CN105812357B - A kind of user password management method of cloud computing platform - Google Patents
A kind of user password management method of cloud computing platform Download PDFInfo
- Publication number
- CN105812357B CN105812357B CN201610127171.XA CN201610127171A CN105812357B CN 105812357 B CN105812357 B CN 105812357B CN 201610127171 A CN201610127171 A CN 201610127171A CN 105812357 B CN105812357 B CN 105812357B
- Authority
- CN
- China
- Prior art keywords
- password
- user
- encryption algorithm
- configuration information
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of user password management method of cloud computing platform, the method comprises the steps of: for user setting and saves corresponding password configuration information, and the password configuration information includes cipher encryption algorithm;Obtain clear-text passwords;Read the cipher encryption algorithm in the password configuration information;The clear-text passwords is encrypted using the cipher encryption algorithm to generate corresponding ciphertext password;The cipher encryption algorithm and the ciphertext password are merged into password encryption result;The password encryption is saved as a result, not saving the clear-text passwords.Compared with prior art, the plaintext for avoiding user password according to the method for the present invention saves, to substantially increase the safe coefficient of user password preservation, and then improves the general safety degree of cloud computing platform.
Description
Technical field
The present invention relates to computer fields, in particular relate to a kind of user password management method of cloud computing platform.
Background technique
Cloud computing is a kind of method of emerging shared architecture, and calculating task is distributed in a large amount of computers and constituted by it
Resource pool on, so that various application systems is obtained as needed and calculate power, memory space and various software services.Cloud computing
Bottom need virtualization technology to support.By virtualization technology, cloud computing be may be implemented to the flexible and efficient of resource
It uses, to provide quality services for user.
User password management is most important for the safety of cloud computing platform.Currently, most of cloud computing platform
User password management be stored in clear.However if user password stored in clear is easy to be cracked, it will give cloud computing platform
Bring safety problem.
Therefore, in order to improve cloud computing platform safety, a kind of user password management method of cloud computing platform is needed.
Summary of the invention
In order to improve cloud computing platform safety, the present invention provides a kind of user password managers of cloud computing platform
Method, the method comprise the steps of:
For user setting and corresponding password configuration information is saved, the password configuration information is calculated comprising password encryption
Method;
Obtain clear-text passwords;
Read the cipher encryption algorithm in the password configuration information;
The clear-text passwords is encrypted using the cipher encryption algorithm to generate corresponding ciphertext password;
The cipher encryption algorithm and the ciphertext password are merged into password encryption result;
The password encryption is saved as a result, not saving the clear-text passwords.
In one embodiment, when user logs in:
User name and login password are obtained from the user;
Obtain the password encryption result corresponding with the user name;
According in the password encryption result the cipher encryption algorithm and the login password to generate new ciphertext close
Code;
It verifies the ciphertext password and whether the new ciphertext password is consistent, when the ciphertext password and the new ciphertext are close
Code logins successfully when consistent.
In one embodiment, construction and the matched password configuration information table of the user name and user message table, in which:
The password configuration information is stored in the password configuration information table;
The password is read from the password configuration information table when encrypting to the password exclusive or processing result
Encryption Algorithm;
The password encryption result is stored in the user message table.
In one embodiment, the password configuration information of already present user can be modified, wherein when the password configures
When the cipher encryption algorithm in information is modified, corresponding user needs to modify oneself in next first log into
Password.
In one embodiment, the password configuration information is only modified when modifying the password configuration information of already present user
Content in table, when user logs in:
It verifies the user message table and whether the cipher encryption algorithm in the password configuration information table is consistent;
It is prompted when the user message table is inconsistent with the cipher encryption algorithm in the password configuration information table
User's Modify password.
In one embodiment, the password default Encryption Algorithm of corresponding password resetting is set, the only needle when resetting user password
It modifies to the password encryption result in the user message table, wherein by the password encryption in the password encryption result
Algorithm tag is Reset Status, when user logs in:
User name and login password are obtained from the user;
The password encryption result is read from user message table corresponding with the user name;
Whether the cipher encryption algorithm verified in the password encryption result is Reset Status;
It is encrypted and is calculated according to the password default when the cipher encryption algorithm in the password encryption result is Reset Status
Method and the password obtained from the user generate new ciphertext password;
It verifies the ciphertext password and whether the new ciphertext password is consistent, when the ciphertext password and the new ciphertext are close
Code logins successfully when consistent.
In one embodiment, multiple and different algorithm mark and a resetting mark are constructed, in which:
A kind of each corresponding cipher encryption algorithm of algorithm mark;
The corresponding Reset Status of resetting mark;
The corresponding institute of the cipher encryption algorithm is only saved in the password configuration information table and the user message table
State algorithm mark;
The algorithm stored in the user message table is replaced using the resetting mark when resetting password to identify.
In one embodiment, the password configuration information further includes whether enabling the inspection of password complexity and password complexity
Degree detection foundation, wherein examined when obtaining the clear-text passwords in the password configuration information whether enabling password complexity
Degree checks, is carried out according to password complexity detection according to the clear-text passwords when needing to enable password complexity and checking
It examines.
In one embodiment, whether the password complexity detection foundation includes letter including password minimum length, password
It whether include number with password.
In one embodiment, the clear-text passwords is encrypted using the cipher encryption algorithm corresponding close to generate
Literary password, in which:
Generate a string of random salt figures;
The clear-text passwords and the salt figure are subjected to exclusive or processing to obtain password exclusive or processing result;
The password exclusive or processing result is encrypted using the cipher encryption algorithm to generate the ciphertext password;
The cipher encryption algorithm, the ciphertext password and the salt figure are merged into the password encryption result.
Compared with prior art, the plaintext for avoiding user password according to the method for the present invention saves, to greatly improve
The safe coefficient that user password saves, and then improve the general safety degree of cloud computing platform.
Other feature or advantage of the invention will illustrate in the following description.Also, Partial Feature of the invention or
Advantage will be become apparent by specification, or be appreciated that by implementing the present invention.The purpose of the present invention and part
Advantage can be realized or be obtained by step specifically noted in the specification, claims and drawings.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, with reality of the invention
It applies example and is used together to explain the present invention, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is that an embodiment password saves flow chart according to the present invention;
Fig. 2 is that an embodiment adds new user's flow chart according to the present invention;
Fig. 3 is that user password configuration flow figure is edited in embodiment addition according to the present invention;
Fig. 4 is that an embodiment administrator resets password flow chart according to the present invention;
Fig. 5 is embodiment user's login process figure according to the present invention;
Fig. 6 is embodiment user's Modify password flow chart according to the present invention.
Specific embodiment
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, implementation personnel of the invention whereby
Can fully understand that how the invention applies technical means to solve technical problems, and reach technical effect realization process and according to
The present invention is embodied according to above-mentioned realization process.As long as each embodiment it should be noted that do not constitute conflict, in the present invention
And each feature in each embodiment can be combined with each other, be formed by technical solution protection scope of the present invention it
It is interior.
In order to improve cloud computing platform safety, the present invention provides a kind of user password managers of cloud computing platform
The main flow of method, method of the invention is:
For user setting and save corresponding password configuration information, password configuration information include cipher encryption algorithm (
In one embodiment of the invention, the Encryption Algorithm of password can choose one of md5, sha256 and sha512);
Obtain clear-text passwords;
Read the cipher encryption algorithm in password configuration information;
Clear-text passwords is encrypted using cipher encryption algorithm to generate corresponding ciphertext password;
Cipher encryption algorithm and ciphertext password are merged into password encryption result;
Password encryption is saved as a result, not saving clear-text passwords.
Based on the above method, when user logs in:
User name and login password are obtained from user;
Obtain password encryption result corresponding with user name;
According to the cipher encryption algorithm and the new ciphertext password of login password generation in password encryption result;
Verify ciphertext password and new ciphertext password it is whether consistent, when ciphertext password is consistent with new ciphertext password login at
Function.
In above process, clear-text passwords does not need to be stored in cloud platform, to greatly improve password preservation
Safety.
Further, the attack of password dictionary in order to prevent, in another embodiment in accordance with the invention, using password plus
Close algorithm encrypts clear-text passwords to generate corresponding ciphertext password, in which:
Before the clear-text passwords to user encrypts, system first generates a string of random salt figures;
Clear-text passwords and salt figure are subjected to exclusive or (XOR) processing to obtain password exclusive or processing result;
Password exclusive or processing result is encrypted to generate ciphertext password using cipher encryption algorithm;
Cipher encryption algorithm, ciphertext password and salt figure are merged into password encryption result.
When user logs in:
User name and login password are obtained from user;
Obtain password encryption result corresponding with user name;
New ciphertext password is generated according to cipher encryption algorithm, salt figure and the login password in password encryption result;
Verify ciphertext password and new ciphertext password it is whether consistent, when ciphertext password is consistent with new ciphertext password login at
Function.
Due to joined salt figure, so that the degree of safety that password saves further increases.Certainly, in other realities of the invention
It applies in example, other cipher modes should can also be used according to specific needs to be encrypted to decodement to generate ciphertext password.
Further, in an embodiment of the present invention, password configuration information further includes whether enabling password complexity inspection
And password complexity detect foundation, wherein when obtaining clear-text passwords inspection password configuration information in whether enabling password
Complexity inspection is carried out according to the detection of password complexity according to the clear-text passwords when needing to enable password complexity and checking
It examines.Specifically, password complexity detection according to include password minimum length, password whether include letter and password whether include
Number.
In the method for the invention, the data for needing to save include encrypted message configuration and password encryption result.In order to
It is convenient for Password Management, in one embodiment of this invention, using the method saved respectively.Specifically, construction and user
The matched password configuration information table of name and user message table (two tables are arranged in database to be used to store encrypted message).
Further, multiple and different algorithm marks is constructed, in which:
A kind of each corresponding cipher encryption algorithm of algorithm mark;
The corresponding algorithm mark of cipher encryption algorithm is only saved in password configuration information table.
For password configuration information table for storing encrypted message configuration, design is as shown in table 1:
Field | Type | Description |
id | Int (major key) | Id mark, self-propagation not null |
uid | Int (external key) | The ID of user identifies not null, unique |
cipher | smallint | Encryption algorithm identification: 1-md5,2-sha256,3-sha512 |
enable_check | smallint | Whether carry out complexity inspection: 0- is no, 1- is |
length | smallint | The minimum length of password |
haspha | smallint | Whether must include letter in password: 0- is no, 1- is |
hasnum | smallint | Whether must include number in password: 0- is no, 1- is |
Table 1
User message table is deposited for storing password encryption result (storing ciphertext code content using one of field)
It is as follows to store up format: $ algorithm identifies $ salt figure $ ciphertext password.
Next the process that an embodiment according to the present invention saves encrypted message is described based on flow chart.The present embodiment and
Step shown in the flow chart of embodiment can be in the computer system comprising such as a group of computer-executable instructions later
Middle execution.It, in some cases, can be to be different from herein although showing the logical order of each step in flow charts
Sequence execute shown or described step.
Before saving password, password configuration information is set first, and password configuration information is stored in password configuration information
In table.As shown in Figure 1, system reads (acquisition) clear-text passwords (step S112) first and generates a string when needing to save password
Random salt figure (step S120).Then clear-text passwords and random salt figure are subjected to exclusive or (XOR) processing (step S130).Again so
Cipher encryption algorithm (step S111) is read from password configuration information table afterwards.Then at using the Encryption Algorithm read to XOR
The result of reason is encrypted to generate ciphertext password (step S140).Finally password encryption result is stored in user message table,
Encryption Algorithm, salt figure and ciphertext password are stored in together in the user message table of database (step S150).
It is noted herein that step S111 need to only be executed before step S140, it can be in step S112
Before/after/be performed simultaneously, can also before/after step S130/be performed simultaneously.
User password management method of the invention further includes the password that administrator adds user, administrator modifies other users
Configuration information, administrator reset the password of other users, user logs in and user modifies the functions such as oneself password.Above-mentioned steps can
To be executed in the case where any need saves password.
(1) user is added
When administrator adds user, needs to be arranged the password of the user, confirmation password, cipher encryption algorithm, whether enables
The information such as the inspection of password complexity and password complexity detection foundation.Firstly, it is necessary to guarantee set password and confirmation password
Unanimously, secondly, if setting up password complexity inspection, set password needs to meet password complexity detection foundation.Most
Afterwards, ciphertext password is generated, includes ciphertext password storage in database by each configuration information.
Next based on flow chart description, an embodiment adds new user's in a specific application environment according to the present invention
Process.As shown in Figure 2.After administrator logs in WEB management platform, into subscriber administration interface, addition user button (step is clicked
S20).In addition user session frame, it is arranged that the password of the user, confirmation password, cipher encryption algorithm, whether to enable password multiple
Miscellaneous degree checks and the information (step S21) such as password complexity detection foundation, clicks " determination " button (step S22).
Operation point four steps of the system for password.The first step judges to confirm password and the whether consistent (step of new password
S23), if unanimously, carried out second step (step S24), if it is inconsistent, setting password fails (step S28), terminate addition
User's operation.
Second step (step S24) judges that the user enables the inspection of password complexity and carries out third step if enabled
(step S25);Otherwise the 4th step is directly carried out.
Third step (step S25), judges whether password meets password complexity detection foundation and carry out the if met
Four steps;If do not met, password failure (step S28) is set, terminates addition user's operation.
4th step (step S26) generates ciphertext password, and the method flow for generating ciphertext password is shown in attached drawing 1.Finally, by each
Configuration information includes ciphertext password storage (step S27) in database, terminates addition user's operation.
(2) Modify password configuration information
The password configuration information of method according to an embodiment of the invention, already present user can be modified, wherein when
When the cipher encryption algorithm in password configuration information is modified, corresponding user needs in next first log into
Modify the password of oneself.I.e. administrator modify other users password configuration information when, can with Modify password Encryption Algorithm, whether
It enables the inspection of password complexity and password complexity detects foundation.If having modified cipher encryption algorithm, used when by operation
When family first logs into management platform, need to modify the password of oneself, system carries out close using the new Encryption Algorithm of administrator setting
Code encryption.
In a specific application environment, the process that administrator modifies other users password configuration information is as shown in Figure 3.Management
Member clicks " Edit Password information " button (step S31) of some user, and system pops up user password information editing dialog frame, choosing
Encryption Algorithm is selected, chooses whether to enable the inspection of password complexity and the detection of password complexity according to (step S32), clicks and determine
Button (step S33).System will be in the password configuration information table of new password configuration information write-in database (step S34).
If administrator has modified user password Encryption Algorithm, when by operation user login management platform, system prompt
User's Modify password after the password for only having modified user oneself, could log in.The password of user's modification uses password complexity
Detection foundation and new cipher encryption algorithm are checked and are encrypted.
To realize above-mentioned process, the only Modify password configuration information table when modifying the password configuration information of already present user
In content, when user logs in:
It verifies user message table and whether the cipher encryption algorithm in password configuration information table is consistent;
User's Modify password is prompted when the cipher encryption algorithm in user message table and password configuration information table is inconsistent.
(3) password is reset
In an embodiment of the present invention, the default of corresponding password resetting is set first when administrator resets other users password
Cipher encryption algorithm and Reset Status mark, when resetting user password only for the password encryption result in user message table
It modifies, wherein the cipher encryption algorithm in password encryption result is labeled as Reset Status.
Specifically, algorithm mark and a resetting mark that construction is multiple and different, in which:
A kind of each corresponding cipher encryption algorithm of algorithm mark;
The corresponding Reset Status of resetting mark;
The corresponding algorithm mark of cipher encryption algorithm is only saved in password configuration information table and user message table;
The algorithm stored in replacement user message table is identified using resetting when resetting password to identify.
In the embodiment shown in table 1,0 is set by Reset Status mark, i.e., indicates resetting when encryption algorithm identification is 0
State.Encrypted result storage format are as follows: 0 $ salt figure $ ciphertext password of $.
When administrator resets other users password, need to be arranged password and confirmation password, password and confirmation password need to protect
It holds consistent.If the user starts password complexity inspection, need to meet password complexity by the password of the user setting
Detect foundation.When administrator has reset other users password, the encryption algorithm identification of user password content is corresponded in database
It is set as 0, to illustrate that the password person of being managed of the user reset.
When user logs in:
User name and login password are obtained from user;
Password encryption result is read from the corresponding user message table of user name;
Verifying password encryption result in cipher encryption algorithm whether be Reset Status (verifying encryption algorithm identification whether be
0);
When the cipher encryption algorithm in password encryption result is Reset Status (verifying encryption algorithm identification is 0) according to silent
Recognize cipher encryption algorithm and the password obtained from user generates new ciphertext password;
Verify ciphertext password and new ciphertext password it is whether consistent, when ciphertext password is consistent with new ciphertext password login at
Function.
In a specific application example, the process that administrator resets the password of other users is as shown in Figure 4.Administrator clicks
" resetting password " button (step S40) of some user, system pop up user and reset cryptographic session frame, and new password and confirmation is arranged
Password (step S41) is clicked confirming button (step S42).
When system executes password resetting, the password configuration information (step S43) of the user first in reading database, then
Carry out password reset operation.System divides following steps for the operation of password:
The first step judges confirm whether password and new password are consistent (step S44), if unanimously, carrying out second step, if
It is inconsistent, then password failure (step S49) is reset, resetting Password Operations are terminated;
Second step, judges whether the user enables password complexity inspection (step S45), if enabled, carries out
Otherwise three steps directly carry out the 4th step;
Third step judges whether password meets the detection of password complexity according to (step S46), if met, carries out the
Four steps reset password failure (step S49) if do not met, and terminate resetting Password Operations;
4th step generates ciphertext password (step S47);
Finally, terminating resetting Password Operations by new ciphertext password storage in database (step S48).
The mode of new ciphertext password is generated with the cipher mode in Fig. 1, but Encryption Algorithm is fixed as md5 encryption and (corresponds to close
The password default Encryption Algorithm of code resetting is md5).
(4) user logs in
In a specific application environment, the process that user logs in WEB management platform is as shown in Figure 5.User input user name,
Password login WEB manages platform (step S50).System reads the ciphertext password of the user from the user message table of database,
And filtering enciphered algorithm mark and random salt figure (step S51) from ciphertext password.
Three steps of login password authentication point.The first step, judges whether encryption algorithm identification is equal to 0 (step S52), if encryption
Algorithm mark is equal to 0, illustrates that administrator reset the password of the user, then using md5 encryption, by salt figure XOR, that treated is bright
Literary password generates ciphertext password (step S54), then carries out third step;If algorithm mark is not equal to 0, from database
Encryption Algorithm (step S53) is read in password configuration information table, then carries out second step verifying.
Second step judges that the encryption algorithm identification and the encryption algorithm identification in ciphertext password in password configuration information table are
No consistent (step S55), with the algorithm for encryption by salt figure XOR treated clear-text passwords, gives birth to if Encryption Algorithm is consistent
At ciphertext password (step S56), third step is then carried out;If Encryption Algorithm is inconsistent, illustrate that administrator has modified the user
Cipher encryption algorithm, then prompt user's Modify password, and jump to " the password modification page " (step S60).
Third step judges the whether consistent (step of the ciphertext password of the ciphertext password generated and the user stored in database
Rapid S57), if ciphertext password is consistent, login successfully (step S58);If ciphertext password is different, login failure (step
S59)。
(5) Modify password
When user modifies the password of oneself, input original code, new password and confirmation password, Password Operations of modifying.System
The ciphertext password and password configuration information of the user in system reading database first.Then whether verifying original code is correct, verifying
New password and confirmation password it is whether consistent, if enabling password complexity inspection, it is also necessary to verify new password whether meet it is close
Code complexity detects foundation.Cryptographic secret is ultimately produced, and is stored in database profession.
Specifically, in an embodiment of the present invention, user can modify the password of oneself, a scene under two scenes
It is the Encryption Algorithm that administrator has modified the user, when which first logs into WEB management platform, system prompt modifies oneself
Password;Another scene is after the user logs in WEB management platform, to modify login user password.
The flow chart that user modifies oneself password is as shown in Figure 6.User inputs original code, new in Modify password dialog box
Password, confirmation password, modify the password (step S61) of oneself.
Firstly, in system reading database the user ciphertext password and password configuration information (step S62), then carry out
Password authentification.
Operation point five steps of the system for password.The first step verifies original code according to ciphertext password and password configuration information
Whether correctly (step S63), the method for password authentication when verification method of original code is logged in reference to user, if original code is correct,
Second step is then carried out, otherwise Modify password failure (step S68), terminates Modify password operation.
Second step, whether verifying confirmation password and new password are consistent (step S64), if verifying confirmation password and new password
Unanimously, then third step is carried out, otherwise Modify password failure (step S68), terminates Modify password operation.
Third step judges whether to enable the inspection of password complexity (step S65), if enabled, the 4th step of progress;It is no
Then directly carry out the 5th step.
4th step, judges whether new password meets the detection of password complexity and carry out according to (step S66) if met
5th step;If do not met, Modify password fails (step S68), terminates Modify password operation.
5th step generates ciphertext password, by new ciphertext password storage in database (step S67), terminates user and repairs
Change oneself Password Operations.
To sum up, this patent proposes a kind of user password management method of cloud computing platform, and this method includes encrypted message
Configuration, the modification of password configuration information and password resetting.It is related to addition user, administrator modifies the password of other users with confidence
Breath, administrator reset the password of other users, user logs in and user modifies the functions such as oneself password.Password dictionary in order to prevent
Attack, before the clear-text passwords to user encrypts, system first generates a string of random salt figures, using the salt figure to
The clear-text passwords at family carries out an XOR processing, is then encrypted using cipher encryption algorithm to the XOR result handled.It will add
Close algorithm, salt figure are stored in database together together with the ciphertext after password encryption.It is broken that password is increased according to the method for the present invention
Difficulty is solved, the safety of cloud computing platform is improved.
While it is disclosed that embodiment content as above but described only to facilitate understanding the present invention and adopting
Embodiment is not intended to limit the invention.Method of the present invention can also have other various embodiments.Without departing substantially from
In the case where essence of the present invention, those skilled in the art make various corresponding changes or change in accordance with the present invention
Shape, but these corresponding changes or deformation all should belong to scope of protection of the claims of the invention.
Claims (9)
1. a kind of user password management method of cloud computing platform, which is characterized in that the method comprises the steps of:
For user setting and corresponding password configuration information is saved, the password configuration information includes cipher encryption algorithm;
Obtain clear-text passwords;
Read the cipher encryption algorithm in the password configuration information;
The clear-text passwords is encrypted using the cipher encryption algorithm to generate corresponding ciphertext password;
The cipher encryption algorithm and the ciphertext password are merged into password encryption result;
The password encryption is saved as a result, not saving the clear-text passwords;
If the password configuration information of already present user is modified, wherein when the password in the password configuration information adds
When close algorithm is modified, corresponding user needs to modify the login password of oneself in next first log into.
2. the method according to claim 1, wherein when user logs in:
User name and login password are obtained from the user;
Obtain the password encryption result corresponding with the user name;
According to the cipher encryption algorithm and the new ciphertext password of login password generation in the password encryption result;
It verifies the ciphertext password and whether the new ciphertext password is consistent, when the ciphertext password and the new ciphertext password one
It is logined successfully when cause.
3. method according to claim 1 or 2, which is characterized in that construction matches confidence with the matched password of the user name
Cease table and user message table, in which:
The password configuration information is stored in the password configuration information table;
The cipher encryption algorithm is read from the password configuration information table when encrypting to password exclusive or processing result;
The password encryption result is stored in the user message table.
4. according to the method described in claim 3, it is characterized in that, only when modifying the password configuration information of already present user
The content in the password configuration information table is modified, when user logs in:
It verifies the user message table and whether the cipher encryption algorithm in the password configuration information table is consistent;
User is prompted when the cipher encryption algorithm in the user message table and the password configuration information table is inconsistent
Modify password.
5. according to the method described in claim 3, it is characterized in that, the password default Encryption Algorithm of corresponding password resetting is arranged,
It modifies when resetting user password only for the password encryption result in the user message table, wherein by the password
Cipher encryption algorithm in encrypted result is labeled as Reset Status, when user logs in:
User name and login password are obtained from the user;
The password encryption result is read from user message table corresponding with the user name;
Whether the cipher encryption algorithm verified in the password encryption result is Reset Status;
When the cipher encryption algorithm in the password encryption result be Reset Status when according to the password default Encryption Algorithm with
And the password obtained from the user generates new ciphertext password;
It verifies the ciphertext password and whether the new ciphertext password is consistent, when the ciphertext password and the new ciphertext password one
It is logined successfully when cause.
6. according to the method described in claim 5, it is characterized in that, constructing multiple and different algorithm mark and a resetting mark
Know, in which:
A kind of each corresponding cipher encryption algorithm of algorithm mark;
The corresponding Reset Status of resetting mark;
The corresponding calculation of the cipher encryption algorithm is only saved in the password configuration information table and the user message table
Method mark;
The algorithm stored in the user message table is replaced using the resetting mark when resetting password to identify.
7. the method according to claim 1, wherein the password configuration information further includes whether enabling password to answer
Miscellaneous degree checks and password complexity detects foundation, wherein the password configuration information is examined when obtaining the clear-text passwords
In whether enabling password complexity inspection, when need to enable password complexity check when according to the password complexity detection according to
It tests according to the clear-text passwords.
8. the method according to the description of claim 7 is characterized in that password complexity detection is according to long including password minimum
Whether degree, password include letter and whether password includes number.
9. the method according to claim 1, wherein using the cipher encryption algorithm to the clear-text passwords into
Row encryption is to generate corresponding ciphertext password, in which:
Generate a string of random salt figures;
The clear-text passwords and the salt figure are subjected to exclusive or processing to obtain password exclusive or processing result;
The password exclusive or processing result is encrypted using the cipher encryption algorithm to generate the ciphertext password;
The cipher encryption algorithm, the ciphertext password and the salt figure are merged into the password encryption result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610127171.XA CN105812357B (en) | 2016-03-07 | 2016-03-07 | A kind of user password management method of cloud computing platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610127171.XA CN105812357B (en) | 2016-03-07 | 2016-03-07 | A kind of user password management method of cloud computing platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105812357A CN105812357A (en) | 2016-07-27 |
CN105812357B true CN105812357B (en) | 2019-01-22 |
Family
ID=56466770
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610127171.XA Active CN105812357B (en) | 2016-03-07 | 2016-03-07 | A kind of user password management method of cloud computing platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105812357B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107689869B (en) * | 2016-08-05 | 2020-06-16 | 华为技术有限公司 | User password management method and server |
CN106452752B (en) * | 2016-10-24 | 2019-05-24 | 北京明华联盟科技有限公司 | Method, system and the client of Modify password, server and smart machine |
CN106557677A (en) * | 2016-11-29 | 2017-04-05 | 北京元心科技有限公司 | Unlocking method and device for container system |
CN107920081B (en) * | 2017-12-01 | 2020-08-14 | 华为技术有限公司 | Login authentication method and device |
CN108234458A (en) * | 2017-12-21 | 2018-06-29 | 广东汇泰龙科技有限公司 | Method, the system of encryption storage and the decryption extraction of a kind of cloud lock cipher |
CN108965943B (en) * | 2018-07-26 | 2021-06-29 | 四川长虹电器股份有限公司 | Method for controlling serial port access password by Android smart television |
CN111339270B (en) * | 2020-02-20 | 2023-04-25 | 中国农业银行股份有限公司 | Password verification method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102043804A (en) * | 2009-10-22 | 2011-05-04 | 上海杉达学院 | Safety login method of database system |
CN103414727A (en) * | 2013-08-23 | 2013-11-27 | 安徽安庆瀚科莱德信息科技有限公司 | Encryption protection system for input password input box and using method thereof |
CN104125055A (en) * | 2014-06-25 | 2014-10-29 | 小米科技有限责任公司 | Encryption and decryption method and electronic device |
CN104283879A (en) * | 2014-10-09 | 2015-01-14 | 广州杰赛科技股份有限公司 | Virtual machine remote connection method and system |
CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004061668A1 (en) * | 2002-12-31 | 2004-07-22 | International Business Machines Corporation | Authorized anonymous authentication |
-
2016
- 2016-03-07 CN CN201610127171.XA patent/CN105812357B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102043804A (en) * | 2009-10-22 | 2011-05-04 | 上海杉达学院 | Safety login method of database system |
CN103414727A (en) * | 2013-08-23 | 2013-11-27 | 安徽安庆瀚科莱德信息科技有限公司 | Encryption protection system for input password input box and using method thereof |
CN104125055A (en) * | 2014-06-25 | 2014-10-29 | 小米科技有限责任公司 | Encryption and decryption method and electronic device |
CN104283879A (en) * | 2014-10-09 | 2015-01-14 | 广州杰赛科技股份有限公司 | Virtual machine remote connection method and system |
CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
Also Published As
Publication number | Publication date |
---|---|
CN105812357A (en) | 2016-07-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105812357B (en) | A kind of user password management method of cloud computing platform | |
EP3123692B1 (en) | Techniques to operate a service with machine generated authentication tokens | |
KR102493744B1 (en) | Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server | |
US20220191012A1 (en) | Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System | |
US9077710B1 (en) | Distributed storage of password data | |
US9286466B2 (en) | Registration and authentication of computing devices using a digital skeleton key | |
KR101755995B1 (en) | Method and system for feature vector based remote biometric verification using homomorphic encryption | |
US11140155B2 (en) | Methods, computer readable media, and systems for authentication using a text file and a one-time password | |
CN105915338B (en) | Generate the method and system of key | |
CN106612180A (en) | Method and device for realizing session identifier synchronization | |
CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
US11930116B2 (en) | Securely communicating service status in a distributed network environment | |
CN103929425B (en) | A kind of identity registration, identity authentication method, equipment and system | |
CN111327629B (en) | Identity verification method, client and server | |
CN110071917A (en) | User password detection method, unit and storage medium | |
CN108173648A (en) | Security processing method, equipment and storage medium based on private key escrow | |
KR20190112959A (en) | Operating method for machine learning model using encrypted data and apparatus based on machine learning model | |
CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium | |
CN111901304A (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
CN110166471A (en) | A kind of portal authentication method and device | |
Nabi et al. | Cybersecurity mechanism and user authentication security methods | |
Ruoti et al. | End-to-end passwords | |
CN111628985A (en) | Security access control method, security access control device, computer equipment and storage medium | |
CN110572371B (en) | Identity uniqueness check control method based on HTML5 local storage mechanism | |
Fernando et al. | Challenges and Opportunities in Password Management: A Review of Current Solutions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |