for encryption with reference to above-mentioned steps.
As shown in Figure 2, the invention provides another kind of operation system cipher management method embodiment, the present embodiment mainly stresses the decrypting process of cryptogam.Cryptogam comprises cryptogam head and cryptogam body, and cryptogam body preserves user cipher clear data, and cryptogam head comprises manner of decryption and the decruption key of cryptogam head.The present embodiment comprises:
Step 202: call the cryptogam in operation system, adopts this cryptogam of the second double secret key to be decrypted generating cipher file header and cryptogam body;
In step 202., the second key is fixed key, and the concrete Blowfish algorithm that adopts is decrypted.
It should be noted that, this step adopts Blowfish algorithm to be decrypted, and mainly considers the characteristic that Blowfish algorithm is quick, safe class is variable according to key length difference.Certainly, this step also can adopt other algorithm to decipher with reference to above-mentioned steps.
Step 204: adopt cryptogam head described in core double secret key to be decrypted, extract the first key stored in the described cryptogam head after deciphering;
In step 204, core key is kept in API dynamic base, adopt manner of decryption that described in core double secret key, cryptogam head is decrypted mainly according to the cryptogam head cipher mode comprised in cryptogam head content, can support: AES, DES, 3DES(EDE), Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
Preferably, in step 204, in the manner of decryption that cryptogam head is decrypted herein and above-mentioned steps 104, the cipher mode of cryptogam head is consistent;
Certainly, also can distinguish in different ways the cipher mode of cryptogam head in the manner of decryption of cryptogam head herein and above-mentioned steps 104.
Step 206: adopt the first double secret key cryptogam body to be decrypted, generates user cipher clear data.
In step 206, first key is changeable key, the manner of decryption adopting the first double secret key cryptogam body to be decrypted, mainly according to the cryptogam body cipher mode comprised in cryptogam head content, can be supported: AES, DES, 3DES(EDE), Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
Preferably, in step 206, in the manner of decryption of cryptogam body and above-mentioned steps 102, the cipher mode of user cipher clear data is consistent herein;
Certainly, also can distinguish in different ways the cipher mode of user cipher clear data in the manner of decryption of cryptogam body herein and above-mentioned steps 102.
The operation system cipher management method of the embodiment of the present invention, comprise the process that the various passwords in operation system (business platform) are encrypted and decrypted, adopt the mode of 3 infill layers and deciphering, every infill layer and deciphering can adopt identical or different mode, ensure that the fail safe of password to the full extent, be convenient to the convenient amendment to operation system password.
In the present invention, web administration service module comprises:
Fabric anomaly submodule: be mainly used for classifying to the business main frame and database that relate to password security, as BOSS group, CRM group, BASS group, conveniently carry out Search and Orientation.
Host Administration submodule: be mainly used in the relevant information configuring application deployment business main frame, mainly comprise host ip, Hostname, Host Type and file path (password file, md5 authentication file and cryptographic libraries bag issuing path), ownership group etc.
Data base administration submodule: main configuration password ownership database relevant information: database IP, TNS title, type of database, ownership group etc.
Password management submodule: be mainly used in configuration database password relevant information: user's name, password-type, user password, ownership main frame and password title etc.
Password file management submodule: main configuration concurrency cloth database password issues relevant information, and file publishing needs the changeable key, the cipher mode that comprise, and filename, file path etc., be published to cryptogam on business main frame simultaneously.
Parameter configuration submodule: main configuration concurrency cloth core key etc., every platform business main frame can arrange different core keys and cipher mode, and the change of core key needs the API dynamic base upgrading each business main frame.
Password file issues submodule: the result that monitoring cryptogam is issued, and handled easily person inquires about.
Operation Log inquiry submodule: inquire about the Operation Log of operator, facilitates keeper to carry out following the tracks of and the reviewing of problem.
As shown in Figure 3, the database password configuration of operation system Password Management platform of the present invention and the flow process of use comprise:
Step 302: cryptogram management center increases the business main frame of password security as requested and database is classified, comprises group #, group name claims, ownership group, group classification and describe details;
Step 304: cryptogram management center increases data bank service host configuration, comprises IP address, Host Type, ownership group, cryptogam catalogue, Hostname etc.;
Step 306: cryptogram management center increases database configuration, comprises database IP, ownership group, type of database, TNS title, database-name etc.;
Step 308: cryptogram management center setting data storehouse password, comprises password-type, user's name, user password, ownership object and password title etc.;
Step 310: cryptogram management center publication database password, sends the instruction of publication database password to web administration service module;
Step 312:Web management services module sends password to corresponding business master agent process and arranges instruction;
Step 314: business master agent process is according to the cryptogam of this business of instruction modification main frame, and password is issued and terminated;
Step 316: application process uses API to read local cryptogam, obtains corresponding database user password fulfillment database and logins.
So far, the database password configuration of operation system Password Management platform and the flow process of use terminate.
Operation system cipher management method of the present invention, adopt the mode of API Access local password file, application deployment is simple and convenient, wherein core key is kept in API dynamic base, variable cipher is kept in the password style head of cryptogam, makes the use procedure of password can depart from cryptographic system and independently exists, and provides conveniently to application rapid deployment, adopt the mode of 3 infill layers to be encrypted cryptogam simultaneously, ensure that the safety of password to greatest extent.
As shown in Figure 4, the invention provides a kind of operation system Password Management device, comprising:
Calling encrypting module 10, for calling the user cipher clear data in operation system, adopting user cipher clear data described in the first double secret key in cryptogam head to be encrypted generating cipher file body;
Encryption merges module 20, for adopting core double secret key cryptogam head to be encrypted, and the cryptogam head after encryption and cryptogam body write identical file is generated encryption merge file;
Encryption generation module 30, for adopting the second key pair encryption merge file to be encrypted, generating cipher file is preserved.
Calling in encrypting module 10, the first key is changeable key, comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5 to the cipher mode that user cipher clear data is encrypted.
Merge in module 20 in encryption, the cipher mode adopting core double secret key cryptogam head to be encrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
In encryption generation module 30, the second key is fixed key, and the cipher mode adopting the second key pair encryption merge file to be encrypted comprises: Blowfish.
As shown in Figure 5, the invention provides another kind of operation system Password Management device, comprising:
Calling deciphering module 40, for calling the cryptogam in operation system, adopting the second double secret key cryptogam to be decrypted generating cipher file header and cryptogam body;
Deciphering extraction module 50, for adopting core double secret key cryptogam head to be decrypted, extracts the first key stored in the cryptogam head after deciphering;
Deciphering generation module 60, for adopting the first double secret key cryptogam body to be decrypted, generates user cipher clear data.
Calling in deciphering module 40, the second key is fixed key, and manner of decryption cryptogam being decrypted to generating cipher file header and cryptogam body comprises: Blowfish.
In deciphering extraction module 50, the manner of decryption adopting core double secret key cryptogam head to be decrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
In deciphering generation module 60, the first key is changeable key, and the manner of decryption adopting the first double secret key cryptogam body to be decrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
Operation system Password Management device of the present invention, adopt the mode of API Access local password file, application deployment is simple and convenient, wherein core key is kept in API dynamic base, variable cipher is kept in the password style head of cryptogam, makes the use procedure of password can depart from cryptographic system and independently exists, and provides conveniently to application rapid deployment, adopt the mode of 3 infill layers to be encrypted cryptogam simultaneously, ensure that the safety of password to greatest extent.
The present invention can have multiple multi-form embodiment; above for Fig. 1-Fig. 5 by reference to the accompanying drawings to technical scheme of the present invention explanation for example; this does not also mean that the instantiation that the present invention applies can only be confined in specific flow process or example structure; those of ordinary skill in the art should understand; specific embodiments provided above is some examples in multiple its preferred usage, and the execution mode of any embodiment the claims in the present invention all should within technical solution of the present invention scope required for protection.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (16)
1. an operation system cipher management method, is characterized in that, comprising:
Call the user cipher clear data in operation system, adopt user cipher clear data described in the first double secret key in cryptogam head to be encrypted generating cipher file body;
Adopt cryptogam head described in core double secret key to be encrypted, and the cryptogam head after described encryption and described cryptogam body write identical file are generated encryption merge file;
Adopt and encrypt merge file described in the second double secret key and be encrypted, generating cipher file is preserved.
2. method according to claim 1, it is characterized in that, described first key is changeable key, describedly comprises the cipher mode that user cipher clear data is encrypted: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
3. method according to claim 1, it is characterized in that, the cipher mode that described in described employing core double secret key, cryptogam head is encrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
4. method according to claim 1 and 2, is characterized in that, described second key is fixed key, encrypts the cipher mode that merge file is encrypted and comprises: Blowfish described in described employing second double secret key.
5. an operation system cipher management method, is characterized in that, comprising:
Call the cryptogam in operation system, adopt cryptogam described in the second double secret key to be decrypted generating cipher file header and cryptogam body;
Adopt cryptogam head described in core double secret key to be decrypted, extract the first key stored in the described cryptogam head after deciphering;
Adopt cryptogam body described in described first double secret key to be decrypted, generate user cipher clear data.
6. method according to claim 5, is characterized in that, described second key is fixed key, describedly comprises the manner of decryption that cryptogam is decrypted generating cipher file header and cryptogam body: Blowfish.
7. method according to claim 5, it is characterized in that, the manner of decryption that described in described employing core double secret key, cryptogam head is decrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
8. method according to claim 5, it is characterized in that, described first key is changeable key, and the manner of decryption that described in described employing first double secret key, cryptogam body is decrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
9. an operation system Password Management device, is characterized in that, comprising:
Calling encrypting module, for calling the user cipher clear data in operation system, adopting user cipher clear data described in the first double secret key in cryptogam head to be encrypted generating cipher file body;
Encryption merges module, for adopting cryptogam head described in core double secret key to be encrypted, and the cryptogam head after described encryption and described cryptogam body write identical file is generated encryption merge file;
Encryption generation module, encrypts merge file described in the second double secret key be encrypted for adopting, and generating cipher file is preserved.
10. device according to claim 9, it is characterized in that, call in encrypting module described, described first key is changeable key, describedly comprises the cipher mode that user cipher clear data is encrypted: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
11. devices according to claim 9, it is characterized in that, merge in module in described encryption, the cipher mode that described in described employing core double secret key, cryptogam head is encrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
12. devices according to claim 9, it is characterized in that, in described encryption generation module, in described encryption generation module, described second key is fixed key, encrypts the cipher mode that merge file is encrypted and comprises: Blowfish described in described employing second double secret key.
13. 1 kinds of operation system Password Management devices, is characterized in that, comprising:
Calling deciphering module, for calling the cryptogam in operation system, adopting cryptogam described in the second double secret key to be decrypted generating cipher file header and cryptogam body;
Deciphering extraction module, for adopting cryptogam head described in core double secret key to be decrypted, extracts the first key stored in the described cryptogam head after deciphering;
Deciphering generation module, for adopting cryptogam body described in described first double secret key to be decrypted, generates user cipher clear data.
14. devices according to claim 13, is characterized in that, call in deciphering module described, and described second key is fixed key, describedly comprise the manner of decryption that cryptogam is decrypted generating cipher file header and cryptogam body: Blowfish.
15. devices according to claim 13, it is characterized in that, in described deciphering extraction module, the manner of decryption that described in described employing core double secret key, cryptogam head is decrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
16. devices according to claim 13, it is characterized in that, in described deciphering generation module, described first key is changeable key, and the manner of decryption that described in described employing first double secret key, cryptogam body is decrypted comprises: AES, DES, 3DES, Blowfish, CAST-128, IDEA, Safer-SK, RC2, RC4, RC5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310695652.7A CN104717195A (en) | 2013-12-17 | 2013-12-17 | Service system password management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310695652.7A CN104717195A (en) | 2013-12-17 | 2013-12-17 | Service system password management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104717195A true CN104717195A (en) | 2015-06-17 |
Family
ID=53416164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310695652.7A Pending CN104717195A (en) | 2013-12-17 | 2013-12-17 | Service system password management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104717195A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850612A (en) * | 2017-01-23 | 2017-06-13 | 北京思特奇信息技术股份有限公司 | The cipher management method and system of a kind of facing cloud system |
| CN108256340A (en) * | 2017-12-22 | 2018-07-06 | 中国平安人寿保险股份有限公司 | Collecting method, device, terminal device and storage medium |
| CN108282484A (en) * | 2018-01-30 | 2018-07-13 | 平安普惠企业管理有限公司 | Password acquisition methods, device, computer equipment and storage medium |
| CN108650095A (en) * | 2018-04-17 | 2018-10-12 | 四川长虹电器股份有限公司 | A kind of file encryption-decryption method based on redis |
| CN110032874A (en) * | 2019-01-31 | 2019-07-19 | 阿里巴巴集团控股有限公司 | A kind of date storage method, device and equipment |
| CN111526014A (en) * | 2020-04-20 | 2020-08-11 | 北京思特奇信息技术股份有限公司 | System and method for unified management of clustered deployment application passwords |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1295395A (en) * | 1999-11-05 | 2001-05-16 | 英属维京群岛盖内蒂克瓦耳有限公司 | Cipher system and safety data transmission method |
| CN1679066A (en) * | 2002-07-12 | 2005-10-05 | 英格里安网络公司 | Network attached encryption |
| CN101800811A (en) * | 2010-02-02 | 2010-08-11 | 中国软件与技术服务股份有限公司 | Mobile phone data security protection method |
| CN103116730A (en) * | 2013-01-21 | 2013-05-22 | 厦门市美亚柏科信息股份有限公司 | Deciphering method and system of data protection application programming interface (DPAPI) enciphered data |
| CN103312690A (en) * | 2013-04-19 | 2013-09-18 | 无锡成电科大科技发展有限公司 | System and method for key management of cloud computing platform |
-
2013
- 2013-12-17 CN CN201310695652.7A patent/CN104717195A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1295395A (en) * | 1999-11-05 | 2001-05-16 | 英属维京群岛盖内蒂克瓦耳有限公司 | Cipher system and safety data transmission method |
| CN1679066A (en) * | 2002-07-12 | 2005-10-05 | 英格里安网络公司 | Network attached encryption |
| CN101800811A (en) * | 2010-02-02 | 2010-08-11 | 中国软件与技术服务股份有限公司 | Mobile phone data security protection method |
| CN103116730A (en) * | 2013-01-21 | 2013-05-22 | 厦门市美亚柏科信息股份有限公司 | Deciphering method and system of data protection application programming interface (DPAPI) enciphered data |
| CN103312690A (en) * | 2013-04-19 | 2013-09-18 | 无锡成电科大科技发展有限公司 | System and method for key management of cloud computing platform |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850612A (en) * | 2017-01-23 | 2017-06-13 | 北京思特奇信息技术股份有限公司 | The cipher management method and system of a kind of facing cloud system |
| CN108256340A (en) * | 2017-12-22 | 2018-07-06 | 中国平安人寿保险股份有限公司 | Collecting method, device, terminal device and storage medium |
| CN108256340B (en) * | 2017-12-22 | 2020-06-12 | 中国平安人寿保险股份有限公司 | Data acquisition method and device, terminal equipment and storage medium |
| CN108282484A (en) * | 2018-01-30 | 2018-07-13 | 平安普惠企业管理有限公司 | Password acquisition methods, device, computer equipment and storage medium |
| CN108282484B (en) * | 2018-01-30 | 2021-03-02 | 平安普惠企业管理有限公司 | Password acquisition method and device, computer equipment and storage medium |
| CN108650095A (en) * | 2018-04-17 | 2018-10-12 | 四川长虹电器股份有限公司 | A kind of file encryption-decryption method based on redis |
| CN110032874A (en) * | 2019-01-31 | 2019-07-19 | 阿里巴巴集团控股有限公司 | A kind of date storage method, device and equipment |
| CN111526014A (en) * | 2020-04-20 | 2020-08-11 | 北京思特奇信息技术股份有限公司 | System and method for unified management of clustered deployment application passwords |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6821857B2 (en) | Extension of single sign-on to dependent parties of federated logon providers | |
| JP6383019B2 (en) | Multiple permission data security and access | |
| CN104717195A (en) | Service system password management method and device | |
| AU2012288609B2 (en) | Anonymisation and filtering data | |
| US9430211B2 (en) | System and method for sharing information in a private ecosystem | |
| JP6048414B2 (en) | Database apparatus, method and program | |
| KR101541591B1 (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
| US10212153B2 (en) | Providing data security with a token device | |
| CN109074274A (en) | Virtual browser is integrated | |
| US20150261971A1 (en) | User-agnostic backend storage for cloud-based applications | |
| CN103595730A (en) | Ciphertext cloud storage method and system | |
| CN105308923A (en) | Data management for an application with multiple operation modes | |
| US10241930B2 (en) | Storing data in a server computer with deployable encryption/decryption infrastructure | |
| US10630722B2 (en) | System and method for sharing information in a private ecosystem | |
| CN111066307B (en) | Wrapping continuation tokens to support paging across multiple servers in different geographic locations | |
| WO2019114137A1 (en) | Password calling method, server, and storage medium | |
| CN105072134A (en) | Cloud disk system file secure transmission method based on three-level key | |
| US9436849B2 (en) | Systems and methods for trading of text based data representation | |
| CN102426637B (en) | A kind of embedded database cryptographic storage method | |
| CN113574837A (en) | Tracking image senders on client devices | |
| CN112199431B (en) | Metadata-based data sharing method and data sharing system | |
| Dongre et al. | Secure cloud storage of data | |
| KR20190076531A (en) | Cloud storage encryption system | |
| Sung et al. | A distributed mobile cloud computing model for secure big data | |
| CN117971798A (en) | Data isolation method, system and equipment for multi-technology fusion of SaaS software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150617 |