CN110535643A - A kind of method and system for preventing resetting password to be stolen - Google Patents

A kind of method and system for preventing resetting password to be stolen Download PDF

Info

Publication number
CN110535643A
CN110535643A CN201910848812.4A CN201910848812A CN110535643A CN 110535643 A CN110535643 A CN 110535643A CN 201910848812 A CN201910848812 A CN 201910848812A CN 110535643 A CN110535643 A CN 110535643A
Authority
CN
China
Prior art keywords
resetting
password
user
module
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910848812.4A
Other languages
Chinese (zh)
Other versions
CN110535643B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201910848812.4A priority Critical patent/CN110535643B/en
Publication of CN110535643A publication Critical patent/CN110535643A/en
Application granted granted Critical
Publication of CN110535643B publication Critical patent/CN110535643B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a kind of methods for preventing resetting password to be stolen, comprising: after client receives the triggering information that password is reseted in user's request, the user information that user inputs is sent to server;Server generates resetting cryptographic chaining and resetting cryptographic chaining is sent to client;After client receives user's triggering resetting cryptographic chaining, verifying resetting cryptographic chaining is sent to server and is requested;After server is legal to the verification result of the verifying resetting cryptographic chaining request received, the legal response of verifying resetting cryptographic chaining is sent to client;After client receives the legal response of verifying resetting cryptographic chaining, ciphertext data and user information are sent to server using close guarantor's answer as key generation secrets data according to the resetting password of the user's input received by the display resetting password page;Server obtains resetting password after ciphertext data are decrypted, reset user password according to resetting password, the present invention improves the safety in resetting cryptographic processes.

Description

A kind of method and system for preventing resetting password to be stolen
Technical field
The present invention relates to information security field, in particular to a kind of method and system for preventing resetting password to be stolen.
Background technique
It is existing to reset in cryptographic processes, usually it is linked into again by clicking forgetting Password of show of client The new setting password page, input account and resetting password are submitted, and after server-side receives account and resetting password, carry out weight to password It sets.In the prior art, realizing although the data interaction between the client and server for resetting password is by close Text transmission, but the illegal can be used interception tool and intercept the link to forget Password, and link is operated and analyzed, Or analysis is carried out to resetting password progress illegal operation in face of resetting the password page into cipher leaf is reset. When user end to server sends the ciphertext of resetting password, the illegal can also intercept the ciphertext of resetting password and according to counterweight The analysis result of the password page is set to carrying out illegal operation, therefore the safety wind of information exchange after the ciphertext decryption of resetting password Danger is very big.
Summary of the invention
In order to solve the above technical problems, the present invention provides a kind of methods for preventing resetting password to be stolen, comprising:
Step 101, after client receives the triggering information that password is reseted in user's request, display input prompt information;
Step 102, the user information that user inputs is sent to server by client;
Step 103, after the user information that server judgement receives is legal, resetting cryptographic chaining is generated;
Step 104, server is sent to client for cryptographic chaining is reset;
Step 105, client shows the resetting cryptographic chaining received;
Step 106, after client receives user's triggering resetting cryptographic chaining, verifying resetting password chain is sent to server Connect request;
Step 107, after server is legal to the verification result of the verifying resetting cryptographic chaining request received, to client End sends the legal response of verifying resetting cryptographic chaining;
Step 108, after client receives the legal response of verifying resetting cryptographic chaining, the display resetting password page, root According to the resetting password of the user's input received, using close guarantor's answer as key generation secrets data;
Step 109, ciphertext data and user information are sent to server by client;
Step 110, it after server receives ciphertext data and user information, obtains resetting after ciphertext data are decrypted close Code resets user password according to resetting password.
The present invention also provides a kind of system for preventing resetting password to be stolen, including client and server, clients Include:
First receiving module resets the triggering information of password for receiving user's request;It is also used to receive user's input User information;It is also used to receive the resetting cryptographic chaining of the second sending module transmission;It is also used to receive the transmission of the second sending module The legal response of verifying resetting cryptographic chaining;
First display module is also used to show the resetting cryptographic chaining received for showing input prompt information;Also use After the legal response of the verifying resetting cryptographic chaining that the first receiving module receives the transmission of the second sending module, display resetting is close The code page;
First generation module, for the resetting password according to the user's input received, using close guarantor's problem answers as close Key generates ciphertext data;
First sending module, the user information for inputting user are sent to the second receiving module;It is also used to second Receiving module sends verifying resetting cryptographic chaining request;It is also used to for ciphertext data and user information to be sent to the second reception mould Block;
Server includes:
Whether the information of the second judgment module, user's input for judging to receive is legal legal;
Second generation module, for the second judgment module judgement receive user input information it is legal after, generate weight Set cryptographic chaining;
Second sending module is sent to the first receiving module for that will reset cryptographic chaining;It is also used to when the second verifying mould After the verifying resetting cryptographic chaining request that block verifying receives is legal, verifying resetting cryptographic chaining is sent to the first receiving module and is closed The response of method;
Second authentication module, for being verified to the verifying resetting cryptographic chaining request received;
Second receiving module, the user information of user's input for receiving the transmission of the first sending module, is also used to receive The verifying resetting cryptographic chaining request that first sending module is sent;Be also used to receive the first sending module transmission ciphertext data and User information;
Second deciphering module, the ciphertext data for receiving to the second receiving module obtain resetting close after being decrypted Code;
Second resetting module after obtaining resetting password for the second deciphering module, resets user password according to resetting password.
The invention has the benefit that the present invention provides a kind of method and system for preventing resetting password to be stolen.It is logical It crosses and the data of resetting cryptographic chaining is assembled, increase the difficulty for cracking resetting cryptographic chaining, and reset generating Key used in the ciphertext data procedures of password is to be generated according to close guarantor's answer, and close guarantor's answer is stored in the number of server According in library, so even the illegal has been truncated to the ciphertext of resetting password, it is also difficult to obtain close guarantor's answer in database and come pair Illegal interception ciphertext is decrypted, and substantially increases the safety reset in cryptographic processes.
Detailed description of the invention
Illustrate the embodiment of the present invention or technical solution in the prior art in order to clearer, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow chart for method for preventing resetting password to be stolen that the embodiment of the present invention 1 provides;
Fig. 2 is a kind of flow chart for method for preventing resetting password to be stolen that the embodiment of the present invention 2 provides;
Fig. 3 is a kind of structure chart for system for preventing resetting password to be stolen that the embodiment of the present invention 3 provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Embodiment 1
A kind of method for preventing resetting password to be stolen is present embodiments provided, as shown in Figure 1, specifically including following step It is rapid:
Step S101, after client receives the triggering information that password is reseted in user's request, display input prompt information;
The user information that user inputs is sent to server by step S102, client;
Step S103 after the user information that server judgement receives is legal, generates resetting cryptographic chaining;
Resetting cryptographic chaining will be sent to client by step S104, server;
Step S105, client show the resetting cryptographic chaining received;
Step S106 after client receives user's triggering resetting cryptographic chaining, sends verifying resetting password to server Linking request;
Step S107, after server is legal to the verification result of the verifying resetting cryptographic chaining request received, to visitor Family end sends the legal response of verifying resetting cryptographic chaining;
Step S108, after client receives the legal response of verifying resetting cryptographic chaining, the display resetting password page, root According to the resetting password of the user's input received, using close guarantor's answer as key generation secrets data;
Ciphertext data and user information are sent to server by step S109, client;
Step S110 is reset after ciphertext data are decrypted after server receives ciphertext data and user information Password resets user password according to resetting password.
In the present embodiment, in step s 103, resetting cryptographic chaining is generated to specifically include:
Server generates random number as Universally Unique Identifier, using the first algorithm to Universally Unique Identifier and user Information, which calculate, obtains the first digest value, generates resetting cryptographic chaining according to Universally Unique Identifier and the first digest value;
Step S106 is specifically included: after client receives user's triggering resetting cryptographic chaining, triggering being reset password chain The data generated after connecing are sent to server;
Step S107 is specifically included: server is according to logical in the data generated after the triggering resetting cryptographic chaining received Search corresponding user information with unique identifier, using the first algorithm to Universally Unique Identifier and corresponding user information into Row, which calculates, obtains the second digest value, generates resetting password verification data, judgement according to Universally Unique Identifier and the second digest value After the data and resetting password verification data matching that are generated after the triggering resetting cryptographic chaining received, sends and verify to client Reset the legal response of cryptographic chaining;
User password is reset according to resetting password in step S110 specifically: user password is reset according to resetting password, and Resetting password is associated with corresponding user information.
In the present embodiment, in step S108, according to receive user input resetting password, using close guarantor's answer as Key generation secrets data specifically include:
Client generates first key according to close guarantor's answer, according to the second pre-defined algorithm using first key according to resetting Password is encrypted to obtain ciphertext data;
Obtain resetting password after ciphertext data are decrypted in step S110 to specifically include: server is according to user information Corresponding close guarantor's answer is searched, the second key is generated according to corresponding close guarantor's answer, it is close using second according to the second pre-defined algorithm Key obtains resetting password after ciphertext data are decrypted.
In the present embodiment, in step S108, according to receive user input resetting password, using close guarantor's answer as Key generation secrets data specifically include:
Client generates first key and the first offset according to close guarantor's answer, close using first according to the second pre-defined algorithm Key and the first offset are encrypted to obtain ciphertext data to resetting password;
Obtain resetting password after ciphertext data are decrypted in step S110 to specifically include: server is according to user information Corresponding close guarantor's answer is searched, the second key and the second offset are generated according to corresponding close guarantor's answer, according to the second predetermined calculation Method obtains resetting password after close guarantor's answer is decrypted using the second key and the second offset.
In the present embodiment, a user information corresponds to multiple close guarantor's answers;
In step S108, using close guarantor's answer as key specifically: client is according to multiple close data protecting answer and forming As first key;
In step S110, server searches corresponding close guarantor's answer according to user information, raw according to corresponding close guarantor's answer At the second key specifically:
Server searches corresponding multiple close guarantor's answers according to user information, according to corresponding multiple close guarantor's answer compositions Data generate the second key.
In the present embodiment, after step S104 further include: server record sends the time of resetting cryptographic chaining;
In step S107, server is legal to the verification result for receiving verifying resetting cryptographic chaining request further include: Server has not timed out according to the operation that password is reseted in the time judgement for sending resetting cryptographic chaining.
In the present embodiment, after server receives ciphertext data and user information in step S110, ciphertext data are carried out Resetting password is obtained after decryption to specifically include:
After server receives ciphertext data and user information, searched according to user information close with the resetting of user information correlation The permission number of code operation failure, when judging that the permission number for resetting Password Operations failure is less than preset value, to ciphertext data It is decrypted, judges whether decryption succeeds, if it is successful, resetting user password according to resetting password, and password will be reset and used Family information association, if it fails, then server sends the information of resetting password failure to client, and will be with user information correlation Resetting Password Operations failure permission number add 1.
In the present embodiment, step S101 is specifically included: after client reception user clicks the option that forgets Password, being shown defeated Access customer information, user information include: user account information, subscriber mailbox information;
Step S102 is specifically included: user account information and subscriber mailbox information are sent to server by client;
Step S103 is specifically included: server judges user account and exists with the subscriber mailbox of user account binding Afterwards, resetting cryptographic chaining is generated.
In the present embodiment, when being set user information for the first time with password, client shows the user that user needs to input The user information that user inputs, password and Mi Bao answer are sent to server, In by information, password and Mi Bao answer, client After password success is arranged, server end is stored in server after being associated user information, password and Mi Bao answer.
Embodiment 2
In the present embodiment, when user account and password are arranged for the first time, client shows the user that user needs to input Account, password and Mi Bao answer, the user account that client inputs user, password and Mi Bao answer are sent to server, In After password success is arranged, server end is stored in server after being associated user account, password and Mi Bao answer.
Present embodiments provide a kind of method for preventing resetting password to be stolen, comprising the following steps:
Step 201, client receives user and clicks the option that forgets Password;
Step 202, the option of client display input user account and subscriber mailbox is to user;
Step 203, the user account and subscriber mailbox that user inputs are sent to server by client;
In the present embodiment, the user account of user's input are as follows: admin;
Subscriber mailbox are as follows:zhangyu2668@ftsafe.com
Step 204, server receives the user account and subscriber mailbox for user's input that client is sent;
Step 205, server judges whether received user account and subscriber mailbox are legal, if so, executing step 206, if not, terminating;
Specifically, server judges received user account and whether subscriber mailbox is legal specifically comprises the following steps:
Step 205-1, server judge whether there is user account, if it is step 205-2 is executed, if not, terminating;
Step 205-2, server judges whether there is the subscriber mailbox with user account binding, if so, executing step 206, if not, terminating.
Step 206, server assembling resetting cryptographic chaining;
In this step, server generates random number as UUID, and UUID and user account are associated, and then will UUID and user account carry out MD5 and calculate the first digest value of acquisition, by UUID and the first digest value composition resetting cryptographic chaining.
In the present embodiment, server generates random number dc88fd40042e4912bfbc6c8161a1f217, will be random Number is used as UUID, and UUID dc88fd40042e4912bfbc6c8161a1f217 and admin user account is carried out MD5 calculating The first digest value 5a0d9d7809fbf34bea61e3eb677267ae is obtained, by UUID and the first digest value composition resetting password Link:
http://192.168.12.33:8888/fidocenter/a/retrieve/UUID/dc88fd40042e491 2bfbc6c8161a1f217/MD5/5a0d9d7809fbf34bea61e3eb677267ae。
Step 207, server is sent to subscriber mailbox for cryptographic chaining is reset;
Specifically, in this step, it can also include: service that server, which will reset cryptographic chaining and be sent to after subscriber mailbox, Device record sends the time of resetting cryptographic chaining, and the time for sending resetting cryptographic chaining is associated with user account.
Step 208, client is after user logs in mailbox, display resetting cryptographic chaining;
Step 209, after client receives user's click resetting cryptographic chaining, verifying resetting password chain is sent to server The request connect;
Specifically, in this step, after client receives user's click resetting cryptographic chaining, sending and verifying to server The request for resetting cryptographic chaining is the data for the resetting cryptographic chaining that server is sent.
In the present embodiment, the request of cryptographic chaining is reset are as follows:
http://192.168.12.33:8888/fidocenter/a/retrieve/UUID/dc88fd40042e491 2bfbc6c8161a1f217/MD5/5a0d9d7809fbf34bea61e3eb677267ae。
Step 210, after server receives verifying resetting cryptographic chaining request, whether verifying resetting cryptographic chaining is legal, If so, step 211 is executed, if not, terminating.
Specifically, server receives verifying resetting cryptographic chaining request, according in verifying resetting cryptographic chaining request UUID searches corresponding user account, carries out MD5 according to the user account and UUID found and the second digest value, root is calculated According to UUID and the second digest value composition resetting cryptographic chaining verify data, the data for resetting cryptographic chaining and resetting password chain are judged Whether identical connect verify data, if it is, resetting cryptographic chaining is legal, if it is not, then resetting cryptographic chaining is illegal, knot Beam.
In the present embodiment, server receives verifying resetting cryptographic chaining request, according to verifying resetting cryptographic chaining request In UUID:dc88fd40042e4912bfbc6c8161a1f217, corresponding user account: admin is found, to user's account Family and UUID carry out MD5 operation and obtain the second digest value:
5a0d9d7809fbf34bea61e3eb677267ae, according to UUID and the second digest value composition resetting cryptographic chaining Verify data: 5a0d9d7809fbf34bea61e3eb677267ae.
In the present embodiment, step 207 specifically: server will reset cryptographic chaining and be sent to client, and records and work as Preceding sending time;
Step 210 specifically includes: after server receives verifying resetting cryptographic chaining request, resetting password chain according to verifying The UUID connect in request searches corresponding user account, according to the time with the associated transmission resetting cryptographic chaining of this user account It is whether overtime that Password Operations are reseted with the judgement of preset effective time, if it is, resetting cryptographic chaining is illegal, if it is not, then It is legal to reset cryptographic chaining, terminates.
Specifically, preset effective time can be the user account associated time for sending resetting cryptographic chaining plus default Duration then judges whether time-out according to this user account associated time for sending resetting cryptographic chaining and preset effective time Specifically: judge whether the user account associated time for sending resetting cryptographic chaining is more than preset effective time.
Preset effective time can be one section of preset duration, and server records after receiving verifying resetting cryptographic chaining request Current time then judges whether according to this user account associated time for sending resetting cryptographic chaining and preset effective time Time-out specifically: judge whether current time and the difference of the user account associated time for sending resetting cryptographic chaining are more than pre- It is set effective the time.
Step 211, server sends the legal response of verifying resetting cryptographic chaining to client;
In the present embodiment, server sends the legal response of verifying resetting cryptographic chaining: success to client.
Step 212, the client display resetting password page;
Specifically, in this step, resetting cipher leaf face includes: the resetting password that user needs to input, reaffirm defeated Enter and reset password, and the close guarantor's answer of input.
In the present embodiment, the resetting password of user's input are as follows: abcd1234
Input close guarantor's answer are as follows: 18readchina
Step 213, client generates ciphertext data after the resetting password and close guarantor's answer for receiving user's input;
In this step, client carries out Hash operation to close guarantor's answer using hash algorithm and obtains third cryptographic Hash, and MD5 SHA1 operation is carried out to third cryptographic Hash and obtains third digest value, and will be after third digest value progress base64 coding The first encoded radio is obtained, judges whether the first encoded radio is greater than or equal to 16, if it is greater than 16, then according to scheduled rule 16 data are intercepted as first key, if being equal to 16, directly using be truncated to 16 data as first key;Such as For fruit less than 16, then data are used 0 cover is 16 data as first key;
In the present embodiment, client obtains close guarantor's answer 18readchina progress Hash operation using hash algorithm Third cryptographic Hash carries out MD5 operation to third cryptographic Hash and obtains third digest value: 23831d2334b61fcc, and plucks to third Be worth after carrying out base64 coding and obtain the first encoded radio: MjM4MzFkMjMzNGI2MWZjYw==obtains first key are as follows: MjM4MzFkMjMzNGI2MWZjYw==.
In this step, client carries out Hash operation to close guarantor's answer using hash algorithm and obtains third cryptographic Hash, and To third cryptographic Hash carry out MD5 SHA1 operation obtain third digest value, may alternatively be: client to close guarantor's answer into Row bytecode is converted to third conversion value, and carries out MD5 SHA1 operation to third conversion value and obtain third digest value.
Close guarantor's answer is first carried out base64 and encodes to obtain the second encoded radio by client, by the second encoded radio carry out MD5 or Person's SHA1 operation obtains the 4th digest value, judges whether the first encoded radio is greater than or equal to 16, if it is greater than 16, then according to 16 data of scheduled rule interception are as the first IV offset, if being equal to 16, directly by be truncated to 16 data As the first IV offset;If it is less than 16, then data are used 0 cover is 16 data as the first IV offset;
In the present embodiment, close guarantor's answer is first carried out Hash operation and then carries out base64 to encode to obtain second by client Encoded radio: the progress MD5 operation of the second encoded radio is obtained the 4th digest value by LTEzODEyMjg3NDI=: 121fb6c0ac4d3e8d, obtain the first IV offset according to the 4th digest value: 121fb6c0ac4d3e8d client is according to The cryptographic calculation that one key and the first IV offset carry out aes algorithm to the resetting password that user inputs obtains ciphertext data.
In the present embodiment, client carries out the resetting password that user inputs according to first key and the first IV offset The cryptographic calculation of aes algorithm obtains ciphertext data: d56a211eefad705fb7406f35b578ea2a.
In the present embodiment, an account can correspond to multiple close guarantor's answers, so in this step, needing to multiple close The data for protecting answer composition carry out operation and obtain first key value and the first IV offset.
Step 214, ciphertext data and user account are sent to server by client;
In the present embodiment, client is by UUID:dc88fd40042e4912bfbc6c8161a1f217 and ciphertext data: D56a211eefad705fb7406f35b578ea2a is sent to server.
Step 215, server receives the ciphertext data and user account that client is sent;
Step 216, server is decrypted to obtain successful decryption or decrypt failing as a result, if solution to ciphertext data Close success executes step 217, if decryption failure, executes step 219;
Specifically, in this step, after server receives ciphertext data and the user account of client transmission, according to Family account searches close guarantor's answer corresponding to user account, and the close guarantor's answer found is carried out Hash operation, obtains the 5th Hash The progress MD5 SHA1 operation of 5th cryptographic Hash is obtained the 5th digest value, and the 5th digest value is carried out base64 coding by value After obtain third encoded radio, judge whether third encoded radio is greater than or equal to 16, if it is greater than 16, then according to scheduled rule 16 data are then intercepted as the second key, if being equal to 16, directly using be truncated to 16 data as the second key; If it is less than 16, then data are used 0 cover is 16 data as the second key;
In the present embodiment, in this step, server close guarantor according to corresponding to user account lookup user account answers Case: the close guarantor's answer found is carried out Hash operation, obtains the 5th cryptographic Hash by 18readchina: -1381228742, by the 5th Cryptographic Hash carries out MD5 operation and obtains the 5th digest value: 23831d2334b61fcc, and the 5th digest value is carried out base64 coding After obtain third encoded radio: MjM4MzFkMjMzNGI2MWZjYw==, the second key is obtained according to third encoded radio: Close guarantor's answer is first carried out base64 and encodes to obtain the 4th encoded radio by MjM4MzFkMjMzNGI2MWZjYw==server, by Four encoded radios carry out MD5 SHA1 operation and obtain the 4th digest value, judge whether the first encoded radio is greater than or equal to 16, such as Fruit is greater than 16, then, if being equal to 16, directly will according to 16 data of scheduled rule interception as the 2nd IV offset 16 data being truncated to are as the 2nd IV offset;If it is less than 16, then data are used 0 cover is 16 data as the Two IV offsets;
In the present embodiment, close guarantor's answer is first carried out Hash operation and then carries out base64 to encode to obtain the 4th by server Encoded radio: the progress MD5 operation of the 4th encoded radio is obtained the 4th digest value by LTEzODEyMjg3NDI=: 121fb6c0ac4d3e8d obtains the 2nd IV offset: 121fb6c0ac4d3e8d according to the 4th digest value.
Server is transported according to the decryption that the second key and the 2nd IV offset carry out aes algorithm to the ciphertext data received It calculates and judges to decrypt whether operation succeeds, if it is successful, step 217 is executed, if it fails, executing step 218;
Specifically, server is according to the second key: MjM4MzFkMjMzNGI2MWZjYw==and the 2nd IV offset: 121fb6c0ac4d3e8d is to the ciphertext data received: d56a211eefad705fb7406f35b578ea2a carries out AES calculation Resetting password: abcd1234 is obtained after the decryption operation success divided.
In the present embodiment, a user account can correspond to multiple close guarantor's answers, so in step 213 if it is visitor Family end carries out operation to multiple close data for protecting answer composition and obtains first key value and the first IV offset, in this step, Server needs to carry out operation to multiple close data for protecting answer composition to obtain the second key value and the 2nd IV offset.
When client carries out byte conversion to close guarantor's answer and obtains third conversion value in step 213, and to third conversion value When progress MD5 SHA1 operation obtains third digest value,
In the step 216, after server receives the ciphertext data and user account that client is sent, according to user account Close guarantor's answer corresponding to user account is searched, the close guarantor's answer found is subjected to Hash operation, obtains the 5th cryptographic Hash, by the The progress MD5 SHA1 operation of five cryptographic Hash obtains the 5th digest value and is replaced by: server receives the close of client transmission After literary data and user account, according to close guarantor's answer corresponding to user account lookup user account, the close guarantor's answer that will be found Byte conversion is carried out, the 5th conversion value is obtained, the progress MD5 SHA1 operation of the 5th conversion value is obtained into the 5th digest value.
Step 217, server is using decrypted result as resetting password, and password associated with user account is replaced with Reset password;
Step 218, server will reset the successful information of password and be sent to client.
In the present embodiment, server will reset the successful information of password: success is sent to client.
Step 219, the information for resetting password failure is sent to client by server.
In the present embodiment, server will reset the information of password failure: error is sent to client.
It in the present embodiment, can also include: that server is searched and user account pass according to user account before step 216 The permission number of the resetting Password Operations failure of connection, it is preset to judge that current failing-resetting allows number whether to be less than preset value Value, if so, step 216 is executed, if not, server sends the information of resetting password failure to client;
Specifically, step 216 further includes, server judges whether decrypted result succeeds, if so, the weight that decryption is obtained Set after password resetting with the user information correlation, if it is not, then server is by resetting Password Operations associated by user account The permission number of failure adds 1;
Specifically, in the present embodiment, resetting password unsuccessfully allows the initial value of number to be 0.
Step 219 specifically: server is sent to client, return step 212 for password failure information is reset.
In the present embodiment, step 213 can specifically be realized by following process:
Client using hash algorithm to close guarantor's answer carry out Hash operation obtain third cryptographic Hash, by third cryptographic Hash into Row MD5 or SHA1 operation obtains third digest value, and using third digest value as first key, client is according to first key pair The cryptographic calculation that the resetting password of user's input carries out aes algorithm obtains ciphertext data.
Correspondingly, step 216 specifically: after server receives ciphertext data and the user account of client transmission, root Close guarantor's answer corresponding to user account is searched according to user account, the close guarantor's answer found is subjected to Hash operation, obtains the 5th The progress MD5 SHA1 operation of 5th cryptographic Hash is obtained the 5th digest value by cryptographic Hash, and the 5th digest value is close as second Key, server carry out the decryption operation of aes algorithm using the second key pair dense bit data and judge to decrypt whether operation succeeds, such as Fruit success, executes step 217, if it fails, executing step 218.
In the present embodiment, in step 213, client can also use hash algorithm to close guarantor's answer and preset character Splicing result carries out Hash operation and obtains third cryptographic Hash;Then in the step 216, server by the close guarantor's answer found and with visitor The splicing result of the identical preset character in family end carries out Hash operation and obtains the 5th cryptographic Hash.
It in the present embodiment, can also include: client to first after client obtains first key in step 213 Key and preset character string carry out splicing and generate the first encryption key, the resetting password inputted according to the first encryption key to user The cryptographic calculation for carrying out aes algorithm obtains ciphertext data.
Specifically, in the present embodiment, preset splicing character can be the data that can be intercepted in link, for example, chain Connect the unified unique identifier in data.
Then in the step 216, after server obtains the second key, according to the second key and preset word identical with client Symbol carries out splicing and generates the second decruption key, and according to the second decruption key received ciphertext data are carried out with the solution of aes algorithm Close operation.
In the present embodiment, step 213 is specifically as follows: client carries out Hash fortune to close guarantor's answer using hash algorithm Calculation obtains third value, and carries out MD5 SHA1 operation to third value and obtain third digest value, and third digest value is carried out The first encoded radio is obtained after base64 coding, using the first encoded radio as first key;User is inputted according to first key The cryptographic calculation that resetting password carries out aes algorithm obtains ciphertext data;
Then step 216 specifically: after server receives ciphertext data and the user account of client transmission, according to user Account searches close guarantor's answer corresponding to user account, and the close guarantor's answer found is carried out Hash operation, obtains the 5th cryptographic Hash, The progress MD5 SHA1 operation of 5th cryptographic Hash is obtained into the 5th digest value, and will be after the 4th digest value progress base64 coding Third encoded radio is obtained, using third encoded radio as the second key;
The ciphertext data that server is received according to the second key pair carry out the decryption operation of aes algorithm and judge decryption fortune No success at last, if it is successful, step 217 is executed, if it fails, executing step 218.
Embodiment 3
The present invention provides a kind of systems 300 for preventing resetting password to be stolen, as shown in figure 3, system includes: client 31 and server 32, client 31 include:
First receiving module 3101 resets the triggering information of password for receiving user's request;It is also used to receive user defeated The user information entered;It is also used to receive the resetting cryptographic chaining of the second sending module 3203 transmission;It is also used to receive the second transmission The legal response of the verifying resetting cryptographic chaining that module 3203 is sent;It is also used to receive the resetting password of user's input;
First display module 3102 is also used to show the resetting cryptographic chaining received for showing input prompt information; It is also used to the legal response of verifying resetting cryptographic chaining that the first receiving module 3101 receives the transmission of the second sending module 3203 Afterwards, the display resetting password page;
First generation module 3103 makees close guarantor's problem answers for the resetting password according to the user's input received For key generation secrets data;
First sending module 3104, the user information for inputting user are sent to the second receiving module 3205;Also use It is requested in sending verifying resetting cryptographic chaining to the second receiving module 3205;It is also used to for ciphertext data and user information being sent to Second receiving module 3205;
Server 32 includes:
Whether the information of the second judgment module 3201, user's input for judging to receive is legal legal;
Second generation module 3202 judges that the information of the user received input is legal for the second judgment module 3201 Afterwards, resetting cryptographic chaining is generated;
Second sending module 3203 is sent to the first receiving module 3101 for that will reset cryptographic chaining;It is also used to when the After the verifying resetting cryptographic chaining request that the verifying of two authentication modules 3204 receives is legal, tested to the transmission of the first receiving module 3101 The legal response of card resetting cryptographic chaining;
Second authentication module 3204, for being verified to the verifying resetting cryptographic chaining request received;
Second receiving module 3205, the user information of user's input for receiving the transmission of the first module 3101;It is also used to Receive the verifying resetting cryptographic chaining request of the first sending module 3104 transmission;It is also used to receive the transmission of 3104 module of the first transmission Ciphertext data and user information;
Second deciphering module 3206, the ciphertext data for receiving to the second receiving module are reset after being decrypted Password;
Second resetting module 3207, after obtaining resetting password for the second deciphering module 3206, according to resetting password resetting User password.
In the present embodiment, the second generation module 3202 includes:
21st generation unit, for generating random number as general exclusive identification code;
21st computing unit is obtained for calculate to Universally Unique Identifier and user information using the first algorithm Obtain the first digest value;
22nd generation unit, for generating resetting cryptographic chaining according to Universally Unique Identifier and the first digest value;
It is specific to be also used to send verifying resetting cryptographic chaining request to the second receiving module 3205 for first sending module 3104 Are as follows: the first sending module 3104, which is also used to triggering resetting the data generated after cryptographic chaining, is sent to the first receiving module 3101;
Second authentication module 3204 includes:
31st searching unit, for according to general in the data generated after the triggering resetting cryptographic chaining received Unique identifier searches corresponding user information;
31st computing unit, for being carried out using the first algorithm to Universally Unique Identifier and corresponding user information It calculates and obtains the second digest value;
31st generation unit, for generating resetting password authentification number according to Universally Unique Identifier and the second digest value According to;
31st judging unit, for judging that the triggering received resets the data generated after cryptographic chaining and resetting is close Code verify data matching;
Second sending module 3203 is specifically used for, when the triggering that the judgement of the 31st judging unit receives resets password chain After the data and resetting password verification data matching that generate after connecing, verifying resetting cryptographic chaining is sent to the first receiving module 3101 Legal response;
Second resetting module 3207 is also used to that password and corresponding user information correlation will be reset.
In the present embodiment, the first generation module 3103 includes:
11st generation unit, for generating first key according to close guarantor's answer;
11st encryption unit, for being encrypted using first key according to resetting password according to the second pre-defined algorithm Obtain ciphertext data;
Second deciphering module 3206 includes:
41st searching unit, for searching corresponding close guarantor's answer according to user information;
42nd generation unit, for generating the second key according to corresponding close guarantor's answer;
Decryption unit, for being reset after being decrypted according to the second pre-defined algorithm using the second key pair ciphertext data Password.
In the present embodiment, the first generation module 3103 includes:
First generation unit, for generating first key and the first offset according to close guarantor's answer;
First encryption unit, for according to the second pre-defined algorithm using first key and the first offset to resetting password into Row encryption obtains ciphertext data;
Second deciphering module 3206 includes:
51st searching unit, for searching corresponding close guarantor's answer according to user information;
51st generation unit generates the second key and the second offset according to corresponding close guarantor's answer;
Decryption unit, after close guarantor's answer is decrypted using the second key and the second offset according to the second pre-defined algorithm Obtain resetting password.
In the present embodiment, a user information corresponds to multiple close guarantor's answers;
11st generation unit, specifically for according to according to it is multiple it is close protect answers composition data as first key;
41st searching unit is specifically used for searching corresponding multiple close guarantor's answers according to user information;
41st generation unit, it is close specifically for generating second according to corresponding multiple close data for protecting answer composition Key.
In the present embodiment, server 32 further include:
Logging modle will be reset after cryptographic chaining is sent to the first receiving module 3101 for the second sending module 3203, Record sends the time of resetting cryptographic chaining;
The verifying resetting cryptographic chaining request that the verifying of second authentication module 3204 receives is legal specifically, the second verifying mould Block 3204 has not timed out according to the operation that password is reseted in the time judgement for sending resetting cryptographic chaining.
In the present embodiment, server 32 further include:
Searching module, for searching the permission time with the resetting Password Operations failure of user information correlation according to user information Number;
Whether the information of the second judgment module 3201, user's input for judging to receive is legal legal;It is also used to judge Whether the permission number for resetting Password Operations failure is more than preset value;
Second deciphering module 3206, specifically for the permission when the judgement resetting Password Operations failure of the second judgment module 3201 When number is less than preset value, the ciphertext data received to 3205 receiving module of the second receiving module are decrypted;
Third judgment module, for judging whether the decryption of the second deciphering module 3206 succeeds;
Relating module, after judging 3206 successful decryption of the second deciphering module for third judgment module, according to resetting password User password is reset, and will resetting password and user information correlation;
Second sending module 3203, be also used to third judgment module judge the second deciphering module 3206 decryption failure after, to First receiving module 3101 sends the information of resetting password failure;
Metering module sends the information of resetting password failure for the second sending module 3203 to the first receiving module 3101 Afterwards, 1 will be added with the permission number of the resetting Password Operations of user information correlation failure.
In the present embodiment, when the first receiving module 3101 resets the triggering information of password for receiving user's request, First receiving module 3101 is specifically used for reception user and clicks the option that forgets Password;
When the first display module 3102 is for showing input prompt information, the first display module 3102 is specifically used for the After one receiving module 3101 reception user clicks the option that forgets Password, display input user information, user information includes: user's account Family information, subscriber mailbox information;
First sending module 3104 is used to the user information that user inputs being sent to the second receiving module 3205, specifically Are as follows: the first sending module 3104 is used to user account information and subscriber mailbox information sending the second receiving module 3205;
Second judgment module 3201 be specifically used for judge user account and with user account bind subscriber mailbox whether In the presence of;
Second generation module 3202 is specifically used for that it is close to generate resetting when the judging result of the second judgment module 3201, which is, is Code link.
The above, preferable specific implementation method only of the invention, but scope of protection of the present invention is not limited thereto, Anyone skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims Subject to.

Claims (16)

1. a kind of method for preventing resetting password to be stolen, which is characterized in that the described method includes:
Step 101, after client receives the triggering information that password is reseted in user's request, display input prompt information;
Step 102, the user information that user inputs is sent to server by the client;
Step 103, after the user information that the server judgement receives is legal, resetting cryptographic chaining is generated;
Step 104, the resetting cryptographic chaining is sent to the client by the server;
Step 105, the client shows the resetting cryptographic chaining received;
Step 106, after the client receives user's triggering resetting cryptographic chaining, it is close that Xiang Suoshu server sends verifying resetting Code linking request;
Step 107, after the server is legal to the verification result of the verifying resetting cryptographic chaining request received, to The client sends the legal response of verifying resetting cryptographic chaining;
Step 108, after the client receives the legal response of verifying resetting cryptographic chaining, the display resetting password page, root According to the resetting password of the user's input received, using close guarantor's answer as key generation secrets data;
Step 109, the ciphertext data and the user information are sent to the server by the client;
Step 110, after the server receives the ciphertext data and the user information, the ciphertext data are decrypted After obtain resetting password, according to the resetting password resetting user password.
2. the method as described in claim 1, which is characterized in that in the step 103, the generation resetting cryptographic chaining is specific Include:
The server generates random number and is used as Universally Unique Identifier, using the first algorithm to the Universally Unique Identifier with The user information, which calculate, obtains the first digest value, according to the Universally Unique Identifier and the generation of the first digest value Reset cryptographic chaining;
The step 106 specifically includes:, will be described in triggering after the client receives user's triggering resetting cryptographic chaining The data generated after resetting cryptographic chaining are sent to the server;
The step 107 specifically includes: the server is according to the number generated after the triggering received the resetting cryptographic chaining The Universally Unique Identifier in searches corresponding user information, using the first algorithm to the Universally Unique Identifier and The corresponding user information, which calculate, obtains the second digest value, according to the Universally Unique Identifier and second abstract Value generates resetting password verification data, the data and the resetting generated after the triggering resetting cryptographic chaining received described in judgement After password verification data matching, Xiang Suoshu client sends the legal response of verifying resetting cryptographic chaining;
User password is reset according to the resetting password in the step 110 specifically: user is reset according to the resetting password Password, and the resetting password is associated with the corresponding user information.
3. the method as described in claim 1, which is characterized in that in the step 108, according to the weight of the user's input received Password is set, is specifically included using close guarantor's answer as key generation secrets data:
The client generates first key according to close guarantor's answer, uses the first key root according to the second pre-defined algorithm It is encrypted to obtain the ciphertext data according to the resetting password;
Obtained after the ciphertext data are decrypted in the step 110 resetting password specifically include: the server according to The user information searches corresponding close guarantor's answer, according to the second key of corresponding close the guarantors answer generation, according to described the Two pre-defined algorithms obtain resetting password after being decrypted using ciphertext data described in second key pair.
4. the method as described in claim 1, which is characterized in that in the step 108, according to the weight of the user's input received Password is set, is specifically included using close guarantor's answer as key generation secrets data:
The client generates first key and the first offset according to close guarantor's answer, uses institute according to the second pre-defined algorithm It states first key and first offset resetting password is encrypted to obtain ciphertext data;
Obtain resetting password after ciphertext data are decrypted in the step 110 to specifically include: the server is according to User information searches corresponding close guarantor's answer, generates the second key and the second offset, root according to corresponding close guarantor's answer After close guarantor's answer is decrypted using second key and second offset according to second pre-defined algorithm To resetting password.
5. method as claimed in claim 3, which is characterized in that a user information corresponds to multiple close guarantor's answers;
In the step 108, using close guarantor's answer as key specifically: the client is formed according to the multiple close guarantor's answer Data as first key;
In the step 110, the server searches corresponding close guarantor's answer according to the user information, according to described corresponding Close guarantor's answer generates the second key specifically:
The server searches corresponding multiple close guarantor's answers according to the user information, is answered according to corresponding multiple close guarantors The data of case composition generate second key.
6. the method as described in claim 1, which is characterized in that after the step 104 further include: the server record hair Send the time of the resetting cryptographic chaining;
In the step 107, the server also wraps the verification result for receiving verifying resetting cryptographic chaining request to be legal Include: the server has not timed out according to the operation that password is reseted in the time judgement for sending the resetting cryptographic chaining.
7. the method as described in claim 1, which is characterized in that server described in the step 110 receives the ciphertext number According to after the user information, obtained after the ciphertext data are decrypted resetting password specifically include:
After the server receives ciphertext data and the user information, searched and the user information according to the user information It is default to judge that the permission number of the resetting Password Operations failure is less than for the permission number of associated resetting Password Operations failure When value, ciphertext data are decrypted, judge whether decryption succeeds, if it is successful, it is close to reset user according to the resetting password Code, and by the resetting password and user information correlation, if it fails, then server loses to client transmission resetting password The information lost, and 1 will be added with the permission number of the resetting Password Operations of user information correlation failure.
8. the method as described in claim 1, which is characterized in that
The step 101 specifically includes: after client reception user clicks the option that forgets Password, display input user information, and institute Stating user information includes: user account information, subscriber mailbox information;
The step 102 specifically includes: the user account information and subscriber mailbox information are sent to service by the client Device;
Step 103 specifically includes: the server judges the user account and user's postal with user account binding After case exists, resetting cryptographic chaining is generated.
9. a kind of system for preventing resetting password to be stolen, including client and server, which is characterized in that the client packet It includes:
First receiving module resets the triggering information of password for receiving user's request;It is also used to receive the user of user's input Information;It is also used to receive the resetting cryptographic chaining of the second sending module transmission;It is also used to receive second sending module to send The legal response of verifying resetting cryptographic chaining;It is also used to receive the resetting password of user's input;
First display module is also used to show the resetting cryptographic chaining received for showing input prompt information;It is also used to institute It states after the first receiving module receives the legal response of verifying resetting cryptographic chaining that second sending module is sent, display weight Set the password page;
First generation module, it is raw using close guarantor's problem answers as key for the resetting password according to the user's input received At ciphertext data;
First sending module, the user information for inputting user are sent to second receiving module;It is also used to described Second receiving module sends verifying resetting cryptographic chaining request;It is also used to for the ciphertext data and the user information being sent to Second receiving module;
The server includes:
Whether the information of the second judgment module, user's input for judging to receive is legal legal;
Second generation module, for the second judgment module judgement receive user input information it is legal after, generate it is described heavy Set cryptographic chaining;
Second sending module, for the resetting cryptographic chaining to be sent to first receiving module;It is also used to when the After the verifying resetting cryptographic chaining request that the verifying of two authentication modules receives is legal, the transmission of the first receiving module of Xiang Suoshu is tested The legal response of card resetting cryptographic chaining;
Second authentication module, for being verified to the verifying resetting cryptographic chaining request received;
Second receiving module, for receiving the user information for user's input that first module is sent;It is also used to receive The verifying resetting cryptographic chaining request that first sending module is sent;It is also used to receive the institute that first sending module is sent State ciphertext data and the user information;
Second deciphering module, for being reset after the ciphertext data that second receiving module receives are decrypted Password;
Second resetting module, after obtaining the resetting password for second deciphering module, resets according to the resetting password User password.
10. system as claimed in claim 9, which is characterized in that second generation module includes:
21st generation unit, for generating random number as general exclusive identification code;
21st computing unit, based on being carried out using the first algorithm to the Universally Unique Identifier and the user information It calculates and obtains the first digest value;
22nd generation unit, for generating the resetting password chain according to the Universally Unique Identifier and the first digest value It connects;
First sending module is also used to send verifying resetting cryptographic chaining request to second receiving module specifically: First sending module is also used to trigger the data generated after the resetting cryptographic chaining and is sent to the second reception mould Block;
Second authentication module includes:
31st searching unit, for according in the data generated after the triggering received the resetting cryptographic chaining Universally Unique Identifier searches corresponding user information;
31st computing unit, for using the first algorithm to the Universally Unique Identifier and the corresponding user information Calculate and obtains the second digest value;
31st generation unit is tested for generating resetting password according to the Universally Unique Identifier and second digest value Demonstrate,prove data;
31st judging unit, data for judging to generate after the triggering resetting cryptographic chaining received and described heavy Set whether password verification data matches;
Second sending module is specifically used for, when the 31st judging unit judgement described in receive triggering resetting it is close After the data and resetting password verification data matching that generate after code link, the first receiving module of Xiang Suoshu sends verifying resetting The legal response of cryptographic chaining;
The second resetting module, is also used to the resetting password and the corresponding user information correlation.
11. system as claimed in claim 9, which is characterized in that first generation module includes:
11st generation unit, for generating first key according to close guarantor's answer;
11st encryption unit, for being carried out using the first key according to the resetting password according to the second pre-defined algorithm Encryption obtains ciphertext data;
Second deciphering module includes:
41st searching unit, for searching corresponding close guarantor's answer according to the user information;
41st generation unit, for generating the second key according to corresponding close guarantor's answer;
Decryption unit, after being decrypted according to second pre-defined algorithm using ciphertext data described in second key pair Obtain resetting password.
12. system as claimed in claim 9, which is characterized in that first generation module includes:
First generation unit, for generating first key and the first offset according to close guarantor's answer;
First encryption unit, for using the first key and first offset to described heavy according to the second pre-defined algorithm Password is set to be encrypted to obtain ciphertext data;
Second deciphering module includes:
51st searching unit, for searching corresponding close guarantor's answer according to the user information;
51st generation unit, for generating the second key and the second offset according to corresponding close guarantor's answer;
Decryption unit, for using second key and second offset to institute according to second pre-defined algorithm It states and obtains resetting password after close guarantor's answer is decrypted.
13. system as claimed in claim 11, which is characterized in that a user information corresponds to multiple close guarantor's answers;
11st generation unit, specifically for according to it is the multiple it is close protect answer composition data as first key;
41st searching unit is specifically used for searching corresponding multiple close guarantor's answers according to the user information;
41st generation unit, specifically for generating described second according to corresponding multiple close data for protecting answer composition Key.
14. system as claimed in claim 9, which is characterized in that the server further include:
Logging modle, after the resetting cryptographic chaining is sent to first receiving module for second sending module, Record sends the time of the resetting cryptographic chaining;
The verifying resetting cryptographic chaining request that the second authentication module verifying receives is legal specifically, described second tests Card module has not timed out according to the operation that password is reseted in the time judgement for sending the resetting cryptographic chaining.
15. system as claimed in claim 9, which is characterized in that
The server further include:
Searching module, it is fair with the resetting Password Operations failure of the user information correlation for being searched according to the user information Perhaps number;
Whether the information of the second judgment module, user's input for judging to receive is legal legal;It is also used to judge the resetting Whether the permission number of Password Operations failure is less than preset value;
Second deciphering module, specifically for judging the permission number of the resetting Password Operations failure when second judgment module When being less than preset value, the ciphertext data that second receiving module receives are decrypted;
Third judgment module, for judging whether the second deciphering module decryption succeeds;
Relating module, after judging the second deciphering module successful decryption for the third judgment module, according to the resetting Password resets user password, and by the resetting password and the user information correlation;
Second sending module is also used to after the third judgment module judges second deciphering module decryption failure, to First receiving module sends the information of resetting password failure;
Metering module, after sending the information that resetting password fails to first receiving module for second sending module, 1 will be added with the permission number of the resetting Password Operations of user information correlation failure.
16. system as claimed in claim 9, which is characterized in that
When first receiving module resets the triggering information of password for receiving user's request, the first receiving module tool Body clicks the option that forgets Password for receiving user;
When the first display module is for showing input prompt information, first display module connects specifically for described first After receipts module reception user clicks the option that forgets Password, display input user information, the user information includes: that user account is believed Breath, subscriber mailbox information;
First sending module is used to the user information that user inputs being sent to second receiving module specifically: described first Sending module is used to the user account information and subscriber mailbox information sending second receiving module;
Second judgment module is specifically used for judging the user account and the subscriber mailbox with user account binding It whether there is;
Second generation module is specifically used for when the judging result of second judgment module, which is, is, generates resetting cryptographic chaining.
CN201910848812.4A 2019-09-09 2019-09-09 Method and system for preventing reset password from being stolen Active CN110535643B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910848812.4A CN110535643B (en) 2019-09-09 2019-09-09 Method and system for preventing reset password from being stolen

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910848812.4A CN110535643B (en) 2019-09-09 2019-09-09 Method and system for preventing reset password from being stolen

Publications (2)

Publication Number Publication Date
CN110535643A true CN110535643A (en) 2019-12-03
CN110535643B CN110535643B (en) 2023-05-23

Family

ID=68667815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910848812.4A Active CN110535643B (en) 2019-09-09 2019-09-09 Method and system for preventing reset password from being stolen

Country Status (1)

Country Link
CN (1) CN110535643B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101539890A (en) * 2009-04-29 2009-09-23 威盛电子股份有限公司 Data processing system, cryptogram management method and data reading and writing method
US20130198521A1 (en) * 2012-01-28 2013-08-01 Jianqing Wu Secure File Drawer and Safe
CN105227623A (en) * 2015-08-24 2016-01-06 广东美的环境电器制造有限公司 The management method of the application program of household electrical appliance and server
US20170011214A1 (en) * 2015-07-06 2017-01-12 Unisys Corporation Cloud-based active password manager
CN108449337A (en) * 2018-03-16 2018-08-24 东莞市华睿电子科技有限公司 A kind of password method for retrieving
CN109462620A (en) * 2019-01-07 2019-03-12 山东浪潮通软信息科技有限公司 One kind realizing password method for retrieving and system based on a variety of safety verification modes
CN109587276A (en) * 2019-01-11 2019-04-05 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of data back up method, system and associated component
CN109922035A (en) * 2017-12-13 2019-06-21 华为技术有限公司 Method, request end and the checkout terminal of password resetting

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101539890A (en) * 2009-04-29 2009-09-23 威盛电子股份有限公司 Data processing system, cryptogram management method and data reading and writing method
US20130198521A1 (en) * 2012-01-28 2013-08-01 Jianqing Wu Secure File Drawer and Safe
US20170011214A1 (en) * 2015-07-06 2017-01-12 Unisys Corporation Cloud-based active password manager
CN105227623A (en) * 2015-08-24 2016-01-06 广东美的环境电器制造有限公司 The management method of the application program of household electrical appliance and server
CN109922035A (en) * 2017-12-13 2019-06-21 华为技术有限公司 Method, request end and the checkout terminal of password resetting
CN108449337A (en) * 2018-03-16 2018-08-24 东莞市华睿电子科技有限公司 A kind of password method for retrieving
CN109462620A (en) * 2019-01-07 2019-03-12 山东浪潮通软信息科技有限公司 One kind realizing password method for retrieving and system based on a variety of safety verification modes
CN109587276A (en) * 2019-01-11 2019-04-05 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of data back up method, system and associated component

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HUNG-MIN SUN ET AL.: "\"oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks\"", IEEE TRANSACTION ON INFORMATION FORENSICS AND SECURITY *
王建雄;: "网站注册与登录安全设计", 大众科技 *

Also Published As

Publication number Publication date
CN110535643B (en) 2023-05-23

Similar Documents

Publication Publication Date Title
US6959394B1 (en) Splitting knowledge of a password
CN106790250B (en) Data processing, encryption, integrity verification method and identity authentication method and system
US5636280A (en) Dual key reflexive encryption security system
US7197568B2 (en) Secure cache of web session information using web browser cookies
US6931549B1 (en) Method and apparatus for secure data storage and retrieval
US6044154A (en) Remote generated, device identifier key for use with a dual-key reflexive encryption security system
US8365262B2 (en) Method for automatically generating and filling in login information and system for the same
JP4881119B2 (en) User authentication method, user side authentication device, and program
CN101401341B (en) Secure data parser method and system
US8958562B2 (en) Format-preserving cryptographic systems
US8024575B2 (en) System and method for creation and use of strong passwords
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
CN100432889C (en) System and method providing disconnected authentication
US6950523B1 (en) Secure storage of private keys
CN103563325B (en) Systems and methods for securing data
US9055061B2 (en) Process of authentication for an access to a web site
CN105224417A (en) The tape backup method improved
CN104079573A (en) Systems and methods for securing data in the cloud
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN111159684A (en) Safety protection system and method based on browser
CN112565265A (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN115276978A (en) Data processing method and related device
WO2002021283A1 (en) System and method for transmitting and storing sensitive data
CN101552671A (en) Network identity authentication method based on U-disk and dynamic differential password and system thereof
US8307209B2 (en) Universal authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant