CN114239000A - Password processing method, device, computer equipment and storage medium - Google Patents
Password processing method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114239000A CN114239000A CN202111335270.4A CN202111335270A CN114239000A CN 114239000 A CN114239000 A CN 114239000A CN 202111335270 A CN202111335270 A CN 202111335270A CN 114239000 A CN114239000 A CN 114239000A
- Authority
- CN
- China
- Prior art keywords
- password
- user
- ciphertext
- passwords
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The application relates to a password processing method, a password processing device, computer equipment and a storage medium. The method comprises the following steps: acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server; generating a secret key of a user according to authorized user information carried in the authorization request; carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password; and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database. By adopting the method, the safety of password processing can be improved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for processing a password, a computer device, and a storage medium.
Background
When a user accesses the server, login authentication is usually required, and the server can determine whether to respond to the access requirement of the user by verifying an account password input by the user.
In the traditional method, a server stores a plaintext password input by a user when the user performs authorized registration, and calls the plaintext password input by the user from a database to verify an account password of the user.
However, once the user password stored in the database is obtained illegally, a safety hazard is caused.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a cryptographic processing method, an apparatus, a computer device, and a storage medium capable of improving cryptographic security.
A cryptographic processing method, said method comprising:
acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
generating a secret key of a user according to authorized user information carried in the authorization request;
carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database.
In one embodiment, the storing the plurality of ciphertext passwords corresponding to the authorized user information in the password database includes:
and storing the plurality of ciphertext passwords into a password database according to a preset sequence.
In one embodiment, the method further includes:
acquiring a service request of a user and a password to be verified input by the user under the service request; the service request is used for requesting service access to the server;
acquiring a plurality of target ciphertext passwords matched with the access user information in a password database according to the access user information carried in the service request;
verifying the password to be verified according to the target ciphertext passwords;
and if the verification is passed, responding to the service request.
In one embodiment, the verifying the password to be verified according to the plurality of target ciphertext passwords includes:
obtaining a key corresponding to the access user information according to the access user information;
decrypting the plurality of target ciphertext passwords by using the key to obtain a segmented password corresponding to each target ciphertext password;
sequencing the segmented passwords by adopting a preset sequence to obtain a target user password;
and if the password to be verified is the same as the target user password, determining that the password to be verified passes the verification.
In one embodiment, the responding to the service request includes:
determining a service type corresponding to the service request;
sending the service request to a terminal processor corresponding to the service type; the service types corresponding to different terminal processors are different.
In one embodiment, after the storing the plurality of ciphertext passwords into the password database according to the preset sequence, the method further includes:
generating a prepared account corresponding to the authorized user information;
and storing a plurality of ciphertext passwords as the ciphertext passwords corresponding to the prepared account of the user in a password database.
In one embodiment, the method further includes:
acquiring a password modification request of a user and an update password input under the password modification request;
carrying out sectional encryption on the updated password according to the secret key to obtain the updated password of the user;
modifying a user password corresponding to a prepared account number of a user in a password database into an updated password;
and after the user finishes the current service request, updating the ciphertext password corresponding to the authorized user information in the password database into an updated password.
A cryptographic processing apparatus, said apparatus comprising:
the acquisition module is used for acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
the generation module is used for generating a secret key of the user according to the authorized user information carried in the authorization request;
the encryption module is used for encrypting the user password in a segmented manner according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and the storage module is used for storing a plurality of ciphertext passwords corresponding to the authorized user information into the password database.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
generating a secret key of a user according to authorized user information carried in the authorization request;
carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
generating a secret key of a user according to authorized user information carried in the authorization request;
carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database.
According to the password processing method, the password processing device, the computer equipment and the storage medium, the server acquires the authorization request of the user and the user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server; generating a secret key of a user according to authorized user information carried in the authorization request; carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password; and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database. Because the server adopts the secret key of the user to encrypt and store the user password in the subsection way, an illegal user cannot directly obtain the plaintext password; furthermore, as the ciphertext password is stored in a segmented manner, an illegal user cannot easily obtain a complete password segment, the possibility that the user password is illegally obtained is further reduced, and the security of the user password is improved.
Drawings
FIG. 1 is a flow diagram illustrating a cryptographic processing method in one embodiment;
FIG. 2 is a flowchart illustrating a cryptographic processing method according to another embodiment;
FIG. 3 is a flowchart illustrating a cryptographic processing method according to another embodiment;
FIG. 4 is a flowchart illustrating a cryptographic processing method according to another embodiment;
FIG. 5 is a block diagram of a cryptographic processing apparatus in one embodiment;
FIG. 6 is a block diagram showing the construction of a cryptographic processing apparatus according to another embodiment;
FIG. 7 is a block diagram showing the construction of a cryptographic processing apparatus according to another embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The password processing method can be applied to a server. The server may obtain a user password set by the user and store the user password in the password database. The server may be implemented by a stand-alone server or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 1, a cryptographic processing method is provided, which is described by taking an example of the method applied to a server, and includes:
s101, acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is for requesting access to a server.
Wherein, the authorization request is used for requesting the access right of the server. For example, the access right may be a right of a user to log in an application system, or may be a login right such as a database level and an operating system level. The user may send an authorization request to the server through the terminal device, where the authorization request may include account information of the user, information of the terminal device used by the user, authentication information of the user, and the like. After the user sends an authorization request to the server through the terminal device, the server can extract the identity information of the user from the authorization request, verify the identity information of the user and confirm whether to authorize the access right of the user.
After the identity information of the user passes the verification, the server may send a password setting instruction to the terminal device, where the password setting instruction may instruct the user to set a user password for accessing in the server. Further, the server may obtain the user password, process the user password, and store the processed user password in the password database.
S102, generating a secret key of the user according to the authorized user information carried in the authorization request.
To encrypt the user password, the server may generate a key specific to the user, which is used to encrypt the user password. The server may extract the authorized user information in the authorization request, where the authorized user information may be a user account, an IP address of the user, an authorization number of the authorization request sent by the user, and the specific type of the authorized user information is not limited herein. In addition, the authorized user information may also be a combination of multiple types of information, for example, the authorized user information includes a user account and a device type of a terminal device used by the user.
Further, the server may input the authorized user information into a preset algorithm, and output the key of the user through the preset algorithm. The predetermined algorithm may be any type of key generation algorithm.
S103, carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password.
On the basis of the above steps, the server may encrypt the user password with the user's key. Firstly, the server can perform segmentation processing on the user password, and the lengths of the password segments obtained by the segmentation processing can be the same or different. After the server performs the segmentation processing, each password segment can be identified by using information such as a user account and the like.
The server can encrypt each password segment by adopting a user key, and the keys corresponding to different password segments can be the same or different. For example, the server may generate a plurality of keys for the user, and encrypt different cipher segments using the plurality of keys to obtain a plurality of ciphertext ciphers.
And S104, storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database.
Further, the server may store a plurality of ciphertext passwords for the user in a password database. The password database may be disposed in a server, or may be an external database connected to the server, which is not limited herein. The password database may include ciphertext passwords corresponding to a plurality of user accounts.
When the server stores the plurality of ciphertext passwords, the plurality of ciphertext passwords can be stored according to a random sequence; optionally, the plurality of ciphertext passwords may be stored in the password database according to a preset sequence.
Optionally, the server may also perform backup storage on the plurality of ciphertext passwords, for example, backup storage in another storage device.
Optionally, the server may generate a prepared account corresponding to the authorized user information; and then, storing a plurality of ciphertext passwords as ciphertext passwords corresponding to the prepared account of the user in a password database.
According to the password processing method, the server acquires an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server; generating a secret key of a user according to authorized user information carried in the authorization request; carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password; and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database. Because the server adopts the secret key of the user to encrypt and store the user password in the subsection way, an illegal user cannot directly obtain the plaintext password; furthermore, as the ciphertext password is stored in a segmented manner, an illegal user cannot easily obtain a complete password segment, the possibility that the user password is illegally obtained is further reduced, and the security of the user password is improved.
Fig. 2 is a schematic flow chart of a password processing method in another embodiment, which relates to a process in which a server responds to a service request of a user based on a user password, and based on the above embodiment, as shown in fig. 2, the method further includes:
s201, acquiring a service request of a user and a password to be verified input by the user under the service request; the service request is for requesting service access to the server.
After obtaining the access authorization of the server, the user can perform service access to the server. The user may send a service request to the server through the terminal device, where the service request may be to refer to a browser, log in an application program associated with the server, pay online, and the like, and an application scenario of the service request is not limited herein. The server may extract access user information in the service request, where the access user information may include a user account, identity information of the user, or information of a terminal device used by the user, and a type of the access user information is not limited herein. The server can verify the access service information, and after the user is determined to have the access authority, a password input instruction is sent to the terminal device, wherein the password input instruction can indicate the user to input a password to be verified. Further, the server may obtain the password to be authenticated to authenticate the password to be authenticated.
S202, according to the access user information carried in the service request, a plurality of target ciphertext passwords matched with the access user information are obtained in the password database.
When the password to be verified is verified, the server may first retrieve the user password set by the user from the password database. The server can obtain a plurality of target ciphertext passwords matched with the user account in the access user information in the password database according to the access user information. For example, the server may determine that the identification information is a ciphertext password of the user account as a target ciphertext password.
And S203, verifying the password to be verified according to the target ciphertext passwords.
On the basis of obtaining a plurality of target ciphertext passwords, the server can verify the password to be verified according to the target ciphertext passwords so as to determine whether the password to be verified input by the user is correct. Specifically, the server may encrypt the password to be verified in segments by using the key of the user, compare the encrypted data with the target ciphertext password, and determine whether the password to be verified is correct; or, the server may also decrypt the multiple target ciphertext passwords to obtain a user password of a plaintext set by the user, and then compare the user password with the password to be verified to determine whether the password to be verified is correct.
And S204, if the verification is passed, responding to the service request.
And if the password to be verified is correct, determining that the password to be verified passes the verification. Further, the server can respond to the service request to meet the service requirement of the user. The server can directly process the service of the user and can also process the service through other servers connected with the server. Optionally, the server includes a plurality of terminal processors, and the service types corresponding to different terminal processors are different; the server can determine the service type corresponding to the service request; then, the service request is sent to a terminal processor corresponding to the service type; the service types corresponding to different terminal processors are different. And if the password to be verified is correct, refusing to respond to the service request, and returning a password error prompt to the user.
According to the password processing method, the server obtains the target ciphertext passwords matched with the access user information from the password database, and then verifies the password to be verified according to the target ciphertext passwords, so that the service request can be responded more accurately.
Fig. 3 is a schematic flowchart of a password processing method in another embodiment, where this embodiment relates to a process in which a server verifies a password to be verified according to a plurality of target ciphertext passwords, and on the basis of the foregoing embodiment, as shown in fig. 3, S203 includes:
s301, obtaining a key corresponding to the access user information according to the access user information.
The server can extract the information used for generating the secret key from the access user information, and then the secret key of the user is regenerated according to a preset algorithm; or, the server may extract the user account from the access information, and search for the key corresponding to the user account in a pre-stored key table; the manner of obtaining the corresponding key is not limited herein.
For example, when the server generates the key, the key may be retained for later use. To protect the key from undesired access (e.g., by malicious actors), the key may be protected by an authorized value. In some cases, the authorized value may be a user account or a key password set by the user. The server may store the authorization value in a fixed location that is responsible for generating or accessing the key. When the authorized value is accessed, the authorized value may be erased from the fixed location to prevent subsequent access by a malicious entity.
S302, decrypting the target ciphertext passwords by adopting the key to obtain the segmented passwords corresponding to the target ciphertext passwords.
S303, sequencing the segmented passwords by adopting a preset sequence to obtain the target user password.
S304, if the password to be verified is the same as the password of the target user, determining that the password to be verified passes verification.
The server can decrypt the target ciphertext passwords by adopting the secret keys respectively to obtain the segmented passwords corresponding to the target ciphertext passwords. And then sequencing the segmented passwords by adopting a preset sequence, and restoring to obtain the target user password. And if the password to be verified is the same as the target user password, determining that the password to be verified passes the verification. And if the password to be verified is different from the target user password, determining that the password to be verified is not verified.
According to the password processing method, the server needs to decrypt and sort the target ciphertext passwords corresponding to the access user information, and then completes the verification of the password to be verified, so that the password verification process is more reliable, and the reliability of password management is improved.
Fig. 4 is a schematic flowchart of a password processing method in another embodiment, which relates to a process of processing a password modification request by a server, and based on the foregoing embodiment, as shown in fig. 4, the method further includes:
s401, a password modification request of a user and an updated password input under the password modification request are obtained.
In the process of accessing the server, a user may forget a password, or the password needs to be modified after the user account is illegally logged in; in the above scenario, the user may send a password modification request to the server. Optionally, the server may further obtain status information of the user, and send prompt information for modifying the password to the user when the status information is abnormal, so that the user may send a password modification request under the prompt information. When the server receives the password modification request, a password modification instruction may be sent to the user instructing the user to set a new update password.
S402, carrying out sectional encryption on the updated cipher according to the secret key to obtain the updated cipher text of the user.
After the server obtains the update password, the update password can be encrypted in a segmented manner by adopting the above manner of encrypting the user password in a segmented manner, so as to obtain the update password of the user.
And S403, modifying the ciphertext password corresponding to the user' S prepared account number in the password database into an updated ciphertext password.
When the server is processing the service request of the user, the server can call the prepared account number of the user, and the ciphertext password corresponding to the prepared account number of the user in the password database is modified into the updated ciphertext password.
S404, after the user finishes the current service request, the ciphertext password corresponding to the authorized user information in the password database is updated to be the updated ciphertext password.
After the server completes the response to the service request of the user, the server can update the ciphertext password corresponding to the authorized user information in the password database into an updated ciphertext password, so that the primary account of the user is consistent with the password of the reserved account.
According to the password processing method, the server manages the user password by setting the primary account and the reserved account number, so that the password management security can be improved; when the server is processing the service request of the user, the password modification can be completed through the prepared account without disconnecting the service request, so that the service of the user is not changed by the terminal, and the continuity of the service access of the user is improved.
In one embodiment, the server may be further configured to generate a temporary password. For a user to use a password lock, a fingerprint lock and other scenes, a temporary password is usually required to be set. The server may have an MD5 encryption algorithm installed to generate a nonreversible hash. After the user sends a temporary password generation request in the application program, the server may generate a temporary password, and then operate on the temporary password through the MD5 encryption algorithm to obtain a hash value corresponding to the temporary password. The user may enter the temporary code into a device such as a combination lock or send the temporary code to other users. After the user enters the temporary password on the device, the server may obtain the temporary password and then authenticate the temporary password. The server may input the password input by the user into the MD5 encryption algorithm, and if the hash value corresponding to the password input by the user is the same as the hash value corresponding to the temporary password, the password is verified. And if the hash values are different, the temporary password is invalid.
According to the password processing method, the temporary password is verified by the MD5 encryption algorithm, and the use safety of the password is improved.
It should be understood that although the various steps in the flow charts of fig. 1-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 1-4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 5, there is provided a cryptographic processing apparatus including:
the obtaining module 10 is configured to obtain an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
a generating module 20, configured to generate a secret key of a user according to authorized user information carried in the authorization request;
the encryption module 30 is configured to encrypt the user password in segments according to the key to obtain a plurality of ciphertext passwords corresponding to the user password;
and the storage module 40 is configured to store a plurality of ciphertext passwords corresponding to the authorized user information in a password database.
In an embodiment, on the basis of the above embodiment, the storage module 40 is specifically configured to: and storing the plurality of ciphertext passwords into a password database according to a preset sequence.
In an embodiment, on the basis of the above embodiment, as shown in fig. 6, the above apparatus further includes a response module 50 for: acquiring a service request of a user and a password to be verified input by the user under the service request; the service request is used for requesting service access to the server; acquiring a plurality of target ciphertext passwords matched with the access user information in a password database according to the access user information carried in the service request; verifying the password to be verified according to the target ciphertext passwords; and if the verification is passed, responding to the service request.
In an embodiment, on the basis of the above embodiment, the response module 50 is specifically configured to: obtaining a key corresponding to the access user information according to the access user information; decrypting the plurality of target ciphertext passwords by using the key to obtain a segmented password corresponding to each target ciphertext password; sequencing the segmented passwords by adopting a preset sequence to obtain a target user password; and if the password to be verified is the same as the target user password, determining that the password to be verified passes the verification.
In an embodiment, on the basis of the above embodiment, the response module 50 is specifically configured to: determining a service type corresponding to the service request; sending the service request to a terminal processor corresponding to the service type; the service types corresponding to different terminal processors are different.
In an embodiment, on the basis of the above embodiment, the above storage module 40 is further configured to: generating a prepared account corresponding to the authorized user information; and storing a plurality of ciphertext passwords as the ciphertext passwords corresponding to the prepared account of the user in a password database.
In an embodiment, on the basis of the above embodiment, as shown in fig. 7, the above apparatus further includes a modification module 60 for: acquiring a password modification request of a user and an update password input under the password modification request; carrying out sectional encryption on the updated cipher according to the secret key to obtain an updated ciphertext cipher of the user; modifying a ciphertext password corresponding to a prepared account number of a user in a password database into an updated ciphertext password; and after the user finishes the current service request, updating the ciphertext password corresponding to the authorized user information in the password database into an updated ciphertext password.
The password processing apparatus provided above can execute the embodiment of the password processing method, and the implementation principle and technical effect are similar, which are not described herein again.
For the specific limitations of the cryptographic processing apparatus, reference may be made to the above limitations of the cryptographic processing method, which are not described herein again. The respective modules in the above-described cryptographic processing apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store cryptographic processing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a cryptographic processing method.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
generating a secret key of a user according to authorized user information carried in the authorization request;
carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and storing the plurality of ciphertext passwords into a password database according to a preset sequence.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring a service request of a user and a password to be verified input by the user under the service request; the service request is used for requesting service access to the server; acquiring a plurality of target ciphertext passwords matched with the access user information in a password database according to the access user information carried in the service request; verifying the password to be verified according to the target ciphertext passwords; and if the verification is passed, responding to the service request.
In one embodiment, the processor, when executing the computer program, further performs the steps of: obtaining a key corresponding to the access user information according to the access user information; decrypting the plurality of target ciphertext passwords by using the key to obtain a segmented password corresponding to each target ciphertext password; sequencing the segmented passwords by adopting a preset sequence to obtain a target user password; and if the password to be verified is the same as the target user password, determining that the password to be verified passes the verification.
In one embodiment, the processor, when executing the computer program, further performs the steps of: determining a service type corresponding to the service request; sending the service request to a terminal processor corresponding to the service type; the service types corresponding to different terminal processors are different.
In one embodiment, the processor, when executing the computer program, further performs the steps of: generating a prepared account corresponding to the authorized user information; and storing a plurality of ciphertext passwords as the ciphertext passwords corresponding to the prepared account of the user in a password database.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring a password modification request of a user and an update password input under the password modification request; carrying out sectional encryption on the updated cipher according to the secret key to obtain an updated ciphertext cipher of the user; modifying a ciphertext password corresponding to a prepared account number of a user in a password database into an updated ciphertext password; and after the user finishes the current service request, updating the ciphertext password corresponding to the authorized user information in the password database into an updated ciphertext password.
The implementation principle and technical effect of the computer device provided in this embodiment are similar to those of the method embodiments described above, and are not described herein again.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting access rights to the server;
generating a secret key of a user according to authorized user information carried in the authorization request;
carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and storing a plurality of ciphertext passwords corresponding to the authorized user information into a password database.
In one embodiment, the computer program when executed by the processor further performs the steps of: and storing the plurality of ciphertext passwords into a password database according to a preset sequence.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring a service request of a user and a password to be verified input by the user under the service request; the service request is used for requesting service access to the server; acquiring a plurality of target ciphertext passwords matched with the access user information in a password database according to the access user information carried in the service request; verifying the password to be verified according to the target ciphertext passwords; and if the verification is passed, responding to the service request.
In one embodiment, the computer program when executed by the processor further performs the steps of: obtaining a key corresponding to the access user information according to the access user information; decrypting the plurality of target ciphertext passwords by using the key to obtain a segmented password corresponding to each target ciphertext password; sequencing the segmented passwords by adopting a preset sequence to obtain a target user password; and if the password to be verified is the same as the target user password, determining that the password to be verified passes the verification.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining a service type corresponding to the service request; sending the service request to a terminal processor corresponding to the service type; the service types corresponding to different terminal processors are different.
In one embodiment, the computer program when executed by the processor further performs the steps of: generating a prepared account corresponding to the authorized user information; and storing a plurality of ciphertext passwords as the ciphertext passwords corresponding to the prepared account of the user in a password database.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring a password modification request of a user and an update password input under the password modification request; carrying out sectional encryption on the updated cipher according to the secret key to obtain an updated ciphertext cipher of the user; modifying a ciphertext password corresponding to a prepared account number of a user in a password database into an updated ciphertext password; and after the user finishes the current service request, updating the ciphertext password corresponding to the authorized user information in the password database into an updated ciphertext password.
The computer storage medium provided in this embodiment has similar implementation principles and technical effects to those of the above method embodiments, and is not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A cryptographic processing method, the method comprising:
obtaining an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting the access right of the server;
generating a secret key of the user according to the authorized user information carried in the authorization request;
carrying out sectional encryption on the user password according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and storing a plurality of cipher texts corresponding to the authorized user information into a cipher database.
2. The method of claim 1, wherein storing the plurality of ciphertext passwords corresponding to the authorized user information in a password database comprises:
and storing the plurality of ciphertext passwords into the password database according to a preset sequence.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
acquiring a service request of a user and a password to be verified input by the user under the service request; the service request is used for requesting service access to the server;
according to the access user information carried in the service request, a plurality of target ciphertext passwords matched with the access user information are obtained in the password database;
verifying the password to be verified according to the target ciphertext passwords;
and if the verification is passed, responding to the service request.
4. The method of claim 3, wherein the verifying the password to be verified according to the plurality of target ciphertext passwords comprises:
obtaining a key corresponding to the access user information according to the access user information;
decrypting the plurality of target ciphertext passwords by using the key to obtain a segmented password corresponding to each target ciphertext password;
sequencing the segmented passwords by adopting a preset sequence to obtain a target user password;
and if the password to be verified is the same as the target user password, determining that the password to be verified passes verification.
5. The method of claim 3, wherein responding to the service request comprises:
determining a service type corresponding to the service request;
sending the service request to a terminal processor corresponding to the service type; the service types corresponding to different terminal processors are different.
6. The method according to claim 1 or 2, wherein after storing the plurality of ciphertext ciphers into the cipher database according to the predetermined order, the method further comprises:
generating a prepared account corresponding to the authorized user information;
and storing the plurality of ciphertext passwords as ciphertext passwords corresponding to the prepared account of the user in the password database.
7. The method of claim 6, further comprising:
acquiring a password modification request of a user and an updated password input under the password modification request;
carrying out sectional encryption on the updated password according to the secret key to obtain an updated ciphertext password of the user;
modifying the ciphertext password corresponding to the user's prepared account in the password database into the updated ciphertext password;
and after the user finishes the current service request, updating the ciphertext password corresponding to the authorized user information in the password database into the updated ciphertext password.
8. A cryptographic processing apparatus, the apparatus comprising:
the system comprises an acquisition module, a storage module and a control module, wherein the acquisition module is used for acquiring an authorization request of a user and a user password set by the user under the authorization request; the authorization request is used for requesting the access right of the server;
the generation module is used for generating a secret key of the user according to the authorized user information carried in the authorization request;
the encryption module is used for encrypting the user password in a segmented manner according to the secret key to obtain a plurality of ciphertext passwords corresponding to the user password;
and the storage module is used for storing the plurality of ciphertext passwords corresponding to the authorized user information into a password database.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111335270.4A CN114239000A (en) | 2021-11-11 | 2021-11-11 | Password processing method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111335270.4A CN114239000A (en) | 2021-11-11 | 2021-11-11 | Password processing method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114239000A true CN114239000A (en) | 2022-03-25 |
Family
ID=80749110
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111335270.4A Pending CN114239000A (en) | 2021-11-11 | 2021-11-11 | Password processing method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114239000A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826702A (en) * | 2022-04-11 | 2022-07-29 | 中国南方电网有限责任公司 | Database access password encryption method and device and computer equipment |
-
2021
- 2021-11-11 CN CN202111335270.4A patent/CN114239000A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826702A (en) * | 2022-04-11 | 2022-07-29 | 中国南方电网有限责任公司 | Database access password encryption method and device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109684790B (en) | Software starting method, software authorization verification method, device and storage medium | |
| CN106612180B (en) | Method and device for realizing session identification synchronization | |
| CN108810894B (en) | Terminal authorization method, device, computer equipment and storage medium | |
| CN111327643B (en) | Multi-party data sharing method and device | |
| US7526654B2 (en) | Method and system for detecting a secure state of a computer system | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| US8997198B1 (en) | Techniques for securing a centralized metadata distributed filesystem | |
| US7043636B2 (en) | Data integrity mechanisms for static and dynamic data | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| US20190026456A1 (en) | Methods and Apparatus for Authentication of Joint Account Login | |
| CN111625829A (en) | Application activation method and device based on trusted execution environment | |
| CN103138939A (en) | Secret key use time management method based on credible platform module under cloud storage mode | |
| CN111031047A (en) | Device communication method, device, computer device and storage medium | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| CN114006700A (en) | Client login method and device, computer equipment and storage medium | |
| CN114239000A (en) | Password processing method, device, computer equipment and storage medium | |
| CN110971610A (en) | Control system identity verification method and device, computer equipment and storage medium | |
| CN113868628A (en) | Signature verification method and device, computer equipment and storage medium | |
| CN110287725B (en) | Equipment, authority control method thereof and computer readable storage medium | |
| CN113872986A (en) | Power distribution terminal authentication method, system, device, computer equipment and storage medium | |
| CN110602121A (en) | Network key obtaining method and device and computer readable storage medium | |
| CN111193751B (en) | Factory setting restoration method and equipment | |
| CN116318899B (en) | Data encryption and decryption processing method, system, equipment and medium | |
| CN114978771B (en) | Data security sharing method and system based on blockchain technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |