CN107277046A - Coerce-proof password management-control method and device - Google Patents
Coerce-proof password management-control method and device Download PDFInfo
- Publication number
- CN107277046A CN107277046A CN201710610218.2A CN201710610218A CN107277046A CN 107277046 A CN107277046 A CN 107277046A CN 201710610218 A CN201710610218 A CN 201710610218A CN 107277046 A CN107277046 A CN 107277046A
- Authority
- CN
- China
- Prior art keywords
- user
- face feature
- password management
- feature data
- active user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a kind of coerce-proof password management-control method and device;Wherein, this method is performed by password management and control device;This method includes:Receive the stress signal that validated user is sent;Wherein, stress signal includes the trigger signal that validated user is sent by password management and control device, or, the face feature signal of the validated user obtained by camera device;Release the binding relationship of the face feature data of user cipher and validated user, the access rights of open user cipher;During access rights opening, the behavioural information of active user is monitored;Wherein, behavior information includes the view data for the active user that the service provider in running status in the terminal that active user triggers, the corresponding user cipher of service provider extracted and camera device are obtained;Record snoop results.The present invention improves the coerce-proof of Password Management mode, and then improves the security of Password Management.
Description
Technical field
The present invention relates to password management and control technical field, more particularly, to a kind of coerce-proof password management-control method and device.
Background technology
With the fast development of information technology, increasing website or application software greatly facilitate people life and
Work, however, the Password Management of each website or application software and memory but become a cumbersome task;For the ease of note
Recall, different websites or application software are set to same password by certain customers, undoubtedly the property safety to user causes one
Fixed hidden danger.
Existing Password Management mode is main in the way of record, for example, the password of each website or application software is remembered
Record on a paper document, or, the password of each website or application software is recorded in terminal, is stored in and locally or remotely takes
Business device;When user is coerced by criminal, these above-mentioned Password Management modes due to lack anti-coercive cause security compared with
Difference.
For above-mentioned Password Management mode security it is poor the problem of, not yet propose effective solution.
The content of the invention
In view of this, it is an object of the invention to provide a kind of coerce-proof password management-control method and device, to improve password
The coerce-proof of way to manage, and then improve the security of Password Management.
In a first aspect, the embodiments of the invention provide a kind of coerce-proof password management-control method, this method is by password management and control device
Perform, the face feature data of validated user, and one bound with face feature data are previously stored with password management and control device
The user cipher of individual or multiple service providers;Password management and control device is connected with outside terminal communication;This method includes:Receive and close
The stress signal that method user sends;Wherein, stress signal includes the trigger signal that validated user is sent by password management and control device, or
Person, the face feature signal of the validated user obtained by camera device;Release the face feature of user cipher and validated user
The binding relationship of data, the access rights of open user cipher;During access rights opening, the behavior of active user is monitored
Information;Wherein, behavioural information includes the service provider in running status in the terminal that active user triggers, the service extracted
The view data for the active user that the corresponding user cipher of provider and camera device are obtained;Service provider includes application
Program and/or website;Record snoop results.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the first of first aspect, wherein, on
Stating method also includes:Snoop results are sent to the server of distal end, to trigger server generation warning message.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of second of first aspect, wherein, on
The behavioural information step for monitoring active user is stated, including:Gather the reflected signal of active user face;Reflected signal is carried out special
Extraction is levied, the face feature data of active user are generated;Judge active user face feature data whether with validated user
Face feature data match;If not, the view data of record active user.
With reference to second of possible embodiment of first aspect, the embodiments of the invention provide the third of first aspect
Possible embodiment, wherein, the behavioural information step of above-mentioned monitoring active user, in addition to:Exist when listening in terminal
During service provider in running status, the corresponding user cipher of service provider is extracted;Mark service provider and user
Password.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the 4th of first aspect kind, wherein, on
State before receiving the stress signal that validated user is sent, method also includes:When receiving enabled instruction, active user's face is obtained
The reflected signal in portion;Judge reflected signal whether the face feature data match with validated user;If it is, determining current use
The identity information at family is validated user;If not, locking password management and control device.
With reference to the 4th kind of possible embodiment of first aspect, the embodiments of the invention provide the 5th of first aspect kind
Possible embodiment, wherein, it is above-mentioned judge reflected signal whether the face feature data match with validated user, including:
Feature extraction processing is carried out to reflected signal, the face feature data of active user are generated;By the face feature number of active user
It is compared according to the face feature data with validated user, obtains comparison result;Judge whether comparison result reaches default
With threshold value;If it is, determining that the characteristic of validated user of the reflected signal with prestoring matches;If not, determining anti-
The characteristic for the validated user penetrated signal and prestored is mismatched.
Second aspect, the embodiments of the invention provide a kind of coerce-proof password control device, the device is arranged at password pipe
Control the face feature data that validated user is previously stored with device, password management and control device, and one bound with face feature data
The user cipher of individual or multiple service providers;Password management and control device is connected with outside terminal communication;The device includes:Signal connects
Module is received, for receiving the stress signal that validated user is sent;Wherein, stress signal passes through password management and control device including validated user
The trigger signal of transmission, or, the face feature signal of the validated user obtained by camera device;Module is released, for solving
Except user cipher and the binding relationship of the face feature data of validated user, the access rights of open user cipher;Monitor module,
During being opened in access rights, the behavioural information of active user is monitored;Wherein, behavioural information is triggered including active user
Terminal in running status service provider, extract the corresponding user cipher of service provider and camera device
The view data of the active user of acquisition;Service provider includes application program and/or website;Logging modle, for recording prison
Listen result.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of the first of second aspect, wherein, on
Stating device also includes sending module, for snoop results to be sent to the server of distal end, to trigger server generation alarm signal
Breath.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of second of second aspect, wherein, on
Monitoring module is stated, including:Signal gathering unit, the reflected signal for gathering active user face;Feature extraction unit, is used for
Feature extraction is carried out to reflected signal, the face feature data of active user are generated;Interpretation unit, for judging active user's
Face feature data whether the face feature data match with validated user;Recording unit, if the face for active user
The face feature data match of portion's characteristic not with validated user, records the view data of active user.
With reference to second of possible embodiment of second aspect, the embodiments of the invention provide the third of second aspect
Possible embodiment, wherein, above-mentioned monitoring module, in addition to:, there is place in terminal for working as to listen in code extraction module
When the service provider of running status, the corresponding user cipher of service provider is extracted;Mark module, for marking service to carry
Supplier and user cipher.
The embodiment of the present invention brings following beneficial effect:
A kind of coerce-proof password management-control method and device provided in an embodiment of the present invention, wherein, this method is by password management and control
Device is performed, and is previously stored with the face feature data of validated user on password management and control device, and bound with face feature data
The user cipher of one or more service providers;Triggered when receiving validated user by password management and control device or camera device
After the stress signal of acquisition, the binding relationship of the face feature data of user cipher and validated user, open user cipher are released
Access rights, while listening for the behavioural information of active user, and record snoop results;Which can coerced user
In the case of, it is ensured that the encrypted message being related in stress procedure is recorded while personal safety, Password Management mode is improved
Coerce-proof, and then improve the security of Password Management.
Other features and advantages of the present invention will be illustrated in the following description, also, partly be become from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims
And specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate
Appended accompanying drawing, is described in detail below.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art
The accompanying drawing used required in embodiment or description of the prior art is briefly described, it should be apparent that, in describing below
Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid
Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the first coerce-proof password management-control method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of second of coerce-proof password management-control method provided in an embodiment of the present invention;
Fig. 3 is the flow chart of the third coerce-proof password management-control method provided in an embodiment of the present invention;
Fig. 4 is a kind of structural representation of coerce-proof password control device provided in an embodiment of the present invention;
Fig. 5 is a kind of structural representation of password management and control device provided in an embodiment of the present invention;
Fig. 6 is a kind of concrete structure schematic diagram of password management and control device provided in an embodiment of the present invention.
Icon:500- Password Management devices;502- camera devices;504- display screens;506- communicators;Outside 600- main bodys
Shell;602- start buttons;604- password confirming buttons;606- support frames.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention
Technical scheme be clearly and completely described, it is clear that described embodiment is a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, belongs to the scope of protection of the invention.
In view of existing Password Management mode security it is poor the problem of, the embodiments of the invention provide a kind of coerce-proof
Password management-control method and device;The technology can apply to a variety of applications or the unified storage of website password, extract and management
Among;The technology can be realized using related software and hardware, be described below by embodiment.
Embodiment one:
The flow chart of the first coerce-proof password management-control method shown in Figure 1, this method is performed by password management and control device,
Be previously stored with the face feature data of validated user on the password management and control device, and bound with face feature data one or
The user cipher of multiple service providers;The password management and control device is connected with outside terminal communication;The above method includes following step
Suddenly:
Step S102, receives the stress signal that validated user is sent;Wherein, the stress signal passes through close including validated user
The trigger signal that code management and control device is sent, or, the face feature signal of the validated user obtained by camera device;
Specifically, can be by such as when validated user extracts password by illegal molecule stress using the password management and control device
Lower two ways obtains the signal that validated user is coerced:
Mode one:The more concealed or button through camouflage is set on password management and control device, it is close when user presses the button
Code management and control device receives above-mentioned stress signal;User can press the button by a variety of default forms, for example, long-press, for several times
Continuous short-press or long-press and short-press are according to certain rules alternately etc.;Which can obtain relatively stable accurate stress
Signal;
Mode two:The reflection that the camera device connected by password management and control device or terminal obtains the face of validated user is believed
Number, after processing, obtain corresponding face feature signal;The face feature signal contains default either statically or dynamically expression letter
Breath;For example, static expression information can be singly to close one's eyes and closing lightly mouth expression, dynamic expression information can move for continuous lip
Work, regular blink etc.;Which can without extra operation by human hand in the case of quick obtaining stress signal.
Step S104, releases the binding relationship of the face feature data of user cipher and validated user, open user cipher
Access rights;
When validated user is coerced by illegal molecule, on the one hand need to coordinate the requirement of illegal molecule, protected with maximum possible
Hinder the personal safety of validated user, on the one hand also need to the process that as far as possible many record validated users are coerced, while collecting phase
Evidence is closed, so as to subsequently help the police to solve a case, the loss of validated user is retrieved.For the foregoing reasons, user cipher is released with closing
The binding relationship of the face feature data of method user, to avoid password management and control device from obtaining the face feature data less than validated user
The personal safety of validated user is threatened after Shi Jinhang lockings.
Step S106, during access rights opening, monitors the behavioural information of active user;Wherein, behavior information
The service provider in running status, the corresponding user of service provider extracted are close in the terminal triggered including active user
The view data for the active user that code and camera device are obtained;Service provider includes application program and/or website;
Step S108, records snoop results.
A kind of coerce-proof password management-control method provided in an embodiment of the present invention, this method is performed by password management and control device, password
The face feature data of validated user, and the one or more clothes bound with face feature data are previously stored with management and control device
The user cipher of business provider;Believe when receiving the stress that validated user is triggered by password management and control device or camera device is obtained
After number, the binding relationship of the face feature data of user cipher and validated user is released, the access rights of user cipher are opened, together
When monitor the behavioural information of active user, and record snoop results;Which can make user in the case of by stress, it is ensured that
The encrypted message being related in stress procedure is recorded while personal safety, the coerce-proof of Password Management mode is improved, enters
And improve the security of Password Management.
Embodiment two:
The flow chart of second of coerce-proof password management-control method shown in Figure 2, this method is provided in embodiment one
Coerce-proof password management-control method on the basis of realize, this method comprises the following steps:
Step S202, receives the stress signal that validated user is sent;
Step S204, releases the binding relationship of the face feature data of user cipher and validated user, open user cipher
Access rights;
When password management and control device opens the access rights of user cipher due to being forced signal, password management and control device is usual
Need to gather all operation of active user (including the validated user coerced and disabled user) (including to password management and control device
Operation and the operation to terminal) and disabled user view data;It is non-first to judge to obtain in the embodiment
The view data of method user, then the service provider run that triggers of active user is obtained, and enter exemplified by corresponding password
Row explanation.
Step S206, during access rights opening, the reflected signal of collection active user face;
Step S208, feature extraction is carried out to reflected signal, generates the face feature data of active user;
Step S210, judge active user face feature data whether the face feature data phase with validated user
Match somebody with somebody;If it is, performing step S214;If not, performing step S212;
Step S212, records the view data of active user, preserves into snoop results.
When actually realizing, the face of disabled user is likely to appear in the image pickup scope of camera device, it is also possible to no
Occur;Preferably, bidirectional camera shooting head can be provided with password management and control device, to obtain compared with ground picture number in the range of ringoid border
According to, it is particularly possible to increase obtains the possibility of disabled user's face data.
Step S214, when listening to the service provider for existing in terminal and being in running status, extracts service provider
Corresponding user cipher;
In step S214, there is the service provider in running status in monitor terminal, there may be two kinds of situations,
Including:There is the application program in foreground state of activation or background operation state in monitor terminal;Or;In monitor terminal
Browser is in foreground state of activation or background operation state, and recognizes the website that opening is in browser.
Step S216, mark service provider and user cipher, the service provider and user cipher are preserved to monitoring
As a result in.
So that illegal molecule stress validated user login website of bank is transferred accounts as an example, when password management and control device listens to terminal
On browser be active, and browser in opening website be A banks Web bank, password management and control
Device extract the Web bank for user cipher, while the Web bank and the user cipher are marked, to confirm the user
Password has been revealed.
Step S218, snoop results are sent to the server of distal end, to trigger server generation warning message.
A kind of coerce-proof password management-control method provided in an embodiment of the present invention, when password management and control device is due to being forced signal
And when opening the access rights of user cipher, by gathering and extracting the reflected signal of active user face, can obtain illegal
The view data of molecule;By in monitor terminal be in running status service provider, and mark the service provider and
Corresponding user cipher, can confirm that the associated cryptographic information revealed;Which can make user in the case of by stress,
The encrypted message being related in stress procedure is recorded while ensuring personal safety, the coerce-proof of Password Management mode is improved
Property, and then improve the security of Password Management.
Embodiment three:
The flow chart of the third coerce-proof password management-control method shown in Figure 3, this method is provided in embodiment one
Coerce-proof password management-control method on the basis of realize, this method comprises the following steps:
Step S302, when receiving enabled instruction, obtains the reflected signal of active user face;
Specifically, the enabled instruction can be the instruction for opening password management and control device, after the password management and control device is opened, actively obtain
Take the reflected signal of active user face;The enabled instruction can also be the instruction of the startup authenticating identity of user's input, for example,
User starts the instruction by the button set on password management and control device, receives after the instruction, obtains the anti-of active user face
Penetrate signal.
After the reflected signal of active user face is got, it is necessary to judge above-mentioned reflected signal whether with validated user
Face feature data match, is comprised the following steps that:
Step S304, feature extraction processing is carried out to reflected signal, generates the face feature data of active user;
Step S306, the face feature data of the face feature data of active user and validated user are compared, obtained
Obtain comparison result;
Step S308, judges whether comparison result reaches default matching threshold;If it is, performing step S312;If
It is no, perform step S310;
Generally, the characteristic obtained by various features extracting mode or extraction algorithm is included in above-mentioned face feature data
According to, in addition to same validated user, the characteristic of multiple face's angles;During actual match, the reality of validated user
Border facial characteristics may due to making up, wearing glasses, expression shape change, the reason such as distance, distance in face of camera device occurs
A certain degree of change, thus, the actual reflected signal obtained may not all with the feature of the validated user prestored
Data are identical;Based on the reason, matching threshold is set in the present embodiment, the face feature data of active user and validated user
When the comparison result of face feature data is more than the matching threshold, it is determined that active user is validated user.
Further, it is contemplated that the characteristic that various features extracting mode or extraction algorithm are obtained can reflect facial spy
The ability levied is different, and different threshold values can be set to different characteristics;For example, setting higher to important characteristic
Threshold value, when only the important characteristic matching degree is higher, can just assert active user be validated user;For another example, it is right
The corresponding characteristic of positive angle sets higher threshold value, and the only corresponding characteristic matching degree of the positive angle is higher
When, it is validated user that can just assert active user.
By above-mentioned steps S304 to step S308, quickly and accurately active user can be identified, and then ensured
The security of password management and control device.
Step S310, the characteristic for the validated user for determining reflected signal and prestoring is mismatched;Lock password pipe
Control device.
Step S312, determines that the characteristic of validated user of the reflected signal with prestoring matches;It is determined that current use
The identity information at family is validated user;
For example, password management and control device is generally disposed in face of active user, when password management and control device receive external trigger or
After the enabled instruction that outside is sent, the reflected signal of active user face is obtained by signal acquisition device;The reflection of the face
Signal can be optical signalling, or ultrasonic signal;Password management and control device judges whether above-mentioned reflected signal is used with legal
The face feature data match at family, if it does, then extracting and exporting user cipher corresponding with the face feature data;Such as
Fruit mismatches, then locks the password management and control device.
When actually realizing, when the face feature data of reflected signal and validated user are mismatched, then active user is judged
For disabled user, in order to ensure the security of data in password management and control device, the password management and control device is locked first;Password after locking
Management and control device no longer receives or sent any instruction or data in certain period of time.
If validated user opens password management and control device by stress, it can be connect during above-mentioned steps S302 to S312 is performed
The stress signal that validated user is sent is received, no matter in this case, the characteristic of reflected signal and the validated user prestored
Whether match, password management and control device will not be locked.In the embodiment, to determine the identity information of active user as validated user
Afterwards, then receive and illustrate exemplified by the stress signal that validated user is sent.
Step S314, receives the stress signal that validated user is sent;
Step S316, releases the binding relationship of the face feature data of user cipher and validated user, open user cipher
Access rights;
Step S318, during access rights opening, monitors the behavioural information of active user;
Step S320, records snoop results.
In addition, what is prestored in password management and control device has the face feature data of validated user, and it is special with the face
The user cipher of one or more service providers of data binding is levied, can be obtained by following manner:
The identity of user and the reflected signal of specified user face are specified in step (1), collection;
This specifies the user or holder that user can be password management and control device;Specifying the quantity of user can also may be used for one
Think multiple;The identity information of user can be specified for this by specifying the identity of user, or this specifies user's correspondence
Accounts information.
Step (2), feature extraction is carried out to above-mentioned reflected signal, generates face corresponding with the identity of specified user
Characteristic;
When actually realizing, the actual characteristic data of target identification object can be obtained using various features extracting mode;
Specifically, when above-mentioned reflected signal is optical signalling, features described above extracting mode can include statistical nature method of identification, geometry
Feature recognition method or based on connection mechanism method of identification etc.;When above-mentioned reflected signal is ultrasonic signal, features described above extraction side
Formula includes calculating the bin value number of reflection echo, the gross energy of echo, the distance of starting point to the first peak value, the amplitude of the first peak value
Or average sound area etc..
Step (3), sets and specifies user to be validated user, by the corresponding face of identity and identity of specified user
Portion's characteristic is preserved.
Above-mentioned steps (1) make password management and control device obtain the face feature data of validated user in advance, after being to step (3)
The matching of continuous face feature data provides data basis.
Step (4), receives the password of validated user input;
When actually realizing, validated user can by diversified forms to password management and control device input password;For example, password pipe
Button or keyboard are provided with outside control device, or password management and control device can be with external connection keyboard, and then by button or keyboard to password pipe
Control device input password;For another example, password management and control device can connect external processing apparatus in a wireless or wired way, for example, calculating
Machine, password is inputted by external processing apparatus to password management and control device.
Step (5), using the face feature data of the validated user as encryption key, above-mentioned password is encrypted;
The basic process of data encryption is exactly, to being that the file or data of plaintext are handled by certain algorithm originally, to make it
As one section of unreadable code, commonly referred to as " ciphertext ", it is set can just to show this after corresponding key is inputted
Carry out content, the purpose for protecting data not stolen, read by juridical-person is reached by such approach.The inverse process of the process is
Decryption, will the coding information be converted into the processes of its original data.
Thus, above-mentioned steps (5) are when actually realizing, in order to improve the security of storage password, can be by the legal use
The all or part of face feature data of the validated user after all or part of face feature data at family, or processing
As encryption key, above-mentioned password is encrypted.
Step (6), binding preservation is carried out by the identity of the password after encryption and validated user.
Can be close according to the identity of validated user when password management and control device is that two or more validated users are shared
Memory space in code management and control device is divided, and forms relatively independent memory space, and be identified by identity.
Above-mentioned steps (4) using the face feature data of validated user as encryption key, make encryption key to step (6)
It is with uniqueness and preferably private, compared with being encrypted using the outside key for providing or generating at random, further carry
The high security of password.
In order to further improve the security of password management and control device, the storage device in the password management and control device can pass through encryption
USB flash disk is realized;The encrypted U disk refers to the USB flash disk to having encryption and decryption defencive function in USB flash disk;Embedded transfinite of encrypted U disk locks and transfinited
Function is destroyed, as long as the equal mistake of recognition of face of the active user in preset times, the USB flash disk immediately enters lock-out state, and on
The face photograph of active user is passed, hereafter, encrypted U disk will destroy the data of storage;The encrypted U disk is formatting or destroyed (bag
Include volume production) when, a new sensitive data encryption key can be created at random using chip automatically, make USB flash disk can not recover to obtain lattice
Significant data before formula or destruction;The encrypted U disk uses independent dedicated file system (being realized by safety container principle), can
Effectively to prevent the malicious codes such as virus, wooden horse from attacking, the approach that virus is infected and propagated by USB flash disk is fundamentally cut off.Should
Encrypted U disk uses advanced technologies, SPA/DPA, probe/FIB (focused ion beam) can be detected, cut open piece, critical low-voltage etc.
Physical attacks carry out security protection, prevent safe U disc from revealing sensitive data.Data in the encrypted U disk are by meeting the close money of state
The hardware encryption chip encryption of matter, is stored on USB flash disk with encrypted test mode, and data are carried out with high intensity protection, and non-holder accesses
When USB flash disk can be automatically locked there is provided data self-destroying function, can effectively prevent password attempt and Brute Force.
Example IV:
Corresponding to above method embodiment, a kind of structural representation of coerce-proof password control device shown in Figure 4,
The device is arranged at password management and control device, and the face feature data of validated user, Yi Jiyu are previously stored with the password management and control device
The user cipher of one or more service providers of face feature data binding;Password management and control device connects with outside terminal communication
Connect;The device includes:
Signal receiving module 40, for receiving the stress signal that validated user is sent;Wherein, stress signal includes legal use
The trigger signal that family is sent by password management and control device, or, the face feature signal of the validated user obtained by camera device;
Module 41 is released, the binding relationship of the face feature data for releasing user cipher and validated user is open to use
The access rights of family password;
Module 42 is monitored, during being opened in access rights, the behavioural information of active user is monitored;Wherein, behavior
Information includes the corresponding use of the service provider in running status in the terminal that active user triggers, the service provider extracted
The view data for the active user that family password and camera device are obtained;Service provider includes application program and/or website;
Logging modle 43, for recording snoop results.
Further, said apparatus also includes sending module, for snoop results to be sent to the server of distal end, to touch
Send out server generation warning message.
Further, above-mentioned monitoring module, including:Signal gathering unit, the reflection for gathering active user face is believed
Number;Feature extraction unit, for carrying out feature extraction to reflected signal, generates the face feature data of active user;Interpretation list
Member, for judge active user face feature data whether the face feature data match with validated user;Recording unit,
If the face feature data match of face feature data not with validated user for active user, record active user's
View data.
Further, above-mentioned monitoring module, in addition to:Code extraction module, is in for working as to listen to exist in terminal
During the service provider of running status, the corresponding user cipher of service provider is extracted;Mark module, for marking service to provide
Side and user cipher.
A kind of coerce-proof password control device provided in an embodiment of the present invention, this is arranged at password management and control device, password management and control
The face feature data of validated user are previously stored with device, and the one or more services bound with face feature data are carried
The user cipher of supplier;When receive validated user by password management and control device trigger or camera device obtain stress signal
Afterwards, the binding relationship of the face feature data of user cipher and validated user is released, the access rights of user cipher are opened, simultaneously
The behavioural information of active user is monitored, and records snoop results;Which can make user in the case of by stress, it is ensured that people
The encrypted message being related in stress procedure is recorded while body is safe, the coerce-proof of Password Management mode is improved, and then
Improve the security of Password Management.
Embodiment five:
A kind of structural representation of password management and control device shown in Figure 5;The password management and control device includes above-mentioned Password Management
Device 500, in addition to camera device 502, display screen 504 and the communicator 506 being connected respectively with Password Management device.
When actually realizing, above-mentioned communicator 506 can be used for password management and control device and lead to outside cryptography requirements terminal
Letter, can be used for password management and control device and the server communication of distal end;It is appreciated that be additionally provided with the password management and control device with it is upper
State the storage device of Password Management device connection.
A kind of concrete structure schematic diagram of password management and control device shown in Figure 6;The password management and control device also includes outside main body
Shell 600;Camera device 502 and display screen 504 are arranged on main body cover;Start button 602 is additionally provided with outside main body cover 600
With password confirming button 604;The back side of main body cover 600 is additionally provided with support frame 606.
Above-mentioned camera device 502 can be realized by Near-infrared Double camera.
A kind of coerce-proof password management-control method and the computer program product of device that the embodiment of the present invention is provided, including
The computer-readable recording medium of program code is stored, the instruction that described program code includes can be used for performing previous methods reality
The method described in example is applied, implements and can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description
And/or the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, be will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;Can
To be mechanical connection or electrical connection;Can be joined directly together, can also be indirectly connected to by intermediary, Ke Yishi
The connection of two element internals.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this
Concrete meaning in invention.
If the function is realized using in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially in other words
The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are to cause a computer equipment (can be individual
People's computer, server, or network equipment etc.) perform all or part of step of each of the invention embodiment methods described.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", " under ", "left", "right", " vertical ",
The orientation or position relationship of the instruction such as " level ", " interior ", " outer " be based on orientation shown in the drawings or position relationship, merely to
Be easy to the description present invention and simplify description, rather than indicate or imply signified device or element must have specific orientation,
With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second ",
" the 3rd " is only used for describing purpose, and it is not intended that indicating or implying relative importance.
Finally it should be noted that:Embodiment described above, is only the embodiment of the present invention, to illustrate the present invention
Technical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the art
The invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be light
Change is readily conceivable that, or equivalent substitution is carried out to which part technical characteristic;And these modifications, change or replacement, do not make
The essence of appropriate technical solution departs from the spirit and scope of technical scheme of the embodiment of the present invention, should all cover the protection in the present invention
Within the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (10)
1. a kind of coerce-proof password management-control method, it is characterised in that methods described is performed by password management and control device, the password management and control
The face feature data of validated user, and the one or more clothes bound with the face feature data are previously stored with device
The user cipher of business provider;The password management and control device is connected with outside terminal communication;Methods described includes:
Receive the stress signal that the validated user is sent;Wherein, the stress signal passes through described including the validated user
The trigger signal that password management and control device is sent, or, the face feature signal of the validated user obtained by camera device;
The user cipher and the binding relationship of the face feature data of the validated user are released, the open user cipher
Access rights;
During access rights opening, the behavioural information of active user is monitored;Wherein, the behavioural information includes described
Service provider in running status, the corresponding use of the service provider extracted in the terminal of active user's triggering
The view data for the active user that family password and the camera device are obtained;The service provider includes applying journey
Sequence and/or website;
Record snoop results.
2. according to the method described in claim 1, it is characterised in that methods described also includes:By the snoop results send to
The server of distal end, to trigger the server generation warning message.
3. according to the method described in claim 1, it is characterised in that the behavioural information step for monitoring active user, including:
Gather the reflected signal of active user face;
Feature extraction is carried out to the reflected signal, the face feature data of the active user are generated;
Judge the active user face feature data whether the face feature data match with the validated user;
If not, recording the view data of the active user.
4. method according to claim 3, it is characterised in that the behavioural information step of the monitoring active user, is also wrapped
Include:
When listening to the service provider for existing in the terminal and being in running status, the service provider is extracted corresponding
User cipher;
Mark the service provider and the user cipher.
5. according to the method described in claim 1, it is characterised in that it is described receive stress signal that the validated user sends it
Before, methods described also includes:
When receiving enabled instruction, the reflected signal of active user face is obtained;
Judge the reflected signal whether the face feature data match with validated user;
If it is, the identity information for determining active user is validated user;
If not, locking the password management and control device.
6. method according to claim 5, it is characterised in that it is described judge the reflected signal whether with validated user
The face feature data match, including:
Feature extraction processing is carried out to the reflected signal, the face feature data of the active user are generated;
The face feature data of the face feature data of the active user and validated user are compared, obtains and compares knot
Really;
Judge whether the comparison result reaches default matching threshold;
If it is, determining that the characteristic of validated user of the reflected signal with prestoring matches;
If not, the characteristic for the validated user for determining the reflected signal and prestoring is mismatched.
7. a kind of coerce-proof password control device, it is characterised in that described device is arranged at password management and control device, the password management and control
The face feature data of validated user, and the one or more clothes bound with the face feature data are previously stored with device
The user cipher of business provider;The password management and control device is connected with outside terminal communication;Described device includes:
Signal receiving module, for receiving the stress signal that the validated user is sent;Wherein, the stress signal includes described
The trigger signal that validated user is sent by the password management and control device, or, the validated user obtained by camera device
Face feature signal;
Module is released, it is open for releasing the user cipher and the binding relationship of the face feature data of the validated user
The access rights of the user cipher;
Module is monitored, for during access rights opening, monitoring the behavioural information of active user;Wherein, the row
Include the service provider in running status in the terminal that the active user triggers, the service extracted for information
The view data for the active user that the corresponding user cipher of provider and the camera device are obtained;The service is carried
Supplier includes application program and/or website;
Logging modle, for recording snoop results.
8. device according to claim 7, it is characterised in that described device also includes sending module, for by the prison
Result is listened to send to the server of distal end, to trigger the server generation warning message.
9. device according to claim 7, it is characterised in that the monitoring module, including:
Signal gathering unit, the reflected signal for gathering active user face;
Feature extraction unit, for carrying out feature extraction to the reflected signal, generates the face feature number of the active user
According to;
Interpretation unit, for judging whether the face feature data of the active user are special with the face of the validated user
Levy data match;
Recording unit, if the face feature of face feature data not with the validated user for the active user
Data match, records the view data of the active user.
10. device according to claim 9, it is characterised in that the monitoring module, in addition to:
Code extraction module, for when listening in the terminal in the presence of the service provider in running status, extracting institute
State the corresponding user cipher of service provider;
Mark module, for marking the service provider and the user cipher.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710610218.2A CN107277046B (en) | 2017-07-25 | 2017-07-25 | Anti-coercion password control method and device based on face recognition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710610218.2A CN107277046B (en) | 2017-07-25 | 2017-07-25 | Anti-coercion password control method and device based on face recognition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107277046A true CN107277046A (en) | 2017-10-20 |
| CN107277046B CN107277046B (en) | 2020-08-28 |
Family
ID=60079143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710610218.2A Active CN107277046B (en) | 2017-07-25 | 2017-07-25 | Anti-coercion password control method and device based on face recognition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107277046B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107743131A (en) * | 2017-11-20 | 2018-02-27 | 张博 | A kind of identity identifying method and device based on a variety of different types input composite sequence |
| CN107808151A (en) * | 2017-11-22 | 2018-03-16 | 维沃移动通信有限公司 | Bio-identification resume module method, device and mobile terminal |
| CN107862194A (en) * | 2017-11-22 | 2018-03-30 | 维沃移动通信有限公司 | A kind of method, device and mobile terminal of safety verification |
| CN107944242A (en) * | 2017-11-22 | 2018-04-20 | 维沃移动通信有限公司 | A kind of bio-identification function prohibited method and mobile terminal |
| CN111882418A (en) * | 2020-04-16 | 2020-11-03 | 马上消费金融股份有限公司 | Identification method and device for financial behavior validity |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102110320A (en) * | 2010-12-23 | 2011-06-29 | 汉王科技股份有限公司 | Coerce alarm method and entrance guard control equipment in entrance guard system |
| CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN202503545U (en) * | 2012-03-26 | 2012-10-24 | 广州商景网络科技有限公司 | Account security application system |
| CN102883049A (en) * | 2012-09-06 | 2013-01-16 | 广东欧珀移动通信有限公司 | Hidden alarm unlocking method for mobile terminal, and mobile terminal |
| US20130104205A1 (en) * | 2011-10-19 | 2013-04-25 | Primax Electronics Ltd. | Account creating and authenticating method |
| TWM483471U (en) * | 2014-03-07 | 2014-08-01 | Univ Nat Taiwan Normal | An authorization system based on eye movement behavior |
| CN105120122A (en) * | 2015-06-29 | 2015-12-02 | 小米科技有限责任公司 | Alarm method and device |
| CN105389493A (en) * | 2015-10-28 | 2016-03-09 | 广东欧珀移动通信有限公司 | Password management method and password management system |
| US20170091507A1 (en) * | 2015-09-30 | 2017-03-30 | Apple Inc. | Finger biometric sensor including capacitance change sensing pressure sensing circuit and related methods |
| CN106600786A (en) * | 2016-12-22 | 2017-04-26 | 林海 | Entrance guard passage management method combining biological recognition and password recognition |
| CN106603563A (en) * | 2016-12-30 | 2017-04-26 | 厦门市美亚柏科信息股份有限公司 | Information safety realization method and system based on biometric features identification |
| US20170161976A1 (en) * | 2015-12-07 | 2017-06-08 | Utechzone Co., Ltd. | Identity verification method, apparatus and system and non-transitory computer readable medium thereof |
-
2017
- 2017-07-25 CN CN201710610218.2A patent/CN107277046B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102110320A (en) * | 2010-12-23 | 2011-06-29 | 汉王科技股份有限公司 | Coerce alarm method and entrance guard control equipment in entrance guard system |
| US20130104205A1 (en) * | 2011-10-19 | 2013-04-25 | Primax Electronics Ltd. | Account creating and authenticating method |
| CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN202503545U (en) * | 2012-03-26 | 2012-10-24 | 广州商景网络科技有限公司 | Account security application system |
| CN102883049A (en) * | 2012-09-06 | 2013-01-16 | 广东欧珀移动通信有限公司 | Hidden alarm unlocking method for mobile terminal, and mobile terminal |
| TWM483471U (en) * | 2014-03-07 | 2014-08-01 | Univ Nat Taiwan Normal | An authorization system based on eye movement behavior |
| CN105120122A (en) * | 2015-06-29 | 2015-12-02 | 小米科技有限责任公司 | Alarm method and device |
| US20170091507A1 (en) * | 2015-09-30 | 2017-03-30 | Apple Inc. | Finger biometric sensor including capacitance change sensing pressure sensing circuit and related methods |
| CN105389493A (en) * | 2015-10-28 | 2016-03-09 | 广东欧珀移动通信有限公司 | Password management method and password management system |
| US20170161976A1 (en) * | 2015-12-07 | 2017-06-08 | Utechzone Co., Ltd. | Identity verification method, apparatus and system and non-transitory computer readable medium thereof |
| CN106600786A (en) * | 2016-12-22 | 2017-04-26 | 林海 | Entrance guard passage management method combining biological recognition and password recognition |
| CN106603563A (en) * | 2016-12-30 | 2017-04-26 | 厦门市美亚柏科信息股份有限公司 | Information safety realization method and system based on biometric features identification |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107743131A (en) * | 2017-11-20 | 2018-02-27 | 张博 | A kind of identity identifying method and device based on a variety of different types input composite sequence |
| CN107808151A (en) * | 2017-11-22 | 2018-03-16 | 维沃移动通信有限公司 | Bio-identification resume module method, device and mobile terminal |
| CN107862194A (en) * | 2017-11-22 | 2018-03-30 | 维沃移动通信有限公司 | A kind of method, device and mobile terminal of safety verification |
| CN107944242A (en) * | 2017-11-22 | 2018-04-20 | 维沃移动通信有限公司 | A kind of bio-identification function prohibited method and mobile terminal |
| CN107944242B (en) * | 2017-11-22 | 2024-01-16 | 维沃移动通信有限公司 | Biological identification function disabling method and mobile terminal |
| CN111882418A (en) * | 2020-04-16 | 2020-11-03 | 马上消费金融股份有限公司 | Identification method and device for financial behavior validity |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107277046B (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107277046A (en) | Coerce-proof password management-control method and device | |
| US11106768B2 (en) | Methods and systems for generating history data of system use and replay mode for identifying security events showing data and user bindings | |
| US9832225B2 (en) | Identity theft countermeasures | |
| US7971246B1 (en) | Identity theft countermeasures | |
| CN109711126A (en) | A kind of computer information safe management system and method | |
| CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
| CN110944014A (en) | Terminal data security active defense method and device | |
| CN107358084A (en) | The cloud storage method and apparatus of data | |
| CN103268447A (en) | Anti-phishing method and system | |
| Mridha et al. | A new approach to enhance internet banking security | |
| CN105208045A (en) | Identity authentication method, equipment and system | |
| CN103873521A (en) | Cloud architecture-based mobile phone privacy file protection system and method | |
| CN107392008A (en) | Cipher management method, Password Management equipment and computer-readable recording medium | |
| WO2010116109A1 (en) | Method of authentication at a server by a user of a mobile apparatus | |
| CN111698253A (en) | Computer network safety system | |
| Sudha et al. | Alleviating internal data theft attacks by decoy technology in cloud | |
| CN107181766A (en) | The management-control method and device of log-on message | |
| CN107094079B (en) | Method, device and equipment for opening terminal function | |
| CN107249006A (en) | The authentication method and device of password use environment | |
| CN107241197A (en) | Password management-control method, device and password management and control device | |
| CN107368734A (en) | Cipher-code input method and device | |
| CN106682531A (en) | Method for confidential data encryption based on biological information authorization | |
| WO2012155818A1 (en) | Method and device for protecting user information based on credible resource | |
| WO2017000123A1 (en) | Information processing method and device | |
| CN107392047A (en) | The acquisition methods and device of health data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |