CN107332668A - A kind of method and apparatus for handling encrypted message - Google Patents

A kind of method and apparatus for handling encrypted message Download PDF

Info

Publication number
CN107332668A
CN107332668A CN201710417780.3A CN201710417780A CN107332668A CN 107332668 A CN107332668 A CN 107332668A CN 201710417780 A CN201710417780 A CN 201710417780A CN 107332668 A CN107332668 A CN 107332668A
Authority
CN
China
Prior art keywords
user
information
identity information
client
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710417780.3A
Other languages
Chinese (zh)
Inventor
冯倩云
李莉莉
付春
陈放
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guozhengtong Polytron Technologies Inc
Original Assignee
Guozhengtong Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guozhengtong Polytron Technologies Inc filed Critical Guozhengtong Polytron Technologies Inc
Priority to CN201710417780.3A priority Critical patent/CN107332668A/en
Publication of CN107332668A publication Critical patent/CN107332668A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A kind of method and apparatus for handling encrypted message are disclosed, methods described includes:Receive the identity information that user submits;The identity information of user is verified using pre-defined identity information database;In the case where the identity information of user is verified, the biological information for the user that user submits is received;The biological information of user is verified using pre-defined user biological characteristic information data storehouse;In the case where the biological information of user is verified, first password information and associated first password that user submits are received, and save it in that client is local and/or server end;Receive user submission the identity information comprising user and user biological information request and these Information Authentications by when, to client offer first password;And, when receiving the request comprising first password of user's submission, first password information is provided to client.The compromised risk of user password information can be reduced.

Description

A kind of method and apparatus for handling encrypted message
Technical field
The present invention relates to information security technology, more particularly to a kind of method and apparatus for handling encrypted message.
Background technology
With the popularization of computer and internet, daily life and the relation of computer and internet are more and more closeer Cut.During using computer and internet, it is often necessary to username and password this category information is inputted, to log in internet Website, logs in software, or complete online transaction using finance account.For different types of website and software, user is general Multiple different username and passwords can be set, for example, user may be directed to microblogging, chat tool, E-mail address, Net silver account Family, game account etc. set multiple username and passwords.It is all individual for many users to remember these username and passwords The username and password of problem, particularly those rarely needed websites or software.
In order to solve the above problems, present applicant is in Application No. CN201310141865.5 patent of invention Shen A kind of method and apparatus for handling encrypted message please be disclosed in file, disclosed method comprises the following steps:Receive user The identity information submitted by client;The identity information of user is verified using pre-defined identity information database;Testing In the case that card passes through, the identity information of user is preserved;One or more for receiving that user submitted by client is first close Code information and associated first password, and save it in that client is local and/or server end;Receiving user In the case of the request comprising identity information submitted by client, the first password is provided to client;And connecing In the case of receiving the request comprising first password that user is submitted by client, provide one or many to client Individual first password information.
The above method provides a kind of approach of unified management for numerous username and password information of user, and can Realize that the identity information of the user provided in the special cell-phone customer terminal by such as user is verified as authentic and valid situation Under, the password associated with encrypted message can just be given for change by only providing identity information, then obtain encrypted message, then close without forgeing Code can not just obtain the defect of encrypted message.
However, the above method is in the case where cell-phone customer terminal is lost or be stolen, there are still cause what user cipher was revealed Risk.Although being further disclosed in above-mentioned application documents can provide as one of false encrypted message of user or many Individual second encrypted message and one or more second password associated therewith, this is increased to a certain extent illegally obtains Take the difficulty of user password information, but true password is obtained by repeatedly attempting different passwords and then to obtain user close The difficulty of code information is simultaneously little.Moreover, user oneself may also can forget which is true password.
Therefore, it is necessary to reference to some biological informations (such as, face information, handwritten signature information) of individual subscriber The above method is improved.
The content of the invention
Least for technical problem mentioned above is partly solved, the present invention proposes following technical scheme.
According to a kind of method of processing encrypted message of the present invention, comprise the following steps:Step 1:Receive user and pass through visitor The identity information that family end is submitted;Step 2:The identity information of user is verified using pre-defined identity information database;Step 3:In the case where the identity information of user is verified, the biological characteristic letter for the user that user is submitted by client is received Breath;Step 4:The biological information of user is verified using pre-defined user biological characteristic information data storehouse;Step 5: In the case that the biological information of user is verified, one or more for receiving that user submitted by client is first close Code information and associated first password, and save it in that client is local and/or server end;Step 6:Receiving The request of the identity information comprising user and the biological information of user submitted to user by client and user's In the case that identity information and the biological information of user are verified, first password is provided to client;And, step 7: In the case where receiving the request comprising first password that user is submitted by client, to client provide it is one or The multiple first password information of person.
The method for the treatment of in accordance with the present invention encrypted message, wherein, the biological information of user includes being extracted down At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
The method for the treatment of in accordance with the present invention encrypted message, wherein, received by step 1 and step 6, Yong Hutong The identity information for crossing client submission is for carrying out secrecy transmission, the user by conversion, encryption or conversion and encryption Identity information, moreover, in step 2 and step 6 before the identity information of checking user, also received passing through is changed, The identity information of the user of encryption or conversion and encryption carries out inverse conversion, decryption or decryption and inverse conversion, to obtain user's Identity information.
According to a kind of device of processing encrypted message of the present invention, including:Identity information receiving module, for receiving user The identity information submitted by client;Identity information authentication module, for being tested using pre-defined identity information database Demonstrate,prove the identity information of user;User biological characteristic information receiving module, for situation about being verified in the identity information of user Under, receive the biological information for the user that user is submitted by client;User biological characteristic information authentication module, for profit The biological information of user is verified with pre-defined user biological characteristic information data storehouse;Encrypted message receives and preserved mould Block, in the case of being verified in the biological information of user, receive that user submitted by client one or Multiple first password information and associated first password, and save it in that client is local and/or server end;With And, encrypted message provides module, is receiving the life of the identity information comprising user that user submitted by client and user In the case that the request of thing characteristic information and the identity information of user and the biological information of user are verified, to visitor Family end provides first password, and for receiving the situation for the request comprising first password that user is submitted by client Under, provide one or more of first password information to client.
The device for the treatment of in accordance with the present invention encrypted message, wherein, the biological information of user includes being extracted down At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
The device for the treatment of in accordance with the present invention encrypted message, identity information receiving module and encrypted message therein provide mould The identity information that received by block, user is submitted by client be for carry out secrecy transmission, by conversion, encryption, Or the identity information of the user of conversion and encryption, moreover, being tested providing module by identity information authentication module and encrypted message Before the identity information for demonstrate,proving user, the identity information also to the received user by conversion, encryption or conversion and encryption Inverse conversion, decryption or decryption and inverse conversion are carried out, to obtain the identity information of user.
The advantage of the invention is that:Verified by combining some biological informations of individual subscriber, further It ensure that the method and apparatus of disclosed processing encrypted message can be maximum in the case where cell-phone customer terminal is lost or be stolen Reduce to degree the compromised risk of user password information.
Brief description of the drawings
By reading the detailed description of following detailed description, various other advantages and benefit is common for this area Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of embodiment, and can not be considered as to this The limitation of invention.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is a kind of flow chart of method of processing encrypted message according to an embodiment of the invention.
Fig. 2 is the block diagram for the device and client for handling encrypted message according to an embodiment of the invention.
Fig. 3 is the flow chart of another method of processing encrypted message according to an embodiment of the invention.
Fig. 4 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention The schematic diagram of the method for information conversion/inverse conversion.
Fig. 5 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention The schematic diagram of the method for information conversion and encryption/decryption and inverse conversion.
Embodiment
The illustrative embodiments of the disclosure are more fully described below with reference to accompanying drawings.Although showing this public affairs in accompanying drawing The illustrative embodiments opened, it being understood, however, that may be realized in various forms the disclosure without the reality that should be illustrated here The mode of applying is limited.Conversely it is able to be best understood from the disclosure there is provided these embodiments, and can be by this public affairs The scope opened completely convey to those skilled in the art.
Fig. 1 is a kind of flow chart of method 100 of processing encrypted message according to an embodiment of the invention.According to the present invention Embodiment, each step in method 100 can perform by server end.Alternatively, the server end can include one Individual or multiple servers, the server can be any kind of server, including but not limited to file server, database Server and apps server etc..
As shown in figure 1, method 100 starts from step S101.In step S101, the body that user is submitted by client is received Part information.
Embodiments in accordance with the present invention, the identity information includes name, passport NO. (such as ID card No., passport Number, drivers license number, number-plate number etc.), in telephone number (such as fixed telephone number and Mobile Directory Number etc.) One or more.
Embodiments in accordance with the present invention, client can be any electronic equipment with communication function, including but not limit In following electronic equipment:Mobile phone, tablet personal computer, notebook, desktop computer, audio/video player, multimedia Information exchange equipment etc..For example, user can be by way of mobile phone short message to server end submission identity information, can , can be by upper to submit identity information to server end by the client application installed on above-mentioned various electronic equipments The webpage of various electronic equipments access server ends is stated to submit identity information, Email can also be passed through or other various logical Letter mode submits identity information to server end.
Embodiments in accordance with the present invention, identity information include name, passport NO. (for example ID card No., passport number, Drivers license number, number-plate number etc.), one in telephone number (such as fixed telephone number and Mobile Directory Number etc.) Or it is multiple.
Next, in step s 103, the identity information of user is verified using pre-defined identity information database.
Alternatively, pre-defined identity information database can include national citizen ID certificate number inquiry service centre (NCIIS) database and the telephone number database of major telecom operators.For example, as user by client to clothes When its ID card No. is submitted at business device end, it is possible to verify this using the information in the pre-defined identity information database ID card No. whether be the name user real ID card No..When user is submitted by client During its phone number, it is possible to whether verify the phone number using the information in the pre-defined identity information database For the real phone number of the user.
Next, performing step S105, in the case where the identity information of user is verified, receives user and pass through client Hold the biological information of the user submitted.
Alternatively, the biological information of user includes the following message extracted by electronic equipments such as cell-phone customer terminals At least one of:Face, fingerprint, iris, hand-type, sound, signature, gait.
Next, performing step S107, the life of user is verified using pre-defined user biological characteristic information data storehouse Thing characteristic information.
The user biological characteristic information data library storage user biological characteristic information of advance collection is (for example, face, refer to At least one of information such as line, iris, hand-type, sound, signature, gait).Alternatively, user biological characteristic information data storehouse The key feature corresponding to the biological information gathered in advance is stored (for example, face, fingerprint, iris, hand-type, signature etc. Image information in the key feature such as edge, texture, pattern, histogram;Audio frequency characteristics in sound;Gait variation characteristic Deng).
Next, performing step S109, in the case where the biological information of user is verified, receives user and pass through One or more first password information and associated first password that client is submitted, and save it in client Local and/or server end.
Verification process therein is as follows:Again the biological information of user is extracted, and it is believed with user biological feature Stored in breath database to should user advance collection biological information (or the biology of the user gathered in advance Key feature corresponding to characteristic information) it is compared, pass through if compared, be verified;Otherwise, checking does not pass through.
Embodiments in accordance with the present invention, one or more of first password information are the true encrypted messages of user, The first password information includes internet site log-on message, software log-on message, the financial account information of user.For example, The internet site log-on message can include various websites (for example, microblogging, Email website, shopping website etc.) and discuss The log-on messages such as the user name (or e-mail address etc.) and login password of altar etc., the software log-on message can include each The user name (or e-mail address etc.) and login password of kind of software (for example, game, MSN, business software etc.) Etc. log-on message, and the financial account information can include the accounts information of various Net silver accounts, stock and fund account etc.. In addition, above-mentioned various first password information can also include user pre-set, for user forget encrypted message when look for Return the various problems of password and the information of corresponding answer.
It should be appreciated that above-mentioned various first password information are merely illustrative, the principle that reader understands the present invention is used to help, and The scope of the present invention is not limited to above-mentioned encrypted message, but can include any type of encrypted message.
Embodiments in accordance with the present invention, the first password is user's setting and one or more of first passwords The associated password of information, user can subsequently obtain one or more of first password letters using the first password Breath.Alternatively, first password can be made up of the one or more in numeral, English alphabet, other characters, first password Length should be in pre-defined length range.
One or more of first password information and the first password can be stored in client it is local and/ Or server end.In the case where being stored in server end, client can be avoided, which to break down or lose, causes message in cipher The phenomenon that ceasing to give for change occurs.
Above-mentioned steps S101 to S109 completes the storage of the authentication of user, first password information and first password. If user have forgotten first password information, step S111 and step S113 can be performed, first password information is given for change again.
In step S111, the life of the identity information comprising user that user submitted by client and user is being received In the case that the request of thing characteristic information and the identity information of user and the biological information of user are verified, to visitor Family end provides first password.
In this step, the identity information and the biological characteristic of user for the user that user is submitted by client are received again Information, and verified, only in the case where the identity information of user and the biological information of user are verified, The first password is provided to client.It ensure that by the biological information of the user provided again in this step Using the identity of the user of the cell-phone customer terminal, so that avoiding other people comes that illegal to obtain first close using the cell-phone customer terminal Code, and then first password information is obtained for illegal objective.
Finally, in step S113, the feelings for the request comprising first password that user is submitted by client are being received Under condition, one or more of first password information are provided to client.
Selectively, the received, identity that user is submitted by client is believed in step S101 and step S111 Breath is for carrying out secrecy transmission, the identity information by conversion, encryption or conversion and the user encrypted.
For example, it is contemplated that may include name, passport NO. to identity information and (such as ID card No., passport number, drive Sail card number, number-plate number etc.), one in telephone number (such as fixed telephone number and Mobile Directory Number etc.) or Person is multiple, data volume very little, is also easy to be decrypted even if using AES.It therefore, it can consider before submission to body Part information is changed (for example, data filling, intertexture, scrambling etc.), hides a small amount of real information after conversion so as to reach Identity information in the purpose submitted.Moreover, the identity information data amount after conversion is big, existing skill is also easily combined Many AESs in art and use.Therefore, alternatively, the identity information after conversion is encrypted to obtain after encryption Identity information is submitted.
If the identity information that user is submitted by client is the user by conversion, encryption or conversion and encryption Identity information, then, before the identity information that user is verified in step S103 and step S111, also to received process Conversion, the identity information for the user for encrypting or changing and encrypting carry out inverse conversion (for example, descrambling, deinterleaving, removal filler According to etc.), decryption or decryption and inverse conversion, to obtain the identity information of user.
Corresponding with the above method 100 shown in Fig. 1, present invention also offers a kind of device 200 for handling encrypted message. Fig. 2 be according to an embodiment of the invention processing encrypted message device 200 and client 300-1 ..., 300-n block diagram.
As shown in Fig. 2 device 200 includes identity information receiving module 201, identity information authentication module 203, user biological Characteristic information receiving module 205, user biological characteristic information authentication module 207, encrypted message are received and preserving module 209, close Code information providing module 211.
Embodiments in accordance with the present invention, identity information receiving module 201, identity information authentication module 203, user biological are special Information receiving module 205, user biological characteristic information authentication module 207, encrypted message is levied to receive and preserving module 209, password Information providing module 211 can be the module positioned at server end, and they may be respectively used for performing the step in the above method 100 Rapid S101, S103, S105, S107, S109, S111 and S113.
Embodiments in accordance with the present invention, identity information receiving module 201 is used to receive the body that user is submitted by client Part information;Identity information authentication module 203 is used for the identity information that user is verified using pre-defined identity information database; User biological characteristic information receiving module 205 is used in the case where the identity information of user is verified, and receives user and passes through The biological information for the user that client is submitted;User biological characteristic information authentication module 207 is used to utilize what is pre-defined Verify the biological information of user in user biological characteristic information data storehouse;Encrypted message is received and preserving module 209 is used for In the case that the biological information of user is verified, one or more for receiving that user submitted by client is first close Code information and associated first password, and save it in that client is local and/or server end;And, message in cipher Breath provides module 211 to be believed in the biological characteristic for receiving the identity information comprising user that user submitted by client and user In the case that the request of breath and the identity information of user and the biological information of user are verified, provided to client First password, and in the case where receiving the request comprising first password that user is submitted by client, to visitor Family end provides one or more of first password information.
First, identity information receiving module 201 receives user by client (for example, one as shown in Figure 2 or many Individual client 300-1 ..., 300-n) submit identity information.Embodiments in accordance with the present invention, the client can be any Electronic equipment with communication function, including but not limited to following electronic equipment:Mobile phone, tablet personal computer, notebook are calculated Machine, desktop computer, audio/video player, interaction of multimedia information equipment etc..For example, user can disappear by the way that mobile phone is short The mode of breath submits identity information to the identity information receiving module 201 of server end, can pass through above-mentioned various electronic equipments The client application of upper installation submits identity information to the identity information receiving module 201 of server end, can be by upper State various electronic equipments and access the webpage of server end to submit identity information to identity information receiving module 201, can also lead to Cross Email or other various communication modes and submit identity information to the identity information receiving module 201 of server end.
Secondly, identity information authentication module 203 is believed using the identity of pre-defined identity information database checking user Breath.
Alternatively, pre-defined identity information database can include national citizen ID certificate number inquiry service centre (NCIIS) database and the telephone number database of major telecom operators.For example, as user by client to clothes When the identity information authentication module 203 of business device submits its ID card No., identity information authentication module 203 just can be pre- using this Information in the identity information database first defined come verify the ID card No. whether be the name user real body Part card number.When user submits its phone number by the identity information authentication module 203 of user end to server, identity letter Whether breath authentication module 203 just can verify the phone number using the information in the pre-defined identity information database For the real phone number of the user.
Then, in the case where the identity information of user is verified, user biological characteristic information receiving module 205 is received The biological information for the user that user is submitted by client.
Alternatively, the biological information for the user that user biological characteristic information receiving module 205 is received includes passing through At least one of following message that the electronic equipments such as cell-phone customer terminal are extracted:Face, fingerprint, iris, hand-type, sound, label Name, gait.
Next, user biological characteristic information authentication module 207 utilizes pre-defined user biological characteristic information data Verify the biological information of user in storehouse.
The user biological characteristic information data library storage user biological characteristic information of advance collection is (for example, face, refer to At least one of information such as line, iris, hand-type, sound, signature, gait).Alternatively, user biological characteristic information data storehouse The key feature corresponding to the biological information gathered in advance is stored (for example, face, fingerprint, iris, hand-type, signature etc. Image information in the key feature such as edge, texture, pattern, histogram;Audio frequency characteristics in sound;Gait variation characteristic Deng).
Then, in the case where the biological information of user is verified, encrypted message is received and preserving module 209 connects One or more first password information and associated first password that user is submitted by client are received, and is protected Have that client is local and/or server end.
Verification process therein is as follows:Again the biological information of user is extracted, and it is believed with user biological feature Stored in breath database to should user advance collection biological information (or the biology of the user gathered in advance Key feature corresponding to characteristic information) it is compared, pass through if compared, be verified;Otherwise, checking does not pass through.
Embodiments in accordance with the present invention, one or more of first password information are the true encrypted messages of user, The first password information includes internet site log-on message, software log-on message, the financial account information of user.For example, The internet site log-on message can include various websites (for example, microblogging, Email website, shopping website etc.) and discuss The log-on messages such as the user name (or e-mail address etc.) and login password of altar etc., the software log-on message can include each The user name (or e-mail address etc.) and login password of kind of software (for example, game, MSN, business software etc.) Etc. log-on message, and the financial account information can include the accounts information of various Net silver accounts, stock and fund account etc.. In addition, above-mentioned various first password information can also include user pre-set, for user forget encrypted message when look for Return the various problems of password and the information of corresponding answer.
It should be appreciated that above-mentioned various first password information are merely illustrative, the principle that reader understands the present invention is used to help, and The scope of the present invention is not limited to above-mentioned encrypted message, but can include any type of encrypted message.
Embodiments in accordance with the present invention, the first password is user's setting and one or more of first passwords The associated password of information, user can subsequently obtain one or more of first password letters using the first password Breath.Alternatively, first password can be made up of the one or more in numeral, English alphabet, other characters, first password Length should be in pre-defined length range.
One or more of first password information and the first password can be stored in client it is local and/ Or server end.In the case where being stored in server end, client can be avoided, which to break down or lose, causes message in cipher The phenomenon that ceasing to give for change occurs.
After the storage of authentication, first password information and first password of user is completed.If user forgets First password information, then can provide module 211 by encrypted message and perform step S111 and step S113, give for change again One encrypted message.
That is, encrypted message provides module 211 and is receiving the identity information for including user that user is submitted by client The feelings that the identity information of request and user and the biological information of user with the biological information of user are verified Under condition, first password is provided to client;And, encrypted message provides module 211 and submitted by client receiving user The request comprising first password in the case of, provide one or more of first password information to client.
Encrypted message provides module 211 by receiving the identity information and use of the user that user is submitted by client again The biological information at family, and verified, it is only logical in the identity information of user and the biological information checking of user In the case of crossing, just the first password is provided to client.Encrypted message provides module 211 and passes through the user provided again Biological information ensure that the identity of the user using the cell-phone customer terminal, so as to avoid other people using the cell phone customer End illegally to obtain first password, and then obtains first password information for illegal objective.
It is to be understood that encrypted message is received and preserving module 209 can not receive first close with one or more The associated first password of code information, and encrypted message provides module 211 can not provide first password to client, and can be with The request for including first password that user is submitted by client is not received.
Selectively, identity information receiving module 201 and encrypted message provide received by module 211, user and passed through The identity information that client is submitted is for carrying out secrecy transmission, the body by conversion, encryption or conversion and the user encrypted Part information.
For example, it is contemplated that may include name, passport NO. to identity information and (such as ID card No., passport number, drive Sail card number, number-plate number etc.), one in telephone number (such as fixed telephone number and Mobile Directory Number etc.) or Person is multiple, data volume very little, is also easy to be decrypted even if using AES.It therefore, it can consider before submission to body Part information is changed (for example, data filling, intertexture, scrambling etc.), hides a small amount of real information after conversion so as to reach Identity information in the purpose submitted.Moreover, the identity information data amount after conversion is big, existing skill is also easily combined Many AESs in art and use.Therefore, alternatively, the identity information after conversion is encrypted to obtain after encryption Identity information is submitted.
If identity information receiving module 201 and encrypted message, which provide received by module 211, user, passes through client The identity information of submission is believed for carrying out secrecy transmission, the identity by conversion, encryption or conversion and the user encrypted Breath, then, before the identity information that module 211 verifies user is provided by identity information authentication module 203 and encrypted message, Also the identity information of the received user by conversion, encryption or conversion and encryption is carried out inverse conversion (for example, descrambling, Deinterleave, remove filling data etc.), decryption or decryption and inverse conversion, to obtain the identity information of user.
It is to be understood that can not receive that user submitted by client in the step S109 of method 100 with one The associated first password of individual or multiple first password information, and the operation related to " first password " is (for example, step S111 In " to client provide first password " operation and step S113 in " submitted receiving user by client The request comprising first password in the case of " judgement operation) can omit.Fig. 3 is to locate according to an embodiment of the invention Manage the flow chart of another method 100 ' of encrypted message.
As shown in figure 3, method 100 ' include step S101 ' to step S111 ', wherein step S101 ' to step S107 ' It is identical to step S107 with the step S101 in method 100.However, in the step of method 100 ' is after its step S107 ' but It is related to all operations of " first password " in the step of eliminating after the step S107 in method 100.That is, method 100 ' includes Following steps:
S101 ' to step S107 ':With the step S101 in method 100 to step S107.
Step S109 ':In the case where the biological information of user is verified, receives user and submitted by client One or more first password information, and save it in that client is local and/or server end.
Step S111 ':Receiving the biology of the identity information comprising user that user submitted by client and user In the case that the request of characteristic information and the identity information of user and the biological information of user are verified, to client End provides one or more of first password information.
Fig. 4 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention The schematic diagram of the method for information conversion/inverse conversion.
Fig. 4 top is the schematic diagram of identity information conversion, and data filling is carried out successively to original identity information during conversion 401st, the 403, scrambling 405 that interweaves is operated, the identity information after being changed.
Fig. 4 bottom is the schematic diagram of identity information inverse conversion, and the identity information after conversion is carried out successively during inverse conversion Descrambling 407, deinterleaving 409, removal filling data 411 are operated, and obtain original identity information.
Fig. 5 is to handle a kind of progress identity that the above method of encrypted message can be used according to an embodiment of the invention The schematic diagram of the method for information conversion and encryption/decryption and inverse conversion.
Fig. 5 top is the schematic diagram of identity information conversion and encryption, when changing and encrypting to original identity information successively Progress data filling 501, the 503, scrambling 505 that interweaves, the operation of encryption 507, the identity information after being changed and being encrypted.
Fig. 5 bottom is the schematic diagram of identity information decryption and inverse conversion, decryption and during inverse conversion to conversion and encryption after Identity information be decrypted 509 successively, descrambling 511, deinterleave 513, remove filling data 515 and operate, obtain original identity Information.
It is described above, it is only the exemplary embodiment of the present invention, but protection scope of the present invention is not limited to This, any one skilled in the art the invention discloses technical scope in, the change that can readily occur in or replace Change, should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection of the claim Scope is defined.

Claims (6)

1. a kind of method (100) for handling encrypted message, it is characterised in that comprise the following steps:
Step 1:Receive the identity information (S101) that user is submitted by client;
Step 2:The identity information (S103) of user is verified using pre-defined identity information database;
Step 3:In the case where the identity information of user is verified, the biology for the user that user is submitted by client is received Characteristic information (S105);
Step 4:The biological information (S107) of user is verified using pre-defined user biological characteristic information data storehouse;
Step 5:In the case where the biological information of user is verified, receive that user submitted by client one or The multiple first password information of person and associated first password, and save it in that client is local and/or server end (S109);
Step 6:Receiving the biological information of the identity information comprising user that user submitted by client and user Request and in the case that the identity information of user and the biological information of user be verified, provide institute to client State first password (S111);And
Step 7:In the case where receiving the request comprising the first password that user is submitted by client, to client One or more of first password information (S113) are provided.
2. according to the method described in claim 1, it is characterised in that the biological information of the user includes being extracted down At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
3. method according to claim 1 or 2, it is characterised in that received by step 1 and step 6, Yong Hutong The identity information for crossing client submission is for carrying out secrecy transmission, the use by conversion, encryption or conversion and encryption The identity information at family, moreover, in step 2 and step 6 before the identity information of checking user, also turning to received process The identity information for the user for changing, encrypting or changing and encrypt carries out inverse conversion, decryption or decryption and inverse conversion, to obtain user Identity information.
4. a kind of device (200) for handling encrypted message, it is characterised in that including:
Identity information receiving module (201), for receiving the identity information that user is submitted by client;
Identity information authentication module (203), the identity information for verifying user using pre-defined identity information database;
User biological characteristic information receiving module (205), in the case of being verified in the identity information of user, receives and uses The biological information for the user that family is submitted by client;
User biological characteristic information authentication module (207), for being tested using pre-defined user biological characteristic information data storehouse Demonstrate,prove the biological information of user;
Encrypted message is received and preserving module (209), in the case of being verified in the biological information of user, is received One or more first password information and associated first password that user is submitted by client, and preserved Client is local and/or server end;And
Encrypted message provides module (211), is receiving the identity information comprising user and the use that user is submitted by client The situation that the request of the biological information at family and the identity information of user and the biological information of user are verified Under, provide the first password to client, and for including described first receiving user by what client was submitted In the case of the request of password, one or more of first password information are provided to client.
5. device according to claim 4, it is characterised in that the biological information of the user includes being extracted down At least one of column information:Face, fingerprint, iris, hand-type, sound, signature, gait.
6. the device according to claim 4 or 5, it is characterised in that the identity information receiving module (201) and described close Received by code information providing module (211), the identity information that user is submitted by client is for being maintained secrecy The identity information of user transmitting, by conversion, encryption or conversion and encryption, moreover, being verified by the identity information Module (203) and the encrypted message are provided before the identity information of module (211) checking user, also to received process The identity information of the user of conversion, encryption or conversion and encryption carries out inverse conversion, decryption or decryption and inverse conversion, to obtain use The identity information at family.
CN201710417780.3A 2017-06-05 2017-06-05 A kind of method and apparatus for handling encrypted message Pending CN107332668A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710417780.3A CN107332668A (en) 2017-06-05 2017-06-05 A kind of method and apparatus for handling encrypted message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710417780.3A CN107332668A (en) 2017-06-05 2017-06-05 A kind of method and apparatus for handling encrypted message

Publications (1)

Publication Number Publication Date
CN107332668A true CN107332668A (en) 2017-11-07

Family

ID=60194211

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710417780.3A Pending CN107332668A (en) 2017-06-05 2017-06-05 A kind of method and apparatus for handling encrypted message

Country Status (1)

Country Link
CN (1) CN107332668A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107886330A (en) * 2017-11-28 2018-04-06 北京旷视科技有限公司 Settlement method, apparatus and system
CN109063627A (en) * 2018-07-27 2018-12-21 文志 Digital Human artificial intelligence identity unique identification control method
CN110650013A (en) * 2018-06-27 2020-01-03 上海赢亥信息科技有限公司 Key recovery method based on biological characteristics
CN110691093A (en) * 2019-10-08 2020-01-14 迈普通信技术股份有限公司 Password retrieving method and device, network equipment and computer readable storage medium
CN113315629A (en) * 2021-04-28 2021-08-27 四川万信数字科技有限公司 Cloud storage and verification system for commercial passwords

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102638471A (en) * 2012-04-25 2012-08-15 杭州晟元芯片技术有限公司 Password protection and management method
CN103281296A (en) * 2013-04-22 2013-09-04 北京国政通科技有限公司 Method and device for processing encrypted messages
CN103595719A (en) * 2013-11-15 2014-02-19 清华大学 Authentication method and system based on fingerprints
CN104639315A (en) * 2013-11-10 2015-05-20 航天信息股份有限公司 Dual-authentication method and device based on identity passwords and fingerprint identification
CN105357176A (en) * 2015-09-28 2016-02-24 公安部第一研究所 Network legal identity management system based on electronic legal identity card network mapping certificate
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102638471A (en) * 2012-04-25 2012-08-15 杭州晟元芯片技术有限公司 Password protection and management method
CN103281296A (en) * 2013-04-22 2013-09-04 北京国政通科技有限公司 Method and device for processing encrypted messages
CN104639315A (en) * 2013-11-10 2015-05-20 航天信息股份有限公司 Dual-authentication method and device based on identity passwords and fingerprint identification
CN103595719A (en) * 2013-11-15 2014-02-19 清华大学 Authentication method and system based on fingerprints
CN105357176A (en) * 2015-09-28 2016-02-24 公安部第一研究所 Network legal identity management system based on electronic legal identity card network mapping certificate
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107886330A (en) * 2017-11-28 2018-04-06 北京旷视科技有限公司 Settlement method, apparatus and system
CN110650013A (en) * 2018-06-27 2020-01-03 上海赢亥信息科技有限公司 Key recovery method based on biological characteristics
CN110650013B (en) * 2018-06-27 2022-10-18 上海赢亥信息科技有限公司 Key recovery method based on biological characteristics
CN109063627A (en) * 2018-07-27 2018-12-21 文志 Digital Human artificial intelligence identity unique identification control method
CN110691093A (en) * 2019-10-08 2020-01-14 迈普通信技术股份有限公司 Password retrieving method and device, network equipment and computer readable storage medium
CN113315629A (en) * 2021-04-28 2021-08-27 四川万信数字科技有限公司 Cloud storage and verification system for commercial passwords
CN113315629B (en) * 2021-04-28 2023-07-11 四川万信数字科技有限公司 Cloud storage and verification system for business passwords

Similar Documents

Publication Publication Date Title
US8881251B1 (en) Electronic authentication using pictures and images
US20190260747A1 (en) Securing a transaction performed from a non-secure terminal
CA2649015C (en) Graphical image authentication and security system
US8117458B2 (en) Methods and systems for graphical image authentication
US20220261464A1 (en) Digital identity authentication and verification system, method, and device
US8997177B2 (en) Graphical encryption and display of codes and text
CN107332668A (en) A kind of method and apparatus for handling encrypted message
US8869238B2 (en) Authentication using a turing test to block automated attacks
US20090276839A1 (en) Identity collection, verification and security access control system
US20080052245A1 (en) Advanced multi-factor authentication methods
US20070277224A1 (en) Methods and Systems for Graphical Image Authentication
US20160127134A1 (en) User authentication system and method
US9667626B2 (en) Network authentication method and device for implementing the same
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
JP6538872B2 (en) Common identification data replacement system and method
CN1956016A (en) Storage media issuing method
US20150244695A1 (en) Network authentication method for secure user identity verification
US20190166118A1 (en) Secure multifactor authentication with push authentication
EP2751733A1 (en) Method and system for authorizing an action at a site
US10521573B1 (en) Authentication using third-party data
TW201544983A (en) Data communication method and system, client terminal and server
KR101267229B1 (en) Method and system for authenticating using input pattern
WO2023036143A1 (en) Decentralized zero-trust identity verification and authentication system and method
KR101221728B1 (en) The certification process server and the method for graphic OTP certification
US11671475B2 (en) Verification of data recipient

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107

RJ01 Rejection of invention patent application after publication