CN116089927A - Password protection method and device, electronic equipment and storage medium - Google Patents

Password protection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116089927A
CN116089927A CN202111308205.2A CN202111308205A CN116089927A CN 116089927 A CN116089927 A CN 116089927A CN 202111308205 A CN202111308205 A CN 202111308205A CN 116089927 A CN116089927 A CN 116089927A
Authority
CN
China
Prior art keywords
target
verification information
target object
key
scene
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111308205.2A
Other languages
Chinese (zh)
Inventor
梁宵
赵建明
赵欣
赵玉震
张梦
李刚
高洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN202111308205.2A priority Critical patent/CN116089927A/en
Publication of CN116089927A publication Critical patent/CN116089927A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a password protection method, device, electronic equipment and storage medium, which are used for carrying out identity verification on a target object based on a target key input by the target object, so that leakage of related information to other unrelated objects is avoided, privacy and safety of the related information of the target object are guaranteed, and further, when the target object is confirmed to pass verification, the target object can directly log in a target application scene based on related decryption and input of pre-stored target verification information, a login account number and a login password are not required to be manually input by the target object, login convenience is improved, and meanwhile, the risk of theft of verification information caused by shooting or recording and the like in the manual input process is avoided, so that the safety of the related information of the target object is further improved.

Description

Password protection method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of information security, and in particular, to a password protection method, a device, an electronic apparatus, and a storage medium.
Background
With the development of the information age, intelligent terminals are becoming increasingly popular. Under different business scenes, the target object usually needs to input different object account numbers, object passwords and other information on its own intelligent terminal so as to respectively verify the identity information of the target object, thereby obtaining corresponding business services.
However, as the business scene increases gradually, the memory burden of the target object increases gradually, in the related art, a related file storage manner is often adopted, that is, information such as an object account number and an object password of the target object in the business scene is stored in a related file, so that when the target object is in the business scene, the target object is assisted to log in, however, the following defects still exist in the manner:
1. the risk of leakage is high.
In the related art, information such as an object account number and an object password corresponding to a target object is generally stored in a related file in a unified manner, for example, if the target object is in a network page login scene, after the target object logs in on the network page for the first time, the related object account number and object password are stored in a cookie file generated by the network page in a unified manner, and in general, the cookie file is stored in an intelligent terminal of the target object for a long time, and in a practical scene, the cookie file is easy to recover and tamper, so that in the related art, the object account number and the object password of the target object have a large leakage risk.
2. The login convenience is low.
In an actual scene, even if the information such as an object account number and an object password of a target object in a part of service scene is stored in a related file, when the target object logs in the service scene, the corresponding information such as the object account number and the object password still need to be manually input, so that the service experience of the target object is affected, namely, the convenience of service login is low in the mode.
Disclosure of Invention
The embodiment of the application provides a password protection method, a password protection device, electronic equipment and a storage medium, which are used for reducing leakage risks of an object account and an object password and improving login convenience of a target object.
In a first aspect, an embodiment of the present application provides a password protection method, including:
and receiving a login request sent by the target object, wherein the login request at least comprises a scene identifier of a target application scene which the target object requests to access.
And acquiring a target key input by the target object aiming at the target application scene, and carrying out identity verification on the target object based on the target key.
When the target object passes verification, based on scene identification, corresponding encrypted target verification information is obtained from a preset verification information set, wherein the verification information set is stored in externally connected security equipment, and the target verification information is stored in the verification information set when the target object accesses a target application scene for the first time.
Decrypting the encrypted target verification information based on the target key, and inputting the decrypted target verification information in the target application scene so as to enable the target object to log in the target application scene.
In a second aspect, an embodiment of the present application provides a password protection device, including:
the communication module is used for receiving a login request sent by a target object, wherein the login request at least comprises a scene identifier of a target application scene which the target object requests to access.
And the verification module is used for acquiring a target key input by the target object aiming at the target application scene and carrying out identity verification on the target object based on the target key.
The acquisition module is used for acquiring corresponding encrypted target verification information from a preset verification information set based on a scene identifier when the target object passes verification, wherein the verification information set is stored in externally connected security equipment, and the target verification information is stored in the verification information set when the target object accesses a target application scene for the first time.
The login module is used for decrypting the encrypted target verification information based on the target key, and inputting the decrypted target verification information in the target application scene so as to enable the target object to login the target application scene.
In an alternative embodiment, before receiving the login request of the target object, the obtaining module is further configured to:
and receiving and storing the scene identification of the target application scene, and receiving and storing the target key sent by the target object and aiming at the target application scene.
When the target object is determined to be the first access target application scene, target verification information of the target object is obtained, and the target verification information is stored after being encrypted based on the target key.
And the scene identification and the target verification information are transmitted to the externally connected security device in an associated mode, so that the security device corresponds to the scene identification, and the target verification information is stored in the designated security area.
In an alternative embodiment, when the target verification information is stored after being encrypted based on the target key, the obtaining module is specifically configured to:
and encrypting and storing the target verification information by adopting a standard data encryption method DES or a triple data encryption method 3DES based on the target key.
In an alternative embodiment, the security device holds a secure public key and a secure private key that are encrypted against the target key,
the scene identifier and the target verification information are transmitted to the externally connected security device in an associated mode, so that the security device corresponds to the scene identifier, and after the target verification information is stored in the designated security area, the acquisition module is further used for:
and receiving and storing the secret public key of the secret device, and encrypting the target key based on the secret public key of the secret device.
And sending the encrypted target key to the security device so that the security device decrypts and stores the target key based on the stored security private key.
In a third aspect, embodiments of the present application further provide an electronic device, including a memory and a processor, where the memory stores a computer program executable on the processor, and when the computer program is executed by the processor, causes the processor to implement any one of the password protection methods of the first aspect.
In a fourth aspect, embodiments of the present application further provide a computer readable storage medium, where a computer program is stored, where the computer program is executed by a processor to implement the password protection method of the first aspect.
In the embodiment of the application, when a login request is received from a target object for a target application scene requested to be accessed, the target object is authenticated by acquiring the target key input by the target object for the current target application scene, so that leakage of related information to other unrelated objects is avoided, privacy and safety of related information of the target object are ensured, further, when the target object is confirmed to pass authentication, related decryption operation is performed on the pre-stored target authentication information for the target application scene, and the acquired target authentication information is correspondingly input into the target application scene, so that the target object can directly log in the target application scene without manually inputting a corresponding login account number and a corresponding login password by the target object, the login convenience is improved, the risk of theft of the authentication information caused by shooting or recording and the like in the manual input process is avoided, and the safety of related information of the target object is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a password protection system according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of verification information entry provided in an embodiment of the present application;
fig. 3 is a schematic view of a scene add page provided in an embodiment of the present application;
fig. 4 is a target key encryption flowchart provided in an embodiment of the present application;
FIG. 5 is a flowchart of a password protection method according to an embodiment of the present application;
fig. 6 is a schematic view of a scene jump page provided in an embodiment of the present application;
FIG. 7 is a flowchart of a password protection method according to an embodiment of the present application;
FIG. 8 is an exemplary diagram of a password protection method according to an embodiment of the present application;
fig. 9 is a schematic diagram of a password protection device according to an embodiment of the present application;
fig. 10 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present invention based on the embodiments herein.
In order to improve the login convenience of a target object and reduce the leakage risk of an account password of the target object, the embodiment of the application provides a password protection method, when a login request sent by the target object aiming at a target application scene requested to be accessed is received, the target object is authenticated by acquiring a target key input by the target object aiming at the current target application scene, so that the leakage of related information to other irrelevant objects is avoided, the privacy and the security of related information of the target object are ensured, further, when the target object is confirmed to pass verification, the related decryption operation is carried out on the pre-stored target verification information aiming at the target application scene, and the acquired target verification information is correspondingly input into the target application scene, so that the target object can directly log in the target application scene without manually inputting a corresponding login account and a login password by the target object, the login convenience is improved, the risk of losing the verification information caused by shooting or recording and the like in the manual input process is avoided, and the security of related information of the target object is further improved.
Referring to fig. 1, in the embodiment of the present application, a physical connection is created between a target terminal 100 and an externally connected security device 110, where:
the target terminal 100 is configured to present, to a target object, each application scenario for which access is requested; specifically, the target terminal 100 may be an electronic device with computing capability, such as a mobile phone, a tablet computer, a PC, and the like.
For example, the target terminal 100 may be a corresponding system server, such as a financial system, a banking system, or the like, where the system server may be multiple, and according to the received login request, the system server may automatically obtain target verification information corresponding to a specified target application scenario (e.g., a web page, etc.) based on a physical connection created by the security device 110, so that the target object logs in to the target application scenario quickly and conveniently.
The security device 110 is configured to store a scene identifier and corresponding verification information corresponding to each preset application scene of the target object; specifically, the security device 110 is an electronic device externally connected to the target terminal 100, a processor or a memory inside the electronic device, or the like, and optionally, the security device 110 may be further characterized as an intelligent password key (usbkey) for storing the encrypted corresponding scene identifier and verification information in the embodiment of the present application.
Further, based on the above architecture, referring to fig. 2, specifically, the target terminal 100 performs the following steps, to encrypt the related information of the target application scenario that the target object requests to access, including:
step 201: and receiving and storing the scene identification of the target application scene, and receiving and storing the target key sent by the target object and aiming at the target application scene.
Specifically, in the embodiment of the present application, it is assumed that a corresponding security service is registered in the target terminal 100, and meanwhile, the target terminal 100 monitors a connection status with the security device 110 based on a local API or the like, and when the target terminal 100 monitors that the connection status with the security device 110 is good, the target terminal 100 opens a default scene add page.
Specifically, the scene adding page is used for receiving a scene identifier of an application scene to which the target object requests to access and corresponding verification information of the application scene.
For example, referring to fig. 3, if the application scenario is characterized as a web page (HTML page) for executing an operation service of a target object, for example, an OA system page, the corresponding scenario identifier may represent a web address URL corresponding to the OA system page, and the corresponding verification information includes at least a login account number and a login password corresponding to the target object in the OA system page, as shown in table 1 below:
TABLE 1
Figure BDA0003340993520000061
Figure BDA0003340993520000071
Further, the target terminal 100 constructs a corresponding initial login request based on the scene identifier and the verification information input by the target object, so as to perform initial access to the application scene input by the target object, and if the response of the application scene to which the access is requested is wrong, the target terminal 100 determines that the input information of the target object is wrong and reopens the scene input page; if the application scenario requesting access responds normally, the target terminal 100 determines that the access is normal, and further obtains a corresponding target key.
The target key is used for representing a verification code capable of identifying the identity of the target object, for example, a personal identification number (PIN code) of a user set by the target object, and in this embodiment of the application, the set target key is: 0000.
step 202: when the target object is determined to be the first access target application scene, target verification information of the target object is obtained, and the target verification information is stored after being encrypted based on the target key.
Based on the above steps, it can be known that, when the target terminal 100 performs the first access to the target application scene based on the corresponding scene identifier and the verification information input in the scene input page of the target object and responds successfully, the target terminal encrypts the scene identifier and the corresponding target verification information of the target application scene by using the target key input by the target object based on the first access, where the target verification information at least includes: the login account number and the corresponding login password of the target object.
For example, in the embodiment of the present application, based on the target key 0000, the corresponding OA system login account and login password are encrypted, and optionally, the target authentication information is encrypted by using any one of the following encryption methods:
in the first aspect, the target verification information is stored after being encrypted by adopting a standard data encryption method DES.
For example, based on the target key 0000 input by the target object, the login account and the login password of the target object for the target application scene are encrypted by adopting a standard data encryption method (Data Encryption Standard, DES).
In the second aspect, the target verification information is stored after being encrypted by adopting a triple data encryption method 3 DES.
For example, based on the target key 0000 input by the target object, the login account and the login password of the target object for the target application scene are encrypted by adopting a triple data encryption method (Triple Data Encryption Standard, DES).
Based on the steps, the target verification information input by the target object is encrypted so as to ensure the security of the verification information related to the target object.
Step 203: and the scene identification and the target verification information are transmitted to the externally connected security device in an associated mode, so that the security device corresponds to the scene identification, and the target verification information is stored in the designated security area.
After encrypting the target verification information, in order to further ensure the security and privacy of the target object information, in this embodiment of the present application, based on the connection manner of the external device, the related verification information is sent to the security device 110 connected to the outside to store the related verification information, so that there is a spatial correlation between the login request of the target object and the related verification information, in other words, if there is a suspicious object attempting to acquire the related information of the target object, the login request cannot be directly obtained from the target terminal 100, but the security device 110 storing the corresponding encrypted verification information needs to be determined, which greatly ensures the security of the target verification information input by the target object.
In an alternative embodiment, the target terminal 100 and the security device 110 respectively hold a public key and a private key corresponding to each other, where, assuming that the target terminal 100 holds a corresponding target public key and a corresponding target private key, the security device 110 holds a corresponding secret public key and a corresponding secret private key, as shown in fig. 4, after encrypting and storing the related target verification information input by the target object based on the symmetric encryption method, the target key may be stored in the security device 110 in the following asymmetric encryption manner, which includes:
step 401: receiving and saving a secret public key of the secret device, and encrypting the target key based on the secret public key.
Specifically, based on the public key exchange manner, the security of the target key transmission is blocked by adopting an asymmetric encryption method, and in this embodiment of the present application, assuming that the target terminal 100 holds the target public key1 (n, e) and the target private key1 (n, d), the security device 110 holds the secret public key2 (n, e) and the secret private key2 (n, d), the target terminal 100 sends the held target public key1 (n, e) to the security device 110.
Further, the target terminal 100 receives and stores the secret public key2 (n, e) to realize public key exchange, and encrypts the target key input by the target object based on the secret public key2 (n, e), thereby further guaranteeing the transmission security of the target key.
Step 402: and sending the encrypted target key to the security device so that the security device decrypts and stores the target key based on the stored security private key.
Specifically, based on the physical connection between the target terminal 100 and the secure device 110, the encrypted target key is sent to the secure device 110, so that the secure device 110 obtains the corresponding target key by decryption based on the held secure private key2 (n, d), and stores the target key in a preset area of the secure device 110.
Based on the asymmetric encryption method, the corresponding target key can be encrypted and transmitted to the security equipment before the formal login request of the target object is acquired, so that the information security of the target key input by the target object is further ensured, and the privacy and security of related information are ensured when the identity of the target object is verified, thereby further reducing the leakage risk of the related information.
Referring to fig. 5, based on the above steps, after the related authentication information is stored in the related area of the security device 110 in an encrypted manner, the embodiment of the present application proposes a password protection method, which includes:
step 501: and receiving a login request sent by the target object.
Specifically, when the target terminal 100 monitors that the target terminal is connected to the security device 110, the target terminal 100 opens a default scene jump page, which is used for displaying respective scene identifiers of application scenes added by the target object, determines, through clicking, touching, and the like, a target application scene that the target object requests to access, and sends a corresponding login request including the scene identifier of the target application scene.
For example, referring to fig. 6, the scene jump page includes scene identifiers of an OA system application scene and an EHR system application scene added by a target object, and when the target object clicks a scene identifier http:// OA. Xxx.com corresponding to the OA system, a corresponding login request is obtained based on the determined scene identifier.
Step 502: and acquiring a target key input by the target object aiming at the target application scene, and carrying out identity verification on the target object based on the target key.
Further, on the one hand, the target terminal 100 dispatches and acquires the target key for the target object stored in advance in the security device 110, that is, the target key 0000 recorded in the above step 301, based on the physical connection with the security device 110, on the other hand, the target terminal 100 acquires the target key manually input by the target object, performs identity verification on the target object according to the input target key, if the input target key is identical to the stored target key at this time, it is determined that the identity verification of the target object is successful, otherwise, the target terminal 100 reacquires the corresponding target key.
Based on the mode, the identity of the target object is verified, so that the leakage of the related information of the target object to external suspicious personnel is avoided, and the privacy and the safety of the related information of the target object are improved.
Step 503: when the target object passes verification, based on the scene identification, corresponding encrypted target verification information is obtained from a preset verification information set.
Further, to enhance the rapidity of login when the target object passes the authentication, target authentication information associated with the target application scenario currently requested to be accessed is determined from the security device 110.
For example, according to the login request of the target object, the associated login account OA123 and login password 123456 are selected from the preset verification information set to be used as the target verification information associated with the current target application scenario.
Step 504: decrypting the encrypted target verification information based on the target key, and inputting the decrypted target verification information in the target application scene so as to enable the target object to log in the target application scene.
In order to ensure the security of the related verification information, a target key is adopted to encrypt the verification information associated with each application scene, then the determined target verification information is decrypted by adopting a corresponding decryption algorithm based on the target key input by the target object, so that an accurate readable login account and login password are obtained, and the decrypted login occasion and login password are automatically input in the target application scene (OA system), so that the target object can quickly and conveniently login the target application scene.
For example, referring to fig. 7, a flow chart of logging in an OA system by a target object is shown, a login request of the target object for the OA system is determined based on a click operation of the target object, and an authentication is performed on the target object based on a PIN code 123456 input by the target object, after the authentication of the target object is successful, based on a physical connection between the target terminal 100 and the security device 110, corresponding OA system authentication information is obtained, and after decryption, a corresponding OA system login account number and a login password are automatically input in a network page http:// OA.
Further, referring to fig. 8, an exemplary diagram of password protection provided in an embodiment of the present application is shown, where it can be known that, based on the password protection method provided in the embodiment of the present application, the login convenience of the relevant login scene is improved while the security of the relevant information is ensured.
Referring to fig. 9, an embodiment of the present application provides a password protection device, which includes a communication module 901, a verification module 902, an obtaining module 903, and a login module 904, wherein:
the communication module 901 is configured to receive a login request sent by a target object, where the login request at least includes a scene identifier of a target application scene that the target object requests to access.
The verification module 902 is configured to obtain a target key input by the target object for the target application scenario, and perform identity verification on the target object based on the target key.
The obtaining module 903 is configured to obtain, when it is determined that the target object passes verification, corresponding encrypted target verification information from a preset verification information set based on a scene identifier, where the verification information set is stored in a security device connected to the outside, and the target verification information is stored in the verification information set when the target object first accesses a target application scene.
The login module 904 is configured to decrypt the encrypted target verification information based on the target key, and input the decrypted target verification information in the target application scene, so that the target object logs in the target application scene.
In an alternative embodiment, before receiving the login request of the target object, the obtaining module 903 is further configured to:
and receiving and storing the scene identification of the target application scene, and receiving and storing the target key sent by the target object and aiming at the target application scene.
When the target object is determined to be the first access target application scene, target verification information of the target object is obtained, and the target verification information is stored after being encrypted based on the target key.
And the scene identification and the target verification information are transmitted to the externally connected security device in an associated mode, so that the security device corresponds to the scene identification, and the target verification information is stored in the designated security area.
In an alternative embodiment, when the target verification information is stored after being encrypted based on the target key, the obtaining module 903 is specifically configured to:
and encrypting and storing the target verification information by adopting a standard data encryption method DES or a triple data encryption method 3DES based on the target key.
In an alternative embodiment, the security device holds a secure public key and a secure private key that are encrypted against the target key,
the obtaining module 903 is further configured to, after sending the scene identifier and the target verification information to the externally connected security device in association, so that the security device corresponds to the scene identifier and stores the target verification information in the specified security area:
and receiving and storing the secret public key of the secret device, and encrypting the target key based on the secret public key of the secret device.
And sending the encrypted target key to the security device so that the security device decrypts and stores the target key based on the stored security private key.
The embodiment of the application is based on the same invention conception as the embodiment of the application, and the embodiment of the application also provides electronic equipment which can be used for password protection. In one embodiment, the electronic device may be a server, a terminal device, or other electronic device. In this embodiment, the electronic device may be configured as shown in fig. 10, including a memory 1001, a communication interface 1003, and one or more processors 1002.
Memory 1001 for storing computer programs for execution by processor 1002. The memory 1001 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, a program required for running an instant communication function, and the like; the storage data area can store various instant messaging information, operation instruction sets and the like.
The memory 1001 may be a volatile memory (RAM) such as a random-access memory (RAM); the memory 1001 may also be a nonvolatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a Hard Disk Drive (HDD) or a Solid State Drive (SSD), or the memory 1001 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 1001 may be a combination of the above.
The processor 1002 may include one or more central processing units (Central Processing Unit, CPU) or digital processing units, etc. A processor 1002 for implementing the above-described password protection method when calling a computer program stored in the memory 1001.
The communication interface 1003 is used for communication with a terminal device and other servers.
The specific connection medium between the memory 1001, the communication interface 1003, and the processor 1002 is not limited in the embodiments of the present application. In the embodiment of the present application, the memory 1001 and the processor 1002 are connected by a bus 1004 in fig. 10, where the bus 1004 is shown by a thick line in fig. 10, and the connection manner between other components is only schematically illustrated, and is not limited thereto. The bus 1004 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 10, but not only one bus or one type of bus.
According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform any of the password protection methods of the above embodiments. The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In the embodiment of the application, when a login request is received from a target object for a target application scene requested to be accessed, the target object is authenticated by acquiring the target key input by the target object for the current target application scene, so that leakage of related information to other unrelated objects is avoided, privacy and safety of related information of the target object are ensured, further, when the target object is confirmed to pass authentication, related decryption operation is performed on the pre-stored target authentication information for the target application scene, and the acquired target authentication information is correspondingly input into the target application scene, so that the target object can directly log in the target application scene without manually inputting a corresponding login account number and a corresponding login password by the target object, the login convenience is improved, the risk of theft of the authentication information caused by shooting or recording and the like in the manual input process is avoided, and the safety of related information of the target object is further improved.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (10)

1. A method of password protection, comprising:
receiving a login request sent by a target object aiming at a target terminal, wherein the login request at least comprises a scene identifier of a target application scene which the target object requests to access;
acquiring a target key input by a target object aiming at the target application scene, and carrying out identity verification on the target object based on the target key;
when the target object passes verification, based on the scene identification, corresponding encrypted target verification information is obtained from a preset verification information set, wherein the verification information set is stored in externally connected security equipment, and the target verification information is stored in the verification information set when the target object accesses the target application scene for the first time;
and decrypting the encrypted target verification information based on the target key, and inputting the decrypted target verification information in the target application scene so as to enable the target object to log in the target application scene.
2. The method of claim 1, wherein prior to receiving the login request for the target object, further comprising:
receiving and storing a scene identifier of the target application scene, and receiving and storing the target key sent by the target object and aiming at the target application scene;
when the target object is determined to be the first access to the target application scene, acquiring target verification information of the target object, encrypting the target verification information based on the target key, and storing the target verification information; wherein the target verification information at least includes: the login account number of the target object and the corresponding login password;
and the scene identifier and the target verification information are transmitted to an externally connected security device in an associated mode, so that the security device corresponds to the scene identifier, and the target verification information is stored in a designated security area.
3. The method of claim 2, wherein the encrypting and storing the target authentication information based on the target key comprises:
and encrypting and storing the target verification information by adopting a standard data encryption method DES or a triple data encryption method 3DES based on the target key.
4. The method of claim 2 or 3, wherein the security device holds a secure public key and a secure private key that are encrypted against the target key,
the scene identifier and the target verification information are transmitted to an externally connected security device in an associated mode, so that the security device corresponds to the scene identifier, and after the target verification information is stored in a designated security area, the method further comprises the steps of:
receiving and storing a secret public key of the secret device, and encrypting the target key based on the secret public key;
and sending the encrypted target key to the security device so that the security device decrypts and stores the target key based on the stored security private key.
5. A password protection device, comprising:
the communication module is used for receiving a login request sent by a target object, wherein the login request at least comprises a scene identifier of a target application scene which the target object requests to access;
the verification module is used for acquiring a target key input by a target object aiming at the target application scene and carrying out identity verification on the target object based on the target key;
the acquisition module is used for acquiring corresponding encrypted target verification information from a preset verification information set based on the scene identification when the target object passes verification, wherein the verification information set is stored in externally connected security equipment, and the target verification information is stored in the verification information set when the target object accesses the target application scene for the first time;
and the login module is used for decrypting the encrypted target verification information based on the target key, and inputting the decrypted target verification information in the target application scene so as to enable the target object to login the target application scene.
6. The apparatus of claim 5, wherein prior to receiving the login request for the target object, the obtaining module is further to:
receiving and storing a scene identifier of the target application scene, and receiving and storing the target key sent by the target object and aiming at the target application scene;
when the target object is determined to be the first access to the target application scene, acquiring target verification information of the target object, encrypting the target verification information based on the target key, and storing the target verification information; wherein the target verification information at least includes: the login account number of the target object and the corresponding login password;
and the scene identifier and the target verification information are transmitted to an externally connected security device in an associated mode, so that the security device corresponds to the scene identifier, and the target verification information is stored in a designated security area.
7. The apparatus of claim 6, wherein the obtaining module is specifically configured to, when the target authentication information is stored after being encrypted based on the target key:
and encrypting and storing the target verification information by adopting a standard data encryption method DES or a triple data encryption method 3DES based on the target key.
8. The apparatus of claim 6, wherein the security device holds a secure public key and a secure private key that are encrypted with respect to the target key,
the scene identifier and the target verification information are transmitted to an externally connected security device in an associated mode, so that the security device corresponds to the scene identifier, and after the target verification information is stored in a designated security area, the acquisition module is further used for:
receiving and storing a secret public key of the secret device, and encrypting the target key based on the secret public key;
and sending the encrypted target key to the security device so that the security device decrypts and stores the target key based on the stored security private key.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the password protection method of any of claims 1-4 when the computer program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1-4.
CN202111308205.2A 2021-11-05 2021-11-05 Password protection method and device, electronic equipment and storage medium Pending CN116089927A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111308205.2A CN116089927A (en) 2021-11-05 2021-11-05 Password protection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111308205.2A CN116089927A (en) 2021-11-05 2021-11-05 Password protection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116089927A true CN116089927A (en) 2023-05-09

Family

ID=86201177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111308205.2A Pending CN116089927A (en) 2021-11-05 2021-11-05 Password protection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116089927A (en)

Similar Documents

Publication Publication Date Title
US10904234B2 (en) Systems and methods of device based customer authentication and authorization
CN109150835B (en) Cloud data access method, device, equipment and computer readable storage medium
US10574686B2 (en) Security verification by message interception and modification
US10445487B2 (en) Methods and apparatus for authentication of joint account login
US10110579B2 (en) Stateless and secure authentication
US10313112B2 (en) Browser security module
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
US20130205360A1 (en) Protecting user credentials from a computing device
US10033703B1 (en) Pluggable cipher suite negotiation
WO2020041747A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
US20180270225A1 (en) Remote keychain for mobile devices
US9723003B1 (en) Network beacon based credential store
EP3453136A1 (en) Methods and apparatus for device authentication and secure data exchange between a server application and a device
CN109145628B (en) Data acquisition method and system based on trusted execution environment
US9332011B2 (en) Secure authentication system with automatic cancellation of fraudulent operations
US9954853B2 (en) Network security
CN104243452B (en) A kind of cloud computing access control method and system
KR20190111006A (en) Authentication server, authentication system and method
US9053297B1 (en) Filtering communications
CN117375986A (en) Application access method, device and server
US20100146605A1 (en) Method and system for providing secure online authentication
US11245684B2 (en) User enrollment and authentication across providers having trusted authentication and identity management services
US10063592B1 (en) Network authentication beacon
JP5678150B2 (en) User terminal, key management system, and program
CN116089927A (en) Password protection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination