CN113627936A

CN113627936A - Encryption method and device in new and old password transition process

Info

Publication number: CN113627936A
Application number: CN202110935857.2A
Authority: CN
Inventors: 杨爽; 王阳; 马雪婷; 彭正强
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2021-08-16
Filing date: 2021-08-16
Publication date: 2021-11-09

Abstract

The invention belongs to the technical field of information security, and provides an encryption method and device in a new and old password transition process, wherein the encryption method in the new and old password transition process comprises the following steps: monitoring the switch states on the configuration center in real time, wherein different switch states respectively correspond to the encryption method of the new password and the encryption method of the old password; creating a class file with the CMC client component; reading the switch state on the configuration center according to the class file; and encrypting the user password according to the switch state. The invention adopts a method of transmitting and storing the password by adopting a double encryption mode and a double switch control mode, effectively solves the problem that the stored encrypted password cannot be verified in a new secret mode in the process of converting the new and old password encryption modes, and improves the security and the password verification accuracy of the password.

Description

Encryption method and device in new and old password transition process

Technical Field

The application belongs to the technical field of information security, and particularly relates to an encryption method and device in a new password and old password transition process.

Background

Along with the rapid development of the internet technology, the activity of stealing the user password is more and more rampant, the setting of the IC card and the account password is a safety protection barrier set for protecting important information of a client in a bank system, the complexity of a password encryption algorithm is improved, and the password is more difficult to crack, so that a means for improving the security of the client account is pursued by the bank system step by step. With the continuous improvement of the encryption algorithm, the bank system also needs to continuously encrypt and transform the passwords of the card and the account, but in the transformation process, because the transformation of the data of the stock has risks, the password verification cannot pass after the stock data adopts a new encryption mode. How to reduce the risk that new and old passwords of stock data cannot be used compatibly due to different encryption modes in the modification process and improve the experience of customers is the most important problem in the encryption modification process.

Disclosure of Invention

The invention can be used in the technical field of the application of the information security technology in the aspect of finance, and can also be used in any field except the financial field.

In order to solve the technical problems, the invention provides the following technical scheme:

in a first aspect, the present invention provides an encryption method in a new and old password transition process, including:

monitoring the switch states on the configuration center in real time, wherein different switch states respectively correspond to the encryption method of the new password and the encryption method of the old password;

creating a class file with the CMC client component;

reading the switch state on the configuration center according to the class file;

and encrypting the user password according to the switch state.

In one embodiment, the monitoring the switch status in the configuration center in real time includes:

and monitoring the switch state in real time through an onChange function.

In an embodiment, the reading the switch state on the configuration center according to the class file includes:

referencing an annotation class on the configuration center;

reading the cluster and the name space class of the configuration center according to the annotation class;

and reading the switch state according to the cluster and the name space class.

In one embodiment, the encryption method in the new and old password transition process further includes:

creating a context according to the AnnotationConfigApplicationContext class of the tool kit in the configuration center;

creating an ApolloAntotationBean class object;

acquiring a parameter name of a specific password switch according to the context and the ApolloAntotationBean class object;

and judging the switch state according to the switch parameter name.

In a second aspect, the present invention provides an encryption apparatus in a new and old password transition process, the apparatus comprising:

the switch state monitoring module is used for monitoring the switch state on the configuration center in real time, and different switch states respectively correspond to the encryption method of the new password and the encryption method of the old password;

a class file creation module for creating a class file using the CMC client component;

the switch state reading module is used for reading the switch state on the configuration center according to the class file;

and the password encryption module is used for encrypting the user password according to the switch state.

In one embodiment, the switch status monitoring module includes:

and the switch state monitoring unit is used for monitoring the switch state in real time through an onChange function.

In one embodiment, the switch state reading module includes:

the annotation class reference unit is used for referencing annotation classes on the configuration center;

the space class reading unit is used for reading the cluster of the configuration center and the name space class according to the annotation class;

and the switch state reading unit is used for reading the switch state according to the cluster and the name space class.

In one embodiment, the encryption device in the new and old password transition process further includes:

a context creation module for creating a context according to the AnnotationConfigapplicationContext class of the tool kit in the configuration center;

the class object creating module is used for creating an ApolloAntotationBean class object;

a parameter name acquisition module, configured to acquire a parameter name of a specific password switch according to the context and the apololoannotationbean class object;

and the switch state judging module is used for judging the switch state according to the switch parameter name.

In a third aspect, the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the encryption method in the transition process between the old and new passwords when executing the program.

In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the encryption method in a new-old password transition procedure.

As can be seen from the above description, the embodiment of the present invention provides an encryption method and apparatus for a new password and an old password in a transition process, where the on-off state of a configuration center is monitored in real time, and different on-off states correspond to the encryption method for the new password and the encryption method for the old password respectively; creating a class file with the CMC client component; reading the switch state on the configuration center according to the class file; and encrypting the user password according to the switch state. The invention effectively solves the problem that the stored encrypted passwords cannot be verified in a new secret way in the process of converting the encryption ways of the new and old passwords, and particularly has the following beneficial effects:

the password is transmitted and stored in a double encryption mode, so that the security and the password verification accuracy of the password are improved.

And (II) controlling the setting and checking processes of the password by two switches, adopting a switch trial method, controlling the risk in the password transformation process, reducing the risk of password errors, and simultaneously providing an emergency switching-back mechanism to realize real-time switching-back of the original process by the switch after problems occur.

And (III) setting and checking the password by the double systems, adopting a switch to control whether to set the password and check the password by the new and old flows, carrying out trial promotion on the new flow on the premise of ensuring the normal functions of setting and checking the password of the old flow, providing a switching mechanism of the new and old flows, and better ensuring the integrity of the password function.

And (IV) the method has good expandability, and provides a better guarantee mechanism in the process of continuously updating and transforming the password encryption algorithm.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a first schematic flowchart illustrating an encryption method in a new password and an old password transition process according to an embodiment of the present invention;

FIG. 2 is a flow chart illustrating step 100 according to an embodiment of the present invention;

FIG. 3 is a flow chart illustrating step 300 according to an embodiment of the present invention;

FIG. 4 is a second flowchart illustrating an encryption method during a transition between new and old passwords according to an embodiment of the present invention;

FIG. 5 is a general flow diagram of a scheme for converting an encryption scheme to a new encryption scheme in an embodiment of the present invention;

FIG. 6 is a schematic flow chart illustrating the operation of transferring old passwords to new passwords through batch migration of inventory data in an embodiment of the present invention;

FIG. 7 is a schematic flow chart of an encryption password from the perspective of a client according to an embodiment of the present invention;

FIG. 8 is a flow chart illustrating password verification according to an embodiment of the present invention;

FIG. 9 is a UML diagram of the programming and technical implementation of the encryption, decryption and verification components in accordance with an embodiment of the present invention;

FIG. 10 is a diagram illustrating a technical implementation of a cryptographic switch in an embodiment of the present invention;

FIG. 11 is a block diagram of a first encryption device in the transition process between old and new passwords according to an embodiment of the present invention;

FIG. 12 is a block diagram of the switch status monitor module 10 according to an embodiment of the present invention;

FIG. 13 is a block diagram of the switch status reading module 30 according to an embodiment of the present invention;

FIG. 14 is a block diagram of a second embodiment of an encryption apparatus during a new password transition process;

fig. 15 is a schematic structural diagram of an electronic device in an embodiment of the invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

It should be noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of this application and the above-described drawings, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.

The embodiment of the present invention provides a specific implementation manner of an encryption method in a new password and old password transition process, and referring to fig. 1, the method specifically includes the following contents:

step 100: and monitoring the switch state on the configuration center in real time, wherein different switch states respectively correspond to the encryption method of the new password and the encryption method of the old password.

As known from the background art, in the process of modifying a password system, because the data modification of the stock has risks, the stock data may fail to pass the password verification after adopting a new encryption mode, and the two encryption modes are compatible by setting a technical means of controlling the conversion of new and old passwords by a double switch.

Step 200: the class file is created using the CMC client component.

It will be appreciated that Java class files are class files generated using a javac compiler. These files have a well-defined format. After the Java source file is compiled by the Java compiler, a corresponding binary file is generated. Each legal Java class file has an exact definition. The Java class file is a binary stream of 8-bit bytes. The data items are stored in the class file in sequence without a space between adjacent items, which makes the class file compact and reduces storage space. Many items with different sizes are contained in the Java class file, and the structure of each item is strictly specified, so that the class file can be successfully analyzed from beginning to end.

The CMC client component encapsulates the configuration for connecting the Apollo configuration center, the memory cache of the configuration center and the like into a component package which can be used by Java. The Java class file acquires the configuration on the configuration center in real time by relying on a method introduced into the client component.

The Apollo configuration center is an open source configuration management center developed by a portable framework department, can be used for centralizedly managing different environments of application and the configuration of different clusters, and can be pushed to an application end for use in real time after the configuration is modified. The CMC client is a one-stop solution suitable for unified management of the configuration management center, which is developed on the basis of the Apollo configuration center, and can effectively solve the problems that the Apollo configuration center is complex and consumes long time to execute one-time complete release.

Step 300: and reading the switch state on the configuration center according to the class file.

Step 400: and encrypting the user password according to the switch state.

In steps 200 to 400, specifically, by introducing a CMC client component, creating a class file, designating a corresponding cluster and namespace, reading a switch setting on a configuration center, and determining a state of a switch, and monitoring the switch configuration state of the configuration center in real time through an onChange function, and once a change occurs, determining whether to switch back to an original process according to the changed switch state

As can be seen from the above description, the embodiment of the present invention provides an encryption method in the transition process of new and old passwords, which includes monitoring the on-off state of a configuration center in real time, where different on-off states correspond to the encryption method of the new password and the encryption method of the old password respectively; creating a class file with the CMC client component; reading the switch state on the configuration center according to the class file; and encrypting the user password according to the switch state. On one hand, the invention realizes the control of the new and old password flow through the setting of the double switches, and the main technology comprises the following steps: the CMC technology switch is set using the CMC client component as a new cryptographic algorithm commissioning switch setting. On the other hand, the system component for mutual conversion of the new and old password algorithms is provided, which comprises a password verification component, a password setting component and a password changing component, and aims to provide a bottom-trapping mechanism for the process of timely converting the new password into the old password after the new password is tried out, and the main realization comprises the following steps: and calling a password conversion component to calculate the old password offset by acquiring the password offset of the new encryption algorithm, and returning to the original encryption verification flow.

In one embodiment, referring to fig. 2, step 100 further comprises:

step 101: and monitoring the switch state in real time through an onChange function.

It should be noted that the onChange function is only triggerable when the value changes, so it must be guaranteed that the selected value is changed at each selection (especially for the first time).

In one embodiment, referring to fig. 3, step 300 further comprises:

step 301: referencing an annotation class on the configuration center;

step 302: reading the cluster and the name space class of the configuration center according to the annotation class;

step 303: and reading the switch state according to the cluster and the name space class.

In steps 301 to 303, the annotation class @ apollloconfig in the JAR packet of the CMC configuration center is referred to, a cluster and namespace on the configuration center are specified to be read, and the channel point-of-test switch is set in the cluster.

In an embodiment, referring to fig. 4, the encryption method in the new and old password transition process further includes:

step 500: creating a context according to the AnnotationConfigApplicationContext class of the tool kit in the configuration center;

step 600: creating an ApolloAntotationBean class object;

step 700: acquiring a parameter name of a specific password switch according to the context and the ApolloAntotationBean class object;

step 800: and judging the switch state according to the switch parameter name.

In steps 500 to 800, the AntotationConfigApplicationContext class in the toolkit is first referenced and context is created, and at the same time, an ApolloAnnotationBean class object is created for obtaining the value (0-closed, 1-open) specifying the secret switch parameter name setPassionWordFlag. And if setPasswordFlag is 0, the old flow is moved to generate the old password. Otherwise, the parameters of the point test switch in the configuration center are continuously read, and the switch state may be determined by using multiple parameters, for example, key element fields such as zoneon no point test area number, brNo point test website number chanType point test channel, and the like. If the set test point switch condition is met, a new encryption algorithm can be adopted for encryption, and a new password is generated and stored in the database.

The invention provides a technical means for performing batch operation data migration on stock data and then performing secondary encryption by adopting a new encryption algorithm in the process of modifying a new encryption mode and an old encryption mode, and controlling the conversion of new and old passwords by setting a double switch, and the two encryption modes are compatible. The invention can ensure the accuracy of the password during the transition period of the new password and the old password in the password transition period, avoid the situation that the password error occurs when the password storage adopts a new encryption mode, and reduce the risk of the error after the password adopts the new encryption mode.

In a specific implementation mode, the invention takes an IC card and an account password of a bank system as an example, and also provides a specific implementation mode of an encryption method in the transition process of new and old passwords.

Fig. 5 is a general flow diagram of an encryption mode to new encryption mode conversion scheme in an embodiment of the present invention. As shown in fig. 5, it consists of six steps:

step 1: and for the code data of which the stock adopts the old encryption mode, the new encryption mode is reused for carrying out encryption storage, the stock data stored in the database is scanned through batch operation (day or day end), the stock data is moved to a new code storage bank, the code offset is calculated by adopting a new encryption algorithm for the data in batch, and the data is stored in a new code field, and meanwhile, the old code is reserved.

Step 2: a channel switch is set for a user to operate a newly set plaintext password and a modified password through a front end (the switch has three states including 0-off state, old encryption algorithm transmission password, 1-on state and new encryption algorithm transmission password). If the channel switch is 0, the channel is still encrypted by adopting an old encryption algorithm and transmitted to the background application for storage; if the channel switch is 1, only the new encryption algorithm is adopted to transmit the storage. And controlling the test point through a switch. And after the new encryption mode is tried to be popularized without any problem, the old password is abolished, and only the new password is transmitted and stored.

And step 3: for the intermediate node, the primary encryption password transmitted from the front end is encrypted into a key for the second time, the secondary encryption algorithm is also modified by adopting a new encryption algorithm and an old encryption algorithm, and the transmission of the password by the original encryption algorithm and the transmission of the new password generated by a new encryption algorithm component are also required to be supported at the same time.

And 4, step 4: and the target node storage password is stored by using the password encrypted by the secondary encryption algorithm.

And 5: setting a password verification test point switch (the switch has two states including 0-off and 1-on), and judging whether to go through a new password and an old password verification process by the target node according to whether the switch is on.

Step 6: after the new encryption mode is adopted to set the password and the verification password is popularized and tried, the old encryption password data is cleared.

Fig. 6 illustrates a technical scheme of transferring an old password to a new password by batch migration of stock data. The method comprises the following steps:

firstly, batch operation is created, and a maximum query number maxNum parameter, a batch migration timing task start time startTime and an end time endTime are set each time. And judging whether to start the batch operation according to startTime, and if the current time is between the startTime and endTime, querying a database table according to the data rule by using a plurality of batch processes (step A). Then, the batch program receives the data returned by the inquiry, circularly calls a new encryption algorithm to calculate the password offset, produces a new password and executes the next step. And finally, calling a batch program to update the database storage password into a new password, and returning to the step A after the password is successfully updated.

Fig. 7 illustrates a process of inputting a plaintext password from the front end of a password setup transaction, transmitting the plaintext password through each node, and encrypting the password when setting the password. As shown in fig. 7, specifically includes:

the client sets the password from the front-end platform and inputs the plaintext password through a keyboard or other modes. Judging the switch state of the set password channel, and if the switch state is 0-new and old password parallel state, encrypting and transmitting the password input by the client by adopting a new and old encryption password parallel mode; if the switch state is 1-popularization of all-line new password trial, the password is encrypted and transmitted only by adopting a new encryption algorithm; if the switch is in a 2-emergency switching-back state, the original encryption password is transmitted, and the old interface is set with the password.

And the middle node is provided with a test point switch. If the client is a trial client, calling new password generation service, carrying out encryption by a new encryption algorithm and then sending the encrypted new password to an encryption service platform, and generating a new password offset by the platform and updating and storing the new password offset in a database. If the client is not tried, the client needs to further judge whether the transmitted password is new or not. If the password is the new password, the encryption platform calls a component to convert the new password into the old password, and the old password setting program is executed. If the password is the old password, the password setting program is directly used.

The transmission password of the old password setting program still needs to call password generation service at the target node, an old password offset is generated at the encryption platform according to the old encryption algorithm, and the stored password in the database is updated to be the old password offset.

Figure 8 illustrates the step of verifying the password. The double-switch control is adopted to transmit the check password, and how the intermediate node switches between the new and old password verification interfaces according to the switch setting. As shown in fig. 8, the method comprises the following steps:

firstly, a client inputs a password from a front-end password verification transaction platform. And the channel application sets a password verification switch, judges the state of the switch, and transmits the plaintext password after encrypting the plaintext password by adopting a new encryption algorithm if the switch is on, or transmits the old password by still adopting an old encryption algorithm. Meanwhile, a channel back-cut state is set for back-cutting the old password checking interface.

And setting a test point switch. And if the client is a trial client, further judging whether the table data is stored with the new password offset, if so, calling new password verification service, simultaneously transmitting the new password offset and the old password offset to an encryption and decryption service platform, performing password verification by the platform, returning a verification result, and updating the table data.

If the password is not the trial client, whether the password is new or not is judged. If yes, transmitting the new password to the encryption platform, converting the new password into the old password on the encryption platform, calling the old password verification transaction interface for verification, and updating and returning a result after the verification is passed.

If the client is the client of the first test point, the old password sealing port is still called for password sealing, the password sealing service platform checks according to the new password and the old password, if the new password passes the check, the new password offset is returned, the new password is updated and stored, and the verification result is returned.

Fig. 9 illustrates a UML diagram of the encryption, re-encryption and verification means in programming and technical implementation. The cooperation and dependency relationship among all components and upstream and downstream are reflected. The specific implementation comprises the following steps:

(1) the service platform provides interface class of access layer, and organizes logic and integrates functions by the implementation class, wherein the related password part provides password setting and checking functions by setPassWord () method.

(2) A density-changing component: an execute () method is set inside by entering parameters such as a new password, an old password, a region number, a network point number, a medium number and the like, and password setting is updated by depending on a password setting component. The internal implementation logic is shown in fig. 3.

(3) A density setting component: the new password, the old password, the area code, the network point code, the medium code and the like are entered into the parameter, and 4 methods are arranged to realize the specific logic function:

execute () method: firstly, whether the customer is a new password trial customer is judged by inquiring a CMC password setting switch, and then, different processes are respectively carried out for setting passwords according to the introduced new and old passwords.

testInitPool () method: and initializing a connection verification node server, wherein the connection verification node server comprises a connection starting pool, a performance collecting function starting function and the like.

checkPoolStatus () method: and judging whether the connection pool is normal or not, alarming abnormally, and performing manual access analysis.

transfer () method: the functions of specific password conversion and new and old password generation are provided, and the specific flow refers to fig. 3.

(4) A secret checking component: and entering the reference through a new password, an old password, a region number, a network point number, a medium number and the like. The method comprises the following steps of (1) setting 4 methods to realize specific logic functions:

execute () method: firstly, whether the client is a new password trial client or not is judged by inquiring a CMC password verification switch, and then different processes are respectively carried out according to the introduced new and old passwords.

transfer () method: specific password conversion and new and old password verification functions are provided, and the specific flow refers to fig. 4.

Fig. 10 illustrates a technical implementation of the switch arrangement. By introducing a CMC client component, creating a class file, designating a corresponding cluster and namespace, reading the switch setting on a configuration center, judging the state of a switch, monitoring the switch configuration state of the configuration center in real time through an onChange function, judging whether to switch back the original flow according to the changed switch state once the change occurs, and mainly comprising the following steps of:

(1) ApolloAntotationBean class: and referencing an annotation class @ ApolloConfig in a JAR packet of the CMC configuration center, and appointing a cluster and a namespace on the reading configuration center, wherein a channel test point switch is arranged in the cluster.

(2) Dense members: the AntotationConfigAplicationContext class in the toolkit is referred to, context is created, and an ApolloAntotationBean class object is created at the same time, which is used for obtaining the values (0-close, 1-open) of the specified secret switch parameter name setPossWordFlag. And if setPasswordFlag is 0, the old flow is moved to generate the old password. Otherwise, the parameters of the point test switch in the configuration center are continuously read, and the switch state may be determined by using multiple parameters, for example, key element fields such as zoneon no point test area number, brNo point test website number chanType point test channel, and the like. If the set test point switch condition is met, a new encryption algorithm can be adopted for encryption, and a new password is generated and stored in the database.

(3) The secret testing members: and a CMC switch setting technology is also adopted, the name of a switch parameter is set to be verifyPasswlag, and the corresponding value is as follows: 0-off, 1-on, other logic consistent with the secret component class.

(4) onChange function: and dynamically monitoring the parameters of the configuration center by calling the CMC client tool kit, and realizing real-time judgment of new and old flow switching according to the change of the switch parameters of the configuration center.

As can be seen from the above description, the embodiment of the present invention provides an encryption method in the transition process of new and old passwords, which includes monitoring the on-off state of a configuration center in real time, where different on-off states correspond to the encryption method of the new password and the encryption method of the old password respectively; creating a class file with the CMC client component; reading the switch state on the configuration center according to the class file; and encrypting the user password according to the switch state. The invention provides a method for controlling and verifying the password by double password fields and double switches and double systems (new and old processes), which adopts a mode of coexistence of new and old password encryption modes, simultaneously sets a secret-related and secret-using switch to control the switching of using new and old passwords, and an intermediate node also provides new and old interfaces to carry out different processing on the passwords and supports the conversion of the new and old passwords, thereby ensuring the accuracy of the passwords during the transition period of the new and old passwords and avoiding the situation that the password error occurs when stock passwords adopt the new encryption mode.

Based on the same inventive concept, the embodiment of the present application further provides an encryption apparatus in a new password and old password transition process, which can be used to implement the method described in the above embodiment, such as the following embodiments. Because the principle of solving the problems of the encryption device in the new and old password transition process is similar to the encryption method in the new and old password transition process, the implementation of the encryption device in the new and old password transition process can refer to the implementation of the encryption method in the new and old password transition process, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

An embodiment of the present invention provides a specific implementation manner of an encryption apparatus in a new and old password transition process, which can implement an encryption method in a new and old password transition process, and referring to fig. 11, the encryption apparatus in the new and old password transition process specifically includes the following contents:

the switch state monitoring module 10 is used for monitoring the switch state on the configuration center in real time, and different switch states respectively correspond to the encryption method of the new password and the encryption method of the old password;

a class file creation module 20 for creating a class file using the CMC client component;

a switch state reading module 30, configured to read a switch state on the configuration center according to the class file;

and the password encryption module 40 is used for encrypting the user password according to the switch state.

In one embodiment, referring to fig. 12, the switch status monitoring module 10 includes:

and the switch state monitoring unit 101 is configured to monitor the switch state in real time through an onChange function.

In one embodiment, referring to fig. 13, the switch status reading module 30 includes:

an annotation class reference unit 301, configured to reference an annotation class on the configuration center;

a space class reading unit 302, configured to read the cluster of the configuration center and the namespace class according to the annotation class;

a switch state reading unit 303, configured to read the switch state according to the cluster and the namespace class.

In one embodiment, referring to fig. 14, the encryption apparatus in the new-old password transition process further includes:

a context creation module 50, configured to create a context according to the AnnotationConfigApplicationContext class of the toolkit in the configuration center;

a class object creating module 60, configured to create an apololoannotationbean class object;

a parameter name obtaining module 70, configured to obtain a parameter name of a specific password switch according to the context and the apololoannotationbean class object;

and the switching state judging module 80 is used for judging the switching state according to the switching parameter name.

As can be seen from the above description, the embodiment of the present invention provides an encryption apparatus in the transition process of new and old passwords, which first extracts the picture features of the client video data received in advance; then, calculating the similarity between the picture characteristics and the user comparison picture characteristics; and finally, carrying out wind control evaluation on the user according to a pre-generated non-incremental SVM wind control model, the similarity and the transaction characteristics of the user. By means of various technical means such as data extraction, data analysis, image analysis and risk transaction pre-judgment, suspicious transactions are automatically screened by means of a user-defined risk model, staff of a branch network are prompted to carry out rectification and spot inspection, and efficiency and accuracy of risk transaction screening are improved. Specifically, the invention has the following beneficial effects:

an embodiment of the present application further provides a specific implementation manner of an electronic device, which is capable of implementing all steps in an encryption method in a new password and an old password transition process in the foregoing embodiment, and referring to fig. 15, the electronic device specifically includes the following contents:

a processor (processor)1201, a memory (memory)1202, a communication Interface 1203, and a bus 1204;

the processor 1201, the memory 1202 and the communication interface 1203 complete communication with each other through the bus 1204; the communication interface 1203 is used for implementing information transmission between related devices such as server-side devices and client-side devices;

the processor 1201 is configured to call the computer program in the memory 1202, and the processor executes the computer program to implement all the steps in the encryption method in the new and old password transition process in the above embodiments, for example, the processor executes the computer program to implement the following steps:

step 100: monitoring the switch states on the configuration center in real time, wherein different switch states respectively correspond to the encryption method of the new password and the encryption method of the old password;

step 200: creating a class file with the CMC client component;

step 300: reading the switch state on the configuration center according to the class file;

step 400: and encrypting the user password according to the switch state.

Embodiments of the present application further provide a computer-readable storage medium capable of implementing all steps in the encryption method in the new and old password transition process in the foregoing embodiments, where the computer-readable storage medium stores a computer program, and the computer program implements all steps of the encryption method in the new and old password transition process in the foregoing embodiments when executed by a processor, for example, the processor implements the following steps when executing the computer program:

step 200: creating a class file with the CMC client component;

step 400: and encrypting the user password according to the switch state.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Although the present application provides method steps as in an embodiment or a flowchart, more or fewer steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the embodiments of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

The embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The described embodiments may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

The above description is only an example of the embodiments of the present disclosure, and is not intended to limit the embodiments of the present disclosure. Various modifications and variations to the embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present specification should be included in the scope of the claims of the embodiments of the present specification.

Claims

1. An encryption method in the transition process of new and old passwords is characterized by comprising the following steps:

creating a class file with the CMC client component;

and encrypting the user password according to the switch state.

2. The encryption method in the new and old password transition process according to claim 1, wherein said real-time monitoring the switch status on the configuration center comprises:

and monitoring the switch state in real time through an onChange function.

3. The encryption method in the new and old password transition process according to claim 1, wherein said reading the switch status on the configuration center according to the class file comprises:

referencing an annotation class on the configuration center;

and reading the switch state according to the cluster and the name space class.

4. The encryption method in the new and old password transition process according to claim 1, further comprising:

creating an ApolloAntotationBean class object;

and judging the switch state according to the switch parameter name.

5. An encryption device in the transition process of new and old passwords is characterized by comprising:

6. The encryption apparatus in the new and old password transition process according to claim 5, wherein the switch status monitoring module comprises:

7. The encryption device in the new and old password transition process according to claim 5, wherein the switch state reading module comprises:

8. The encryption apparatus in the new-old cipher transition process according to claim 5, further comprising:

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the encryption method in the new and old password transition process according to any one of claims 1 to 4 when executing the program.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the encryption method in the new-old password transition procedure according to any one of claims 1 to 4.