CN106790056A - Reduce the method and system of the data theft risk of data bank - Google Patents
Reduce the method and system of the data theft risk of data bank Download PDFInfo
- Publication number
- CN106790056A CN106790056A CN201611183328.7A CN201611183328A CN106790056A CN 106790056 A CN106790056 A CN 106790056A CN 201611183328 A CN201611183328 A CN 201611183328A CN 106790056 A CN106790056 A CN 106790056A
- Authority
- CN
- China
- Prior art keywords
- binding
- module
- mark
- user equipment
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
The invention discloses a kind of method and system of the data theft risk for reducing data bank, methods described includes:S1, client the data bank account and modification logging are packed and encrypted the first encryption file for obtaining are sent to server, and after checking is logined successfully, client obtains the mark address information of user equipment;S2, client by the mark address and access request pack and encrypt obtain second encryption file send to server;S3, the server are decrypted and decompress the second encryption file, detect that the mark address information identifies whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;S5, the authority for assigning the user equipment access data.The present invention improves the security of data bank, reduces the possibility that data are stolen.
Description
Technical field
The present invention relates to technical field of network security.It is more particularly related to a kind of number for reducing data bank
According to the method and system for stealing risk.
Background technology
Data bank is the data center built in high speed distributed storage network, i.e., using cloud storage service by collection
The functions such as group's application, network technology or distributed file system, by a large amount of different types of storage devices in network by application
Software assembly gets up to cooperate, common externally to provide data storage and Operational Visit, the system for forming data storage and access.
At present, user can realize the data that quick calling is stored by data syn-chronization on different devices, but, due to
At present after logon data bank, the data in data bank are that may have access to, the initial data preserved in such data bank
Safety problem is occurred as soon as.
The mark of data is the ID of data, and for a data, the ID of data is permanent and unique, therefore can be with
By retrieving the ID of data come searching data.
The content of the invention
It is an object of the invention to solve at least the above, and provide the advantage that at least will be described later.
Be encrypted by data it is a still further object of the present invention to provide one kind, and multiple authentication data binding feelings
Condition, obtains the method and system of the data theft risk for reducing data bank, it is intended to solve the data safety of current data bank
Problem.
In order to realize these purposes of the invention and further advantage, there is provided a kind of data of reduction data bank are stolen
The method for taking risk, including:
S1, client receive the data bank account and login password of user equipment input, by the data bank account
And modification logging the first encryption file for obtaining of packing and encrypt is sent to server, the server is decrypted and decompresses described the
One encryption file, obtains the data bank account and modification logging, and after checking is logined successfully, client obtains user equipment
Mark address information;
S2, client receive the access request of the user equipment input, and the mark address and access request are beaten
Wrap and encrypt the second encryption file for obtaining to send to server, mark of the access request comprising data to be visited;
S3, the server are decrypted and decompress the second encryption file, obtain the mark address and access request, inspection
Survey the mark address information and identify whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;
S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;
S5, the authority for assigning the user equipment access data.
Preferably, the step S3 is specifically included:
S3.1, server decryption the second encryption file, obtain the mark address and access request, detect institute
State and identify whether to be bound with the data bank account;If it is not, step S3.2 is then performed, if so, then performing step S3.3;
S3.2, will bind invite and answer to be configured safety problem group pack and encrypt obtain the 3rd encryption file hair
User equipment is delivered to, user equipment is received and decrypts decompression the 3rd encryption file, obtains the binding and invite and configure institute
The answer of safety problem group is stated, while identifying address information using the mark address information of the user equipment as first;
S3.3, detection be described identify whether with current identification binds address information, if it is not, then execution step S3.4, if so,
Then perform the step S5;
S3.4, sent to the user equipment with the first mark address information and access alarm and whether allow the mark
With the notice of the current identification binds address information, if not allowing, step S4 is performed, if allowing, perform step S3.5;
S3.5, to current identification address information user equipment send binding invite, it is described with current identification ground
The user equipment of location information receives the binding and invites, by the mark and current identification address binding.
Preferably, the maximum quantity of the mark address information of the mark binding is 5.
Preferably, also include whether the mark address information quantity of the detection mark binding exceedes before the step S3.5
5, if it is not, step S3.5 is then performed, if so, then whether being solved to the user equipment transmission with the first mark address information
Except the invitation of the binding of other mark address informations, if receiving the invitation, to the use with the first mark address information
Family equipment sends the option of other the mark address informations bound.
Preferably, in the step S1 after authentication failed, terminate data bank and log in and point out user equipment account or step on
Record password is wrong.
Preferably, the safety problem group is the combination comprising multiple safety problems, the safety problem in the step S4
Come from the safety problem group.
The present invention also provides a kind of system of the data theft risk for reducing data bank, including:
Client, receives the data bank account and login password of user equipment input, by the data bank account and
Modification logging pack and encrypt obtain first encryption file send to server;Receive the mark address of the user equipment with
And input access request, and by the mark address and access request pack and encrypt obtain second encryption file send to
Server, mark of the access request comprising data to be visited;And
The server, is connected with the client, receives the first encryption file, decrypts and decompresses and obtains the visitor
The data bank account and login password of the transmission of family end simultaneously verify that the second encryption file is received after being proved to be successful, and decryption is simultaneously
The second encryption file is decompressed, the mark address information and access request of the user equipment is obtained;Detect the mark
Address information identifies whether binding with described, if it is not, safety problem then is sent to the client, if client input
Answer is correct, if so, then assigning the authority that the client accesses the data.
Preferably, the client includes:
Data bank log-in module, receives the data bank account and login password of user equipment input, by the data
Bank account and modification logging pack and encrypt obtain first encryption file send to server;;And
Mark address information acquisition module, receives mark address and the access request of input of the user equipment, and
The the second encryption file for obtaining that the mark address and access request are packed and encrypted is sent to server, the access request
Mark comprising data to be visited.
Preferably, the server includes:
Sign-On authentication module, is connected with the data bank log-in module, receives the data bank log-in module and sends
It is described first encryption file, decrypt and decompress it is described first encryption file, obtain data bank account and login password, test
Whether card institute's data bank account and modification logging are correct, if being proved to be successful, successful information are sent to device authentication
Module;
The device authentication module, is connected with the Sign-On authentication module and mark address information acquisition module, receives
The second encryption file, decrypts and decompresses the second encryption file, obtains the mark address of the user equipment and defeated
The access request for entering, detection is described to be identified whether to be bound with the data bank account, when testing result is "No", will detection knot
Fruit is sent to the first binding module, when testing result is "Yes", is then sent to second binding module;
First binding module, is connected with the device authentication module, receives the testing result of the "No", and binding is invited
And the safety problem group of answer to be configured is packed and encrypted, the 3rd encryption file is obtained, described the is sent to the client
Three encryption files, when client receives the binding invite and configure the answer of the safety problem group, the first binding module
The answer of the safety problem group is received, while identifying address information using the mark address information of the user equipment as first;
Second binding module, is connected with the device authentication module, receives the testing result of the "Yes", detects the mark
Know whether with current identification binds address information, if testing result be " NO ", testing result is sent to the 3rd binding module,
When testing result is " YES ", then send to secure verification module;
3rd binding module, is connected with second binding module, the testing result of " NO " described in reception, to first
Whether the user equipment for identifying address information sends access alarm and allows the mark and the current identification address information
The notice of binding, if not allowing, the information that would not allow for sends to binding and requires module, if allowing, the information that will be allowed
Send to secure verification module;
Binding requires module, is connected with the 3rd binding module, the information not allowed described in reception, to current mark
The user equipment for knowing address information sends binding invitation, receives described in the user equipment with current identification address information
After binding is invited, by the mark and current identification address binding;
The secure verification module, is connected with the 3rd binding module, the information of the permission is received, to user equipment
Safety problem is sent, if the answer of user equipment input is correct, the correct information of answer is sent to authority module;With
And
Authority module, is connected with the secure verification module, receives the correct information of answer, assigns the user and sets
The standby authority for accessing the data.
Preferably, the client also includes:
Allocation problem module, is connected with first binding module, and receive the first binding module transmission the 3rd adds
Ciphertext part, decrypts and decompresses the safety problem group that the 3rd encryption file obtains binding invitation and answer to be configured, if connecing
Receive the binding and invite the answer and transmission that then configure the safety problem group to first binding module, if being tied up described in refusal
It is fixed to invite the information that then refuse binding invitation to send to first binding module;
Alarm prompting module, is connected with the 3rd binding module, receives the access announcement that the 3rd binding module sends
Notice that is alert and whether allowing the mark and the current identification binds address information, and the message that will be allowed or do not allow
Send to the 3rd binding module;
Binding responding module, invites module to be connected with the binding, receives the binding and invites the binding that module sends to invite
Please, and to the binding whether module is invited to send the information that binding is invited that receives;And
Checking responding module, is connected with the secure verification module, and the safety for receiving the secure verification module transmission is asked
Topic, and the answer of user input is sent to the secure verification module.
The present invention at least includes following beneficial effect:Information is encrypted by transmission by the interaction in data, is increased
Big hacker obtains the difficulty of data message, and each data in data bank are believed with the mark address of user equipment
Breath is bound, even with the different user devices of same account, when data are obtained, it is also desirable to verified, greatly
The big security that improve data.
Further advantage of the invention, target and feature embody part by following explanation, and part will also be by this
The research and practice of invention and be understood by the person skilled in the art.
Specific embodiment
With reference to embodiment, the present invention is described in further detail, to make those skilled in the art with reference to specification
Word can be implemented according to this.
It should be noted that experimental technique described in following embodiments, unless otherwise specified, is conventional method, no
It is understood that to be limitation of the present invention.
" one embodiment " or " embodiment " referred to herein refers in may be included at least one implementation of the invention
Special characteristic, structure or characteristic." in a specific embodiment " that different places occur in this manual not refers both to
Same embodiment, nor the single or selective embodiment mutually exclusive with other embodiment.
The present invention provides a kind of method of the data theft risk for reducing data bank, including:
S1, client receive the data bank account and login password of user equipment input, by the data bank account
And modification logging the first encryption file for obtaining of packing and encrypt is sent to server, the server is decrypted and decompresses described the
One encryption file, obtains the data bank account and modification logging, and after checking is logined successfully, client obtains user equipment
Mark address information;
S2, client receive the access request of the user equipment input, and the mark address and access request are beaten
Wrap and encrypt the second encryption file for obtaining to send to server, mark of the access request comprising data to be visited;
S3, the server are decrypted and decompress the second encryption file, obtain the mark address and access request, inspection
Survey the mark address information and identify whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;
S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;
S5, the authority for assigning the user equipment access data.
Bound with the mark address information of user equipment by by each data in data bank, even making
With the different user devices of same account, when data are obtained, it is also desirable to verified, substantially increase the safety of data
Property.And multiple information pack and encrypted transmission, the difficulty that hacker obtains data is increased, has also been completely cut off hacker and has been passed through
Eavesdropping same channel obtains the possibility of information.
In a specific embodiment, the step S3 is specifically included:
S3.1, server decryption the second encryption file, obtain the mark address and access request, detect institute
State and identify whether to be bound with the data bank account;If it is not, step S3.2 is then performed, if so, then performing step S3.3;
Detect first data identify whether and there is binding relationship in the data bank account, closed when in the absence of binding
When being, it may be possible to because the data are newly to be stored in data bank, it is also possible to which the data bank account enters data for the first time
Bank.The present invention allows the data to a data or batch while binding, and so can effectively reduce data interaction
Numerous and diverse degree, improve the experience of user, it is consistent with the operation bound to a data to the bindings of batch data, in order to
Simplify description, the present invention is described with the binding or interaction to a data, is not to be construed as limitation of the present invention.
S3.2, will bind invite and answer to be configured safety problem group pack and encrypt obtain the 3rd encryption file hair
User equipment is delivered to, user equipment is received and decrypts decompression the 3rd encryption file, obtains the binding and invite and configure institute
The answer of safety problem group is stated, while identifying address information using the mark address information of the user equipment as first.
One safety problem group is set while data and user equipment are bound, the safety problem group is asked including multiple
Topic, the present invention does not limit the number of described problem, and when actually used, a safety problem group can include that 5-10 safety is asked
Inscribe, these safety problems can be:The name of user, the name of user father and mother, first teacher or more complicated of user
Problem.
S3.3, detection be described identify whether with current identification binds address information, if it is not, then execution step S3.4, if so,
Then perform the step S5;
S3.4, sent to the user equipment with the first mark address information and access alarm and whether allow the mark
With the notice of the current identification binds address information, if not allowing, step S4 is performed, if allowing, perform step S3.5;
In the prior art, after the user equipment with other mark address informations smoothly logs in data bank, it is possible to
Data interaction is carried out, but is had a problem that here, if the account is stolen, then hacker can just be stolen with barbaric
Access evidence.Therefore, by detecting whether mark address information is the first mark address information, then increased the difficulty for stealing data
Degree.
Further, by first mark address information user equipment send access alarm and whether allow institute
The notice of mark and the current identification binds address information is stated, enables the user equipment with the first mark address information certainly
Master chooses whether to prevent access of other user equipmenies to data in time, if other user equipmenies are by with the first mark
(such as other user equipmenies are exactly second equipment of client oneself) that the user equipment of address information is trusted, then have
The user equipment of the first mark address information allows for the mark and the current identification binds address information, so should
Data can also be conducted interviews after other user equipmenies, increase the convenience that data bank is used.
S3.5, to current identification address information user equipment send binding invite, it is described with current identification ground
The user equipment of location information receives the binding and invites, by the mark and current identification address binding.
In a specific embodiment, the maximum quantity of the mark address information of the mark binding is 5.
In a specific embodiment, the maximum quantity of the mark address information of the mark binding is 5.For same
For individual data, by the checking of the present inventor, the data binding logo address information more than the convenience after 5 increase compared with
Slowly, but security drastically glides, for example when binding 6, security be only when binding 1 4.82%, binding 2 when
8.23%, binding 3 when 15.78%, binding 5 when 45%, therefore will identify binding mark address information most
Big quantitative design is 5.
In a specific embodiment, the mark address information of the detection mark binding is also included before the step S3.5
Whether quantity is more than 5, if it is not, step S3.5 is then performed, if so, then being set to the user with the first mark address information
Whether preparation send the invitation of the binding for releasing other mark address informations, if receiving the invitation, has the first mark to described
The user equipment of address information sends the option of other the mark address informations bound.
In a specific embodiment, in the step S1 after authentication failed, terminate data bank and log in and point out user
Equipment account or login password are wrong.
In a specific embodiment, the safety problem group is the combination comprising multiple safety problems, the step S4
In safety problem come from the safety problem group.
The present invention also provides a kind of system of the data theft risk for reducing data bank, including:
Client, receives the data bank account and login password of user equipment input, by the data bank account and
Modification logging pack and encrypt obtain first encryption file send to server;Receive the mark address of the user equipment with
And input access request, and by the mark address and access request pack and encrypt obtain second encryption file send to
Server, mark of the access request comprising data to be visited;And
The server, is connected with the client, receives the first encryption file, decrypts and decompresses and obtains the visitor
The data bank account and login password of the transmission of family end simultaneously verify that the second encryption file is received after being proved to be successful, and decryption is simultaneously
The second encryption file is decompressed, the mark address information and access request of the user equipment is obtained;Detect the mark
Address information identifies whether binding with described, if it is not, safety problem then is sent to the client, if client input
Answer is correct, if so, then assigning the authority that the client accesses the data.
In a specific embodiment, the client includes:
Data bank log-in module, receives the data bank account and login password of user equipment input, by the data
Bank account and modification logging pack and encrypt obtain first encryption file send to server;;And
Mark address information acquisition module, receives mark address and the access request of input of the user equipment, and
The the second encryption file for obtaining that the mark address and access request are packed and encrypted is sent to server, the access request
Mark comprising data to be visited.
In a specific embodiment, the server includes:
Sign-On authentication module, is connected with the data bank log-in module, receives the data bank log-in module and sends
It is described first encryption file, decrypt and decompress it is described first encryption file, obtain data bank account and login password, test
Whether card institute's data bank account and modification logging are correct, if being proved to be successful, successful information are sent to device authentication
Module;
The device authentication module, is connected with the Sign-On authentication module and mark address information acquisition module, receives
The second encryption file, decrypts and decompresses the second encryption file, obtains the mark address of the user equipment and defeated
The access request for entering, detection is described to be identified whether to be bound with the data bank account, when testing result is "No", will detection knot
Fruit is sent to the first binding module, when testing result is "Yes", is then sent to second binding module;
First binding module, is connected with the device authentication module, receives the testing result of the "No", and binding is invited
And the safety problem group of answer to be configured is packed and encrypted, the 3rd encryption file is obtained, described the is sent to the client
Three encryption files, when client receives the binding invite and configure the answer of the safety problem group, the first binding module
The answer of the safety problem group is received, while identifying address information using the mark address information of the user equipment as first;
Second binding module, is connected with the device authentication module, receives the testing result of the "Yes", detects the mark
Know whether with current identification binds address information, if testing result be " NO ", testing result is sent to the 3rd binding module,
When testing result is " YES ", then send to secure verification module;
3rd binding module, is connected with second binding module, the testing result of " NO " described in reception, to first
Whether the user equipment for identifying address information sends access alarm and allows the mark and the current identification address information
The notice of binding, if not allowing, the information that would not allow for sends to binding and requires module, if allowing, the information that will be allowed
Send to secure verification module;
Binding requires module, is connected with the 3rd binding module, the information not allowed described in reception, to current mark
The user equipment for knowing address information sends binding invitation, receives described in the user equipment with current identification address information
After binding is invited, by the mark and current identification address binding;
The secure verification module, is connected with the 3rd binding module, the information of the permission is received, to user equipment
Safety problem is sent, if the answer of user equipment input is correct, the correct information of answer is sent to authority module;With
And
Authority module, is connected with the secure verification module, receives the correct information of answer, assigns the user and sets
The standby authority for accessing the data.
In a specific embodiment, the client also includes:
Allocation problem module, is connected with first binding module, and receive the first binding module transmission the 3rd adds
Ciphertext part, decrypts and decompresses the safety problem group that the 3rd encryption file obtains binding invitation and answer to be configured, if connecing
Receive the binding and invite the answer and transmission that then configure the safety problem group to first binding module, if being tied up described in refusal
It is fixed to invite the information that then refuse binding invitation to send to first binding module;
Alarm prompting module, is connected with the 3rd binding module, receives the access announcement that the 3rd binding module sends
Notice that is alert and whether allowing the mark and the current identification binds address information, and the message that will be allowed or do not allow
Send to the 3rd binding module;
Binding responding module, invites module to be connected with the binding, receives the binding and invites the binding that module sends to invite
Please, and to the binding whether module is invited to send the information that binding is invited that receives;And
Checking responding module, is connected with the secure verification module, and the safety for receiving the secure verification module transmission is asked
Topic, and the answer of user input is sent to the secure verification module.
Although embodiment of the present invention is disclosed as above, it is not restricted to listed in specification and implementation method
With, it can be applied to various suitable the field of the invention completely, for those skilled in the art, can be easily
Other modification is realized, therefore under the universal limited without departing substantially from claim and equivalency range, the present invention is not limited
In specific details and shown here as the embodiment with description.
Claims (10)
1. it is a kind of reduce data bank data theft risk method, it is characterised in that including:
S1, client receive the data bank account and login password of user equipment input, by the data bank account and step on
Land password pack and encrypt obtain first encryption file send to server, the server decrypt and decompress described first plus
Ciphertext part, obtains the data bank account and modification logging, and after checking is logined successfully, client obtains the mark of user equipment
Address information;
S2, client receive the access request of the user equipment input, and by the mark address and access request packing simultaneously
The second encryption file that encryption is obtained is sent to server, mark of the access request comprising data to be visited;
S3, the server are decrypted and decompress the second encryption file, obtain the mark address and access request, detect institute
State mark address information and identify whether binding with described, if it is not, step S4 is then performed, if so, then performing step S5;
S4, safety problem is sent to user equipment, if the answer of user equipment input is correct, perform step S5;
S5, the authority for assigning the user equipment access data.
2. the method for reducing the data theft risk of data bank as claimed in claim 1, it is characterised in that the step S3
Specifically include:
S3.1, server decryption the second encryption file, obtain the mark address and access request, detect the mark
Know and whether bound with the data bank account;If it is not, step S3.2 is then performed, if so, then performing step S3.3;
S3.2, will bind invite and answer to be configured safety problem group pack and encrypt obtain the 3rd encryption file send to
User equipment, user equipment is received and decrypts decompression the 3rd encryption file, is obtained the binding and is invited and configure the peace
The answer of full problem set, while identifying address information using the mark address information of the user equipment as first;
S3.3, detection be described identify whether with current identification binds address information, if it is not, then execution step S3.4, if so, then holding
The row step S5;
S3.4, sent to the user equipment with the first mark address information and access alarm and whether allow the mark and institute
The notice of current identification binds address information is stated, if not allowing, step S4 is performed, if allowing, step S3.5 is performed;
S3.5, to current identification address information user equipment send binding invite, it is described with current identification address letter
The user equipment of breath receives the binding and invites, by the mark and current identification address binding.
3. the method for reducing the data theft risk of data bank as claimed in claim 2, it is characterised in that the mark is tied up
The maximum quantity of fixed mark address information is 5.
4. the method for reducing the data theft risk of data bank as claimed in claim 3, it is characterised in that the step
Whether also include the mark address information quantity of the detection mark binding before S3.5 more than 5, if it is not, then performing step
S3.5, if so, then whether releasing other mark address informations to the user equipment transmission with the first mark address information
Binding invitation, if receiving the invitation, send what is bound to the user equipment with the first mark address information
The option of other mark address informations.
5. the method for reducing the data theft risk of data bank as claimed in claim 4, it is characterised in that the step S1
After middle authentication failed, terminate data bank and log in and point out user equipment account or login password wrong.
6. the method for reducing the data theft risk of data bank as claimed in claim 5, it is characterised in that the safety is asked
Topic group is the combination comprising multiple safety problems, and the safety problem in the step S4 comes from the safety problem group.
7. it is a kind of reduce data bank data theft risk system, it is characterised in that including:
Client, receives the data bank account and login password of user equipment input, by the data bank account and logs in
Password pack and encrypt obtain first encryption file send to server;Receive the mark address of the user equipment and defeated
The access request for entering, and by the mark address and access request pack and encrypt obtain second encryption file send to service
Device, mark of the access request comprising data to be visited;And
The server, is connected with the client, receives the first encryption file, decrypts and decompresses and obtains the client
The data bank account and login password of transmission are simultaneously verified, described second are received after being proved to be successful and encrypts file, decrypt and decompress
The second encryption file, obtains the mark address information and access request of the user equipment;Detect the mark address
Information identifies whether binding with described, if it is not, safety problem then is sent to the client, if the answer of client input
Correctly, if so, then assigning the authority that the client accesses the data.
8. the system for reducing the data theft risk of data bank as claimed in claim 7, it is characterised in that the client
Including:
Data bank log-in module, receives the data bank account and login password of user equipment input, by the data bank
Account and modification logging pack and encrypt obtain first encryption file send to server;;And
Mark address information acquisition module, receives mark address and the access request of input of the user equipment, and by institute
State mark address and access request pack and encrypt obtain second encryption file send to server, the access request is included
The mark of data to be visited.
9. the system for reducing the data theft risk of data bank as claimed in claim 8, it is characterised in that the server
Including:
Sign-On authentication module, is connected with the data bank log-in module, receives the institute that the data bank log-in module sends
The first encryption file is stated, the first encryption file is decrypted and decompress, data bank account and login password is obtained, institute is verified
Whether data bank account and modification logging are correct, if being proved to be successful, successful information are sent to device authentication module;
The device authentication module, is connected with the Sign-On authentication module and mark address information acquisition module, receives described
Second encryption file, decrypts and decompresses the second encryption file, obtains mark address and the input of the user equipment
Access request, detection is described to be identified whether to be bound with the data bank account, when testing result is for "No", testing result is sent out
The first binding module is delivered to, when testing result is "Yes", is then sent to second binding module;
First binding module, is connected with the device authentication module, receives the testing result of the "No", will binding invite and
The safety problem group of answer to be configured is packed and is encrypted, and obtains the 3rd encryption file, and sending the described 3rd to the client adds
Ciphertext part, when client receives the binding invite and configure the answer of the safety problem group, the first binding module is received
The answer of the safety problem group, while identifying address information using the mark address information of the user equipment as first;
Second binding module, is connected with the device authentication module, receives the testing result of the "Yes", detects that the mark is
No and current identification binds address information, if testing result is " NO ", testing result is sent to the 3rd binding module, works as inspection
When surveying result for " YES ", then send to secure verification module;
3rd binding module, is connected with second binding module, the testing result of " NO " described in reception, to the first mark
Whether the user equipment of address information sends to access and alerts and allow the mark and the current identification binds address information
Notice, if not allowing, the information that would not allow for sends to binding and requires module, if allow, will allow information send
To secure verification module;
Binding requires module, is connected with the 3rd binding module, the information not allowed described in reception, to current identification ground
The user equipment of location information sends binding and invites, and the binding is received in the user equipment with current identification address information
After invitation, by the mark and current identification address binding;
The secure verification module, is connected with the 3rd binding module, receives the information of the permission, is sent to user equipment
Safety problem, if the answer of user equipment input is correct, the correct information of answer is sent to authority module;And
Authority module, is connected with the secure verification module, receives the correct information of answer, assigns the user equipment and visits
Ask the authority of the data.
10. the system of the data theft risk of reduction data bank as claimed in claim 9, it is characterised in that the visitor
Family end also includes:
Allocation problem module, is connected with first binding module, receives the 3rd encryption text that first binding module sends
Part, decrypts and decompresses the 3rd encryption file and obtain the safety problem group of binding invitation and answer to be configured, if receiving institute
State binding and invite the answer and transmission that then configure the safety problem group to first binding module, if the refusal binding is invited
The information that please will then refuse binding invitation is sent to first binding module;
Alarm prompting module, be connected with the 3rd binding module, receive the access that the 3rd binding module sends alert with
And whether the notice of the mark and the current identification binds address information is allowed, and the message transmission that will be allowed or not allow
To the 3rd binding module;
Binding responding module, invites module to be connected with the binding, receives the binding and invites the binding that module sends to invite, and
Whether module is invited to send the information that binding is invited that receives to the binding;And
Checking responding module, is connected with the secure verification module, receives the safety problem that the secure verification module sends, and
The answer of user input is sent to the secure verification module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611183328.7A CN106790056B (en) | 2016-12-20 | 2016-12-20 | Method and system for reducing data stealing risk of data bank |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611183328.7A CN106790056B (en) | 2016-12-20 | 2016-12-20 | Method and system for reducing data stealing risk of data bank |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106790056A true CN106790056A (en) | 2017-05-31 |
CN106790056B CN106790056B (en) | 2020-01-14 |
Family
ID=58891261
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611183328.7A Active CN106790056B (en) | 2016-12-20 | 2016-12-20 | Method and system for reducing data stealing risk of data bank |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790056B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107196972A (en) * | 2017-07-19 | 2017-09-22 | 中国银行股份有限公司 | A kind of authentication method and system, terminal and server |
CN107704772A (en) * | 2017-10-30 | 2018-02-16 | 中国人民解放军信息工程大学 | A kind of data theft detection method and device for HDFS |
CN108650243A (en) * | 2018-04-24 | 2018-10-12 | 平安科技(深圳)有限公司 | Connect method for building up, system, equipment and computer readable storage medium |
CN109067727A (en) * | 2018-07-25 | 2018-12-21 | 高新兴科技集团股份有限公司 | A kind of network system is from verification method |
CN109063627A (en) * | 2018-07-27 | 2018-12-21 | 文志 | Digital Human artificial intelligence identity unique identification control method |
CN109274635A (en) * | 2017-07-18 | 2019-01-25 | 腾讯科技(深圳)有限公司 | Method for managing security, client device, server, communication system and storage medium |
CN110704867A (en) * | 2019-09-06 | 2020-01-17 | 翼集分电子商务(上海)有限公司 | Method, system, medium and apparatus for integral theft prevention |
CN110855753A (en) * | 2019-10-23 | 2020-02-28 | 陈华 | Bank operation system, method and server |
WO2020211348A1 (en) * | 2019-04-16 | 2020-10-22 | 平安科技(深圳)有限公司 | User information encryption and decryption method, system, and computer device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101593340A (en) * | 2009-04-15 | 2009-12-02 | 北京易路联动技术有限公司 | The information interacting method of internet personal data bank technology and system |
CN103491092A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | Method and system for separating and binding of application platform and databank |
US8875255B1 (en) * | 2012-09-28 | 2014-10-28 | Emc Corporation | Preventing user enumeration by an authentication server |
CN104283874A (en) * | 2014-09-28 | 2015-01-14 | 小米科技有限责任公司 | Data authority control method and device based on cloud server |
-
2016
- 2016-12-20 CN CN201611183328.7A patent/CN106790056B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101593340A (en) * | 2009-04-15 | 2009-12-02 | 北京易路联动技术有限公司 | The information interacting method of internet personal data bank technology and system |
US8875255B1 (en) * | 2012-09-28 | 2014-10-28 | Emc Corporation | Preventing user enumeration by an authentication server |
CN103491092A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | Method and system for separating and binding of application platform and databank |
CN104283874A (en) * | 2014-09-28 | 2015-01-14 | 小米科技有限责任公司 | Data authority control method and device based on cloud server |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109274635B (en) * | 2017-07-18 | 2020-12-25 | 腾讯科技(深圳)有限公司 | Security management method, client device, server, communication system, and storage medium |
CN109274635A (en) * | 2017-07-18 | 2019-01-25 | 腾讯科技(深圳)有限公司 | Method for managing security, client device, server, communication system and storage medium |
CN107196972A (en) * | 2017-07-19 | 2017-09-22 | 中国银行股份有限公司 | A kind of authentication method and system, terminal and server |
CN107704772A (en) * | 2017-10-30 | 2018-02-16 | 中国人民解放军信息工程大学 | A kind of data theft detection method and device for HDFS |
CN108650243A (en) * | 2018-04-24 | 2018-10-12 | 平安科技(深圳)有限公司 | Connect method for building up, system, equipment and computer readable storage medium |
CN108650243B (en) * | 2018-04-24 | 2021-04-23 | 平安科技(深圳)有限公司 | Connection establishment method, system, device and computer readable storage medium |
WO2019205288A1 (en) * | 2018-04-24 | 2019-10-31 | 平安科技(深圳)有限公司 | Connection establishment method, system, and device, and computer readable storage medium |
CN109067727A (en) * | 2018-07-25 | 2018-12-21 | 高新兴科技集团股份有限公司 | A kind of network system is from verification method |
CN109067727B (en) * | 2018-07-25 | 2021-11-30 | 高新兴科技集团股份有限公司 | Network system self-verification method |
CN109063627A (en) * | 2018-07-27 | 2018-12-21 | 文志 | Digital Human artificial intelligence identity unique identification control method |
WO2020211348A1 (en) * | 2019-04-16 | 2020-10-22 | 平安科技(深圳)有限公司 | User information encryption and decryption method, system, and computer device |
CN110704867A (en) * | 2019-09-06 | 2020-01-17 | 翼集分电子商务(上海)有限公司 | Method, system, medium and apparatus for integral theft prevention |
CN110704867B (en) * | 2019-09-06 | 2023-06-16 | 翼集分(上海)数字科技有限公司 | Integral anti-theft method, system, medium and device |
CN110855753A (en) * | 2019-10-23 | 2020-02-28 | 陈华 | Bank operation system, method and server |
Also Published As
Publication number | Publication date |
---|---|
CN106790056B (en) | 2020-01-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106790056A (en) | Reduce the method and system of the data theft risk of data bank | |
CN109150835B (en) | Cloud data access method, device, equipment and computer readable storage medium | |
EP3453136B1 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
CN104980477B (en) | Data access control method and system under cloud storage environment | |
US9485096B2 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
CN106453384B (en) | Secure cloud disk system and secure encryption method thereof | |
US9372987B1 (en) | Apparatus and method for masking a real user controlling synthetic identities | |
CN104378379B (en) | A kind of digital content encrypted transmission method, equipment and system | |
CN106960148A (en) | The distribution method and device of a kind of device identification | |
CN106790183A (en) | Logging on authentication method of calibration, device | |
US20030210791A1 (en) | Key management | |
CN103812651B (en) | Method of password authentication, apparatus and system | |
CN110011958A (en) | Information ciphering method, device, computer equipment and storage medium | |
CN102457561B (en) | Data access method and equipment adopting same | |
CN106992859B (en) | Bastion machine private key management method and device | |
CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
CN104243452B (en) | A kind of cloud computing access control method and system | |
CN107040501B (en) | Authentication method and device based on platform as a service | |
CN109347887A (en) | A kind of identity authentication method and device | |
CN108063748A (en) | A kind of user authen method, apparatus and system | |
CN103532979A (en) | Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web | |
CN109409109A (en) | Data processing method, device, processor and server in network service | |
CN106713372B (en) | A kind of method of controlling security and safety control system based on permission control | |
CN108701200B (en) | Improved memory system | |
CN110912857B (en) | Method and storage medium for sharing login between mobile applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |