CN113792272A - Method and device for managing and controlling password library, storage medium and electronic equipment - Google Patents

Method and device for managing and controlling password library, storage medium and electronic equipment Download PDF

Info

Publication number
CN113792272A
CN113792272A CN202111056759.8A CN202111056759A CN113792272A CN 113792272 A CN113792272 A CN 113792272A CN 202111056759 A CN202111056759 A CN 202111056759A CN 113792272 A CN113792272 A CN 113792272A
Authority
CN
China
Prior art keywords
password
library
key
target object
biometric
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111056759.8A
Other languages
Chinese (zh)
Inventor
余秦勇
刘光前
罗春枫
徐翰隆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Antiy Network Technology Co Ltd
Original Assignee
Beijing Antiy Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Antiy Network Technology Co Ltd filed Critical Beijing Antiy Network Technology Co Ltd
Priority to CN202111056759.8A priority Critical patent/CN113792272A/en
Publication of CN113792272A publication Critical patent/CN113792272A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

One or more embodiments of the invention disclose a method, a device, a storage medium and an electronic device for managing and controlling a password library, wherein the method for managing and controlling the password library applied to a block chain system comprises the following steps: acquiring an unlocking request from a client, wherein the unlocking request comprises a secret key and first biological characteristic information of a target object; decrypting a second biometric information of a pre-stored encrypted legitimate user based on the key; comparing the second biological characteristic information with the first biological characteristic information of the target object to determine whether the target object is a legal user; and in response to the target object being a legal user, determining that the biometric lock of the client is successfully unlocked, and informing a password library server to provide a password library file corresponding to the target object to the client. The embodiment of the invention can effectively improve the security of the password library.

Description

Method and device for managing and controlling password library, storage medium and electronic equipment
Technical Field
The invention relates to the technical field of computers, in particular to a password library control method, a password library control device, a storage medium and electronic equipment.
Background
With the rapid development of online applications, the accompanying account also presents an explosive growth situation, the account password becomes more and more a burden for users, and password management software becomes an important tool in the life and office processes of people gradually. To improve security, password management software currently uses a master password and key file to encrypt the user's password database. However, besides the main password, the user needs to manage and maintain the key file separately, the use process is inconvenient, once the key file is lost, the user cannot use the whole password library even if the user has the main password, and the loss of the key file also brings potential safety hazards to the password library.
Disclosure of Invention
In view of this, one or more embodiments of the present invention provide a method, an apparatus, a storage medium, and an electronic device for managing a cryptographic library, which can effectively improve the security of the cryptographic library.
One or more embodiments of the present invention provide a method for managing and controlling a cryptographic library, which is applied to a blockchain system, and the method includes: the method comprises the steps of obtaining an unlocking request from a client, wherein the unlocking request is used for requesting the block chain system to unlock a biological feature lock of a password library, and the unlocking request comprises a secret key and first biological feature information of a target object; decrypting a second biometric information of a pre-stored encrypted legitimate user based on the key; comparing the second biological characteristic information with the first biological characteristic information of the target object to determine whether the target object is a legal user; and in response to the target object being a legal user, determining that the biometric lock of the client is successfully unlocked, and informing a password library server to provide a password library file corresponding to the target object to the client.
Optionally, before acquiring the unlocking request of the biometric lock from the client, the method further includes: before an unlocking request of a biometric lock from a client is obtained, obtaining the encrypted second biometric information from the client; chaining the encrypted second biometric information; and generating the biometric lock for the password bank file stored in the password bank server based on the encrypted second biometric information.
Optionally, the key is a derived key generated based on the vault login password according to a key derivation algorithm.
One or more embodiments of the present invention further provide a method for managing and controlling a vault, which is applied to a client device, and includes: acquiring a password library access request, wherein the password library access request comprises: a first biological characteristic of the target object and a password library login password; generating a key according to the login password of the password library; uploading the key and the first biometric information to a blockchain system to request the blockchain system to decrypt prestored second biometric information of a legal user based on the key, comparing the first biometric information with the second biometric information, and determining whether the target object is a legal user;
and receiving the password library file from the password library server side under the condition that the target object is a legal user.
Optionally, before acquiring the cryptographic library access request, the method further includes: acquiring the login password of the password library and the second biological characteristic information; generating the key based on the password bank login password; encrypting the second biological characteristic information based on the secret key to obtain encrypted second biological characteristic information;
and uploading the encrypted second biological characteristic information to the blockchain system.
Optionally, generating the key based on the password library login password includes: and generating a derived key according to the key derivation algorithm and the password of the password library login.
One or more embodiments of the present invention further provide a device for managing and controlling a cryptographic library, which is applied to a blockchain system, and includes: the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is configured to acquire an unlocking request of a biometric lock from a client, the unlocking request is used for requesting the block chain system to unlock the biometric lock of the password library, and the unlocking request comprises a secret key and first biometric information of a target object; a decryption module configured to decrypt pre-stored encrypted second biometric information of a legitimate user based on the key; a comparison module configured to compare the second biometric information with the first biometric information of the target object and determine whether the target object is a legal user; a determining module configured to determine that the biometric lock is successfully unlocked in response to the target object being a legitimate user, and notify a cryptographic library server to provide a cryptographic library file corresponding to the target object to the client.
Optionally, the apparatus further comprises: a second obtaining module configured to obtain the encrypted second biometric information from the client before obtaining an unlocking request of a biometric lock from the client; a storage module configured to link the encrypted second biometric information; a first generation module configured to generate the biometric lock for the cryptographic library file stored in the cryptographic library server based on the encrypted second biometric information.
Optionally, the key is a derived key generated based on the vault login password according to a key derivation algorithm.
One or more embodiments of the present invention further provide a cryptographic library management and control apparatus, which is applied to a client device, and includes: a third obtaining module, configured to obtain a cryptographic library access request, where the cryptographic library access request includes: a first biological characteristic of the target object and a password library login password; a second generation module configured to generate a key according to the password bank login password; a first uploading module configured to upload the key and the first biometric information to a blockchain system to request the blockchain system to decrypt pre-stored encrypted second biometric information of a legitimate user based on the key, compare the first biometric information with the second biometric information, and determine whether the target object is a legitimate user; and the receiving module is configured to receive the password library file from the password library server side under the condition that the target object is a legal user.
Optionally, the apparatus further comprises: a fourth obtaining module configured to obtain the password bank login password and the second biometric information before obtaining a password bank access request; a third generation module configured to generate the key based on the passbank login password; an encryption module configured to encrypt the second biometric information based on the secret key to obtain encrypted second biometric information; a second upload module configured to upload the encrypted second biometric information to the blockchain system.
Optionally, the third generating module is specifically configured to: and generating a derived key according to the key derivation algorithm and the password of the password library login.
One or more embodiments of the present invention also provide an electronic device including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing any one of the above-mentioned password library management and control methods.
One or more embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute any one of the above-described cryptographic library management methods.
The method, the device, the storage medium and the electronic equipment for managing and controlling the password library in one or more embodiments of the invention acquire an unlocking request from a client for requesting a block chain system to unlock a biometric lock of the password library, decrypt and obtain second biometric information of a legal user based on a secret key in the unlocking request, determine whether a target object is a legal user or not by comparing the consistency of the second biometric information and a first biometric characteristic in the unlocking request, determine that the biometric lock of the password library is successfully unlocked if the target object is the legal user, and inform a password library server to provide a password library file corresponding to the target object to the client. The password library of the user is subjected to security protection through the login password of the password library, the key and the biological characteristic lock, so that the security of the password library is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a method for managing a cryptographic library according to one or more embodiments of the present invention;
FIG. 2 is a flow diagram illustrating a method for cryptographic library management and control in accordance with one or more embodiments of the present invention;
FIG. 3 is a flow diagram illustrating the creation of a biometric lock in accordance with one or more embodiments of the present invention;
FIG. 4 is a flow diagram illustrating unlocking of a biometric lock in accordance with one or more embodiments of the present invention;
fig. 5 is a schematic structural diagram of a cryptographic library managing and controlling apparatus according to one or more embodiments of the present invention;
fig. 6 is a schematic structural diagram of a cryptographic library managing and controlling apparatus according to one or more embodiments of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to one or more embodiments of the invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart illustrating a method for managing a cryptographic library, which may be applied to a blockchain system, for example, the method may be performed by the blockchain system, as shown in fig. 1, and the method includes:
step 101: the method comprises the steps of obtaining an unlocking request from a client, wherein the unlocking request is used for requesting the block chain system to unlock a biological feature lock of a password library, and the unlocking request comprises a secret key and first biological feature information of a target object;
the client in one or more embodiments of the invention may be provided, for example, in a client device, which may be, for example, an entity operated by a user, which may be provided as a mobile device, or as a non-mobile device. The client device may be provided with a biometric acquisition device, for example, to acquire a biometric of the user.
Step 102: decrypting a second biometric information of a pre-stored encrypted legitimate user based on the key;
the block chain system can pre-store encrypted second biological characteristic information of a legal user. In step 102, the encrypted second biometric information may be decrypted using the key in the unlocking request, so as to obtain the decrypted second biometric information.
In one or more embodiments of the present invention, the biometric information (including the first biometric information and the second biometric information) may be any one of a fingerprint, an iris, a facial phase, a DNA, and the like.
Step 103: comparing the second biological characteristic information with the first biological characteristic information of the target object to determine whether the target object is a legal user;
when the second biological characteristic information is compared with the first biological characteristic information, if the second biological characteristic is consistent with the first biological characteristic or the similarity between the second biological characteristic and the first biological characteristic reaches a preset similarity threshold, the target object can be determined to be a legal user, otherwise, the target object can be determined not to be a legal user.
Step 104: and in response to the target object being a legal user, determining that the biometric lock of the client is successfully unlocked, and informing a password library server to provide a password library file corresponding to the target object to the client.
In one or more embodiments of the present invention, the cryptographic library server may be configured to store a cryptographic library file of a user and provide a query service for the cryptographic library file. The user can upload the password library file to the password library server in advance and store the password library file in the password library server. Subsequent users may send the unlock request to the blockchain system on the client to request a query for the vault file. In step 104, after the blockchain system determines that the biometric lock corresponding to the password library is successfully unlocked, the blockchain system may send the information of the legal user identity and the information of the successful unlocking to the password library server, and after receiving the information from the blockchain system, the password library server may return the password library file corresponding to the information of the legal user identity to the client of the legal user.
The method for managing and controlling the password library in one or more embodiments of the invention includes the steps of obtaining an unlocking request from a client for requesting a block chain system to unlock a biological feature lock of the password library, decrypting based on a secret key in the unlocking request to obtain second biological feature information of a legal user, determining whether a target object is the legal user or not through comparison of consistency of the second biological feature information and a first biological feature in the unlocking request, determining that the biological feature lock of the password library is successfully unlocked if the target object is the legal user, and informing a password library server side to provide a password library file corresponding to the target object to the client. The password library of the user is subjected to security protection through the login password of the password library, the key and the biological characteristic lock, so that the security of the password library is improved.
In one or more embodiments of the invention, in order to authenticate the identity of the user accessing the password library, the encrypted biometric characteristics of the legal user can be saved on the blockchain system after the password library file is uploaded to the password library server. Based on this, before acquiring the unlocking request of the biometric lock from the client, the method for managing and controlling the password library may further include: acquiring the encrypted second biological characteristics from the client;
chaining the encrypted second biometric characteristic; for example, after the blockchain system receives the encrypted second biometric, the encrypted second biometric is linked after the nodes on the blockchain system have a common identity.
And generating the biometric lock for the password bank file stored in the password bank server based on the encrypted second biometric feature.
In one or more embodiments of the present invention, after chaining the biometric features of the user, the blockchain system forms a biometric authentication layer based on the biometric features of the user, and uses the biometric authentication layer as an authentication process that must be performed before accessing the password library of the user, and a subsequent request of the user to access the password library must be authenticated by the authentication layer, so that the data in the password library can be obtained by an authentication pass. The biometric verification layer added before the password library is the biometric lock.
For example, the second biometric characteristic may be a biometric characteristic of a user a who has uploaded a cryptographic library file B to the cryptographic library server before the biometric characteristic, and then the user a uploads the encrypted biometric characteristic of the user a to the blockchain system through the client. Then user a may subsequently request access to the codebase system for the codebase file B by providing the key used by the previously encrypted biometric lock and the user a's biometric.
In one or more embodiments of the invention, the key is a derivative key generated based on the vault login password according to a key derivation algorithm, such as a derivative key generated based on the vault login password using a key derivation algorithm of PBKDF 2. For example, in encrypting a user's biometric, the user may enter a vault login password via the client device and generate a derivative key based on the vault login password using a key derivation algorithm. And when the unlocking request of the biometric lock is obtained, the user inputs a password bank login password through the client device, and generates a derived key based on the password bank login password by using a key derivation algorithm. In the process of encrypting and decrypting the biological characteristics of the user, the key can be prevented from being transmitted back and forth between the client equipment and the block chain system, the security of the key is improved, meanwhile, the derived key is used, so that the user does not need to maintain the key additionally, and the convenience of the user is improved.
Fig. 2 is a flowchart illustrating a method for managing a cryptographic library according to one or more embodiments of the present invention, where, as shown in fig. 2, the method includes:
step 201: acquiring a password library access request, wherein the password library access request comprises: a first biological characteristic of the target object and a password library login password;
the target object may be, for example, a user to access the cryptographic library, and after the user passes identity authentication, the cryptographic library file may be acquired. The target object can input a password library login password through the client device and input the biological characteristics of the target object through a biological characteristic acquisition device in the client device.
Step 202: generating a key according to the login password of the password library;
alternatively, a key derivation algorithm may be used to generate a key based on a vault login password.
Step 203: uploading the key and the first biological characteristics to a blockchain system to request the blockchain system to decrypt pre-stored encrypted second biological characteristics of a legal user based on the key, comparing the first biological characteristics with the second biological characteristics, and determining whether the target object is a legal user;
in step 203, the client device may submit an unlocking request of the biometric lock to the blockchain system, where the unlocking request carries the key and the first biometric feature, and the unlocking request of the biometric lock is used to request the blockchain system to unlock the biometric lock of the password library.
Step 204: and receiving the password library file from the password library server side under the condition that the target object is a legal user.
Following the above example, the legitimate user a uploads the password library file B to the password library server in advance, and then the user a uploads the encrypted biometric features of the user a to the blockchain system through the client. When a user A accesses a password library file B subsequently, a password library login password is input on client equipment, the biological characteristics of the user A are input, a password library access request is generated, a key is generated according to the password library login password, the key and the biological characteristics of the user A are uploaded to a block chain system, the block chain system is requested to authenticate the identity of the user A, after the user A is determined to be a legal user through the authentication of the block chain system, the block chain system can send a message that unlocking of a biological characteristic lock corresponding to the password library file B is successful to a password library server, and after the password library server receives the message, the password library file B can be returned to the client equipment.
According to the password bank control method of one or more embodiments of the invention, when a target object accesses a password bank file by inputting a password bank login password and a first biological characteristic of the target object, a key is generated according to the password bank login password, the key and the first biological characteristic are uploaded to a block chain system together to request the block chain system to perform identity authentication on the target object, after the target object passes the identity authentication, a password bank file from a password bank server can be received, the password bank of a user is subjected to security protection through the password bank login password, the key and a biological characteristic lock, and the security of the password bank is improved.
In one or more embodiments of the present invention, before acquiring the cryptographic library access request, the cryptographic library management and control method may further include:
acquiring the login password of the password library and the second biological characteristic; wherein the cryptographic library login key is input by a legitimate user and the second biometric is, for example, a biometric of the legitimate user that may be captured by the client device.
Generating the key based on the password bank login password; accordingly, in the present embodiment, a key may also be generated based on the key library entry password using a key derivation algorithm, so that the key generated in the present embodiment is consistent with the key generated in step 203 described above.
Encrypting the second biological characteristic based on the secret key to obtain the encrypted second biological characteristic;
uploading the encrypted second biometric to the blockchain system.
And the encrypted second biological characteristics of the legal user are stored on the blockchain system, so that the encrypted second biological characteristics are tamper-proof, traceable and loss-proof. In order to enable the blockchain system to effectively distinguish the identities of different legal users, when the encrypted second biological characteristics are uploaded to the blockchain system, a user identifier capable of uniquely identifying the current legal user can be used for identifying the encrypted second biological characteristics, the client device can upload the user identifier and the encrypted second biological characteristics to the blockchain system together, and after receiving the user identifier and the encrypted second biological characteristics, the blockchain system can correspondingly store the user identifier and the encrypted second biological characteristics. Correspondingly, the unlocking request can also comprise a user identifier for uniquely identifying a target object to be accessed to the password library, and based on the user identifier, the block chain system can search the stored encrypted second biological characteristics corresponding to the user identifier consistent with the user identifier after acquiring the unlocking request, further decrypt the second biological characteristics, compare the decrypted second biological characteristics with the first biological characteristics, and perform identity authentication on the target user.
In one or more embodiments of the invention, generating the key based on the vault login password comprises:
and generating a derived key according to the key derivation algorithm and the password of the password library login. For example, may be a derivative key generated based on the cryptographic library entry password using the key derivation algorithm of PBKDF 2. The block chain system generates the key by using the key derivation algorithm based on the login password of the password library, so that the key can be prevented from being transmitted back and forth between the client device and the block chain system, the security of the key is improved, meanwhile, the derived key is used, a user does not need to maintain the key additionally, and the use convenience of the user is improved.
In order to facilitate understanding of the embodiments of the present invention, the following describes an example of a creation process of a biometric lock and an unlocking process of the biometric lock in a password library management and control process with reference to fig. 3 and 4, respectively.
As shown in fig. 3, the creation process of the biometric lock may include:
step 301: the client side uploads a database file (also called as a password library file for short) to a password library server side;
step 302: the password library server receives a password library data file from the client;
step 303: the client acquires the biological characteristics of the user;
step 304: the client acquires a main password (which is an example of the password library login password) input by a user, and generates an encryption key (which is an example of the key) by using a key derivation algorithm based on the main password;
step 305: the client encrypts the biological characteristics of the user by using the encryption key;
step 306: the client calls an uploading interface to upload the encrypted biological characteristics to a blockchain service platform (which is an example of the blockchain system);
step 307: the block chain service platform receives the encrypted biological characteristics;
step 308: each node in the block chain service platform achieves common identification and chain connection on the chain connection data;
step 309: generating a block chain based biometric lock;
step 310: the code library server locks the code library data file based on the biometric lock.
As shown in fig. 4, the unlocking process of the biometric lock may include:
step 401: the client acquires the biological characteristics of the user;
step 402: a client acquires a main password input by a user, and generates a derived key based on the main password by using a key derivation algorithm;
step 403: the client sends a biological characteristic lock unlocking request to the block chain;
step 404: the block chain receives a biological characteristic lock unlocking request from the client and calls a block chain interface to unlock;
step 405: the blockchain decrypts the biometric lock using the derived key to obtain the original biometric T1 (which is an example of the second biometric of the legitimate user);
step 406: the blockchain compares the T1 with a biological characteristic T2 (which is an example of the first biological characteristic of the target object) provided by the user, and if the T1 and the biological characteristic T2 are consistent with each other, the biometric authentication is confirmed to be passed, the biometric lock is successfully unlocked, and a message that the biometric lock is successfully unlocked is sent to the password library server;
step 407: and after the password library server side obtains the message that the unlocking of the biometric lock is successful, the password library server side returns a password library data file to the client side.
Fig. 5 is a schematic structural diagram illustrating an apparatus for managing a cryptographic library, which is applied to a blockchain according to one or more embodiments of the present invention, and as shown in fig. 5, the apparatus 50 includes:
a first obtaining module 51, configured to obtain an unlocking request from a client, where the unlocking request is used to request the blockchain to unlock a biometric lock of a cryptographic library, and the unlocking request includes a key and first biometric information of a target object;
a decryption module 52 configured to decrypt pre-stored encrypted second biometric information of a legitimate user based on the key;
a comparison module 53 configured to compare the second biometric information with the first biometric information of the target object, and determine whether the target object is a legal user;
a determining module 54 configured to determine that the biometric lock of the client is successfully unlocked in response to the target object being a valid user, and notify the cryptographic library server to provide the cryptographic library file corresponding to the target object to the client.
In one or more embodiments of the present invention, the cryptographic library managing and controlling apparatus 50 may further include:
a second obtaining module configured to obtain the encrypted second biometric information from the client before obtaining an unlocking request of a biometric lock from the client;
a storage module configured to link the encrypted second biometric information;
a first generation module configured to generate the biometric lock for the cryptographic library file stored in the cryptographic library server based on the encrypted second biometric information.
In one or more embodiments of the invention, the key is a derivative key generated based on the vault login password according to a key derivation algorithm.
Fig. 6 is a schematic structural diagram illustrating an apparatus for managing a cryptographic library, which is applied to a client device according to one or more embodiments of the present invention, and as shown in fig. 6, the apparatus 60 includes:
a third obtaining module 61, configured to obtain a cryptographic library access request, where the cryptographic library access request includes: a first biological characteristic of the target object and a password library login password;
a second generation module 62 configured to generate a key from the vault login password;
a first uploading module 63 configured to upload the key and the first biometric information to a blockchain system, so as to request the blockchain system to decrypt, based on the key, second biometric information of a pre-stored encrypted legitimate user, compare the first biometric information with the second biometric information, and determine whether the target object is a legitimate user;
and the receiving module 64 is configured to receive the password library file from the password library server side in the case that the target object is a legal user.
In one or more embodiments of the present invention, the cryptographic library managing and controlling apparatus may further include:
a fourth obtaining module configured to obtain the password bank login password and the second biometric information before obtaining a password bank access request;
a third generation module configured to generate the key based on the passbank login password;
an encryption module configured to encrypt the second biometric information based on the secret key to obtain encrypted second biometric information;
a second upload module configured to upload the encrypted second biometric information to the blockchain system.
In one or more embodiments of the invention, the third generation module is specifically configured to: and generating a derived key according to the key derivation algorithm and the password of the password library login.
As shown in fig. 7, one or more embodiments of the present invention also provide an electronic device, including: the device comprises a shell 71, a processor 72, a memory 73, a circuit board 74 and a power circuit 75, wherein the circuit board 74 is arranged inside a space enclosed by the shell 71, and the processor 72 and the memory 73 are arranged on the circuit board 74; a power supply circuit 75 for supplying power to each circuit or device of the electronic apparatus; the memory 73 is used to store executable program code; the processor 72 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 73, for executing any one of the above-described cryptographic library management and control methods.
One or more embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute any one of the above-described cryptographic library management methods.
According to the method, the device, the storage medium and the electronic equipment for managing and controlling the password library, an unlocking request for requesting a block chain system to unlock a biometric lock of the password library from a client is obtained, second biometric information of a legal user is obtained based on decryption of a key in the unlocking request, whether a target object is a legal user is determined through comparison of consistency of the second biometric information and first biometric information in the unlocking request, if the target object is a legal user, unlocking success of the biometric lock of the password library is determined, and a password library server is notified to provide a password library file corresponding to the target object to the client. The password library of the user is subjected to security protection through the login password of the password library, the key and the biological characteristic lock, so that the security of the password library is improved. The block chain system generates the biological characteristic lock for the password library file based on the encrypted second biological characteristic of the legal user, can lock the password library through the biological characteristic of the legal user and the login password of the password library, and further improves the safety of the password library. The derived key generated based on the password library login password according to the key derivation algorithm can avoid the key from being transmitted back and forth between the client device and the block chain system, so that the security of the key is improved, and meanwhile, the derived key is used, so that a user does not need to maintain the key additionally, and the convenience of the user is improved. After the password library file is uploaded to the blockchain system, the encrypted biological characteristics of the legal user are stored in the blockchain, so that the biological characteristics of the legal user have the capabilities of preventing falsification, loss and traceability.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A method for managing and controlling a password library is applied to a block chain system, and comprises the following steps:
the method comprises the steps of obtaining an unlocking request from a client, wherein the unlocking request is used for requesting the block chain system to unlock a biological feature lock of a password library, and the unlocking request comprises a secret key and first biological feature information of a target object;
decrypting a second biometric information of a pre-stored encrypted legitimate user based on the key;
comparing the second biological characteristic information with the first biological characteristic information of the target object to determine whether the target object is a legal user;
and in response to the target object being a legal user, determining that the biometric lock of the client is successfully unlocked, and informing a password library server to provide a password library file corresponding to the target object to the client.
2. The method of claim 1, wherein prior to obtaining the request to unlock the biometric lock from the client, the method further comprises:
acquiring the encrypted second biological characteristic information from the client;
chaining the encrypted second biometric information;
and generating the biometric lock for the password bank file stored in the password bank server based on the encrypted second biometric information.
3. The method according to claim 1 or 2, wherein the key is a derived key generated based on the vault login password according to a key derivation algorithm.
4. A password library management and control method is applied to client equipment and is characterized by comprising the following steps:
acquiring a password library access request, wherein the password library access request comprises: a first biological characteristic of the target object and a password library login password;
generating a key according to the login password of the password library;
uploading the key and the first biometric information to a blockchain system to request the blockchain system to decrypt prestored second biometric information of a legal user based on the key, comparing the first biometric information with the second biometric information, and determining whether the target object is a legal user;
and receiving the password library file from the password library server side under the condition that the target object is a legal user.
5. The method of claim 4, wherein prior to obtaining the cryptographic library access request, the method further comprises:
acquiring the login password of the password library and the second biological characteristic information;
generating the key based on the password bank login password;
encrypting the second biological characteristic information based on the secret key to obtain encrypted second biological characteristic information;
and uploading the encrypted second biological characteristic information to the blockchain system.
6. The method of claim 5, wherein generating the key based on the codebase entry password comprises:
and generating a derived key according to the key derivation algorithm and the password of the password library login.
7. The utility model provides a password storehouse management and control device, is applied to block chain system which characterized in that includes:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is configured to acquire an unlocking request from a client, the unlocking request is used for requesting the blockchain system to unlock a biometric lock of a password library, and the unlocking request comprises a secret key and first biometric information of a target object;
a decryption module configured to decrypt pre-stored encrypted second biometric information of a legitimate user based on the key;
a comparison module configured to compare the second biometric information with the first biometric information of the target object and determine whether the target object is a legal user;
a determining module configured to determine that the biometric lock of the client is successfully unlocked in response to the target object being a valid user, and notify a cryptographic library server to provide a cryptographic library file corresponding to the target object to the client.
8. The utility model provides a password storehouse management and control device, is applied to customer premise equipment, its characterized in that includes:
a third obtaining module, configured to obtain a cryptographic library access request, where the cryptographic library access request includes: a first biological characteristic of the target object and a password library login password;
a second generation module configured to generate a key according to the password bank login password;
a first uploading module configured to upload the key and the first biometric information to a blockchain system to request the blockchain system to decrypt pre-stored encrypted second biometric information of a legitimate user based on the key, compare the first biometric information with the second biometric information, and determine whether the target object is a legitimate user;
and the receiving module is configured to receive the password library file from the password library server side under the condition that the target object is a legal user.
9. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the cryptographic library management and control method of any one of claims 1 to 6.
10. A non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the cryptographic library management method of any one of claims 1 to 6.
CN202111056759.8A 2021-09-09 2021-09-09 Method and device for managing and controlling password library, storage medium and electronic equipment Pending CN113792272A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111056759.8A CN113792272A (en) 2021-09-09 2021-09-09 Method and device for managing and controlling password library, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111056759.8A CN113792272A (en) 2021-09-09 2021-09-09 Method and device for managing and controlling password library, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN113792272A true CN113792272A (en) 2021-12-14

Family

ID=78879793

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111056759.8A Pending CN113792272A (en) 2021-09-09 2021-09-09 Method and device for managing and controlling password library, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113792272A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826614A (en) * 2022-04-22 2022-07-29 安天科技集团股份有限公司 Certifiable password library file distributed storage method and device and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389493A (en) * 2015-10-28 2016-03-09 广东欧珀移动通信有限公司 Password management method and password management system
CN106845177A (en) * 2016-12-26 2017-06-13 广州市申迪计算机系统有限公司 Cipher management method and system
US20190036696A1 (en) * 2017-07-27 2019-01-31 International Business Machines Corporation Password management and verification with a blockchain
CN110691085A (en) * 2019-09-21 2020-01-14 RealMe重庆移动通信有限公司 Login method, login device, password management system and computer readable medium
US20200028679A1 (en) * 2018-07-17 2020-01-23 Visa International Service Association Public-private key pair protected password manager
CN111600882A (en) * 2020-05-15 2020-08-28 杭州溪塔科技有限公司 Block chain-based account password management method and device and electronic equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105389493A (en) * 2015-10-28 2016-03-09 广东欧珀移动通信有限公司 Password management method and password management system
CN106845177A (en) * 2016-12-26 2017-06-13 广州市申迪计算机系统有限公司 Cipher management method and system
US20190036696A1 (en) * 2017-07-27 2019-01-31 International Business Machines Corporation Password management and verification with a blockchain
US20200028679A1 (en) * 2018-07-17 2020-01-23 Visa International Service Association Public-private key pair protected password manager
CN110691085A (en) * 2019-09-21 2020-01-14 RealMe重庆移动通信有限公司 Login method, login device, password management system and computer readable medium
CN111600882A (en) * 2020-05-15 2020-08-28 杭州溪塔科技有限公司 Block chain-based account password management method and device and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826614A (en) * 2022-04-22 2022-07-29 安天科技集团股份有限公司 Certifiable password library file distributed storage method and device and electronic equipment
CN114826614B (en) * 2022-04-22 2024-02-23 安天科技集团股份有限公司 Distributed storage method and device for authenticatable password library file and electronic equipment

Similar Documents

Publication Publication Date Title
US10680808B2 (en) 1:N biometric authentication, encryption, signature system
US10868815B2 (en) Leveraging flexible distributed tokens in an access control system
CN110334503B (en) Method for unlocking one device by using the other device
CN109361669B (en) Identity authentication method, device and equipment of communication equipment
CN108965222B (en) Identity authentication method, system and computer readable storage medium
CN110706379B (en) Access control method and device based on block chain
US10454913B2 (en) Device authentication agent
US11194895B2 (en) Method and apparatus for authenticating biometric information
JP5710439B2 (en) Template delivery type cancelable biometric authentication system and method
JPWO2007094165A1 (en) Identification system and program, and identification method
CN110784441A (en) Authentication method for client through network
US20220114245A1 (en) Method and system for performing user authentication
CN110300971B (en) Method, network node, client device and storage medium for biometric-based authentication
JP6900643B2 (en) Electronic lock system
CN111222167A (en) Private data access method based on block chain and explicit authorization mechanism
JP2011012511A (en) Electric lock control system
JPH11212922A (en) Password management and recovery system
CN112039665A (en) Key management method and device
CN110598469B (en) Information processing method, device and computer storage medium
CN113792272A (en) Method and device for managing and controlling password library, storage medium and electronic equipment
JP6151627B2 (en) Biometric authentication system, biometric authentication method, and computer program
KR20220075723A (en) Personal authentication method and system using decentralized identifiers
CN115834077B (en) Control method, control system, electronic device and storage medium
JP2004013560A (en) Authentication system, communication terminal, and server
KR101996317B1 (en) Block chain based user authentication system using authentication variable and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination