CN117034309A - User password management method, computer device and storage medium - Google Patents

User password management method, computer device and storage medium Download PDF

Info

Publication number
CN117034309A
CN117034309A CN202310896976.0A CN202310896976A CN117034309A CN 117034309 A CN117034309 A CN 117034309A CN 202310896976 A CN202310896976 A CN 202310896976A CN 117034309 A CN117034309 A CN 117034309A
Authority
CN
China
Prior art keywords
encryption
user password
user
password
secret key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310896976.0A
Other languages
Chinese (zh)
Inventor
蒋元涛
张鹏
叶伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Lifangtong Payment Technology Co ltd
Original Assignee
Beijing Lifangtong Payment Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Lifangtong Payment Technology Co ltd filed Critical Beijing Lifangtong Payment Technology Co ltd
Priority to CN202310896976.0A priority Critical patent/CN117034309A/en
Publication of CN117034309A publication Critical patent/CN117034309A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a user password management method, a computer device and a storage medium, wherein user password information is obtained through an encryption platform, and comprises user password plaintext and user identification; the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by the encryptor, and uses the original secret key and the encryption algorithm to encrypt the user password plaintext and the user identifier, so that the obtained user password ciphertext can improve the password security, is short in encryption time consumption, is suitable for a user password encryption scene of a lightweight software program, and brings the user identifier into a password calculation process, prevents equivalent collision of the same password, and is higher in security level.

Description

User password management method, computer device and storage medium
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a user password management method, a computer device, and a storage medium.
Background
In the age of informatization and digitalization, the security of the user authority is particularly important, the encryption storage of the password is the most important step for protecting the user authority, the password of the user in the early stage of the Internet is stored in a plaintext, and once the database is leaked, the login information of the user is leaked; with the development of information security, a password encryption mode based on an md5 digest algorithm appears, and a plaintext password is encrypted and stored, but the password security cannot be protected because the encryption mode based on the md5 digest algorithm is easy to attack. In the related technology, for the application scene with higher security requirement, a bcrypt algorithm provides safer realization, the bcrypt algorithm obtains ciphertext through salt encryption of the password, and the security of the password is improved, but because the bcrypt algorithm needs to encrypt the password abstract of the user for multiple rounds, the encryption process is complex, the time consumption is long, the method is not suitable for the application scene of software applied to lightweight software application programs such as house property transaction, the user experience is influenced, and if different users set the same password, the same password equivalent collision can be caused, and the security is influenced.
Disclosure of Invention
The invention provides a user password management method, a computer device and a storage medium, which are used for solving the defects that the traditional user password management method has complex encryption process, long time consumption, influence on user experience and the same password equivalent collision influence on password security.
The invention provides a user password management method, which comprises the following steps:
the encryption platform acquires user password information, wherein the user password information comprises user password plaintext and user identification;
the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by an encryptor, and uses the original secret key and the encryption algorithm to encrypt the user password plaintext and the user identifier to obtain a user password ciphertext.
According to the user password management method provided by the invention, the encryption platform determines an encryption algorithm for encrypting the user password information and an original secret key generated and sent by an encryptor, and the method comprises the following steps:
the encryption platform determines a key number and an algorithm version number according to a service system for transmitting the user password information;
determining the encryption algorithm according to the algorithm version number;
searching a secret key ciphertext according to the secret key number, wherein the secret key ciphertext comprises two sub-secret key ciphers;
and obtaining the corresponding original secret key according to the two sub-secret key ciphertext, wherein the original secret key comprises a first sub-secret key and a second sub-secret key.
According to the user password management method provided by the invention, the original secret key and the encryption algorithm are used for carrying out encryption operation on the user password and the user identifier, and the method comprises the following steps:
performing summary calculation on the user identifier and the user password by utilizing the encryption algorithm according to the first subkey to obtain a user identifier summary and a user password summary;
performing misplacement exclusive OR calculation on the user identification abstract and the user password abstract according to the second sub secret key to obtain a symmetrical encryption secret key;
performing symmetric encryption operation on the user password abstract by using the symmetric encryption key and the encryption algorithm to obtain an original ciphertext of the user password;
and splicing the original ciphertext of the user password with the secret key number and the algorithm version number to obtain the ciphertext of the user password.
According to the user password management method provided by the invention, the method further comprises the following steps:
the encryption platform acquires a password verification request;
and the encryption platform performs verification according to the password verification request.
According to the user password management method provided by the invention, the password verification request comprises an input password plaintext, the user identifier and the user password ciphertext corresponding to the user identifier stored in a service system;
the encryption platform verifies according to the password verification request, and comprises the following steps:
resolving the user password secret to obtain a secret key number and an algorithm version number;
determining a corresponding secret key ciphertext according to the secret key number, and determining the original secret key according to the secret key ciphertext;
determining the encryption algorithm according to the algorithm version number;
encrypting the input password plaintext and the user identifier according to the original secret key and the encryption algorithm to obtain an input password ciphertext;
and comparing the input password ciphertext with the user password ciphertext, and if the input password ciphertext and the user password ciphertext are the same, verifying the input password.
According to a user password management method provided by the invention,
the encryption platform obtains a password verification request, which comprises the following steps:
and the encryption platform receives the password verification request ciphertext and decrypts the password verification request ciphertext to obtain the password verification request.
According to the user password management method provided by the invention, before the encryption platform obtains the user password information, the method further comprises the following steps:
the encryption platform initializes and loads a secret key number and a secret key ciphertext corresponding to the secret key number, and sends the secret key ciphertext to the encryptor;
and receiving the original key obtained after the encryption machine decrypts the key ciphertext.
According to the user password management method provided by the invention, before the encryption platform determines the key number and the algorithm version number according to the service system for transmitting the user password information, the method further comprises the following steps:
configuring the secret key number and the algorithm version number corresponding to the service system on the encryption platform;
and responding to an updating instruction of the key number and the algorithm version number corresponding to the service system, configuring the key number and the algorithm version number corresponding to the service system as the updated key number and algorithm version number, and reserving the corresponding relation between the key number and the key ciphertext before updating and the corresponding relation between the algorithm version number and the encryption algorithm before updating.
According to the user password management method provided by the invention, the encryption platform acquires user password information, and the method comprises the following steps:
the encryption platform receives a first ciphertext and a session identifier, and searches a session encryption key corresponding to the session identifier according to the session identifier;
and decrypting the first ciphertext by using the session encryption key to obtain the user password information.
According to the user password management method provided by the invention, after the user password ciphertext is obtained, the method further comprises the following steps:
and encrypting the user password ciphertext by using the session encryption key to obtain a second ciphertext, and sending the second ciphertext.
According to the user password management method provided by the invention, the method further comprises the following steps: the encryption platform configures a preset current limiting strategy, matches the real-time operation information of the user with the preset current limiting strategy, and limits the current of the successfully matched real-time operation;
the flow restriction policy includes an operation type, an operation dimension, and an operation frequency, the operation type including at least one of cryptographic encryption, cryptographic verification, interface access, and login.
The invention also provides a computer device comprising a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the user password management method when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program, characterized in that the computer program, when executed by a processor, implements a user password management method as described above.
The invention provides a user password management method, a computer device and a storage medium, wherein user password information is acquired through an encryption platform, and comprises user password plaintext and user identification; the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by the encryptor, and encrypts the user password plaintext and the user identifier by using the original secret key and the encryption algorithm to obtain a user password ciphertext; the method can improve the password security and has short encryption time, is suitable for the user password encryption scene of the lightweight software program, brings the user identification into the password calculation process, prevents equivalent collision of the same password, and has higher security level.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a user password management method according to the present invention;
FIG. 2 is a second flowchart of a user password management method according to the present invention;
FIG. 3 is a third flow chart of the user password management method according to the present invention;
FIG. 4 is a timing diagram for cryptographic encryption and authentication provided by the present invention;
FIG. 5 is a communication timing diagram of a client and an encryption platform provided by the present invention;
fig. 6 is a schematic diagram of an encryption platform architecture provided by the present invention.
Fig. 7 is a schematic structural diagram of a computer device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flowchart of a user password management method provided by an embodiment of the present invention, where, as shown in fig. 1, the user password management method provided by the embodiment of the present invention includes:
step 101, an encryption platform acquires user password information, wherein the user password information comprises a user password plaintext and a user identifier;
in the embodiment of the invention, the user identifier comprises an administrator identifier and a service user identifier, and each service user has a unique identifier to prevent the same password equivalent collision.
Step 102, the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by the encryptor, and uses the original secret key and the encryption algorithm to encrypt the user password plaintext and the user identifier to obtain the user password ciphertext.
In an embodiment of the present invention, the encryption platform determines an encryption algorithm for encrypting user password information and an original key generated and transmitted by an encryptor, including:
the encryption platform determines a key number and an algorithm version number according to a service system for transmitting user password information;
determining an encryption algorithm according to the algorithm version number;
searching a secret key ciphertext according to the secret key number, wherein the secret key ciphertext comprises two sub-secret key ciphers;
and acquiring the corresponding original secret key according to the two sub-secret key ciphertexts, wherein the original secret key comprises a first sub-secret key and a second sub-secret key.
In the embodiment of the invention, the encryption operation on the user password and the user identifier by using the original secret key and the encryption algorithm comprises the following steps:
performing summary calculation on the user identifier and the user password by utilizing an encryption algorithm according to the first subkey to obtain a user identifier summary and a user password summary;
in the embodiment of the invention, the first subkey is an HMACwithsM3 algorithm key, and the HMAC (Keyed-Hashing for Message Authentication) operation uses a hash algorithm, takes a key and a message as inputs, and generates a message digest as output.
Performing misplacement exclusive OR calculation on the user identification abstract and the user password abstract according to the second sub secret key to obtain a symmetrical encryption secret key;
the second sub-secret key is an SM4 algorithm secret key, the user password is encrypted through an HMACwithSM3 algorithm and an SM4 algorithm, the calculation process is simple and irreversible, and the commercial algorithm is used, so that the requirements of national password transformation are met.
Symmetric encryption key and encryption algorithm are used for carrying out symmetric encryption operation on the user password abstract, and an original ciphertext of the user password is obtained;
and splicing the original ciphertext of the user password with the key number and the algorithm version number to obtain the ciphertext of the user password.
The encryption platform adds the secret key number and the algorithm version number into the password secret document, transmits the password secret document to the service system, and transmits the password secret document to the encryption platform when the service system stores and verifies the password.
In the embodiment of the invention, external information is introduced to carry out encryption operation, so that a multi-round encryption calculation process can be omitted, encryption complexity is reduced, and encryption time is shortened; by adding the algorithm version identifier, different algorithms can be compatible, and forward compatibility of the password verification algorithm is ensured.
The traditional user password management method uses a bcrypt algorithm to encrypt a user password, the bcrypt algorithm obtains a ciphertext through salt encryption of the password, and the security of the password is improved, but because the bcrypt algorithm needs to encrypt a user password abstract for a plurality of rounds, the encryption process is complex, the time consumption is long, the method is not suitable for application scenes of software applied to lightweight software application programs such as house property transactions, the user experience is affected, and if different users set the same password, equivalent collision of the same password is caused, and the security is affected.
The user password management method provided by the embodiment of the invention obtains the user password information through the encryption platform, wherein the user password information comprises a user password plaintext and a user identifier; the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by the encryptor, and encrypts the user password plaintext and the user identifier by using the original secret key and the encryption algorithm to obtain a user password ciphertext; the user password ciphertext is sent, so that the password security is high, the encryption time is short, the method is suitable for a user password encryption scene of a lightweight software program, the user identification is brought into a password calculation process, the same password is prevented from equivalent collision, and the security level is higher.
Based on any of the above embodiments, as shown in fig. 2, the user password management method further includes:
step 201, the encryption platform acquires a password verification request;
in the embodiment of the invention, the encryption platform acquires a password verification request, which comprises the following steps:
and the encryption platform receives the password verification request ciphertext and decrypts the password verification request ciphertext to obtain the password verification request.
In the embodiment of the invention, the password verification request comprises but is not limited to inputting password plaintext, user identification, user password ciphertext corresponding to the user identification stored in a service system and the like;
and 202, the encryption platform performs verification according to the password verification request.
In the embodiment of the invention, the encryption platform performs verification according to the password verification request, and comprises the following steps:
step 2021, resolving from the user password text to obtain a key number and an algorithm version number;
step 2022, determining a corresponding key ciphertext according to the key number, and determining an original key according to the key ciphertext;
step 2023, determining an encryption algorithm according to the algorithm version number;
step 2024, encrypting the input cipher text and the user identifier according to the original secret key and the encryption algorithm to obtain the input cipher text;
step 2025, comparing the input password ciphertext with the user password ciphertext, and if the input password and the user password ciphertext are the same, verifying the input password.
Based on any of the above embodiments, before the encryption platform obtains the user password information, the method further includes:
the encryption platform initializes and loads the key number and the key ciphertext corresponding to the key number, and sends the key ciphertext to the encryption machine;
and receiving an original secret key obtained after the encryption machine decrypts the secret key ciphertext.
In the embodiment of the invention, the encryption platform acquires the user password information, which comprises the following steps:
the encryption platform receives the first ciphertext and the session identifier, and searches a session encryption key corresponding to the session identifier according to the session identifier;
and decrypting the first ciphertext by using the session encryption key to obtain the user password information.
In the embodiment of the invention, after obtaining the user password ciphertext, the method further comprises the following steps:
and encrypting the user password ciphertext by using a session encryption key to obtain a second ciphertext, and sending the second ciphertext.
The process of initializing the encryption platform comprises the following steps: reading all the key numbers and the key ciphertexts corresponding to the key numbers, sending the key ciphertexts to an encryptor for decryption, decrypting by the encryptor to obtain an original key, sending the original key to an encryption platform, loading the original key into a memory by the encryption platform, and enabling the key to disappear after the encryption platform is restarted, so that the encryption platform does not store the original key in practice, and the purpose of isolating the key from the encryption platform is achieved.
In the process of encrypting and verifying the password, the password ciphertext is found through the password number, and then the corresponding original password is found, so that the password security is further improved.
Based on any of the above embodiments, before the encryption platform determines the key number and the algorithm version number according to the service system that sends the user password information, the encryption platform further includes:
configuring a key number and an algorithm version number corresponding to a service system on an encryption platform;
and in response to an updating instruction of the key number and the algorithm version number corresponding to the service system, configuring the key number and the algorithm version number corresponding to the service system into the updated key number and algorithm version number, and reserving the corresponding relation between the key number and the key ciphertext before updating and the corresponding relation between the algorithm version number and the encryption algorithm before updating.
By configuring the service system to correspond to the key number and the algorithm version number, if the key and the algorithm can be updated, the key and the algorithm are only required to be added on the encryption platform, and the configuration of the service system is updated.
The corresponding relation between the previous key number and the key ciphertext and the corresponding relation between the algorithm version number and the algorithm are reserved, the old key and algorithm can be compatible forwards, and if one password is encrypted by the old key and algorithm, the password can still be decrypted by the encryption platform. The verification of the old version password is not affected by changing the encryption key, the verification of the new version password is not affected by the newly added key, once the original key is revealed, the key can be timely changed, and the password security of the user is further improved.
In some embodiments of the invention, further comprising: the encryption platform configures a preset current limiting strategy, matches the real-time operation information of the user with the preset current limiting strategy, and limits the current of the successfully matched real-time operation;
the flow restriction policy includes an operation type, an operation dimension, and an operation frequency, the operation type including at least one of cryptographic encryption, cryptographic authentication, interface access, and login.
The specific flow restriction strategy is shown in table 1.
Table 1 current limiting strategy
In the embodiment of the invention, the access frequency of the generated and verified passwords of the same user is limited by providing the basic current limiting strategy, so that the user passwords of the service system are prevented from being exhaustive.
Based on any of the above embodiments, as shown in fig. 3, the method for managing user passwords provided in the embodiment of the invention includes:
step 301, responding to a client password verification request, and acquiring a password ciphertext stored by a client;
step 302, if the cipher prefix of the cipher text is the same as the preset cipher prefix, resolving the key number from the cipher text;
step 303, obtaining key information according to the key number, and encrypting the verification password input by the client according to the key information;
step 304, if the cipher text is the same as the encrypted verification cipher, the verification is passed.
In an embodiment of the present invention, the cryptographic storage and authentication timing is shown in fig. 4. The cryptographic encryption and authentication process is stored separately from the key relied upon, which can be updated independently, and key decryption relies on the encryptor. When the key and algorithm are required to be replaced, the server only needs to be changed, the service system is not required to be changed, frequent adjustment of the service system is reduced, and convenience in adjustment of the password strategy is improved.
In some embodiments of the present invention, the communication between the client and the encryption platform is established on a secure session, and the interaction sequence is shown in fig. 5, and when the session is started, the service system of the client stores the encryption platform public key PK, the client system identifier S and the secret key K, where the encryption platform public key PK in the service system and the secret key in the encryption platform are a pair. In the session establishment process, the service system generates a random secret key P, encrypts an encryption platform public key PK by using the random secret key P to obtain a ciphertext EP, acquires a current time T, generates a digest D according to the current time T, and sends the ciphertext EP, the digest D, a system identifier S and the current time T to the encryption platform. The encryption platform acquires a system key K 'according to the system identifier S, calculates a digest D' according to the system key K ', compares whether the digest D' is consistent with the digest D, and if so, decrypts the ciphertext EP by using an encryption platform private key corresponding to the encryption platform public key PK to obtain a random key P. The encryption platform generates a secret key SP, encrypts the secret key SP by using a random secret key P to obtain a ciphertext SEP, and generates a secure session identifier SI; and returning the secure session identifier and the ciphertext SEP to the service system, decrypting the ciphertext SEP by the service system by using the random key P to obtain a key SP, and storing the key SP and the secure session identifier SI.
The user password information encryption, the password ciphertext return and the user password verification all need the client side to carry out encryption communication with the encryption platform. In the encryption communication process, a secret key SP is used for encrypting an original message M (comprising information such as a user identifier, a password plaintext and the like) to obtain a ciphertext E, a secure session identifier SI and the ciphertext E are sent to an encryption platform, the encryption platform searches the secret key SP according to the secure session identifier SI, and the secret key SP is used for decrypting the ciphertext E to obtain the original message M, namely user password information, so that the user password information is encrypted, and the data transmission process between a client and the encryption platform is ensured not to be leaked.
In the embodiment of the invention, the cipher text structure is shown in table 2.
Table 2 cipher text structure table
Length of 4 bytes 4 bytes 4 bytes 64 bytes
Content Fixed prefix Algorithm version Secret key numbering Ciphertext (ciphertext)
Some software application programs of user property trade have simpler user passwords which are only 6 digits and are easy to be broken, and the safety of the user passwords can be improved by using the method described in the embodiment.
In some embodiments of the present invention, as shown in fig. 6, the encryption platform interfaces with the database and the encryption machine, and the service architecture includes a service system, an administrator, a cryptographic module, a data cryptographic module, a login module, a rights management module, a key configuration module, a cryptographic verification module, a data decryption module, a user maintenance module, an application configuration module, a user authentication module, an application authentication module (application authentication is application authentication of a service end, user authentication is user authentication of the encryption platform), a current-limiting policy module, a key storage module, a key generation module, and the like.
In some embodiments of the present invention, the encryption program is Java-based and uses bouncycastle-1.56 to provide universal encryption and decryption capabilities. The encryption platform architecture is built by using SpringBoot2.1.8, the authority system is realized by integrating a shiro framework, a front-end framework is vue, and data storage is Mysql.
Fig. 7 illustrates a physical schematic diagram of a computer apparatus, as shown in fig. 7, which may include: processor 710, communication interface (Communications Interface) 720, memory 730, and communication bus 740, wherein processor 710, communication interface 720, memory 730 communicate with each other via communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform an outbound method comprising: the encryption platform acquires user password information, wherein the user password information comprises user password plaintext and user identification; the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by the encryptor, and encrypts the user password plaintext and the user identifier by using the original secret key and the encryption algorithm to obtain a user password ciphertext; and sending the user password ciphertext.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiment of the invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the user password management method as described above, comprising: the encryption platform acquires user password information, wherein the user password information comprises user password plaintext and user identification; the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by the encryptor, and encrypts the user password plaintext and the user identifier by using the original secret key and the encryption algorithm to obtain a user password ciphertext; and sending the user password ciphertext.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A user password management method, comprising:
the encryption platform acquires user password information, wherein the user password information comprises user password plaintext and user identification;
the encryption platform determines an encryption algorithm used for encrypting the user password information and an original secret key generated and sent by an encryptor, and uses the original secret key and the encryption algorithm to encrypt the user password plaintext and the user identifier to obtain a user password ciphertext.
2. The user password management method according to claim 1, wherein the encryption platform determines an encryption algorithm for encrypting the user password information and an original key generated and transmitted by an encryptor, comprising:
the encryption platform determines a key number and an algorithm version number according to a service system for transmitting the user password information;
determining the encryption algorithm according to the algorithm version number;
searching a secret key ciphertext according to the secret key number, wherein the secret key ciphertext comprises two sub-secret key ciphers;
and obtaining the corresponding original secret key according to the two sub-secret key ciphertext, wherein the original secret key comprises a first sub-secret key and a second sub-secret key.
3. The user password management method according to claim 2, wherein encrypting the user password and the user identification using the original key and the encryption algorithm comprises:
performing summary calculation on the user identifier and the user password by utilizing the encryption algorithm according to the first subkey to obtain a user identifier summary and a user password summary;
performing misplacement exclusive OR calculation on the user identification abstract and the user password abstract according to the second sub secret key to obtain a symmetrical encryption secret key;
performing symmetric encryption operation on the user password abstract by using the symmetric encryption key and the encryption algorithm to obtain an original ciphertext of the user password;
and splicing the original ciphertext of the user password with the secret key number and the algorithm version number to obtain the ciphertext of the user password.
4. The user password management method of claim 1, wherein the method further comprises:
the encryption platform acquires a password verification request;
and the encryption platform performs verification according to the password verification request.
5. The method according to claim 4, wherein the password authentication request includes an input password plaintext, the user identification, and the user password ciphertext corresponding to the user identification stored in a service system;
the encryption platform verifies according to the password verification request, and comprises the following steps:
resolving the user password secret to obtain a secret key number and an algorithm version number;
determining a corresponding secret key ciphertext according to the secret key number, and determining the original secret key according to the secret key ciphertext;
determining the encryption algorithm according to the algorithm version number;
encrypting the input password plaintext and the user identifier according to the original secret key and the encryption algorithm to obtain an input password ciphertext;
and comparing the input password ciphertext with the user password ciphertext, and if the input password ciphertext and the user password ciphertext are the same, verifying the input password.
6. The user password management method of claim 1, wherein before the encryption platform obtains user password information, the method further comprises:
the encryption platform initializes and loads a secret key number and a secret key ciphertext corresponding to the secret key number, and sends the secret key ciphertext to the encryptor;
and receiving the original key obtained after the encryption machine decrypts the key ciphertext.
7. The user password management method of claim 2, wherein before the encryption platform determines a key number and an algorithm version number according to a service system transmitting the user password information, the method further comprises:
configuring the secret key number and the algorithm version number corresponding to the service system on the encryption platform;
and responding to an updating instruction of the key number and the algorithm version number corresponding to the service system, configuring the key number and the algorithm version number corresponding to the service system as the updated key number and algorithm version number, and reserving the corresponding relation between the key number and the key ciphertext before updating and the corresponding relation between the algorithm version number and the encryption algorithm before updating.
8. The user password management method of claim 1, wherein the method further comprises: the encryption platform configures a preset current limiting strategy, matches the real-time operation information of the user with the preset current limiting strategy, and limits the current of the successfully matched real-time operation;
the flow restriction policy includes an operation type, an operation dimension, and an operation frequency, the operation type including at least one of cryptographic encryption, cryptographic verification, interface access, and login.
9. A computer apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the user password management method of any of claims 1 to 8 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the user password management method according to any of claims 1 to 8.
CN202310896976.0A 2023-07-20 2023-07-20 User password management method, computer device and storage medium Pending CN117034309A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310896976.0A CN117034309A (en) 2023-07-20 2023-07-20 User password management method, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310896976.0A CN117034309A (en) 2023-07-20 2023-07-20 User password management method, computer device and storage medium

Publications (1)

Publication Number Publication Date
CN117034309A true CN117034309A (en) 2023-11-10

Family

ID=88638147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310896976.0A Pending CN117034309A (en) 2023-07-20 2023-07-20 User password management method, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN117034309A (en)

Similar Documents

Publication Publication Date Title
CN110120869B (en) Key management system and key service node
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
US10742422B1 (en) Digital transaction signing for multiple client devices using secured encrypted private keys
US8462955B2 (en) Key protectors based on online keys
CN108650210A (en) A kind of Verification System and method
US20140068267A1 (en) Universal secure messaging for cryptographic modules
CN110059458B (en) User password encryption authentication method, device and system
CN108809633B (en) Identity authentication method, device and system
CN112351037B (en) Information processing method and device for secure communication
CN111130798B (en) Request authentication method and related equipment
CN111740995B (en) Authorization authentication method and related device
KR102364649B1 (en) APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF
KR20210015264A (en) APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF USING WHITE-BOX CRYPTOGRAPHY
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN113395406A (en) Encryption authentication method and system based on power equipment fingerprints
WO2017020669A1 (en) Method and device for authenticating identity of node in distributed system
CN114765543A (en) Encryption communication method and system of quantum cryptography network expansion equipment
WO2023116266A1 (en) Communication encryption method, system, and device
US20090164782A1 (en) Method and apparatus for authentication of service application processes in high availability clusters
CN112398818B (en) Software activation method and related device thereof
KR102539418B1 (en) Apparatus and method for mutual authentication based on physical unclonable function
CN117034309A (en) User password management method, computer device and storage medium
CN114282189A (en) Data security storage method, system, client and server
CN109922042B (en) Method and system for managing sub-keys of lost equipment
CN110768792A (en) Master key generation method and device and encryption and decryption method of sensitive security parameters

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination