CN106790056A - Reduce the method and system of the data theft risk of data bank - Google Patents

Reduce the method and system of the data theft risk of data bank Download PDF

Info

Publication number
CN106790056A
CN106790056A CN201611183328.7A CN201611183328A CN106790056A CN 106790056 A CN106790056 A CN 106790056A CN 201611183328 A CN201611183328 A CN 201611183328A CN 106790056 A CN106790056 A CN 106790056A
Authority
CN
China
Prior art keywords
binding
module
mark
user equipment
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611183328.7A
Other languages
Chinese (zh)
Other versions
CN106790056B (en
Inventor
黄瑞
唐玉国
袁艳明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Institute of Biomedical Engineering and Technology of CAS
Original Assignee
Suzhou Institute of Biomedical Engineering and Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Institute of Biomedical Engineering and Technology of CAS filed Critical Suzhou Institute of Biomedical Engineering and Technology of CAS
Priority to CN201611183328.7A priority Critical patent/CN106790056B/en
Publication of CN106790056A publication Critical patent/CN106790056A/en
Application granted granted Critical
Publication of CN106790056B publication Critical patent/CN106790056B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Abstract

The invention discloses a kind of method and system of the data theft risk for reducing data bank, methods described includes:S1, client the data bank account and modification logging are packed and encrypted the first encryption file for obtaining are sent to server, and after checking is logined successfully, client obtains the mark address information of user equipment;S2, client by the mark address and access request pack and encrypt obtain second encryption file send to server;S3, the server are decrypted and decompress the second encryption file, detect that the mark address information identifies whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;S5, the authority for assigning the user equipment access data.The present invention improves the security of data bank, reduces the possibility that data are stolen.

Description

Reduce the method and system of the data theft risk of data bank
Technical field
The present invention relates to technical field of network security.It is more particularly related to a kind of number for reducing data bank According to the method and system for stealing risk.
Background technology
Data bank is the data center built in high speed distributed storage network, i.e., using cloud storage service by collection The functions such as group's application, network technology or distributed file system, by a large amount of different types of storage devices in network by application Software assembly gets up to cooperate, common externally to provide data storage and Operational Visit, the system for forming data storage and access.
At present, user can realize the data that quick calling is stored by data syn-chronization on different devices, but, due to At present after logon data bank, the data in data bank are that may have access to, the initial data preserved in such data bank Safety problem is occurred as soon as.
The mark of data is the ID of data, and for a data, the ID of data is permanent and unique, therefore can be with By retrieving the ID of data come searching data.
The content of the invention
It is an object of the invention to solve at least the above, and provide the advantage that at least will be described later.
Be encrypted by data it is a still further object of the present invention to provide one kind, and multiple authentication data binding feelings Condition, obtains the method and system of the data theft risk for reducing data bank, it is intended to solve the data safety of current data bank Problem.
In order to realize these purposes of the invention and further advantage, there is provided a kind of data of reduction data bank are stolen The method for taking risk, including:
S1, client receive the data bank account and login password of user equipment input, by the data bank account And modification logging the first encryption file for obtaining of packing and encrypt is sent to server, the server is decrypted and decompresses described the One encryption file, obtains the data bank account and modification logging, and after checking is logined successfully, client obtains user equipment Mark address information;
S2, client receive the access request of the user equipment input, and the mark address and access request are beaten Wrap and encrypt the second encryption file for obtaining to send to server, mark of the access request comprising data to be visited;
S3, the server are decrypted and decompress the second encryption file, obtain the mark address and access request, inspection Survey the mark address information and identify whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;
S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;
S5, the authority for assigning the user equipment access data.
Preferably, the step S3 is specifically included:
S3.1, server decryption the second encryption file, obtain the mark address and access request, detect institute State and identify whether to be bound with the data bank account;If it is not, step S3.2 is then performed, if so, then performing step S3.3;
S3.2, will bind invite and answer to be configured safety problem group pack and encrypt obtain the 3rd encryption file hair User equipment is delivered to, user equipment is received and decrypts decompression the 3rd encryption file, obtains the binding and invite and configure institute The answer of safety problem group is stated, while identifying address information using the mark address information of the user equipment as first;
S3.3, detection be described identify whether with current identification binds address information, if it is not, then execution step S3.4, if so, Then perform the step S5;
S3.4, sent to the user equipment with the first mark address information and access alarm and whether allow the mark With the notice of the current identification binds address information, if not allowing, step S4 is performed, if allowing, perform step S3.5;
S3.5, to current identification address information user equipment send binding invite, it is described with current identification ground The user equipment of location information receives the binding and invites, by the mark and current identification address binding.
Preferably, the maximum quantity of the mark address information of the mark binding is 5.
Preferably, also include whether the mark address information quantity of the detection mark binding exceedes before the step S3.5 5, if it is not, step S3.5 is then performed, if so, then whether being solved to the user equipment transmission with the first mark address information Except the invitation of the binding of other mark address informations, if receiving the invitation, to the use with the first mark address information Family equipment sends the option of other the mark address informations bound.
Preferably, in the step S1 after authentication failed, terminate data bank and log in and point out user equipment account or step on Record password is wrong.
Preferably, the safety problem group is the combination comprising multiple safety problems, the safety problem in the step S4 Come from the safety problem group.
The present invention also provides a kind of system of the data theft risk for reducing data bank, including:
Client, receives the data bank account and login password of user equipment input, by the data bank account and Modification logging pack and encrypt obtain first encryption file send to server;Receive the mark address of the user equipment with And input access request, and by the mark address and access request pack and encrypt obtain second encryption file send to Server, mark of the access request comprising data to be visited;And
The server, is connected with the client, receives the first encryption file, decrypts and decompresses and obtains the visitor The data bank account and login password of the transmission of family end simultaneously verify that the second encryption file is received after being proved to be successful, and decryption is simultaneously The second encryption file is decompressed, the mark address information and access request of the user equipment is obtained;Detect the mark Address information identifies whether binding with described, if it is not, safety problem then is sent to the client, if client input Answer is correct, if so, then assigning the authority that the client accesses the data.
Preferably, the client includes:
Data bank log-in module, receives the data bank account and login password of user equipment input, by the data Bank account and modification logging pack and encrypt obtain first encryption file send to server;;And
Mark address information acquisition module, receives mark address and the access request of input of the user equipment, and The the second encryption file for obtaining that the mark address and access request are packed and encrypted is sent to server, the access request Mark comprising data to be visited.
Preferably, the server includes:
Sign-On authentication module, is connected with the data bank log-in module, receives the data bank log-in module and sends It is described first encryption file, decrypt and decompress it is described first encryption file, obtain data bank account and login password, test Whether card institute's data bank account and modification logging are correct, if being proved to be successful, successful information are sent to device authentication Module;
The device authentication module, is connected with the Sign-On authentication module and mark address information acquisition module, receives The second encryption file, decrypts and decompresses the second encryption file, obtains the mark address of the user equipment and defeated The access request for entering, detection is described to be identified whether to be bound with the data bank account, when testing result is "No", will detection knot Fruit is sent to the first binding module, when testing result is "Yes", is then sent to second binding module;
First binding module, is connected with the device authentication module, receives the testing result of the "No", and binding is invited And the safety problem group of answer to be configured is packed and encrypted, the 3rd encryption file is obtained, described the is sent to the client Three encryption files, when client receives the binding invite and configure the answer of the safety problem group, the first binding module The answer of the safety problem group is received, while identifying address information using the mark address information of the user equipment as first;
Second binding module, is connected with the device authentication module, receives the testing result of the "Yes", detects the mark Know whether with current identification binds address information, if testing result be " NO ", testing result is sent to the 3rd binding module, When testing result is " YES ", then send to secure verification module;
3rd binding module, is connected with second binding module, the testing result of " NO " described in reception, to first Whether the user equipment for identifying address information sends access alarm and allows the mark and the current identification address information The notice of binding, if not allowing, the information that would not allow for sends to binding and requires module, if allowing, the information that will be allowed Send to secure verification module;
Binding requires module, is connected with the 3rd binding module, the information not allowed described in reception, to current mark The user equipment for knowing address information sends binding invitation, receives described in the user equipment with current identification address information After binding is invited, by the mark and current identification address binding;
The secure verification module, is connected with the 3rd binding module, the information of the permission is received, to user equipment Safety problem is sent, if the answer of user equipment input is correct, the correct information of answer is sent to authority module;With And
Authority module, is connected with the secure verification module, receives the correct information of answer, assigns the user and sets The standby authority for accessing the data.
Preferably, the client also includes:
Allocation problem module, is connected with first binding module, and receive the first binding module transmission the 3rd adds Ciphertext part, decrypts and decompresses the safety problem group that the 3rd encryption file obtains binding invitation and answer to be configured, if connecing Receive the binding and invite the answer and transmission that then configure the safety problem group to first binding module, if being tied up described in refusal It is fixed to invite the information that then refuse binding invitation to send to first binding module;
Alarm prompting module, is connected with the 3rd binding module, receives the access announcement that the 3rd binding module sends Notice that is alert and whether allowing the mark and the current identification binds address information, and the message that will be allowed or do not allow Send to the 3rd binding module;
Binding responding module, invites module to be connected with the binding, receives the binding and invites the binding that module sends to invite Please, and to the binding whether module is invited to send the information that binding is invited that receives;And
Checking responding module, is connected with the secure verification module, and the safety for receiving the secure verification module transmission is asked Topic, and the answer of user input is sent to the secure verification module.
The present invention at least includes following beneficial effect:Information is encrypted by transmission by the interaction in data, is increased Big hacker obtains the difficulty of data message, and each data in data bank are believed with the mark address of user equipment Breath is bound, even with the different user devices of same account, when data are obtained, it is also desirable to verified, greatly The big security that improve data.
Further advantage of the invention, target and feature embody part by following explanation, and part will also be by this The research and practice of invention and be understood by the person skilled in the art.
Specific embodiment
With reference to embodiment, the present invention is described in further detail, to make those skilled in the art with reference to specification Word can be implemented according to this.
It should be noted that experimental technique described in following embodiments, unless otherwise specified, is conventional method, no It is understood that to be limitation of the present invention.
" one embodiment " or " embodiment " referred to herein refers in may be included at least one implementation of the invention Special characteristic, structure or characteristic." in a specific embodiment " that different places occur in this manual not refers both to Same embodiment, nor the single or selective embodiment mutually exclusive with other embodiment.
The present invention provides a kind of method of the data theft risk for reducing data bank, including:
S1, client receive the data bank account and login password of user equipment input, by the data bank account And modification logging the first encryption file for obtaining of packing and encrypt is sent to server, the server is decrypted and decompresses described the One encryption file, obtains the data bank account and modification logging, and after checking is logined successfully, client obtains user equipment Mark address information;
S2, client receive the access request of the user equipment input, and the mark address and access request are beaten Wrap and encrypt the second encryption file for obtaining to send to server, mark of the access request comprising data to be visited;
S3, the server are decrypted and decompress the second encryption file, obtain the mark address and access request, inspection Survey the mark address information and identify whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;
S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;
S5, the authority for assigning the user equipment access data.
Bound with the mark address information of user equipment by by each data in data bank, even making With the different user devices of same account, when data are obtained, it is also desirable to verified, substantially increase the safety of data Property.And multiple information pack and encrypted transmission, the difficulty that hacker obtains data is increased, has also been completely cut off hacker and has been passed through Eavesdropping same channel obtains the possibility of information.
In a specific embodiment, the step S3 is specifically included:
S3.1, server decryption the second encryption file, obtain the mark address and access request, detect institute State and identify whether to be bound with the data bank account;If it is not, step S3.2 is then performed, if so, then performing step S3.3;
Detect first data identify whether and there is binding relationship in the data bank account, closed when in the absence of binding When being, it may be possible to because the data are newly to be stored in data bank, it is also possible to which the data bank account enters data for the first time Bank.The present invention allows the data to a data or batch while binding, and so can effectively reduce data interaction Numerous and diverse degree, improve the experience of user, it is consistent with the operation bound to a data to the bindings of batch data, in order to Simplify description, the present invention is described with the binding or interaction to a data, is not to be construed as limitation of the present invention.
S3.2, will bind invite and answer to be configured safety problem group pack and encrypt obtain the 3rd encryption file hair User equipment is delivered to, user equipment is received and decrypts decompression the 3rd encryption file, obtains the binding and invite and configure institute The answer of safety problem group is stated, while identifying address information using the mark address information of the user equipment as first.
One safety problem group is set while data and user equipment are bound, the safety problem group is asked including multiple Topic, the present invention does not limit the number of described problem, and when actually used, a safety problem group can include that 5-10 safety is asked Inscribe, these safety problems can be:The name of user, the name of user father and mother, first teacher or more complicated of user Problem.
S3.3, detection be described identify whether with current identification binds address information, if it is not, then execution step S3.4, if so, Then perform the step S5;
S3.4, sent to the user equipment with the first mark address information and access alarm and whether allow the mark With the notice of the current identification binds address information, if not allowing, step S4 is performed, if allowing, perform step S3.5;
In the prior art, after the user equipment with other mark address informations smoothly logs in data bank, it is possible to Data interaction is carried out, but is had a problem that here, if the account is stolen, then hacker can just be stolen with barbaric Access evidence.Therefore, by detecting whether mark address information is the first mark address information, then increased the difficulty for stealing data Degree.
Further, by first mark address information user equipment send access alarm and whether allow institute The notice of mark and the current identification binds address information is stated, enables the user equipment with the first mark address information certainly Master chooses whether to prevent access of other user equipmenies to data in time, if other user equipmenies are by with the first mark (such as other user equipmenies are exactly second equipment of client oneself) that the user equipment of address information is trusted, then have The user equipment of the first mark address information allows for the mark and the current identification binds address information, so should Data can also be conducted interviews after other user equipmenies, increase the convenience that data bank is used.
S3.5, to current identification address information user equipment send binding invite, it is described with current identification ground The user equipment of location information receives the binding and invites, by the mark and current identification address binding.
In a specific embodiment, the maximum quantity of the mark address information of the mark binding is 5.
In a specific embodiment, the maximum quantity of the mark address information of the mark binding is 5.For same For individual data, by the checking of the present inventor, the data binding logo address information more than the convenience after 5 increase compared with Slowly, but security drastically glides, for example when binding 6, security be only when binding 1 4.82%, binding 2 when 8.23%, binding 3 when 15.78%, binding 5 when 45%, therefore will identify binding mark address information most Big quantitative design is 5.
In a specific embodiment, the mark address information of the detection mark binding is also included before the step S3.5 Whether quantity is more than 5, if it is not, step S3.5 is then performed, if so, then being set to the user with the first mark address information Whether preparation send the invitation of the binding for releasing other mark address informations, if receiving the invitation, has the first mark to described The user equipment of address information sends the option of other the mark address informations bound.
In a specific embodiment, in the step S1 after authentication failed, terminate data bank and log in and point out user Equipment account or login password are wrong.
In a specific embodiment, the safety problem group is the combination comprising multiple safety problems, the step S4 In safety problem come from the safety problem group.
The present invention also provides a kind of system of the data theft risk for reducing data bank, including:
Client, receives the data bank account and login password of user equipment input, by the data bank account and Modification logging pack and encrypt obtain first encryption file send to server;Receive the mark address of the user equipment with And input access request, and by the mark address and access request pack and encrypt obtain second encryption file send to Server, mark of the access request comprising data to be visited;And
The server, is connected with the client, receives the first encryption file, decrypts and decompresses and obtains the visitor The data bank account and login password of the transmission of family end simultaneously verify that the second encryption file is received after being proved to be successful, and decryption is simultaneously The second encryption file is decompressed, the mark address information and access request of the user equipment is obtained;Detect the mark Address information identifies whether binding with described, if it is not, safety problem then is sent to the client, if client input Answer is correct, if so, then assigning the authority that the client accesses the data.
In a specific embodiment, the client includes:
Data bank log-in module, receives the data bank account and login password of user equipment input, by the data Bank account and modification logging pack and encrypt obtain first encryption file send to server;;And
Mark address information acquisition module, receives mark address and the access request of input of the user equipment, and The the second encryption file for obtaining that the mark address and access request are packed and encrypted is sent to server, the access request Mark comprising data to be visited.
In a specific embodiment, the server includes:
Sign-On authentication module, is connected with the data bank log-in module, receives the data bank log-in module and sends It is described first encryption file, decrypt and decompress it is described first encryption file, obtain data bank account and login password, test Whether card institute's data bank account and modification logging are correct, if being proved to be successful, successful information are sent to device authentication Module;
The device authentication module, is connected with the Sign-On authentication module and mark address information acquisition module, receives The second encryption file, decrypts and decompresses the second encryption file, obtains the mark address of the user equipment and defeated The access request for entering, detection is described to be identified whether to be bound with the data bank account, when testing result is "No", will detection knot Fruit is sent to the first binding module, when testing result is "Yes", is then sent to second binding module;
First binding module, is connected with the device authentication module, receives the testing result of the "No", and binding is invited And the safety problem group of answer to be configured is packed and encrypted, the 3rd encryption file is obtained, described the is sent to the client Three encryption files, when client receives the binding invite and configure the answer of the safety problem group, the first binding module The answer of the safety problem group is received, while identifying address information using the mark address information of the user equipment as first;
Second binding module, is connected with the device authentication module, receives the testing result of the "Yes", detects the mark Know whether with current identification binds address information, if testing result be " NO ", testing result is sent to the 3rd binding module, When testing result is " YES ", then send to secure verification module;
3rd binding module, is connected with second binding module, the testing result of " NO " described in reception, to first Whether the user equipment for identifying address information sends access alarm and allows the mark and the current identification address information The notice of binding, if not allowing, the information that would not allow for sends to binding and requires module, if allowing, the information that will be allowed Send to secure verification module;
Binding requires module, is connected with the 3rd binding module, the information not allowed described in reception, to current mark The user equipment for knowing address information sends binding invitation, receives described in the user equipment with current identification address information After binding is invited, by the mark and current identification address binding;
The secure verification module, is connected with the 3rd binding module, the information of the permission is received, to user equipment Safety problem is sent, if the answer of user equipment input is correct, the correct information of answer is sent to authority module;With And
Authority module, is connected with the secure verification module, receives the correct information of answer, assigns the user and sets The standby authority for accessing the data.
In a specific embodiment, the client also includes:
Allocation problem module, is connected with first binding module, and receive the first binding module transmission the 3rd adds Ciphertext part, decrypts and decompresses the safety problem group that the 3rd encryption file obtains binding invitation and answer to be configured, if connecing Receive the binding and invite the answer and transmission that then configure the safety problem group to first binding module, if being tied up described in refusal It is fixed to invite the information that then refuse binding invitation to send to first binding module;
Alarm prompting module, is connected with the 3rd binding module, receives the access announcement that the 3rd binding module sends Notice that is alert and whether allowing the mark and the current identification binds address information, and the message that will be allowed or do not allow Send to the 3rd binding module;
Binding responding module, invites module to be connected with the binding, receives the binding and invites the binding that module sends to invite Please, and to the binding whether module is invited to send the information that binding is invited that receives;And
Checking responding module, is connected with the secure verification module, and the safety for receiving the secure verification module transmission is asked Topic, and the answer of user input is sent to the secure verification module.
Although embodiment of the present invention is disclosed as above, it is not restricted to listed in specification and implementation method With, it can be applied to various suitable the field of the invention completely, for those skilled in the art, can be easily Other modification is realized, therefore under the universal limited without departing substantially from claim and equivalency range, the present invention is not limited In specific details and shown here as the embodiment with description.

Claims (10)

1. it is a kind of reduce data bank data theft risk method, it is characterised in that including:
S1, client receive the data bank account and login password of user equipment input, by the data bank account and step on Land password pack and encrypt obtain first encryption file send to server, the server decrypt and decompress described first plus Ciphertext part, obtains the data bank account and modification logging, and after checking is logined successfully, client obtains the mark of user equipment Address information;
S2, client receive the access request of the user equipment input, and by the mark address and access request packing simultaneously The second encryption file that encryption is obtained is sent to server, mark of the access request comprising data to be visited;
S3, the server are decrypted and decompress the second encryption file, obtain the mark address and access request, detect institute State mark address information and identify whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;
S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;
S5, the authority for assigning the user equipment access data.
2. the method for reducing the data theft risk of data bank as claimed in claim 1, it is characterised in that the step S3 Specifically include:
S3.1, server decryption the second encryption file, obtain the mark address and access request, detect the mark Know and whether bound with the data bank account;If it is not, step S3.2 is then performed, if so, then performing step S3.3;
S3.2, will bind invite and answer to be configured safety problem group pack and encrypt obtain the 3rd encryption file send to User equipment, user equipment is received and decrypts decompression the 3rd encryption file, is obtained the binding and is invited and configure the peace The answer of full problem set, while identifying address information using the mark address information of the user equipment as first;
S3.3, detection be described identify whether with current identification binds address information, if it is not, then execution step S3.4, if so, then holding The row step S5;
S3.4, sent to the user equipment with the first mark address information and access alarm and whether allow the mark and institute The notice of current identification binds address information is stated, if not allowing, step S4 is performed, if allowing, step S3.5 is performed;
S3.5, to current identification address information user equipment send binding invite, it is described with current identification address letter The user equipment of breath receives the binding and invites, by the mark and current identification address binding.
3. the method for reducing the data theft risk of data bank as claimed in claim 2, it is characterised in that the mark is tied up The maximum quantity of fixed mark address information is 5.
4. the method for reducing the data theft risk of data bank as claimed in claim 3, it is characterised in that the step Whether also include the mark address information quantity of the detection mark binding before S3.5 more than 5, if it is not, then performing step S3.5, if so, then whether releasing other mark address informations to the user equipment transmission with the first mark address information Binding invitation, if receiving the invitation, send what is bound to the user equipment with the first mark address information The option of other mark address informations.
5. the method for reducing the data theft risk of data bank as claimed in claim 4, it is characterised in that the step S1 After middle authentication failed, terminate data bank and log in and point out user equipment account or login password wrong.
6. the method for reducing the data theft risk of data bank as claimed in claim 5, it is characterised in that the safety is asked Topic group is the combination comprising multiple safety problems, and the safety problem in the step S4 comes from the safety problem group.
7. it is a kind of reduce data bank data theft risk system, it is characterised in that including:
Client, receives the data bank account and login password of user equipment input, by the data bank account and logs in Password pack and encrypt obtain first encryption file send to server;Receive the mark address of the user equipment and defeated The access request for entering, and by the mark address and access request pack and encrypt obtain second encryption file send to service Device, mark of the access request comprising data to be visited;And
The server, is connected with the client, receives the first encryption file, decrypts and decompresses and obtains the client The data bank account and login password of transmission are simultaneously verified, described second are received after being proved to be successful and encrypts file, decrypt and decompress The second encryption file, obtains the mark address information and access request of the user equipment;Detect the mark address Information identifies whether binding with described, if it is not, safety problem then is sent to the client, if the answer of client input Correctly, if so, then assigning the authority that the client accesses the data.
8. the system for reducing the data theft risk of data bank as claimed in claim 7, it is characterised in that the client Including:
Data bank log-in module, receives the data bank account and login password of user equipment input, by the data bank Account and modification logging pack and encrypt obtain first encryption file send to server;;And
Mark address information acquisition module, receives mark address and the access request of input of the user equipment, and by institute State mark address and access request pack and encrypt obtain second encryption file send to server, the access request is included The mark of data to be visited.
9. the system for reducing the data theft risk of data bank as claimed in claim 8, it is characterised in that the server Including:
Sign-On authentication module, is connected with the data bank log-in module, receives the institute that the data bank log-in module sends The first encryption file is stated, the first encryption file is decrypted and decompress, data bank account and login password is obtained, institute is verified Whether data bank account and modification logging are correct, if being proved to be successful, successful information are sent to device authentication module;
The device authentication module, is connected with the Sign-On authentication module and mark address information acquisition module, receives described Second encryption file, decrypts and decompresses the second encryption file, obtains mark address and the input of the user equipment Access request, detection is described to be identified whether to be bound with the data bank account, when testing result is for "No", testing result is sent out The first binding module is delivered to, when testing result is "Yes", is then sent to second binding module;
First binding module, is connected with the device authentication module, receives the testing result of the "No", will binding invite and The safety problem group of answer to be configured is packed and is encrypted, and obtains the 3rd encryption file, and sending the described 3rd to the client adds Ciphertext part, when client receives the binding invite and configure the answer of the safety problem group, the first binding module is received The answer of the safety problem group, while identifying address information using the mark address information of the user equipment as first;
Second binding module, is connected with the device authentication module, receives the testing result of the "Yes", detects that the mark is No and current identification binds address information, if testing result is " NO ", testing result is sent to the 3rd binding module, works as inspection When surveying result for " YES ", then send to secure verification module;
3rd binding module, is connected with second binding module, the testing result of " NO " described in reception, to the first mark Whether the user equipment of address information sends to access and alerts and allow the mark and the current identification binds address information Notice, if not allowing, the information that would not allow for sends to binding and requires module, if allow, will allow information send To secure verification module;
Binding requires module, is connected with the 3rd binding module, the information not allowed described in reception, to current identification ground The user equipment of location information sends binding and invites, and the binding is received in the user equipment with current identification address information After invitation, by the mark and current identification address binding;
The secure verification module, is connected with the 3rd binding module, receives the information of the permission, is sent to user equipment Safety problem, if the answer of user equipment input is correct, the correct information of answer is sent to authority module;And
Authority module, is connected with the secure verification module, receives the correct information of answer, assigns the user equipment and visits Ask the authority of the data.
10. the system of the data theft risk of reduction data bank as claimed in claim 9, it is characterised in that the visitor Family end also includes:
Allocation problem module, is connected with first binding module, receives the 3rd encryption text that first binding module sends Part, decrypts and decompresses the 3rd encryption file and obtain the safety problem group of binding invitation and answer to be configured, if receiving institute State binding and invite the answer and transmission that then configure the safety problem group to first binding module, if the refusal binding is invited The information that please will then refuse binding invitation is sent to first binding module;
Alarm prompting module, be connected with the 3rd binding module, receive the access that the 3rd binding module sends alert with And whether the notice of the mark and the current identification binds address information is allowed, and the message transmission that will be allowed or not allow To the 3rd binding module;
Binding responding module, invites module to be connected with the binding, receives the binding and invites the binding that module sends to invite, and Whether module is invited to send the information that binding is invited that receives to the binding;And
Checking responding module, is connected with the secure verification module, receives the safety problem that the secure verification module sends, and The answer of user input is sent to the secure verification module.
CN201611183328.7A 2016-12-20 2016-12-20 Method and system for reducing data stealing risk of data bank Active CN106790056B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611183328.7A CN106790056B (en) 2016-12-20 2016-12-20 Method and system for reducing data stealing risk of data bank

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611183328.7A CN106790056B (en) 2016-12-20 2016-12-20 Method and system for reducing data stealing risk of data bank

Publications (2)

Publication Number Publication Date
CN106790056A true CN106790056A (en) 2017-05-31
CN106790056B CN106790056B (en) 2020-01-14

Family

ID=58891261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611183328.7A Active CN106790056B (en) 2016-12-20 2016-12-20 Method and system for reducing data stealing risk of data bank

Country Status (1)

Country Link
CN (1) CN106790056B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196972A (en) * 2017-07-19 2017-09-22 中国银行股份有限公司 A kind of authentication method and system, terminal and server
CN107704772A (en) * 2017-10-30 2018-02-16 中国人民解放军信息工程大学 A kind of data theft detection method and device for HDFS
CN108650243A (en) * 2018-04-24 2018-10-12 平安科技(深圳)有限公司 Connect method for building up, system, equipment and computer readable storage medium
CN109067727A (en) * 2018-07-25 2018-12-21 高新兴科技集团股份有限公司 A kind of network system is from verification method
CN109063627A (en) * 2018-07-27 2018-12-21 文志 Digital Human artificial intelligence identity unique identification control method
CN109274635A (en) * 2017-07-18 2019-01-25 腾讯科技(深圳)有限公司 Method for managing security, client device, server, communication system and storage medium
CN110704867A (en) * 2019-09-06 2020-01-17 翼集分电子商务(上海)有限公司 Method, system, medium and apparatus for integral theft prevention
CN110855753A (en) * 2019-10-23 2020-02-28 陈华 Bank operation system, method and server
WO2020211348A1 (en) * 2019-04-16 2020-10-22 平安科技(深圳)有限公司 User information encryption and decryption method, system, and computer device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593340A (en) * 2009-04-15 2009-12-02 北京易路联动技术有限公司 The information interacting method of internet personal data bank technology and system
CN103491092A (en) * 2013-09-24 2014-01-01 长沙裕邦软件开发有限公司 Method and system for separating and binding of application platform and databank
US8875255B1 (en) * 2012-09-28 2014-10-28 Emc Corporation Preventing user enumeration by an authentication server
CN104283874A (en) * 2014-09-28 2015-01-14 小米科技有限责任公司 Data authority control method and device based on cloud server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593340A (en) * 2009-04-15 2009-12-02 北京易路联动技术有限公司 The information interacting method of internet personal data bank technology and system
US8875255B1 (en) * 2012-09-28 2014-10-28 Emc Corporation Preventing user enumeration by an authentication server
CN103491092A (en) * 2013-09-24 2014-01-01 长沙裕邦软件开发有限公司 Method and system for separating and binding of application platform and databank
CN104283874A (en) * 2014-09-28 2015-01-14 小米科技有限责任公司 Data authority control method and device based on cloud server

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109274635B (en) * 2017-07-18 2020-12-25 腾讯科技(深圳)有限公司 Security management method, client device, server, communication system, and storage medium
CN109274635A (en) * 2017-07-18 2019-01-25 腾讯科技(深圳)有限公司 Method for managing security, client device, server, communication system and storage medium
CN107196972A (en) * 2017-07-19 2017-09-22 中国银行股份有限公司 A kind of authentication method and system, terminal and server
CN107704772A (en) * 2017-10-30 2018-02-16 中国人民解放军信息工程大学 A kind of data theft detection method and device for HDFS
CN108650243A (en) * 2018-04-24 2018-10-12 平安科技(深圳)有限公司 Connect method for building up, system, equipment and computer readable storage medium
CN108650243B (en) * 2018-04-24 2021-04-23 平安科技(深圳)有限公司 Connection establishment method, system, device and computer readable storage medium
WO2019205288A1 (en) * 2018-04-24 2019-10-31 平安科技(深圳)有限公司 Connection establishment method, system, and device, and computer readable storage medium
CN109067727A (en) * 2018-07-25 2018-12-21 高新兴科技集团股份有限公司 A kind of network system is from verification method
CN109067727B (en) * 2018-07-25 2021-11-30 高新兴科技集团股份有限公司 Network system self-verification method
CN109063627A (en) * 2018-07-27 2018-12-21 文志 Digital Human artificial intelligence identity unique identification control method
WO2020211348A1 (en) * 2019-04-16 2020-10-22 平安科技(深圳)有限公司 User information encryption and decryption method, system, and computer device
CN110704867A (en) * 2019-09-06 2020-01-17 翼集分电子商务(上海)有限公司 Method, system, medium and apparatus for integral theft prevention
CN110704867B (en) * 2019-09-06 2023-06-16 翼集分(上海)数字科技有限公司 Integral anti-theft method, system, medium and device
CN110855753A (en) * 2019-10-23 2020-02-28 陈华 Bank operation system, method and server

Also Published As

Publication number Publication date
CN106790056B (en) 2020-01-14

Similar Documents

Publication Publication Date Title
CN106790056A (en) Reduce the method and system of the data theft risk of data bank
CN109150835B (en) Cloud data access method, device, equipment and computer readable storage medium
EP3453136B1 (en) Methods and apparatus for device authentication and secure data exchange between a server application and a device
CN104980477B (en) Data access control method and system under cloud storage environment
US9485096B2 (en) Encryption / decryption of data with non-persistent, non-shared passkey
CN106453384B (en) Secure cloud disk system and secure encryption method thereof
US9372987B1 (en) Apparatus and method for masking a real user controlling synthetic identities
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
CN106960148A (en) The distribution method and device of a kind of device identification
CN106790183A (en) Logging on authentication method of calibration, device
US20030210791A1 (en) Key management
CN103812651B (en) Method of password authentication, apparatus and system
CN110011958A (en) Information ciphering method, device, computer equipment and storage medium
CN102457561B (en) Data access method and equipment adopting same
CN106992859B (en) Bastion machine private key management method and device
CN106936579A (en) Cloud storage data storage and read method based on trusted third party agency
CN104243452B (en) A kind of cloud computing access control method and system
CN107040501B (en) Authentication method and device based on platform as a service
CN109347887A (en) A kind of identity authentication method and device
CN108063748A (en) A kind of user authen method, apparatus and system
CN103532979A (en) Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web
CN109409109A (en) Data processing method, device, processor and server in network service
CN106713372B (en) A kind of method of controlling security and safety control system based on permission control
CN108701200B (en) Improved memory system
CN110912857B (en) Method and storage medium for sharing login between mobile applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant