CN106446667B - Password data processing method, device and equipment - Google Patents
Password data processing method, device and equipment Download PDFInfo
- Publication number
- CN106446667B CN106446667B CN201510484866.9A CN201510484866A CN106446667B CN 106446667 B CN106446667 B CN 106446667B CN 201510484866 A CN201510484866 A CN 201510484866A CN 106446667 B CN106446667 B CN 106446667B
- Authority
- CN
- China
- Prior art keywords
- password
- data
- password data
- preset
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application provides a password data processing method, a password data processing device and password data processing equipment. The method may include: acquiring input verification password data; calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data; inquiring the encrypted password in stored preset password data, and determining an execution instruction corresponding to the encrypted password according to an inquiry result; and executing corresponding operation according to the execution instruction. By utilizing the embodiments in the application, the property loss of the illegal user can be reduced under the condition of no perception when the illegal identity is verified, the illegal verification can be processed in time, and the success rate of recovering the user loss is improved.
Description
Technical Field
The present application belongs to the field of information data processing, and in particular, to a method, an apparatus, and a device for processing password data.
Background
When some illegal events such as robbery cases occur, users are often forced to give bank cards, passwords and the like due to the threat of illegal users, and great property loss is caused to the users.
Generally, an illegal user such as a robber or the like can carry out personal control on the user, and the illegal user often informs the password information of the illegal user under duress, and the illegal user can steal the capital and property of the user through terminal equipment of bank self-service for example. If the user has the ability to alarm, the user is likely to miss the opportunity of catching the illegal user, so that the property of the user is transferred or swung, and the property of the user is difficult to recover.
Most service terminals such as banking systems usually verify the validity of a user by comparing a password input by the user with a verification password set on a server, and the server in the prior art usually compares the verification password of the user with a preset password stored on the server bit by bit when performing password verification. If the preset password stored on the server is the same as the password with all corresponding digits of the password input by the user, the authentication can be passed. When the passwords with the corresponding digits are different, operations such as prompting of password errors or account locking can be performed. However, in the prior art, after the user is in an involuntary situation such as duress and reveals the true verification password, the illegal user can steal the fund of the user by using the true verification password. In the prior art, password authentication usually performs bit-by-bit authentication on data of a password stored in plaintext. In a financial business system related to capital and property, the internal control and information security of an enterprise are kept, and an authentication password preset by a user is usually stored after encryption processing. For the encrypted data stored in the encrypted manner, it is usually impossible to compare and verify each password.
In summary, in the processing method for verifying password data in the prior art, when a user is forced to give out a password, the user often suffers from a large property loss and a loss which is difficult to recover. Moreover, in the prior art, the bit-by-bit password comparison and verification mode can only be used for storing the password plaintext in the business system, and is difficult to be applied to the financial industry and the business systems which need to carry out user verification password confidentiality and encryption.
Disclosure of Invention
The application aims to provide a password data processing method, a device and equipment, in particular to a password encryption system of financial business related to capital and property safety, which can reduce property loss of an illegal user under the condition of no perception during illegal identity verification, can process the illegal verification in time and improve the success rate of recovering the user loss.
The method, the device and the equipment for processing the password data are realized as follows:
a cryptographic data processing method, the method comprising:
acquiring input verification password data;
calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data;
inquiring the encrypted password in stored preset password data, and determining an execution instruction corresponding to the encrypted password according to an inquiry result;
and executing corresponding operation according to the execution instruction.
A cryptographic data processing apparatus, the apparatus comprising:
the password acquisition module is used for acquiring input verification password data;
the password calculation module is used for calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data;
the storage module is used for storing preset password data;
the query module is used for querying preset password data corresponding to the encrypted password in the storage module and determining an execution instruction corresponding to the encrypted password according to a query result;
and the instruction processing module is used for executing corresponding operation according to the execution instruction determined by the query module.
A cryptographic data processing apparatus, the apparatus comprising:
the memorizer, is used for storing and presetting the cipher data and execution command corresponding to said preset cipher data;
a processor;
the processor is configured to:
for obtaining input authentication password data; the encryption device is also used for calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data; the processor is further configured to query the memory for an execution instruction corresponding to the encrypted password; and the processor is also used for executing corresponding operation according to the inquired execution instruction.
The password data processing method, the password data processing device and the password data processing equipment can set multiple groups of preset verification information. The method and the device can be used in a service system for encrypting and storing the original password of the user. The user can tell the illegal user the verification information such as the reverse bank card password and the like which can give an alarm under the coercion condition. Because the verification information which is input by the method and can be used for alarming is carried out under the condition that an illegal user is not aware of the scene, before the illegal user is caught, whether the verification information which is input at first is real verification information or preset verification information for alarming and preventing can not be known. Therefore, the crime risk of the illegal user is improved to a great extent, the invasion desire of the illegal user can be greatly reduced, and the crime rate is reduced. When the illegal identity is verified, the illegal user executes predetermined behaviors such as alarming and the like under the condition of no perception according to the input verification information, so that a third party can acquire the information of illegal invasion of the property of the user in time, and the possibility of recovering the loss of the user is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 is a flow chart diagram illustrating an embodiment of a cryptographic data processing method of the present application;
FIG. 2 is a schematic diagram illustrating a scenario of obtaining authentication password data of a user's movement track on a touch screen according to the present application;
FIG. 3 is a schematic diagram of another scenario for acquiring authentication password data of a movement track of a user on a touch screen according to the present application;
FIG. 4 is a block diagram of an embodiment of a cryptographic data processing apparatus provided in the present application;
FIG. 5 is a block diagram of an embodiment of a storage module in a cryptographic data processing apparatus according to the present application;
fig. 6 is a block diagram illustrating an embodiment of an instruction processing module in the cryptographic data processing apparatus according to the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Generally, a user generally needs to perform authentication when the user is involved in a business operation of capital and property, and a specific authentication manner may include that a server of a business system performs authentication on a received authentication password input by the user at a client in most application scenarios. In general, a server of the service system may store preset password data preset by a user. The server can store a plurality of groups of preset password data of the user, and different preset password data can correspond to different execution operation behaviors. The server can judge the possible situation of the user by identifying the verification password input by the user, so as to perform corresponding business operation and protect the personal and property safety of the user to the maximum extent.
A cryptographic data processing method according to the present application will be described in detail below with reference to the accompanying drawings. Fig. 1 is a flowchart of a method of an embodiment of a cryptographic data processing method according to the present application. Although the present application provides method steps as described in the following examples or flowcharts, additional or fewer steps may be included in the method, based on conventional or non-inventive efforts. In the case of steps where there is no logically necessary causal relationship, the order of execution of the steps is not limited to that provided in the embodiments of the present application. When the method is executed in an actual device or end product, the method can be executed sequentially or in parallel according to the embodiment or the method shown in the figure (for example, in the environment of a parallel processor or a multi-thread processing).
Specifically, an embodiment of a cryptographic data processing method provided in the present application is shown in fig. 1, where the method may include:
s1: the input authentication password data is acquired.
The authentication password data may include password data information entered by a user at a terminal device, such as a six digit bank card password entered by a user at a bank ATM cash dispenser. The mode of acquiring the verification password data can be set according to the terminal distribution or the communication mode of a specific identity verification system. Obtaining the authentication password data may, as in some application scenarios, comprise the client obtaining authentication password data input by a user, which the client may then send to a server, such as a bank system for authentication, for example. At which point the server may receive the authentication password data.
Of course, in other embodiments, the user may directly input the authentication password data on the terminal device of the server for authentication, and the authentication password data may not be acquired through the C/S communication mode. In a specific application scenario, the server may include a safe device configured with an authentication system, a PC terminal or a mobile terminal provided with a fund and property application encryption function, and a terminal of a business service system of a financial institution. The terminal in the application scenario including the above enumeration may directly acquire the authentication password data. As mentioned above, the present application does not exclude that the terminal in the above application scenario is used as a client to obtain the verification password data, and then the verification password data may be sent to the corresponding server, and then the server performs the identity verification.
The verification password data described in the present application can be specifically set according to the application scenario of the service system. For example, the password entered by the user at the bank card counter or in the ATM deposit and withdrawal service may be a pure six digit combination. In the mobile terminal or the online payment system of the bank, the verification password data may be a combination of letters, symbols, numbers and the like of a fixed number of digits or a preset number range (e.g. 6 to 11 digits).
In some embodiments of the present application, the authentication password data may include at least one of the following types:
numbers, letters, symbols, user movement trace on the touch screen, pressing a fingerprint.
The password to be verified can also comprise password data information acquired according to the moving track of the user on the touch screen. Fig. 2 is a schematic view of a scene of acquiring authentication password data of a moving track of a user on a touch screen according to the present application. In a specific application scenario, as shown in fig. 2, for example, password data information of a motion trajectory formed after a user moves in a certain sequence in a number squared figure of a terminal touch display screen, as indicated by an arrow in the motion trajectory of the user moving in fig. 2, the formed password to be verified may be 1457. Fig. 3 is a schematic view of another scenario of acquiring authentication password data of a movement track of a user on a touch screen according to the present application, where if the user moves in the sequence indicated by an arrow in fig. 3, the password to be authenticated may be 1475.
Therefore, in the password data processing method of the present application, the moving track of the user on the touch screen may include: password data information acquired based on a movement track of a user on the touch screen.
It should be noted that the verification password data in this example may include the password data information based on the movement track, and may also include a case where the password data information obtained based on the movement track is combined with one or more other information data, such as letters, characters, numbers, and the like. For example, when the user is authenticated, the obtained authentication password data input by the user may be authentication password data of "movement trajectory of digital squared figure + six-digit digital password". The identity authentication data processing method can be applied to a self-service business system which takes numbers, letters and the like as authentication passwords to perform identity authentication in a financial institution, and can also be implemented in an application scene in which identity authentication is performed through sliding of an application interface in APP application in a mobile terminal such as a mobile phone.
The password data processing method provided by the application can be used for self-service terminals of banking systems, and can also be applied to password verification applied to mobile terminals and application scenes of page password verification on browsers. Even in another embodiment of the present application, the authentication password data may include a pressed fingerprint. Specifically, the method of the present application may also be used in an application scenario of password data processing through fingerprint identification, specifically, for example, by identifying whether the pressing sequence from the thumb to the little thumb or the pressing sequence from the little thumb to the thumb is performed when the palm is pressed, determining whether the input authentication password data corresponds to the first password data or the second password data in the stored preset password data, and then performing a corresponding operation.
The server can directly acquire or receive the authentication password data input by the user and transmitted by the client. The authentication password data described in this application may include, but is not limited to, the form of one or a combination of various types of numbers, letters, symbols, user's movement trace on a touch screen, pressing a fingerprint.
S2: and calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data.
In an embodiment of the application, when storing a password preset by a user, the server may encrypt an original password of a plaintext input by the user according to a certain algorithm and then store the encrypted original password. If the original password set by the user at the banking service network point is P, the original password can be plaintext password data set by the user without encryption processing. The encrypted password PA finally stored in the service storage unit may be generated by a predetermined encryption algorithm or some function f (P) when the server stores the original password P. Therefore, in the verification password processing method of the present application, after the verification password data input by the user is obtained, in order to compare the verification password data with the preset password stored in the server, the verification password data may be calculated according to a predetermined encryption algorithm, so as to obtain the encrypted password of the verification password data.
In a specific embodiment, the predetermined encryption algorithm may include an encryption algorithm used when an original password set by a user is encrypted. For example, the predetermined encryption algorithm adopted by the server during storage may be to combine the three digits of the highest order and the lowest order respectively after squaring the original digital password into preset password data for storage. Then, in this embodiment of the present application, the verification password data input by the user is obtained as 123456, the square calculation may also be performed on the verification password data 123456 by using the above-mentioned predetermined encryption algorithm to obtain 15241383936, and the encrypted password 152936 of the verification password data 123456 may be obtained.
The predetermined encryption algorithm described in this embodiment may include an encryption algorithm that is adopted when the server calculates an original password that stores plaintext set by the user. In the prior art, the directly obtained verification password data cannot be compared with the stored encrypted password bit by bit, and in this embodiment, the verification password data may be calculated to obtain the encrypted password of the verification password data in the same encryption mode as the preset password data. The specific encryption mode of the predetermined encryption algorithm in this embodiment may be set according to the encryption requirement. In most business systems involving the capital and property of users, certain encryption algorithms are typically used to maintain the user's cryptographic data. In this embodiment, after the verification password data or the plaintext password of the user is calculated and processed by the predetermined algorithm, the corresponding encrypted password data may be obtained. In some application scenarios, the authentication password data may be subjected to the predetermined algorithm calculation process to obtain a set of corresponding encryption passwords. And the predetermined algorithm may not be disclosed externally in most application scenarios.
And calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data.
S3: and inquiring the encrypted password in the stored preset password data, and determining an execution instruction corresponding to the encrypted password according to an inquiry result.
After the encrypted data of the verification password data is obtained through calculation, the encrypted data can be compared with stored preset password data, and whether preset password data corresponding to the encrypted password exists in the stored preset password data or not can be inquired. In the embodiment of the application, the password data set by the user can be stored in advance in the storage unit of the terminal device, for example, the server of the banking system can store the bank card password set by the user in advance. Of course, the storage unit may also store other associated information for verifying the validity of the user identity, such as an account name, a login name, a transaction account number, and the like of the user. In the password data processing method, the server may store a plurality of groups of preset password data in advance. Each preset password data in the multiple groups of preset password data can correspond to a preset execution instruction for executing certain operation. The execution instruction corresponding to the encryption password can be determined according to the query result. The preset password data in the application may include an original password that is set by a user and that can be used for normal business processing procedures.
Correspondingly, the obtained authentication password data may include one or more combinations of the aforementioned passwords, and in the method of the present application, the stored preset password data may also include at least one of the following types:
numbers, letters, symbols, user movement trace on the touch screen, pressing a fingerprint.
As mentioned above, in most business systems involving the capital and property of users, certain encryption algorithms are typically used to store the user's cryptographic data. In an embodiment of the method of the present application, the stored preset password data may include:
and encrypting the acquired original password according to a preset algorithm and then storing the encrypted password data.
In particular, the preset password data may be stored by a server of the service system. After the server acquires the original password P set by the user, the original password is encrypted and then stored, so that the security of the password stored by the server can be improved. The specific encryption algorithm may be preset, for example, the encryption mode of the predetermined encryption algorithm may be set to be f (x), and correspondingly, the cipher data obtained after the original cipher P is calculated by the predetermined encryption algorithm (f (P)) may be PA. The encrypted password data of the original password may then be stored by the server as preset password data.
In a preferred embodiment of the method of the present application, in order to minimize property loss of a user and timely recover user loss under the condition that a true password is possibly forced to be revealed to an illegal user, a plurality of groups of preset password data can be prestored in the method of the present application. Considering that the user password stored in the application of the present application to the financial transaction system is generally encrypted password data, in a specific embodiment of the present application, the stored preset password data may include:
first password data obtained by encrypting an original password set by a user;
and the combination of (a) and (b),
and executing the encrypted second cipher data of the specified operation.
The specific storage mode may be stored by a storage unit of the server, or may include storage by a storage unit on a special server, or storage by a storage module on another server. In this embodiment, preset password data corresponding to an original password that can be normally transacted and set by a user may be used as the first password data. Then, second password data of at least one group of users may be set and stored again according to the original password. The second password data may be set according to an actual application scenario of the business system, for example, in a banking business system, the second password data may be set as password data of a specific operation executed under an abnormal transaction such as a robbery.
In the application embodiment of the application, besides the encrypted first password data of the correct transaction of the user, a plurality of groups of encrypted second password data for executing institutional operation under abnormal transaction can be stored. In one embodiment of the present application, a set of second password data may be provided in order to facilitate the user to memorize the authentication password data. The manner in which the second cryptographic data is generated as described in the present application may include two manners. In the first mode, the second password data may be password data formed by encrypting a received spare password set by a user according to a predetermined algorithm. In this case, the user can set a first password for normal transactions, such as the transaction password 123456 of the banking system, and can also actively set a spare password, such as 234567, for performing specified operations under specific circumstances, and then encrypt the spare password 23456 to form second password data. In the second mode, the server processing unit may perform calculation according to the original password set by the user to generate the spare password, and then perform encryption and storage on the generated second password data.
Of course, the second password data described in this application may also be set as password data generated according to other rules in other embodiments, for example, in the original password 123456, the last three bits may be preceded to form the spare password 456123, and then the spare password is encrypted to form the second password data PB.
In order to further improve the convenience of memorizing the user password, in some application scenarios, the spare password may generally have a certain correlation with the original password of the user. The application provides a preferred embodiment, the second password data may include reverse password data formed by rearranging the original password set by the user in a reverse order, and then encrypting and storing the reverse password data. Therefore, in a preferred embodiment, the second cryptographic data may include:
and encrypting the reverse password formed by the reverse order arrangement of the original password set by the user to generate password data.
In the application scenario of the banking system, the original password set by the user is 123456, and the server may store the first password data PA after the original password is encrypted. Meanwhile, the reverse password composed of the original password 123456 in the reverse order arrangement is 654321, the reverse password 654321 may be encrypted to generate the second password data PB, and then the second password data PB may be stored. Therefore, after the user inputs the second password data with the character sequence opposite to the set original password, the user still can enter the banking system, and then the banking system executes corresponding operation according to the preset setting.
The preset password data described in the above embodiments may be stored in a server of the business system. After the encrypted password of the verification password data is obtained, the encrypted password may be compared with stored preset password data, and the encrypted password may be queried in the stored preset password data. The execution instruction corresponding to the verification password data can be determined according to the query result of the encryption password in the preset password data. The password data processing method can preset execution instructions corresponding to different preset password data in the server, and the execution instructions can have corresponding execution operations. Especially, in an application scenario that a user reveals password information under an involuntary condition of the application, for example, a gangster forces to speak out a bank card for transaction and steals user capital and property, the user can tell an illegal user the corresponding standby password of the second password data. The method can set instruction information of the operation executed by the second password data of the abnormal transaction in the server in advance. When the query result is that the verification password data input by the user is the second password data, the operation process of abnormal transaction can be entered, and the purposes of protecting the personal and property safety of the user and timely recovering the user loss are achieved.
The execution instruction corresponding to the verification password data can be set according to requirements in different application scenes. In the application scenario of abnormal transaction in which the user is forced to reveal the transaction password of the bank transaction card, the server of the banking system can be preset with operation measures for ensuring the personal safety of the user and maximally protecting the capital and property safety of the user. For example, when the verification password data is judged to be the reverse password of the original password in the second password data, the execution instruction of the operation behavior of the server for performing abnormal transactions such as networking alarm, automatic hiding of user account amount and the like can be set. Of course, the execution instruction of locking the account after the password input error or the error frequency reaches the predetermined threshold value may also be included.
S4: and executing corresponding operation according to the execution instruction.
And after the execution instruction is determined according to the comparison result of the encrypted password of the verification password data and the preset secret data, the operation corresponding to the execution instruction can be executed. In an embodiment of the application, the verification password data input by the user in the normal sequence can be compared with the stored first password data, and when the comparison result is that the password data to be verified input by the user corresponds to the first password data, normal transaction processing operation can be performed. And meanwhile, an execution instruction of the operation corresponding to the second password data under abnormal transaction can be set. The execution instruction in this embodiment may include, but is not limited to, at least one of the following:
displaying account balance information according to a preset rule;
sending alarm information to a designated public security networking system;
and entering the current transaction behavior into a short message verification mode.
When the execution instruction is obtained, corresponding operation can be executed. For example, the server may obtain the above-mentioned execution instruction, and may perform at least one operation according to the execution instruction, where the operation includes:
displaying account balance information according to a preset rule;
sending alarm information to a designated public security networking system;
and entering the current transaction behavior into a short message verification mode.
The displaying of the account balance information according to the predetermined rule may include automatically hiding most of the amount of money of the user according to a preset rule, and the transaction operation terminal may display only the balance information processed according to the predetermined rule. For example, 10000 yuan is included in the user account, and when the password input by the user is judged to be the password corresponding to the second password data, 90% of the balance of the user account can be hidden, and 1000 yuan can be displayed on the transaction operation terminal. The predetermined rule can also be set to other display modes according to requirements, for example, the real balance of the user is 145752 yuan, the amount of money above ten thousand yuan of the user can be hidden, and the balance is 5752 yuan.
The server may be connected to an access police networking system. When the user inputs the reverse order password, the server prompts that the user of the account is possibly subjected to illegal events such as robbery and the like through the public security networking system, so that the aim of timely alarming is fulfilled. Certainly, the alarm information may further include identity information of the account holder, mobile phone information, position information of the transaction operation terminal, and the like, so that a processing person can quickly locate and process the information in time.
In an embodiment of the application, the executing instruction may further include performing a short message verification mode on the current transaction behavior. The short message verification can comprise verification of operation requirements such as withdrawal, account transfer and the like of the current and subsequent users and a verification code sent to a mobile phone number reserved in a service system. In some application scenarios, a clear and conservative positioning opportunity can be provided for public security quickly through a communication network of a mobile terminal such as a mobile phone, and the efficiency of stopping abnormal transaction behaviors and recovering loss can be improved.
In some embodiments of the present application, an application scenario is included in which a previously stored encrypted password is directly compared as a whole, rather than a function-by-function comparison, so that security and efficiency can be improved. In the embodiment of user property management, for example, the encryption mode may include that even if plaintext passwords are the same, the passwords stored after encryption of the passwords may be different and unique through a weighting factor (such as account information, a preset algorithm, and the like), and the problem that a plurality of persons use the same passwords can be solved.
In the password data processing method provided by the application, a user can set at least two groups of preset password data. Corresponding operation can be executed through different preset password data, property loss of a user can be effectively reduced when an illegal user carries out illegal transaction according to one group of preset password data, and the success rate of recovering the property of the user is improved. The method is particularly suitable for a financial business system for encrypting and storing the plaintext password of the user, and compared with a mode of comparing the plaintext passwords bit by bit in the prior art, the method can improve the security of the user password and protect the property security of the user.
In a preferred embodiment, a set of reverse passwords may be provided in reverse order to the normal transaction password. The reverse order password can not sense whether the order of the password is the reverse order or the normal order when the terminal conducts transaction, and the personal safety of the user can be guaranteed and the capital and property loss of the user can be reduced as much as possible in the application scene that the user is stressed. In addition, the password data processing method can be applied to a financial service system, before an illegal user is caught, whether the password input at first is normal first password data or abnormal second password data, whether the password input at first is a normal order password or a reverse order password, so that the risk of the illegal user in carrying out illegal transaction is increased, and the possibility of the illegal user in carrying out illegal behaviors in the application scene can be reduced.
Based on the password data processing method in each embodiment of the application, the application also provides a password data processing device. Fig. 4 is a schematic block diagram of an embodiment of a cryptographic data processing apparatus provided in the present application, and as shown in fig. 4, the apparatus may include:
a password obtaining module 101, configured to obtain input authentication password data;
the password calculation module 102 may be configured to calculate the verification password data according to a predetermined encryption algorithm, and obtain an encryption password of the verification password data;
the storage module 103 can be used for storing preset password data;
the query module 104 may be configured to query the preset password data corresponding to the encrypted password in the storage module 103, and determine an execution instruction corresponding to the encrypted password according to a query result;
the instruction processing module 105 may be configured to perform a corresponding operation according to the execution instruction determined by the query module 104.
In some embodiments, the authentication password data obtained by the password obtaining module 101 and/or the preset password data stored by the storage module 103 in the apparatus of the present application may include at least one of the following:
numbers, letters, symbols, user movement trace on the touch screen, pressing a fingerprint.
In most application scenarios, if the preset password data stored in the server is a combination of one or more formats, the user can generally input the same format as the preset password data stored in the server when inputting the authentication password data, and the server can acquire the authentication password data in the same format as the stored preset password data. If the preset password stored by the server is in a six-digit digital format, generally, a user can input the verification password data of six digits when inputting the password, and the server can receive and acquire the verification password data of the six digits. Of course, the above is only one implementation method in the present application, and the password data to be authenticated, which is obtained by the final server, may be determined according to the input of the user.
The password data processing device can be used for identity verification in capital and property operation of financial industries such as banks, such as bank ATMs, and can also be applied to application of mobile terminals or identity verification of page operation. In the application scenario, the server may encrypt and store an original plaintext password set by the user, so that the user password may be stored in a secret manner by a bank, and the encrypted password may be verified. In a specific embodiment, the server may store the first encrypted data after the encryption processing of the normal transaction of the user, and may also store the second encrypted data after the encryption processing that is preset and can execute the specified operation behavior. Fig. 5 is a schematic block diagram of an embodiment of a storage module 103 in a cryptographic data processing apparatus according to the present application, where as shown in fig. 5, the storage module 103 may include:
a first password storage unit 1031, which may be configured to store first password data obtained by encrypting an original password set by a user;
the second cipher storage unit 1032 may be configured to store the second cipher data after the encryption processing for setting the execution of the specified operation.
In a preferred embodiment, in order to facilitate the memory of the user, and to easily remember the spare password corresponding to the second password data in an emergency or duress condition, in this embodiment, the password obtained by performing reverse arrangement on the original password set by the user may be used as the spare password, and then encrypted and stored in the second password storage unit. If the stored original password of the normal transaction of the user is 123456, the first password data generated after the encryption process according to the predetermined encryption algorithm is PA, and may be stored in the first password storage unit 1031. At this time, the original password 123456 may be arranged in reverse order of character sequence to form a reverse password 654321, and then the second password data PB of the reverse password may be generated by encryption processing according to a predetermined encryption algorithm and may be stored in the second password storage unit 1032. Therefore, in another embodiment of the apparatus of the present application, the second cryptographic data may include:
and encrypting the reverse password formed by the reverse order arrangement of the original password set by the user to generate password data.
When the verification password data input by the user is obtained, generally, the comparison of the bit-by-bit passwords cannot be directly carried out in a service system which does not adopt plaintext password storage, and the identity verification is completed. The predetermined encryption algorithm may be employed to encrypt the authentication password data in the present application. The predetermined encryption algorithm in the cryptographic calculation module 102 in the apparatus of the present application may include:
and an encryption algorithm adopted when the original password set by the user is encrypted.
After the query module 104 determines an execution instruction that needs to be operated, the instruction processing module 105 may execute a corresponding operation according to the execution instruction. Fig. 6 is a block diagram of an embodiment of the instruction processing module 105 in the cryptographic data processing apparatus according to the present application. Specifically, as shown in fig. 6, in another embodiment of the cryptographic data processing apparatus according to the present application, the instruction processing module 105 may include at least one of the following processing units:
the balance hiding unit 1051 may be configured to display account balance information according to a predetermined rule.
The displayed account balance information may generally include information that is less than the user's actual balance after processing according to a predetermined rule, such as displaying only money below ten thousand yuan. Specific preset rules for displaying account balance information can be set according to design requirements.
And an alarm unit 1052, which may be configured to send alarm information to a designated public security networking system.
The alarm unit 1052 can be networked with a local or designated public security system, and can send alarm information to the public security system when a user performs a transaction using second password data such as a reverse password, so as to inform the user that the user may be hijacked or the property of the user is undergoing an illegal transaction.
The short message verification unit 1053 may be configured to enter the current transaction behavior into a short message verification mode.
In the embodiment, the short message transaction module is used for performing transaction behaviors, and the user terminal can be quickly positioned by using a communication network of the mobile communication terminal, so that the position of a user or the position of an illegal user can be quickly and accurately positioned. The possibility of recovering the user's loss can be greatly improved.
According to the password data processing device, the personal safety of a user can be guaranteed in an application scene that the user is stressed, and meanwhile, the capital and property loss of the user is reduced as much as possible. Especially, the property safety of the user can be protected under the condition that the illegal user is not aware in the process of illegal identity authentication, and the illegal authentication can be processed in time, thereby greatly improving the possibility of recovering the user loss.
The password data processing method and device can be used for various terminal devices including a server of a banking system, a mobile terminal APP application and the like. Therefore, the present application further provides a cryptographic data processing device, and specifically, the device may include:
a memory operable to store preset cipher data and an execution instruction corresponding to the preset cipher data;
a processor;
the processor is configured to:
may be used to obtain input authentication password data; the encryption algorithm can be used for calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data; the processor is further configured to query the memory for execution instructions corresponding to the encrypted password; and the method can also be used for executing corresponding operations according to the inquired execution instructions.
The memory may comprise a physical medium with storage capabilities. The processor may comprise a CPU of the type intel, cellcept, etc. in a PC terminal, mobile terminal, etc., or other unit having logic gates, programmable controllers, etc. that may execute logic processing instructions.
Of course, in the password data processing setting described in this application, the stored preset password data may include:
first password data obtained by encrypting an original password set by a user;
and the combination of (a) and (b),
and executing the encrypted second cipher data of the specified operation.
In a preferred embodiment, the second cryptographic data may include:
and encrypting the reverse password formed by the reverse order arrangement of the original password set by the user to generate password data.
The application provides a method, a device and equipment for processing password data, in particular to a financial business system relating to capital and property safety of users, which can reduce property loss of the users as much as possible under the condition that the illegal users are not aware during illegal identity authentication, and can process the illegal authentication in time, thereby improving the success rate of recovering the user loss.
Although the present application refers to the description of data communication, processing, etc. of C/S communication, data storage, predetermined encryption calculation, etc., the present application is not limited to the manner of data communication, processing, etc. which must be a complete standard or the mentioned method. The above description of the embodiments of the present application is only an application of some embodiments of the present application, and the solutions of the embodiments of the present application can also be implemented by a processing method slightly modified based on some standards and methods. Of course, other non-inventive variations of the processing method steps described in the above embodiments consistent with the present application may still be implemented in the same application, and are not described herein again.
Although the present application provides method steps as described in an embodiment or flowchart, more or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The units or modules illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the present application, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The application is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, mobile communication terminals, multiprocessor systems, microprocessor-based systems, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the present application has been described with examples, those of ordinary skill in the art will appreciate that there are numerous variations and permutations of the present application without departing from the spirit of the application, and it is intended that the appended claims encompass such variations and permutations without departing from the spirit of the application.
Claims (15)
1. A cryptographic data processing method, the method comprising:
acquiring input verification password data;
calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data so as to enable the verification password data to be integrally compared with a plurality of groups of preset password data stored by a server, wherein the preset password data stored after encryption are different and unique, and each group of preset password data in the plurality of groups of preset password data corresponds to a preset execution instruction for executing certain operation;
inquiring whether preset password data corresponding to the encrypted password exist in a plurality of groups of stored preset password data, wherein the stored preset password data comprise first password data corresponding to an original password of normal transaction and second password data of abnormal transaction;
determining an execution instruction corresponding to the encrypted password when the query result is that the input verification password data is second password data;
executing corresponding operation according to the execution instruction, wherein the operation comprises displaying account balance information according to a preset rule;
the input verification password data comprises a pressed fingerprint, and correspondingly, the inquiring whether the preset password data corresponding to the encryption password exists or not comprises the following steps: whether the pressing sequence from the thumb to the little thumb or the pressing sequence from the little thumb to the thumb is identified by the pressing fingerprint identification, and whether the input verification password data corresponds to the first password data or the second password data in the stored preset password data is further judged.
2. A cryptographic data processing method as in claim 1, characterized in that the stored preset cryptographic data comprises:
first password data obtained by encrypting an original password set by a user;
and the combination of (a) and (b),
and executing the second password data after the password encryption processing of the specified operation.
3. A cryptographic data processing method as in claim 2 wherein said second cryptographic data comprises:
and encrypting the reverse password formed by the reverse order arrangement of the original password set by the user to generate password data.
4. A cryptographic data processing method as in claim 1, characterized in that the stored preset cryptographic data comprises at least one of the following:
numbers, letters, symbols, user movement trace on the touch screen, pressing a fingerprint.
5. A cryptographic data processing method as in claim 1 wherein said predetermined encryption algorithm comprises:
and an encryption algorithm adopted when the original password set by the user is encrypted.
6. The cryptographic data processing method of claim 1, wherein said performing a corresponding operation according to said execution instruction further comprises performing at least one of:
sending alarm information to a designated public security networking system;
and entering the current transaction behavior into a short message verification mode.
7. A cryptographic data processing apparatus, the apparatus comprising:
the password acquisition module is used for acquiring input verification password data;
the password calculation module is used for calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data so as to enable the verification password data to be integrally compared with a plurality of groups of preset password data stored by the server, wherein the preset passwords stored after encryption are different and unique, and each group of preset password data in the plurality of groups of preset password data corresponds to a preset execution instruction for executing certain operation;
the memory module is used for storing preset password data, and the stored preset password data comprise first password data corresponding to an original password of normal transaction and second password data of abnormal transaction;
the query module is used for querying whether preset password data corresponding to the encrypted password exist in the storage module, and determining an execution instruction corresponding to the encrypted password when the query result is that the input verification password data is second password data;
the instruction processing module is used for executing corresponding operation according to the execution instruction determined by the query module, wherein the operation comprises displaying account balance information according to a preset rule;
the input verification password data comprises a pressed fingerprint, and correspondingly, the inquiring whether the preset password data corresponding to the encryption password exists or not comprises the following steps: whether the pressing sequence from the thumb to the little thumb or the pressing sequence from the little thumb to the thumb is identified by the pressing fingerprint identification, and whether the input verification password data corresponds to the first password data or the second password data in the stored preset password data is further judged.
8. A cryptographic data processing apparatus as in claim 7 wherein the storage module comprises:
the first password storage unit is used for storing first password data obtained by encrypting an original password set by a user;
and the second password storage unit is used for storing second password data after password encryption processing for setting execution of specified operation.
9. A cryptographic data processing apparatus as in claim 8 wherein the second cryptographic data comprises:
and encrypting the reverse password formed by the reverse order arrangement of the original password set by the user to generate password data.
10. A cryptographic data processing apparatus as in claim 7 wherein the preset cryptographic data stored by the storage module comprises at least one of:
numbers, letters, symbols, user movement trace on the touch screen, pressing a fingerprint.
11. A cryptographic data processing apparatus as in claim 7 wherein the predetermined encryption algorithm in the cryptographic calculation module comprises:
and an encryption algorithm adopted when the original password set by the user is encrypted.
12. A cryptographic data processing apparatus as in claim 7 wherein the instruction processing module comprises at least one of the following processing units:
the alarm unit is used for sending alarm information to the specified public security networking system;
and the short message verification unit is used for entering the current transaction behavior into a short message verification mode.
13. A cryptographic data processing apparatus, characterized in that the apparatus comprises:
the memorizer, is used for storing the multiple-unit preset cipher data and execution order corresponding to said preset cipher data; the stored preset password data comprise first password data corresponding to an original password of normal transaction and second password data of abnormal transaction, and the execution instruction comprises account balance information displayed according to a preset rule;
a processor;
the processor is configured to:
for obtaining input authentication password data; the system is also used for calculating the verification password data according to a preset encryption algorithm to obtain an encryption password of the verification password data so as to enable the verification password data to be integrally compared with a plurality of groups of preset password data stored by a server, wherein the preset passwords stored after encryption are different and unique, and each group of preset password data in the plurality of groups of preset password data corresponds to a preset execution instruction for executing certain operation; the memory is also used for inquiring whether preset password data corresponding to the encrypted password exists in the memory and determining a corresponding execution instruction when the inquiry result is that the input verification password data is second password data; the method is further used for executing corresponding operation according to the execution instruction, wherein the input verification password data includes a pressed fingerprint, and correspondingly, the querying whether the preset password data corresponding to the encryption password exists or not includes: whether the pressing sequence from the thumb to the little thumb or the pressing sequence from the little thumb to the thumb is identified by the pressing fingerprint identification, and whether the input verification password data corresponds to the first password data or the second password data in the stored preset password data is further judged.
14. The cryptographic data processing apparatus of claim 13, wherein the stored sets of preset cryptographic data comprise:
first password data obtained by encrypting an original password set by a user;
and the combination of (a) and (b),
and executing the second password data after the password encryption processing of the specified operation.
15. The cryptographic data processing device of claim 14, wherein said second cryptographic data comprises:
and encrypting the reverse password formed by the reverse order arrangement of the original password set by the user to generate password data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510484866.9A CN106446667B (en) | 2015-08-07 | 2015-08-07 | Password data processing method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510484866.9A CN106446667B (en) | 2015-08-07 | 2015-08-07 | Password data processing method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106446667A CN106446667A (en) | 2017-02-22 |
| CN106446667B true CN106446667B (en) | 2020-09-08 |
Family
ID=58092601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510484866.9A Active CN106446667B (en) | 2015-08-07 | 2015-08-07 | Password data processing method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106446667B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106685995B (en) * | 2017-02-23 | 2020-11-03 | 王锐 | Leakage account data query system based on hardware encryption |
| CN107704737A (en) * | 2017-10-25 | 2018-02-16 | 维沃移动通信有限公司 | Method, apparatus, mobile terminal and the computer-readable recording medium of safety verification |
| US11042628B2 (en) * | 2018-02-15 | 2021-06-22 | Verifone, Inc. | Systems and methods for authentication code entry using mobile electronic devices |
| CN109979116B (en) * | 2019-04-01 | 2021-04-20 | 深圳市摩线科技有限公司 | Offline password encryption method for equipment leasing |
| CN111342854A (en) * | 2020-03-06 | 2020-06-26 | 上海航天测控通信研究所 | Multi-point frequency signal receiving and processing device |
| CN115643009A (en) * | 2022-09-30 | 2023-01-24 | 深圳依时货拉拉科技有限公司 | Password verification method and device, computer equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702191A (en) * | 2009-10-31 | 2010-05-05 | 浙江德施曼机电有限公司 | Device and method for verifying passwords |
| US20140068733A1 (en) * | 2012-08-31 | 2014-03-06 | International Business Machines Corporation | Managing password strength |
| CN104408363A (en) * | 2014-12-25 | 2015-03-11 | 绵阳艾佳科技有限公司 | Safe password system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455737A (en) * | 2012-05-28 | 2013-12-18 | 百度在线网络技术(北京)有限公司 | User information protection method and device |
| CN104484596B (en) * | 2015-01-07 | 2018-02-13 | 宇龙计算机通信科技(深圳)有限公司 | The method and terminal of password are created in multiple operating system |
-
2015
- 2015-08-07 CN CN201510484866.9A patent/CN106446667B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101702191A (en) * | 2009-10-31 | 2010-05-05 | 浙江德施曼机电有限公司 | Device and method for verifying passwords |
| US20140068733A1 (en) * | 2012-08-31 | 2014-03-06 | International Business Machines Corporation | Managing password strength |
| CN104408363A (en) * | 2014-12-25 | 2015-03-11 | 绵阳艾佳科技有限公司 | Safe password system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106446667A (en) | 2017-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106446667B (en) | Password data processing method, device and equipment | |
| US8843757B2 (en) | One time PIN generation | |
| US10298396B1 (en) | Identity management service via virtual passport | |
| CN103646201A (en) | Verification method achieved by combining human faces with identities | |
| CN107733868A (en) | Mobile terminal and fingerprint simultaneously close checking implementation method and storage medium | |
| US11822638B1 (en) | Multi-channel authentication using smart cards | |
| US10581855B1 (en) | Secured device manufacturing self-test | |
| CN111882425B (en) | Service data processing method, device and server | |
| WO2012051590A1 (en) | Systems and methods for authenticating aspects of an oline transaction using a secure peripheral device having a message display and/or user input | |
| CN103646200A (en) | Encoding encryption application method for human face information | |
| KR20240024112A (en) | System and method for contactless card communication and multi-device key pair cryptographic authentication | |
| Gulsezim et al. | Two factor authentication using twofish encryption and visual cryptography algorithms for secure data communication | |
| JPS62212781A (en) | Personal identification system | |
| CN106056388A (en) | Fingerprint password dynamic password device and using method thereof | |
| EP4047494A1 (en) | Systems and methods for authentication code entry using mobile electronic devices | |
| Reno | Multifactor authentication: Its time has come | |
| JP2002358418A (en) | Transaction system | |
| CA3238743A1 (en) | Systems and techniques for authenticating insurance claims | |
| CN105260889A (en) | Authentication payment system | |
| TWM627346U (en) | credit card control system | |
| JP2019050014A (en) | Account opening system, account opening method, and program | |
| KR101674314B1 (en) | The method for authenticating one time security character using captcha | |
| CN108989041A (en) | Encryption method and device, decryption method and device | |
| TWI840727B (en) | Automatic credit card management system | |
| JP5574005B2 (en) | Biometric authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200924 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200924 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: Greater Cayman, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |