CN109714365B - The cipher management method and system calculated based on multiple hash - Google Patents

The cipher management method and system calculated based on multiple hash Download PDF

Info

Publication number
CN109714365B
CN109714365B CN201910135846.9A CN201910135846A CN109714365B CN 109714365 B CN109714365 B CN 109714365B CN 201910135846 A CN201910135846 A CN 201910135846A CN 109714365 B CN109714365 B CN 109714365B
Authority
CN
China
Prior art keywords
user
cipher mode
password
user terminal
cipher
Prior art date
Application number
CN201910135846.9A
Other languages
Chinese (zh)
Other versions
CN109714365A (en
Inventor
朱雷磊
谈广林
夏海涌
Original Assignee
南京金信通信息服务有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 南京金信通信息服务有限公司 filed Critical 南京金信通信息服务有限公司
Priority to CN201910135846.9A priority Critical patent/CN109714365B/en
Publication of CN109714365A publication Critical patent/CN109714365A/en
Application granted granted Critical
Publication of CN109714365B publication Critical patent/CN109714365B/en

Links

Abstract

The invention discloses a kind of cipher management methods calculated based on multiple hash, it include: the registration request that received server-side user terminal is sent, select cipher mode, the cipher mode includes Encryption Algorithm and encryption number, original character string is obtained after username and password is carried out character splicing, using hash calculation, original character string is encrypted using selected cipher mode to obtain registration ciphertext data, encrypted registration ciphertext data, user name and corresponding cipher mode are stored to password database.The present invention can artificially extend the time of each cryptographic check, can effectively prevent Brute Force user password in such a way that multiple hash calculates;System pressure is distributed to each user terminal, reduces hardware cost, system pressure is small, and without any extra charge, user experience is good, can not be by malicious exploitation by the method combined using front and back end.In addition, the content of transmission is encrypted ciphertext, password disclosure risk caused by unsafe network environment is reduced.

Description

The cipher management method and system calculated based on multiple hash

Technical field

The present invention relates to Internet login id cipher safety technical fields, are dissipated in particular to one kind based on multiple The cipher management method and system of column count.

Background technique

The common methods that current internet saves user password are to carry out password to save after 1 hash calculates, because dissipating Column count is irreversible operation, i.e., can not be gone out by ciphertext retrospectively calculate in plain text, can only be carried out by plaintext by identical algorithm After encryption, it is compared with truthful data to verify the true and false.So the most common means of hack user password are " violence Crack ", the method is a kind of method of cryptanalysis, i.e., with the mode of exhaustion, password is tested one by one, true until finding out Until positive password.Such as a password for being known to be four and being all made of number, 10000 kinds of groups may be shared It closes, therefore at most attempt that correct password can be found 9999 times.

With the continuous development of computer hardware and software technology, modern computer speed is very fast, tests one kind The time that password combination needs is very short, and generally in Microsecond grade, this allows for Brute Force password and is possibly realized, and hacker can make Password is constantly tested with program, the password of user is cracked out within the acceptable short time.

Industry is for preventing the mode of Brute Force from mainly having 3 kinds at present: graphical verification code limits errors number, mobile phone Short-message verification, it is each to have different shortcomings and deficiencies by oneself.

The first, graphical verification code

When each user logs in, need to input user name, password and one need the picture of eye recognition, make in picture Machine recognition is interfered with the character and some irregular figures that are randomly generated, achievees the purpose that need manually to participate in, greatly The big rate for reducing Brute Force, increases cost of labor.Which is that the most common anti-violence in current internet cracks scheme.

The shortcomings and deficiencies of this method mainly have at 2 points:

User experience: hacker's Brute Force that small probability encounters in order to prevent is influenced, and allows the user of normal use product A skimble-skamble graphical verification code will be identified in each log in.

There is the possibility centainly cracked: as Internet technology constantly improves, there are some automatic identification figures at present The program of identifying code occurs, although discrimination can't accomplish 100%, has there is the possibility captured.

Second, limit errors number

When each user's logon attempt, this solicited message is stored in database or file system automatically by back-end system In, while inquiry system, whether be more than the number that limits, if it does, then a period of time if analyzing the user within the unit time Do not allow inside to again attempt to.Such as password mistake is more than 3 times in setting 24 hours, then does not allow to again attempt to step on the day of the account Record, is common in banking system.

The shortcomings and deficiencies of this method mainly have at 2 points:

Malicious exploitation: it is easy temporarily to block account by artificial malicious exploitation, brings puzzlement to the actual account number owner.Such as Password 3 times for deliberately inputing others in upper example by mistake, enabling can not log on the day of account actual holder, although can pass through complaint etc. Approach restores to log in, but undoubtedly brings unnecessary puzzlement to the actual account number owner.

System pressure is big: this method needs the request for logging in user to be every time stored in database or file system, so One query is carried out within the system again when logging in every time afterwards, primary log in has carried out system to read and write each 1 operation, When a large amount of concurrent requests, it be easy to cause system pressure excessive and collapses.Such as businessman is when doing the activity of flash sale, a large number of users In same time login system, causes database or file system pressure to increase suddenly, be unable to complete all requests, in turn result in system Slowly or collapse.In addition, hacker can also initiate a large amount of concurrent requests, exert heavy pressures on whenever and wherever possible to system.

The third, mobile phone short message verification

User name is cell-phone number, the design of no password, logs in send a mobile phone note verification code automatically to use every time On the mobile phone of family, the identifying code in short message is inserted system by user, can be logined successfully after verification is correct.This method is common in movement Internet works software, and the mode of " limitation errors number " is usually combined to complete jointly.

The shortcomings and deficiencies of this method essentially consist in high costs.SMS is sent every time requires expense, user volume It is bigger, log in it is more frequent, this expense is higher.

It is common to the above common methods there are one safety issue: transferring content in addition to the above shortcomings and deficiencies For the user name and password of plaintext, in the case where locating network environment is by hacker attacks, hacker can directly obtain this content, nothing Need decryption again.

Summary of the invention

It is an object of that present invention to provide a kind of cipher management method calculated based on multiple hash and systems, are dissipated by multiple The mode of column count artificially extends the time of each cryptographic check, can effectively prevent Brute Force user password;It uses simultaneously System pressure is distributed to each user terminal, reduces hardware cost, system pressure is small, without any volume by the method that front and back end combines Outer expense, user experience is good, can not be by malicious exploitation.In addition, the content of transmission is encrypted ciphertext, even if locating network By hacker attacks, password also can not be directly taken, wants the difficulty and direct violence that crack out true password by the ciphertext taken It is suitable to crack difficulty.

To reach above-mentioned purpose, in conjunction with Fig. 1, the present invention proposes a kind of cipher management method calculated based on multiple hash, The described method includes:

The registration request that received server-side user terminal is sent, the registration request include at least username and password, clothes Business device end selects cipher mode, and the cipher mode includes Encryption Algorithm and encryption number, and username and password is carried out character Original character string is obtained after splicing, and original character string is encrypted using hash calculation, using selected cipher mode Registration ciphertext data are obtained, encrypted registration ciphertext data, user name and corresponding cipher mode are stored to password number According to library.

As for the selection of cipher mode, itself operational capability, security level demand etc. can be combined comprehensive by server end It closes and is determined after considering, for example, further including security level request in the registration request, server end requests to select according to security level Select cipher mode.The account safety higher grade of user's request, the encryption number in cipher mode is more or Encryption Algorithm more It is complicated.

On this basis, the method also includes:

The logging request that received server-side user terminal is sent, include in the logging request user this log in input User name, server end transfer cipher mode corresponding with the user name according to user name from password database, return to encryption Mode is to user terminal.

User terminal receives the cipher mode that server end is sent, and carries out character spelling to the username and password in logging request It connects to obtain and logs in character string, using hash calculation, aforementioned cipher mode is used to be encrypted to character string is logged in obtain Ciphertext data are logged in, ciphertext data will be logged in and be sent to server end.

Received server-side logs in ciphertext data, registration ciphertext number corresponding with the user name in the sum of general password database According to being compared, if compared successfully, the success of this logging request of user terminal is determined, otherwise, it is determined that this login of user terminal is asked Ask failure.

For example, the password and user name that server end inputs user carry out character splicing, obtained word when user's registration Symbol string carries out encryption specific times using hash calculation, for example uses md5 encryption 10000 times, the registration that encryption is completed Ciphertext data and corresponding cipher mode (i.e. using md5 encryption 10000 times) deposit password database.

User logs in Shi Xiancong server end and obtains cipher mode, and the Encryption Algorithm of example as above is MD5, and encryption number is 10000 times, user terminal carries out local cipher using the algorithm that previous step is got, and obtained login ciphertext data are transferred to clothes Business device end, server end will log in ciphertext data and registration ciphertext data compare, to judge whether the user there is login to provide Lattice.

Common encryption mode is generally 1 time and encrypts, and under computer nowadays hardware condition, 1 encryption only needs 100 microseconds left It is right.Assuming that a common password is 8, adds 10 numbers to be optionally combined by 26 letters, there are 2821109907456 kinds Combination, hacker use force the method cracked, and the test of 100 microseconds is primary, can test all combinations within about 7.84 hours, i.e., most Need 7.84 hours can decryption more.And previous example has carried out 10000 encryptions, uses force and cracks the time of needs Increasing is original 10000 times, about 3265 days, in the process, arbitrarily can also modify Encryption Algorithm by increment, thus password without Method is obtained by Brute Force.

The cipher mode includes Encryption Algorithm and encryption number, and Encryption Algorithm and encryption number can be according to actual needs It adjusts at any time, to adapt to various situations.In addition, the adjustment of Encryption Algorithm and encryption number can have been executed by server end At without user terminal participation.

For example, as hardware advances are constantly progressive, machine, which calculates power, constantly to be enhanced, or the more optimized encryption new when appearance When algorithm, if backstage needs to adjust cipher mode, only need to use the log-in password of user newly in server end at this time Cipher mode carries out incremental computations, then modifies user and request the cipher mode for being back to user terminal when logging in.For example it will add Close number is revised as 15000 times by 10000 times, and the ciphertext by user each in password database is only needed to carry out 5000 again at this time It is saved again after secondary encryption, while the encryption number in the cipher mode returned when logging in being revised as 15000 times.

User has the account of many websites on the internet, and most of user uses same set of or a few set user names close Code character is closed, therefore is once revealed in some websites password, then account of the user in other websites also has great risk, such as certain net What is stored in the password database stood is the ciphertext data of primary encryption or the original password clear data that does not encrypt, once it lets out Close, the leakage of all or most user password, directly resulting in the information that gets compromised user in other websites, there is also very big Disclosure risk, it is stolen etc. so as to cause account of the user in synchronization major part website is got compromised, such as 2014 12306 Website password reveals event.The present invention can make website not let out the password in the case where database is obtained completely Dew, because the password saved in database is by multiple encrypted ciphertext, what is saved in middle password database as in the previous example is 10000 encrypted ciphertexts, primary encrypted data are thought even if hacker obtains this ciphertext before encryption relies on every time To the plaintext of true password, it is also desirable to which the mode cracked that uses force is cracked, and each password combination will pass through 10000 times Cryptographic operation aptitude tests is primary, without any shortcut, can not crack.If internet is all using mode proposed by the present invention Password Management is carried out, then any website is broken through by hacker and obtains all data, will not influence account of the user on other websites Family safety.

In some instances, it is contemplated that user experience, the method also includes:

User terminal receives the cipher mode that server end is sent, and carries out character spelling to the username and password in logging request Connect to obtain and log in character string, using hash calculation, using aforementioned cipher mode within the scope of setting time to logging in character String is encrypted:

It is completed if 1) encrypted within the scope of the setting time, the login ciphertext data obtained after encryption is sent to clothes Business device end.

It is not completed if 2) encrypted within the scope of the setting time, unfinished encryption number and encrypted result is sent To server end, the ciphering process of unfinished encryption number is carried out for encrypted result by server end, it is close to obtain logging in Literary data.

Preferably, the setting time range uses 1 second.

Because user terminal hardware performance is different, the time that identical algorithm for encryption needs is different, for good use Family experience, by taking setting time range was using 1 second as an example, point 2 kinds of situations are handled respectively:

(a) encryption is completed in 1 second: the ciphertext that encryption obtains being transferred to server end as login ciphertext data and is compared To verification.

(b) encryption: the encryption number that will have been carried out is not completed in 1 second, and current calculated ciphertext is transferred to service Device end, the encryption of remaining number is carried out by server end, then carries out ciphertext verification.By taking aforementioned 10000 encryptions number as an example, such as Fruit user terminal hardware performance is poor, and 8000 encryptions have been carried out in 1 second, then have been left by server end to current ciphertext 2000 times encryption, finally obtain log in ciphertext data.

For a user, using method proposed by the invention, skimble-skamble graphical verification code is identified without user, Account will not be locked by malice, also not need mobile phone at one's side and have signal, log in only needs most 1 second every time, user's body It tests good.

In other examples, the method also includes:

The registration request that received server-side user terminal is sent, the registration request include at least username and password, will Username and password carry out character splicing after obtain original character string, using hash calculation, using M kind cipher mode to original Beginning character string is encrypted to obtain M kind registration ciphertext data, by user name, M kind registration ciphertext data and corresponding encryption side Formula is stored to password database;The corresponding operand of the M kind cipher mode is different.The M is the positive integer greater than 1.

The logging request that received server-side user terminal is sent, include in the logging request user this log in input Username and password, server end are transferred corresponding with the user name according to rule of the user name from password database according to setting One of cipher mode, return to the cipher mode transferred to user terminal.

User terminal receives the cipher mode that server end returns, and carries out character spelling to the username and password in logging request It connects to obtain and logs in character string, using hash calculation, aforementioned cipher mode is used to be encrypted to character string is logged in obtain Ciphertext data are logged in, ciphertext data will be logged in and be sent to server end.

Received server-side logs in ciphertext data, registration ciphertext number corresponding with the user name in the sum of general password database According to being compared, if compared successfully, the success of this logging request of user terminal is determined, otherwise, it is determined that this login of user terminal is asked Ask failure.

It, can be by selecting different cipher modes, to adjust the security level of password using preceding method.

The server end is transferred corresponding with the user name according to rule of the user name from password database according to setting One of cipher mode include diversified forms.Portion-form therein is described below.

The first form continues the real-time load for encrypting number and server, root in conjunction with the corresponding request of the user name According to operand to select cipher mode.

Request continue encrypt number it is more, illustrate that the arithmetic speed of the user terminal is slower, need server help to login When the password that inputs carry out cryptographic operation, that is, need to consume the resource of part of server, if the real-time of server is born at this time Loading, then in order to which server is stable, under the premise of ensuring user account safety, can choose in contrast operand compared with Low cipher mode returns to user.

For example, when in the normal situation of the log in history of a certain user within a certain period of time, it is possible to determine that the user's Security level is higher, if the corresponding user terminal configuration of the user is lower, server is required in the most of the time and assists to continue Encryption, and server load is big at this time, it is lower to can choose operand in order to guarantee that server is stable for no spare resources The cipher mode of (for example encryption number is less) returns to user, and operand is concentrated on user terminal, reduces the fortune of server end Calculation amount.

In order to ensure user account safety, can also be provided that

Login failure after user's cipher mode encrypted login password lower using operand, determines that the user this time steps on Record is abnormal, and when the user logs in next time, the cipher mode of the high grade of Selecting operation amount feeds back to user, prevents user Account is by Brute Force.

Second of form, the server end are transferred and are somebody's turn to do according to rule of the user name from password database according to setting The corresponding one of cipher mode of user name refers to,

According to the number of user's logon attempt within the unit time, to adjust security level corresponding to user, in conjunction with Actual time safety grade corresponding to family, to select cipher mode.

For example, a certain user's logon attempt number is excessive, there are accounts to usurp risk, and judgement needs to improve account safety etc. Grade then selects secret grade relatively high from a variety of cipher modes, such as encrypts the more one kind of number and return to user, increases Add its verification time, reduces account and usurp risk.

The third form, the server end are transferred and are somebody's turn to do according to rule of the user name from password database according to setting The corresponding one of cipher mode of user name refers to,

In conjunction with user terminal arithmetic speed, according to operand to select cipher mode.

This kind of mode needs server end that can identify the fractional hardware configuration for sending the user terminal of logging request, estimates it Arithmetic speed, the user terminal high for arithmetic speed can return to the higher cipher mode of operand, low for arithmetic speed User terminal returns to the lower cipher mode of operand, ensuring in the case where Consumer's Experience, increases part of user's Account number safety.

Based on preceding method, the present invention further mentions a kind of password management system calculated based on multiple hash, the system Including following module:

1) password database.

2) registration module, to receive user terminal transmission registration request, the registration request include at least user name and Password selects cipher mode, and the cipher mode includes Encryption Algorithm and encryption number, and username and password is carried out character spelling Original character string is obtained after connecing, and original character string encrypt using hash calculation, using selected cipher mode To registration ciphertext data, encrypted registration ciphertext data, user name and corresponding cipher mode are stored to code data The module in library.

3) cipher mode return module includes using in the logging request to receive the logging request of user terminal transmission This logs in the username and password of input at family, transfers encryption corresponding with the user name from password database according to user name Mode returns to the module of cipher mode to user terminal.

4) correction verification module, to receive the login ciphertext data of user terminal transmission, will the sum of in password database with the use The corresponding registration ciphertext data of name in an account book are compared, if compared successfully, determine the success of this logging request of user terminal, otherwise, Determine the module of this logging request of user terminal failure.

The above technical solution of the present invention, compared with existing, significant beneficial effect is:

1) in such a way that multiple hash calculates, artificially extend the time of each cryptographic check, violence can be effectively prevent Crack user password.

2) system pressure is distributed to each user terminal, reduces hardware cost, system pressure by the method combined using front and back end Power is small, and without any extra charge, user experience is good, can not be by malicious exploitation.

3) content transmitted is encrypted ciphertext, even if locating network by hacker attacks, also can not directly take password, Want to crack out the difficulty of true password by the ciphertext taken and direct violence to crack difficulty suitable.

4) system can dynamic regulation hash calculate intensity, as computer hardware continues to develop, system seamless can be adapted to.

It should be appreciated that as long as aforementioned concepts and all combinations additionally conceived described in greater detail below are at this It can be viewed as a part of the subject matter of the disclosure in the case that the design of sample is not conflicting.In addition, required guarantor All combinations of the theme of shield are considered as a part of the subject matter of the disclosure.

Can be more fully appreciated from the following description in conjunction with attached drawing present invention teach that the foregoing and other aspects, reality Apply example and feature.The features and/or benefits of other additional aspects such as illustrative embodiments of the invention will be below Description in it is obvious, or learnt in practice by the specific embodiment instructed according to the present invention.

Detailed description of the invention

Attached drawing is not intended to drawn to scale.In the accompanying drawings, identical or nearly identical group each of is shown in each figure It can be indicated by the same numeral at part.For clarity, in each figure, not each component part is labeled. Now, example will be passed through and the embodiments of various aspects of the invention is described in reference to the drawings, in which:

Fig. 1 is the flow chart of register method in the cipher management method of the invention calculated based on multiple hash.

Fig. 2 is the flow chart of the invention that login method in cipher management method is calculated based on multiple hash.

Specific embodiment

In order to better understand the technical content of the present invention, special to lift specific embodiment and institute's accompanying drawings is cooperated to be described as follows.

In conjunction with Fig. 1, the present invention refers to a kind of cipher management method calculated based on multiple hash, which comprises

The registration request that received server-side user terminal is sent, the registration request include at least username and password, clothes Business device end selects cipher mode, and the cipher mode includes Encryption Algorithm and encryption number, and username and password is carried out character Original character string is obtained after splicing, and original character string is encrypted using hash calculation, using selected cipher mode Registration ciphertext data are obtained, encrypted registration ciphertext data, user name and corresponding cipher mode are stored to password number According to library.

In subsequent logging request, the logging request that received server-side user terminal is sent is wrapped in the logging request Including user, this logs in the username and password of input, and server end is transferred from password database and the user according to user name The corresponding cipher mode of name returns to cipher mode to user terminal.

User terminal receives the cipher mode that server end is sent, and carries out character spelling to the username and password in logging request Connect to obtain and log in character string, using hash calculation, using aforementioned cipher mode within the scope of setting time to logging in character String is encrypted:

It is completed if 1) encrypted within the scope of the setting time, the login ciphertext data obtained after encryption is sent to clothes Business device end.

It is not completed if 2) encrypted within the scope of the setting time, unfinished encryption number and encrypted result is sent To server end, the ciphering process of unfinished encryption number is carried out for encrypted result by server end, it is close to obtain logging in Literary data.

Server end will log in registration ciphertext data corresponding with the user name in ciphertext data and password database and carry out It compares, if compared successfully, the success of this logging request of user terminal is determined, otherwise, it is determined that this logging request of user terminal fails.

Preceding method is illustrated combined with specific embodiments below.

The running environment for the specific embodiment that the present invention refers to is as follows:

1) cipher mode is MD5.

2) encryption number is 10000 times.

3) user terminal maximum encryption times are 1 second.

4) server-side programming language is PHP.

5) end user programming language is JavaScript+jQuery.

The example specific embodiment divides following steps, and example is described in detail by step below.

1, user's registration

User inputs the user name of plaintext, password, is sent to server end, and password+user name is carried out word by server end It after symbol string splicing, then carries out md5 encryption 10000 times, obtained data are the ciphertext of password, are stored in database.

User terminal key code:

Server end key code:

2, cipher mode is obtained when logging in

Dynamic acquisition current crypto mode when user logs in, user terminal key code:

3, it is transmitted after user terminal local cipher

User terminal carries out local cipher using the algorithm that previous step is got, and obtained ciphertext is transferred to server end. Because user terminal hardware performance is different, the time that identical algorithm for encryption needs is different, for good user experience, this 2 kinds of situations are punished to handle respectively:

(a) encryption is completed in 1 second: ciphertext being transferred to server end, verification is compared.

(b) encryption: the encryption number that will have been carried out is not completed in 1 second, and current calculated ciphertext is transferred to service Device end, the encryption of remaining number is carried out by server end, then carries out ciphertext verification.

User terminal key code:

Server end key code:

Various aspects with reference to the accompanying drawings to describe the present invention in the disclosure, shown in the drawings of the embodiment of many explanations. Embodiment of the disclosure need not be defined on including all aspects of the invention.It should be appreciated that a variety of designs and reality presented hereinbefore Those of apply example, and describe in more detail below design and embodiment can in many ways in any one come it is real It applies, this is because conception and embodiment disclosed in this invention are not limited to any embodiment.In addition, disclosed by the invention one A little aspects can be used alone, or otherwise any appropriately combined use with disclosed by the invention.

Although the present invention has been disclosed as a preferred embodiment, however, it is not to limit the invention.Skill belonging to the present invention Has usually intellectual in art field, without departing from the spirit and scope of the present invention, when can be used for a variety of modifications and variations.Cause This, the scope of protection of the present invention is defined by those of the claims.

Claims (8)

1. a kind of cipher management method calculated based on multiple hash, which is characterized in that the described method includes:
The registration request that received server-side user terminal is sent, the registration request include at least username and password, server End selection cipher mode, the cipher mode include Encryption Algorithm and encryption number, and username and password is carried out character splicing After obtain original character string, using hash calculation, using selected cipher mode original character string is encrypted to obtain Ciphertext data are registered, encrypted registration ciphertext data, user name and corresponding cipher mode are stored to password database;
The method also includes:
The logging request that received server-side user terminal is sent, include in the logging request user this log in the user of input Name, server end transfer cipher mode corresponding with the user name according to user name from password database, return to cipher mode To user terminal;
User terminal receives the cipher mode that server end is sent, and carries out character to the username and password of user's input and splices To character string is logged in, using hash calculation, aforementioned cipher mode is used to be encrypted to character string is logged in be logged in Ciphertext data will log in ciphertext data and be sent to server end;
Received server-side logs in ciphertext data, will the sum of in password database registration ciphertext data corresponding with the user name into Row compares, if compared successfully, the success of this logging request of user terminal is determined, otherwise, it is determined that this logging request of user terminal is lost It loses;
The method also includes:
User terminal receives the cipher mode that server end is sent, and carries out character to the username and password in logging request and splices To log in character string, using hash calculation, using aforementioned cipher mode within the scope of setting time to log in character string into Row encryption:
It is completed if 1) encrypted within the scope of the setting time, the login ciphertext data obtained after encryption is sent to server End;
It is not completed if 2) encrypted within the scope of the setting time, unfinished encryption number and encrypted result is sent to clothes It is engaged in device end, carrying out the ciphering process of unfinished encryption number for encrypted result by server end, to obtain logging in ciphertext number According to.
2. the cipher management method according to claim 1 calculated based on multiple hash, which is characterized in that when the setting Between range use 1 second.
3. the cipher management method according to claim 1 calculated based on multiple hash, which is characterized in that the registration is asked It further include security level request in asking, server end is according to security level request selecting cipher mode.
4. the cipher management method according to claim 1 calculated based on multiple hash, which is characterized in that the method is also Include:
The registration request that received server-side user terminal is sent, the registration request includes at least username and password, by user Name and password carry out character splicing after obtain original character string, using hash calculation, using M kind cipher mode to original word Symbol string is encrypted to obtain M kind registration ciphertext data, and user name, M kind registration ciphertext data and corresponding cipher mode are deposited It stores up to password database;The corresponding operand of the M kind cipher mode is different;
The logging request that received server-side user terminal is sent, include in the logging request user this log in the user of input Name, server end transfer one of which corresponding with the user name according to rule of the user name from password database according to setting Cipher mode returns to the cipher mode transferred to user terminal;
User terminal receives the cipher mode that server end returns, and carries out character to the username and password in logging request and splices To character string is logged in, using hash calculation, aforementioned cipher mode is used to be encrypted to character string is logged in be logged in Ciphertext data will log in ciphertext data and be sent to server end;
Received server-side logs in ciphertext data, will the sum of in password database registration ciphertext data corresponding with the user name into Row compares, if compared successfully, the success of this logging request of user terminal is determined, otherwise, it is determined that this logging request of user terminal is lost It loses;
The M is the positive integer greater than 1.
5. the cipher management method according to claim 4 calculated based on multiple hash, which is characterized in that the server End one of cipher mode corresponding with the user name is transferred according to rule of the user name from password database according to setting Refer to,
The real-time load for continuing encryption number and server in conjunction with the corresponding request of the user name, according to operand to select to add Close mode.
6. the cipher management method according to claim 4 calculated based on multiple hash, which is characterized in that the server End one of cipher mode corresponding with the user name is transferred according to rule of the user name from password database according to setting Refer to,
According to the number of user's logon attempt within the unit time, to adjust security level corresponding to user, in conjunction with user institute Corresponding actual time safety grade, to select cipher mode.
7. the cipher management method according to claim 4 calculated based on multiple hash, which is characterized in that the server End one of cipher mode corresponding with the user name is transferred according to rule of the user name from password database according to setting Refer to,
In conjunction with user terminal arithmetic speed, according to operand to select cipher mode.
8. a kind of password management system calculated based on multiple hash based on cipher management method described in claim 1, special Sign is, the system comprises:
Password database;
Registration module, to receive the registration request of user terminal transmission, the registration request includes at least username and password, choosing Cipher mode is selected, the cipher mode includes Encryption Algorithm and encryption number, is obtained after username and password is carried out character splicing To original character string, using hash calculation, original character string is encrypted using selected cipher mode and is registered Ciphertext data store encrypted registration ciphertext data, user name and corresponding cipher mode to the mould of password database Block;
Cipher mode return module, include to receive the logging request of user terminal transmission, in the logging request user this The user name for logging in input transfers cipher mode corresponding with the user name according to user name from password database, returns and adds Close mode to user terminal module;
Correction verification module, to receive the login ciphertext data of user terminal transmission, will the sum of in password database with the user name pair The registration ciphertext data answered are compared, if compared successfully, determine the success of this logging request of user terminal, otherwise, it is determined that with The module of this logging request of family end failure.
CN201910135846.9A 2019-02-25 2019-02-25 The cipher management method and system calculated based on multiple hash CN109714365B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910135846.9A CN109714365B (en) 2019-02-25 2019-02-25 The cipher management method and system calculated based on multiple hash

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910135846.9A CN109714365B (en) 2019-02-25 2019-02-25 The cipher management method and system calculated based on multiple hash

Publications (2)

Publication Number Publication Date
CN109714365A CN109714365A (en) 2019-05-03
CN109714365B true CN109714365B (en) 2019-08-16

Family

ID=66264716

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910135846.9A CN109714365B (en) 2019-02-25 2019-02-25 The cipher management method and system calculated based on multiple hash

Country Status (1)

Country Link
CN (1) CN109714365B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016038665A1 (en) * 2014-09-08 2016-03-17 パスロジ株式会社 Authentication system and reminder terminal
CN105791274A (en) * 2016-02-24 2016-07-20 四川长虹电器股份有限公司 Distributed encrypted storage and authentication method based on local area network
CN106845182A (en) * 2017-01-18 2017-06-13 努比亚技术有限公司 password management device and method
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN109362073A (en) * 2018-08-29 2019-02-19 江苏龙虎网信息科技股份有限公司 The method that App application prevents malicious registration

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016038665A1 (en) * 2014-09-08 2016-03-17 パスロジ株式会社 Authentication system and reminder terminal
CN105791274A (en) * 2016-02-24 2016-07-20 四川长虹电器股份有限公司 Distributed encrypted storage and authentication method based on local area network
CN106845182A (en) * 2017-01-18 2017-06-13 努比亚技术有限公司 password management device and method
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN109362073A (en) * 2018-08-29 2019-02-19 江苏龙虎网信息科技股份有限公司 The method that App application prevents malicious registration

Also Published As

Publication number Publication date
CN109714365A (en) 2019-05-03

Similar Documents

Publication Publication Date Title
USRE46158E1 (en) Methods and systems to detect attacks on internet transactions
US9215223B2 (en) Methods and systems for secure identity management
US20060232826A1 (en) Method, device, and system of selectively accessing data
US20100138347A1 (en) Account Transaction Management Using Dynamic Account Numbers
US20070179905A1 (en) Stateless Human Detection For Real-Time Messaging Systems
US8245030B2 (en) Method for authenticating online transactions using a browser
US8850219B2 (en) Secure communications
EP0695997A2 (en) Methods for providing secure access to shared information
JP2011527804A (en) Information transmission using virtual input layout
TW200818838A (en) Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
WO2009055434A1 (en) User-centric authentication system and method
CN101166091B (en) A dynamic password authentication method and service end system
ES2709074T3 (en) Comparison of an automated contact list with an improvement in privacy
WO2007104243A1 (en) The managing system of accounts security based on the instant message and its method
CN103795692B (en) Open authorization method, system and certification authority server
US8185942B2 (en) Client-server opaque token passing apparatus and method
TW200810465A (en) Mutual authentication between two parties using two consecutive one-time passwords
CN104065653B (en) An interactive authentication method, apparatus, systems, and associated equipment
US20120260108A1 (en) Font encryption and decryption system and method
CN103731432B (en) Multi-user supported searchable encryption method
US9148415B2 (en) Method and system for accessing e-book data
US20130239173A1 (en) Computer program and method for administering secure transactions using secondary authentication
US20080168546A1 (en) Randomized images collection method enabling a user means for entering data from an insecure client-computing device to a server-computing device
JP2009545065A (en) Virtual user authentication system and virtual user authentication method
TWI526037B (en) For abstract and random transactions Accreditation of single-use passwords and systems

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant