CN111526010A - Key escrow method suitable for user identity authentication - Google Patents
Key escrow method suitable for user identity authentication Download PDFInfo
- Publication number
- CN111526010A CN111526010A CN202010294315.7A CN202010294315A CN111526010A CN 111526010 A CN111526010 A CN 111526010A CN 202010294315 A CN202010294315 A CN 202010294315A CN 111526010 A CN111526010 A CN 111526010A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- account
- pam
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000013475 authorization Methods 0.000 claims abstract description 53
- 238000003860 storage Methods 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 10
- 150000003839 salts Chemical class 0.000 claims description 4
- 238000005336 cracking Methods 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 9
- 238000000605 extraction Methods 0.000 description 5
- 230000010354 integration Effects 0.000 description 5
- 239000000463 material Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a key escrow method suitable for user identity authentication, which comprises the following steps: s1: registering a host A in a management authorization platform; s2: a privileged account application is provided for a management authorization platform; s3: issuing an authorization certificate to the user who passes the application; s4: storing the user privileged account number in the address position of the key store; s5: logging in the applied privileged account and inserting an authorization certificate; s6: the host A interacts with the key warehouse to verify the authorization certificate of the user; s7: accessing the address location of the key repository and extracting the key; s8: the user login is verified with host a. The invention integrates a plurality of key technologies of current key information protection, can effectively prevent hackers from violently cracking the key information, can effectively deal with the attack of hackers with strong computing power, and ensures the security of the privileged account of the user.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a key escrow method suitable for user identity authentication.
Background
With the development of the internet, people are aware of the importance of information security more and more, a security guarantee scheme based on cryptography is a reliable way for solving information confidentiality at the present stage, the security of a cryptosystem depends on the complexity of a secret key, the secret key is important information for completing encryption, decryption and integrity verification, and is a key factor for controlling the cryptoprocessing process, only the secret key needs to be kept secret in the cryptotechnology, and the loss of control over the secret key causes the failure of the cryptosystem. In some practical attack cases, there are few cases of directly attacking the encryption algorithm, and many security incidents due to the keys not being properly managed. Therefore, a safe and efficient key management and storage mode is very important.
The traditional key management is a safe and easy-to-use key escrow service commonly used in the cloud, and a common key storage method is to encrypt and store a key and a ciphertext step by using different encryption algorithms, namely multiple encryption. The multiple encryption and the single encryption are equivalent to a kind of encryption algorithm, which not only can protect the encryption algorithm, but also can hide the encryption times. The most common brute force is to brute force the key on the basis of knowing the encryption algorithm, and if the opposite party does not know the encryption times, the right encryption algorithm cannot be used, and the brute force cannot be cracked. The key warehouse management service provided by the invention is also a safe and easy-to-use key application extraction escrow service, and aims to protect the whole processes of key storage, extraction and verification and the safety of the information of the internal data of the key warehouse.
Disclosure of Invention
The invention aims to solve the problem of key security and provides a key escrow method suitable for user identity authentication.
The technical scheme of the invention is as follows: a key escrow method suitable for user identity authentication comprises the following steps:
s1: registering a host A in a management authorization platform;
s2: a user provides a privileged account application to a management authorization platform;
s3: issuing an authorization certificate to a user who passes the application by using a management authorization platform;
s4: storing the user privileged account number after the authorization certificate is issued into the address position of the key warehouse by using the management authorization platform;
s5: the method comprises the steps that a user logs in an applied privileged account in a host A and inserts an authorization certificate;
s6: interacting with a key warehouse through a PAM identity mode of a host A to verify an authorization certificate of a user;
s7: the address position of the key warehouse is accessed by the user who passes the verification success, and the key is extracted;
s8: and verifying user login by using the host A according to the extracted key to finish key escrow of user identity authentication.
The invention has the beneficial effects that: the invention provides a key escrow method suitable for user identity authentication.A key warehouse is used as a unique entrance for using a privileged account number, provides dynamic passwords for all programs and applications, and ensures that the key warehouse cannot be bypassed by calling any privileged account number and key. Meanwhile, the key warehouse provides a modular function and a standard interface, so that compatible combination of products and rapid integration of third-party products can be realized when meeting the differentiated requirements of users, and the problems in the product popularization process are solved. The invention integrates a plurality of key technologies of current key information protection, can effectively prevent hackers from brute force cracking of key information, has strict and meticulous whole process, further improves the key protection level, ensures that any module has no need of unauthorized calling of privileged account numbers to acquire the key information, ensures the legality of user account access sources, maintains the security of user account number attribute information, ensures the absolute security of line transmission data, can effectively cope with the attack of hackers with strong computing power, and ensures the security of user privileged account numbers.
Further, in step S3, the privileged account attribute information of the user who applies for passing includes the network device information key, the host identity key, and the user third-party application key.
The beneficial effects of the further scheme are as follows: in the invention, the attribute information of the user privileged account number is different, so that the attribute information can be conveniently stored in different key warehouse address positions according to different types in the subsequent steps.
Further, in step S4, the user privileged account includes a user account key and account attribute information, and the management authorization platform stores the user account key and the account attribute information in the address location of the key repository through the authorization function module.
The beneficial effects of the further scheme are as follows: in the invention, the authorization function module of the management platform stores the attribute information and authority classification of the user authorization account in a specific position of the key warehouse, and encrypts and stores the attribute information and authority classification.
Further, the key repository includes network device keys, hosts, and applications.
The beneficial effects of the further scheme are as follows: in the invention, the key warehouse can store the user privileged account in a classified manner.
Further, step S4 includes the following sub-steps:
s41: storing the user privileged account after the authorization certificate is issued into a key warehouse by using a management authorization platform;
s42: classifying and storing according to the types of the stored user privileged accounts;
s43: hashing and storing the user account keys after classified storage in a password + salt mode;
s44: performing multiple encryption on the stored user account key;
s45: hiding the times of multiple encryption and an encryption algorithm;
s46: and setting authority for each hidden storage unit to finish the storage of the address position of the user privileged account in the key warehouse.
The beneficial effects of the further scheme are as follows: in the invention, the key warehouse can prevent the brute force cracking of the key and control the operation and calling of users with different authorities.
Further, in step S6, the PAM identity mode includes a PAM authentication management module, a PAM account management module, a PAM session management module, and a PAM password management module.
The beneficial effects of the further scheme are as follows: in the invention, the PAM identity mode, namely the pluggable authentication module, is an efficient, flexible and convenient user-level authentication mode.
Further, in step S6, the PAM authentication management module, the PAM account management module, the PAM session management module, and the PAM password management module of the host a interact with the key repository through their own PAM interface library.
The beneficial effects of the further scheme are as follows: in the invention, four modes of PAM identity mode interact with the key warehouse through self interface library, verify user identity and authority classification, control access authority of privileged user to the key warehouse, and control content storage address and read-write authority of the key in the warehouse.
Further, in step S7, only the user who successfully verifies is allowed to add, delete and modify the authority account number of the key repository within the authority credential authority of the user.
The beneficial effects of the further scheme are as follows: in the invention, after the user verifies the user authority through the PAM identity module, the user is only allowed to call, extract, modify, delete and the like the data of the corresponding storage position in the warehouse within the authority, the key warehouse is used as the unique interface of the user account, the access and the operation of all unauthorized accounts are refused, the external interface parameters are standardized and cannot be falsified, and the integration and compatibility of other third-party applications can be realized.
Drawings
Fig. 1 is a flow chart of a key escrow method.
Detailed Description
The embodiments of the present invention will be further described with reference to the accompanying drawings.
As shown in fig. 1, the present invention provides a key escrow method suitable for user identity authentication, including the following steps:
s1: registering a host A in a management authorization platform;
s2: a user provides a privileged account application to a management authorization platform;
s3: issuing an authorization certificate to a user who passes the application by using a management authorization platform;
s4: storing the user privileged account number after the authorization certificate is issued into the address position of the key warehouse by using the management authorization platform;
s5: the method comprises the steps that a user logs in an applied privileged account in a host A and inserts an authorization certificate;
s6: interacting with a key warehouse through a PAM identity mode of a host A to verify an authorization certificate of a user;
s7: the address position of the key warehouse is accessed by the user who passes the verification success, and the key is extracted;
s8: and verifying user login by using the host A according to the extracted key to finish key escrow of user identity authentication.
In this embodiment of the present invention, as shown in fig. 1, in step S3, the privileged account attribute information of the user who applies for passing includes a network device information key, a host identity key, and a user third-party application key. In the invention, the attribute information of the user privileged account number is different, so that the attribute information can be conveniently stored in different key warehouse address positions according to different types in the subsequent steps.
In the embodiment of the present invention, as shown in fig. 1, in step S4, the user privileged account includes a user account key and account attribute information, and the management authorization platform stores the user account key and account attribute information in an address location of the key repository through the authorization function module. In the invention, the authorization function module of the management platform stores the attribute information and authority classification of the user authorization account in a specific position of the key warehouse, and encrypts and stores the attribute information and authority classification.
In an embodiment of the present invention, as shown in fig. 1, the key repository includes network device keys, hosts, and applications. In the invention, the key warehouse can store the user privileged account in a classified manner.
In the embodiment of the present invention, as shown in fig. 1, step S4 includes the following sub-steps:
s41: storing the user privileged account after the authorization certificate is issued into a key warehouse by using a management authorization platform;
s42: classifying and storing according to the types of the stored user privileged accounts;
s43: hashing and storing the user account keys after classified storage in a password + salt mode;
s44: performing multiple encryption on the stored user account key;
s45: hiding the times of multiple encryption and an encryption algorithm;
s46: and setting authority for each hidden storage unit to finish the storage of the address position of the user privileged account in the key warehouse.
In the invention, the key warehouse can prevent the brute force cracking of the key and control the operation and calling of users with different authorities.
In the embodiment of the present invention, as shown in fig. 1, in step S6, the PAM identity mode includes a PAM authentication management module, a PAM account management module, a PAM session management module, and a PAM password management module. In the invention, the PAM identity mode, namely the pluggable authentication module, is an efficient, flexible and convenient user-level authentication mode.
In the embodiment of the present invention, as shown in fig. 1, in step S6, the PAM authentication management module, the PAM account management module, the PAM session management module, and the PAM password management module of the host a interact with the key repository through their own PAM interface library. In the invention, four modes of PAM identity mode interact with the key warehouse through self interface library, verify user identity and authority classification, control access authority of privileged user to the key warehouse, and control content storage address and read-write authority of the key in the warehouse.
In the embodiment of the present invention, as shown in fig. 1, in step S7, only the user who successfully verifies is allowed to add, delete and modify the authority account number of the key repository within the authority credential authority of the user. In the invention, after the user verifies the user authority through the PAM identity module, the user is only allowed to call, extract, modify, delete and the like the data of the corresponding storage position in the warehouse within the authority, the key warehouse is used as the unique interface of the user account, the access and the operation of all unauthorized accounts are refused, the external interface parameters are standardized and cannot be falsified, and the integration and compatibility of other third-party applications can be realized.
Several terms mentioned in the present invention are explained below.
(1) PAM identity pattern: the verification mechanism based on plug-able Authentication Modules can be inserted into a verification module, and the use of a specific application program is limited to a root account. Different modules can realize that a system administrator sets an access control strategy according to a user, a password or a login position, and meanwhile, the system administrator is also a convenient pluggable user identity authentication mode.
(2) Encryption: the encryption is to encrypt the data material, so that an illegal user can not obtain the correct material content even if obtaining the encrypted material, so that the data encryption can protect the data and prevent the monitoring attack. The emphasis is on data security.
(3) Identity authentication: identity authentication is used for judging the authenticity of a certain identity, and after the identity is confirmed, a system can give different authorities according to different identities, and the key point is to authenticate the authenticity of a user.
The working principle and the process of the invention are as follows: first, host a is the host registered in the management authority platform. The user applies for the management authorization platform, and the platform issues authorization credentials to the user through the application of the user and stores the applied user account key or account attribute data in the address position of the key warehouse.
The key store stores a large amount of key data. The user logs in the applied privileged account in the host A, inserts the authorization certificate of platform authentication, the host A interacts with the key warehouse through the PAM identity mode to verify the user authority certificate, so as to access the storage address of the required key in the key warehouse, extract the key and further verify the user login. The key application extraction process is strict and meticulous, and the risk level that the key is leaked and cracked in the processes of storage, extraction and verification is further reduced.
The key repository assumes two important functions throughout the key escrow process. The key storage receives account keys and account attribute information of users from a management authorization platform, classified storage is performed according to stored types, the keys are encrypted in multiple ways in the storage process, hashing and storage are performed in a password + salt mode, encryption times and encryption algorithms are hidden, and exhaustive cracking of the keys is prevented; and meanwhile, setting authority for each storage unit, and controlling the operation and calling of users with different authorities. And secondly, a key calling function is realized, and after the user passes PAM identity authentication and the user authority is verified, the user is only allowed to call, extract, modify, delete and the like the data of the corresponding storage position in the warehouse in the authority.
The key warehouse is used as a unique interface of the user account, access and operation of all unauthorized accounts are refused, external interface parameters are standardized and cannot be tampered, and integration and compatibility of other third-party applications are guaranteed. In consideration of the security of calling the privileged account, the operation authority of each module is strictly controlled, and any module has to call the privileged account and the password in an unauthorized mode to strictly control the operation authority of the privileged user on the content of the key repository. Each functional module and the key warehouse work cooperatively in the key application and extraction process. First, for an authorized account, a user may access the key repository according to his authority to query and obtain a corresponding key. Secondly, the authorization function module of the management authorization platform stores the attribute information and authority classification of the user authorization account in a specific position of the key warehouse, and encrypts and stores the attribute information and authority classification. Thirdly, the user who passes the authorization verification can add, delete and modify the account in the authority through the account management module. Fourth, third party software or applications of the user may interact with the key repository after being authorized through the standard interface. Therefore, each module in the whole process needs to perform authority verification with the key warehouse, so that the calling of any privileged account and password is ensured, and the key warehouse cannot be bypassed.
The invention has the beneficial effects that: the invention provides a key escrow method suitable for user identity authentication.A key warehouse is used as a unique entrance for using a privileged account number, provides dynamic passwords for all programs and applications, and ensures that the key warehouse cannot be bypassed by calling any privileged account number and key. Meanwhile, the key warehouse provides a modular function and a standard interface, so that compatible combination of products and rapid integration of third-party products can be realized when meeting the differentiated requirements of users, and the problems in the product popularization process are solved. The invention integrates a plurality of key technologies of current key information protection, can effectively prevent hackers from brute force cracking of key information, has strict and meticulous whole process, further improves the key protection level, ensures that any module has no need of unauthorized calling of privileged account numbers to acquire the key information, ensures the legality of user account access sources, maintains the security of user account number attribute information, ensures the absolute security of line transmission data, can effectively cope with the attack of hackers with strong computing power, and ensures the security of user privileged account numbers.
It will be appreciated by those of ordinary skill in the art that the embodiments described herein are intended to assist the reader in understanding the principles of the invention and are to be construed as being without limitation to such specifically recited embodiments and examples. Those skilled in the art can make various other specific changes and combinations based on the teachings of the present invention without departing from the spirit of the invention, and these changes and combinations are within the scope of the invention.
Claims (8)
1. A key escrow method suitable for user identity authentication is characterized by comprising the following steps:
s1: registering a host A in a management authorization platform;
s2: a user provides a privileged account application to a management authorization platform;
s3: issuing an authorization certificate to a user who passes the application by using a management authorization platform;
s4: storing the user privileged account number after the authorization certificate is issued into the address position of the key warehouse by using the management authorization platform;
s5: the method comprises the steps that a user logs in an applied privileged account in a host A and inserts an authorization certificate;
s6: interacting with a key warehouse through a PAM identity mode of a host A to verify an authorization certificate of a user;
s7: the address position of the key warehouse is accessed by the user who passes the verification success, and the key is extracted;
s8: and verifying user login by using the host A according to the extracted key to finish key escrow of user identity authentication.
2. The key escrow method applicable to user identity authentication according to claim 1, wherein in step S3, the privileged account attribute information of the user who applies for passing includes a network device information key, a host identification key, and a user third party application key.
3. The key escrow method applicable to user identity authentication according to claim 1, wherein in step S4, the user privileged account includes a user account key and account attribute information, and the management authorization platform stores the user account key and account attribute information in an address location of the key repository through the authorization function module.
4. The key escrow method for user identity authentication according to claim 1, wherein in step S4, the key repository comprises network device keys, hosts and applications.
5. The key escrow method applicable to user identity authentication according to claim 1, wherein the step S4 comprises the following sub-steps:
s41: storing the user privileged account after the authorization certificate is issued into a key warehouse by using a management authorization platform;
s42: classifying and storing according to the types of the stored user privileged accounts;
s43: hashing and storing the user account keys after classified storage in a password + salt mode;
s44: performing multiple encryption on the stored user account key;
s45: hiding the times of multiple encryption and an encryption algorithm;
s46: and setting authority for each hidden storage unit to finish the storage of the address position of the user privileged account in the key warehouse.
6. The key escrow method applicable to user identity authentication according to claim 1, wherein in step S6, the PAM identity mode includes a PAM authentication management module, a PAM account management module, a PAM session management module, and a PAM password management module.
7. The key escrow method applicable to user identity authentication according to claim 6, wherein in step S6, the PAM authentication management module, the PAM account management module, the PAM session management module, and the PAM password management module of the host a interact with the key repository through their own PAM interface library.
8. The key escrow method for user identity authentication according to claim 1, wherein in step S7, only the user who successfully verifies is allowed to add, delete and modify the authority account number of the key repository within its authorized credential authority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010294315.7A CN111526010A (en) | 2020-04-15 | 2020-04-15 | Key escrow method suitable for user identity authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010294315.7A CN111526010A (en) | 2020-04-15 | 2020-04-15 | Key escrow method suitable for user identity authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111526010A true CN111526010A (en) | 2020-08-11 |
Family
ID=71901144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010294315.7A Pending CN111526010A (en) | 2020-04-15 | 2020-04-15 | Key escrow method suitable for user identity authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111526010A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112165476A (en) * | 2020-09-22 | 2021-01-01 | 广州锦行网络科技有限公司 | Method for distributed storage of privileged account passwords based on host agent |
| CN112632589A (en) * | 2020-12-31 | 2021-04-09 | 深圳前海微众银行股份有限公司 | Key escrow method, device, equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160269179A1 (en) * | 2015-03-13 | 2016-09-15 | Fornetix Llc | Server-client key escrow for applied key management system and process |
| US20170310663A1 (en) * | 2017-03-23 | 2017-10-26 | Baldev Krishan | Local and Remote Access Apparatus and System for Password Storage and management |
| CN110069916A (en) * | 2019-03-29 | 2019-07-30 | 郑州信大捷安信息技术股份有限公司 | A kind of cryptosecurity management system and method |
-
2020
- 2020-04-15 CN CN202010294315.7A patent/CN111526010A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160269179A1 (en) * | 2015-03-13 | 2016-09-15 | Fornetix Llc | Server-client key escrow for applied key management system and process |
| US20170310663A1 (en) * | 2017-03-23 | 2017-10-26 | Baldev Krishan | Local and Remote Access Apparatus and System for Password Storage and management |
| CN110069916A (en) * | 2019-03-29 | 2019-07-30 | 郑州信大捷安信息技术股份有限公司 | A kind of cryptosecurity management system and method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112165476A (en) * | 2020-09-22 | 2021-01-01 | 广州锦行网络科技有限公司 | Method for distributed storage of privileged account passwords based on host agent |
| CN112165476B (en) * | 2020-09-22 | 2021-06-01 | 广州锦行网络科技有限公司 | Method for distributed storage of privileged account passwords based on host agent |
| CN112632589A (en) * | 2020-12-31 | 2021-04-09 | 深圳前海微众银行股份有限公司 | Key escrow method, device, equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109787988B (en) | Identity strengthening authentication and authorization method and device | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| US9589143B2 (en) | Semi-trusted Data-as-a-Service platform | |
| CN102217277B (en) | Method and system for token-based authentication | |
| US7526654B2 (en) | Method and system for detecting a secure state of a computer system | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| CN105743638B (en) | Method based on B/S architecture system client authorization certifications | |
| US9053313B2 (en) | Method and system for providing continued access to authentication and encryption services | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| KR20070024633A (en) | Renewable and private biometrics | |
| KR101724401B1 (en) | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method | |
| CN109688133A (en) | It is a kind of based on exempt from account login communication means | |
| CN111954211B (en) | Novel authentication key negotiation system of mobile terminal | |
| CN108900296B (en) | Secret key storage method based on biological feature identification | |
| CN106657098A (en) | Authentication method, apparatus and system for logging in Linux operating system | |
| CN107733636A (en) | Authentication method and Verification System | |
| US20010048359A1 (en) | Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium | |
| CN111540093A (en) | Access control system and control method thereof | |
| US9411949B2 (en) | Encrypted image with matryoshka structure and mutual agreement authentication system and method using the same | |
| CN111526010A (en) | Key escrow method suitable for user identity authentication | |
| CN117216740A (en) | Digital identity authentication method based on blockchain technology | |
| CN111399980A (en) | Safety authentication method, device and system for container organizer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200811 |