CN107332668A - A kind of method and apparatus for handling encrypted message - Google Patents
A kind of method and apparatus for handling encrypted message Download PDFInfo
- Publication number
- CN107332668A CN107332668A CN201710417780.3A CN201710417780A CN107332668A CN 107332668 A CN107332668 A CN 107332668A CN 201710417780 A CN201710417780 A CN 201710417780A CN 107332668 A CN107332668 A CN 107332668A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- identity information
- client
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A kind of method and apparatus for handling encrypted message are disclosed, methods described includes:Receive the identity information that user submits;The identity information of user is verified using pre-defined identity information database;In the case where the identity information of user is verified, the biological information for the user that user submits is received;The biological information of user is verified using pre-defined user biological characteristic information data storehouse;In the case where the biological information of user is verified, first password information and associated first password that user submits are received, and save it in that client is local and/or server end;Receive user submission the identity information comprising user and user biological information request and these Information Authentications by when, to client offer first password;And, when receiving the request comprising first password of user's submission, first password information is provided to client.The compromised risk of user password information can be reduced.
Description
Technical field
The present invention relates to information security technology, more particularly to a kind of method and apparatus for handling encrypted message.
Background technology
With the popularization of computer and internet, daily life and the relation of computer and internet are more and more closeer
Cut.During using computer and internet, it is often necessary to username and password this category information is inputted, to log in internet
Website, logs in software, or complete online transaction using finance account.For different types of website and software, user is general
Multiple different username and passwords can be set, for example, user may be directed to microblogging, chat tool, E-mail address, Net silver account
Family, game account etc. set multiple username and passwords.It is all individual for many users to remember these username and passwords
The username and password of problem, particularly those rarely needed websites or software.
In order to solve the above problems, present applicant is in Application No. CN201310141865.5 patent of invention Shen
A kind of method and apparatus for handling encrypted message please be disclosed in file, disclosed method comprises the following steps:Receive user
The identity information submitted by client;The identity information of user is verified using pre-defined identity information database;Testing
In the case that card passes through, the identity information of user is preserved;One or more for receiving that user submitted by client is first close
Code information and associated first password, and save it in that client is local and/or server end;Receiving user
In the case of the request comprising identity information submitted by client, the first password is provided to client;And connecing
In the case of receiving the request comprising first password that user is submitted by client, provide one or many to client
Individual first password information.
The above method provides a kind of approach of unified management for numerous username and password information of user, and can
Realize that the identity information of the user provided in the special cell-phone customer terminal by such as user is verified as authentic and valid situation
Under, the password associated with encrypted message can just be given for change by only providing identity information, then obtain encrypted message, then close without forgeing
Code can not just obtain the defect of encrypted message.
However, the above method is in the case where cell-phone customer terminal is lost or be stolen, there are still cause what user cipher was revealed
Risk.Although being further disclosed in above-mentioned application documents can provide as one of false encrypted message of user or many
Individual second encrypted message and one or more second password associated therewith, this is increased to a certain extent illegally obtains
Take the difficulty of user password information, but true password is obtained by repeatedly attempting different passwords and then to obtain user close
The difficulty of code information is simultaneously little.Moreover, user oneself may also can forget which is true password.
Therefore, it is necessary to reference to some biological informations (such as, face information, handwritten signature information) of individual subscriber
The above method is improved.
The content of the invention
Least for technical problem mentioned above is partly solved, the present invention proposes following technical scheme.
According to a kind of method of processing encrypted message of the present invention, comprise the following steps:Step 1:Receive user and pass through visitor
The identity information that family end is submitted;Step 2:The identity information of user is verified using pre-defined identity information database;Step
3:In the case where the identity information of user is verified, the biological characteristic letter for the user that user is submitted by client is received
Breath;Step 4:The biological information of user is verified using pre-defined user biological characteristic information data storehouse;Step 5:
In the case that the biological information of user is verified, one or more for receiving that user submitted by client is first close
Code information and associated first password, and save it in that client is local and/or server end;Step 6:Receiving
The request of the identity information comprising user and the biological information of user submitted to user by client and user's
In the case that identity information and the biological information of user are verified, first password is provided to client;And, step 7:
In the case where receiving the request comprising first password that user is submitted by client, to client provide it is one or
The multiple first password information of person.
The method for the treatment of in accordance with the present invention encrypted message, wherein, the biological information of user includes being extracted down
At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
The method for the treatment of in accordance with the present invention encrypted message, wherein, received by step 1 and step 6, Yong Hutong
The identity information for crossing client submission is for carrying out secrecy transmission, the user by conversion, encryption or conversion and encryption
Identity information, moreover, in step 2 and step 6 before the identity information of checking user, also received passing through is changed,
The identity information of the user of encryption or conversion and encryption carries out inverse conversion, decryption or decryption and inverse conversion, to obtain user's
Identity information.
According to a kind of device of processing encrypted message of the present invention, including:Identity information receiving module, for receiving user
The identity information submitted by client;Identity information authentication module, for being tested using pre-defined identity information database
Demonstrate,prove the identity information of user;User biological characteristic information receiving module, for situation about being verified in the identity information of user
Under, receive the biological information for the user that user is submitted by client;User biological characteristic information authentication module, for profit
The biological information of user is verified with pre-defined user biological characteristic information data storehouse;Encrypted message receives and preserved mould
Block, in the case of being verified in the biological information of user, receive that user submitted by client one or
Multiple first password information and associated first password, and save it in that client is local and/or server end;With
And, encrypted message provides module, is receiving the life of the identity information comprising user that user submitted by client and user
In the case that the request of thing characteristic information and the identity information of user and the biological information of user are verified, to visitor
Family end provides first password, and for receiving the situation for the request comprising first password that user is submitted by client
Under, provide one or more of first password information to client.
The device for the treatment of in accordance with the present invention encrypted message, wherein, the biological information of user includes being extracted down
At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
The device for the treatment of in accordance with the present invention encrypted message, identity information receiving module and encrypted message therein provide mould
The identity information that received by block, user is submitted by client be for carry out secrecy transmission, by conversion, encryption,
Or the identity information of the user of conversion and encryption, moreover, being tested providing module by identity information authentication module and encrypted message
Before the identity information for demonstrate,proving user, the identity information also to the received user by conversion, encryption or conversion and encryption
Inverse conversion, decryption or decryption and inverse conversion are carried out, to obtain the identity information of user.
The advantage of the invention is that:Verified by combining some biological informations of individual subscriber, further
It ensure that the method and apparatus of disclosed processing encrypted message can be maximum in the case where cell-phone customer terminal is lost or be stolen
Reduce to degree the compromised risk of user password information.
Brief description of the drawings
By reading the detailed description of following detailed description, various other advantages and benefit is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of embodiment, and can not be considered as to this
The limitation of invention.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is a kind of flow chart of method of processing encrypted message according to an embodiment of the invention.
Fig. 2 is the block diagram for the device and client for handling encrypted message according to an embodiment of the invention.
Fig. 3 is the flow chart of another method of processing encrypted message according to an embodiment of the invention.
Fig. 4 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention
The schematic diagram of the method for information conversion/inverse conversion.
Fig. 5 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention
The schematic diagram of the method for information conversion and encryption/decryption and inverse conversion.
Embodiment
The illustrative embodiments of the disclosure are more fully described below with reference to accompanying drawings.Although showing this public affairs in accompanying drawing
The illustrative embodiments opened, it being understood, however, that may be realized in various forms the disclosure without the reality that should be illustrated here
The mode of applying is limited.Conversely it is able to be best understood from the disclosure there is provided these embodiments, and can be by this public affairs
The scope opened completely convey to those skilled in the art.
Fig. 1 is a kind of flow chart of method 100 of processing encrypted message according to an embodiment of the invention.According to the present invention
Embodiment, each step in method 100 can perform by server end.Alternatively, the server end can include one
Individual or multiple servers, the server can be any kind of server, including but not limited to file server, database
Server and apps server etc..
As shown in figure 1, method 100 starts from step S101.In step S101, the body that user is submitted by client is received
Part information.
Embodiments in accordance with the present invention, the identity information includes name, passport NO. (such as ID card No., passport
Number, drivers license number, number-plate number etc.), in telephone number (such as fixed telephone number and Mobile Directory Number etc.)
One or more.
Embodiments in accordance with the present invention, client can be any electronic equipment with communication function, including but not limit
In following electronic equipment:Mobile phone, tablet personal computer, notebook, desktop computer, audio/video player, multimedia
Information exchange equipment etc..For example, user can be by way of mobile phone short message to server end submission identity information, can
, can be by upper to submit identity information to server end by the client application installed on above-mentioned various electronic equipments
The webpage of various electronic equipments access server ends is stated to submit identity information, Email can also be passed through or other various logical
Letter mode submits identity information to server end.
Embodiments in accordance with the present invention, identity information include name, passport NO. (for example ID card No., passport number,
Drivers license number, number-plate number etc.), one in telephone number (such as fixed telephone number and Mobile Directory Number etc.)
Or it is multiple.
Next, in step s 103, the identity information of user is verified using pre-defined identity information database.
Alternatively, pre-defined identity information database can include national citizen ID certificate number inquiry service centre
(NCIIS) database and the telephone number database of major telecom operators.For example, as user by client to clothes
When its ID card No. is submitted at business device end, it is possible to verify this using the information in the pre-defined identity information database
ID card No. whether be the name user real ID card No..When user is submitted by client
During its phone number, it is possible to whether verify the phone number using the information in the pre-defined identity information database
For the real phone number of the user.
Next, performing step S105, in the case where the identity information of user is verified, receives user and pass through client
Hold the biological information of the user submitted.
Alternatively, the biological information of user includes the following message extracted by electronic equipments such as cell-phone customer terminals
At least one of:Face, fingerprint, iris, hand-type, sound, signature, gait.
Next, performing step S107, the life of user is verified using pre-defined user biological characteristic information data storehouse
Thing characteristic information.
The user biological characteristic information data library storage user biological characteristic information of advance collection is (for example, face, refer to
At least one of information such as line, iris, hand-type, sound, signature, gait).Alternatively, user biological characteristic information data storehouse
The key feature corresponding to the biological information gathered in advance is stored (for example, face, fingerprint, iris, hand-type, signature etc.
Image information in the key feature such as edge, texture, pattern, histogram;Audio frequency characteristics in sound;Gait variation characteristic
Deng).
Next, performing step S109, in the case where the biological information of user is verified, receives user and pass through
One or more first password information and associated first password that client is submitted, and save it in client
Local and/or server end.
Verification process therein is as follows:Again the biological information of user is extracted, and it is believed with user biological feature
Stored in breath database to should user advance collection biological information (or the biology of the user gathered in advance
Key feature corresponding to characteristic information) it is compared, pass through if compared, be verified;Otherwise, checking does not pass through.
Embodiments in accordance with the present invention, one or more of first password information are the true encrypted messages of user,
The first password information includes internet site log-on message, software log-on message, the financial account information of user.For example,
The internet site log-on message can include various websites (for example, microblogging, Email website, shopping website etc.) and discuss
The log-on messages such as the user name (or e-mail address etc.) and login password of altar etc., the software log-on message can include each
The user name (or e-mail address etc.) and login password of kind of software (for example, game, MSN, business software etc.)
Etc. log-on message, and the financial account information can include the accounts information of various Net silver accounts, stock and fund account etc..
In addition, above-mentioned various first password information can also include user pre-set, for user forget encrypted message when look for
Return the various problems of password and the information of corresponding answer.
It should be appreciated that above-mentioned various first password information are merely illustrative, the principle that reader understands the present invention is used to help, and
The scope of the present invention is not limited to above-mentioned encrypted message, but can include any type of encrypted message.
Embodiments in accordance with the present invention, the first password is user's setting and one or more of first passwords
The associated password of information, user can subsequently obtain one or more of first password letters using the first password
Breath.Alternatively, first password can be made up of the one or more in numeral, English alphabet, other characters, first password
Length should be in pre-defined length range.
One or more of first password information and the first password can be stored in client it is local and/
Or server end.In the case where being stored in server end, client can be avoided, which to break down or lose, causes message in cipher
The phenomenon that ceasing to give for change occurs.
Above-mentioned steps S101 to S109 completes the storage of the authentication of user, first password information and first password.
If user have forgotten first password information, step S111 and step S113 can be performed, first password information is given for change again.
In step S111, the life of the identity information comprising user that user submitted by client and user is being received
In the case that the request of thing characteristic information and the identity information of user and the biological information of user are verified, to visitor
Family end provides first password.
In this step, the identity information and the biological characteristic of user for the user that user is submitted by client are received again
Information, and verified, only in the case where the identity information of user and the biological information of user are verified,
The first password is provided to client.It ensure that by the biological information of the user provided again in this step
Using the identity of the user of the cell-phone customer terminal, so that avoiding other people comes that illegal to obtain first close using the cell-phone customer terminal
Code, and then first password information is obtained for illegal objective.
Finally, in step S113, the feelings for the request comprising first password that user is submitted by client are being received
Under condition, one or more of first password information are provided to client.
Selectively, the received, identity that user is submitted by client is believed in step S101 and step S111
Breath is for carrying out secrecy transmission, the identity information by conversion, encryption or conversion and the user encrypted.
For example, it is contemplated that may include name, passport NO. to identity information and (such as ID card No., passport number, drive
Sail card number, number-plate number etc.), one in telephone number (such as fixed telephone number and Mobile Directory Number etc.) or
Person is multiple, data volume very little, is also easy to be decrypted even if using AES.It therefore, it can consider before submission to body
Part information is changed (for example, data filling, intertexture, scrambling etc.), hides a small amount of real information after conversion so as to reach
Identity information in the purpose submitted.Moreover, the identity information data amount after conversion is big, existing skill is also easily combined
Many AESs in art and use.Therefore, alternatively, the identity information after conversion is encrypted to obtain after encryption
Identity information is submitted.
If the identity information that user is submitted by client is the user by conversion, encryption or conversion and encryption
Identity information, then, before the identity information that user is verified in step S103 and step S111, also to received process
Conversion, the identity information for the user for encrypting or changing and encrypting carry out inverse conversion (for example, descrambling, deinterleaving, removal filler
According to etc.), decryption or decryption and inverse conversion, to obtain the identity information of user.
Corresponding with the above method 100 shown in Fig. 1, present invention also offers a kind of device 200 for handling encrypted message.
Fig. 2 be according to an embodiment of the invention processing encrypted message device 200 and client 300-1 ..., 300-n block diagram.
As shown in Fig. 2 device 200 includes identity information receiving module 201, identity information authentication module 203, user biological
Characteristic information receiving module 205, user biological characteristic information authentication module 207, encrypted message are received and preserving module 209, close
Code information providing module 211.
Embodiments in accordance with the present invention, identity information receiving module 201, identity information authentication module 203, user biological are special
Information receiving module 205, user biological characteristic information authentication module 207, encrypted message is levied to receive and preserving module 209, password
Information providing module 211 can be the module positioned at server end, and they may be respectively used for performing the step in the above method 100
Rapid S101, S103, S105, S107, S109, S111 and S113.
Embodiments in accordance with the present invention, identity information receiving module 201 is used to receive the body that user is submitted by client
Part information;Identity information authentication module 203 is used for the identity information that user is verified using pre-defined identity information database;
User biological characteristic information receiving module 205 is used in the case where the identity information of user is verified, and receives user and passes through
The biological information for the user that client is submitted;User biological characteristic information authentication module 207 is used to utilize what is pre-defined
Verify the biological information of user in user biological characteristic information data storehouse;Encrypted message is received and preserving module 209 is used for
In the case that the biological information of user is verified, one or more for receiving that user submitted by client is first close
Code information and associated first password, and save it in that client is local and/or server end;And, message in cipher
Breath provides module 211 to be believed in the biological characteristic for receiving the identity information comprising user that user submitted by client and user
In the case that the request of breath and the identity information of user and the biological information of user are verified, provided to client
First password, and in the case where receiving the request comprising first password that user is submitted by client, to visitor
Family end provides one or more of first password information.
First, identity information receiving module 201 receives user by client (for example, one as shown in Figure 2 or many
Individual client 300-1 ..., 300-n) submit identity information.Embodiments in accordance with the present invention, the client can be any
Electronic equipment with communication function, including but not limited to following electronic equipment:Mobile phone, tablet personal computer, notebook are calculated
Machine, desktop computer, audio/video player, interaction of multimedia information equipment etc..For example, user can disappear by the way that mobile phone is short
The mode of breath submits identity information to the identity information receiving module 201 of server end, can pass through above-mentioned various electronic equipments
The client application of upper installation submits identity information to the identity information receiving module 201 of server end, can be by upper
State various electronic equipments and access the webpage of server end to submit identity information to identity information receiving module 201, can also lead to
Cross Email or other various communication modes and submit identity information to the identity information receiving module 201 of server end.
Secondly, identity information authentication module 203 is believed using the identity of pre-defined identity information database checking user
Breath.
Alternatively, pre-defined identity information database can include national citizen ID certificate number inquiry service centre
(NCIIS) database and the telephone number database of major telecom operators.For example, as user by client to clothes
When the identity information authentication module 203 of business device submits its ID card No., identity information authentication module 203 just can be pre- using this
Information in the identity information database first defined come verify the ID card No. whether be the name user real body
Part card number.When user submits its phone number by the identity information authentication module 203 of user end to server, identity letter
Whether breath authentication module 203 just can verify the phone number using the information in the pre-defined identity information database
For the real phone number of the user.
Then, in the case where the identity information of user is verified, user biological characteristic information receiving module 205 is received
The biological information for the user that user is submitted by client.
Alternatively, the biological information for the user that user biological characteristic information receiving module 205 is received includes passing through
At least one of following message that the electronic equipments such as cell-phone customer terminal are extracted:Face, fingerprint, iris, hand-type, sound, label
Name, gait.
Next, user biological characteristic information authentication module 207 utilizes pre-defined user biological characteristic information data
Verify the biological information of user in storehouse.
The user biological characteristic information data library storage user biological characteristic information of advance collection is (for example, face, refer to
At least one of information such as line, iris, hand-type, sound, signature, gait).Alternatively, user biological characteristic information data storehouse
The key feature corresponding to the biological information gathered in advance is stored (for example, face, fingerprint, iris, hand-type, signature etc.
Image information in the key feature such as edge, texture, pattern, histogram;Audio frequency characteristics in sound;Gait variation characteristic
Deng).
Then, in the case where the biological information of user is verified, encrypted message is received and preserving module 209 connects
One or more first password information and associated first password that user is submitted by client are received, and is protected
Have that client is local and/or server end.
Verification process therein is as follows:Again the biological information of user is extracted, and it is believed with user biological feature
Stored in breath database to should user advance collection biological information (or the biology of the user gathered in advance
Key feature corresponding to characteristic information) it is compared, pass through if compared, be verified;Otherwise, checking does not pass through.
Embodiments in accordance with the present invention, one or more of first password information are the true encrypted messages of user,
The first password information includes internet site log-on message, software log-on message, the financial account information of user.For example,
The internet site log-on message can include various websites (for example, microblogging, Email website, shopping website etc.) and discuss
The log-on messages such as the user name (or e-mail address etc.) and login password of altar etc., the software log-on message can include each
The user name (or e-mail address etc.) and login password of kind of software (for example, game, MSN, business software etc.)
Etc. log-on message, and the financial account information can include the accounts information of various Net silver accounts, stock and fund account etc..
In addition, above-mentioned various first password information can also include user pre-set, for user forget encrypted message when look for
Return the various problems of password and the information of corresponding answer.
It should be appreciated that above-mentioned various first password information are merely illustrative, the principle that reader understands the present invention is used to help, and
The scope of the present invention is not limited to above-mentioned encrypted message, but can include any type of encrypted message.
Embodiments in accordance with the present invention, the first password is user's setting and one or more of first passwords
The associated password of information, user can subsequently obtain one or more of first password letters using the first password
Breath.Alternatively, first password can be made up of the one or more in numeral, English alphabet, other characters, first password
Length should be in pre-defined length range.
One or more of first password information and the first password can be stored in client it is local and/
Or server end.In the case where being stored in server end, client can be avoided, which to break down or lose, causes message in cipher
The phenomenon that ceasing to give for change occurs.
After the storage of authentication, first password information and first password of user is completed.If user forgets
First password information, then can provide module 211 by encrypted message and perform step S111 and step S113, give for change again
One encrypted message.
That is, encrypted message provides module 211 and is receiving the identity information for including user that user is submitted by client
The feelings that the identity information of request and user and the biological information of user with the biological information of user are verified
Under condition, first password is provided to client;And, encrypted message provides module 211 and submitted by client receiving user
The request comprising first password in the case of, provide one or more of first password information to client.
Encrypted message provides module 211 by receiving the identity information and use of the user that user is submitted by client again
The biological information at family, and verified, it is only logical in the identity information of user and the biological information checking of user
In the case of crossing, just the first password is provided to client.Encrypted message provides module 211 and passes through the user provided again
Biological information ensure that the identity of the user using the cell-phone customer terminal, so as to avoid other people using the cell phone customer
End illegally to obtain first password, and then obtains first password information for illegal objective.
It is to be understood that encrypted message is received and preserving module 209 can not receive first close with one or more
The associated first password of code information, and encrypted message provides module 211 can not provide first password to client, and can be with
The request for including first password that user is submitted by client is not received.
Selectively, identity information receiving module 201 and encrypted message provide received by module 211, user and passed through
The identity information that client is submitted is for carrying out secrecy transmission, the body by conversion, encryption or conversion and the user encrypted
Part information.
For example, it is contemplated that may include name, passport NO. to identity information and (such as ID card No., passport number, drive
Sail card number, number-plate number etc.), one in telephone number (such as fixed telephone number and Mobile Directory Number etc.) or
Person is multiple, data volume very little, is also easy to be decrypted even if using AES.It therefore, it can consider before submission to body
Part information is changed (for example, data filling, intertexture, scrambling etc.), hides a small amount of real information after conversion so as to reach
Identity information in the purpose submitted.Moreover, the identity information data amount after conversion is big, existing skill is also easily combined
Many AESs in art and use.Therefore, alternatively, the identity information after conversion is encrypted to obtain after encryption
Identity information is submitted.
If identity information receiving module 201 and encrypted message, which provide received by module 211, user, passes through client
The identity information of submission is believed for carrying out secrecy transmission, the identity by conversion, encryption or conversion and the user encrypted
Breath, then, before the identity information that module 211 verifies user is provided by identity information authentication module 203 and encrypted message,
Also the identity information of the received user by conversion, encryption or conversion and encryption is carried out inverse conversion (for example, descrambling,
Deinterleave, remove filling data etc.), decryption or decryption and inverse conversion, to obtain the identity information of user.
It is to be understood that can not receive that user submitted by client in the step S109 of method 100 with one
The associated first password of individual or multiple first password information, and the operation related to " first password " is (for example, step S111
In " to client provide first password " operation and step S113 in " submitted receiving user by client
The request comprising first password in the case of " judgement operation) can omit.Fig. 3 is to locate according to an embodiment of the invention
Manage the flow chart of another method 100 ' of encrypted message.
As shown in figure 3, method 100 ' include step S101 ' to step S111 ', wherein step S101 ' to step S107 '
It is identical to step S107 with the step S101 in method 100.However, in the step of method 100 ' is after its step S107 ' but
It is related to all operations of " first password " in the step of eliminating after the step S107 in method 100.That is, method 100 ' includes
Following steps:
S101 ' to step S107 ':With the step S101 in method 100 to step S107.
Step S109 ':In the case where the biological information of user is verified, receives user and submitted by client
One or more first password information, and save it in that client is local and/or server end.
Step S111 ':Receiving the biology of the identity information comprising user that user submitted by client and user
In the case that the request of characteristic information and the identity information of user and the biological information of user are verified, to client
End provides one or more of first password information.
Fig. 4 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention
The schematic diagram of the method for information conversion/inverse conversion.
Fig. 4 top is the schematic diagram of identity information conversion, and data filling is carried out successively to original identity information during conversion
401st, the 403, scrambling 405 that interweaves is operated, the identity information after being changed.
Fig. 4 bottom is the schematic diagram of identity information inverse conversion, and the identity information after conversion is carried out successively during inverse conversion
Descrambling 407, deinterleaving 409, removal filling data 411 are operated, and obtain original identity information.
Fig. 5 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention
The schematic diagram of the method for information conversion and encryption/decryption and inverse conversion.
Fig. 5 top is the schematic diagram of identity information conversion and encryption, when changing and encrypting to original identity information successively
Progress data filling 501, the 503, scrambling 505 that interweaves, the operation of encryption 507, the identity information after being changed and being encrypted.
Fig. 5 bottom is the schematic diagram of identity information decryption and inverse conversion, decryption and during inverse conversion to conversion and encryption after
Identity information be decrypted 509 successively, descrambling 511, deinterleave 513, remove filling data 515 and operate, obtain original identity
Information.
It is described above, it is only the exemplary embodiment of the present invention, but protection scope of the present invention is not limited to
This, any one skilled in the art the invention discloses technical scope in, the change that can readily occur in or replace
Change, should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection of the claim
Scope is defined.
Claims (6)
1. a kind of method (100) for handling encrypted message, it is characterised in that comprise the following steps:
Step 1:Receive the identity information (S101) that user is submitted by client;
Step 2:The identity information (S103) of user is verified using pre-defined identity information database;
Step 3:In the case where the identity information of user is verified, the biology for the user that user is submitted by client is received
Characteristic information (S105);
Step 4:The biological information (S107) of user is verified using pre-defined user biological characteristic information data storehouse;
Step 5:In the case where the biological information of user is verified, receive that user submitted by client one or
The multiple first password information of person and associated first password, and save it in that client is local and/or server end
(S109);
Step 6:Receiving the biological information of the identity information comprising user that user submitted by client and user
Request and in the case that the identity information of user and the biological information of user be verified, provide institute to client
State first password (S111);And
Step 7:In the case where receiving the request comprising the first password that user is submitted by client, to client
One or more of first password information (S113) are provided.
2. according to the method described in claim 1, it is characterised in that the biological information of the user includes being extracted down
At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
3. method according to claim 1 or 2, it is characterised in that received by step 1 and step 6, Yong Hutong
The identity information for crossing client submission is for carrying out secrecy transmission, the use by conversion, encryption or conversion and encryption
The identity information at family, moreover, in step 2 and step 6 before the identity information of checking user, also turning to received process
The identity information for the user for changing, encrypting or changing and encrypt carries out inverse conversion, decryption or decryption and inverse conversion, to obtain user
Identity information.
4. a kind of device (200) for handling encrypted message, it is characterised in that including:
Identity information receiving module (201), for receiving the identity information that user is submitted by client;
Identity information authentication module (203), the identity information for verifying user using pre-defined identity information database;
User biological characteristic information receiving module (205), in the case of being verified in the identity information of user, receives and uses
The biological information for the user that family is submitted by client;
User biological characteristic information authentication module (207), for being tested using pre-defined user biological characteristic information data storehouse
Demonstrate,prove the biological information of user;
Encrypted message is received and preserving module (209), in the case of being verified in the biological information of user, is received
One or more first password information and associated first password that user is submitted by client, and preserved
Client is local and/or server end;And
Encrypted message provides module (211), is receiving the identity information comprising user and the use that user is submitted by client
The situation that the request of the biological information at family and the identity information of user and the biological information of user are verified
Under, provide the first password to client, and for including described first receiving user by what client was submitted
In the case of the request of password, one or more of first password information are provided to client.
5. device according to claim 4, it is characterised in that the biological information of the user includes being extracted down
At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
6. the device according to claim 4 or 5, it is characterised in that the identity information receiving module (201) and described close
Received by code information providing module (211), the identity information that user is submitted by client is for being maintained secrecy
The identity information of user transmitting, by conversion, encryption or conversion and encryption, moreover, being verified by the identity information
Module (203) and the encrypted message are provided before the identity information of module (211) checking user, also to received process
The identity information of the user of conversion, encryption or conversion and encryption carries out inverse conversion, decryption or decryption and inverse conversion, to obtain use
The identity information at family.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710417780.3A CN107332668A (en) | 2017-06-05 | 2017-06-05 | A kind of method and apparatus for handling encrypted message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710417780.3A CN107332668A (en) | 2017-06-05 | 2017-06-05 | A kind of method and apparatus for handling encrypted message |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107332668A true CN107332668A (en) | 2017-11-07 |
Family
ID=60194211
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710417780.3A Pending CN107332668A (en) | 2017-06-05 | 2017-06-05 | A kind of method and apparatus for handling encrypted message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107332668A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107886330A (en) * | 2017-11-28 | 2018-04-06 | 北京旷视科技有限公司 | Settlement method, apparatus and system |
CN109063627A (en) * | 2018-07-27 | 2018-12-21 | 文志 | Digital Human artificial intelligence identity unique identification control method |
CN110650013A (en) * | 2018-06-27 | 2020-01-03 | 上海赢亥信息科技有限公司 | Key recovery method based on biological characteristics |
CN110691093A (en) * | 2019-10-08 | 2020-01-14 | 迈普通信技术股份有限公司 | Password retrieving method and device, network equipment and computer readable storage medium |
CN113315629A (en) * | 2021-04-28 | 2021-08-27 | 四川万信数字科技有限公司 | Cloud storage and verification system for commercial passwords |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102638471A (en) * | 2012-04-25 | 2012-08-15 | 杭州晟元芯片技术有限公司 | Password protection and management method |
CN103281296A (en) * | 2013-04-22 | 2013-09-04 | 北京国政通科技有限公司 | Method and device for processing encrypted messages |
CN103595719A (en) * | 2013-11-15 | 2014-02-19 | 清华大学 | Authentication method and system based on fingerprints |
CN104639315A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Dual-authentication method and device based on identity passwords and fingerprint identification |
CN105357176A (en) * | 2015-09-28 | 2016-02-24 | 公安部第一研究所 | Network legal identity management system based on electronic legal identity card network mapping certificate |
CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
-
2017
- 2017-06-05 CN CN201710417780.3A patent/CN107332668A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102638471A (en) * | 2012-04-25 | 2012-08-15 | 杭州晟元芯片技术有限公司 | Password protection and management method |
CN103281296A (en) * | 2013-04-22 | 2013-09-04 | 北京国政通科技有限公司 | Method and device for processing encrypted messages |
CN104639315A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Dual-authentication method and device based on identity passwords and fingerprint identification |
CN103595719A (en) * | 2013-11-15 | 2014-02-19 | 清华大学 | Authentication method and system based on fingerprints |
CN105357176A (en) * | 2015-09-28 | 2016-02-24 | 公安部第一研究所 | Network legal identity management system based on electronic legal identity card network mapping certificate |
CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107886330A (en) * | 2017-11-28 | 2018-04-06 | 北京旷视科技有限公司 | Settlement method, apparatus and system |
CN110650013A (en) * | 2018-06-27 | 2020-01-03 | 上海赢亥信息科技有限公司 | Key recovery method based on biological characteristics |
CN110650013B (en) * | 2018-06-27 | 2022-10-18 | 上海赢亥信息科技有限公司 | Key recovery method based on biological characteristics |
CN109063627A (en) * | 2018-07-27 | 2018-12-21 | 文志 | Digital Human artificial intelligence identity unique identification control method |
CN110691093A (en) * | 2019-10-08 | 2020-01-14 | 迈普通信技术股份有限公司 | Password retrieving method and device, network equipment and computer readable storage medium |
CN113315629A (en) * | 2021-04-28 | 2021-08-27 | 四川万信数字科技有限公司 | Cloud storage and verification system for commercial passwords |
CN113315629B (en) * | 2021-04-28 | 2023-07-11 | 四川万信数字科技有限公司 | Cloud storage and verification system for business passwords |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8881251B1 (en) | Electronic authentication using pictures and images | |
US20190260747A1 (en) | Securing a transaction performed from a non-secure terminal | |
CA2649015C (en) | Graphical image authentication and security system | |
US8117458B2 (en) | Methods and systems for graphical image authentication | |
US20220261464A1 (en) | Digital identity authentication and verification system, method, and device | |
US8997177B2 (en) | Graphical encryption and display of codes and text | |
CN107332668A (en) | A kind of method and apparatus for handling encrypted message | |
US8869238B2 (en) | Authentication using a turing test to block automated attacks | |
US20090276839A1 (en) | Identity collection, verification and security access control system | |
US20080052245A1 (en) | Advanced multi-factor authentication methods | |
US20070277224A1 (en) | Methods and Systems for Graphical Image Authentication | |
US20160127134A1 (en) | User authentication system and method | |
US9667626B2 (en) | Network authentication method and device for implementing the same | |
CN108989346A (en) | The effective identity trustship agility of third party based on account concealment authenticates access module | |
JP6538872B2 (en) | Common identification data replacement system and method | |
CN1956016A (en) | Storage media issuing method | |
US20150244695A1 (en) | Network authentication method for secure user identity verification | |
US20190166118A1 (en) | Secure multifactor authentication with push authentication | |
EP2751733A1 (en) | Method and system for authorizing an action at a site | |
US10521573B1 (en) | Authentication using third-party data | |
TW201544983A (en) | Data communication method and system, client terminal and server | |
KR101267229B1 (en) | Method and system for authenticating using input pattern | |
WO2023036143A1 (en) | Decentralized zero-trust identity verification and authentication system and method | |
KR101221728B1 (en) | The certification process server and the method for graphic OTP certification | |
US11671475B2 (en) | Verification of data recipient |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171107 |
|
RJ01 | Rejection of invention patent application after publication |