CN113672903A - Password management method, electronic device, device and readable storage medium - Google Patents
Password management method, electronic device, device and readable storage medium Download PDFInfo
- Publication number
- CN113672903A CN113672903A CN202111232594.5A CN202111232594A CN113672903A CN 113672903 A CN113672903 A CN 113672903A CN 202111232594 A CN202111232594 A CN 202111232594A CN 113672903 A CN113672903 A CN 113672903A
- Authority
- CN
- China
- Prior art keywords
- password
- request
- target
- verification operation
- management method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a password management method, an electronic device, a device and a readable storage medium, wherein the method comprises the following steps: receiving a password request of a request terminal, and acquiring the password category of a first target password corresponding to the password request; matching and executing password verification operation corresponding to the password category; and when the password verification operation passes, feeding back the first target password to the request terminal. By setting the unified password verification operation, the workload of operation and maintenance and password management can be reduced, the occurrence of plaintext passwords is reduced, the problems of password abuse and leakage are avoided, and the safety of the passwords and data is ensured.
Description
Technical Field
The present disclosure relates to the field of data security, and in particular, to a password management method, an electronic device, an apparatus, and a readable storage medium.
Background
The existing management and maintenance of various passwords are mostly carried out manually, and the passwords using plain texts are generally configured, so that the problems of password abuse and leakage are easily caused, the service environment of the system is unstable, and the data security is influenced.
Disclosure of Invention
The application provides a password management method, an electronic device, a device and a readable storage medium, and aims to solve the technical problems of password abuse and leakage in the prior art.
In order to solve the above technical problem or at least partially solve the above technical problem, the present application provides a password management method, including the steps of:
receiving a password request of a request terminal, and acquiring the password category of a first target password corresponding to the password request;
matching and executing password verification operation corresponding to the password category;
and when the password verification operation passes, feeding back the first target password to the request terminal.
Optionally, the step of matching and performing the password authentication operation corresponding to the password category includes:
judging that the request terminal is a user account or an IT service;
if the request terminal is the user account, determining to execute the steps of: matching and executing password verification operation corresponding to the password category;
and if the request terminal serves the IT service, executing authorization verification operation.
Optionally, the step of performing an authorization verification operation includes:
obtaining an authorization code in the password request, and judging whether the authorization code is matched with a first target password corresponding to the password request;
and if the authorization code is matched with a first target password corresponding to the password request, feeding back the first target password to the request end.
Optionally, before obtaining the authorization code in the password request, the method further includes:
receiving an authorized issuing instruction, and acquiring at least one second target password corresponding to the authorized issuing instruction;
and generating an authorization code corresponding to the second target password according to the authorization issuing instruction, and sending the authorization code to the IT service.
Optionally, the step of performing a password authentication operation corresponding to the password category includes:
if the password type is the first type, acquiring a user identifier of the password request, judging whether the user identifier is in the authority list of the first target password, and if so, determining that the password verification operation is passed;
and if the password type is a second type, executing superior approval operation, and determining that the password verification operation passes when the superior approval operation is successful, wherein the importance level of the second type is higher than that of the first type.
Optionally, the step of performing a superior approval operation includes:
acquiring the user identification and a password identification corresponding to the first target password;
generating an approval request according to the user identification and the password identification;
acquiring an audit account corresponding to the user identification, and sending the approval request to the audit account;
and if a confirmation instruction based on the approval request fed back by the audit account number is received, determining that the superior approval operation is successful.
Optionally, after the step of matching and performing the password authentication operation corresponding to the password category, the method further comprises:
acquiring behavior data corresponding to the password request and a verification result of the password verification operation;
and associating the behavior data with the verification result and then adding the behavior data and the verification result into a log.
In order to achieve the above object, the present invention also provides an electronic device, including:
the first receiving module is used for receiving a password request of a request terminal and acquiring the password category of a first target password corresponding to the password request;
the first matching module is used for matching and executing password verification operation corresponding to the password category;
and the first feedback module is used for feeding back the first target password to the request terminal when the password verification operation passes.
Optionally, the first matching module comprises:
the first judgment unit is used for judging that the request terminal is a user account or an IT service;
a first determining unit, configured to determine to execute the following steps if the request end is the user account: matching and executing password verification operation corresponding to the password category;
and the first execution unit is used for executing authorization verification operation if the request end serves the IT service.
Optionally, the first execution unit includes:
the first obtaining subunit is configured to obtain an authorization code in the password request, and determine whether the authorization code matches a first target password corresponding to the password request;
and the first feedback subunit is configured to feed back the first target password to the request end if the authorization code matches the first target password corresponding to the password request.
Optionally, the first execution unit further includes:
the first receiving subunit is used for receiving the authorized issuing instruction and acquiring at least one second target password corresponding to the authorized issuing instruction;
and the first sending subunit is configured to generate an authorization code corresponding to the second target password according to the authorization issuing instruction, and send the authorization code to the IT service.
Optionally, the first matching module comprises:
the first obtaining unit is used for obtaining the user identification of the password request if the password type is a first type, judging whether the user identification is in the authority list of the first target password, and determining that the password verification operation is passed if the user identification is in the authority list of the first target password;
and the second determining unit is used for executing a superior approval operation if the password type is a second type, and determining that the password verification operation passes when the superior approval operation is successful, wherein the importance level of the second type is higher than that of the first type.
Optionally, the second determining unit includes:
the second obtaining subunit is configured to obtain the user identifier and a password identifier corresponding to the first target password;
the first generation subunit is used for generating an approval request according to the user identifier and the password identifier;
the third obtaining subunit is configured to obtain an audit account corresponding to the user identifier, and send the approval request to the audit account;
and the first determining subunit is configured to determine that the superior approval operation is successful if a confirmation instruction based on the approval request and fed back by the audit account is received.
Optionally, the electronic device further comprises:
the first obtaining module is used for obtaining behavior data corresponding to the password request and a verification result of the password verification operation;
and the first correlation module is used for correlating the behavior data and the verification result and then adding the result into a log.
To achieve the above object, the present invention further provides a password management apparatus, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when executed by the processor, the computer program implements the steps of the password management method as described above.
To achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the password management method as described above.
The invention provides a password management method, an electronic device, a device and a readable storage medium, which are used for receiving a password request of a request terminal and acquiring the password category of a first target password corresponding to the password request; matching and executing password verification operation corresponding to the password category; and when the password verification operation passes, feeding back the first target password to the request terminal. By setting the unified password verification operation, the workload of operation and maintenance and password management can be reduced, the occurrence of plaintext passwords is reduced, the problems of password abuse and leakage are avoided, and the safety of the passwords and data is ensured.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a flowchart illustrating a first embodiment of a password management method according to the present invention;
FIG. 2 is a flowchart illustrating a step S60 of a second embodiment of the password management method according to the present invention;
fig. 3 is a schematic block diagram of a password management device according to the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The present invention provides a password management method, referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of the password management method of the present invention, and the method includes the steps of:
step S10, receiving a password request of a request end, and acquiring the password category of a first target password corresponding to the password request;
the request end in the embodiment includes but is not limited to a user account or an IT service; a user can enter the system page to directly send a password request based on a required first target password through a user account; the IT service refers to an application system in a system, such as a password system, written by a programming language Java, compiled into a file in a war format, operated by tomcat software, deployed on a Linux server, and accessed by a user through an IP port designated by a browser; and when the IT service needs to acquire the first target password in the running process, automatically sending a corresponding password request.
The embodiment divides the password into different password categories according to the application environment of the password; specifically, the password category includes a development environment password, a test environment password, and a production environment password; the development environment is mainly maintained by developers, important data content does not exist, and most of data is test data in a development stage; the test environment is mainly maintained by software testers, is the correct flow and abnormal conditions of some software manufactured by the testers artificially in the actual use process, and is data manufactured by simulating the actual software environment; the production environment is an environment used by a user, and is data produced by the user operation that actually uses the system. It should be noted that the passwords may also be classified according to the password attributes, the actual application scenario, the fine granularity of password management, and the system requirements according to different classification conditions, such as increasing the number of classifications, and dividing the passwords into more categories; even setting a classification individually for some specific passwords, etc.; the specific setting method is not described herein.
Step S20, matching and executing password verification operation corresponding to the password category;
different password types correspond to different password verification operations, and in the case of the password types, the characteristics of the three password types show that data generated in the production environment is important, so that the password acquisition operation of the production environment needs to be strictly controlled, namely, a safe password verification operation is set; the importance degree of the data generated by the development environment and the test environment is relatively low, so that the operation of acquiring the development environment password and the test environment password can be verified in a detection mode, namely, the password verification operation is set to be simple.
And step S30, when the password verification operation passes, feeding back the first target password to the request end.
When the password verification operation passes, the password obtaining operation is considered to be safe, and the first target password is fed back to the request end. It should be noted that, the system encrypts and stores each password, and the storage scheme provides a symmetric and asymmetric encryption mode to ensure the security of information in the password storage process.
This embodiment is through setting up unified password verification operation for can reduce the work load of operation and maintenance and password management, reduce the appearance of plaintext password simultaneously, avoid the problem of password abuse and leakage, guarantee the safety of password and data.
Further, in the second embodiment of the password management method according to the present invention proposed based on the first embodiment of the present invention, the step S20 includes the steps of:
step S40, judging the request terminal as user account or IT service;
step S50, if the request end is the user account, determining to execute the steps of: matching and executing password verification operation corresponding to the password category;
step S60, if the request end serves for the IT service, an authorization verification operation is performed.
Since the password acquisition processes of the user account and the IT service are different, different verification steps are respectively set for the user account and the IT service in order to more accurately match different password acquisition processes. Because the user account number is sent by people, different password verification operations can be selected according to different first target passwords corresponding to the password requests; since the IT service is automatically operated, whether the first target password has the acquisition permission or not is considered, and meanwhile, the password acquisition efficiency is required to be ensured by the IT service, so that the authorization verification operation is set, and the password acquisition efficiency can be ensured on the basis of ensuring the password security.
The step S60 includes the steps of:
step S61, obtaining an authorization code in the password request, and judging whether the authorization code is matched with a first target password corresponding to the password request;
step S62, if the authorization code matches the first target password corresponding to the password request, feeding back the first target password to the request end.
The authorization code is a permission identifier issued aiming at one or more passwords in advance; the method comprises the steps that a password request sent by the IT service comprises a first target password identifier and an authorization code, after the password request is received, the first target password to be obtained is determined according to the first target password identifier, and whether the authorization code is matched with the first target password or not is judged, namely whether the authorization code is issued aiming at the first target password or not is judged; when the authorization code is matched with the first target password, the IT service is considered to obtain authorization aiming at the first target password, and the first target password is fed back to the IT service; when the authorization code does not match the first target password, the IT service is considered not to obtain authorization for the first target password.
The step S61 is preceded by the steps of:
step S63, receiving an authorized issuing instruction, and acquiring at least one second target password corresponding to the authorized issuing instruction;
step S64, generate an authorization code corresponding to the second target password according to the authorization issue instruction, and send the authorization code to the IT service.
The authorization issuing command can be issued directly by the administrator, or can be fed back by the administrator based on the authorization code request after the IT service proposes the authorization code request. And the authorization issuing command comprises a second target password identifier of one or more second target passwords needing authorization, generates an authorization code matched with the second target password through the second target password identifier, and sends the authorization code to the IT service. Further, when the authorization code is generated, a lifetime can be set for the authorization code, and the authorization code is valid only within the lifetime.
The embodiment executes the authorization verification operation on the password request sent by the IT service, so that the password obtaining efficiency is improved on the basis of ensuring the password security.
Further, in the third embodiment of the password management method according to the present invention proposed based on the first embodiment of the present invention, the step S20 includes the steps of:
step S21, if the password type is the first type, acquiring the user identification of the password request, and judging whether the user identification is in the authority list of the first target password, if so, determining that the password verification operation is passed;
and step S22, if the password type is a second type, executing a superior approval operation, and determining that the password verification operation passes when the superior approval operation succeeds, wherein an importance level of the second type is higher than an importance level of the first type.
In this embodiment, the production environment passwords are classified into the second category, and the development environment passwords and the test environment passwords are classified into the first category. It should be noted that the passwords may also be classified according to the password attributes, the actual application scenario, the fine granularity of password management, and the system requirements according to different classification conditions, such as increasing the number of classifications, and dividing the passwords into more categories; even setting a classification individually for some specific passwords, etc.; the specific setting method is not described herein.
For the first category with lower importance level, only the identity of the user needs to be verified, and if the user has the authority for the password, the first target password is directly returned; in other embodiments, the authentication may be omitted and the first target password may be returned directly.
The step S22 includes the steps of:
step S221, acquiring the user identifier and a password identifier corresponding to the first target password;
step S222, generating an approval request according to the user identifier and the password identifier;
step S223, obtaining an audit account corresponding to the user identification, and sending the approval request to the audit account;
step S224, if a confirmation instruction based on the approval request fed back by the audit account is received, determining that the superior approval operation is successful.
For the second category with higher importance level, the higher level personnel needs to perform the auditing. Specifically, a permission system among user accounts is preset, wherein the permission system contains the superior-inferior relation among the user accounts, and the superior account can be obtained according to the user identification, namely the audit account; furthermore, a plurality of audit accounts can be set independently, each user account is divided into the audit accounts, and the user accounts are associated with the audit accounts.
The approval request comprises a password identifier and a user identifier; the auditor audits the password obtaining operation of the user account through the audit account, and when the audit is passed, the auditor returns a confirmation instruction based on the approval request through the audit account; and when the confirmation instruction is received, the user account is considered to be capable of accessing the first target password.
The embodiment can perform different password authentication operations based on different password categories, thereby enabling management of the password to be more flexible.
Further, in a fourth embodiment of the password management method according to the present invention proposed based on the first embodiment of the present invention, the step S20 is followed by the steps of:
step S70, acquiring behavior data corresponding to the password request and a verification result of the password verification operation;
and step S80, associating the behavior data with the verification result and adding the result into a log.
The behavior data corresponding to the password request includes, but is not limited to, a first target password identifier, a user identifier, a password request receiving time, and the like. The behavior data and the verification result of the password verification operation are added to the log in a correlated manner, so that the password acquisition operation can be traced afterwards.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
The present application further provides an electronic device for implementing the above password management method, where the electronic device includes:
the first receiving module is used for receiving a password request of a request terminal and acquiring the password category of a first target password corresponding to the password request;
the first matching module is used for matching and executing password verification operation corresponding to the password category;
and the first feedback module is used for feeding back the first target password to the request terminal when the password verification operation passes.
The electronic device can reduce the workload of operation and maintenance and password management by setting the unified password verification operation, and simultaneously reduce the occurrence of plaintext passwords, thereby avoiding the problems of password abuse and leakage and ensuring the safety of passwords and data.
It should be noted that the first receiving module in this embodiment may be configured to execute step S10 in this embodiment, the first matching module in this embodiment may be configured to execute step S20 in this embodiment, and the first feedback module in this embodiment may be configured to execute step S30 in this embodiment.
Further, the first matching module comprises:
the first judgment unit is used for judging that the request terminal is a user account or an IT service;
a first determining unit, configured to determine to execute the following steps if the request end is the user account: matching and executing password verification operation corresponding to the password category;
and the first execution unit is used for executing authorization verification operation if the request end serves the IT service.
Further, the first execution unit includes:
the first obtaining subunit is configured to obtain an authorization code in the password request, and determine whether the authorization code matches a first target password corresponding to the password request;
and the first feedback subunit is configured to feed back the first target password to the request end if the authorization code matches the first target password corresponding to the password request.
Further, the first execution unit further includes:
the first receiving subunit is used for receiving the authorized issuing instruction and acquiring at least one second target password corresponding to the authorized issuing instruction;
and the first sending subunit is configured to generate an authorization code corresponding to the second target password according to the authorization issuing instruction, and send the authorization code to the IT service.
Further, the first matching module comprises:
the first obtaining unit is used for obtaining the user identification of the password request if the password type is a first type, judging whether the user identification is in the authority list of the first target password, and determining that the password verification operation is passed if the user identification is in the authority list of the first target password;
and the second determining unit is used for executing a superior approval operation if the password type is a second type, and determining that the password verification operation passes when the superior approval operation is successful, wherein the importance level of the second type is higher than that of the first type.
Further, the second determination unit includes:
the second obtaining subunit is configured to obtain the user identifier and a password identifier corresponding to the first target password;
the first generation subunit is used for generating an approval request according to the user identifier and the password identifier;
the third obtaining subunit is configured to obtain an audit account corresponding to the user identifier, and send the approval request to the audit account;
and the first determining subunit is configured to determine that the superior approval operation is successful if a confirmation instruction based on the approval request and fed back by the audit account is received.
Further, the electronic device further includes:
the first obtaining module is used for obtaining behavior data corresponding to the password request and a verification result of the password verification operation;
and the first correlation module is used for correlating the behavior data and the verification result and then adding the result into a log.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. The modules may be implemented by software as part of the apparatus, or may be implemented by hardware, where the hardware environment includes a network environment.
Referring to fig. 3, the password management apparatus may include components such as a communication module 10, a memory 20, and a processor 30 in a hardware configuration. In the password management device, the processor 30 is connected to the memory 20 and the communication module 10, respectively, the memory 20 stores a computer program, and the computer program is executed by the processor 30 at the same time, and when the computer program is executed, the steps of the above method embodiment are realized.
The communication module 10 may be connected to an external communication device through a network. The communication module 10 may receive a request from an external communication device, and may also send a request, an instruction, and information to the external communication device, where the external communication device may be another password management apparatus, a server, or an internet of things device, such as a television.
The memory 20 may be used to store software programs as well as various data. The memory 20 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (for example, a password category of the first target password corresponding to the password request is obtained), and the like; the storage data area may include a database, and the storage data area may store data or information created according to use of the system, or the like. Further, the memory 20 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 30, which is a control center of the password management apparatus, connects various parts of the entire password management apparatus using various interfaces and lines, and performs various functions of the password management apparatus and processes data by running or executing software programs and/or modules stored in the memory 20 and calling data stored in the memory 20, thereby performing overall monitoring of the password management apparatus. Processor 30 may include one or more processing units; alternatively, the processor 30 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 30.
Although not shown in fig. 3, the password management apparatus may further include a circuit control module, which is used for connecting with a power supply to ensure the normal operation of other components. Those skilled in the art will appreciate that the configuration of the password management device shown in fig. 3 does not constitute a limitation of the password management device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The invention also proposes a computer-readable storage medium on which a computer program is stored. The computer-readable storage medium may be the Memory 20 in the password management apparatus of fig. 3, and may also be at least one of a ROM (Read-Only Memory)/RAM (Random Access Memory), a magnetic disk, and an optical disk, where the computer-readable storage medium includes instructions for enabling a terminal device (which may be a television, an automobile, a mobile phone, a computer, a server, a terminal, or a network device) having a processor to execute the method according to the embodiments of the present invention.
In the present invention, the terms "first", "second", "third", "fourth" and "fifth" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance, and those skilled in the art can understand the specific meanings of the above terms in the present invention according to specific situations.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although the embodiment of the present invention has been shown and described, the scope of the present invention is not limited thereto, it should be understood that the above embodiment is illustrative and not to be construed as limiting the present invention, and that those skilled in the art can make changes, modifications and substitutions to the above embodiment within the scope of the present invention, and that these changes, modifications and substitutions should be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for password management, the method comprising:
receiving a password request of a request terminal, and acquiring the password category of a first target password corresponding to the password request;
matching and executing password verification operation corresponding to the password category;
and when the password verification operation passes, feeding back the first target password to the request terminal.
2. The password management method of claim 1, wherein said step of matching and performing a password authentication operation corresponding to said password class is preceded by:
judging that the request terminal is a user account or an IT service;
if the request terminal is the user account, determining to execute the steps of: matching and executing password verification operation corresponding to the password category;
and if the request terminal serves the IT service, executing authorization verification operation.
3. The password management method of claim 2, wherein the step of performing an authorization verification operation comprises:
obtaining an authorization code in the password request, and judging whether the authorization code is matched with a first target password corresponding to the password request;
and if the authorization code is matched with a first target password corresponding to the password request, feeding back the first target password to the request end.
4. The password management method of claim 3, wherein prior to obtaining the authorization code in the password request, the method further comprises:
receiving an authorized issuing instruction, and acquiring at least one second target password corresponding to the authorized issuing instruction;
and generating an authorization code corresponding to the second target password according to the authorization issuing instruction, and sending the authorization code to the IT service.
5. The password management method of claim 1, wherein the step of performing a password authentication operation corresponding to the password class comprises:
if the password type is the first type, acquiring a user identifier of the password request, judging whether the user identifier is in the authority list of the first target password, and if so, determining that the password verification operation is passed;
and if the password type is a second type, executing superior approval operation, and determining that the password verification operation passes when the superior approval operation is successful, wherein the importance level of the second type is higher than that of the first type.
6. The password management method of claim 5, wherein the step of performing the superior approval operation comprises:
acquiring the user identification and a password identification corresponding to the first target password;
generating an approval request according to the user identification and the password identification;
acquiring an audit account corresponding to the user identification, and sending the approval request to the audit account;
and if a confirmation instruction based on the approval request fed back by the audit account number is received, determining that the superior approval operation is successful.
7. The password management method of claim 1, wherein after the step of matching and performing a password authentication operation corresponding to the password class, the method further comprises:
acquiring behavior data corresponding to the password request and a verification result of the password verification operation;
and associating the behavior data with the verification result and then adding the behavior data and the verification result into a log.
8. An electronic device, comprising:
the first receiving module is used for receiving a password request of a request terminal and acquiring the password category of a first target password corresponding to the password request;
the first matching module is used for matching and executing password verification operation corresponding to the password category;
and the first feedback module is used for feeding back the first target password to the request terminal when the password verification operation passes.
9. Password management device, characterized in that it comprises a memory, a processor and a computer program stored on said memory and executable on said processor, said computer program, when executed by said processor, implementing the steps of the password management method according to any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the password management method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111232594.5A CN113672903A (en) | 2021-10-22 | 2021-10-22 | Password management method, electronic device, device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111232594.5A CN113672903A (en) | 2021-10-22 | 2021-10-22 | Password management method, electronic device, device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113672903A true CN113672903A (en) | 2021-11-19 |
Family
ID=78550868
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111232594.5A Pending CN113672903A (en) | 2021-10-22 | 2021-10-22 | Password management method, electronic device, device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113672903A (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060406A (en) * | 2006-04-20 | 2007-10-24 | 华为技术有限公司 | An end-to-end communication authentication method and device |
| CN104579667A (en) * | 2013-10-28 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Account password management method, device and system |
| CN106469269A (en) * | 2016-08-29 | 2017-03-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method of Password Management, device and terminal |
| CN107026735A (en) * | 2016-01-29 | 2017-08-08 | 李明 | Method and managed devices that a kind of password is automatically entered |
| CN107026734A (en) * | 2016-01-29 | 2017-08-08 | 李明 | A kind of method and system that Password Management is carried out using certification lasting effectiveness |
| CN107579972A (en) * | 2017-09-01 | 2018-01-12 | 掌阅科技股份有限公司 | Cipher management method, electronic equipment, computer-readable storage medium |
| CN109359445A (en) * | 2018-09-25 | 2019-02-19 | 浙江齐治科技股份有限公司 | A kind of database password management system and method |
| CN110022207A (en) * | 2018-01-09 | 2019-07-16 | 北京京东尚科信息技术有限公司 | Key management and the method and apparatus for handling data |
| CN110602121A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Network key obtaining method and device and computer readable storage medium |
| CN111159696A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Password storage and checking method, system and password management system |
| CN111522785A (en) * | 2020-04-17 | 2020-08-11 | 上海中通吉网络技术有限公司 | Data extraction auditing method, device and equipment |
| CN111614686A (en) * | 2020-05-26 | 2020-09-01 | 牛津(海南)区块链研究院有限公司 | Key management method, controller and system |
| CN112464212A (en) * | 2020-03-30 | 2021-03-09 | 上海汇招信息技术有限公司 | Data authority control reconstruction method based on mature complex service system |
| CN113010909A (en) * | 2019-12-20 | 2021-06-22 | 南京云教数据科技有限公司 | Data security classification method and device for scientific data sharing platform |
| CN113641981A (en) * | 2020-05-11 | 2021-11-12 | 华为技术有限公司 | Authentication method and electronic equipment |
-
2021
- 2021-10-22 CN CN202111232594.5A patent/CN113672903A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060406A (en) * | 2006-04-20 | 2007-10-24 | 华为技术有限公司 | An end-to-end communication authentication method and device |
| CN104579667A (en) * | 2013-10-28 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Account password management method, device and system |
| CN107026735A (en) * | 2016-01-29 | 2017-08-08 | 李明 | Method and managed devices that a kind of password is automatically entered |
| CN107026734A (en) * | 2016-01-29 | 2017-08-08 | 李明 | A kind of method and system that Password Management is carried out using certification lasting effectiveness |
| CN106469269A (en) * | 2016-08-29 | 2017-03-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method of Password Management, device and terminal |
| CN107579972A (en) * | 2017-09-01 | 2018-01-12 | 掌阅科技股份有限公司 | Cipher management method, electronic equipment, computer-readable storage medium |
| CN110022207A (en) * | 2018-01-09 | 2019-07-16 | 北京京东尚科信息技术有限公司 | Key management and the method and apparatus for handling data |
| CN109359445A (en) * | 2018-09-25 | 2019-02-19 | 浙江齐治科技股份有限公司 | A kind of database password management system and method |
| CN110602121A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Network key obtaining method and device and computer readable storage medium |
| CN113010909A (en) * | 2019-12-20 | 2021-06-22 | 南京云教数据科技有限公司 | Data security classification method and device for scientific data sharing platform |
| CN111159696A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Password storage and checking method, system and password management system |
| CN112464212A (en) * | 2020-03-30 | 2021-03-09 | 上海汇招信息技术有限公司 | Data authority control reconstruction method based on mature complex service system |
| CN111522785A (en) * | 2020-04-17 | 2020-08-11 | 上海中通吉网络技术有限公司 | Data extraction auditing method, device and equipment |
| CN113641981A (en) * | 2020-05-11 | 2021-11-12 | 华为技术有限公司 | Authentication method and electronic equipment |
| CN111614686A (en) * | 2020-05-26 | 2020-09-01 | 牛津(海南)区块链研究院有限公司 | Key management method, controller and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102521548B (en) | Method for managing using rights of function and mobile terminal | |
| CN110912938A (en) | Access verification method and device for network access terminal, storage medium and electronic equipment | |
| CN110324338B (en) | Data interaction method, device, fort machine and computer readable storage medium | |
| CN109033857B (en) | Method, device and equipment for accessing data and readable storage medium | |
| CN110083384B (en) | Application programming interface creating method and device | |
| KR102340474B1 (en) | System, method and computer program for data scrapping using script engine | |
| CN106549909B (en) | Authorization verification method and device | |
| CN110825634A (en) | Parameter quality checking method, device and equipment and computer readable storage medium | |
| CN111666565A (en) | Sandbox simulation test method and device, computer equipment and storage medium | |
| CN110175466B (en) | Security management method and device for open platform, computer equipment and storage medium | |
| CN105645202A (en) | Password authority control method and system, remote server and elevator controller | |
| CN113672894B (en) | Data processing method, device, equipment and storage medium for verification code request | |
| CN112165448B (en) | Service processing method, device, system, computer equipment and storage medium | |
| WO2021169305A1 (en) | Voiceprint data processing method and apparatus, computer device, and storage medium | |
| CN110798446A (en) | Mail batch authorization method and device, computer equipment and storage medium | |
| CN113360868A (en) | Application program login method and device, computer equipment and storage medium | |
| CN108121606B (en) | Method and device for generating coded data based on joint debugging interface | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN113742023A (en) | Authority configuration method and device, computer equipment and storage medium | |
| CN110351719B (en) | Wireless network management method, system, electronic equipment and storage medium | |
| CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment | |
| CN112560006A (en) | Single sign-on method and system under multi-application system | |
| CN112637231A (en) | Authorization method, authorization device, storage medium and server | |
| CN112559352A (en) | Interface test method, device, equipment and storage medium | |
| CN113672903A (en) | Password management method, electronic device, device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211119 |
|
| RJ01 | Rejection of invention patent application after publication |