CN106790056B - Method and system for reducing data stealing risk of data bank - Google Patents
Method and system for reducing data stealing risk of data bank Download PDFInfo
- Publication number
- CN106790056B CN106790056B CN201611183328.7A CN201611183328A CN106790056B CN 106790056 B CN106790056 B CN 106790056B CN 201611183328 A CN201611183328 A CN 201611183328A CN 106790056 B CN106790056 B CN 106790056B
- Authority
- CN
- China
- Prior art keywords
- binding
- module
- data
- user equipment
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for reducing data stealing risk of a data bank, wherein the method comprises the following steps: s1, the client packs and encrypts the data bank account and the login password to obtain a first encrypted file, and sends the first encrypted file to the server, and after the login is verified successfully, the client acquires identification address information of the user equipment; s2, the client packs the identification address and the access request and encrypts to obtain a second encrypted file, and sends the second encrypted file to the server; s3, the server decrypts and decompresses the second encrypted file, detects whether the identifier address information is bound with the identifier, if not, executes the step S4, and if so, executes the step S5; s4, sending a safety question to the user equipment, and if the answer input by the user equipment is correct, executing a step S5; and S5, giving the user equipment the right to access the data. The invention improves the security of the data bank and reduces the possibility of data stealing.
Description
Technical Field
The invention relates to the technical field of network security. More particularly, the present invention relates to a method and system for reducing the risk of data theft for data banks.
Background
The data bank is a data center constructed on a high-speed distributed storage network, namely, a cloud storage service is adopted, and a large number of different types of storage devices in the network are integrated and cooperatively work through application software through functions of cluster application, network technology or a distributed file system and the like, so that data storage and service access are provided for the outside together, and a data storage and access system is formed.
At present, a user can quickly call stored data on different devices through data synchronization, but the data in a data bank can be accessed after logging in the data bank at present, so that the safety problem of original data stored in the data bank occurs.
The identification of the data, i.e. the ID of the data, is permanent and unique for a data, so that the data can be looked up by retrieving the ID of the data.
Disclosure of Invention
An object of the present invention is to solve at least the above problems and to provide at least the advantages described later.
The invention also aims to provide a method and a system for reducing the data stealing risk of a data bank by encrypting data and verifying the binding condition of the data for multiple times, and aims to solve the data security problem of the data bank at present.
To achieve these objects and other advantages in accordance with the purpose of the invention, there is provided a method of reducing risk of data theft for data banks, comprising:
s1, the client receives a data bank account and a login password input by user equipment, a first encrypted file obtained by packaging and encrypting the data bank account and the login password is sent to a server, the server decrypts and decompresses the first encrypted file to obtain the data bank account and the login password, and after the login is verified successfully, the client acquires identification address information of the user equipment;
s2, the client receives an access request input by the user equipment, and the identifier address and the access request are packaged and encrypted to obtain a second encrypted file which is sent to a server, wherein the access request comprises an identifier of data to be accessed;
s3, the server decrypts and decompresses the second encrypted file to obtain the identification address and the access request, whether the identification address information is bound with the identification is detected, if not, the step S4 is executed, and if yes, the step S5 is executed;
s4, sending a safety question to the user equipment, and if the answer input by the user equipment is correct, executing a step S5;
and S5, giving the user equipment the right to access the data.
Preferably, the step S3 specifically includes:
s3.1, the server decrypts the second encrypted file to obtain the identification address and the access request, and detects whether the identification is bound with the data bank account; if not, executing the step S3.2, if so, executing the step S3.3;
s3.2, packaging and encrypting the binding invitation and the security question group to be configured with the answer to obtain a third encrypted file, sending the third encrypted file to the user equipment, receiving, decrypting and decompressing the third encrypted file by the user equipment to obtain the binding invitation and configure the answer of the security question group, and simultaneously using the identification address information of the user equipment as first identification address information;
s3.3, detecting whether the identifier is bound with the current identifier address information, if not, executing the step S3.4, and if so, executing the step S5;
s3.4, sending an access alarm and a notice of whether the identifier is allowed to be bound with the current identifier address information to user equipment with first identifier address information, if not, executing the step S4, and if so, executing the step S3.5;
and S3.5, sending a binding invitation to the user equipment with the current identification address information, receiving the binding invitation by the user equipment with the current identification address information, and binding the identification with the current identification address.
Preferably, the maximum number of the identification address information of the identification binding is 5.
Preferably, before the step S3.5, the method further includes detecting whether the number of the identifier address information items bound by the identifier exceeds 5, if not, executing the step S3.5, if so, sending an invitation whether to release the binding of other identifier address information to the user equipment with the first identifier address information, and if receiving the invitation, sending an option of bound other identifier address information to the user equipment with the first identifier address information.
Preferably, after the verification in step S1 fails, the data bank login is terminated and the user equipment account number or the login password is prompted to be incorrect.
Preferably, the security question group is a combination including a plurality of security questions, and the security question in step S4 comes from the security question group.
The invention also provides a system for reducing the data stealing risk of a data bank, which comprises the following steps:
the client receives a data bank account and a login password input by user equipment, packages and encrypts the data bank account and the login password to obtain a first encrypted file and sends the first encrypted file to the server; receiving an identification address of the user equipment and an input access request, packaging the identification address and the access request, and encrypting to obtain a second encrypted file, and sending the second encrypted file to a server, wherein the access request comprises an identification of data to be accessed; and
the server is connected with the client, receives the first encrypted file, decrypts and decompresses the first encrypted file to obtain a data bank account and a login password sent by the client, verifies the data bank account and the login password, receives the second encrypted file after the verification is successful, decrypts and decompresses the second encrypted file to obtain identification address information and an access request of the user equipment; and detecting whether the identification address information is bound with the identification, if not, sending a safety problem to the client, if the answer input by the client is correct, and if so, giving the client the right to access the data.
Preferably, the client includes:
the data bank login module is used for receiving a data bank account and a login password input by user equipment, packaging the data bank account and the login password, and encrypting to obtain a first encrypted file which is sent to the server; (ii) a And
and the identification address information acquisition module is used for receiving the identification address of the user equipment and the input access request, packaging the identification address and the access request, encrypting the obtained second encrypted file, and sending the second encrypted file to a server, wherein the access request contains the identification of the data to be accessed.
Preferably, the server includes:
the login verification module is connected with the data bank login module, receives the first encrypted file sent by the data bank login module, decrypts and decompresses the first encrypted file to obtain a data bank account and a login password, verifies whether the data bank account and the login password are correct or not, and sends successful information to the equipment verification module if the verification is successful;
the equipment verification module is connected with the login verification module and the identification address information acquisition module, receives the second encrypted file, decrypts and decompresses the second encrypted file to obtain the identification address of the user equipment and an input access request, detects whether the identification is bound with the data bank account or not, sends a detection result to the first binding module when the detection result is negative, and sends the detection result to the second binding module when the detection result is positive;
the first binding module is connected with the equipment verification module, receives the detection result of 'no', packages and encrypts a binding invitation and a security question group to be configured with an answer to obtain a third encrypted file, sends the third encrypted file to the client, and receives the answer of the security question group and takes the identification address information of the user equipment as first identification address information when the client receives the binding invitation and configures the answer of the security question group;
the second binding module is connected with the equipment verification module, receives the detection result of the 'YES', detects whether the identifier is bound with the current identifier address information, sends the detection result to the third binding module if the detection result is 'NO', and sends the detection result to the safety verification module if the detection result is 'YES';
the third binding module is connected with the second binding module, receives the detection result of the NO, sends an access alarm and a notice whether the identification is allowed to be bound with the current identification address information to the user equipment with the first identification address information, sends the information which is not allowed to be bound to the binding requirement module if the information is not allowed to be bound to the current identification address information, and sends the allowed information to the safety verification module if the information is allowed to be bound to the current identification address information;
a binding request module, connected to the third binding module, for receiving the disallowed information, sending a binding invitation to the user equipment having current identification address information, and binding the identification with the current identification address after the user equipment having current identification address information receives the binding invitation;
the security verification module is connected with the third binding module, receives the allowed information, sends a security question to user equipment, and sends information with correct answer to the authority module if the answer input by the user equipment is correct; and
and the authority module is connected with the safety verification module, receives the information of correct answer and gives the user equipment the authority to access the data.
Preferably, the client further comprises:
the problem configuration module is connected with the first binding module, receives a third encrypted file sent by the first binding module, decrypts and decompresses the third encrypted file to obtain a binding invitation and a security problem group with an answer to be configured, configures the answer of the security problem group and sends the answer to the first binding module if the binding invitation is received, and sends the information of refusing the binding invitation to the first binding module if the binding invitation is refused;
the alarm reminding module is connected with the third binding module, receives the access alarm sent by the third binding module and the notice whether the identification is allowed to be bound with the current identification address information or not, and sends the allowed or not allowed information to the third binding module;
the binding response module is connected with the binding invitation module, receives the binding invitation sent by the binding invitation module and sends information whether to receive the binding invitation to the binding invitation module; and
and the verification response module is connected with the safety verification module, receives the safety problems sent by the safety verification module and sends answers input by the user to the safety verification module.
The invention at least comprises the following beneficial effects: the information is encrypted and transmitted in the data interaction process, so that the difficulty of a hacker in acquiring the data information is increased, each piece of data in the data bank is bound with the identification address information of the user equipment, and even if different user equipment of the same account is used, the data needs to be verified when the data is acquired, so that the data security is greatly improved.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Detailed Description
The present invention is further described in detail below with reference to examples so that those skilled in the art can practice the invention with reference to the description.
It should be noted that the experimental methods described in the following embodiments are conventional methods unless otherwise specified, and should not be construed as limiting the present invention.
Reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic may be included in at least one implementation of the invention. The appearances of the phrase "in one particular embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
The invention provides a method for reducing data stealing risk of a data bank, which comprises the following steps:
s1, the client receives a data bank account and a login password input by user equipment, a first encrypted file obtained by packaging and encrypting the data bank account and the login password is sent to a server, the server decrypts and decompresses the first encrypted file to obtain the data bank account and the login password, and after the login is verified successfully, the client acquires identification address information of the user equipment;
s2, the client receives an access request input by the user equipment, and the identifier address and the access request are packaged and encrypted to obtain a second encrypted file which is sent to a server, wherein the access request comprises an identifier of data to be accessed;
s3, the server decrypts and decompresses the second encrypted file to obtain the identification address and the access request, whether the identification address information is bound with the identification is detected, if not, the step S4 is executed, and if yes, the step S5 is executed;
s4, sending a safety question to the user equipment, and if the answer input by the user equipment is correct, executing a step S5;
and S5, giving the user equipment the right to access the data.
By binding each data in the data bank with the identification address information of the user equipment, even if different user equipment using the same account needs to be verified when acquiring the data, and the safety of the data is greatly improved. And a plurality of information is packaged and encrypted for transmission, so that the difficulty of a hacker for acquiring data is increased, and the possibility that the hacker acquires the information by eavesdropping the same channel is isolated.
In a specific embodiment, the step S3 specifically includes:
s3.1, the server decrypts the second encrypted file to obtain the identification address and the access request, and detects whether the identification is bound with the data bank account; if not, executing the step S3.2, if so, executing the step S3.3;
firstly, whether a data identifier has a binding relationship with the data bank account is detected, and when the data identifier does not have the binding relationship, the data identifier may be newly stored in the data bank or the data bank account may enter the data bank for the first time. The invention allows the simultaneous binding of one data or a batch of data, thus effectively reducing the complexity of data interaction, improving the user experience, and the binding operation of a batch of data is consistent with the binding operation of one data.
S3.2, packaging and encrypting the binding invitation and the security question group to be configured with the answer to obtain a third encrypted file, sending the third encrypted file to the user equipment, receiving, decrypting and decompressing the third encrypted file by the user equipment to obtain the binding invitation and configure the answer of the security question group, and taking the identification address information of the user equipment as the first identification address information.
The invention sets a security problem group while binding data and user equipment, the security problem group includes a plurality of problems, the invention does not limit the number of the problems, when in actual use, a security problem group can include 5-10 security problems, and the security problems can be: the name of the user, the name of the user's parent, the first teacher of the user, or a more complex question.
S3.3, detecting whether the identifier is bound with the current identifier address information, if not, executing the step S3.4, and if so, executing the step S5;
s3.4, sending an access alarm and a notice of whether the identifier is allowed to be bound with the current identifier address information to user equipment with first identifier address information, if not, executing the step S4, and if so, executing the step S3.5;
in the prior art, data interaction can be performed when a user device with other identification address information successfully logs in a data bank, but a problem exists in that if the account is stolen, a hacker can unscrupulously steal data. Therefore, by detecting whether the identification address information is the first identification address information, the difficulty of stealing data is increased.
Further, the user equipment with the first identification address information can autonomously select whether to timely stop the access of other user equipment to the data by sending an access alarm and a notice whether to allow the identification to be bound with the current identification address information to the user equipment with the first identification address information, and if the other user equipment is trusted by the user equipment with the first identification address information (for example, the other user equipment is the second equipment of the client), the user equipment with the first identification address information can allow the identification to be bound with the current identification address information, so that the other user equipment can access the data later, and the use convenience of a data bank is improved.
And S3.5, sending a binding invitation to the user equipment with the current identification address information, receiving the binding invitation by the user equipment with the current identification address information, and binding the identification with the current identification address.
In a specific embodiment, the maximum number of the id address information of the id binding is 5.
In a specific embodiment, the maximum number of the id address information of the id binding is 5. For the same data, through the verification of the inventor, the convenience of the data binding identification address information after exceeding 5 pieces increases slowly, but the security drops sharply, for example, when 6 pieces are bound, the security is only 4.82% when 1 piece is bound, 8.23% when 2 pieces are bound, 15.78% when 3 pieces are bound, and 45% when 5 pieces are bound, so that the maximum number of identification address information for identifying the binding is designed to be 5.
In a specific embodiment, before the step S3.5, it is further configured to detect whether the number of the identifier address information of the identifier binding exceeds 5, if not, execute the step S3.5, if so, send an invitation to the user equipment with the first identifier address information whether to release the binding of the other identifier address information, and if receiving the invitation, send an option of the bound other identifier address information to the user equipment with the first identifier address information.
In a specific embodiment, after the authentication in step S1 fails, the data bank login is terminated and the user equipment account or the login password is prompted to be incorrect.
In a specific embodiment, the security question group is a combination including a plurality of security questions, and the security question in step S4 comes from the security question group.
The invention also provides a system for reducing the data stealing risk of a data bank, which comprises the following steps:
the client receives a data bank account and a login password input by user equipment, packages and encrypts the data bank account and the login password to obtain a first encrypted file and sends the first encrypted file to the server; receiving an identification address of the user equipment and an input access request, packaging the identification address and the access request, and encrypting to obtain a second encrypted file, and sending the second encrypted file to a server, wherein the access request comprises an identification of data to be accessed; and
the server is connected with the client, receives the first encrypted file, decrypts and decompresses the first encrypted file to obtain a data bank account and a login password sent by the client, verifies the data bank account and the login password, receives the second encrypted file after the verification is successful, decrypts and decompresses the second encrypted file to obtain identification address information and an access request of the user equipment; and detecting whether the identification address information is bound with the identification, if not, sending a safety problem to the client, if the answer input by the client is correct, and if so, giving the client the right to access the data.
In a specific embodiment, the client includes:
the data bank login module is used for receiving a data bank account and a login password input by user equipment, packaging the data bank account and the login password, and encrypting to obtain a first encrypted file which is sent to the server; (ii) a And
and the identification address information acquisition module is used for receiving the identification address of the user equipment and the input access request, packaging the identification address and the access request, encrypting the obtained second encrypted file, and sending the second encrypted file to a server, wherein the access request contains the identification of the data to be accessed.
In a specific embodiment, the server includes:
the login verification module is connected with the data bank login module, receives the first encrypted file sent by the data bank login module, decrypts and decompresses the first encrypted file to obtain a data bank account and a login password, verifies whether the data bank account and the login password are correct or not, and sends successful information to the equipment verification module if the verification is successful;
the equipment verification module is connected with the login verification module and the identification address information acquisition module, receives the second encrypted file, decrypts and decompresses the second encrypted file to obtain the identification address of the user equipment and an input access request, detects whether the identification is bound with the data bank account or not, sends a detection result to the first binding module when the detection result is negative, and sends the detection result to the second binding module when the detection result is positive;
the first binding module is connected with the equipment verification module, receives the detection result of 'no', packages and encrypts a binding invitation and a security question group to be configured with an answer to obtain a third encrypted file, sends the third encrypted file to the client, and receives the answer of the security question group and takes the identification address information of the user equipment as first identification address information when the client receives the binding invitation and configures the answer of the security question group;
the second binding module is connected with the equipment verification module, receives the detection result of the 'YES', detects whether the identifier is bound with the current identifier address information, sends the detection result to the third binding module if the detection result is 'NO', and sends the detection result to the safety verification module if the detection result is 'YES';
the third binding module is connected with the second binding module, receives the detection result of the NO, sends an access alarm and a notice whether the identification is allowed to be bound with the current identification address information to the user equipment with the first identification address information, sends the information which is not allowed to be bound to the binding requirement module if the information is not allowed to be bound to the current identification address information, and sends the allowed information to the safety verification module if the information is allowed to be bound to the current identification address information;
a binding request module, connected to the third binding module, for receiving the disallowed information, sending a binding invitation to the user equipment having current identification address information, and binding the identification with the current identification address after the user equipment having current identification address information receives the binding invitation;
the security verification module is connected with the third binding module, receives the allowed information, sends a security question to user equipment, and sends information with correct answer to the authority module if the answer input by the user equipment is correct; and
and the authority module is connected with the safety verification module, receives the information of correct answer and gives the user equipment the authority to access the data.
In a specific embodiment, the client further includes:
the problem configuration module is connected with the first binding module, receives a third encrypted file sent by the first binding module, decrypts and decompresses the third encrypted file to obtain a binding invitation and a security problem group with an answer to be configured, configures the answer of the security problem group and sends the answer to the first binding module if the binding invitation is received, and sends the information of refusing the binding invitation to the first binding module if the binding invitation is refused;
the alarm reminding module is connected with the third binding module, receives the access alarm sent by the third binding module and the notice whether the identification is allowed to be bound with the current identification address information or not, and sends the allowed or not allowed information to the third binding module;
the binding response module is connected with the binding invitation module, receives the binding invitation sent by the binding invitation module and sends information whether to receive the binding invitation to the binding invitation module; and
and the verification response module is connected with the safety verification module, receives the safety problems sent by the safety verification module and sends answers input by the user to the safety verification module.
While embodiments of the invention have been described above, it is not limited to the applications set forth in the description and the embodiments, which are fully applicable to various fields of endeavor for which the invention may be embodied with additional modifications as would be readily apparent to those skilled in the art, and the invention is therefore not limited to the details given herein and to the embodiments shown and described without departing from the generic concept as defined by the claims and their equivalents.
Claims (10)
1. A method of reducing the risk of data theft for data banks, comprising:
s1, the client receives a data bank account and a login password input by user equipment, a first encrypted file obtained by packaging and encrypting the data bank account and the login password is sent to a server, the server decrypts and decompresses the first encrypted file to obtain the data bank account and the login password, and after the login is verified successfully, the client acquires identification address information of the user equipment;
s2, the client receives an access request input by the user equipment, and the identifier address and the access request are packaged and encrypted to obtain a second encrypted file which is sent to a server, wherein the access request comprises an identifier of data to be accessed;
s3, the server decrypts and decompresses the second encrypted file to obtain the identification address and the access request, whether the identification address information is bound with the identification is detected, if not, the step S4 is executed, and if yes, the step S5 is executed;
s4, sending a safety question to the user equipment, and if the answer input by the user equipment is correct, executing a step S5;
and S5, giving the user equipment the right to access the data.
2. The method for reducing the risk of data theft for data banks according to claim 1, wherein the step S3 specifically includes:
s3.1, the server decrypts the second encrypted file to obtain the identification address and the access request, and detects whether the identification is bound with the data bank account; if not, executing the step S3.2, if so, executing the step S3.3;
s3.2, packaging and encrypting the security question group with the binding invitation and the answer to be configured to obtain a third encrypted file, sending the third encrypted file to user equipment, receiving, decrypting and decompressing the third encrypted file by the user equipment to obtain the binding invitation and configure the answer of the security question group, taking the identification address information of the user equipment as first identification address information, sending the answer of the security question group and the first identification address information to a server, and then executing the step S3.3;
s3.3, detecting whether the identifier is bound with the current identifier address information, if not, executing the step S3.4, and if so, executing the step S5;
s3.4, sending an access alarm and a notice of whether the identifier is allowed to be bound with the current identifier address information to user equipment with first identifier address information, if not, executing the step S4, and if so, executing the step S3.5;
and S3.5, sending a binding invitation to the user equipment with the current identification address information, receiving the binding invitation by the user equipment with the current identification address information, and binding the identification with the current identification address.
3. The method for reducing the risk of data theft for data banks according to claim 2, wherein the maximum number of identification address information of the identification binding is 5.
4. The method for reducing the risk of data theft in data banks according to claim 3, wherein step S3.5 is preceded by detecting whether the number of id address information of id binding exceeds 5, and if not, step S3.5 is executed, if yes, sending an invitation to the user equipment with the first id address information to determine whether to release the binding of other id address information, and if receiving the invitation, sending an option of bound other id address information to the user equipment with the first id address information.
5. The method for reducing the risk of data theft for data banks according to claim 4, characterized in that after the authentication in step S1 fails, the data bank login is terminated and the user equipment account number or login password is prompted to be incorrect.
6. The method for reducing the risk of data theft for data banks according to claim 5, wherein the security question group is a combination comprising a plurality of security questions, and the security question in step S4 comes from the security question group.
7. A system for reducing the risk of data theft for data banks, comprising:
the client receives a data bank account and a login password input by user equipment, packages and encrypts the data bank account and the login password to obtain a first encrypted file and sends the first encrypted file to the server; receiving an identification address of the user equipment and an input access request, packaging the identification address and the access request, and encrypting to obtain a second encrypted file, and sending the second encrypted file to a server, wherein the access request comprises an identification of data to be accessed; and
the server is connected with the client, receives the first encrypted file, decrypts and decompresses the first encrypted file to obtain a data bank account and a login password sent by the client, verifies the data bank account and the login password, receives the second encrypted file after the verification is successful, decrypts and decompresses the second encrypted file to obtain identification address information and an access request of the user equipment; and detecting whether the identification address information is bound with the identification, if not, sending a safety problem to the client, if the answer input by the client is correct, and if so, giving the client the right to access the data.
8. The system for reducing the risk of data theft for data banks according to claim 7, wherein the client comprises:
the data bank login module is used for receiving a data bank account and a login password input by user equipment, packaging the data bank account and the login password, and encrypting to obtain a first encrypted file which is sent to the server; and
and the identification address information acquisition module is used for receiving the identification address of the user equipment and the input access request, packaging the identification address and the access request, encrypting the obtained second encrypted file, and sending the second encrypted file to a server, wherein the access request contains the identification of the data to be accessed.
9. The system for reducing the risk of data theft for data banks according to claim 8, wherein the server includes:
the login verification module is connected with the data bank login module, receives the first encrypted file sent by the data bank login module, decrypts and decompresses the first encrypted file to obtain a data bank account and a login password, verifies whether the data bank account and the login password are correct or not, and sends successful information to the equipment verification module if the verification is successful;
the equipment verification module is connected with the login verification module and the identification address information acquisition module, receives the second encrypted file, decrypts and decompresses the second encrypted file to obtain the identification address of the user equipment and an input access request, detects whether the identification is bound with the data bank account, and sends a detection result to the first binding module when the detection result is 'no', and sends the detection result to the second binding module when the detection result is 'yes';
the first binding module is connected with the equipment verification module, receives the detection result of 'no', packages and encrypts a binding invitation and a security question group to be configured with an answer to obtain a third encrypted file, sends the third encrypted file to the client, and receives the answer of the security question group and takes the identification address information of the user equipment as first identification address information when the client receives the binding invitation and configures the answer of the security question group;
the second binding module is connected with the equipment verification module, receives the detection result of the 'YES', detects whether the identifier is bound with the current identifier address information, sends the detection result to the third binding module if the detection result is 'NO', and sends the detection result to the safety verification module if the detection result is 'YES';
the third binding module is connected with the second binding module, receives the detection result of the NO, sends an access alarm and a notice whether the identification is allowed to be bound with the current identification address information to the user equipment with the first identification address information, sends the information which is not allowed to be bound to the binding requirement module if the information is not allowed to be bound to the current identification address information, and sends the allowed information to the safety verification module if the information is allowed to be bound to the current identification address information;
a binding request module, connected to the third binding module, for receiving the disallowed information, sending a binding invitation to the user equipment having current identification address information, and binding the identification with the current identification address after the user equipment having current identification address information receives the binding invitation;
the security verification module is connected with the third binding module, receives the allowed information, sends a security question to user equipment, and sends information with correct answer to the authority module if the answer input by the user equipment is correct; and
and the authority module is connected with the safety verification module, receives the information of correct answer and gives the user equipment the authority to access the data.
10. The system for reducing the risk of data theft for data banks of claim 9 wherein the client further comprises:
the problem configuration module is connected with the first binding module, receives a third encrypted file sent by the first binding module, decrypts and decompresses the third encrypted file to obtain a binding invitation and a security problem group with an answer to be configured, configures the answer of the security problem group and sends the answer to the first binding module if the binding invitation is received, and sends the information of refusing the binding invitation to the first binding module if the binding invitation is refused;
the alarm reminding module is connected with the third binding module, receives the access alarm sent by the third binding module and the notice whether the identification is allowed to be bound with the current identification address information or not, and sends the allowed or not allowed information to the third binding module;
the binding response module is connected with the binding invitation module, receives the binding invitation sent by the binding invitation module and sends information whether to receive the binding invitation to the binding invitation module; and
and the verification response module is connected with the safety verification module, receives the safety problems sent by the safety verification module and sends answers input by the user to the safety verification module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611183328.7A CN106790056B (en) | 2016-12-20 | 2016-12-20 | Method and system for reducing data stealing risk of data bank |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611183328.7A CN106790056B (en) | 2016-12-20 | 2016-12-20 | Method and system for reducing data stealing risk of data bank |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790056A CN106790056A (en) | 2017-05-31 |
| CN106790056B true CN106790056B (en) | 2020-01-14 |
Family
ID=58891261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611183328.7A Active CN106790056B (en) | 2016-12-20 | 2016-12-20 | Method and system for reducing data stealing risk of data bank |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790056B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109274635B (en) * | 2017-07-18 | 2020-12-25 | 腾讯科技(深圳)有限公司 | Security management method, client device, server, communication system, and storage medium |
| CN107196972B (en) * | 2017-07-19 | 2020-12-22 | 中国银行股份有限公司 | Authentication method and system, terminal and server |
| CN107704772A (en) * | 2017-10-30 | 2018-02-16 | 中国人民解放军信息工程大学 | A kind of data theft detection method and device for HDFS |
| CN108650243B (en) * | 2018-04-24 | 2021-04-23 | 平安科技(深圳)有限公司 | Connection establishment method, system, device and computer readable storage medium |
| CN109067727B (en) * | 2018-07-25 | 2021-11-30 | 高新兴科技集团股份有限公司 | Network system self-verification method |
| CN109063627A (en) * | 2018-07-27 | 2018-12-21 | 文志 | Digital Human artificial intelligence identity unique identification control method |
| CN110147658B (en) * | 2019-04-16 | 2024-07-16 | 平安科技(深圳)有限公司 | User information encryption and decryption method, system and computer equipment |
| CN110704867B (en) * | 2019-09-06 | 2023-06-16 | 翼集分(上海)数字科技有限公司 | Integral anti-theft method, system, medium and device |
| CN110855753A (en) * | 2019-10-23 | 2020-02-28 | 陈华 | Bank operation system, method and server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593340A (en) * | 2009-04-15 | 2009-12-02 | 北京易路联动技术有限公司 | The information interacting method of internet personal data bank technology and system |
| CN103491092A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | Method and system for separating and binding of application platform and databank |
| US8875255B1 (en) * | 2012-09-28 | 2014-10-28 | Emc Corporation | Preventing user enumeration by an authentication server |
| CN104283874A (en) * | 2014-09-28 | 2015-01-14 | 小米科技有限责任公司 | Data authority control method and device based on cloud server |
-
2016
- 2016-12-20 CN CN201611183328.7A patent/CN106790056B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101593340A (en) * | 2009-04-15 | 2009-12-02 | 北京易路联动技术有限公司 | The information interacting method of internet personal data bank technology and system |
| US8875255B1 (en) * | 2012-09-28 | 2014-10-28 | Emc Corporation | Preventing user enumeration by an authentication server |
| CN103491092A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | Method and system for separating and binding of application platform and databank |
| CN104283874A (en) * | 2014-09-28 | 2015-01-14 | 小米科技有限责任公司 | Data authority control method and device based on cloud server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790056A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790056B (en) | Method and system for reducing data stealing risk of data bank | |
| KR102307665B1 (en) | identity authentication | |
| US9460567B2 (en) | Establishing secure communication for vehicle diagnostic data | |
| US9015489B2 (en) | Securing passwords against dictionary attacks | |
| CN109347835A (en) | Information transferring method, client, server and computer readable storage medium | |
| EP2875460B1 (en) | Anti-cloning system and method | |
| CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
| CN111800378B (en) | Login authentication method, device, system and storage medium | |
| CN109257391A (en) | A kind of access authority opening method, device, server and storage medium | |
| US20150143545A1 (en) | Function for the Challenge Derivation for Protecting Components in a Challenge-Response Authentication Protocol | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| CN104243458A (en) | Secure online game logging-in method and system | |
| CN106453361A (en) | A safety protection method and system for network information | |
| CN110290150A (en) | A kind of login validation method and login authentication device of Virtual Private Network VPN | |
| CN103812651A (en) | Password authentication method, device and system | |
| CN103391194B (en) | The method and system that the safety equipment of user are unlocked | |
| CN106209793A (en) | A kind of auth method and checking system | |
| CN104796383A (en) | Method and device for preventing terminal information from being tempered | |
| CN109698806A (en) | A kind of user data method of calibration and system | |
| CN105430649B (en) | WIFI cut-in method and equipment | |
| CN108667800B (en) | Access authority authentication method and device | |
| CN105429978B (en) | Data access method, equipment and system | |
| CN102833067B (en) | Trilateral authentication method and system and authentication state management method of terminal equipment | |
| CN103441989B (en) | A kind of authentication, information processing method and device | |
| EP2985712B1 (en) | Application encryption processing method, apparatus, and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |