CN113486375B - Storage method and device of equipment information, storage medium and electronic device - Google Patents
Storage method and device of equipment information, storage medium and electronic device Download PDFInfo
- Publication number
- CN113486375B CN113486375B CN202110809234.0A CN202110809234A CN113486375B CN 113486375 B CN113486375 B CN 113486375B CN 202110809234 A CN202110809234 A CN 202110809234A CN 113486375 B CN113486375 B CN 113486375B
- Authority
- CN
- China
- Prior art keywords
- information
- encryption
- stored
- salified
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 150000003839 salts Chemical class 0.000 claims abstract description 107
- 230000000875 corresponding effect Effects 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 8
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 230000002596 correlated effect Effects 0.000 claims description 6
- 238000009938 salting Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a storage method and a storage device of equipment information, a storage medium and an electronic device, wherein the method comprises the following steps: carrying out salifying treatment on the information of the equipment to be stored by using the target salt value to obtain first salified information; performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information; and storing the target salt value, the first encryption information and the second encryption information. The application solves the problem that the security of the equipment information is poor due to easy leakage in the storage mode of the equipment information in the related technology.
Description
Technical Field
The present application relates to the field of data processing, and in particular, to a method and apparatus for storing device information, a storage medium, and an electronic apparatus.
Background
At present, because the internet of things (Internet of Things, abbreviated as IoT devices) have different device forms and larger difference in operation performance, there is no unified security standard. Many IoT devices have sensitive information stored in the clear, and the sensitive information stored in the clear is vulnerable to leakage and has poor security.
Therefore, the storage method of the device information in the related art has a problem that security of the device information is poor due to easy leakage.
Disclosure of Invention
The embodiment of the application provides a method and a device for storing equipment information, a storage medium and an electronic device, which at least solve the problem that the safety of the equipment information is poor due to easy leakage in the storage mode of the equipment information in the related technology.
According to an aspect of an embodiment of the present application, there is provided a method for storing device information, including: carrying out salifying treatment on the information of the equipment to be stored by using the target salt value to obtain first salified information; performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information; and storing the target salt value, the first encryption information and the second encryption information.
In an exemplary embodiment, the method further comprises: and calling a random number generation function to generate a random number with a target length to obtain the target salt value, wherein the target length is positively correlated with the security level of the equipment information to be stored.
In an exemplary embodiment, the method further comprises: and determining a first encryption algorithm and a second encryption algorithm matched with the security level of the equipment information to be stored according to the corresponding relation between the pre-configured security level and the encryption algorithm, wherein the first encryption algorithm is the encryption algorithm used for executing the first encryption operation, and the second encryption algorithm is the encryption algorithm used for executing the second encryption operation.
In an exemplary embodiment, salifying the to-be-stored device information by using the target salt value, and obtaining the first salified information includes: and splicing the target salt value and the information of the equipment to be stored to obtain the first salt adding information.
In an exemplary embodiment, performing the first encryption operation on the first salified information, obtaining the first encrypted information includes: performing hash operation on the first salified information by using a first encryption algorithm to obtain a first hash value, wherein the first encryption information is the first hash value; executing the second encryption operation on the first salified information to obtain the second encryption information includes: and carrying out hash operation on the first salified information by using a second encryption algorithm to obtain a second hash value, wherein the second encryption information is the second hash value.
In one exemplary embodiment, storing the target salt value, the first encryption information, and the second encryption information includes: converting the first encryption information into a first encryption string and converting the second encryption information into a second encryption string; splicing the first encryption character string and the second encryption character string to obtain a spliced character string; and storing the target salt value and the encrypted character string.
In an exemplary embodiment, after storing the target salt value, the first encryption information, and the second encryption information, the method further includes: receiving equipment information to be verified, which corresponds to the equipment information to be stored; carrying out salting processing on the equipment information to be verified by using the target salt value to obtain second salted information; executing the first encryption operation on the second salified information to obtain third encryption information, and executing the second encryption operation on the second salified information to obtain fourth encryption information; and determining that the equipment information to be verified passes verification under the condition that the third encryption information is identical to the first encryption information and the fourth encryption information is identical to the second encryption information.
According to another aspect of the embodiment of the present application, there is also provided a storage apparatus for device information, including: the first salifying unit is used for salifying the information of the equipment to be stored by using the target salt value to obtain first salified information; the first encryption unit is used for executing first encryption operation on the first salified information to obtain first encryption information, and executing second encryption operation on the first salified information to obtain second encryption information; and the storage unit is used for storing the target salt value, the first encryption information and the second encryption information.
In an exemplary embodiment, the apparatus further comprises: and the calling unit is used for calling a random number generating function to generate a random number with a target length to obtain the target salt value, wherein the target length is positively correlated with the security level of the information of the equipment to be stored.
In an exemplary embodiment, the apparatus further comprises: and the first determining unit is used for determining a first encryption algorithm and a second encryption algorithm which are matched with the security level of the equipment information to be stored according to the corresponding relation between the pre-configured security level and the encryption algorithm, wherein the first encryption algorithm is used for executing the first encryption operation, and the second encryption algorithm is used for executing the second encryption operation.
In one exemplary embodiment, the first salifying unit includes: and the first splicing module is used for splicing the target salt value and the equipment information to be stored to obtain the first salt adding information.
In one exemplary embodiment, the first encryption unit includes: the first operation module is used for carrying out hash operation on the first salified information by using a first encryption algorithm to obtain a first hash value, wherein the first encryption information is the first hash value; and the second operation module is used for carrying out hash operation on the first salified information by using a second encryption algorithm to obtain a second hash value, wherein the second encryption information is the second hash value.
In one exemplary embodiment, the memory unit includes: the first conversion module is used for converting the first encryption information into a first encryption character string and converting the second encryption information into a second encryption character string; the second conversion module is used for splicing the first encryption character string and the second encryption character string to obtain a spliced character string; and the storage module is used for storing the target salt value and the encrypted character string.
In an exemplary embodiment, the apparatus further comprises: a receiving unit, configured to receive to-be-verified device information corresponding to the to-be-stored device information after storing the target salt value, the first encryption information, and the second encryption information; the second salifying unit is used for salifying the equipment information to be verified by using the target salt value to obtain second salified information; the second encryption unit is used for executing the first encryption operation on the second salified information to obtain third encryption information, and executing the second encryption operation on the second salified information to obtain fourth encryption information; and a second determining unit configured to determine that the device information to be authenticated is authenticated when the third encrypted information is the same as the first encrypted information and the fourth encrypted information is the same as the second encrypted information.
According to still another aspect of the embodiments of the present application, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the above-described method of storing device information when running.
According to still another aspect of the embodiments of the present application, there is further provided an electronic apparatus including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the above-mentioned method for storing device information through the computer program.
In the embodiment of the application, a mode of adding salt to equipment information and executing twice encryption operation to the equipment information after adding salt is adopted, and the equipment information to be stored is subjected to salt adding processing by using a target salt value to obtain first salt adding information; performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information; the target salt value, the first encryption information and the second encryption information are stored, and because the equipment information is salted, and after encryption operation is carried out on the salted equipment information, the obtained encryption information is stored instead of the equipment information stored in a plaintext mode, so that the aim of reducing the leakage risk of the equipment information can be fulfilled, the technical effect of improving the safety of the equipment information is achieved, and the problem that the safety of the equipment information is poor due to the fact that the storage mode of the equipment information is easy to leak in the related art is solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a schematic diagram of a hardware environment of an alternative method of storing device information according to an embodiment of the present application;
FIG. 2 is a flow chart of an alternative method of storing device information according to an embodiment of the application;
FIG. 3 is a flow chart of another alternative method of storing device information according to an embodiment of the application;
FIG. 4 is a flow chart of yet another alternative method of storing device information according to an embodiment of the application;
FIG. 5 is a block diagram of an alternative device information storage apparatus according to an embodiment of the present application;
fig. 6 is a block diagram of an alternative electronic device according to an embodiment of the application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of an embodiment of the present application, there is provided a method for storing device information. Alternatively, in the present embodiment, the above-described method of storing device information may be applied to a hardware environment composed of the IoT device 102 and the server 104 as shown in fig. 1. As shown in fig. 1, the server 104 is connected to the IoT device 102 via a network, and is operable to provide services (e.g., application services, etc.) to the IoT device or clients installed on the IoT device, and is operable to provide data storage services to the server 104 on or independent of a server setup database.
The network may include, but is not limited to, at least one of: wired network, wireless network. The wired network may include, but is not limited to, at least one of: a wide area network, a metropolitan area network, a local area network, and the wireless network may include, but is not limited to, at least one of: WIFI (WIRELESS FIDELITY ), bluetooth. The IoT device 102 may not be limited to being a smart refrigerator, a smart air conditioner, a smart speaker, etc.
The method for storing device information according to the embodiments of the present application may be performed by the server 104, may be performed by the IoT device 102, or may be performed by both the server 104 and the IoT device 102. The storage method of the device information performed by the IoT device 102 according to the embodiment of the present application may also be performed by a client installed thereon.
Taking the server 104 as an example to execute the method for storing device information in this embodiment, fig. 2 is a schematic flow chart of an alternative method for storing device information according to an embodiment of the present application, as shown in fig. 2, the flow of the method may include the following steps:
And S202, salifying the information of the equipment to be stored by using the target salt value to obtain first salified information.
The storage method of the device information in the present embodiment can be applied to a scenario of storing sensitive information of a device such as a device password, a key, and the like. The device may be an IoT device. The server may obtain device information to be stored of the device, which may be device information of the IoT device, for example, sensitive information such as a password of the IoT device.
For the information of the equipment to be stored, the server can firstly acquire a target salt value, and perform salt adding processing on the information of the equipment to be stored by using the target salt value to obtain a first salt adding value. The target salt value belongs to a random value, and may be a random value generated by combining the system with a user password when the user registers, which is called salt value, and is called salt adding value.
Step S204, performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information;
For the first salified value, the server may perform an encryption operation on the first salified information using a different encryption algorithm. The encryption algorithm used may include a first encryption algorithm and a second encryption algorithm. The server may perform a first encryption operation on the first salted value by using a first encryption algorithm to obtain first encrypted information, and may perform a second encryption operation on the second salted value by using a second encryption algorithm to obtain second encrypted information, where performing the first encryption operation and performing the second encryption operation may be performed serially or in parallel. This is not limited in this embodiment.
For example, sensitive information such as passwords may be salted and then MD5 and SHA1 operations are performed to convert to hex (hexadecimal string) values.
Step S206, storing the target salt value, the first encryption information and the second encryption information.
After obtaining the first encryption information and the second encryption information, the server may store the target salt value, the first encryption information, and the second encryption information. The device information to be stored can be device information of the internet of things device, the server can correspondingly store the device identifier, the target salt value, the first encryption information and the second encryption information of the internet of things device, and the correspondingly stored information type information can also contain the device information to be stored, so that information searching is facilitated.
Optionally, the server may store the device identifier, the target salt value, the first encryption information and the second encryption information of the internet of things device in a database or a data table corresponding to the information type with the storage device information, so as to improve efficiency of information searching when information searching is performed.
Through the steps, salifying the information of the equipment to be stored by using the target salt value to obtain first salified information; performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information; the target salt value, the first encryption information and the second encryption information are stored, so that the problem that the safety of equipment information is poor due to the fact that the equipment information is easy to leak in a storage mode of the equipment information in the related technology is solved, and the safety of the equipment information is improved.
In an exemplary embodiment, the above method further comprises:
s11, calling a random number generation function to generate a random number with a target length to obtain a target salt value, wherein the target length is positively correlated with the security level of the information of the equipment to be stored.
In order to obtain the target salt value, the server may call a random number generation function to generate a random number of a target length, thereby obtaining the target salt value. The target length may be a fixed value. For example, a random number generation function may be called to generate a 16bytes random number as the Salt value.
Optionally, in order to improve flexibility of information storage and improve use rationality of storage resources, the server may determine a length of a salinized value used for salifying the information to be stored, that is, a target length, according to a security level of the information of the device to be stored, and call a random number generating function to generate a random number of the target length, so as to obtain the target salinized value.
In addition, the length of the salinization value used for salinization can be determined according to the information length of the equipment information to be stored and the variety number of the data types contained in the equipment information to be stored. In this embodiment, the length determination method of the salt adding value is not limited.
According to the embodiment, the salifying value with the corresponding length is generated according to the security level of the equipment information, so that the flexibility of information storage can be improved, and the rationality of use of storage resources can be improved.
In an exemplary embodiment, the above method further comprises:
S21, determining a first encryption algorithm and a second encryption algorithm matched with the security level of the equipment information to be stored according to the corresponding relation between the pre-configured security level and the encryption algorithm, wherein the first encryption algorithm is used for executing the first encryption operation, and the second encryption algorithm is used for executing the second encryption operation.
The length of the encryption information generated by different encryption algorithms can be different, and correspondingly, the encryption and decryption efficiencies are different. In view of the different requirements of the device information with different security levels for information security, in this embodiment, the correspondence between the security levels of the device information and the encryption algorithm may be preconfigured, so that the device information with different security levels may be encrypted by different encryption algorithms.
For the device information to be stored, the server may determine a first encryption algorithm and a second encryption algorithm that match the security level of the device information to be stored according to a correspondence between the pre-configured security level and the encryption algorithm. In addition, the server may determine the first encryption algorithm and the second encryption algorithm to be used according to at least one of an information length of the device information to be stored and the number of kinds of the data types contained.
It should be noted that the encryption algorithms (or combination of encryption algorithms) used for the device information of different security levels may be the same, and the security levels allowed to be encrypted by the different encryption algorithms may be different. The security level may be preconfigured in the server, or may be determined according to the indication information of the security level selected by the user, which is not limited in this embodiment.
If the information of the device to be stored is information with a non-fixed length, the server may also store at least one of the information length of the device to be stored and the kind number of the included data type, so as to perform a subsequent verification operation.
By the embodiment, the corresponding relation between the security level and the encryption algorithm is preconfigured, so that the security of the equipment information can be ensured, and the encryption and decryption efficiency of the equipment information can be improved.
In an exemplary embodiment, salifying the device information to be stored using the target salt value, obtaining the first salified information includes:
And S31, splicing the target salt value and the information of the equipment to be stored to obtain first salt adding information.
When the information of the equipment to be stored is salted, the salting treatment can be performed in an interpolation mode or the like. In this embodiment, considering that the salt adding value is a random number, the target salt value and the information of the device to be stored may be directly spliced to obtain the first salt adding information. The splicing manner may be that the information of the device to be stored is in front, the target salt value is in front, the information of the device to be stored is in rear, or other manners, which are not limited in this embodiment.
According to the embodiment, the salt adding efficiency of the information can be improved by adding salt to the equipment information in a mode of splicing the salt adding value with the equipment information.
In one exemplary embodiment, performing a first encryption operation on the first salified information, obtaining the first encrypted information includes:
S41, performing hash operation on the first salified information by using a first encryption algorithm to obtain a first hash value, wherein the first encryption information is the first hash value.
The first encryption operation may be a hash operation and the algorithm used may be a first encryption algorithm, which may be a hash encryption algorithm, for example, a one-way hash encryption algorithm. The server may perform a hash operation on the first salified value using a first encryption algorithm to obtain a first hash value. The first encryption information is the resulting first hash value.
Illustratively, the first encryption Algorithm is MD5 (Message-Digest Algorithm). MD5 is a widely used cryptographic hash function that generates a 128 bit (16 byte) hash value to ensure that the information transfer is completely consistent.
In this embodiment, performing a second encryption operation on the first salified information, to obtain second encrypted information includes:
S42, carrying out hash operation on the first salified information by using a second encryption algorithm to obtain a second hash value, wherein the second encryption information is the second hash value.
The second encryption operation may be a hash operation and the algorithm used may be a second encryption algorithm, which may be a hash encryption algorithm. The server may hash the second salted value using a second encryption algorithm to obtain a second hash value. The second encrypted information is the resulting second hash value.
Illustratively, the second encryption algorithm is SHA1 (Secure Hash Algorithm 1 ). SHA1 is a cryptographic hash function that generates a 160-bit (20-byte) hash value called a message digest, typically in the form of 40 hexadecimal numbers.
According to the embodiment, the salt adding information is encrypted by using different hash encryption algorithms, so that the safety of the equipment information can be improved.
In one exemplary embodiment, storing the target salt value, the first encryption information, and the second encryption information includes:
S51, converting the first encryption information into a first encryption character string and converting the second encryption information into a second encryption character string;
S52, splicing the first encrypted character string and the second encrypted character string to obtain a spliced character string;
And S53, storing the target salt value and the encrypted character string.
When storing the target salt value, the first encryption information and the second encryption information, the server may first convert the first encryption information and the second encryption information into character string forms, that is, convert the first encryption character string and the second encryption character string, splice the first encryption character string and the second encryption character string to obtain a spliced character string, and store the target salt value and the encrypted character string correspondingly.
Alternatively, the first encryption information and the second encryption information may be added in order to reduce the amount of information required to be stored. For example, the first encryption information and the second encryption information may be sequentially superimposed based on ASCII (an information exchange standard code). When the lengths of the two are inconsistent, the two can be overlapped in a first alignment or last alignment mode. When the superimposed ASCII code is greater than or equal to the maximum value, the sum of the superimposed values to the ASCII code may be left, thereby obtaining a corresponding superimposed value.
According to the embodiment, the encrypted information is converted into the character string and then spliced, so that convenience in information storage can be improved.
The method of storing device information in the embodiment of the present application is explained below in conjunction with alternative examples. In this example, the first encryption algorithm is MD5, the second encryption algorithm is SHA1, and the device information to be stored is a password of the physical network device.
The storage method of the device information provided in the optional example is a scheme for storing sensitive information such as the password of the device of the internet of things, and is applied to the process of registering the account number and the password of the user. As shown in fig. 3, the flow of the method for storing device information in this alternative example may include the steps of:
step S302, registering an account A1 and setting a password K1;
step S304, obtaining a salt value;
Step S306, performing hash operation on K2 by using MD5 to obtain a hash value H1, and then converting the hash value H1 into a character string H1;
step S308, hash operation is carried out on K2 by using SHA1 to obtain a hash value H2, and then the hash value H2 is converted into a character string H2;
And step S310, splicing the H1 and the H2 into H, and storing the salt value and the H value.
Through the optional example, the salt is added through the sensitive information such as the password, and the password after the salt addition is encrypted by using the two algorithms of MD5 and SHA1, so that the difficulty of cracking the sensitive information by an attacker can be greatly increased, the security of the sensitive information of the Internet of things equipment is improved, and the leakage of the sensitive information is effectively prevented.
In an exemplary embodiment, after storing the target salt value, the first encryption information, and the second encryption information, the method further includes:
s61, receiving equipment information to be verified, which corresponds to the equipment information to be stored;
s62, salifying the equipment information to be verified by using the target salt value to obtain second salified information;
S63, performing a first encryption operation on the second salified information to obtain third encryption information, and performing a second encryption operation on the second salified information to obtain fourth encryption information;
s64, in the case where the third encryption information is the same as the first encryption information and the fourth encryption information is the same as the second encryption information, it is determined that the device information to be authenticated is authenticated.
The server may receive the device information to be verified corresponding to the device information to be stored, and the corresponding relationship may be determined based on a device identifier of the internet of things device and the like. For example, when logging in using an account number, a password, or the like, the server may receive the account number and the password used for logging in, and based on the received account number, the server may obtain stored salted values and encrypted information, such as a target salted value, first encrypted information, and second encrypted information, based on the account number.
The server may perform the same operations as the foregoing encryption operations on the device information to be verified using the target salt value, to obtain the third encryption information and the fourth encryption information, which have already been described and will not be described herein.
After obtaining the third encryption information and the fourth encryption information, the server may compare the first encryption information and the third encryption information, and compare the second encryption information and the fourth encryption information, determine whether the third encryption information is identical to the first encryption information, and determine whether the fourth encryption information is identical to the second encryption information.
Alternatively, after receiving the device information to be authenticated, the server may first compare the information length of the device information to be authenticated, the type of data included, and the like with the information length of the device information to be stored (which may be a target information length), the number of types of data included (which may be a target number of types), and the like (there are several types of information comparisons). If the verification result is consistent, the subsequent verification operation is executed, otherwise, an error is directly returned.
Optionally, if the length of the target salt value is determined according to at least one of the information length of the device information to be stored and the type number of the data type contained in the device information to be stored, the length of the salt adding value corresponding to the information length of the device information to be verified and the type number of the data type contained in the device information to be verified can be determined, if the length of the salt adding value is consistent with the length of the target salt value, the subsequent verification operation is executed, otherwise, the error is directly returned.
Optionally, salifying the device information to be verified by using the target salt value, and obtaining the second salified information may include: and splicing the target salt value and the equipment information to be verified to obtain second salt adding information.
Optionally, performing the first encryption operation on the second salified information, obtaining the third encrypted information includes: and carrying out hash operation on the second salified information by using the first encryption algorithm to obtain a third hash value, wherein the third encryption information is the third hash value. Performing a second encryption operation on the second salified information to obtain fourth encrypted information, including: and carrying out hash operation on the second salified information by using a second encryption algorithm to obtain a fourth hash value, wherein the fourth encryption information is the fourth hash value.
Alternatively, when comparing the first encryption information and the third encryption information, the second encryption information and the fourth encryption information, the third encryption information may be converted into a third encryption string, and the fourth encryption information may be converted into a fourth encryption string; and splicing the third encrypted character string and the fourth encrypted character string to obtain a spliced character string to be verified. The server compares whether the spliced character string to be verified is identical with the stored spliced character string. And under the condition that the device information to be verified is verified, determining that the device information to be verified passes.
By the embodiment, the equipment information to be verified is verified by executing the same encryption operation as the equipment information to be stored, so that the convenience of equipment information verification can be improved.
The method of storing device information in the embodiment of the present application is explained below in conjunction with alternative examples. In this example, the first encryption algorithm is MD5, the second encryption algorithm is SHA1, and the device information to be verified is the password of the physical network device.
Provided in this optional example is a device sensitive information verification scheme corresponding to the device sensitive information storage scheme provided in the foregoing optional example, applied to a process of user login. As shown in fig. 4, the flow of the method for storing device information in this alternative example may include the steps of:
step S402, a user inputs a user name A1 'and a password K1';
step S404, the system inquires the H value and Salt value corresponding to the user name A1 ', and splices the password K1 ' and Salt into K2 ';
Step S406, the system uses MD5 to hash the password K2 'to obtain a hash value H1', and then converts the H1 'into a character string H1';
Step S408, the system uses SHA1 to carry out hash operation on the password K2 'to obtain a hash value H2', and then converts the H2 'into a character string H2';
step S410, splicing H1 ' and H2 ' into H ';
Step S412, comparing whether H1 'and H2' are equal, if yes, executing step S414, otherwise, executing step S416;
Step S414, determining that the login is successful;
step S416, determining login failure.
Through the optional example, the password input by the user is verified by using the pre-stored salted value and the spliced character string, so that the safety of the sensitive information of the equipment can be improved, and the sensitive information can be effectively prevented from being leaked.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM (read-only memory)/RAM (Random Access Memory), magnetic disk, optical disk) and including instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.
According to another aspect of the embodiment of the present application, there is also provided a device information storage apparatus for implementing the above device information storage method. Fig. 5 is a block diagram of an alternative apparatus for storing device information according to an embodiment of the present application, and as shown in fig. 5, the apparatus may include:
the first salifying unit 502 is configured to perform salifying processing on information of a device to be stored by using a target salt value to obtain first salified information;
the first encryption unit 504 is connected to the first salination unit 502, and is configured to perform a first encryption operation on the first salination information to obtain first encrypted information, and perform a second encryption operation on the first salination information to obtain second encrypted information;
And a storage unit 506 connected to the first encryption unit 504, for storing the target salt value, the first encryption information, and the second encryption information.
It should be noted that, the first salifying unit 502 in this embodiment may be used to perform the above step S202, the first encrypting unit 504 in this embodiment may be used to perform the above step S204, and the storing unit 506 in this embodiment may be used to perform the above step S206.
Through the module, salifying the information of the equipment to be stored by using the target salt value to obtain first salified information; performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information; the target salt value, the first encryption information and the second encryption information are stored, so that the problem that the safety of equipment information is poor due to the fact that the equipment information is easy to leak in a storage mode of the equipment information in the related technology is solved, and the safety of the equipment information is improved.
In an exemplary embodiment, the above apparatus further includes:
And the calling unit is used for calling the random number generating function to generate a random number with a target length to obtain a target salt value, wherein the target length is positively correlated with the security level of the information of the equipment to be stored.
In an exemplary embodiment, the above apparatus further includes:
and the first determining unit is used for determining a first encryption algorithm and a second encryption algorithm which are matched with the security level of the equipment information to be stored according to the corresponding relation between the pre-configured security level and the encryption algorithm, wherein the first encryption algorithm is used for executing the first encryption operation, and the second encryption algorithm is used for executing the second encryption operation.
In one exemplary embodiment, the first salifying unit 504 includes:
And the first splicing module is used for splicing the target salt value and the information of the equipment to be stored to obtain first salt adding information.
In one exemplary embodiment, the first encryption unit includes:
The first operation module is used for carrying out hash operation on the first salified information by using a first encryption algorithm to obtain a first hash value, wherein the first encryption information is the first hash value;
and the second operation module is used for carrying out hash operation on the first salified information by using a second encryption algorithm to obtain a second hash value, wherein the second encryption information is the second hash value.
In one exemplary embodiment, the storage unit 506 includes:
the first conversion module is used for converting the first encryption information into a first encryption character string and converting the second encryption information into a second encryption character string;
The second conversion module is used for splicing the first encrypted character string and the second encrypted character string to obtain a spliced character string;
and the storage module is used for storing the target salt value and the encrypted character string.
In an exemplary embodiment, the above apparatus further includes:
The receiving unit is used for receiving the equipment information to be verified, which corresponds to the equipment information to be stored, after the target salt value, the first encryption information and the second encryption information are stored;
The second salifying unit is used for salifying the equipment information to be verified by using the target salt value to obtain second salified information;
The second encryption unit is used for executing the first encryption operation on the second salified information to obtain third encryption information, and executing the second encryption operation on the second salified information to obtain fourth encryption information;
And a second determining unit configured to determine that the device information to be authenticated is authenticated, in a case where the third encryption information is the same as the first encryption information and the fourth encryption information is the same as the second encryption information.
It should be noted that the above modules are the same as examples and application scenarios implemented by the corresponding steps, but are not limited to what is disclosed in the above embodiments. It should be noted that the above modules may be implemented in software or in hardware as part of the apparatus shown in fig. 1, where the hardware environment includes a network environment.
According to yet another aspect of an embodiment of the present application, there is also provided a storage medium. Alternatively, in this embodiment, the storage medium may be used to execute the program code of the method for storing device information of any of the above-described items in the embodiment of the present application.
Alternatively, in this embodiment, the storage medium may be located on at least one network device of the plurality of network devices in the network shown in the above embodiment.
Alternatively, in the present embodiment, the storage medium is configured to store program code for performing the steps of:
S1, salifying information of equipment to be stored by using a target salt value to obtain first salified information;
S2, performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information;
and S3, storing the target salt value, the first encryption information and the second encryption information.
Alternatively, specific examples in the present embodiment may refer to examples described in the above embodiments, which are not described in detail in the present embodiment.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a U disk, ROM, RAM, a mobile hard disk, a magnetic disk or an optical disk.
According to still another aspect of the embodiments of the present application, there is also provided an electronic apparatus for implementing the above-mentioned method for storing device information, where the electronic apparatus may be a server, a terminal, or a combination thereof.
Fig. 6 is a block diagram of an alternative electronic device, according to an embodiment of the application, as shown in fig. 6, including a processor 602, a communication interface 604, a memory 606, and a communication bus 608, wherein the processor 602, the communication interface 604, and the memory 606 communicate with each other via the communication bus 608, wherein,
A memory 606 for storing a computer program;
The processor 602, when executing the computer program stored on the memory 606, performs the following steps:
S1, salifying information of equipment to be stored by using a target salt value to obtain first salified information;
S2, performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information;
and S3, storing the target salt value, the first encryption information and the second encryption information.
Alternatively, in the present embodiment, the communication bus may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus, or an EISA (Extended Industry Standard Architecture ) bus, or the like. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, only one thick line is shown in fig. 6, but not only one bus or one type of bus. The communication interface is used for communication between the electronic device and other equipment.
The memory may include RAM or may include non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
As an example, the memory 606 may include, but is not limited to, the first salifying unit 502, the first encrypting unit 5504, and the storing unit 506 in a storage device including the device information. In addition, other module units in the storage device of the device information may be included, but are not limited to, and are not described in detail in this example.
The processor may be a general purpose processor and may include, but is not limited to: CPU (Central Processing Unit ), NP (Network Processor, network processor), etc.; but may also be a DSP (DIGITAL SIGNAL Processing), ASIC (Application SPECIFIC INTEGRATED Circuit), FPGA (Field-Programmable gate array) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments, and this embodiment is not described herein.
It will be understood by those skilled in the art that the structure shown in fig. 6 is only schematic, and the device implementing the method for storing device information may be a terminal device, and the terminal device may be a smart phone (such as an Android Mobile phone, an iOS Mobile phone, etc.), a tablet computer, a palm computer, a Mobile internet device (Mobile INTERNET DEVICES, MID), a PAD, etc. Fig. 6 is not limited to the structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program for instructing a terminal device to execute in association with hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: flash disk, ROM, RAM, magnetic or optical disk, etc.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
The integrated units in the above embodiments may be stored in the above-described computer-readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing one or more computer devices (which may be personal computers, servers or network devices, etc.) to perform all or part of the steps of the method described in the embodiments of the present application.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In several embodiments provided by the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution provided in the present embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.
Claims (8)
1. A method for storing device information, comprising:
Carrying out salifying treatment on the information of the equipment to be stored by using the target salt value to obtain first salified information;
Performing a first encryption operation on the first salified information to obtain first encrypted information, and performing a second encryption operation on the first salified information to obtain second encrypted information;
Storing the target salt value, the first encryption information and the second encryption information;
wherein storing the target salt value, the first encryption information, and the second encryption information includes:
converting the first encryption information into a first encryption string and converting the second encryption information into a second encryption string;
splicing the first encryption character string and the second encryption character string to obtain a spliced character string;
Storing the target salt value and the encrypted character string;
Before salifying the information of the equipment to be stored by using the target salt value, the method further comprises the following steps: a random number generating function is called to generate a random number with a target length, and the target salt value is obtained, wherein the target length is positively correlated with the security level of the equipment information to be stored; the method further comprises the steps of: and determining the target length of the target salt value according to the information length of the equipment information to be stored and the category number of the data types contained in the equipment information to be stored.
2. The method of storing device information according to claim 1, characterized in that the method further comprises:
And determining a first encryption algorithm and a second encryption algorithm matched with the security level of the equipment information to be stored according to the corresponding relation between the pre-configured security level and the encryption algorithm, wherein the first encryption algorithm is the encryption algorithm used for executing the first encryption operation, and the second encryption algorithm is the encryption algorithm used for executing the second encryption operation.
3. The method for storing device information according to claim 1, wherein the salifying the device information to be stored using the target salt value includes:
And splicing the target salt value and the information of the equipment to be stored to obtain the first salt adding information.
4. The method for storing device information according to claim 1, wherein,
Executing the first encryption operation on the first salified information to obtain the first encrypted information includes: performing hash operation on the first salified information by using a first encryption algorithm to obtain a first hash value, wherein the first encryption information is the first hash value;
Executing the second encryption operation on the first salified information to obtain the second encryption information includes: and carrying out hash operation on the first salified information by using a second encryption algorithm to obtain a second hash value, wherein the second encryption information is the second hash value.
5. The method of storing device information according to any one of claims 1 to 4, characterized in that after storing the target salt value, the first encryption information, and the second encryption information, the method further comprises:
Receiving equipment information to be verified, which corresponds to the equipment information to be stored;
carrying out salting processing on the equipment information to be verified by using the target salt value to obtain second salted information;
Executing the first encryption operation on the second salified information to obtain third encryption information, and executing the second encryption operation on the second salified information to obtain fourth encryption information; and determining that the equipment information to be verified passes verification under the condition that the third encryption information is identical to the first encryption information and the fourth encryption information is identical to the second encryption information.
6. A storage apparatus for device information, comprising:
The first salifying unit is used for salifying the information of the equipment to be stored by using the target salt value to obtain first salified information;
the first encryption unit is used for executing first encryption operation on the first salified information to obtain first encryption information, and executing second encryption operation on the first salified information to obtain second encryption information;
The storage unit is used for storing the target salt value, the first encryption information and the second encryption information;
Wherein the storage unit includes:
the first conversion module is used for converting the first encryption information into a first encryption character string and converting the second encryption information into a second encryption character string;
The second conversion module is used for splicing the first encryption character string and the second encryption character string to obtain a spliced character string;
The storage module is used for storing the target salt value and the encrypted character string;
Wherein the apparatus further comprises:
The calling unit is used for calling the random number generating function to generate a random number with a target length to obtain a target salt value, wherein the target length is positively correlated with the security level of the information of the equipment to be stored;
The calling unit is further configured to determine a target length of the target salt value according to an information length of the to-be-stored device information and the number of types of data types included in the to-be-stored device information.
7. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored program, wherein the program when run performs the method of any one of claims 1 to 5.
8. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, the processor being arranged to perform the method of any of claims 1 to 5 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110809234.0A CN113486375B (en) | 2021-07-16 | 2021-07-16 | Storage method and device of equipment information, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110809234.0A CN113486375B (en) | 2021-07-16 | 2021-07-16 | Storage method and device of equipment information, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113486375A CN113486375A (en) | 2021-10-08 |
| CN113486375B true CN113486375B (en) | 2024-04-19 |
Family
ID=77941968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110809234.0A Active CN113486375B (en) | 2021-07-16 | 2021-07-16 | Storage method and device of equipment information, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113486375B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114422134B (en) * | 2021-12-23 | 2024-11-19 | 浪潮工业互联网股份有限公司 | A method and device for secure data transmission |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125055A (en) * | 2014-06-25 | 2014-10-29 | 小米科技有限责任公司 | Encryption and decryption method and electronic device |
| US9246686B1 (en) * | 2014-06-17 | 2016-01-26 | Amazon Technologies, Inc. | Salt value service |
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN106656476A (en) * | 2017-01-18 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Password protecting method and device |
| CN107689869A (en) * | 2016-08-05 | 2018-02-13 | 华为技术有限公司 | The method and server of user password management |
| CN107948152A (en) * | 2017-11-23 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Information storage means, acquisition methods, device and equipment |
| CN112436939A (en) * | 2020-12-11 | 2021-03-02 | 杭州海康威视数字技术股份有限公司 | Key negotiation method, device and system and electronic equipment |
| WO2021052086A1 (en) * | 2019-09-17 | 2021-03-25 | 华为技术有限公司 | Information processing method and apparatus |
| CN112565213A (en) * | 2020-11-25 | 2021-03-26 | 青岛海尔科技有限公司 | Authentication method and device, storage medium, and electronic device |
-
2021
- 2021-07-16 CN CN202110809234.0A patent/CN113486375B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9246686B1 (en) * | 2014-06-17 | 2016-01-26 | Amazon Technologies, Inc. | Salt value service |
| CN104125055A (en) * | 2014-06-25 | 2014-10-29 | 小米科技有限责任公司 | Encryption and decryption method and electronic device |
| CN105721390A (en) * | 2014-12-01 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Encrypted storage method and encrypted storage device |
| CN107689869A (en) * | 2016-08-05 | 2018-02-13 | 华为技术有限公司 | The method and server of user password management |
| CN106656476A (en) * | 2017-01-18 | 2017-05-10 | 腾讯科技(深圳)有限公司 | Password protecting method and device |
| CN107948152A (en) * | 2017-11-23 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Information storage means, acquisition methods, device and equipment |
| WO2021052086A1 (en) * | 2019-09-17 | 2021-03-25 | 华为技术有限公司 | Information processing method and apparatus |
| CN112565213A (en) * | 2020-11-25 | 2021-03-26 | 青岛海尔科技有限公司 | Authentication method and device, storage medium, and electronic device |
| CN112436939A (en) * | 2020-12-11 | 2021-03-02 | 杭州海康威视数字技术股份有限公司 | Key negotiation method, device and system and electronic equipment |
Non-Patent Citations (3)
| Title |
|---|
| "Block-Based Data Security Storage Scheme";Yina Wang等;Proceedings of the 8th International Conference on Communications, Signal Processing, and Systems;20200508;1567-1575 * |
| "基于单向加盐慢哈希算法的密码安全存储的研究与实践";张文超等;中国数字医学;20180515;8-11 * |
| 一种基于云存储环境下的数据处理机制;戚建国;丁金扣;张华;;软件;20150115(第01期);141-144 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113486375A (en) | 2021-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110336774B (en) | Mixed encryption and decryption method, equipment and system | |
| CN113569294B (en) | A zero-knowledge proof method and device, electronic device, and storage medium | |
| US20050221766A1 (en) | Method and apparatus to perform dynamic attestation | |
| CN112632573B (en) | Intelligent contract execution method, device, system, storage medium and electronic equipment | |
| CN111800262B (en) | Digital asset processing method and device and electronic equipment | |
| WO2020016480A1 (en) | Electronic device update management | |
| CN107196761B (en) | A kind of method of core function in protection application program | |
| CN114662085A (en) | Post-quantum secure remote attestation for autonomous systems | |
| WO2024212512A1 (en) | Remote attestation method, apparatus and device, and readable storage medium | |
| CN113486375B (en) | Storage method and device of equipment information, storage medium and electronic device | |
| CN101789939A (en) | Effective realization method for credible OpenSSH | |
| CN115348107A (en) | Internet of things device security login method, device, computer equipment and storage medium | |
| CN114844688A (en) | Data transmission method, device, equipment and computer storage medium | |
| CN111552950B (en) | Software authorization method and device and computer readable storage medium | |
| CN111193730B (en) | IoT trusted scene construction method and device | |
| CN110266478B (en) | Information processing method and electronic equipment | |
| CN112184440A (en) | Data processing method, data processing device, node equipment and storage medium | |
| CN111971677B (en) | Tamper-proof data encoding for mobile devices | |
| CN116684104A (en) | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium | |
| CN110232570A (en) | A kind of information monitoring method and device | |
| CN115086428B (en) | Network request sending method and device and electronic equipment | |
| CN109948326B (en) | Abnormal state backtracking method and terminal | |
| CN112637160A (en) | Login verification method, device, equipment and storage medium | |
| CN112417393A (en) | Identity verification method and device, computer equipment and computer readable storage medium | |
| CN113572599B (en) | Electric power data transmission method, data source equipment and data access equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |