CN116760546B - Modularized password service method based on cloud environment - Google Patents
Modularized password service method based on cloud environment Download PDFInfo
- Publication number
- CN116760546B CN116760546B CN202311045739.XA CN202311045739A CN116760546B CN 116760546 B CN116760546 B CN 116760546B CN 202311045739 A CN202311045739 A CN 202311045739A CN 116760546 B CN116760546 B CN 116760546B
- Authority
- CN
- China
- Prior art keywords
- disk
- user
- logged
- current
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 150000003839 salts Chemical class 0.000 claims abstract description 33
- 230000005540 biological transmission Effects 0.000 claims abstract description 15
- 230000003993 interaction Effects 0.000 claims abstract description 15
- 238000006243 chemical reaction Methods 0.000 claims description 28
- 238000013507 mapping Methods 0.000 claims description 20
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 8
- 230000004931 aggregating effect Effects 0.000 claims description 3
- 238000004422 calculation algorithm Methods 0.000 claims description 3
- 230000001105 regulatory effect Effects 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 230000001010 compromised effect Effects 0.000 abstract description 2
- 238000005336 cracking Methods 0.000 abstract description 2
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 239000000306 component Substances 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a modularized password service method based on cloud environment, which relates to the technical field of password service, wherein a simulated disk is constructed through a data interaction module, a multi-stage encryption disk based on which a user is logged in at present is constructed through a gathering module, equal division and letter filling of different rules are carried out on a circular ring formed by each stage of encryption disk, and the falling and selecting positions of characters in an encryption salt in the multi-stage encryption disk are obtained, so that the risk of password leakage caused by encrypting and transmitting data by a single password is avoided, the data participating in the disk are not transmitted, the difficulty of data cracking is improved, an encryption key is generated by a password service unit by means of an API call address of a three-party key generation function, a simulated key disk code is generated by a restoring and cohesion unit, and the safety of data transmission in a website is increased while the safety of the key in the transmission process is ensured. Reducing the likelihood of data being compromised.
Description
Technical Field
The invention relates to the technical field of password service, in particular to a modularized password service method based on a cloud environment.
Background
The cryptographic module is a core component for providing cryptographic services (such as encryption, decryption, digital signature, signature verification, key management, etc.) to an information system, and is a guarantee basis for information security. The cryptographic module needs to be secured by itself while providing services to the information system. To maintain confidentiality and integrity of information protected by the cryptographic module, protection of the cryptographic module itself is necessary;
at present, a data encryption key is provided for a user which is authorized and authenticated by means of a three-party password module in a website, however, the protection is mainly to authorize and authenticate the user, after the authorization and authentication are passed, the transmitted data is encrypted in a password mode or is directly transmitted in a plaintext mode to call the three-party password module, in such a way, when the page address of the submitted parameter in the website is leaked, the plaintext and the password of the authorized user are both leaked, thereby causing the leakage of the call parameter rule of the three-party password module, further possibly causing the leakage of logic in the three-party password module, and further causing serious influence on the three party and the user;
in order to solve the above problems, the present invention proposes a solution.
Disclosure of Invention
The invention aims to provide a modularized password service method based on cloud environment, which aims to solve the problems that in the prior art, a website internally provides a data encryption key for a user which has been authorized and authenticated by means of a three-party password module, however, the protection focus is to carry out authorized and authenticated on the user, and after the authorized and authenticated user passes, the transmitted data is encrypted in a password mode or is directly transmitted in a plaintext mode to call the three-party password module, so that when the page address of a submitted parameter in the website is leaked, the plaintext and the password of the authorized user are both leaked, the calling parameter rule of the three-party password module is leaked, and the logic in the three-party password module is leaked, and the serious influence is caused on the three parties and the user;
the aim of the invention can be achieved by the following technical scheme:
the modularized password service method based on the cloud environment comprises the following steps:
step one: the data interaction module is used for uploading data of a current logged-in user, and acquiring an encrypted salt which is typed in by the current logged-in user, the current login time of the current logged-in user and a password used for the current login, and generating a key request instruction according to the encrypted salt, wherein the encrypted salt is a group of character strings, and the password used by the logged-in user is a 12-14-bit password consisting of letters, numbers and special characters;
step two: the simulated disk gathering module is used for encrypting and restoring data, and the simulated disk gathering module is used for generating a simulated disk code of a current logged-in user according to a certain simulated rule;
step three: the restoring and gathering unit restores the pseudo-magnetic disc code of the current logged-in user to generate the encryption salt of the current logged-in user according to the current logged-in user password which is stored in the restoring and gathering unit and has been subjected to identity verification, the interval time of each character in the current logged-in user-entered password and the current logged-in time of the current logged-in user, and generates key parameter transmission data of the current logged-in user according to the key parameter transmission data and the current logged-in user-entered password;
step four: the password service unit stores an API call address of a three-party key generation function, wherein the API call address of the three-party key generation function refers to a call address of an interface which is provided by a third party authorized to trust a user and used for generating key service;
the password service unit calls a reference key generation function by taking key transmission parameter data of a current logged-in user as parameter based on an API call address of a three-party key generation function, and obtains an encryption key of current uploaded data of the current logged-in user;
step five: the restoring and gathering unit generates a simulated key disk code of the current uploaded data of the logged-in user according to a certain gathering and generating rule;
step six: the simulated magnetic disk gathering and returning module restores the simulated key magnetic disk code according to the password which is stored in the simulated magnetic disk gathering and returning module and used for the current login of the logged-in user and has passed the identity verification, the interval time of each character in the password which is used for the current login and is typed by the logged-in user, and the moment of the current login of the logged-in user to acquire the encryption key of the current uploading data of the current logged-in user;
step seven: and the data interaction module encrypts and uploads the data uploaded at this time according to the encryption key of the data uploaded at this time of the current logged-in user.
Further, the encryption salt is an 8-bit character consisting of a lowercase letter.
Further, the specific simulation rule for generating the current simulated disk code of the logged-in user by the simulated disk aggregation module is as follows:
s11: acquiring all characters which are typed in a password used for the current login by a user who is logged in at present, screening out repeated characters, and marking each character in the password used for the current login as A1, A2, aa, and a is more than or equal to 3 and less than or equal to 14 in sequence according to the typing sequence of the characters by the rest characters;
the typing interval time of the currently logged-in user typing the characters A1, A2, aa is obtained, labeled PA1, PA2, PA, respectively a-1 The PA1 is the interval time between the current logged-in user typing in the character A1 and then typing in the character A2;
s12: referring to an ascii code table, acquiring ascii code values corresponding to characters A1, A2, and Aa, and marking the ascii code values as B1, B2, and Ba in sequence from small to large;
s13: converting the current login time of a current logged-in user into data in a timestamp format, recalibrating the data into a disk break sequence, and orderly marking all characters in the disk break sequence as C1, C2, cc and C is more than or equal to 1 from left to right according to the arrangement data of the characters in the disk break sequence;
s14: according to the sequence of characters in the encrypted salt which are typed by the current logged-in user, the characters in the encrypted salt are marked as Q1, Q2, Q8;
s15: according to a certain calculation rule, calculating and obtaining a primary disk parameter conversion code corresponding to the character Q1, wherein the primary disk parameter conversion code is specifically as follows:
s151: taking the coordinates (0, 0) as the circle center of the disk, taking P1 as the radius of the basic disk, and constructing the inner circle of the basic disk of the current logged-in user, wherein P1 is a preset basic inner radius threshold;
s152: using a functional formulaCalculating and obtaining the primary disk excircle radius D1 of the character corresponding to the ascii code value B1;
s153: if D1>D, utilize formulaCalculating and obtaining an equal arc length F1 of the outer circle of the primary magnetic disk, wherein D is a preset arc length calibration value;
otherwise, the quotient of D1 and P2 is calculated by using a recursion algorithm until the quotient is 0, and when the quotient is 0, the corresponding recursion times alpha 1 are obtained, wherein P2 is a preset recursion equal component, and a formula is usedCalculating and obtaining an equal arc length F1 of the outer circle of the primary magnetic disk;
s154: using the formulaCalculating and obtaining an equal arc length F1 corresponding to the equal arc length lambda 1, and utilizing a formulaCalculating and obtaining an equal arc length PF1 of the inner circle of the basic magnetic disk;
s155: calculating and obtaining the mapping initial quantity G1 of the outer circle of the first-stage magnetic disk by using a formula G1=int (F1-PF 1);
s156: the pointer on the reference clock points to the 12 o' clock direction, namely the north direction, the circular ring formed by the inner circle of the basic magnetic disk and the outer circle of the first-order magnetic disk is equally divided into 26+C1 parts of first-order magnetic disk blocks clockwise, and the first-order magnetic disk blocks are marked as H1, H2, H 26+C1 ;
According to the arrangement sequence of 26-bit lowercase letters, acquiring the lowercase letters arranged on the G1-bit, re-calibrating the lowercase letters to be the initial letter of the outer circle of the primary disk, and marking the initial letter as PG1, wherein the value of G1 acquired by calculation is less than or equal to 26;
s157: starting from the initial letter PG1 according to the arrangement order of 26 letters, the letters including the initial letter PG1 and the letters arranged thereafter are sequentially and first-order disk blocks, and are marked as H1, H2, 26+C1 the mapping is established, and it is to be noted that after the mapping relation between the first-stage disk block and the initial letter PG1 and the letters arranged behind the initial letter PG1 is established, if the mapping relation still remains, the mapping is carried out from the first letter to the remaining first-stage disk blocks according to the arrangement sequence of 26 words;
s158: traversing the primary disk blocks H1, H2, & H 26+C1 The corresponding character acquires a first-stage disk block consistent with the character Q1 in the encrypted salt, and recalibrates the first-stage disk block into a first-stage drop disk block of the character Q1, and marks the first-stage disk block as I1;
s159: the first-stage drop disk block I1 according to the character Q1 corresponds to the first-stage disk blocks H1, H2 26+C Acquiring the quantity PI1 of all the first-stage disk blocks arranged before the first-stage drop disk block I1;
s1510: using the formulaCalculating and obtaining a primary disk parameter conversion code corresponding to the character Q1;
s16: calculating and obtaining a secondary disk parameter conversion code corresponding to the character Q2 according to a certain calculation rule;
s17: sequentially calculating and obtaining the values B3, three, four, eight-level disk parameter conversion codes corresponding to the characters Q3, Q4, Q8 according to S15 to S16, if a <8, the characters Q8-a, 8, and eight-level disk parameter conversion codes corresponding to the characters Q8-a, Q8 are calculated according to the sequence of Ba, ba-1, and B1;
and the pseudo-disk collecting and returning module aggregates the primary, secondary, and eighth-level disk parameter conversion codes according to the order of the primary, secondary, and eighth-level disk outer circle radiuses from small to large so as to generate the pseudo-disk code of the current logged-in user.
Further, the specific calculation rule for calculating the secondary disk parameter conversion code corresponding to the obtained character Q2 in S16 is as follows:
s161: using the formulaCalculating D1+PA1 x beta 1 to obtain the outer circle radius D2 of the secondary magnetic disk of the character corresponding to the ascii code value B2, wherein beta 1 is a preset magnetic disk ring width regulating factor;
s162: calculating and obtaining the equal arc length F2 of the outer circle of the secondary magnetic disk according to S153;
s163: using the formulaCalculating and obtaining a mapping initial quantity G2 of the outer circle of the secondary disk;
s164: and calculating and obtaining a secondary disk parameter conversion code corresponding to the character Q2 according to S156 to S1510.
Further, the logged-in user refers to a user who has undergone identity verification and is authorized to trust.
Further, the data interaction module temporarily stores the encrypted salt entered by the current logged-in user, the current login time of the current logged-in user and the password used for the current login.
Further, the cohesive generation rule of the simulated key disk code for cohesive generation of the current uploaded data of the logged-in user by the cohesive unit is as follows:
s21: establishing an alphanumeric mapping relation: corresponding 0, 1, 2, 3, 9 and a, b, c, i, respectively, and converting numbers in the encryption key of the current uploaded data of the logged-in user into letters respectively according to the mapping relation of the alphanumerics to generate a disk basic key of the current uploaded data of the logged-in user;
s22: marking characters in a disk basic key of the current uploaded data of a logged-in user as J1, J2, jj and J is more than or equal to 1 according to the sequence from left to right;
s23: and respectively calculating and acquiring first, second, third and fourth grade disk parameter conversion codes corresponding to the characters J1, J2, third and fourth and fifth grade Jj according to S11 to S17, and aggregating the first, second, third and fourth grade disk parameter codes according to the order of the first, second, third and fourth grade disk outer circle radius from small to large to generate the simulated key disk codes of the current logged-in user.
The invention has the beneficial effects that:
according to the invention, by setting the data interaction module, the encryption salt typed by the current logged-in user, the current login time, the password used for the current login and the interval time simulation disk gathering module for typing each character in the password are used for constructing a multi-stage encryption disk based on the current logged-in user, equally dividing and filling letters of different rules are carried out on a ring formed by each stage of encryption disk, and the encryption salt is obtained based on the ring, so that the selected position of each character in the encryption salt in the multi-stage encryption disk is aggregated, thereby avoiding the increase of the password leakage risk caused by encrypting and transmitting data by singly adopting the password, ensuring the secret of the parameter rule calling by the three-party password module, ensuring the safety of the three-party service module, and avoiding the transmission of any data participating in the formation disk, and improving the difficulty of data cracking;
according to the invention, the restoration cohesion unit is arranged to restore the encryption salt of the current logged-in user, the password service unit generates the encryption key of the current uploaded data of the current logged-in user by means of the API call address of the three-party key generation function, and the restoration cohesion unit constructs a key disc based on the encryption key to generate the simulated key disc code, so that on one hand, the security of the key in the transmission process is ensured, and on the other hand, the security of the website based on data transmission is increased. Reducing the likelihood of data being compromised.
Drawings
The invention is further described below with reference to the accompanying drawings.
FIG. 1 is a system block diagram of the present invention;
fig. 2 is a flow chart of the method of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 2, the method is implemented by a cloud environment-based modularized password service system, and as shown in fig. 1, the system comprises a data interaction module, a pseudo-disk gathering module, a service platform and a password service module;
the data interaction module is used for uploading data of a current logged-in user, wherein the logged-in user refers to a user who has undergone identity verification and authorized trust;
the data interaction module obtains the encryption salt typed by the current logged-in user, the moment of the current login of the current logged-in user and the password used by the current login, temporarily stores the encryption salt, and generates a key request instruction according to the encryption salt, wherein the encryption salt is a group of character strings, in the embodiment, the encryption salt is an 8-bit character consisting of lower case letters, and the data interaction module transmits the key request instruction to the pseudo disk gathering module;
in this embodiment, the password of the logged-in user is a 12 to 14-bit password composed of letters, numbers and special characters;
the simulated magnetic disk gathering and returning module is used for encrypting data, and after receiving the key request instruction transmitted by the data interaction module, the simulated magnetic disk gathering and returning module obtains the encrypted salt entered by the current logged-in user, the current login time of the current logged-in user and the password used for the current login, and generates a simulated magnetic disk code of the current logged-in user in a simulated manner according to a certain simulated rule, and the method comprises the following specific steps:
s11: acquiring all characters which are typed in a password used for the current login by a user who is logged in at present, screening out repeated characters, and marking each character in the password used for the current login as A1, A2, aa, and a is more than or equal to 3 and less than or equal to 14 in sequence according to the typing sequence of the characters by the rest characters;
the typing interval time of the currently logged-in user typing the characters A1, A2, aa is obtained, labeled PA1, PA2, PA, respectively a-1 The PA1 is the interval time between the current logged-in user typing in the character A1 and then typing in the character A2;
s12: referring to an ascii code table, acquiring ascii code values corresponding to characters A1, A2, and Aa, and marking the ascii code values as B1, B2, and Ba in sequence from small to large;
s13: converting the current login time of a current logged-in user into data in a timestamp format, recalibrating the data into a disk break sequence, and orderly marking all characters in the disk break sequence as C1, C2, cc and C is more than or equal to 1 from left to right according to the arrangement data of the characters in the disk break sequence;
s14: according to the sequence of characters in the encrypted salt which are typed by the current logged-in user, the characters in the encrypted salt are marked as Q1, Q2, Q8;
s15: according to a certain calculation rule, calculating and obtaining a primary disk parameter conversion code corresponding to the character Q1, wherein the primary disk parameter conversion code is specifically as follows:
s151: taking the coordinates (0, 0) as the circle center of the disk, taking P1 as the radius of the basic disk, and constructing the inner circle of the basic disk of the current logged-in user, wherein P1 is a preset basic inner radius threshold;
s152: using a functional formulaCalculating and obtaining the primary disk excircle radius D1 of the character corresponding to the ascii code value B1;
s153: if D1>D, utilize formulaCalculating and obtaining an equal arc length F1 of the outer circle of the primary magnetic disk, wherein D is a preset arc length calibration value;
otherwise, the quotient of D1 and P2 is calculated by using a recursion algorithm until the quotient is 0, and when the quotient is 0, the corresponding recursion times alpha 1 are obtained, wherein P2 is a preset recursion equal component, and a formula is usedCalculating and obtaining an equal arc length F1 of the outer circle of the primary magnetic disk;
s154: using the formulaCalculating and obtaining an equally-divided angle lambda 1 corresponding to the equally-divided arc length F1;
using the formulaCalculating and obtaining an equal arc length PF1 of the inner circle of the basic magnetic disk;
s155: calculating and obtaining the mapping initial quantity G1 of the outer circle of the first-stage magnetic disk by using a formula G1=int (F1-PF 1);
s156: the pointer on the reference clock points to the 12 o' clock direction, namely the north direction, the circular ring formed by the inner circle of the basic magnetic disk and the outer circle of the first-order magnetic disk is equally divided into 26+C1 parts of first-order magnetic disk blocks clockwise, and the first-order magnetic disk blocks are marked as H1, H2, H 26+C1 ;
According to the arrangement sequence of 26-bit lowercase letters, acquiring the lowercase letters arranged on the G1-bit, re-calibrating the lowercase letters to be the initial letter of the outer circle of the primary disk, and marking the initial letter as PG1, wherein the value of G1 acquired by calculation is necessarily less than or equal to 26;
s157: starting from the initial letter PG1 according to the arrangement order of 26 letters, the letters including the initial letter PG1 and the letters arranged thereafter are sequentially and first-order disk blocks, and are marked as H1, H2, 26+C1 the first-level disk block H1 corresponds to the initial letter PG1, and it should be noted that the first-level disk block is related to the initial letter PG1 and the letters arranged behind the initial letter PG1After the series is completed, mapping is carried out on the first letter and the remaining first-level disk blocks according to the arrangement sequence of 26 words;
s158: traversing the primary disk blocks H1, H2, & H 26+C1 The corresponding character acquires a first-stage disk block consistent with the character Q1 in the encrypted salt, and recalibrates the first-stage disk block into a first-stage drop disk block of the character Q1, and marks the first-stage disk block as I1;
s159: the first-stage drop disk block I1 according to the character Q1 corresponds to the first-stage disk blocks H1, H2 26+C Acquiring the quantity PI1 of all the first-stage disk blocks arranged before the first-stage drop disk block I1;
s1510: using the formulaCalculating and obtaining a primary disk parameter conversion code corresponding to the character Q1;
s16: the secondary disk parameter conversion code corresponding to the character Q2 is obtained through calculation according to a certain calculation rule, and the method specifically comprises the following steps:
s161: using the formulaCalculating D1+PA1 x beta 1 to obtain the outer circle radius D2 of the secondary magnetic disk of the character corresponding to the ascii code value B2, wherein beta 1 is a preset magnetic disk ring width regulating factor;
s162: calculating and obtaining the equal arc length F2 of the outer circle of the secondary magnetic disk according to S153;
s163: using the formulaCalculating and obtaining a mapping initial quantity G2 of the outer circle of the secondary disk;
s164: calculating and obtaining a secondary disk parameter conversion code corresponding to the character Q2 according to S156 to S1510;
s17: sequentially calculating and acquiring three, four, three-level disc outer circle radiuses D3, D4 and three, four and eight-level disc parameter conversion codes corresponding to characters Q3, Q4, Q8 according to the sequence of Ba, ba-1, Q-1 and B1 if a <8, and acquiring 8-a, 8 and eight-level disc parameter conversion codes corresponding to characters Q8, Q8 according to the sequence of Ba, ba-1, Q8, for example, if a=6, the ascii code value corresponding to the seven-level disc outer circle radius D7 is B6 and the ascii code value corresponding to the eight-level disc outer circle radius D8 is B5;
the pseudo-disk collecting and returning module is used for collecting the primary, secondary, and eighth-level disk parameter conversion codes according to the sequence of the primary, secondary, and eighth-level disk outer circle radiuses from small to large to generate pseudo-disk codes of the current logged-in user;
the pseudo-disk gathering module transmits the pseudo-disk code of the current logged-in user to a service platform;
the service platform is used for providing a generation service of an encryption key for uploading data for logged-in users and comprises a restoration cohesion unit and a password service unit;
the service platform receives the simulated disk code of the current logged-in user and then transmits the simulated disk code to a restoring and gathering unit, wherein the restoring and gathering unit stores the password used by the current login of the logged-in user after identity verification, the interval time of each character in the password used by the current login of the logged-in user and the moment of the current login of the logged-in user;
after the restoring and gathering unit receives the pseudo-magnetic disc code of the current logged-in user transmitted by the service platform, the restoring and gathering unit acquires the password used by the current logged-in user for logging in, the interval time of each character in the password used by the current logging-in and the moment of the current logging-in of the user stored in the restoring and gathering unit, and restores the encrypted salt of the current logged-in user according to the pseudo-magnetic disc code of the current logged-in user and the pseudo-magnetic disc code of the current logged-in user;
the restoring and gathering unit generates key parameter transmission data of the current logged-in user according to the encrypted salt of the current logged-in user and all passwords of the current logged-in user, and transmits the key parameter transmission data to the password service unit;
the password service unit stores an API call address for calling a three-party key generation function, wherein the API call address of the three-party key generation function refers to a call address of an interface provided by a third party authorized to generate key service for a trusted user;
the password service unit receives the key parameter transmission data of the current logged-in user transmitted by the restoring and gathering unit, then uses the key parameter transmission data as an API call address of the parameter based on the three-party key generation function to call the parameter access key generation function, acquires the encryption key of the current uploaded data of the current logged-in user, and transmits the encryption key to the restoring and gathering unit;
after receiving the encryption key of the current uploading data of the current logged-in user, the restoring and gathering unit gathers and generates a simulated key disk code of the current uploading data of the current logged-in user according to a certain gathering and generating rule, and the method specifically comprises the following steps:
s21: establishing an alphanumeric mapping relation: corresponding 0, 1, 2, 3, 9 and a, b, c, i, respectively, and converting numbers in the encryption key of the current uploaded data of the logged-in user into letters respectively according to the mapping relation of the alphanumerics to generate a disk basic key of the current uploaded data of the logged-in user;
s22: marking characters in a disk basic key of the current uploaded data of a logged-in user as J1, J2, jj and J is more than or equal to 1 according to the sequence from left to right;
s23: according to S11 to S17, respectively calculating and obtaining first, second, third and fourth grade disk parameter conversion codes corresponding to characters J1, J2, third and fourth grade Jj, and according to the order of the first, second, third and fourth grade disk outer circle radius from small to large, aggregating the first, second, third and fourth grade disk parameter codes to generate a simulated key disk code of a current logged-in user, and transmitting the simulated key disk code to a simulated disk aggregation module;
the simulated disk gathering and returning module restores the current logged-in user according to the time of the current login of the current logged-in user temporarily stored in the simulated disk gathering and returning module and the password used for the current login after receiving the simulated key disk code of the current logged-in user, and transmits the encrypted key to the data interaction module, and the data interaction module encrypts pre-uploading data of the current logged-in user after receiving the encrypted key of the current logged-in user transmitted by the simulated disk gathering and returning module;
in the description of the present specification, the descriptions of the terms "one embodiment," "example," "specific example," and the like, mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative and explanatory of the invention, as various modifications and additions may be made to the particular embodiments described, or in a similar manner, by those skilled in the art, without departing from the scope of the invention or exceeding the scope of the invention as defined in the claims.
The foregoing describes one embodiment of the present invention in detail, but the description is only a preferred embodiment of the present invention and should not be construed as limiting the scope of the invention. All equivalent changes and modifications within the scope of the present invention are intended to be covered by the present invention.
Claims (3)
1. The modularized password service method based on the cloud environment is characterized by comprising the following steps of:
step one: the data interaction module is used for providing the current logged-in user with data uploading, and acquiring the encryption salt typed by the current logged-in user, the current login time of the current logged-in user and the password used for the current login, and generating a key request instruction according to the encryption salt, wherein the encryption salt is a character string composed of 8-bit lower case letters, and the password used by the logged-in user is a 12-14-bit password composed of letters, numbers and special characters;
step two: the simulated disk gathering module is used for encrypting and restoring data, and the simulated disk gathering module is used for generating a simulated disk code of a current logged-in user in a simulated manner according to a simulated rule, and specifically comprises the following steps:
s11: acquiring all characters which are typed in a password used for the current login by a user who is logged in at present, screening out repeated characters, and marking each character in the password used for the current login as A1, A2, aa, and a is more than or equal to 3 and less than or equal to 14 in sequence according to the typing sequence of the characters by the rest characters;
the typing interval time of the currently logged-in user typing the characters A1, A2, aa is obtained, labeled PA1, PA2, PA, respectively a-1 The PA1 is the interval time between the current logged-in user typing in the character A1 and then typing in the character A2;
s12: referring to an ascii code table, acquiring ascii code values corresponding to characters A1, A2, and Aa, and marking the ascii code values as B1, B2, and Ba in sequence from small to large;
s13: converting the current login time of a logged-in user into data in a time stamp format, recalibrating the data into a disk break sequence, and orderly marking all characters in the disk break sequence as C1, C2, cc and C is more than or equal to 1 from left to right according to the arrangement data of the characters in the disk break sequence;
s14: according to the sequence of characters in the encrypted salt which are typed by the current logged-in user, the characters in the encrypted salt are marked as Q1, Q2, Q8;
s15: according to a certain calculation rule, calculating and obtaining a primary disk parameter conversion code corresponding to the character Q1, wherein the primary disk parameter conversion code is specifically as follows:
s151: taking the coordinates (0, 0) as the circle center of the disk, taking P1 as the radius of the basic disk, and constructing the inner circle of the basic disk of the current logged-in user, wherein P1 is a preset basic inner radius threshold;
s152: using a functional formulaCalculating and obtaining the primary disk excircle radius D1 of the character corresponding to the ascii code value B1;
s153: if D1>D, utilize formulaCalculating to obtain equal division of the outer circle of the first-stage magnetic diskArc length F1, wherein D is a preset arc length calibration value;
otherwise, the quotient of D1 and P2 is calculated by using a recursion algorithm until the quotient is 0, and when the quotient is 0, the corresponding recursion times alpha 1 are obtained, wherein P2 is a preset recursion equal component, and a formula is usedCalculating and obtaining an equal arc length F1 of the outer circle of the primary magnetic disk;
s154: using the formulaCalculating and obtaining an equal arc length F1 corresponding to the equal arc length lambda 1, and utilizing a formulaCalculating and obtaining an equal arc length PF1 of the inner circle of the basic magnetic disk;
s155: calculating and obtaining the mapping initial quantity G1 of the outer circle of the first-stage magnetic disk by using a formula G1=int (F1-PF 1);
s156: the pointer on the reference clock points to the 12 o' clock direction, namely the north direction, the circular ring formed by the inner circle of the basic magnetic disk and the outer circle of the first-order magnetic disk is equally divided into 26+C1 parts of first-order magnetic disk blocks clockwise, and the first-order magnetic disk blocks are marked as H1, H2, H 26+C1 ;
According to the arrangement sequence of 26-bit lowercase letters, acquiring the lowercase letters arranged on the G1-bit, re-calibrating the lowercase letters to be the initial letter of the outer circle of the primary disk, and marking the initial letter as PG1, wherein the value of G1 acquired by calculation is less than or equal to 26;
s157: starting from the initial letter PG1 according to the arrangement order of 26 letters, the letters including the initial letter PG1 and the letters arranged thereafter are sequentially and first-order disk blocks, and are marked as H1, H2, 26+C1 mapping is established, and if the mapping relation between the first-stage disk block and the initial letter PG1 and the letters arranged behind the initial letter PG1 is still remained, mapping is carried out on the first-stage disk block and the remained first-stage disk block continuously according to the arrangement sequence of 26 words;
s158: traversing the primary disk blocks H1, H2, & H 26+C1 Corresponding character obtains its sum encryptionThe first-stage disk block with the consistent character Q1 in the salt is recalibrated to be a first-stage drop disk block with the character Q1, and is marked as I1;
s159: the first-stage drop disk block I1 according to the character Q1 corresponds to the first-stage disk blocks H1, H2 26+C1 Acquiring the quantity PI1 of all the first-stage disk blocks arranged before the first-stage drop disk block I1;
s1510: using the formulaCalculating and obtaining a primary disk parameter conversion code corresponding to the character Q1;
s16: the secondary disk parameter conversion code corresponding to the character Q2 is obtained through calculation according to a calculation rule, and the method specifically comprises the following steps:
s161: using the formulaCalculating D1+PA1 x beta 1 to obtain the outer circle radius D2 of the secondary magnetic disk of the character corresponding to the ascii code value B2, wherein beta 1 is a preset magnetic disk ring width regulating factor;
s162: calculating and obtaining the equal arc length F2 of the outer circle of the secondary magnetic disk according to S153;
s163: using the formulaCalculating and obtaining a mapping initial quantity G2 of the outer circle of the secondary disk;
s164: calculating and obtaining a secondary disk parameter conversion code corresponding to the character Q2 according to S156 to S1510;
s17: sequentially calculating and acquiring three, four, a class a disk excircle radii D3, D4 and a class a disk excircle radii D3, D4 of characters corresponding to the values B3, the terms and the terms, eight-class disk parameter conversion codes corresponding to the characters Q3, Q4, the terms and the terms, Q8 and eight-class disk parameter conversion codes corresponding to the characters Q8-a, the terms and Q8 and 8-a according to the sequences of the characters Ba, ba-1, the terms and B1 according to the sequence of the characters A < 8;
the pseudo-disk collecting and returning module is used for collecting the primary, secondary, and eighth-level disk parameter conversion codes according to the sequence of the primary, secondary, and eighth-level disk outer circle radiuses from small to large to generate pseudo-disk codes of the current logged-in user;
step three: the restoring and gathering unit restores the pseudo-magnetic disc code of the current logged-in user to generate the encryption salt of the current logged-in user according to the current logged-in user password which is stored in the restoring and gathering unit and has been subjected to identity verification, the interval time of each character in the current logged-in user-entered password and the current logged-in time of the current logged-in user, and generates key parameter transmission data of the current logged-in user according to the key parameter transmission data and the current logged-in user-entered password;
step four: the password service unit stores an API call address of a three-party key generation function, wherein the API call address of the three-party key generation function refers to a call address of an interface which is provided by a third party authorized to trust a user and used for generating key service;
the password service unit calls a reference key generation function by taking key transmission parameter data of a current logged-in user as parameter based on an API call address of a three-party key generation function, and obtains an encryption key of current uploaded data of the current logged-in user;
step five: the restoring and gathering unit generates a simulated key disk code of the current uploading data of the logged-in user according to a gathering and generating rule, and the method comprises the following steps of:
s21: establishing an alphanumeric mapping relation: corresponding 0, 1, 2, 3, 9 and a, b, c, i, respectively, and converting numbers in the encryption key of the current uploaded data of the logged-in user into letters respectively according to the mapping relation of the alphanumerics to generate a disk basic key of the current uploaded data of the logged-in user;
s22: marking characters in a disk basic key of the current uploaded data of a logged-in user as J1, J2, jj and J is more than or equal to 1 according to the sequence from left to right;
s23: according to S11 to S17, respectively calculating and obtaining first, second, third and fourth grade disk parameter conversion codes corresponding to characters J1, J2, third and fourth grade Jj, and according to the order of the first, second, third and fourth grade disk outer circle radius from small to large, aggregating the first, second, third and fourth grade disk parameter codes to generate a simulated key disk code of a current logged-in user;
step six: the simulated magnetic disk gathering and returning module restores the simulated key magnetic disk code according to the password which is stored in the simulated magnetic disk gathering and returning module and used for the current login of the logged-in user and has passed the identity verification, the interval time of each character in the password which is used for the current login and is typed by the logged-in user, and the moment of the current login of the logged-in user to acquire the encryption key of the current uploading data of the current logged-in user;
step seven: and the data interaction module encrypts and uploads the data uploaded at this time according to the encryption key of the data uploaded at this time of the current logged-in user.
2. The cloud environment-based modular cryptographic service method of claim 1, wherein the logged-in user refers to a user who has been authenticated, authorized to trust.
3. The cloud environment-based modularized password service method according to claim 1, wherein the data interaction module temporarily stores the encrypted salt entered by the current logged-in user, the current login time of the current logged-in user and the password used for the current login.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311045739.XA CN116760546B (en) | 2023-08-18 | 2023-08-18 | Modularized password service method based on cloud environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311045739.XA CN116760546B (en) | 2023-08-18 | 2023-08-18 | Modularized password service method based on cloud environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116760546A CN116760546A (en) | 2023-09-15 |
| CN116760546B true CN116760546B (en) | 2023-10-31 |
Family
ID=87955611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311045739.XA Active CN116760546B (en) | 2023-08-18 | 2023-08-18 | Modularized password service method based on cloud environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116760546B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117614699B (en) * | 2023-11-28 | 2024-04-30 | 安徽南瑞中天电力电子有限公司 | Long-distance power grid equipment communication system |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003023419A (en) * | 2001-07-06 | 2003-01-24 | Toshiba Corp | Information recording and reproducing device with scramble key management function |
| JP2007108833A (en) * | 2005-10-11 | 2007-04-26 | Nec Corp | Device for storing a plurality of passwords and password management method |
| CN104144172A (en) * | 2013-05-06 | 2014-11-12 | 上海宏第网络科技有限公司 | Cloud platform system and method based on desktop virtualization technology |
| CN104348609A (en) * | 2014-09-18 | 2015-02-11 | 成都西山居互动娱乐科技有限公司 | Non-stored password management algorithm |
| WO2015027852A1 (en) * | 2013-08-30 | 2015-03-05 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for resetting a user-login password for a virtual machine |
| JP2016136346A (en) * | 2015-01-23 | 2016-07-28 | 株式会社ヴァイナス | Cloud storage utilization method and cloud storage utilization program |
| CN106453384A (en) * | 2016-11-09 | 2017-02-22 | 鹤荣育 | Security cloud disk system and security encryption method thereof |
| CN107689943A (en) * | 2016-08-04 | 2018-02-13 | 深圳市深信服电子科技有限公司 | A kind of method of data encryption, user terminal, server and system |
| CN110221990A (en) * | 2019-04-26 | 2019-09-10 | 北京奇安信科技有限公司 | Storage method and device, storage medium, the computer equipment of data |
| CN110543775A (en) * | 2019-08-30 | 2019-12-06 | 湖南麒麟信息工程技术有限公司 | data security protection method and system based on super-fusion concept |
| CN111865869A (en) * | 2019-04-24 | 2020-10-30 | 北京沃东天骏信息技术有限公司 | Registration and authentication method and device based on random mapping, medium and electronic equipment |
| EP3779746A1 (en) * | 2019-08-12 | 2021-02-17 | Magnet Forensics Inc. | Systems and methods for cloud-based management of digital forensic evidence |
| WO2022042745A1 (en) * | 2020-08-31 | 2022-03-03 | 北京书生网络技术有限公司 | Key management method and apparatus |
| CN115982687A (en) * | 2023-01-10 | 2023-04-18 | 安徽中杰信息科技有限公司 | User identity verification system for data operation and maintenance management platform |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120179915A1 (en) * | 2011-01-07 | 2012-07-12 | Apple Inc. | System and method for full disk encryption authentication |
| US8732456B2 (en) * | 2012-04-13 | 2014-05-20 | General Electric Company | Enterprise environment disk encryption |
| US11068600B2 (en) * | 2018-05-21 | 2021-07-20 | Kct Holdings, Llc | Apparatus and method for secure router with layered encryption |
| US11880318B2 (en) * | 2021-10-29 | 2024-01-23 | Microsoft Technology Licensing, Llc | Local page writes via pre-staging buffers for resilient buffer pool extensions |
-
2023
- 2023-08-18 CN CN202311045739.XA patent/CN116760546B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003023419A (en) * | 2001-07-06 | 2003-01-24 | Toshiba Corp | Information recording and reproducing device with scramble key management function |
| JP2007108833A (en) * | 2005-10-11 | 2007-04-26 | Nec Corp | Device for storing a plurality of passwords and password management method |
| CN104144172A (en) * | 2013-05-06 | 2014-11-12 | 上海宏第网络科技有限公司 | Cloud platform system and method based on desktop virtualization technology |
| WO2015027852A1 (en) * | 2013-08-30 | 2015-03-05 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for resetting a user-login password for a virtual machine |
| CN104348609A (en) * | 2014-09-18 | 2015-02-11 | 成都西山居互动娱乐科技有限公司 | Non-stored password management algorithm |
| JP2016136346A (en) * | 2015-01-23 | 2016-07-28 | 株式会社ヴァイナス | Cloud storage utilization method and cloud storage utilization program |
| CN107689943A (en) * | 2016-08-04 | 2018-02-13 | 深圳市深信服电子科技有限公司 | A kind of method of data encryption, user terminal, server and system |
| CN106453384A (en) * | 2016-11-09 | 2017-02-22 | 鹤荣育 | Security cloud disk system and security encryption method thereof |
| CN111865869A (en) * | 2019-04-24 | 2020-10-30 | 北京沃东天骏信息技术有限公司 | Registration and authentication method and device based on random mapping, medium and electronic equipment |
| CN110221990A (en) * | 2019-04-26 | 2019-09-10 | 北京奇安信科技有限公司 | Storage method and device, storage medium, the computer equipment of data |
| EP3779746A1 (en) * | 2019-08-12 | 2021-02-17 | Magnet Forensics Inc. | Systems and methods for cloud-based management of digital forensic evidence |
| CN110543775A (en) * | 2019-08-30 | 2019-12-06 | 湖南麒麟信息工程技术有限公司 | data security protection method and system based on super-fusion concept |
| WO2022042745A1 (en) * | 2020-08-31 | 2022-03-03 | 北京书生网络技术有限公司 | Key management method and apparatus |
| CN115982687A (en) * | 2023-01-10 | 2023-04-18 | 安徽中杰信息科技有限公司 | User identity verification system for data operation and maintenance management platform |
Non-Patent Citations (4)
| Title |
|---|
| 云服务环境下的密钥管理问题和挑战;杨璐;叶晓俊;;计算机科学(03);全文 * |
| 基于社会网络特性的双混沌互反馈加密算法研究;易成岐;姜京池;薛一波;;计算机工程与科学(第02期);全文 * |
| 基于虚拟磁盘的文件加密方法;李清俊;甘萌;;计算机工程与设计(第15期);全文 * |
| 基于逻辑口令锁的整盘加密新方案;赵福祥;庞辽军;王育民;;计算机科学(10);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116760546A (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pachghare | Cryptography and information security | |
| EP2301185B1 (en) | Format-preserving cryptographic systems | |
| US9208491B2 (en) | Format-preserving cryptographic systems | |
| US11488134B2 (en) | Format-preserving cryptographic systems | |
| US8938067B2 (en) | Format preserving encryption methods for data strings with constraints | |
| US7864952B2 (en) | Data processing systems with format-preserving encryption and decryption engines | |
| US8855296B2 (en) | Data processing systems with format-preserving encryption and decryption engines | |
| CN109274503A (en) | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system | |
| US8892881B2 (en) | Split key secure access system | |
| CN110138739B (en) | Data information encryption method and device, computer equipment and storage medium | |
| US8600048B1 (en) | Format-translating encryption systems | |
| CN116760546B (en) | Modularized password service method based on cloud environment | |
| Moe et al. | Enhanced honey encryption algorithm for increasing message space against brute force attack | |
| Ergashev et al. | CRITICOGRAPHIC METHODS OF INFORMATION PROTECTION | |
| GB2479074A (en) | A key server selects policy rules to apply to a key request based on an identifier included in the request | |
| CN111159724B (en) | Conditional proxy reconfigurable encryption method for fine-grained strategy | |
| CN109861821B (en) | Error coordination method for LWE public key password | |
| CN110266479A (en) | It is a kind of that encryption method is denied based on the two-way of the fault-tolerant problem concerning study of mould | |
| Sharfuddin et al. | A novel cryptographic technique for cloud environment based on feedback dna | |
| Libed et al. | Enhancing MD5 Collision Susceptibility | |
| Sari et al. | Implementation of Trifid Cipher Algorithm in Securing Data | |
| Pawar et al. | Survey of cryptography techniques for data security | |
| US11568070B2 (en) | Secure access control processes | |
| CN111835506B (en) | Information security digital encryption method based on one-time use codebook | |
| Nirmalraj et al. | A Novel Password Secure Mechanism using Reformation based Optimized Honey Encryption and Decryption Technique |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |