CN109064596A - Cipher management method, device and electronic equipment - Google Patents

Cipher management method, device and electronic equipment Download PDF

Info

Publication number
CN109064596A
CN109064596A CN201810824234.6A CN201810824234A CN109064596A CN 109064596 A CN109064596 A CN 109064596A CN 201810824234 A CN201810824234 A CN 201810824234A CN 109064596 A CN109064596 A CN 109064596A
Authority
CN
China
Prior art keywords
password
value
storage region
mark
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810824234.6A
Other languages
Chinese (zh)
Other versions
CN109064596B (en
Inventor
黎国梁
张玉虎
唐皓
陈彬
张东胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yun Ding Intelligent Technology (beijing) Co Ltd
Original Assignee
Yun Ding Intelligent Technology (beijing) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yun Ding Intelligent Technology (beijing) Co Ltd filed Critical Yun Ding Intelligent Technology (beijing) Co Ltd
Priority to CN201810824234.6A priority Critical patent/CN109064596B/en
Publication of CN109064596A publication Critical patent/CN109064596A/en
Priority to PCT/CN2019/097761 priority patent/WO2020020304A1/en
Application granted granted Critical
Publication of CN109064596B publication Critical patent/CN109064596B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Cipher management method, device and electronic equipment provided by the invention store encrypted message to the first storage region of the electronic equipment;Code data is stored to the second storage region of the electronic equipment;Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to be encrypted using the encryption key to original password value;Second storage region is different from first storage region.The present invention stores encrypted message and code data in the different storage zone of electronic equipment respectively, improve the difficulty of criminal's decryption, make criminal that can not successfully pass password authentification by way of distorting password and addition new password, largely improves the safety of password.

Description

Cipher management method, device and electronic equipment
Technical field
The present invention relates to field of information processing, more specifically to cipher management method, device and electronic equipment.
Background technique
Industry is rented in apartment length at present, intelligent cipher lock has become the standard configuration of length Renting an Apartment, intelligent cipher Lock is generally configured with common functions, the apartment management for house-owner or apartment operator such as long-range addition password, long-range deletion password and mentions Great convenience is supplied.
The conventional cipher Managed Solution of intelligent cipher lock is that door lock password is stored directly in the specific of intelligent cipher lock to deposit Storage area domain, still, if the address information of particular memory region where having criminal to crack door lock password, can directly result in The leakage of door lock password, or even also result in the door lock password stored in intelligent cipher lock and arbitrarily distorted by criminal, even Criminal is set arbitrarily to add new password in intelligent cipher lock in the unwitting situation of resident, to seriously affect The personal safety and property safety of resident.It can be seen that using traditional Password Management scheme come administrator password, so that password Safety is poor, can not effectively meet the security requirement of user.
Therefore, there is an urgent need to a kind of effective Password Management schemes at present, sufficiently full to improve the safety of password The security requirement of sufficient user.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind State the cipher management method and device of problem.
To achieve the above object, the invention provides the following technical scheme:
A kind of cipher management method is applied to electronic equipment, which comprises
Encrypted message is stored to the first storage region of the electronic equipment;
Code data is stored to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is Original password value is encrypted using the encryption key;Second storage region and first storage region It is different.
Preferably, the generating process of encryption key associated with the cipher mark includes:
Obtain the preset data in the cipher mark and the electronic equipment;
According to the cipher mark and the preset data, encryption key associated with the cipher mark is generated.
Preferably, the method also includes:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is obtained new Crypted password value;
In the code data that second storage region is stored, Crypted password associated with first password mark Value, is updated to the new Crypted password value.
Preferably, the encrypted message further include: cryptographic properties associated with the cipher mark;The method is also wrapped It includes:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, password category associated with second cipher mark Property, it is updated to the new password attribute.
Preferably, the encrypted message further include: password finish time associated with the cipher mark;The method Further include:
When password finish time associated with third cipher mark is earlier than current time, from first storage region In the encrypted message of storage, the third cipher mark and encryption key associated with the third cipher mark are deleted, And from the code data that second storage region stores, the third cipher mark is deleted.
Preferably, the method also includes:
Obtain the verifying password value of user's input;
Using the encryption key in the encrypted message of first storage region storage, second storage region is stored Code data in Crypted password value be decrypted, obtain clear crytpographic key value;
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines close Code authentication failed.
A kind of Password Management device, is applied to electronic equipment, and described device includes:
Encrypted message storage unit, for storing encrypted message to the first storage region of the electronic equipment;
Code data storage unit, for storing code data to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is Original password value is encrypted using the encryption key;Second storage region and first storage region It is different.
Preferably, described device further includes password value updating unit, and the password value updating unit is used for:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is obtained new Crypted password value;
In the code data that second storage region is stored, Crypted password associated with first password mark Value, is updated to the new Crypted password value.
Preferably, the encrypted message further include: cryptographic properties associated with the cipher mark;Described device is also wrapped Include cryptographic properties updating unit;The cryptographic properties updating unit is used for:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, password category associated with second cipher mark Property, it is updated to the new password attribute.
A kind of electronic equipment, comprising: for storing the first storage region of encrypted message, and for storing code data The second storage region;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is Original password value is encrypted using the encryption key;Second storage region and first storage region It is different.
By above-mentioned technical proposal, cipher management method and device provided by the invention are applied to electronic equipment, and electronics is set Standby middle storage is Crypted password value, rather than original password value, make criminal can not by decryption storage address come Get original password value;Moreover, being stored encryption key respectively from Crypted password value to the different storages of the electronic equipment Region improves criminal and cracks Crypted password value to obtain the difficulty of original password value;Also, it is combined using encryption key The mode of Crypted password value carrys out administrator password, make criminal can not illegally distort password or addition new password by way of come Pass through password authentification.So Password Management scheme of the invention, from the safety for largely improving password.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the flow chart of cipher management method provided by the embodiments of the present application;
Fig. 2 is the schematic diagram of password adding procedure provided by the embodiments of the present application;
Fig. 3 is the flow chart of the generating process of encryption key provided by the embodiments of the present application;
Fig. 4 is the schematic diagram of the generating process of encryption key provided by the embodiments of the present application;
Fig. 5 is the flow chart of password update process provided by the embodiments of the present application;
Fig. 6 is the schematic diagram of password update process provided by the embodiments of the present application;
Fig. 7 is the schematic diagram of password failure procedure provided by the embodiments of the present application;
Fig. 8 is the flow chart of password verification process provided by the embodiments of the present application;
Fig. 9 is a kind of structural schematic diagram of Password Management device provided by the embodiments of the present application;
Figure 10 is another structural schematic diagram of Password Management device provided by the embodiments of the present application;
Figure 11 is the structural schematic diagram of electronic equipment provided by the embodiments of the present application.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
Cipher management method provided by the embodiments of the present application and Password Management device, can be applied to electronic equipment, the electricity Sub- equipment can be intelligent cipher lock, be also possible to other electronic equipments with cryptographic functions such as password storage, password authentifications.
Fig. 1~2 is please referred to, Fig. 1 is the flow chart of cipher management method provided by the embodiments of the present application.
As shown in Figure 1, the cipher management method includes:
S101: encrypted message is stored to the first storage region of the electronic equipment.
The encrypted message includes cipher mark and encryption key associated with the cipher mark.
The encryption key can be used for encrypting original password value, obtain Crypted password value;It can be used for pair Crypted password value is decrypted, and obtains clear crytpographic key value.
Wherein, original password value be for user input clear-text passwords value, the clear crytpographic key value with it is described original close Code value is consistent.
S102: code data is stored to the second storage region of the electronic equipment.
The code data includes the cipher mark and Crypted password value associated with the cipher mark.Its In, cipher mark can be used for establishing one-to-one relationship between encrypted message and code data, that is, with same password mark It is corresponded between encrypted message and code data.
The Crypted password value is to be encrypted using the encryption key to original password value, that is to say, that What is stored in electronic equipment is Crypted password value, and not original password value, so, even if there is criminal to get electronics The Crypted password value stored in equipment, is also unable to get original password value, so that criminal be avoided to store by decryption The mode in region gets original password value.
Second storage region of the electronic equipment is different from the first storage region, i.e. the first storage region and the second storage Region respectively corresponds different storage address.Crypted password value is respectively stored in the difference in electronic equipment with encryption key to deposit In storage area domain, separate Crypted password value mutually with encryption key, so that criminal is difficult having got Crypted password value To crack out original password value.
In one example, the storage format of encrypted message can be as shown in table 1 below:
1 encrypted message of table
In table 1, " ID1, ID2, ID3 ... " is cipher mark, and " encryption key1, encryption key2, encryption key3 ... " is With " ID1, ID2, ID3 ... " associated encryption key respectively, in the encrypted message shown in table 1, password category is also added Property, the cryptographic properties are also associated with cipher mark, moreover, the cryptographic properties can be used for setting code management parameters.
In one example, the storage format of code data can be as shown in table 2 below:
2 code data of table
ID1 Crypted password value 1
ID2 Crypted password value 2
ID3 Crypted password value 3
…… ……
IDn Crypted password value n
Between the contents such as the Crypted password value in table 2 and the encryption key in table 1, cryptographic properties, respective table can be passed through In cipher mark establish one-to-one relationship.Wherein, in table 1,2, n is natural number.
In one example, step S101~S102 can also be used to realize password adding procedure, as shown in Fig. 2, by password mark Know and be added in the encrypted message of the first storage region for the encrypted message of " 1000 ", is the password number of " 1000 " by cipher mark According to being added in the code data of the second storage region.
In password adding procedure, the sky in the first storage region can be found by traversing the first storage region automatically Encrypted message to be added is written in remaining position, the vacant position in first storage region;Also, automatic traversal second is deposited Storage area domain searches out the vacant position in the second storage region, in the vacant position in second storage region write-in to The code data of addition.
Wherein, password adding procedure can be the password addition instruction issued in response to remote server and execute.
Cipher management method provided in this embodiment is applied to electronic equipment, and what is stored in electronic equipment is Crypted password Value, rather than original password value, make criminal that can not get original password value by decryption storage address;And And store encryption key and Crypted password value to the different storage zone of the electronic equipment respectively, improve criminal Crypted password value is cracked to obtain the difficulty of original password value;Also, in the way of encryption key combining encryption password value come Administrator password makes criminal that can not pass through password authentification by way of illegally distorting password or addition new password.So Password Management scheme of the invention, from the safety for largely improving password.
Fig. 3~4 is please referred to, Fig. 3 is the flow chart of the generating process of encryption key provided by the embodiments of the present application.
In Password Management scheme of the invention, it is close that the present embodiment additionally provides encryption associated with the cipher mark The generating process of key.
As shown in figure 3, the generating process of the encryption key includes:
S201: the preset data in the cipher mark and the electronic equipment is obtained.
Before generating encryption key associated with cipher mark, the cipher mark can be automatic by electronic equipment It generates, is also possible to by user's sets itself.
Preset data in electronic equipment can be the included unique identification data of electronic equipment, such as MAC Address, sequence Number etc., it is also possible to the unique identification data of the electronic equipment obtain after coded treatment in the way of pre-arranged code Pre-arranged code data can also be the unique identification data uniformly issued by server.So the preset data of electronic equipment can To be that unique, i.e., different electronic equipment has different preset datas.
S202: according to the cipher mark and the preset data, it is close to generate encryption associated with the cipher mark Key.
In one example, preset key schedule can be used, using cipher mark and preset data as encryption key Generate parameter, to generate encryption key associated with the cipher mark, as shown in figure 4, the encryption equipment in Fig. 4 be built-in with it is pre- If key schedule, and can be used for realizing the generating process of encryption key.
The generating process of encryption key provided in this embodiment, according in the cipher mark and electronic equipment got in advance Preset data, associated with cipher mark encryption key is generated, so that different electronic equipments, different password marks Know, can be corresponding with different encryption keys, ensure that the uniqueness of encryption key, improve Crypted password value cracks difficulty Degree, further improves the safety of password.
Fig. 5~6 is please referred to, Fig. 5 is the flow chart of password update process provided by the embodiments of the present application, and Fig. 6 is the application The schematic diagram for the password update process that embodiment provides.
In Password Management scheme of the invention, the present embodiment additionally provides corresponding password update process.
As shown in figure 5, the password update process includes:
S301: Xinmi City's code value associated with first password mark is obtained.
First password mark can be existing any password in the encrypted message of the first storage region of electronic equipment storage It identifies (cipher mark " 1000 " in such as Fig. 6);Xinmi City's code value associated with first password mark, can be set by user Associated new original password value is identified with first password.
S302: encryption key associated with first password mark is utilized, Xinmi City's code value is encrypted, is obtained To new Crypted password value.
S303: associated with first password mark to add in the code data that second storage region is stored Close password value is updated to the new Crypted password value.
In one example, the password update process, in addition to it can be updated to the Crypted password value in code data Outside, cryptographic properties associated with the cipher mark in encrypted message can also be updated.For example, the cryptographic properties The process of update can include: obtain new password attribute associated with the second cipher mark;First storage region is stored Encrypted message in, cryptographic properties associated with second cipher mark are updated to the new password attribute.
Wherein, the second cipher mark can be any present in the encrypted message of the first storage region of electronic equipment storage Cipher mark;New password attribute associated with the second cipher mark can be set by user and second cipher mark Associated new cryptographic properties.
Password update process can be the password update instruction execution issued in response to remote server.
Password update process provided in this embodiment obtains Xinmi City's code value associated with first password mark, and utilizes Encryption key associated with first password mark, encrypts Xinmi City's code value, obtains new Crypted password value, most In the code data that second storage region is stored afterwards, Crypted password value associated with first password mark, more It is newly the new Crypted password value, realizes the update of Crypted password value;By the way of type, cryptographic properties can also be realized Renewal process.
Referring to Fig. 7, Fig. 7 is the schematic diagram of password failure procedure provided by the embodiments of the present application.
As shown in fig. 7, cryptographic properties in encrypted message may include password power in Password Management scheme of the invention At least one of in limit, cryptographic state, password initial time, password finish time and cryptoperiod label.That is, described Encrypted message can also include password finish time associated with the cipher mark.
When password finish time associated with third cipher mark (cipher mark " 10 " in such as Fig. 7) earlier than it is current when When quarter, from the encrypted message that first storage region stores, the third cipher mark and close with the third is deleted Code identifies associated encryption key, and from the code data that second storage region stores, deletes the third password Mark.
The current time can be and be got according to the system time of electronic equipment, is also possible to obtain from network It gets.
Other than it can execute password delete operation after password fails, it may also respond to what remote server issued Password deletes instruction, to execute above-mentioned password delete operation.
In above-mentioned delete operation, in addition to described the can be deleted from the encrypted message that first storage region stores Three cipher marks and encryption key associated with the third cipher mark, and from second storage region store it is close Code data in delete except the third cipher mark, can also from the first storage region in the second storage region delete with Other associated encrypted messages of the third cipher mark and code data, that is, can be from the first storage region with second Full content associated with the third cipher mark is deleted in storage region.
In every content of cryptographic properties, password permission is for marking whether password has Password Management permission.It is based on Password with Password Management permission can execute management operation to other passwords without administration authority.
Cryptographic state is used to mark whether the current state of password, such as password to be in frozen state.If electronic equipment connects The password for carrying the 4th cipher mark that remote server issues is received to freeze to instruct, then by the first storage region with the 4th The associated cryptographic state of cipher mark is set as frozen state, keeps the 4th associated password of cipher mark unavailable;If electronics is set It is standby receive remote server and issue carry the password of the 4th cipher mark and thaw instruction, then by the first storage region with the The associated cryptographic state of four cipher marks is set as thawed state, use the 4th associated password of cipher mark can defrosting.
Password initial time and password finish time are used to mark the timeliness of password, only rise at current time positioned at password When beginning between moment and password finish time, password authentification is just effective.It wherein, can also according to the timeliness of password and current time To safeguard the current state of password automatically.For example, if when current time associated earlier than the 4th cipher mark password initial time, Down state is set by the current state of the 4th associated password of cipher mark.
Cryptoperiod is marked for marking whether password is periodical password.If electronic equipment receives under remote server The periodical setting instruction for carrying the 4th cipher mark of hair, then will be associated with the 4th cipher mark in the first storage region Cryptoperiod label is set to TURE, and the 4th associated password of cipher mark is made to have cyclic attributes, i.e., can in predetermined period With.
Password failure procedure provided in this embodiment, using this parameter of password finish time in encrypted message, in conjunction with working as The preceding moment realizes the process being automatically deleted after password failure, improves Password Management efficiency.Also, in conjunction with password category abundant Property, the parameter configuration of password permission, cryptographic state, cryptoperiod etc. is realized, Password Management effect is further improved Rate.
Referring to Fig. 8, Fig. 8 is the flow chart of password verification process provided by the embodiments of the present application.
Based on Password Management scheme of the invention, the present embodiment additionally provides corresponding password verification process.
As shown in figure 8, the password verification process includes:
S401: the verifying password value of user's input is obtained.
The verifying password value refers to password value to be verified, is usually manually entered by user, or led to by user Radio-frequency card is crossed to input and got by way of radio frequency identification by electronic equipment.
S402: using the encryption key in the encrypted message of first storage region storage, to second memory block Crypted password value in the code data of domain storage is decrypted, and obtains clear crytpographic key value.
When verifying password each time, require using encryption key in the first storage region in the second storage region Crypted password value is decrypted, and obtains clear crytpographic key value.
It include one or more encryption keys in one example, in first storage region, correspondingly, the second storage region In include one or more Crypted password values.Encryption in the encrypted message using first storage region storage is close Key, it includes: to deposit using described first that the Crypted password value in the code data of second storage region storage, which is decrypted, All encryption keys in the encrypted message of storage area domain storage, respectively to phase in the code data of second storage region storage Corresponding Crypted password value is decrypted, and obtains all clear crytpographic key values.
S403: judging whether the verifying password value matches with the clear crytpographic key value, if so, thening follow the steps S404;Otherwise, step S405 is executed.
If what decryption obtained is unique decryption password value, the verifying password value matches with the clear crytpographic key value is Refer to, it is original password value that the verifying password value is identical as unique decryption password value;If what decryption obtained is multiple solutions When close password value, then the verifying password value matches with the clear crytpographic key value and refers to, the verifying password value and described more A clear crytpographic key value in a clear crytpographic key value is identical, and the mode for traversing the multiple clear crytpographic key value specifically can be used, will Multiple clear crytpographic key values are compared one by one with the verifying password value, whether there is in the multiple clear crytpographic key value of determination One clear crytpographic key value is identical as the verifying password value.
If the verifying password value of user's input is accurate, and the Crypted password value of the second storage region storage is not tampered with, then Verifying password value should match with clear crytpographic key value;Otherwise, verifying password value and clear crytpographic key value will mismatch.
S404: password authentification success is determined.
S405: determine that password authentification fails.
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines close Code authentication failed.When electronic equipment is intelligent cipher lock, institute is then opened in password authentification success, and password authentification failure is not unlocked then.
If criminal has cracked the address information of the second storage region of storage Crypted password value, and has distorted second Crypted password value in storage region, then electronic equipment is close to the encryption after distorting using the encryption key of the first storage region When code value is decrypted, decryption error will occurs, password authentification is caused to fail.Meanwhile electronic equipment can also test password The type of error of card failure is uploaded to server, and the legitimate user of electronic equipment is transmitted to by server, so as to electronic equipment Legitimate user know the situation in time.
Also, when the Crypted password value after distorting is decrypted using the encryption key of the first storage region, even if Can successful decryption go out a clear crytpographic key value, criminal can not also know that the clear crytpographic key value is, can not equally adopt Successfully pass password authentification with effective clear crytpographic key value, thus prevent criminal by way of distorting password value come Successfully pass password authentification.
If after having cracked the second storage region of Crypted password value, customized password value is added to by criminal In second storage region, the encryption key due to not being stored with the customized password value in the first storage region is understood, so must The decryption failure that so will lead to the customized password value, causes password authentification to fail, it is therefore prevented that criminal is close by adding The mode of code value successfully passes password authentification.
In one example, when being encrypted using encryption secret key pair original password value, preset Encryption Algorithm can be used, even if Criminal has got encryption key and Crypted password value simultaneously, but as long as he does not know Encryption Algorithm, just can not equally obtain Effective clear crytpographic key value is got, also customized password value can not be encrypted to effective Crypted password using encryption key Value, to further avoid criminal's effectively distorting and adding to Crypted password value.
Password verification process provided in this embodiment obtains the verifying password value of user's input, utilizes first storage Encryption key in the encrypted message of region storage, to the Crypted password value in the code data of second storage region storage It is decrypted, obtains clear crytpographic key value, and determine with whether the clear crytpographic key value matches according to the verifying password value Password authentification success and failure can not also obtain even if criminal has distorted the Crypted password value of the second storage region storage Corresponding clear crytpographic key value, also can not just input the verifying password value to match with clear crytpographic key value, test to improve password The accuracy and safety of card process.
The embodiment of the invention also provides Password Management device, the Password Management device is for realizing the embodiment of the present invention The cipher management method of offer, the technology contents of Password Management device described below can be with above-described Password Management side The technology contents of method correspond to each other reference.
Referring to Fig. 9, Fig. 9 is a kind of structural schematic diagram of Password Management device provided by the embodiments of the present application.
The Password Management device of the present embodiment, for implementing the cipher management method of previous embodiment, as shown in figure 9, institute Stating device includes:
Encrypted message storage unit 100, for storing encrypted message to the first storage region of the electronic equipment.
Code data storage unit 200, for storing code data to the second storage region of the electronic equipment.
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is Original password value is encrypted using the encryption key;Second storage region and first storage region It is different.
Password Management device provided in this embodiment is applied to electronic equipment, and what is stored in electronic equipment is Crypted password Value, rather than original password value, make criminal that can not get original password value by decryption storage address;And And store encryption key and Crypted password value to the different storage zone of the electronic equipment respectively, improve criminal Crypted password value is cracked to obtain the difficulty of original password value;Also, in the way of encryption key combining encryption password value come Administrator password makes criminal that can not pass through password authentification by way of illegally distorting password or addition new password.So Password Management scheme of the invention, from the safety for largely improving password.
Referring to Fig. 10, Figure 10 is another structural schematic diagram of Password Management device provided by the embodiments of the present application.
As shown in Figure 10, the Password Management device of the present embodiment, in addition to including the encrypted message storage in previous embodiment It can also include encrypting key generating unit 300, password value updating unit outside unit 100, code data storage unit 200 400, cryptographic properties updating unit 500, password crash handling unit 600, in password authentication unit 700 at least one of.
The encrypting key generating unit 300 is used for:
Obtain the preset data in the cipher mark and the electronic equipment;
According to the cipher mark and the preset data, encryption key associated with the cipher mark is generated.
The password value updating unit 400 is used for:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is obtained new Crypted password value;
In the code data that second storage region is stored, Crypted password associated with first password mark Value, is updated to the new Crypted password value.
The encrypted message further include: cryptographic properties associated with the cipher mark;The cryptographic properties update single Member 500 is used for:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, password category associated with second cipher mark Property, it is updated to the new password attribute.
The encrypted message further include: password finish time associated with the cipher mark;At the password failure Reason unit 600 is used for:
When password finish time associated with third cipher mark is earlier than current time, from first storage region In the encrypted message of storage, the third cipher mark and encryption key associated with the third cipher mark are deleted, And from the code data that second storage region stores, the third cipher mark is deleted.
The password authentication unit 700 is used for:
Obtain the verifying password value of user's input;
Using the encryption key in the encrypted message of first storage region storage, second storage region is stored Code data in Crypted password value be decrypted, obtain clear crytpographic key value;
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines close Code authentication failed.
Password Management device provided in this embodiment ensure that the unique of encryption key by encrypting key generating unit Property, improve Crypted password value cracks difficulty;It is realized by the password value updating unit with cryptographic properties updating unit Password update process;By password crash handling unit, the process being automatically deleted after password failure is realized, password pipe is improved Manage efficiency;The accuracy and safety of password verification process are improved by password authentication unit.
Password Management device provided in an embodiment of the present invention, including processor and memory, above-mentioned encrypted message storage are single Member 100, code data storage unit 200, encrypting key generating unit 300, password value updating unit 400, cryptographic properties update Unit 500, password crash handling unit 600, password authentication unit 700 etc. are used as program unit storage in memory, by Processor executes above procedure unit stored in memory to realize corresponding function.
Include kernel in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be set one Or more, the technical problem that cipher safety is poor in Current Password Managed Solution is solved by adjusting kernel parameter.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, if read-only memory (ROM) or flash memory (flash RAM), memory include that at least one is deposited Store up chip.
Figure 11 is please referred to, Figure 11 is the structural schematic diagram of electronic equipment provided by the embodiments of the present application.
The electronic equipment can be intelligent cipher lock.As shown in figure 11, the electronic equipment includes: for storing password First storage region 10 of information, and for storing the second storage region 20 of code data;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is Original password value is encrypted using the encryption key;Second storage region and first storage region It is different.
What is stored in electronic equipment provided in this embodiment is Crypted password value, rather than original password value, makes illegal point Son can not get original password value by decryption storage address;Moreover, encryption key and Crypted password value are distinguished It stores to the different storage zone of the electronic equipment, improves criminal and crack Crypted password value to obtain original password value Difficulty;Also, make criminal can not be by illegal come administrator password in the way of encryption key combining encryption password value It distorts password or adds the mode of new password to pass through password authentification.So Password Management scheme of the invention, from high degree On improve the safety of password.
The embodiment of the invention provides a kind of storage mediums, are stored thereon with program, real when which is executed by processor The existing cipher management method.
The embodiment of the invention provides a kind of processor, the processor is for running program, wherein described program operation Cipher management method described in Shi Zhihang.
The embodiment of the invention provides a kind of equipment, equipment include processor, memory and storage on a memory and can The step of program run on a processor, processor realizes above-mentioned cipher management method when executing program.
Equipment herein can be server, PC, PAD, mobile phone etc..
Present invention also provides a kind of computer program products, when executing on data processing equipment, are adapted for carrying out just Beginningization has the program of the step of cipher management method.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable Jie The example of matter.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element There is also other identical elements in process, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
The above is only embodiments herein, are not intended to limit this application.To those skilled in the art, Various changes and changes are possible in this application.It is all within the spirit and principles of the present application made by any modification, equivalent replacement, Improve etc., it should be included within the scope of the claims of this application.

Claims (10)

1. a kind of cipher management method, which is characterized in that be applied to electronic equipment, which comprises
Encrypted message is stored to the first storage region of the electronic equipment;
Code data is stored to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The password Data include the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to utilize The encryption key encrypts original password value;Second storage region and first storage region are not Together.
2. the method as described in claim 1, which is characterized in that the generation of encryption key associated with the cipher mark Journey includes:
Obtain the preset data in the cipher mark and the electronic equipment;
According to the cipher mark and the preset data, encryption key associated with the cipher mark is generated.
3. the method as described in claim 1, which is characterized in that the method also includes:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is newly encrypted Password value;
In the code data that second storage region is stored, Crypted password value associated with first password mark, It is updated to the new Crypted password value.
4. the method as described in claim 1, which is characterized in that the encrypted message further include: related to the cipher mark The cryptographic properties of connection;The method also includes:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, cryptographic properties associated with second cipher mark, more It is newly the new password attribute.
5. the method as described in claim 1, which is characterized in that the encrypted message further include: related to the cipher mark The password finish time of connection;The method also includes:
When password finish time associated with third cipher mark is earlier than current time, stored from first storage region Encrypted message in, delete the third cipher mark and encryption key associated with the third cipher mark, and from In the code data of the second storage region storage, the third cipher mark is deleted.
6. the method as described in claim 1, which is characterized in that the method also includes:
Obtain the verifying password value of user's input;
Using the encryption key in the encrypted message of first storage region storage, to the close of second storage region storage Crypted password value in code data is decrypted, and obtains clear crytpographic key value;
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines password is tested Card failure.
7. a kind of Password Management device, which is characterized in that be applied to electronic equipment, described device includes:
Encrypted message storage unit, for storing encrypted message to the first storage region of the electronic equipment;
Code data storage unit, for storing code data to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The password Data include the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to utilize The encryption key encrypts original password value;Second storage region and first storage region are not Together.
8. device as described in claim 1, which is characterized in that described device further includes password value updating unit, the password Value updating unit is used for:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is newly encrypted Password value;
In the code data that second storage region is stored, Crypted password value associated with first password mark, It is updated to the new Crypted password value.
9. device as described in claim 1, which is characterized in that the encrypted message further include: related to the cipher mark The cryptographic properties of connection;Described device further includes cryptographic properties updating unit;The cryptographic properties updating unit is used for:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, cryptographic properties associated with second cipher mark, more It is newly the new password attribute.
10. a kind of electronic equipment characterized by comprising for storing the first storage region of encrypted message, and for depositing Store up the second storage region of code data;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The password Data include the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to utilize The encryption key encrypts original password value;Second storage region and first storage region are not Together.
CN201810824234.6A 2018-07-25 2018-07-25 Password management method and device and electronic equipment Active CN109064596B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810824234.6A CN109064596B (en) 2018-07-25 2018-07-25 Password management method and device and electronic equipment
PCT/CN2019/097761 WO2020020304A1 (en) 2018-07-25 2019-07-25 Device management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810824234.6A CN109064596B (en) 2018-07-25 2018-07-25 Password management method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN109064596A true CN109064596A (en) 2018-12-21
CN109064596B CN109064596B (en) 2021-07-13

Family

ID=64835397

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810824234.6A Active CN109064596B (en) 2018-07-25 2018-07-25 Password management method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN109064596B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109815686A (en) * 2019-03-01 2019-05-28 浙江齐治科技股份有限公司 A kind of login password change method and device
CN110148246A (en) * 2019-06-13 2019-08-20 上海钧正网络科技有限公司 A kind of smart lock control device and communication system
CN110659466A (en) * 2019-09-26 2020-01-07 支付宝(杭州)信息技术有限公司 Method and device for processing encryption behavior
CN110727940A (en) * 2019-09-20 2020-01-24 Oppo(重庆)智能科技有限公司 Electronic equipment password management method, device, equipment and storage medium
WO2020020304A1 (en) * 2018-07-25 2020-01-30 云丁网络技术(北京)有限公司 Device management method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101226507A (en) * 2007-01-16 2008-07-23 环隆电气股份有限公司 Security method and system as well as correlative pairing enciphering system thereof
CN101256609A (en) * 2007-03-02 2008-09-03 群联电子股份有限公司 Storing card and safety method thereof
CN101938461A (en) * 2009-06-29 2011-01-05 索尼公司 Netscape messaging server Netscape, messaging device and information processing method
CN104866784A (en) * 2015-06-03 2015-08-26 杭州华澜微科技有限公司 BIOS encryption-based safety hard disk, and data encryption and decryption method
CN105284072A (en) * 2013-08-12 2016-01-27 德国邮政股份公司 Support for decryption of encrypted data
CN105302490A (en) * 2015-10-30 2016-02-03 南京秦杜明视信息技术有限公司 Data storage method
CN107241184A (en) * 2017-06-13 2017-10-10 西北工业大学 Personal identification number generation and management method based on improvement AES

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101226507A (en) * 2007-01-16 2008-07-23 环隆电气股份有限公司 Security method and system as well as correlative pairing enciphering system thereof
CN101256609A (en) * 2007-03-02 2008-09-03 群联电子股份有限公司 Storing card and safety method thereof
CN101938461A (en) * 2009-06-29 2011-01-05 索尼公司 Netscape messaging server Netscape, messaging device and information processing method
CN105284072A (en) * 2013-08-12 2016-01-27 德国邮政股份公司 Support for decryption of encrypted data
CN104866784A (en) * 2015-06-03 2015-08-26 杭州华澜微科技有限公司 BIOS encryption-based safety hard disk, and data encryption and decryption method
CN105302490A (en) * 2015-10-30 2016-02-03 南京秦杜明视信息技术有限公司 Data storage method
CN107241184A (en) * 2017-06-13 2017-10-10 西北工业大学 Personal identification number generation and management method based on improvement AES

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020020304A1 (en) * 2018-07-25 2020-01-30 云丁网络技术(北京)有限公司 Device management method and system
CN109815686A (en) * 2019-03-01 2019-05-28 浙江齐治科技股份有限公司 A kind of login password change method and device
CN110148246A (en) * 2019-06-13 2019-08-20 上海钧正网络科技有限公司 A kind of smart lock control device and communication system
CN110727940A (en) * 2019-09-20 2020-01-24 Oppo(重庆)智能科技有限公司 Electronic equipment password management method, device, equipment and storage medium
CN110659466A (en) * 2019-09-26 2020-01-07 支付宝(杭州)信息技术有限公司 Method and device for processing encryption behavior

Also Published As

Publication number Publication date
CN109064596B (en) 2021-07-13

Similar Documents

Publication Publication Date Title
CN109064596A (en) Cipher management method, device and electronic equipment
CN108053001B (en) Information security authentication method and system for electronic warehouse receipt
CN109886040B (en) Data processing method, data processing device, storage medium and processor
CN100464315C (en) Mobile memory divulgence protection method and system
US9135430B2 (en) Digital rights management system and method
CN106022154B (en) Database encryption method and database server
US11184161B2 (en) Method and devices for verifying authorization of an electronic device
CN102365839B (en) Key implementation system
CN107959567A (en) Date storage method, data capture method, apparatus and system
US20130007467A1 (en) Binding of cryptographic content using unique device characteristics with server heuristics
CN103701611A (en) Method for accessing and uploading data in data storage system
CN102859929A (en) Online secure device provisioning with updated offline identity data generation and offline device binding
CN105612715A (en) Security processing unit with configurable access control
CN103581196A (en) Distributed file transparent encryption method and transparent decryption method
CN113282944B (en) Intelligent lock unlocking method and device, electronic equipment and storage medium
CN104350503A (en) Memory device and memory system
CN108768963A (en) The communication means and system of trusted application and safety element
CN114267100B (en) Unlocking authentication method and device, security chip and electronic key management system
CN104636444A (en) Database encryption and decryption method and device
CN104868998A (en) System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices
CN111460420A (en) Method, device and medium for using electronic seal based on block chain
GB2598296A (en) Digital storage and data transport system
CN108737079B (en) Distributed quantum key management system and method
CN103973698A (en) User access right revoking method in cloud storage environment
CN115348107A (en) Internet of things equipment secure login method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant