CN106709374A - Key data security assurance method and device - Google Patents
Key data security assurance method and device Download PDFInfo
- Publication number
- CN106709374A CN106709374A CN201710123541.7A CN201710123541A CN106709374A CN 106709374 A CN106709374 A CN 106709374A CN 201710123541 A CN201710123541 A CN 201710123541A CN 106709374 A CN106709374 A CN 106709374A
- Authority
- CN
- China
- Prior art keywords
- critical data
- data table
- critical
- key data
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a key data security assurance method and device. According to the method, key data is prestored in different data tables, wherein the data tables comprise a first key data table and a second key data table. The first key data table is configured with an external calling interface, the key data in the first key data table can be called by the outside, while the second key data table is not configured with an external calling interface, and thus the key data in the second key data table cannot be called. When a data calling command is received, the first key data table and the key data table are compared, if the key data in the first key data table and the second key data table are coincident, it shows that the key data is not falsified, and a user is allowed to call the key data; if the key data in the first key data table and the second key data table are not coincident, it shows that the key data is falsified, and then the used is forbidden to call the key data. According to the key data security assurance method and device, compared with a prior art, the key data is subjected to backup when being stored, and thus the safety of the key data is guaranteed.
Description
Technical field
The application is related to computer realm, more specifically to a kind of critical data safety method and apparatus.
Background technology
With the arriving in big data epoch, the security of data has increasingly obtained the concern of user, thus how to protect
The security for demonstrate,proving critical data is the technical problem of computer software developer's urgent need to resolve.For example, user cipher is user
Log in the critical data of the platform.At present, hacker can obtain or repair by way of setting trojan horse from Platform Server
The user cipher at family is used instead, so as to carry out criminal manipulation.
The content of the invention
In view of this, the application provides a kind of critical data safety method and apparatus, to ensure critical data
Security.
To achieve these goals, it is proposed that scheme it is as follows:
A kind of critical data safety method, including:
Receive critical data call instruction;
Compare default first critical data table and default second critical data table, wherein the first critical data table
External call interface is configured with, the second critical data table is configured without external call interface, the first critical data table
Critical data be based on the second critical data table critical data be updated;
When the critical data of the first critical data table is consistent with the critical data of the second critical data table, permit
Call the critical data of the first critical data table in family allowable;
When the critical data of the first critical data table is inconsistent with the critical data of the second critical data table,
Forbid the critical data of the first critical data table described in user scheduling.
Preferably, it is described forbid the critical data of the first critical data table described in user scheduling after, also include:
When the number of times for forbidding critical data described in user scheduling reaches preset times, critical data is sent to user terminal
Illegally call prompting message.
Preferably, after the permission user calls the critical data of the first critical data table, also include:
User is allowed to modify the critical data of the second critical data table.
A kind of critical data safety device, including:
Instruction reception unit, for receiving critical data call instruction;
Comparing unit, for comparing default first critical data table and default second critical data table, wherein described
First critical data table is configured with external call interface, and the second critical data table is configured without external call interface, described
The critical data that the critical data of the first critical data table is based on the second critical data table is updated;
Data call unit, for the critical data when the first critical data table and the second critical data table
When critical data is consistent, it is allowed to which user calls the critical data of the first critical data table;
Forbidden data call unit, for the critical data when the first critical data table and second critical data
When the critical data of table is inconsistent, forbid the critical data of the first critical data table described in user scheduling.
Preferably, also include:Prewarning unit, for being reached default time when the number of times for forbidding critical data described in user scheduling
During number, send critical data to user terminal and illegally call prompting message.
Preferably, also include:Data modification unit, for allowing user to call the first critical data when data call unit
During critical data in table, it is allowed to which user modifies to the critical data of the second critical data table.
Through as shown from the above technical solution, this application discloses a kind of critical data safety method and apparatus.Should
Be stored in critical data in different tables of data in advance by method, the first critical data table and the second critical data table.Wherein,
One critical data table is configured with external call interface, and its critical data can be by external call, and the second critical data table is configured without
External call interface, its critical data cannot match somebody with somebody to be called.When data call instruction is received, compare the first critical data table
With the second critical data table, if the critical data in two tables is consistent, illustrate that critical data is not tampered with, then allow user to call
Critical data, illustrates that critical data has been suffered to distort if inconsistent, forbids user scheduling critical data.With prior art phase
Than the present invention is backed up when critical data is deposited to critical data, so as to ensure that the security of critical data.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 shows a kind of schematic flow sheet of the joining method of operation flow disclosed in one embodiment of the invention;
Fig. 2 shows a kind of structural representation of the splicing system of operation flow disclosed in another embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, the scope of protection of the invention is belonged to.
A kind of schematic flow sheet of critical data safety method disclosed by the invention is shown referring to Fig. 1.
As shown in Figure 1, the method includes:
S101:Receive critical data call instruction.
By taking Account Logon as an example, when user carries out account to be logged in, system can receive the login password of user, and issue pass
Key data call instruction, to call user to prestore security password (critical data) in systems, if login password and safety
When password is consistent, then logging in system by user is allowed, logging in system by user is forbidden if inconsistent
S102:Compare default first critical data table and default second critical data table.
Critical data is stored in default first critical data table and the second critical data table simultaneously in advance.
It should be noted that the first critical data table is configured with external call interface, the second critical data table is configured without
External call interface, when critical data call instruction is received, system adjustable closes the crucial number in critical data table with first
According to, and the critical data in the second critical data table cannot be called.
After critical data call instruction is received, compare the critical data and the second crucial number in the first critical data table
Whether still it is consistent according to the critical data in table.
If the critical data in the first critical data table still ensures consistent with the critical data in the second critical data table,
Prove that external hackers do not distort the critical data, then allow system to call this
S103:When the critical data of the first critical data table is consistent with the critical data of the second critical data table
When, it is allowed to user calls the critical data of the first critical data table.
If the comparative result of step S102 shows:In critical data and the second critical data table in first critical data table
Critical data still ensure unanimously, prove external hackers do not distort the critical data, then allow system call the crucial number
According to.
S104:When the critical data of the first critical data table differs with the critical data of the second critical data table
During cause, forbid the critical data of the first critical data table described in user scheduling.
If the comparative result of step S102 shows:In critical data and the second critical data table in first critical data table
Critical data it is inconsistent, then prove the critical data in the first critical data table by outside illegally distort.
As seen from the above embodiment, present embodiment discloses a kind of critical data safety method.The method is advance
Critical data is stored in different tables of data, the first critical data table and the second critical data table.Adjusted data are received
During with instruction, compare the first critical data table and the second critical data table, if the critical data in two tables is consistent, illustrate crucial number
According to being not tampered with, then allow user to call critical data, illustrate that critical data has been suffered to distort if inconsistent, forbid using
Dispatch critical data in family.Compared with prior art, the present invention is backed up when critical data is deposited to critical data, so that
Ensure that the security of critical data.
It should be noted that in the present embodiment when the number of times for illegally calling critical data reaches prediction number of times, system
Prompting message can be issued to the mobile terminal of user, such as user using bad password repeatedly by force login system when, system can
Reminding short message is sent to the mobile terminal of user.
Optionally, in other embodiment disclosed by the invention, as user for validated user, i.e. user legal can call
During critical data in one critical data table, the user can be to the first critical data table and the critical data of the second critical data table
Modify, i.e., which data user can voluntarily set for critical data.
A kind of structure of critical data safety device disclosed in another embodiment of the present invention is shown referring to Fig. 2
Schematic diagram.
As shown in Figure 2, the device includes:Instruction reception unit 1, comparing unit 2, data call unit 3 and forbidden data
Call unit 4.
Wherein, instruction reception unit 1 is used to receive critical data call instruction, and the call instruction is forwarded into comparing list
In unit 2.
Comparing unit 2 compares default first critical data table after receiving the call instruction that instruction reception unit 1 is forwarded
With default second critical data table.
It should be noted that the crucial number to be called that is stored with above-mentioned first critical data table and the second critical data table
According to, and the first critical data table is configured with external call interface, the second critical data table is configured without external call interface.
When the critical data in the first critical data table is consistent with the critical data in the second critical data table, is illustrated
Critical data in one critical data table is not distorted illegally.Now, data call unit 3 allows user to call described first
The critical data of critical data table.
When the critical data in the critical data in the first critical data table and the second critical data table is inconsistent, explanation
Critical data in first critical data table is illegally distorted.Now, forbidden data call unit 4 forbids user to call this
Critical data.
It should be noted that the device also includes in the present embodiment:Prewarning unit 5 and data amendment unit 6.
Wherein, prewarning unit 5 is used for when illegally calling critical data to reach prediction number of times, and system can be to the movement of user
Terminal issues prompting message, such as user using bad password repeatedly by force login system when, system can be to the mobile end of user
End sends reminding short message.
In addition, when user legal can call the critical data in the first critical data table for validated user, i.e. user, should
User can be modified by the critical data of 6 pairs of the first critical data tables of data modification unit and the second critical data table, i.e.,
Which data user can voluntarily set for critical data.
It should be noted that the system embodiment is corresponding with embodiment of the method, its implementation procedure is identical with principle is performed,
Therefore not to repeat here.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include for this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", does not arrange
Except also there is other identical element in the process including the key element, method, article or equipment.
Each embodiment is described by the way of progressive in this specification, and what each embodiment was stressed is and other
The difference of embodiment, between each embodiment identical similar portion mutually referring to.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or uses the present invention.
Various modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, the present invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The scope most wide for causing.
Claims (6)
1. a kind of critical data safety method, it is characterised in that including:
Receive critical data call instruction;
Compare default first critical data table and default second critical data table, wherein the first critical data table is configured
There is external call interface, the second critical data table is configured without external call interface, the pass of the first critical data table
The critical data that key data is based on the second critical data table is updated;
When the critical data of the first critical data table is consistent with the critical data of the second critical data table, it is allowed to use
Call the critical data of the first critical data table in family;
When the critical data of the first critical data table is inconsistent with the critical data of the second critical data table, forbid
The critical data of the first critical data table described in user scheduling.
2. method according to claim 1, it is characterised in that described to forbid the first critical data table described in user scheduling
After critical data, also include:
When the number of times for forbidding critical data described in user scheduling reaches preset times, critical data is sent to user terminal illegal
Call prompting message.
3. method according to claim 1, it is characterised in that the permission user calls the first critical data table
After critical data, also include:
User is allowed to modify the critical data of the second critical data table.
4. a kind of critical data safety device, it is characterised in that including:
Instruction reception unit, for receiving critical data call instruction;
Comparing unit, for comparing default first critical data table and default second critical data table, wherein described first
Critical data table is configured with external call interface, and the second critical data table is configured without external call interface, described first
The critical data that the critical data of critical data table is based on the second critical data table is updated;
Data call unit, for the key of the critical data when the first critical data table and the second critical data table
When data are consistent, it is allowed to which user calls the critical data of the first critical data table;
Forbidden data call unit, for the critical data when the first critical data table and the second critical data table
When critical data is inconsistent, forbid the critical data of the first critical data table described in user scheduling.
5. device according to claim 4, it is characterised in that also include:Prewarning unit, user scheduling institute is forbidden for working as
When the number of times for stating critical data reaches preset times, send critical data to user terminal and illegally call prompting message.
6. device according to claim 4, it is characterised in that also include:Data modification unit, for when data call list
When unit allows user to call the critical data in the first critical data table, it is allowed to key of the user to the second critical data table
Data are modified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710123541.7A CN106709374A (en) | 2017-03-03 | 2017-03-03 | Key data security assurance method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710123541.7A CN106709374A (en) | 2017-03-03 | 2017-03-03 | Key data security assurance method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106709374A true CN106709374A (en) | 2017-05-24 |
Family
ID=58912080
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710123541.7A Pending CN106709374A (en) | 2017-03-03 | 2017-03-03 | Key data security assurance method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106709374A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101685514A (en) * | 2008-09-23 | 2010-03-31 | 阿里巴巴集团控股有限公司 | Method and system for preventing read-only data of form from being falsified |
CN102819696A (en) * | 2011-10-18 | 2012-12-12 | 金蝶软件(中国)有限公司 | Method and device for preventing account data from being illegally accessed |
CN105989089A (en) * | 2015-02-12 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Data comparison method and device |
-
2017
- 2017-03-03 CN CN201710123541.7A patent/CN106709374A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101685514A (en) * | 2008-09-23 | 2010-03-31 | 阿里巴巴集团控股有限公司 | Method and system for preventing read-only data of form from being falsified |
CN102819696A (en) * | 2011-10-18 | 2012-12-12 | 金蝶软件(中国)有限公司 | Method and device for preventing account data from being illegally accessed |
CN105989089A (en) * | 2015-02-12 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Data comparison method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108322461B (en) | Method, system, device, equipment and medium for automatically logging in application program | |
US9396325B2 (en) | Provisioning an app on a device and implementing a keystore | |
US8955076B1 (en) | Controlling access to a protected resource using multiple user devices | |
US20040103317A1 (en) | Method and apparatus for protecting secure credentials on an untrusted computer platform | |
CN112528257B (en) | Secure debugging method and device, electronic equipment and storage medium | |
US20210234850A1 (en) | System and method for accessing encrypted data remotely | |
US11288383B2 (en) | Access control tool | |
CN103403669A (en) | Securing and managing APPs on a device | |
CN103813334A (en) | Right control method and right control device | |
CN108810003B (en) | Safety verification scheme for multi-service party message access | |
US20110197257A1 (en) | On device policy enforcement to secure open platform via network and open network | |
WO2017166689A1 (en) | Privacy protection method and device | |
CN110011953B (en) | Preventing reuse of stolen passwords | |
CN103514000A (en) | Browser plug-in installation method and device | |
CN104378385B (en) | A kind of auth method and device | |
CN105893865A (en) | File processing method and device | |
CN111031037A (en) | Authentication method and device for object storage service and electronic equipment | |
CN106155663A (en) | The method and apparatus of application program loading code signature | |
Xuan et al. | Privacy requirements patterns for mobile operating systems | |
CA2498317C (en) | Method and system for automatically configuring access control | |
CN109858235B (en) | Portable equipment and password obtaining method and device thereof | |
CN106709374A (en) | Key data security assurance method and device | |
CN111063061A (en) | Method, equipment and storage medium for using temporary password for intelligent door lock | |
KR102465744B1 (en) | Device authentication method by login session passing | |
WO2016026333A1 (en) | Data protection method, device and storage medium in connection between terminal and pc |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170524 |