CN112383914A - Password management method based on secure hardware - Google Patents
Password management method based on secure hardware Download PDFInfo
- Publication number
- CN112383914A CN112383914A CN202011270720.1A CN202011270720A CN112383914A CN 112383914 A CN112383914 A CN 112383914A CN 202011270720 A CN202011270720 A CN 202011270720A CN 112383914 A CN112383914 A CN 112383914A
- Authority
- CN
- China
- Prior art keywords
- password management
- password
- hardware
- management app
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a password management method based on secure hardware, which comprises the secure hardware and a password management APP, wherein the secure hardware comprises an encryption chip and a TurboNFC communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and conversion of communication modes; the password management APP provides the needed account number and password management for the user; the invention can effectively improve the safety of the password management APP.
Description
Technical Field
The invention relates to the technical field of internet password management, in particular to a password management method based on secure hardware.
Background
With the development of the internet, especially the mobile internet, there is an increasing demand for a user to log in an APP or a webpage on a mobile phone, for example, if the user uses kyoto shopping, the user must log in the APP or the webpage of the kyoto shopping mall to complete ordering and payment.
When a user registers a plurality of APPs or websites, it is easy to forget a plurality of passwords and their corresponding relationships with the plurality of APPs or websites. In addition, in order to increase security, the APP or website has related requirements on the login credentials provided by the user, such as length, password composition, and the like, and different APP or website requirements may also have differences, which results in long and complicated passwords, difficulty in remembering by the user, and trouble in password management.
Under the condition, a user may select to set the passwords of all websites or applications to be the same set of passwords, but if the password of one APP or website is obtained, a hacker can log in other APPs or websites in a 'library collision' attack mode easily, so that a single point of failure is caused, and great potential safety hazard is brought. Patent No. CN 108632222 a discloses a password management apparatus and its management method, a password manager, and an electronic device, and proposes to use the password management apparatus to complete secure storage of a password in hardware. But it does not use an emerging technology to turbo nfc, where the hardware and PC wiring requires a wired connection to supply power. And the interface dial-up keypad input results in reduced convenience of use.
Patent No. CN 107392008A discloses a password management method, a password management device, and a computer-readable storage medium, which use hardware to store passwords, and the scheme thereof has high requirements on hardware operation and complex communication interaction.
To sum up, the existing password management on the mobile phone has the following disadvantages: 1. the existing safe hardware power supply mainly depends on a battery or a physical interface (such as a USB interface) to supply power; 2. when the NFC chip is used as a storage medium, the content of the common NFC chip is easy to read, especially read by cracking; 3. due to the technical and size limitations, the common NFC cannot acquire extra power supply capacity to drive an encryption chip with a very high security level; 4. when a user manages the password, the password is stored in a mobile phone memory RAM, a mobile phone local hard disk or a cloud end by common password management software, so that risks of being dragged, lost and the like exist, the user is seriously lost, and further the confidence of the password management software is lost.
Aiming at the problems that password management safety on a mobile phone is low, existing password management APP has a stolen bank, and local and cloud passwords are cracked, no hardware convenient to use and matched software exist at present. Therefore, it is important to solve such problems.
Disclosure of Invention
In order to solve the problems, the invention provides a password management method based on secure hardware, which utilizes the TurboNFC technology to obtain extremely strong IC energy supply capability to drive a high-level encryption chip (supporting almost all national passwords and standard encryption and decryption algorithms) on an NFC circuit board with extremely small plane size (much smaller than the size of a bus card) and thickness, and is matched with a password security management APP to ensure that a user obtains the capability of managing own passwords in a convenient and ultra-high security mode.
In order to implement the technical scheme, the invention provides a password management method based on secure hardware, which is characterized by comprising the following steps: the method comprises security hardware and a password management APP, wherein the security hardware comprises an encryption chip and a TurboNFC communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and communication mode conversion; and the password management APP provides the required account number and password management for the user.
The further improvement is that the password management method specifically comprises the following steps:
the method comprises the following steps: binding secure hardware
S1, after discovering the security hardware, the password management APP running on the mobile phone with the NFC function manually starts the following steps to bind one security hardware;
s2, the password management APP sends a unique identification ID of a user on a server of the password management APP and a request binding instruction to the secure hardware;
s3, the security hardware firstly checks whether the security hardware is bound or not, if so, the security hardware is not allowed to be bound again, and error information is returned;
s4, if the secure hardware is not bound, sending the unique identifier of the secure hardware and the asymmetric encryption communication public key used for binding to a password management APP;
s5, after correctly reading the security hardware information and the relevant information of the encryption public key persistence, the password management APP sends a binding confirmation instruction to the security hardware;
s6, after the safety hardware receives the instruction, the mark binding is completed, the asymmetric encryption private key is stored, and the key information required by the subsequent plaintext and password encryption is generated and stored;
s7, the secure hardware finishes binding after returning an end instruction;
step two: encryption and decryption communications
The user is in after the only sign ID on password management APP's the server binds the security hardware, all of password management APP all adopt the data package after encrypting with the communication data package of security hardware to transmit, password management APP and security hardware encrypt the data package that sends separately, decrypt the data package that receives.
The further improvement lies in that the step of encrypting the password stored by the password management APP is as follows:
the method comprises the following steps: when a user stores an account and a password for logging in third-party software on the password management APP, the password management APP encrypts the password application by hardware with high security level;
step two: after confirming hardware encryption by the password management APP, sending a unique identification ID of a user on a server of the password management APP and a plaintext of a password to be encrypted to the security hardware through a mobile phone NFC communication module;
step three: after the secure hardware decodes the data packet, firstly checking whether the unique identification ID of the user on the server of the password management APP is consistent with the bound user ID, and if not, returning error information;
step four: if the user ID is checked to be consistent with the bound user ID, encrypting the password plaintext and returning the password plaintext to the password management APP;
step five: and after receiving the ciphertext, the password management APP stores the ciphertext to the local and the cloud, and performs subsequent related operations.
The further improvement lies in that the step of decrypting the cipher text of the cipher stored by the cipher management APP is as follows:
the method comprises the following steps: when the user needs to use the password, the password management APP applies the stored cipher text of the password for hardware decryption;
step two: after the password management APP checks that the password of the third-party software of the user is encrypted and stored, the user ID and the ciphertext needing to be decrypted are sent to the safety hardware through the mobile phone NFC communication module;
step three: after the safety hardware decodes the data packet, firstly checking whether the user ID is consistent with the bound user ID, and if not, returning error information;
step four: if the cipher texts are consistent with the cipher texts, the cipher texts are decrypted, and the plain texts are returned to the password management APP;
step five: and after receiving the plaintext, the password management APP stores the plaintext on a local and cloud end, or automatically sends the plaintext to a server of third-party software for authentication, or automatically sends the plaintext to a front end of the third-party software for filling.
The further improvement lies in that: a TurboNFC communication chip in the safety hardware is used as a passive device, and receives electromagnetic waves transmitted by a mobile phone through an antenna to receive energy.
The further improvement lies in that: the account and password management function comprises the step of automatically sending the information of the existing account and the password to a server of the third-party software for direct verification when logging in the third-party software.
The further improvement lies in that: the account and password management function further comprises the steps of automatically sending the existing account and password information to the front end of the third-party software when logging in the third-party software, filling the existing account and password information, and sending the information to the server of the third-party software from the front end for verification.
The invention has the beneficial effects that: by using the TurboNFC technology, on an NFC circuit board with extremely small plane size (much smaller than the size of a bus card) and thickness, extremely strong IC energy supply capacity is obtained to drive a high-level encryption chip (supporting almost all national secrets and standard encryption and decryption algorithms), and then a password security management APP is matched, so that a user can obtain the capacity of managing own passwords in an extremely convenient and highly secure manner; the password management APP is used in combination with the safety hardware, so that the safety and the practicability of the password management are improved; the account database of the APP can use the cloud storage to store the local storage, and the safety of the APP is further improved due to the existence of the safety hardware.
Drawings
FIG. 1 is a diagram of the connection framework of the security hardware and password management APP of the present invention.
FIG. 2 is a flow chart of password management APP binding security hardware of the present invention.
Fig. 3 is a flowchart of password encryption processing corresponding to a login account according to the present invention.
Fig. 4 is a flowchart of password decryption processing corresponding to the login account according to the present invention.
Fig. 5 is a block diagram of the security hardware of the present invention.
Detailed Description
In order to further understand the present invention, the following detailed description will be made with reference to the following examples, which are only used for explaining the present invention and are not to be construed as limiting the scope of the present invention.
Example one
As shown in fig. 1 to 4, the present embodiment provides a password management method based on secure hardware, including secure hardware and a password management APP, where the secure hardware includes an encryption chip and a turbo nfc communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and communication mode conversion; and the password management APP provides the required account number and password management for the user.
The password management method specifically comprises the following steps:
the method comprises the following steps: binding secure hardware
S1, after discovering the security hardware, the password management APP running on the mobile phone with the NFC function manually starts the following steps to bind one security hardware;
s2, the password management APP sends a unique identification ID of a user on a server of the password management APP and a request binding instruction to the secure hardware;
s3, the security hardware firstly checks whether the security hardware is bound or not, if so, the security hardware is not allowed to be bound again, and error information is returned;
s4, if the secure hardware is not bound, sending the unique identifier of the secure hardware and the asymmetric encryption communication public key used for binding to a password management APP;
s5, after correctly reading the security hardware information and the relevant information of the encryption public key persistence, the password management APP sends a binding confirmation instruction to the security hardware;
s6, after the safety hardware receives the instruction, the mark binding is completed, the asymmetric encryption private key is stored, and the key information required by the subsequent plaintext and password encryption is generated and stored;
s7, the secure hardware finishes binding after returning an end instruction;
step two: encryption and decryption communications
The user is in after the only sign ID on password management APP's the server binds the security hardware, all of password management APP all adopt the data package after encrypting with the communication data package of security hardware to transmit, password management APP and security hardware encrypt the data package that sends separately, decrypt the data package that receives.
The steps of encrypting the password stored by the password management APP are as follows:
the method comprises the following steps: when a user stores an account and a password for logging in third-party software on the password management APP, the password management APP encrypts the password application by hardware with high security level;
step two: after confirming hardware encryption by the password management APP, sending a unique identification ID of a user on a server of the password management APP and a plaintext of a password to be encrypted to the security hardware through a mobile phone NFC communication module;
step three: after the secure hardware decodes the data packet, firstly checking whether the unique identification ID of the user on the server of the password management APP is consistent with the bound user ID, and if not, returning error information;
step four: if the user ID is checked to be consistent with the bound user ID, encrypting the password plaintext and returning the password plaintext to the password management APP;
step five: and after receiving the ciphertext, the password management APP stores the ciphertext to the local and the cloud, and performs subsequent related operations.
The steps of decrypting the cipher text of the cipher stored by the cipher management APP are as follows:
the method comprises the following steps: when the user needs to use the password, the password management APP applies the stored cipher text of the password for hardware decryption;
step two: after the password management APP checks that the password of the third-party software of the user is encrypted and stored, the user ID and the ciphertext needing to be decrypted are sent to the safety hardware through the mobile phone NFC communication module;
step three: after the safety hardware decodes the data packet, firstly checking whether the user ID is consistent with the bound user ID, and if not, returning error information;
step four: if the cipher texts are consistent with the cipher texts, the cipher texts are decrypted, and the plain texts are returned to the password management APP;
step five: and after receiving the plaintext, the password management APP stores the plaintext on a local and cloud end, or automatically sends the plaintext to a server of third-party software for authentication, or automatically sends the plaintext to a front end of the third-party software for filling.
A TurboNFC communication chip in the safety hardware is used as a passive device, and receives electromagnetic waves transmitted by a mobile phone through an antenna to receive energy.
The account and password management function comprises the step of automatically sending the information of the existing account and the password to a server of the third-party software for direct verification when logging in the third-party software.
The account and password management function further comprises the steps of automatically sending the existing account and password information to the front end of the third-party software when logging in the third-party software, filling the existing account and password information, and sending the information to the server of the third-party software from the front end for verification.
The secure hardware and the password management APP in this embodiment are used in a matching manner, the password management APP itself can work independently of the secure hardware, and the password management system of the password management APP, which has been published by the applicant of the present application, can be specifically seen as a system for electronic identity registration and authentication login disclosed in patent No. CN 104270338B.
The TurboNFC communication chip in this embodiment is a special NFC chip, and has features of, in addition to near field communication and wireless energy transmission: the passive interface using the TurboNFC technology has much higher antenna efficiency than the conventional passive interface, can support high-efficiency wireless energy transfer, and uses a small antenna. When a common smart phone with an NFC interface is used as an NFC active interface, a device adopting the TurboNFC technology can achieve wireless power reception of at least 60 mW. When the mobile phone is matched with a new generation of mobile phones adopting an NXP NFC controller for use, the wireless power receiving of 250mW-300mW can be realized. When a small antenna is used, the signal strength of the TurboNFC reaches more than one order of magnitude of the conventional NFC technology.
And TurboNFC is used as a tag end technology, does not depend on an NFC reader-writer, and is completely compatible with standard NFC. The performance of the turbo nfc can be obtained only by using a device having the turbo nfc technology without changing a reader/writer (both software and hardware are included). This makes the use cost of TurboNFC unusually low, and the range of application is very wide. At present, most mobile phones (including samsung, huashi, apple, millet and the like) and most high-end mobile phones on the market have the functions of NFC readers and can be completely compatible with TurboNFC devices without installing any software.
In the embodiment, by using the turbo NFC technology, on an NFC circuit board with a very small plane size (much smaller than the size of a bus card) and thickness, a very strong IC energy supply capability is obtained to drive a high-level encryption chip (supporting almost all national secrets and standard encryption and decryption algorithms), and then a password security management APP is matched, so that a user obtains a capability of managing own password in a very convenient and ultra-secure manner; the password management APP is used in combination with the safety hardware, so that the safety and the practicability of the password management are improved; the account database of the APP can use the cloud storage to store the local storage, and the safety of the APP is further improved due to the existence of the safety hardware.
Example two
The N32S032 encryption chip adopting the national technology is designed by adopting an ARM-M0 security processor core and an AMBA multi-bus structure, and is a 32-bit multipurpose high-performance encryption chip developed by the national technology aiming at mobile internet identity authentication and internet of things security encryption application in electronic banks, electronic commerce, electronic government affairs and the like. The N32S032 encryption chip built-in hardware algorithm coprocessor provides excellent-performance security algorithm modules such as DES/3DES, AES, SHA, RSA, ECC, national commercial passwords SM1/SM2/SM3/SM4 and the like, and simultaneously integrates various application peripheral interfaces of 12-bit 1Msps high-precision SARADC, 10-bit DAC, a comparator, an RTC real-time clock, high-performance PWM, USB2.0(FS), multi-path SPI, UART, I2C and ISO7816, so that the Internet of things and mobile Internet security certification solution can be easily realized.
EXAMPLE III
As shown in fig. 5, in this embodiment, the TurboNFC communication chip in the secure hardware is used as a passive device, and receives energy from electromagnetic waves transmitted by the mobile phone through the antenna. The TurboNFC communication chip selects a TN2115S chip of the weft-opening intelligent core, and the encryption chip selects an N32S032 chip; the energy obtained by the antenna drives the TurboNFC chip TN2115S1 to work, and meanwhile, the energy (the voltage is 3.3V) is supplied to the encryption chip N32S032 to work.
The I2C communication adopted between the TurboNFC communication chip TN2115s1 and the encryption chip N32032 includes, but is not limited to, a duplex interface and a half-duplex interface which CAN be any normal communication, such as various interfaces of UART, SPI, CAN and the like. Because the encrypted data packets are operated on the interfaces, the monitoring and tampering can be prevented.
The mobile phone adopts ISO 14443-3A standard to carry out near field communication with TurboNFC communication chip TN2115s1, and after the TurboNFC communication chip TN2115s1 receives correct instructions, data packets are forwarded to the encryption chip. After the encryption chip N32S032 processes data and transmits an encrypted data packet to a TurboNFC communication chip TN2115S1 chip, the encryption chip uses near field communication to send the data packet to an NFC chip in a mobile phone NFC communication module to a password management APP.
Example four
The embodiment provides a password management APP using method of secure hardware based on TurboNFC, which is implemented according to the following steps:
the method comprises the following steps: after a user scans or pushes a code, finding a corresponding account and a corresponding password (a third party APP or a website which the user wants to log in) in a password management APP (commonly called as 'easy login');
step two: if the password is in a plaintext form, a user directly sends out a password plaintext from the login password management App to a destination (a login password management App plug-in or a target login website server) after clicking a 'login' button on the login password management App;
step three: if the password is in a ciphertext form, after clicking a login button on a login password management App, a user needs to send the password ciphertext to security hardware (commonly called a login device) bound with the login password management App for decryption, then sends the plaintext of the password back to the login password management App after decryption, and then automatically sends the password plaintext from the login password management App to a destination (a login easy plug-in or a target login website server).
The third step comprises the following specific steps:
s1, after clicking a 'login' button on the login password management App by a user, enabling the user to enable a logger to approach (and gradually finely adjust the contact position of) the NFC area of the mobile phone where the login password management App is located until the NFC of the mobile phone and a TurboNFC chip of the logger successfully establish a communication channel;
s2, the password management APP sends a password ciphertext;
s3, calling a decryption algorithm by the logger to obtain a password plaintext;
s4, the logger sends the decrypted cipher plaintext to the cipher management App;
s5, the login password management APP sends the received password plaintext to the destination (login easy plug-in or target login website server).
EXAMPLE five
In this embodiment, the communication chip in the secure hardware is not limited to TurboNFC, and other chips and devices with communication functions may replace the communication chip of TurboNFC.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (7)
1. A password management method based on secure hardware is characterized in that: the method comprises security hardware and a password management APP, wherein the security hardware comprises an encryption chip and a TurboNFC communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and communication mode conversion; and the password management APP provides the required account number and password management for the user.
2. The password management method based on the secure hardware as claimed in claim 1, wherein the password management method specifically comprises the following steps:
the method comprises the following steps: binding secure hardware
S1, after discovering the security hardware, the password management APP running on the mobile phone with the NFC function manually starts the following steps to bind one security hardware;
s2, the password management APP sends a unique identification ID of a user on a server of the password management APP and a request binding instruction to the secure hardware;
s3, the security hardware firstly checks whether the security hardware is bound or not, if so, the security hardware is not allowed to be bound again, and error information is returned;
s4, if the secure hardware is not bound, sending the unique identifier of the secure hardware and the asymmetric encryption communication public key used for binding to a password management APP;
s5, after correctly reading the security hardware information and the relevant information of the encryption public key persistence, the password management APP sends a binding confirmation instruction to the security hardware;
s6, after the safety hardware receives the instruction, the mark binding is completed, the asymmetric encryption private key is stored, and the key information required by the subsequent plaintext and password encryption is generated and stored;
s7, the secure hardware finishes binding after returning an end instruction;
step two: encryption and decryption communications
The user is in after the only sign ID on password management APP's the server binds the security hardware, all of password management APP all adopt the data package after encrypting with the communication data package of security hardware to transmit, password management APP and security hardware encrypt the data package that sends separately, decrypt the data package that receives.
3. The method for password management based on secure hardware according to claim 1 or 2, wherein the step of encrypting the password stored by the password management APP comprises:
the method comprises the following steps: when a user stores an account and a password for logging in third-party software on the password management APP, the password management APP encrypts the password application by hardware with high security level;
step two: after confirming hardware encryption by the password management APP, sending a unique identification ID of a user on a server of the password management APP and a plaintext of a password to be encrypted to the security hardware through a mobile phone NFC communication module;
step three: after the secure hardware decodes the data packet, firstly checking whether the unique identification ID of the user on the server of the password management APP is consistent with the bound user ID, and if not, returning error information;
step four: if the user ID is checked to be consistent with the bound user ID, encrypting the password plaintext and returning the password plaintext to the password management APP;
step five: and after receiving the ciphertext, the password management APP stores the ciphertext to the local and the cloud, and performs subsequent related operations.
4. The method for password management based on secure hardware according to claim 1 or 2, wherein the step of decrypting the ciphertext of the password stored by the password management APP is as follows:
the method comprises the following steps: when the user needs to use the password, the password management APP applies the stored cipher text of the password for hardware decryption;
step two: after the password management APP checks that the password of the third-party software of the user is encrypted and stored, the user ID and the ciphertext needing to be decrypted are sent to the safety hardware through the mobile phone NFC communication module;
step three: after the safety hardware decodes the data packet, firstly checking whether the user ID is consistent with the bound user ID, and if not, returning error information;
step four: if the cipher texts are consistent with the cipher texts, the cipher texts are decrypted, and the plain texts are returned to the password management APP;
step five: and after receiving the plaintext, the password management APP stores the plaintext on a local and cloud end, or automatically sends the plaintext to a server of third-party software for authentication, or automatically sends the plaintext to a front end of the third-party software for filling.
5. A secure hardware-based password management method according to claim 1, wherein: a TurboNFC communication chip in the safety hardware is used as a passive device, and receives electromagnetic waves transmitted by a mobile phone through an antenna to receive energy.
6. A secure hardware-based password management method according to claim 1, wherein: the account and password management function comprises the step of automatically sending the information of the existing account and the password to a server of the third-party software for direct verification when logging in the third-party software.
7. A secure hardware-based password management method according to claim 1, wherein: the account and password management function further comprises the steps of automatically sending the existing account and password information to the front end of the third-party software when logging in the third-party software, filling the existing account and password information, and sending the information to the server of the third-party software from the front end for verification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011270720.1A CN112383914B (en) | 2020-11-13 | 2020-11-13 | Password management method based on secure hardware |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011270720.1A CN112383914B (en) | 2020-11-13 | 2020-11-13 | Password management method based on secure hardware |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112383914A true CN112383914A (en) | 2021-02-19 |
CN112383914B CN112383914B (en) | 2022-02-01 |
Family
ID=74582554
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011270720.1A Active CN112383914B (en) | 2020-11-13 | 2020-11-13 | Password management method based on secure hardware |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112383914B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113014393A (en) * | 2021-02-20 | 2021-06-22 | 中易通科技股份有限公司 | Password safe box system based on hardware encryption and application method |
CN113901529A (en) * | 2021-10-09 | 2022-01-07 | 上海盛本智能科技股份有限公司 | Equipment safety management method based on encryption hardware |
CN117951737A (en) * | 2024-01-08 | 2024-04-30 | 广州市蓝粤网络科技有限公司 | Encryption storage management key card for time-space correlation chip of confidential data |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080181409A1 (en) * | 2007-01-31 | 2008-07-31 | Zhuqiang Wang | Method for guaranteeing security of critical data, terminal and secured chip |
CN102236756A (en) * | 2011-05-09 | 2011-11-09 | 山东超越数控电子有限公司 | File encryption method based on TCM (trusted cryptography module) and USBkey |
CN102325026A (en) * | 2011-07-14 | 2012-01-18 | 易讯天空计算机技术(深圳)有限公司 | Account password secure encryption system |
CN103023925A (en) * | 2012-06-29 | 2013-04-03 | 上海华苑电子有限公司 | NFC (near field communication) personal account information management system and method for implementing same |
CN104270338A (en) * | 2014-09-01 | 2015-01-07 | 刘文印 | A method and system of electronic identity registration and authentication login |
CN104636682A (en) * | 2015-02-09 | 2015-05-20 | 上海瀚银信息技术有限公司 | Password management system and method based on hardware device |
CN104868997A (en) * | 2015-03-30 | 2015-08-26 | 廖小谦 | Safety intelligent hardware, and protection method and system of user data of intelligent terminal |
CN105871866A (en) * | 2016-04-28 | 2016-08-17 | 济南大学 | System and method for password management based on computer hardware information |
-
2020
- 2020-11-13 CN CN202011270720.1A patent/CN112383914B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080181409A1 (en) * | 2007-01-31 | 2008-07-31 | Zhuqiang Wang | Method for guaranteeing security of critical data, terminal and secured chip |
CN102236756A (en) * | 2011-05-09 | 2011-11-09 | 山东超越数控电子有限公司 | File encryption method based on TCM (trusted cryptography module) and USBkey |
CN102325026A (en) * | 2011-07-14 | 2012-01-18 | 易讯天空计算机技术(深圳)有限公司 | Account password secure encryption system |
CN103023925A (en) * | 2012-06-29 | 2013-04-03 | 上海华苑电子有限公司 | NFC (near field communication) personal account information management system and method for implementing same |
CN104270338A (en) * | 2014-09-01 | 2015-01-07 | 刘文印 | A method and system of electronic identity registration and authentication login |
CN104636682A (en) * | 2015-02-09 | 2015-05-20 | 上海瀚银信息技术有限公司 | Password management system and method based on hardware device |
CN104868997A (en) * | 2015-03-30 | 2015-08-26 | 廖小谦 | Safety intelligent hardware, and protection method and system of user data of intelligent terminal |
CN105871866A (en) * | 2016-04-28 | 2016-08-17 | 济南大学 | System and method for password management based on computer hardware information |
Non-Patent Citations (1)
Title |
---|
羽化成诗: "启纬智芯研发出TurboNFC技术,将应用于自研芯片TN2115S1", 《贤集网》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113014393A (en) * | 2021-02-20 | 2021-06-22 | 中易通科技股份有限公司 | Password safe box system based on hardware encryption and application method |
CN113901529A (en) * | 2021-10-09 | 2022-01-07 | 上海盛本智能科技股份有限公司 | Equipment safety management method based on encryption hardware |
CN113901529B (en) * | 2021-10-09 | 2023-03-24 | 上海盛本智能科技股份有限公司 | Equipment safety management method based on encryption hardware |
CN117951737A (en) * | 2024-01-08 | 2024-04-30 | 广州市蓝粤网络科技有限公司 | Encryption storage management key card for time-space correlation chip of confidential data |
Also Published As
Publication number | Publication date |
---|---|
CN112383914B (en) | 2022-02-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112383914B (en) | Password management method based on secure hardware | |
CN107077670B (en) | Method and apparatus for transmitting and processing transaction message, computer readable storage medium | |
CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
CN1913427B (en) | System and method for encrypted smart card PIN entry | |
CN102473212B (en) | Generate the method for soft token | |
CN103366111B (en) | Mobile device realizes the method for smart card extended authentication control based on Quick Response Code | |
US20130001301A1 (en) | Controlling Connectivity of a Wireless Smart Card Reader | |
CN1889419B (en) | Method and apparatus for realizing encrypting | |
KR20170134631A (en) | User authentication method and apparatus, and wearable device registration method and apparatus | |
WO2012031433A1 (en) | System and method for remote payment based on mobile terminal | |
CN101465019A (en) | Method and system for implementing network authentication | |
CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
CN103259667A (en) | Method and system for eID authentication on mobile terminal | |
WO2013071711A1 (en) | Method for processing payment business and terminal | |
KR101877386B1 (en) | Method for reading an rfid token, rfid card and electronic device | |
CN103237305A (en) | Password protection method for smart card on mobile terminals | |
US10733283B1 (en) | Secure password generation and management using NFC and contactless smart cards | |
CN102694782A (en) | Internet-based device and method for security information interaction | |
CN104754568A (en) | Identity recognition method and device based on NFC (Near Field Communication) | |
CN107005575A (en) | A kind of smart card and its method of work with dynamic token OTP functions | |
KR20120093596A (en) | System and method for transferring money using otp and qr-code | |
TW201349127A (en) | Dynamic barcode verification system and its verification method | |
CN201150068Y (en) | Multifunctional information safety equipment | |
CN105490708B (en) | A kind of method and device for reading and writing smart card | |
CN204856595U (en) | Mobile payment system based on bluetooth |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |