CN112383914B - Password management method based on secure hardware - Google Patents

Password management method based on secure hardware Download PDF

Info

Publication number
CN112383914B
CN112383914B CN202011270720.1A CN202011270720A CN112383914B CN 112383914 B CN112383914 B CN 112383914B CN 202011270720 A CN202011270720 A CN 202011270720A CN 112383914 B CN112383914 B CN 112383914B
Authority
CN
China
Prior art keywords
password management
password
management app
hardware
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011270720.1A
Other languages
Chinese (zh)
Other versions
CN112383914A (en
Inventor
李重保
凡帅
刘文印
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN202011270720.1A priority Critical patent/CN112383914B/en
Publication of CN112383914A publication Critical patent/CN112383914A/en
Application granted granted Critical
Publication of CN112383914B publication Critical patent/CN112383914B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses a password management method based on secure hardware, which comprises the secure hardware and a password management APP, wherein the secure hardware comprises an encryption chip and a TurboNFC communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and conversion of communication modes; the password management APP provides the needed account number and password management for the user; the invention can effectively improve the safety of the password management APP.

Description

Password management method based on secure hardware
Technical Field
The invention relates to the technical field of internet password management, in particular to a password management method based on secure hardware.
Background
With the development of the internet, especially the mobile internet, there is an increasing demand for a user to log in an APP or a webpage on a mobile phone, for example, if the user uses kyoto shopping, the user must log in the APP or the webpage of the kyoto shopping mall to complete ordering and payment.
When a user registers a plurality of APPs or websites, it is easy to forget a plurality of passwords and their corresponding relationships with the plurality of APPs or websites. In addition, in order to increase security, the APP or website has related requirements on the login credentials provided by the user, such as length, password composition, and the like, and different APP or website requirements may also have differences, which results in long and complicated passwords, difficulty in remembering by the user, and trouble in password management.
Under the condition, a user may select to set the passwords of all websites or applications to be the same set of passwords, but if the password of one APP or website is obtained, a hacker can log in other APPs or websites in a 'library collision' attack mode easily, so that a single point of failure is caused, and great potential safety hazard is brought. Patent No. CN 108632222 a discloses a password management apparatus and its management method, a password manager, and an electronic device, and proposes to use the password management apparatus to complete secure storage of a password in hardware. But it does not use an emerging technology to turbo nfc, where the hardware and PC wiring requires a wired connection to supply power. And the interface dial-up keypad input results in reduced convenience of use.
Patent No. CN 107392008A discloses a password management method, a password management device, and a computer-readable storage medium, which use hardware to store passwords, and the scheme thereof has high requirements on hardware operation and complex communication interaction.
To sum up, the existing password management on the mobile phone has the following disadvantages: 1. the existing safe hardware power supply mainly depends on a battery or a physical interface (such as a USB interface) to supply power; 2. when the NFC chip is used as a storage medium, the content of the common NFC chip is easy to read, especially read by cracking; 3. due to the technical and size limitations, the common NFC cannot acquire extra power supply capacity to drive an encryption chip with a very high security level; 4. when a user manages the password, the password is stored in a mobile phone memory RAM, a mobile phone local hard disk or a cloud end by common password management software, so that risks of being dragged, lost and the like exist, the user is seriously lost, and further the confidence of the password management software is lost.
Aiming at the problems that password management safety on a mobile phone is low, existing password management APP has a stolen bank, and local and cloud passwords are cracked, no hardware convenient to use and matched software exist at present. Therefore, it is important to solve such problems.
Disclosure of Invention
In order to solve the problems, the invention provides a password management method based on secure hardware, which utilizes the TurboNFC technology to obtain extremely strong IC energy supply capability to drive a high-level encryption chip (supporting almost all national passwords and standard encryption and decryption algorithms) on an NFC circuit board with extremely small plane size (much smaller than the size of a bus card) and thickness, and is matched with a password security management APP to ensure that a user obtains the capability of managing own passwords in a convenient and ultra-high security mode.
In order to implement the technical scheme, the invention provides a password management method based on secure hardware, which is characterized by comprising the following steps: the method comprises security hardware and a password management APP, wherein the security hardware comprises an encryption chip and a TurboNFC communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and communication mode conversion; and the password management APP provides the required account number and password management for the user.
The further improvement is that the password management method specifically comprises the following steps:
the method comprises the following steps: binding secure hardware
S1, after discovering the security hardware, the password management APP running on the mobile phone with the NFC function manually starts the following steps to bind one security hardware;
s2, the password management APP sends a unique identification ID of a user on a server of the password management APP and a request binding instruction to the secure hardware;
s3, the security hardware firstly checks whether the security hardware is bound or not, if so, the security hardware is not allowed to be bound again, and error information is returned;
s4, if the secure hardware is not bound, sending the unique identifier of the secure hardware and the asymmetric encryption communication public key used for binding to a password management APP;
s5, after correctly reading the security hardware information and the relevant information of the encryption public key persistence, the password management APP sends a binding confirmation instruction to the security hardware;
s6, after the safety hardware receives the instruction, the mark binding is completed, the asymmetric encryption private key is stored, and the key information required by the subsequent plaintext and password encryption is generated and stored;
s7, the secure hardware finishes binding after returning an end instruction;
step two: encryption and decryption communications
The user is in after the only sign ID on password management APP's the server binds the security hardware, all of password management APP all adopt the data package after encrypting with the communication data package of security hardware to transmit, password management APP and security hardware encrypt the data package that sends separately, decrypt the data package that receives.
The further improvement lies in that the step of encrypting the password stored by the password management APP is as follows:
the method comprises the following steps: when a user stores an account and a password for logging in third-party software on the password management APP, the password management APP encrypts the password application by hardware with high security level;
step two: after confirming hardware encryption by the password management APP, sending a unique identification ID of a user on a server of the password management APP and a plaintext of a password to be encrypted to the security hardware through a mobile phone NFC communication module;
step three: after the secure hardware decodes the data packet, firstly checking whether the unique identification ID of the user on the server of the password management APP is consistent with the bound user ID, and if not, returning error information;
step four: if the user ID is checked to be consistent with the bound user ID, encrypting the password plaintext and returning the password plaintext to the password management APP;
step five: and after receiving the ciphertext, the password management APP stores the ciphertext to the local and the cloud, and performs subsequent related operations.
The further improvement lies in that the step of decrypting the cipher text of the cipher stored by the cipher management APP is as follows:
the method comprises the following steps: when the user needs to use the password, the password management APP applies the stored cipher text of the password for hardware decryption;
step two: after the password management APP checks that the password of the third-party software of the user is encrypted and stored, the user ID and the ciphertext needing to be decrypted are sent to the safety hardware through the mobile phone NFC communication module;
step three: after the safety hardware decodes the data packet, firstly checking whether the user ID is consistent with the bound user ID, and if not, returning error information;
step four: if the cipher texts are consistent with the cipher texts, the cipher texts are decrypted, and the plain texts are returned to the password management APP;
step five: and after receiving the plaintext, the password management APP stores the plaintext on a local and cloud end, or automatically sends the plaintext to a server of third-party software for authentication, or automatically sends the plaintext to a front end of the third-party software for filling.
The further improvement lies in that: a TurboNFC communication chip in the safety hardware is used as a passive device, and receives electromagnetic waves transmitted by a mobile phone through an antenna to receive energy.
The further improvement lies in that: the account and password management function comprises the step of automatically sending the information of the existing account and the password to a server of the third-party software for direct verification when logging in the third-party software.
The further improvement lies in that: the account and password management function further comprises the steps of automatically sending the existing account and password information to the front end of the third-party software when logging in the third-party software, filling the existing account and password information, and sending the information to the server of the third-party software from the front end for verification.
The invention has the beneficial effects that: by using the TurboNFC technology, on an NFC circuit board with extremely small plane size (much smaller than the size of a bus card) and thickness, extremely strong IC energy supply capacity is obtained to drive a high-level encryption chip (supporting almost all national secrets and standard encryption and decryption algorithms), and then a password security management APP is matched, so that a user can obtain the capacity of managing own passwords in an extremely convenient and highly secure manner; the password management APP is used in combination with the safety hardware, so that the safety and the practicability of the password management are improved; the account database of the APP can use the cloud storage to store the local storage, and the safety of the APP is further improved due to the existence of the safety hardware.
Drawings
FIG. 1 is a diagram of the connection framework of the security hardware and password management APP of the present invention.
FIG. 2 is a flow chart of password management APP binding security hardware of the present invention.
Fig. 3 is a flowchart of password encryption processing corresponding to a login account according to the present invention.
Fig. 4 is a flowchart of password decryption processing corresponding to the login account according to the present invention.
Fig. 5 is a block diagram of the security hardware of the present invention.
Detailed Description
In order to further understand the present invention, the following detailed description will be made with reference to the following examples, which are only used for explaining the present invention and are not to be construed as limiting the scope of the present invention.
Example one
As shown in fig. 1 to 4, the present embodiment provides a password management method based on secure hardware, including secure hardware and a password management APP, where the secure hardware includes an encryption chip and a turbo nfc communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and communication mode conversion; and the password management APP provides the required account number and password management for the user.
The password management method specifically comprises the following steps:
the method comprises the following steps: binding secure hardware
S1, after discovering the security hardware, the password management APP running on the mobile phone with the NFC function manually starts the following steps to bind one security hardware;
s2, the password management APP sends a unique identification ID of a user on a server of the password management APP and a request binding instruction to the secure hardware;
s3, the security hardware firstly checks whether the security hardware is bound or not, if so, the security hardware is not allowed to be bound again, and error information is returned;
s4, if the secure hardware is not bound, sending the unique identifier of the secure hardware and the asymmetric encryption communication public key used for binding to a password management APP;
s5, after correctly reading the security hardware information and the relevant information of the encryption public key persistence, the password management APP sends a binding confirmation instruction to the security hardware;
s6, after the safety hardware receives the instruction, the mark binding is completed, the asymmetric encryption private key is stored, and the key information required by the subsequent plaintext and password encryption is generated and stored;
s7, the secure hardware finishes binding after returning an end instruction;
step two: encryption and decryption communications
The user is in after the only sign ID on password management APP's the server binds the security hardware, all of password management APP all adopt the data package after encrypting with the communication data package of security hardware to transmit, password management APP and security hardware encrypt the data package that sends separately, decrypt the data package that receives.
The steps of encrypting the password stored by the password management APP are as follows:
the method comprises the following steps: when a user stores an account and a password for logging in third-party software on the password management APP, the password management APP encrypts the password application by hardware with high security level;
step two: after confirming hardware encryption by the password management APP, sending a unique identification ID of a user on a server of the password management APP and a plaintext of a password to be encrypted to the security hardware through a mobile phone NFC communication module;
step three: after the secure hardware decodes the data packet, firstly checking whether the unique identification ID of the user on the server of the password management APP is consistent with the bound user ID, and if not, returning error information;
step four: if the user ID is checked to be consistent with the bound user ID, encrypting the password plaintext and returning the password plaintext to the password management APP;
step five: and after receiving the ciphertext, the password management APP stores the ciphertext to the local and the cloud, and performs subsequent related operations.
The steps of decrypting the cipher text of the cipher stored by the cipher management APP are as follows:
the method comprises the following steps: when the user needs to use the password, the password management APP applies the stored cipher text of the password for hardware decryption;
step two: after the password management APP checks that the password of the third-party software of the user is encrypted and stored, the user ID and the ciphertext needing to be decrypted are sent to the safety hardware through the mobile phone NFC communication module;
step three: after the safety hardware decodes the data packet, firstly checking whether the user ID is consistent with the bound user ID, and if not, returning error information;
step four: if the cipher texts are consistent with the cipher texts, the cipher texts are decrypted, and the plain texts are returned to the password management APP;
step five: and after receiving the plaintext, the password management APP stores the plaintext on a local and cloud end, or automatically sends the plaintext to a server of third-party software for authentication, or automatically sends the plaintext to a front end of the third-party software for filling.
A TurboNFC communication chip in the safety hardware is used as a passive device, and receives electromagnetic waves transmitted by a mobile phone through an antenna to receive energy.
The account and password management function comprises the step of automatically sending the information of the existing account and the password to a server of the third-party software for direct verification when logging in the third-party software.
The account and password management function further comprises the steps of automatically sending the existing account and password information to the front end of the third-party software when logging in the third-party software, filling the existing account and password information, and sending the information to the server of the third-party software from the front end for verification.
The secure hardware and the password management APP in this embodiment are used in a matching manner, the password management APP itself can work independently of the secure hardware, and the password management system of the password management APP, which has been published by the applicant of the present application, can be specifically seen as a system for electronic identity registration and authentication login disclosed in patent No. CN 104270338B.
The TurboNFC communication chip in this embodiment is a special NFC chip, and has features of, in addition to near field communication and wireless energy transmission: the passive interface using the TurboNFC technology has much higher antenna efficiency than the conventional passive interface, can support high-efficiency wireless energy transfer, and uses a small antenna. When a common smart phone with an NFC interface is used as an NFC active interface, a device adopting the TurboNFC technology can achieve wireless power reception of at least 60 mW. When the mobile phone is matched with a new generation of mobile phones adopting an NXP NFC controller for use, the wireless power receiving of 250mW-300mW can be realized. When a small antenna is used, the signal strength of the TurboNFC reaches more than one order of magnitude of the conventional NFC technology.
And TurboNFC is used as a tag end technology, does not depend on an NFC reader-writer, and is completely compatible with standard NFC. The performance of the turbo nfc can be obtained only by using a device having the turbo nfc technology without changing a reader/writer (both software and hardware are included). This makes the use cost of TurboNFC unusually low, and the range of application is very wide. At present, most mobile phones (including samsung, huashi, apple, millet and the like) and most high-end mobile phones on the market have the functions of NFC readers and can be completely compatible with TurboNFC devices without installing any software.
In the embodiment, by using the turbo NFC technology, on an NFC circuit board with a very small plane size (much smaller than the size of a bus card) and thickness, a very strong IC energy supply capability is obtained to drive a high-level encryption chip (supporting almost all national secrets and standard encryption and decryption algorithms), and then a password security management APP is matched, so that a user obtains a capability of managing own password in a very convenient and ultra-secure manner; the password management APP is used in combination with the safety hardware, so that the safety and the practicability of the password management are improved; the account database of the APP can use the cloud storage to store the local storage, and the safety of the APP is further improved due to the existence of the safety hardware.
Example two
The N32S032 encryption chip adopting the national technology is designed by adopting an ARM-M0 security processor core and an AMBA multi-bus structure, and is a 32-bit multipurpose high-performance encryption chip developed by the national technology aiming at mobile internet identity authentication and internet of things security encryption application in electronic banks, electronic commerce, electronic government affairs and the like. The N32S032 encryption chip built-in hardware algorithm coprocessor provides excellent-performance security algorithm modules such as DES/3DES, AES, SHA, RSA, ECC, national commercial passwords SM1/SM2/SM3/SM4 and the like, and simultaneously integrates various application peripheral interfaces of 12-bit 1Msps high-precision SARADC, 10-bit DAC, a comparator, an RTC real-time clock, high-performance PWM, USB2.0(FS), multi-path SPI, UART, I2C and ISO7816, so that the Internet of things and mobile Internet security certification solution can be easily realized.
EXAMPLE III
As shown in fig. 5, in this embodiment, the TurboNFC communication chip in the secure hardware is used as a passive device, and receives energy from electromagnetic waves transmitted by the mobile phone through the antenna. The TurboNFC communication chip selects a TN2115S chip of the weft-opening intelligent core, and the encryption chip selects an N32S032 chip; the energy obtained by the antenna drives the TurboNFC chip TN2115S1 to work, and meanwhile, the energy (the voltage is 3.3V) is supplied to the encryption chip N32S032 to work.
The I2C communication adopted between the TurboNFC communication chip TN2115s1 and the encryption chip N32032 includes, but is not limited to, a duplex interface and a half-duplex interface which CAN be any normal communication, such as various interfaces of UART, SPI, CAN and the like. Because the encrypted data packets are operated on the interfaces, the monitoring and tampering can be prevented.
The mobile phone adopts ISO 14443-3A standard to carry out near field communication with TurboNFC communication chip TN2115s1, and after the TurboNFC communication chip TN2115s1 receives correct instructions, data packets are forwarded to the encryption chip. After the encryption chip N32S032 processes data and transmits an encrypted data packet to a TurboNFC communication chip TN2115S1 chip, the encryption chip uses near field communication to send the data packet to an NFC chip in a mobile phone NFC communication module to a password management APP.
Example four
The embodiment provides a password management APP using method of secure hardware based on TurboNFC, which is implemented according to the following steps:
the method comprises the following steps: after a user scans or pushes a code, finding a corresponding account and a corresponding password (a third party APP or a website which the user wants to log in) in a password management APP (commonly called as 'easy login');
step two: if the password is in a plaintext form, a user directly sends out a password plaintext from the login password management App to a destination (a login password management App plug-in or a target login website server) after clicking a 'login' button on the login password management App;
step three: if the password is in a ciphertext form, after clicking a login button on a login password management App, a user needs to send the password ciphertext to security hardware (commonly called a login device) bound with the login password management App for decryption, then sends the plaintext of the password back to the login password management App after decryption, and then automatically sends the password plaintext from the login password management App to a destination (a login easy plug-in or a target login website server).
The third step comprises the following specific steps:
s1, after clicking a 'login' button on the login password management App by a user, enabling the user to enable a logger to approach (and gradually finely adjust the contact position of) the NFC area of the mobile phone where the login password management App is located until the NFC of the mobile phone and a TurboNFC chip of the logger successfully establish a communication channel;
s2, the password management APP sends a password ciphertext;
s3, calling a decryption algorithm by the logger to obtain a password plaintext;
s4, the logger sends the decrypted cipher plaintext to the cipher management App;
s5, the login password management APP sends the received password plaintext to the destination (login easy plug-in or target login website server).
EXAMPLE five
In this embodiment, the communication chip in the secure hardware is not limited to TurboNFC, and other chips and devices with communication functions may replace the communication chip of TurboNFC.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (1)

1. A password management method based on secure hardware is characterized in that: the method comprises security hardware and a password management APP, wherein the security hardware comprises an encryption chip and a TurboNFC communication chip; the encryption chip is a trusted platform module and is used as an independent device for generating a secret key and encrypting and decrypting the secret key, and the encryption chip is internally provided with an independent processor and a safe storage unit for storing the secret key and the characteristic data and providing encryption and safe authentication service functions for the password management APP; the password management APP transmits data through asymmetric encryption communication and an encryption chip, and the TurboNFC communication chip is responsible for data transmission and communication mode conversion; the password management APP provides the required account and password management for the user; the password management method specifically comprises the following steps:
the method comprises the following steps: binding secure hardware
S1, after discovering the security hardware, the password management APP running on the mobile phone with the NFC function manually starts the following steps to bind one security hardware;
s2, the password management APP sends a unique identification ID of a user on a server of the password management APP and a request binding instruction to the secure hardware;
s3, the security hardware firstly checks whether the security hardware is bound or not, if so, the security hardware is not allowed to be bound again, and error information is returned;
s4, if the secure hardware is not bound, sending the unique identifier of the secure hardware and the asymmetric encrypted communication public key used for binding to a password management APP;
s5, after correctly reading the security hardware information and the relevant information of the encryption public key persistence, the password management APP sends a binding confirmation instruction to the security hardware;
s6, after the safety hardware receives the instruction, the mark binding is completed, the asymmetric encryption private key is stored, and the key information required by the subsequent plaintext and password encryption is generated and stored;
s7, the secure hardware finishes binding after returning an end instruction;
step two: encryption and decryption communications
After the user binds the security hardware with the unique identifier ID on the server of the password management APP, all communication data packets of the password management APP and the security hardware are transmitted by adopting encrypted data packets, and the password management APP and the security hardware encrypt the data packets sent by the password management APP and decrypt the received data packets;
the steps of encrypting the password stored by the password management APP are as follows:
the method comprises the following steps: when a user stores an account and a password for logging in third-party software on the password management APP, the password management APP encrypts the password application by hardware with high security level;
step two: after confirming hardware encryption by the password management APP, sending a unique identification ID of a user on a server of the password management APP and a plaintext of a password to be encrypted to the security hardware through a mobile phone NFC communication module;
step three: after the secure hardware decodes the data packet, firstly checking whether the unique identification ID of the user on the server of the password management APP is consistent with the bound user ID, and if not, returning error information;
step four: if the user ID is checked to be consistent with the bound user ID, encrypting the password plaintext and returning the password plaintext to the password management APP;
step five: after receiving the ciphertext, the password management APP stores the ciphertext to the local and the cloud, and performs subsequent related operations;
the step of decrypting the cipher text of the cipher stored by the cipher management APP is as follows:
the method comprises the following steps: when the user needs to use the password, the password management APP applies the stored cipher text of the password for hardware decryption;
step two: after the password management APP checks that the password of the third-party software of the user is encrypted and stored, the user ID and the ciphertext needing to be decrypted are sent to the safety hardware through the mobile phone NFC communication module;
step three: after the safety hardware decodes the data packet, firstly checking whether the user ID is consistent with the bound user ID, and if not, returning error information;
step four: if the cipher texts are consistent with the cipher texts, the cipher texts are decrypted, and the plain texts are returned to the password management APP;
step five: after receiving the plaintext, the password management APP stores the plaintext on a local and cloud end, or automatically sends the plaintext to a server of third-party software for authentication, or automatically sends the plaintext to the front end of the third-party software for filling;
a TurboNFC communication chip in the safety hardware is used as a passive device, and receives electromagnetic wave receiving energy sent by a mobile phone through an antenna;
the account and password management function comprises the steps that when third-party software logs in, existing account and password information is automatically sent to a server of the third-party software for direct verification;
the account and password management function further comprises the steps of automatically sending the existing account and password information to the front end of the third-party software when logging in the third-party software, filling the existing account and password information, and sending the information to the server of the third-party software from the front end for verification.
CN202011270720.1A 2020-11-13 2020-11-13 Password management method based on secure hardware Active CN112383914B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011270720.1A CN112383914B (en) 2020-11-13 2020-11-13 Password management method based on secure hardware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011270720.1A CN112383914B (en) 2020-11-13 2020-11-13 Password management method based on secure hardware

Publications (2)

Publication Number Publication Date
CN112383914A CN112383914A (en) 2021-02-19
CN112383914B true CN112383914B (en) 2022-02-01

Family

ID=74582554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011270720.1A Active CN112383914B (en) 2020-11-13 2020-11-13 Password management method based on secure hardware

Country Status (1)

Country Link
CN (1) CN112383914B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113014393B (en) * 2021-02-20 2023-04-28 中易通科技股份有限公司 Password safe box system based on hardware encryption and application method
CN113901529B (en) * 2021-10-09 2023-03-24 上海盛本智能科技股份有限公司 Equipment safety management method based on encryption hardware
CN117951737A (en) * 2024-01-08 2024-04-30 广州市蓝粤网络科技有限公司 Encryption storage management key card for time-space correlation chip of confidential data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023925A (en) * 2012-06-29 2013-04-03 上海华苑电子有限公司 NFC (near field communication) personal account information management system and method for implementing same
CN104270338A (en) * 2014-09-01 2015-01-07 刘文印 A method and system of electronic identity registration and authentication login
CN104868997A (en) * 2015-03-30 2015-08-26 廖小谦 Safety intelligent hardware, and protection method and system of user data of intelligent terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236591B (en) * 2007-01-31 2011-08-24 联想(北京)有限公司 Method, terminal and safe chip for guaranteeing critical data safety
CN102236756A (en) * 2011-05-09 2011-11-09 山东超越数控电子有限公司 File encryption method based on TCM (trusted cryptography module) and USBkey
CN102325026A (en) * 2011-07-14 2012-01-18 易讯天空计算机技术(深圳)有限公司 Account password secure encryption system
CN104636682A (en) * 2015-02-09 2015-05-20 上海瀚银信息技术有限公司 Password management system and method based on hardware device
CN105871866B (en) * 2016-04-28 2018-10-12 济南大学 A kind of password management system and method based on computer hardware information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103023925A (en) * 2012-06-29 2013-04-03 上海华苑电子有限公司 NFC (near field communication) personal account information management system and method for implementing same
CN104270338A (en) * 2014-09-01 2015-01-07 刘文印 A method and system of electronic identity registration and authentication login
CN104868997A (en) * 2015-03-30 2015-08-26 廖小谦 Safety intelligent hardware, and protection method and system of user data of intelligent terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
启纬智芯研发出TurboNFC技术,将应用于自研芯片TN2115S1;羽化成诗;《贤集网》;20190731;第1-4页 *

Also Published As

Publication number Publication date
CN112383914A (en) 2021-02-19

Similar Documents

Publication Publication Date Title
CN112383914B (en) Password management method based on secure hardware
CN103501191B (en) A kind of mobile payment device based on NFC technology and method thereof
CN1913427B (en) System and method for encrypted smart card PIN entry
CN101465019B (en) Method and system for implementing network authentication
CN103366111B (en) Mobile device realizes the method for smart card extended authentication control based on Quick Response Code
CN1889419B (en) Method and apparatus for realizing encrypting
US20130001301A1 (en) Controlling Connectivity of a Wireless Smart Card Reader
WO2012031433A1 (en) System and method for remote payment based on mobile terminal
CN101483654A (en) Method and system for implementing authentication and data safe transmission
CN113344570A (en) Method for transmitting and processing transaction message and data processing device
CN103793815A (en) Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards
CN103259667A (en) Method and system for eID authentication on mobile terminal
KR101877386B1 (en) Method for reading an rfid token, rfid card and electronic device
WO2013071711A1 (en) Method for processing payment business and terminal
CN103237305A (en) Password protection method for smart card on mobile terminals
CN102694782A (en) Internet-based device and method for security information interaction
US20230088837A1 (en) Secure password generation and management using nfc and contactless smart cards
CN107005575A (en) A kind of smart card and its method of work with dynamic token OTP functions
KR20120093596A (en) System and method for transferring money using otp and qr-code
CN201150068Y (en) Multifunctional information safety equipment
CN105490708B (en) A kind of method and device for reading and writing smart card
CN202918498U (en) SIM card adapter, mobile terminal and digital signature authentication system
CN104205900B (en) Wireless memory device certification
CN105072136A (en) Method and system for security authentication between devices based on virtual drive
CN105405010B (en) Transaction device, transaction system using the same and transaction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant