CN105915566A - Safety system used for real-time account access - Google Patents
Safety system used for real-time account access Download PDFInfo
- Publication number
- CN105915566A CN105915566A CN201610538051.9A CN201610538051A CN105915566A CN 105915566 A CN105915566 A CN 105915566A CN 201610538051 A CN201610538051 A CN 201610538051A CN 105915566 A CN105915566 A CN 105915566A
- Authority
- CN
- China
- Prior art keywords
- user
- password information
- access
- account
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a safety system used for real-time account access. The system comprises an account login module, a server, an account verification module, an access user terminal, a password information encryption module and a password information decryption module. The safety system can effectively ensure the confidentiality of user password information so as to avoid leakage of the user password information or loss of the user password information, can realize fine-grained access control, and can effectively reduce calculation expenses for system encryption and decryption; and the user password information is encoded by code division multiplexing, and the encoded user password information is divided into a plurality of access levels according to an access structure tree, thus reducing the storage space of the encrypted user password information.
Description
Technical field
The present invention relates to safe information transmission technical field, be particularly used for the security system of real-time account access.
Background technology
Along with Internet technology and the development of Computer Applied Technology and progress, people constantly access the Internet and relevant
Server, and on corresponding server, set up account and corresponding user password information, owing to server exposes in a network,
These user password information are easily subject to assault invasion and cause information leakage or information dropout.For preventing from being obtained by hacker attacks
Information, is typically necessary and is encrypted during user password information is broadcast.
Summary of the invention
For the problems referred to above, the present invention is provided to the security system of real-time account access.
The purpose of the present invention realizes by the following technical solutions:
For the security system of real-time account access, including Account Logon module, server, account verification module, access user
Terminal, encrypted message encrypting module, encrypted message deciphering module:
Described Account Logon module is used for accessing user terminal input accounts information and user password information, after account verification is passed through
Accounts information reaches server, and server searches corresponding account list according to user name, takes out corresponding account and is sent to access
User terminal, the user password information accessing user terminal input was carried out by encrypted message encrypting module before being sent to server
Pretreatment and encryption, formed after accessing user cipher ciphertext, be sent to account verification module;
Described server memory contains the use of the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module and encrypted
Family encrypted message;
Described account verification module, after receiving access user cipher ciphertext, transfers adding of user corresponding with account from server
User password information after close, by encrypted message deciphering module to the user cipher after access user cipher ciphertext and described encryption
Information is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to accesses user and visits
Ask;Described account verification module is additionally operable to realize dynamic password verification by server, including: server current time according to
User name and user password information generate dynamic password information, and are sent on user's dynamic password card, when server is more current
Between server generate dynamic password information with access user terminal provide dynamic password information, if unanimously, then by checking,
Allow to access user to access;
Wherein, described encrypted message encrypting module carries out pretreatment to user password information, including: predefined according to system
Access structure tree creates multiple user property collection, encodes described user password information by code division multiplexing, according to described access structure
User password information after setting coding is divided into N number of access level, and the span of N is [4,8].
Wherein, described encrypted message encrypting module user password information and the user of server storage to accessing user terminal input
Encrypted message uses same cipher mode to be encrypted;Described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresenting and share session key, described shared session key uses public encryption system and key agreement protocol to generate.
Wherein, described user password information after accessing user cipher ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
The invention have the benefit that
1, account verification module, encrypted message encrypting module, encrypted message deciphering module are set, user cipher letter can be effectively ensured
The confidentiality of breath, it is to avoid user password information is revealed or user password information is lost, and can realize fine-granularity access control, also
Can effectively alleviate the computing cost of system encryption, deciphering;
2, encode user password information by code division multiplexing, according to described access structure tree, the user password information after coding is divided into
Multiple access levels, decrease the memory space of the user password information of encryption.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limitation of the invention, for
Those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtains the attached of other according to the following drawings
Figure.
Fig. 1 is the connection diagram of each module of the present invention;
Fig. 2 is the encryption operation workflow schematic diagram of encrypted message encrypting module of the present invention.
Reference:
Account Logon module 1, server 2, account verification module 3, access user terminal 4, encrypted message encrypting module 5,
Encrypted message deciphering module 6.
Detailed description of the invention
The invention will be further described with the following Examples.
Embodiment 1
Seeing Fig. 1, Fig. 2, the security system for real-time account access of the present embodiment, including Account Logon module 1, service
Device 2, account verification module 3, access user terminal 4, encrypted message encrypting module 5, encrypted message deciphering module 6:
Described Account Logon module 1 is used for accessing user terminal 4 and inputs accounts information and user password information, leads in account verification
Accounts information reaches server 1 later, and server 1 searches corresponding account list according to user name, takes out corresponding account and passes
Deliver to access user terminal 4, access user terminal 4 input user password information before being sent to server 1 by message in cipher
Encryption for information module 5 carries out pretreatment and encryption, is formed after accessing user cipher ciphertext, is sent to account verification module 3;
Described server 1 internal memory contains the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module 5 and encrypted
User password information;
Described account verification module 3, after receiving access user cipher ciphertext, transfers user corresponding with account from server 1
Encryption after user password information, by encrypted message deciphering module 6 to accessing the use after user cipher ciphertext and described encryption
Family encrypted message is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to access
User accesses;Described account verification module 3 is additionally operable to realize dynamic password verification by server 1, including: server 1 exists
Current time generates dynamic password information according to user name and user password information, and is sent on user's dynamic password card, service
Device 1 compares the dynamic password information that current time server 1 generates and the dynamic password information accessing user terminal 4 offer, as
Fruit is consistent, then by checking, it is allowed to accesses user and accesses;
Wherein, described encrypted message encrypting module 5 carries out pretreatment to user password information, including: pre-define according to system
Access structure tree create multiple user property collection, encode described user password information by code division multiplexing, according to described access knot
User password information after coding is divided into N number of access level by Broussonetia papyrifera, and the span of N is [4,8].
Wherein, the user password information and server 1 that access user terminal 4 input are stored by described encrypted message encrypting module 5
User password information use same cipher mode be encrypted;Described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresenting and share session key, described shared session key uses public encryption system and key agreement protocol to generate.
Wherein, described user password information after accessing user cipher ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
The present embodiment arranges account verification module 3, encrypted message encrypting module 5, encrypted message deciphering module 6, can be effectively ensured
The confidentiality of user password information, it is to avoid user password information is revealed or user password information is lost, and fine granularity can be realized visit
Ask control, moreover it is possible to effectively alleviate the computing cost of system encryption, deciphering;User password information is encoded by code division multiplexing, according to
User password information after coding is divided into multiple access level by described access structure tree, decreases the user password information of encryption
Memory space, wherein sets access level number N=4, and memory space relatively reduces 6%.
Embodiment 2
Seeing Fig. 1, Fig. 2, the security system for real-time account access of the present embodiment, including Account Logon module 1, service
Device 2, account verification module 3, access user terminal 4, encrypted message encrypting module 5, encrypted message deciphering module 6:
Described Account Logon module 1 is used for accessing user terminal 4 and inputs accounts information and user password information, leads in account verification
Accounts information reaches server 1 later, and server 1 searches corresponding account list according to user name, takes out corresponding account and passes
Deliver to access user terminal 4, access user terminal 4 input user password information before being sent to server 1 by message in cipher
Encryption for information module 5 carries out pretreatment and encryption, is formed after accessing user cipher ciphertext, is sent to account verification module 3;
Described server 1 internal memory contains the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module 5 and encrypted
User password information;
Described account verification module 3, after receiving access user cipher ciphertext, transfers user corresponding with account from server 1
Encryption after user password information, by encrypted message deciphering module 6 to accessing the use after user cipher ciphertext and described encryption
Family encrypted message is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to access
User accesses;Described account verification module 3 is additionally operable to realize dynamic password verification by server 1, including: server 1 exists
Current time generates dynamic password information according to user name and user password information, and is sent on user's dynamic password card, service
Device 1 compares the dynamic password information that current time server 1 generates and the dynamic password information accessing user terminal 4 offer, as
Fruit is consistent, then by checking, it is allowed to accesses user and accesses;
Wherein, described encrypted message encrypting module 5 carries out pretreatment to user password information, including: pre-define according to system
Access structure tree create multiple user property collection, encode described user password information by code division multiplexing, according to described access knot
User password information after coding is divided into N number of access level by Broussonetia papyrifera, and the span of N is [4,8].
Wherein, the user password information and server 1 that access user terminal 4 input are stored by described encrypted message encrypting module 5
User password information use same cipher mode be encrypted;Described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresenting and share session key, described shared session key uses public encryption system and key agreement protocol to generate.
Wherein, described user password information after accessing user cipher ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kasDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
The present embodiment arranges account verification module 3, encrypted message encrypting module 5, encrypted message deciphering module 6, can be effectively ensured
The confidentiality of user password information, it is to avoid user password information is revealed or user password information is lost, and fine granularity can be realized visit
Ask control, moreover it is possible to effectively alleviate the computing cost of system encryption, deciphering;User password information is encoded by code division multiplexing, according to
User password information after coding is divided into multiple access level by described access structure tree, decreases the user password information of encryption
Memory space, wherein sets access level number N=5, and ciphertext memory space relatively reduces 5.6%.
Embodiment 3
Seeing Fig. 1, Fig. 2, the security system for real-time account access of the present embodiment, including Account Logon module 1, service
Device 2, account verification module 3, access user terminal 4, encrypted message encrypting module 5, encrypted message deciphering module 6:
Described Account Logon module 1 is used for accessing user terminal 4 and inputs accounts information and user password information, leads in account verification
Accounts information reaches server 1 later, and server 1 searches corresponding account list according to user name, takes out corresponding account and passes
Deliver to access user terminal 4, access user terminal 4 input user password information before being sent to server 1 by message in cipher
Encryption for information module 5 carries out pretreatment and encryption, is formed after accessing user cipher ciphertext, is sent to account verification module 3;
Described server 1 internal memory contains the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module 5 and encrypted
User password information;
Described account verification module 3, after receiving access user cipher ciphertext, transfers user corresponding with account from server 1
Encryption after user password information, by encrypted message deciphering module 6 to accessing the use after user cipher ciphertext and described encryption
Family encrypted message is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to access
User accesses;Described account verification module 3 is additionally operable to realize dynamic password verification by server 1, including: server 1 exists
Current time generates dynamic password information according to user name and user password information, and is sent on user's dynamic password card, service
Device 1 compares the dynamic password information that current time server 1 generates and the dynamic password information accessing user terminal 4 offer, as
Fruit is consistent, then by checking, it is allowed to accesses user and accesses;
Wherein, described encrypted message encrypting module 5 carries out pretreatment to user password information, including: pre-define according to system
Access structure tree create multiple user property collection, encode described user password information by code division multiplexing, according to described access knot
User password information after coding is divided into N number of access level by Broussonetia papyrifera, and the span of N is [4,8].
Wherein, the user password information and server 1 that access user terminal 4 input are stored by described encrypted message encrypting module 5
User password information use same cipher mode be encrypted;Described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresenting and share session key, described shared session key uses public encryption system and key agreement protocol to generate.
Wherein, described user password information after accessing user cipher ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
The present embodiment arranges account verification module 3, encrypted message encrypting module 5, encrypted message deciphering module 6, can be effectively ensured
The confidentiality of user password information, it is to avoid user password information is revealed or user password information is lost, and fine granularity can be realized visit
Ask control, moreover it is possible to effectively alleviate the computing cost of system encryption, deciphering;User password information is encoded by code division multiplexing, according to
User password information after coding is divided into multiple access level by described access structure tree, decreases the user password information of encryption
Memory space, wherein sets access level number N=6, and ciphertext memory space relatively reduces 4.8%.
Embodiment 4
Seeing Fig. 1, Fig. 2, the security system for real-time account access of the present embodiment, including Account Logon module 1, service
Device 2, account verification module 3, access user terminal 4, encrypted message encrypting module 5, encrypted message deciphering module 6:
Described Account Logon module 1 is used for accessing user terminal 4 and inputs accounts information and user password information, leads in account verification
Accounts information reaches server 1 later, and server 1 searches corresponding account list according to user name, takes out corresponding account and passes
Deliver to access user terminal 4, access user terminal 4 input user password information before being sent to server 1 by message in cipher
Encryption for information module 5 carries out pretreatment and encryption, is formed after accessing user cipher ciphertext, is sent to account verification module 3;
Described server 1 internal memory contains the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module 5 and encrypted
User password information;
Described account verification module 3, after receiving access user cipher ciphertext, transfers user corresponding with account from server 1
Encryption after user password information, by encrypted message deciphering module 6 to accessing the use after user cipher ciphertext and described encryption
Family encrypted message is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to access
User accesses;Described account verification module 3 is additionally operable to realize dynamic password verification by server 1, including: server 1 exists
Current time generates dynamic password information according to user name and user password information, and is sent on user's dynamic password card, service
Device 1 compares the dynamic password information that current time server 1 generates and the dynamic password information accessing user terminal 4 offer, as
Fruit is consistent, then by checking, it is allowed to accesses user and accesses;
Wherein, described encrypted message encrypting module 5 carries out pretreatment to user password information, including: pre-define according to system
Access structure tree create multiple user property collection, encode described user password information by code division multiplexing, according to described access knot
User password information after coding is divided into N number of access level by Broussonetia papyrifera, and the span of N is [4,8].
Wherein, the user password information and server 1 that access user terminal 4 input are stored by described encrypted message encrypting module 5
User password information use same cipher mode be encrypted;Described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresenting and share session key, described shared session key uses public encryption system and key agreement protocol to generate.
Wherein, described user password information after accessing user cipher ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
The present embodiment arranges account verification module 3, encrypted message encrypting module 5, encrypted message deciphering module 6, can be effectively ensured
The confidentiality of user password information, it is to avoid user password information is revealed or user password information is lost, and fine granularity can be realized visit
Ask control, moreover it is possible to effectively alleviate the computing cost of system encryption, deciphering;User password information is encoded by code division multiplexing, according to
User password information after coding is divided into multiple access level by described access structure tree, decreases the user password information of encryption
Memory space, wherein sets access level number N=7, and ciphertext memory space relatively reduces 4.5%.
Embodiment 5
Seeing Fig. 1, Fig. 2, the security system for real-time account access of the present embodiment, including Account Logon module 1, service
Device 2, account verification module 3, access user terminal 4, encrypted message encrypting module 5, encrypted message deciphering module 6:
Described Account Logon module 1 is used for accessing user terminal 4 and inputs accounts information and user password information, leads in account verification
Accounts information reaches server 1 later, and server 1 searches corresponding account list according to user name, takes out corresponding account and passes
Deliver to access user terminal 4, access user terminal 4 input user password information before being sent to server 1 by message in cipher
Encryption for information module 5 carries out pretreatment and encryption, is formed after accessing user cipher ciphertext, is sent to account verification module 3;
Described server 1 internal memory contains the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module 5 and encrypted
User password information;
Described account verification module 3, after receiving access user cipher ciphertext, transfers user corresponding with account from server 1
Encryption after user password information, by encrypted message deciphering module 6 to accessing the use after user cipher ciphertext and described encryption
Family encrypted message is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to access
User accesses;Described account verification module 3 is additionally operable to realize dynamic password verification by server 1, including: server 1 exists
Current time generates dynamic password information according to user name and user password information, and is sent on user's dynamic password card, service
Device 1 compares the dynamic password information that current time server 1 generates and the dynamic password information accessing user terminal 4 offer, as
Fruit is consistent, then by checking, it is allowed to accesses user and accesses;
Wherein, described encrypted message encrypting module 5 carries out pretreatment to user password information, including: pre-define according to system
Access structure tree create multiple user property collection, encode described user password information by code division multiplexing, according to described access knot
User password information after coding is divided into N number of access level by Broussonetia papyrifera, and the span of N is [4,8].
Wherein, the user password information and server 1 that access user terminal 4 input are stored by described encrypted message encrypting module 5
User password information use same cipher mode be encrypted;Described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresenting and share session key, described shared session key uses public encryption system and key agreement protocol to generate.
Wherein, described user password information after accessing user cipher ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
The present embodiment arranges account verification module 3, encrypted message encrypting module 5, encrypted message deciphering module 6, can be effectively ensured
The confidentiality of user password information, it is to avoid user password information is revealed or user password information is lost, and fine granularity can be realized visit
Ask control, moreover it is possible to effectively alleviate the computing cost of system encryption, deciphering;User password information is encoded by code division multiplexing, according to
User password information after coding is divided into multiple access level by described access structure tree, decreases the user password information of encryption
Memory space, wherein sets access level number N=8, and ciphertext memory space relatively reduces 3.5%.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than to scope
Restriction, although having made to explain to the present invention with reference to preferred embodiment, it will be understood by those within the art that,
Technical scheme can be modified or equivalent, without deviating from the spirit and scope of technical solution of the present invention.
Claims (6)
1., for the security system of real-time account access, including Account Logon module, server, account verification module, access user eventually
End, encrypted message encrypting module, encrypted message deciphering module:
Described Account Logon module is used for accessing user terminal input accounts information and user password information, after account verification is passed through
Accounts information reaches server, and server searches corresponding account list according to user name, takes out corresponding account and is sent to access
User terminal, the user password information accessing user terminal input was carried out by encrypted message encrypting module before being sent to server
Pretreatment and encryption, formed after accessing user cipher ciphertext, be sent to account verification module;
Described server memory contains the use of the user corresponding with each account after being carried out pretreatment by encrypted message encrypting module and encrypted
Family encrypted message;
Described account verification module, after receiving access user cipher ciphertext, transfers adding of user corresponding with account from server
User password information after close, by encrypted message deciphering module to the user cipher after access user cipher ciphertext and described encryption
Information is decrypted, it is judged that the information after two deciphering is the most consistent, if unanimously, then by checking, it is allowed to accesses user and visits
Ask;Described account verification module is additionally operable to realize dynamic password verification by server, including: server current time according to
User name and user password information generate dynamic password information, and are sent on user's dynamic password card, when server is more current
Between server generate dynamic password information with access user terminal provide dynamic password information, if unanimously, then by checking,
Allow to access user to access;
Security system for real-time account access the most according to claim 1, it is characterised in that described encrypted message encryption mould
Block carries out pretreatment to user password information, including: create multiple user property collection according to system predefined access structure tree,
Encode described user password information by code division multiplexing, according to described access structure tree, the user password information after coding is divided into N
Individual access level, the span of N is [4,8].
Security system for real-time account access the most according to claim 1, it is characterised in that described encrypted message encryption mould
The user password information of block user password information and server storage to accessing user terminal input uses same cipher mode to carry out
Encryption.
Security system for real-time account access the most according to claim 1, it is characterised in that described cipher mode is:
1) pretreated user password information m is used the symmetric key K chosen by user ownermIt is encrypted, obtains close
Literary composition Cm:
2) use the access strategy tree defined by user owner to described symmetric key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents the institute of all access strategy trees
There is the set of leaf node;It it is a self-defining open mapping function;
3) described key ciphertext is encrypted, organizes attribute G for each useriRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C "m, and utilize shared session key to encrypt user's group
Attribute keyAnd then obtain corresponding to triple encrypted cipher text C "mA message header Hdr:
In formula, kgsRepresent and share session key.
Security system for real-time account access the most according to claim 4, it is characterised in that described shared session key is adopted
Generate with public encryption system and key agreement protocol.
Security system for real-time account access the most according to claim 5, it is characterised in that described to accessing user cipher
User password information after ciphertext and described encryption is decrypted, including:
1) user to the user password information after accessing user cipher ciphertext and described encryption organizes attribute key and is decrypted, deciphering
Time according to triple encrypted cipher text and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) to triple encrypted cipher text C "mIt is decrypted;
3) to key ciphertext Cm' it is decrypted:
4) to ciphertext CmIt is decrypted;
5) use code division multiplexing that the user password information after deciphering is decoded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610538051.9A CN105915566A (en) | 2016-07-06 | 2016-07-06 | Safety system used for real-time account access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610538051.9A CN105915566A (en) | 2016-07-06 | 2016-07-06 | Safety system used for real-time account access |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105915566A true CN105915566A (en) | 2016-08-31 |
Family
ID=56754615
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610538051.9A Pending CN105915566A (en) | 2016-07-06 | 2016-07-06 | Safety system used for real-time account access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105915566A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108390758A (en) * | 2018-04-04 | 2018-08-10 | 广州赛姆科技资讯股份有限公司 | User password processing method, device and internal control safety monitor system |
| CN108833404A (en) * | 2018-06-11 | 2018-11-16 | 合肥汇英科技有限公司 | A kind of financial lease trade management system based on cloud platform |
| CN111600882A (en) * | 2020-05-15 | 2020-08-28 | 杭州溪塔科技有限公司 | Block chain-based account password management method and device and electronic equipment |
| CN113032802A (en) * | 2021-03-09 | 2021-06-25 | 航天信息股份有限公司 | Data security storage method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564255A (en) * | 2004-03-24 | 2005-01-12 | 华中科技大学 | Digital memory media protecting method based on online controlled access tech, and its system |
| US20140089671A1 (en) * | 2012-09-22 | 2014-03-27 | Nest Labs, Inc. | Multi-Tiered Authentication Methods For Facilitating Communications Amongst Smart Home Devices and Cloud-Based Servers |
| CN104333580A (en) * | 2014-10-23 | 2015-02-04 | 张勇平 | Account management system and method based on cloud service |
| CN105227302A (en) * | 2015-10-28 | 2016-01-06 | 广东欧珀移动通信有限公司 | The shared method of password and the shared system of password |
-
2016
- 2016-07-06 CN CN201610538051.9A patent/CN105915566A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564255A (en) * | 2004-03-24 | 2005-01-12 | 华中科技大学 | Digital memory media protecting method based on online controlled access tech, and its system |
| US20140089671A1 (en) * | 2012-09-22 | 2014-03-27 | Nest Labs, Inc. | Multi-Tiered Authentication Methods For Facilitating Communications Amongst Smart Home Devices and Cloud-Based Servers |
| CN104333580A (en) * | 2014-10-23 | 2015-02-04 | 张勇平 | Account management system and method based on cloud service |
| CN105227302A (en) * | 2015-10-28 | 2016-01-06 | 广东欧珀移动通信有限公司 | The shared method of password and the shared system of password |
Non-Patent Citations (1)
| Title |
|---|
| 熊安萍: "云存储环境下基于属性的密文策略访问控制机制研究", 《中国博士学位论文全文数据库信息科技辑(月刊 )2016 年 第 03 期》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108390758A (en) * | 2018-04-04 | 2018-08-10 | 广州赛姆科技资讯股份有限公司 | User password processing method, device and internal control safety monitor system |
| CN108833404A (en) * | 2018-06-11 | 2018-11-16 | 合肥汇英科技有限公司 | A kind of financial lease trade management system based on cloud platform |
| CN111600882A (en) * | 2020-05-15 | 2020-08-28 | 杭州溪塔科技有限公司 | Block chain-based account password management method and device and electronic equipment |
| CN113032802A (en) * | 2021-03-09 | 2021-06-25 | 航天信息股份有限公司 | Data security storage method and system |
| CN113032802B (en) * | 2021-03-09 | 2023-09-19 | 航天信息股份有限公司 | Data security storage method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9767299B2 (en) | Secure cloud data sharing | |
| CN103812854B (en) | Identity authentication system, device and method and identity authentication requesting device | |
| CN104158827B (en) | Ciphertext data sharing method, device, inquiry server and upload data client | |
| CN104113839A (en) | Mobile data safety protection system and method based on SDN | |
| CN105915566A (en) | Safety system used for real-time account access | |
| SE539602C2 (en) | Generating a symmetric encryption key | |
| CN106209357A (en) | A kind of ciphertext based on cloud computing platform accesses control system | |
| CN107846397A (en) | A kind of cloud storage access control method based on the encryption of attribute base | |
| CN113645195B (en) | Cloud medical record ciphertext access control system and method based on CP-ABE and SM4 | |
| CN102404337A (en) | Data encryption method and device | |
| CN106101131A (en) | A kind of encryption system realizing supporting fine-granularity access control | |
| US11343097B2 (en) | Dynamic segmentation of network traffic by use of pre-shared keys | |
| CN106203137B (en) | A kind of classified papers access safety system | |
| CN101998407B (en) | WLAN access authentication based method for accessing services | |
| CN106131014A (en) | The security system accessed for the case information of medical treatment | |
| CN106911628A (en) | A kind of user registers the method and device of application software on the client | |
| CN113794702A (en) | Communication high-level encryption method in intelligent household system | |
| CN106101260A (en) | Smart Home security access system | |
| CN103746798B (en) | A kind of data access control method and system | |
| CN109412754A (en) | A kind of data storage, distribution and access method encoding cloud | |
| Chatterjee et al. | An efficient fine grained access control scheme based on attributes for enterprise class applications | |
| CN106131013A (en) | A kind of protecting data encryption system | |
| CN113328860A (en) | Block chain-based user privacy data security providing method | |
| US9294447B2 (en) | Access control | |
| Shrishak et al. | Enhancing user privacy in federated eID schemes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160831 |
|
| RJ01 | Rejection of invention patent application after publication |