CN109064596A - Cipher management method, device and electronic equipment - Google Patents
Cipher management method, device and electronic equipment Download PDFInfo
- Publication number
- CN109064596A CN109064596A CN201810824234.6A CN201810824234A CN109064596A CN 109064596 A CN109064596 A CN 109064596A CN 201810824234 A CN201810824234 A CN 201810824234A CN 109064596 A CN109064596 A CN 109064596A
- Authority
- CN
- China
- Prior art keywords
- password
- value
- storage region
- mark
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00817—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Cipher management method, device and electronic equipment provided by the invention store encrypted message to the first storage region of the electronic equipment;Code data is stored to the second storage region of the electronic equipment;Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to be encrypted using the encryption key to original password value;Second storage region is different from first storage region.The present invention stores encrypted message and code data in the different storage zone of electronic equipment respectively, improve the difficulty of criminal's decryption, make criminal that can not successfully pass password authentification by way of distorting password and addition new password, largely improves the safety of password.
Description
Technical field
The present invention relates to field of information processing, more specifically to cipher management method, device and electronic equipment.
Background technique
Industry is rented in apartment length at present, intelligent cipher lock has become the standard configuration of length Renting an Apartment, intelligent cipher
Lock is generally configured with common functions, the apartment management for house-owner or apartment operator such as long-range addition password, long-range deletion password and mentions
Great convenience is supplied.
The conventional cipher Managed Solution of intelligent cipher lock is that door lock password is stored directly in the specific of intelligent cipher lock to deposit
Storage area domain, still, if the address information of particular memory region where having criminal to crack door lock password, can directly result in
The leakage of door lock password, or even also result in the door lock password stored in intelligent cipher lock and arbitrarily distorted by criminal, even
Criminal is set arbitrarily to add new password in intelligent cipher lock in the unwitting situation of resident, to seriously affect
The personal safety and property safety of resident.It can be seen that using traditional Password Management scheme come administrator password, so that password
Safety is poor, can not effectively meet the security requirement of user.
Therefore, there is an urgent need to a kind of effective Password Management schemes at present, sufficiently full to improve the safety of password
The security requirement of sufficient user.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind
State the cipher management method and device of problem.
To achieve the above object, the invention provides the following technical scheme:
A kind of cipher management method is applied to electronic equipment, which comprises
Encrypted message is stored to the first storage region of the electronic equipment;
Code data is stored to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described
Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is
Original password value is encrypted using the encryption key;Second storage region and first storage region
It is different.
Preferably, the generating process of encryption key associated with the cipher mark includes:
Obtain the preset data in the cipher mark and the electronic equipment;
According to the cipher mark and the preset data, encryption key associated with the cipher mark is generated.
Preferably, the method also includes:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is obtained new
Crypted password value;
In the code data that second storage region is stored, Crypted password associated with first password mark
Value, is updated to the new Crypted password value.
Preferably, the encrypted message further include: cryptographic properties associated with the cipher mark;The method is also wrapped
It includes:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, password category associated with second cipher mark
Property, it is updated to the new password attribute.
Preferably, the encrypted message further include: password finish time associated with the cipher mark;The method
Further include:
When password finish time associated with third cipher mark is earlier than current time, from first storage region
In the encrypted message of storage, the third cipher mark and encryption key associated with the third cipher mark are deleted,
And from the code data that second storage region stores, the third cipher mark is deleted.
Preferably, the method also includes:
Obtain the verifying password value of user's input;
Using the encryption key in the encrypted message of first storage region storage, second storage region is stored
Code data in Crypted password value be decrypted, obtain clear crytpographic key value;
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines close
Code authentication failed.
A kind of Password Management device, is applied to electronic equipment, and described device includes:
Encrypted message storage unit, for storing encrypted message to the first storage region of the electronic equipment;
Code data storage unit, for storing code data to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described
Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is
Original password value is encrypted using the encryption key;Second storage region and first storage region
It is different.
Preferably, described device further includes password value updating unit, and the password value updating unit is used for:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is obtained new
Crypted password value;
In the code data that second storage region is stored, Crypted password associated with first password mark
Value, is updated to the new Crypted password value.
Preferably, the encrypted message further include: cryptographic properties associated with the cipher mark;Described device is also wrapped
Include cryptographic properties updating unit;The cryptographic properties updating unit is used for:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, password category associated with second cipher mark
Property, it is updated to the new password attribute.
A kind of electronic equipment, comprising: for storing the first storage region of encrypted message, and for storing code data
The second storage region;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described
Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is
Original password value is encrypted using the encryption key;Second storage region and first storage region
It is different.
By above-mentioned technical proposal, cipher management method and device provided by the invention are applied to electronic equipment, and electronics is set
Standby middle storage is Crypted password value, rather than original password value, make criminal can not by decryption storage address come
Get original password value;Moreover, being stored encryption key respectively from Crypted password value to the different storages of the electronic equipment
Region improves criminal and cracks Crypted password value to obtain the difficulty of original password value;Also, it is combined using encryption key
The mode of Crypted password value carrys out administrator password, make criminal can not illegally distort password or addition new password by way of come
Pass through password authentification.So Password Management scheme of the invention, from the safety for largely improving password.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the flow chart of cipher management method provided by the embodiments of the present application;
Fig. 2 is the schematic diagram of password adding procedure provided by the embodiments of the present application;
Fig. 3 is the flow chart of the generating process of encryption key provided by the embodiments of the present application;
Fig. 4 is the schematic diagram of the generating process of encryption key provided by the embodiments of the present application;
Fig. 5 is the flow chart of password update process provided by the embodiments of the present application;
Fig. 6 is the schematic diagram of password update process provided by the embodiments of the present application;
Fig. 7 is the schematic diagram of password failure procedure provided by the embodiments of the present application;
Fig. 8 is the flow chart of password verification process provided by the embodiments of the present application;
Fig. 9 is a kind of structural schematic diagram of Password Management device provided by the embodiments of the present application;
Figure 10 is another structural schematic diagram of Password Management device provided by the embodiments of the present application;
Figure 11 is the structural schematic diagram of electronic equipment provided by the embodiments of the present application.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
Cipher management method provided by the embodiments of the present application and Password Management device, can be applied to electronic equipment, the electricity
Sub- equipment can be intelligent cipher lock, be also possible to other electronic equipments with cryptographic functions such as password storage, password authentifications.
Fig. 1~2 is please referred to, Fig. 1 is the flow chart of cipher management method provided by the embodiments of the present application.
As shown in Figure 1, the cipher management method includes:
S101: encrypted message is stored to the first storage region of the electronic equipment.
The encrypted message includes cipher mark and encryption key associated with the cipher mark.
The encryption key can be used for encrypting original password value, obtain Crypted password value;It can be used for pair
Crypted password value is decrypted, and obtains clear crytpographic key value.
Wherein, original password value be for user input clear-text passwords value, the clear crytpographic key value with it is described original close
Code value is consistent.
S102: code data is stored to the second storage region of the electronic equipment.
The code data includes the cipher mark and Crypted password value associated with the cipher mark.Its
In, cipher mark can be used for establishing one-to-one relationship between encrypted message and code data, that is, with same password mark
It is corresponded between encrypted message and code data.
The Crypted password value is to be encrypted using the encryption key to original password value, that is to say, that
What is stored in electronic equipment is Crypted password value, and not original password value, so, even if there is criminal to get electronics
The Crypted password value stored in equipment, is also unable to get original password value, so that criminal be avoided to store by decryption
The mode in region gets original password value.
Second storage region of the electronic equipment is different from the first storage region, i.e. the first storage region and the second storage
Region respectively corresponds different storage address.Crypted password value is respectively stored in the difference in electronic equipment with encryption key to deposit
In storage area domain, separate Crypted password value mutually with encryption key, so that criminal is difficult having got Crypted password value
To crack out original password value.
In one example, the storage format of encrypted message can be as shown in table 1 below:
1 encrypted message of table
In table 1, " ID1, ID2, ID3 ... " is cipher mark, and " encryption key1, encryption key2, encryption key3 ... " is
With " ID1, ID2, ID3 ... " associated encryption key respectively, in the encrypted message shown in table 1, password category is also added
Property, the cryptographic properties are also associated with cipher mark, moreover, the cryptographic properties can be used for setting code management parameters.
In one example, the storage format of code data can be as shown in table 2 below:
2 code data of table
| ID1 | Crypted password value 1 |
| ID2 | Crypted password value 2 |
| ID3 | Crypted password value 3 |
| …… | …… |
| IDn | Crypted password value n |
Between the contents such as the Crypted password value in table 2 and the encryption key in table 1, cryptographic properties, respective table can be passed through
In cipher mark establish one-to-one relationship.Wherein, in table 1,2, n is natural number.
In one example, step S101~S102 can also be used to realize password adding procedure, as shown in Fig. 2, by password mark
Know and be added in the encrypted message of the first storage region for the encrypted message of " 1000 ", is the password number of " 1000 " by cipher mark
According to being added in the code data of the second storage region.
In password adding procedure, the sky in the first storage region can be found by traversing the first storage region automatically
Encrypted message to be added is written in remaining position, the vacant position in first storage region;Also, automatic traversal second is deposited
Storage area domain searches out the vacant position in the second storage region, in the vacant position in second storage region write-in to
The code data of addition.
Wherein, password adding procedure can be the password addition instruction issued in response to remote server and execute.
Cipher management method provided in this embodiment is applied to electronic equipment, and what is stored in electronic equipment is Crypted password
Value, rather than original password value, make criminal that can not get original password value by decryption storage address;And
And store encryption key and Crypted password value to the different storage zone of the electronic equipment respectively, improve criminal
Crypted password value is cracked to obtain the difficulty of original password value;Also, in the way of encryption key combining encryption password value come
Administrator password makes criminal that can not pass through password authentification by way of illegally distorting password or addition new password.So
Password Management scheme of the invention, from the safety for largely improving password.
Fig. 3~4 is please referred to, Fig. 3 is the flow chart of the generating process of encryption key provided by the embodiments of the present application.
In Password Management scheme of the invention, it is close that the present embodiment additionally provides encryption associated with the cipher mark
The generating process of key.
As shown in figure 3, the generating process of the encryption key includes:
S201: the preset data in the cipher mark and the electronic equipment is obtained.
Before generating encryption key associated with cipher mark, the cipher mark can be automatic by electronic equipment
It generates, is also possible to by user's sets itself.
Preset data in electronic equipment can be the included unique identification data of electronic equipment, such as MAC Address, sequence
Number etc., it is also possible to the unique identification data of the electronic equipment obtain after coded treatment in the way of pre-arranged code
Pre-arranged code data can also be the unique identification data uniformly issued by server.So the preset data of electronic equipment can
To be that unique, i.e., different electronic equipment has different preset datas.
S202: according to the cipher mark and the preset data, it is close to generate encryption associated with the cipher mark
Key.
In one example, preset key schedule can be used, using cipher mark and preset data as encryption key
Generate parameter, to generate encryption key associated with the cipher mark, as shown in figure 4, the encryption equipment in Fig. 4 be built-in with it is pre-
If key schedule, and can be used for realizing the generating process of encryption key.
The generating process of encryption key provided in this embodiment, according in the cipher mark and electronic equipment got in advance
Preset data, associated with cipher mark encryption key is generated, so that different electronic equipments, different password marks
Know, can be corresponding with different encryption keys, ensure that the uniqueness of encryption key, improve Crypted password value cracks difficulty
Degree, further improves the safety of password.
Fig. 5~6 is please referred to, Fig. 5 is the flow chart of password update process provided by the embodiments of the present application, and Fig. 6 is the application
The schematic diagram for the password update process that embodiment provides.
In Password Management scheme of the invention, the present embodiment additionally provides corresponding password update process.
As shown in figure 5, the password update process includes:
S301: Xinmi City's code value associated with first password mark is obtained.
First password mark can be existing any password in the encrypted message of the first storage region of electronic equipment storage
It identifies (cipher mark " 1000 " in such as Fig. 6);Xinmi City's code value associated with first password mark, can be set by user
Associated new original password value is identified with first password.
S302: encryption key associated with first password mark is utilized, Xinmi City's code value is encrypted, is obtained
To new Crypted password value.
S303: associated with first password mark to add in the code data that second storage region is stored
Close password value is updated to the new Crypted password value.
In one example, the password update process, in addition to it can be updated to the Crypted password value in code data
Outside, cryptographic properties associated with the cipher mark in encrypted message can also be updated.For example, the cryptographic properties
The process of update can include: obtain new password attribute associated with the second cipher mark;First storage region is stored
Encrypted message in, cryptographic properties associated with second cipher mark are updated to the new password attribute.
Wherein, the second cipher mark can be any present in the encrypted message of the first storage region of electronic equipment storage
Cipher mark;New password attribute associated with the second cipher mark can be set by user and second cipher mark
Associated new cryptographic properties.
Password update process can be the password update instruction execution issued in response to remote server.
Password update process provided in this embodiment obtains Xinmi City's code value associated with first password mark, and utilizes
Encryption key associated with first password mark, encrypts Xinmi City's code value, obtains new Crypted password value, most
In the code data that second storage region is stored afterwards, Crypted password value associated with first password mark, more
It is newly the new Crypted password value, realizes the update of Crypted password value;By the way of type, cryptographic properties can also be realized
Renewal process.
Referring to Fig. 7, Fig. 7 is the schematic diagram of password failure procedure provided by the embodiments of the present application.
As shown in fig. 7, cryptographic properties in encrypted message may include password power in Password Management scheme of the invention
At least one of in limit, cryptographic state, password initial time, password finish time and cryptoperiod label.That is, described
Encrypted message can also include password finish time associated with the cipher mark.
When password finish time associated with third cipher mark (cipher mark " 10 " in such as Fig. 7) earlier than it is current when
When quarter, from the encrypted message that first storage region stores, the third cipher mark and close with the third is deleted
Code identifies associated encryption key, and from the code data that second storage region stores, deletes the third password
Mark.
The current time can be and be got according to the system time of electronic equipment, is also possible to obtain from network
It gets.
Other than it can execute password delete operation after password fails, it may also respond to what remote server issued
Password deletes instruction, to execute above-mentioned password delete operation.
In above-mentioned delete operation, in addition to described the can be deleted from the encrypted message that first storage region stores
Three cipher marks and encryption key associated with the third cipher mark, and from second storage region store it is close
Code data in delete except the third cipher mark, can also from the first storage region in the second storage region delete with
Other associated encrypted messages of the third cipher mark and code data, that is, can be from the first storage region with second
Full content associated with the third cipher mark is deleted in storage region.
In every content of cryptographic properties, password permission is for marking whether password has Password Management permission.It is based on
Password with Password Management permission can execute management operation to other passwords without administration authority.
Cryptographic state is used to mark whether the current state of password, such as password to be in frozen state.If electronic equipment connects
The password for carrying the 4th cipher mark that remote server issues is received to freeze to instruct, then by the first storage region with the 4th
The associated cryptographic state of cipher mark is set as frozen state, keeps the 4th associated password of cipher mark unavailable;If electronics is set
It is standby receive remote server and issue carry the password of the 4th cipher mark and thaw instruction, then by the first storage region with the
The associated cryptographic state of four cipher marks is set as thawed state, use the 4th associated password of cipher mark can defrosting.
Password initial time and password finish time are used to mark the timeliness of password, only rise at current time positioned at password
When beginning between moment and password finish time, password authentification is just effective.It wherein, can also according to the timeliness of password and current time
To safeguard the current state of password automatically.For example, if when current time associated earlier than the 4th cipher mark password initial time,
Down state is set by the current state of the 4th associated password of cipher mark.
Cryptoperiod is marked for marking whether password is periodical password.If electronic equipment receives under remote server
The periodical setting instruction for carrying the 4th cipher mark of hair, then will be associated with the 4th cipher mark in the first storage region
Cryptoperiod label is set to TURE, and the 4th associated password of cipher mark is made to have cyclic attributes, i.e., can in predetermined period
With.
Password failure procedure provided in this embodiment, using this parameter of password finish time in encrypted message, in conjunction with working as
The preceding moment realizes the process being automatically deleted after password failure, improves Password Management efficiency.Also, in conjunction with password category abundant
Property, the parameter configuration of password permission, cryptographic state, cryptoperiod etc. is realized, Password Management effect is further improved
Rate.
Referring to Fig. 8, Fig. 8 is the flow chart of password verification process provided by the embodiments of the present application.
Based on Password Management scheme of the invention, the present embodiment additionally provides corresponding password verification process.
As shown in figure 8, the password verification process includes:
S401: the verifying password value of user's input is obtained.
The verifying password value refers to password value to be verified, is usually manually entered by user, or led to by user
Radio-frequency card is crossed to input and got by way of radio frequency identification by electronic equipment.
S402: using the encryption key in the encrypted message of first storage region storage, to second memory block
Crypted password value in the code data of domain storage is decrypted, and obtains clear crytpographic key value.
When verifying password each time, require using encryption key in the first storage region in the second storage region
Crypted password value is decrypted, and obtains clear crytpographic key value.
It include one or more encryption keys in one example, in first storage region, correspondingly, the second storage region
In include one or more Crypted password values.Encryption in the encrypted message using first storage region storage is close
Key, it includes: to deposit using described first that the Crypted password value in the code data of second storage region storage, which is decrypted,
All encryption keys in the encrypted message of storage area domain storage, respectively to phase in the code data of second storage region storage
Corresponding Crypted password value is decrypted, and obtains all clear crytpographic key values.
S403: judging whether the verifying password value matches with the clear crytpographic key value, if so, thening follow the steps
S404;Otherwise, step S405 is executed.
If what decryption obtained is unique decryption password value, the verifying password value matches with the clear crytpographic key value is
Refer to, it is original password value that the verifying password value is identical as unique decryption password value;If what decryption obtained is multiple solutions
When close password value, then the verifying password value matches with the clear crytpographic key value and refers to, the verifying password value and described more
A clear crytpographic key value in a clear crytpographic key value is identical, and the mode for traversing the multiple clear crytpographic key value specifically can be used, will
Multiple clear crytpographic key values are compared one by one with the verifying password value, whether there is in the multiple clear crytpographic key value of determination
One clear crytpographic key value is identical as the verifying password value.
If the verifying password value of user's input is accurate, and the Crypted password value of the second storage region storage is not tampered with, then
Verifying password value should match with clear crytpographic key value;Otherwise, verifying password value and clear crytpographic key value will mismatch.
S404: password authentification success is determined.
S405: determine that password authentification fails.
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines close
Code authentication failed.When electronic equipment is intelligent cipher lock, institute is then opened in password authentification success, and password authentification failure is not unlocked then.
If criminal has cracked the address information of the second storage region of storage Crypted password value, and has distorted second
Crypted password value in storage region, then electronic equipment is close to the encryption after distorting using the encryption key of the first storage region
When code value is decrypted, decryption error will occurs, password authentification is caused to fail.Meanwhile electronic equipment can also test password
The type of error of card failure is uploaded to server, and the legitimate user of electronic equipment is transmitted to by server, so as to electronic equipment
Legitimate user know the situation in time.
Also, when the Crypted password value after distorting is decrypted using the encryption key of the first storage region, even if
Can successful decryption go out a clear crytpographic key value, criminal can not also know that the clear crytpographic key value is, can not equally adopt
Successfully pass password authentification with effective clear crytpographic key value, thus prevent criminal by way of distorting password value come
Successfully pass password authentification.
If after having cracked the second storage region of Crypted password value, customized password value is added to by criminal
In second storage region, the encryption key due to not being stored with the customized password value in the first storage region is understood, so must
The decryption failure that so will lead to the customized password value, causes password authentification to fail, it is therefore prevented that criminal is close by adding
The mode of code value successfully passes password authentification.
In one example, when being encrypted using encryption secret key pair original password value, preset Encryption Algorithm can be used, even if
Criminal has got encryption key and Crypted password value simultaneously, but as long as he does not know Encryption Algorithm, just can not equally obtain
Effective clear crytpographic key value is got, also customized password value can not be encrypted to effective Crypted password using encryption key
Value, to further avoid criminal's effectively distorting and adding to Crypted password value.
Password verification process provided in this embodiment obtains the verifying password value of user's input, utilizes first storage
Encryption key in the encrypted message of region storage, to the Crypted password value in the code data of second storage region storage
It is decrypted, obtains clear crytpographic key value, and determine with whether the clear crytpographic key value matches according to the verifying password value
Password authentification success and failure can not also obtain even if criminal has distorted the Crypted password value of the second storage region storage
Corresponding clear crytpographic key value, also can not just input the verifying password value to match with clear crytpographic key value, test to improve password
The accuracy and safety of card process.
The embodiment of the invention also provides Password Management device, the Password Management device is for realizing the embodiment of the present invention
The cipher management method of offer, the technology contents of Password Management device described below can be with above-described Password Management side
The technology contents of method correspond to each other reference.
Referring to Fig. 9, Fig. 9 is a kind of structural schematic diagram of Password Management device provided by the embodiments of the present application.
The Password Management device of the present embodiment, for implementing the cipher management method of previous embodiment, as shown in figure 9, institute
Stating device includes:
Encrypted message storage unit 100, for storing encrypted message to the first storage region of the electronic equipment.
Code data storage unit 200, for storing code data to the second storage region of the electronic equipment.
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described
Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is
Original password value is encrypted using the encryption key;Second storage region and first storage region
It is different.
Password Management device provided in this embodiment is applied to electronic equipment, and what is stored in electronic equipment is Crypted password
Value, rather than original password value, make criminal that can not get original password value by decryption storage address;And
And store encryption key and Crypted password value to the different storage zone of the electronic equipment respectively, improve criminal
Crypted password value is cracked to obtain the difficulty of original password value;Also, in the way of encryption key combining encryption password value come
Administrator password makes criminal that can not pass through password authentification by way of illegally distorting password or addition new password.So
Password Management scheme of the invention, from the safety for largely improving password.
Referring to Fig. 10, Figure 10 is another structural schematic diagram of Password Management device provided by the embodiments of the present application.
As shown in Figure 10, the Password Management device of the present embodiment, in addition to including the encrypted message storage in previous embodiment
It can also include encrypting key generating unit 300, password value updating unit outside unit 100, code data storage unit 200
400, cryptographic properties updating unit 500, password crash handling unit 600, in password authentication unit 700 at least one of.
The encrypting key generating unit 300 is used for:
Obtain the preset data in the cipher mark and the electronic equipment;
According to the cipher mark and the preset data, encryption key associated with the cipher mark is generated.
The password value updating unit 400 is used for:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is obtained new
Crypted password value;
In the code data that second storage region is stored, Crypted password associated with first password mark
Value, is updated to the new Crypted password value.
The encrypted message further include: cryptographic properties associated with the cipher mark;The cryptographic properties update single
Member 500 is used for:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, password category associated with second cipher mark
Property, it is updated to the new password attribute.
The encrypted message further include: password finish time associated with the cipher mark;At the password failure
Reason unit 600 is used for:
When password finish time associated with third cipher mark is earlier than current time, from first storage region
In the encrypted message of storage, the third cipher mark and encryption key associated with the third cipher mark are deleted,
And from the code data that second storage region stores, the third cipher mark is deleted.
The password authentication unit 700 is used for:
Obtain the verifying password value of user's input;
Using the encryption key in the encrypted message of first storage region storage, second storage region is stored
Code data in Crypted password value be decrypted, obtain clear crytpographic key value;
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines close
Code authentication failed.
Password Management device provided in this embodiment ensure that the unique of encryption key by encrypting key generating unit
Property, improve Crypted password value cracks difficulty;It is realized by the password value updating unit with cryptographic properties updating unit
Password update process;By password crash handling unit, the process being automatically deleted after password failure is realized, password pipe is improved
Manage efficiency;The accuracy and safety of password verification process are improved by password authentication unit.
Password Management device provided in an embodiment of the present invention, including processor and memory, above-mentioned encrypted message storage are single
Member 100, code data storage unit 200, encrypting key generating unit 300, password value updating unit 400, cryptographic properties update
Unit 500, password crash handling unit 600, password authentication unit 700 etc. are used as program unit storage in memory, by
Processor executes above procedure unit stored in memory to realize corresponding function.
Include kernel in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be set one
Or more, the technical problem that cipher safety is poor in Current Password Managed Solution is solved by adjusting kernel parameter.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, if read-only memory (ROM) or flash memory (flash RAM), memory include that at least one is deposited
Store up chip.
Figure 11 is please referred to, Figure 11 is the structural schematic diagram of electronic equipment provided by the embodiments of the present application.
The electronic equipment can be intelligent cipher lock.As shown in figure 11, the electronic equipment includes: for storing password
First storage region 10 of information, and for storing the second storage region 20 of code data;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;It is described
Code data includes the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is
Original password value is encrypted using the encryption key;Second storage region and first storage region
It is different.
What is stored in electronic equipment provided in this embodiment is Crypted password value, rather than original password value, makes illegal point
Son can not get original password value by decryption storage address;Moreover, encryption key and Crypted password value are distinguished
It stores to the different storage zone of the electronic equipment, improves criminal and crack Crypted password value to obtain original password value
Difficulty;Also, make criminal can not be by illegal come administrator password in the way of encryption key combining encryption password value
It distorts password or adds the mode of new password to pass through password authentification.So Password Management scheme of the invention, from high degree
On improve the safety of password.
The embodiment of the invention provides a kind of storage mediums, are stored thereon with program, real when which is executed by processor
The existing cipher management method.
The embodiment of the invention provides a kind of processor, the processor is for running program, wherein described program operation
Cipher management method described in Shi Zhihang.
The embodiment of the invention provides a kind of equipment, equipment include processor, memory and storage on a memory and can
The step of program run on a processor, processor realizes above-mentioned cipher management method when executing program.
Equipment herein can be server, PC, PAD, mobile phone etc..
Present invention also provides a kind of computer program products, when executing on data processing equipment, are adapted for carrying out just
Beginningization has the program of the step of cipher management method.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/
Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable Jie
The example of matter.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element
There is also other identical elements in process, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product.
Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application
Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code
The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The above is only embodiments herein, are not intended to limit this application.To those skilled in the art,
Various changes and changes are possible in this application.It is all within the spirit and principles of the present application made by any modification, equivalent replacement,
Improve etc., it should be included within the scope of the claims of this application.
Claims (10)
1. a kind of cipher management method, which is characterized in that be applied to electronic equipment, which comprises
Encrypted message is stored to the first storage region of the electronic equipment;
Code data is stored to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The password
Data include the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to utilize
The encryption key encrypts original password value;Second storage region and first storage region are not
Together.
2. the method as described in claim 1, which is characterized in that the generation of encryption key associated with the cipher mark
Journey includes:
Obtain the preset data in the cipher mark and the electronic equipment;
According to the cipher mark and the preset data, encryption key associated with the cipher mark is generated.
3. the method as described in claim 1, which is characterized in that the method also includes:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is newly encrypted
Password value;
In the code data that second storage region is stored, Crypted password value associated with first password mark,
It is updated to the new Crypted password value.
4. the method as described in claim 1, which is characterized in that the encrypted message further include: related to the cipher mark
The cryptographic properties of connection;The method also includes:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, cryptographic properties associated with second cipher mark, more
It is newly the new password attribute.
5. the method as described in claim 1, which is characterized in that the encrypted message further include: related to the cipher mark
The password finish time of connection;The method also includes:
When password finish time associated with third cipher mark is earlier than current time, stored from first storage region
Encrypted message in, delete the third cipher mark and encryption key associated with the third cipher mark, and from
In the code data of the second storage region storage, the third cipher mark is deleted.
6. the method as described in claim 1, which is characterized in that the method also includes:
Obtain the verifying password value of user's input;
Using the encryption key in the encrypted message of first storage region storage, to the close of second storage region storage
Crypted password value in code data is decrypted, and obtains clear crytpographic key value;
If the verifying password value matches with the clear crytpographic key value, it is determined that password authentification success;Otherwise, it determines password is tested
Card failure.
7. a kind of Password Management device, which is characterized in that be applied to electronic equipment, described device includes:
Encrypted message storage unit, for storing encrypted message to the first storage region of the electronic equipment;
Code data storage unit, for storing code data to the second storage region of the electronic equipment;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The password
Data include the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to utilize
The encryption key encrypts original password value;Second storage region and first storage region are not
Together.
8. device as described in claim 1, which is characterized in that described device further includes password value updating unit, the password
Value updating unit is used for:
Obtain Xinmi City's code value associated with first password mark;
Using encryption key associated with first password mark, Xinmi City's code value is encrypted, is newly encrypted
Password value;
In the code data that second storage region is stored, Crypted password value associated with first password mark,
It is updated to the new Crypted password value.
9. device as described in claim 1, which is characterized in that the encrypted message further include: related to the cipher mark
The cryptographic properties of connection;Described device further includes cryptographic properties updating unit;The cryptographic properties updating unit is used for:
Obtain new password attribute associated with the second cipher mark;
In the encrypted message that first storage region is stored, cryptographic properties associated with second cipher mark, more
It is newly the new password attribute.
10. a kind of electronic equipment characterized by comprising for storing the first storage region of encrypted message, and for depositing
Store up the second storage region of code data;
Wherein, the encrypted message includes cipher mark and encryption key associated with the cipher mark;The password
Data include the cipher mark and Crypted password value associated with the cipher mark, and the Crypted password value is to utilize
The encryption key encrypts original password value;Second storage region and first storage region are not
Together.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810824234.6A CN109064596B (en) | 2018-07-25 | 2018-07-25 | Password management method and device and electronic equipment |
| PCT/CN2019/097761 WO2020020304A1 (en) | 2018-07-25 | 2019-07-25 | Device management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810824234.6A CN109064596B (en) | 2018-07-25 | 2018-07-25 | Password management method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109064596A true CN109064596A (en) | 2018-12-21 |
| CN109064596B CN109064596B (en) | 2021-07-13 |
Family
ID=64835397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810824234.6A Active CN109064596B (en) | 2018-07-25 | 2018-07-25 | Password management method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109064596B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109815686A (en) * | 2019-03-01 | 2019-05-28 | 浙江齐治科技股份有限公司 | A kind of login password change method and device |
| CN110148246A (en) * | 2019-06-13 | 2019-08-20 | 上海钧正网络科技有限公司 | A kind of smart lock control device and communication system |
| CN110659466A (en) * | 2019-09-26 | 2020-01-07 | 支付宝(杭州)信息技术有限公司 | Method and device for processing encryption behavior |
| CN110727940A (en) * | 2019-09-20 | 2020-01-24 | Oppo(重庆)智能科技有限公司 | Electronic equipment password management method, device, equipment and storage medium |
| WO2020020304A1 (en) * | 2018-07-25 | 2020-01-30 | 云丁网络技术(北京)有限公司 | Device management method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101226507A (en) * | 2007-01-16 | 2008-07-23 | 环隆电气股份有限公司 | Security method and system as well as correlative pairing enciphering system thereof |
| CN101256609A (en) * | 2007-03-02 | 2008-09-03 | 群联电子股份有限公司 | Storing card and safety method thereof |
| CN101938461A (en) * | 2009-06-29 | 2011-01-05 | 索尼公司 | Netscape messaging server Netscape, messaging device and information processing method |
| CN104866784A (en) * | 2015-06-03 | 2015-08-26 | 杭州华澜微科技有限公司 | BIOS encryption-based safety hard disk, and data encryption and decryption method |
| CN105284072A (en) * | 2013-08-12 | 2016-01-27 | 德国邮政股份公司 | Support for decryption of encrypted data |
| CN105302490A (en) * | 2015-10-30 | 2016-02-03 | 南京秦杜明视信息技术有限公司 | Data storage method |
| CN107241184A (en) * | 2017-06-13 | 2017-10-10 | 西北工业大学 | Personal identification number generation and management method based on improvement AES |
-
2018
- 2018-07-25 CN CN201810824234.6A patent/CN109064596B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101226507A (en) * | 2007-01-16 | 2008-07-23 | 环隆电气股份有限公司 | Security method and system as well as correlative pairing enciphering system thereof |
| CN101256609A (en) * | 2007-03-02 | 2008-09-03 | 群联电子股份有限公司 | Storing card and safety method thereof |
| CN101938461A (en) * | 2009-06-29 | 2011-01-05 | 索尼公司 | Netscape messaging server Netscape, messaging device and information processing method |
| CN105284072A (en) * | 2013-08-12 | 2016-01-27 | 德国邮政股份公司 | Support for decryption of encrypted data |
| CN104866784A (en) * | 2015-06-03 | 2015-08-26 | 杭州华澜微科技有限公司 | BIOS encryption-based safety hard disk, and data encryption and decryption method |
| CN105302490A (en) * | 2015-10-30 | 2016-02-03 | 南京秦杜明视信息技术有限公司 | Data storage method |
| CN107241184A (en) * | 2017-06-13 | 2017-10-10 | 西北工业大学 | Personal identification number generation and management method based on improvement AES |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020020304A1 (en) * | 2018-07-25 | 2020-01-30 | 云丁网络技术(北京)有限公司 | Device management method and system |
| CN109815686A (en) * | 2019-03-01 | 2019-05-28 | 浙江齐治科技股份有限公司 | A kind of login password change method and device |
| CN110148246A (en) * | 2019-06-13 | 2019-08-20 | 上海钧正网络科技有限公司 | A kind of smart lock control device and communication system |
| CN110727940A (en) * | 2019-09-20 | 2020-01-24 | Oppo(重庆)智能科技有限公司 | Electronic equipment password management method, device, equipment and storage medium |
| CN110659466A (en) * | 2019-09-26 | 2020-01-07 | 支付宝(杭州)信息技术有限公司 | Method and device for processing encryption behavior |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109064596B (en) | 2021-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109064596A (en) | Cipher management method, device and electronic equipment | |
| CN108053001B (en) | Information security authentication method and system for electronic warehouse receipt | |
| CN100464315C (en) | Mobile memory divulgence protection method and system | |
| US9135430B2 (en) | Digital rights management system and method | |
| CN106022154B (en) | Database encryption method and database server | |
| CN102365839B (en) | Key implementation system | |
| CN107959567A (en) | Date storage method, data capture method, apparatus and system | |
| US11184161B2 (en) | Method and devices for verifying authorization of an electronic device | |
| CN103701611A (en) | Method for accessing and uploading data in data storage system | |
| CN102859929A (en) | Online secure device provisioning with updated offline identity data generation and offline device binding | |
| WO2013002833A2 (en) | Binding of cryptographic content using unique device characteristics with server heuristics | |
| CN105612715A (en) | Security processing unit with configurable access control | |
| CN103581196A (en) | Distributed file transparent encryption method and transparent decryption method | |
| CN113282944B (en) | Intelligent lock unlocking method and device, electronic equipment and storage medium | |
| CN104350503A (en) | Memory device and memory system | |
| CN108768963A (en) | The communication means and system of trusted application and safety element | |
| CN114267100B (en) | Unlocking authentication method and device, security chip and electronic key management system | |
| CN1322431C (en) | Encryption retention and data retrieve based on symmetric cipher key | |
| CN104636444A (en) | Database encryption and decryption method and device | |
| CN104868998A (en) | System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices | |
| CN111460420A (en) | Method, device and medium for using electronic seal based on block chain | |
| GB2598296A (en) | Digital storage and data transport system | |
| CN108737079B (en) | Distributed quantum key management system and method | |
| CN103973698A (en) | User access right revoking method in cloud storage environment | |
| CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |