CN117240487A - Information processing method, apparatus, device, storage medium, and program product - Google Patents

Information processing method, apparatus, device, storage medium, and program product Download PDF

Info

Publication number
CN117240487A
CN117240487A CN202210644865.6A CN202210644865A CN117240487A CN 117240487 A CN117240487 A CN 117240487A CN 202210644865 A CN202210644865 A CN 202210644865A CN 117240487 A CN117240487 A CN 117240487A
Authority
CN
China
Prior art keywords
information
target
key
encryption key
keyboard
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210644865.6A
Other languages
Chinese (zh)
Inventor
康铭海
李玉峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202210644865.6A priority Critical patent/CN117240487A/en
Publication of CN117240487A publication Critical patent/CN117240487A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The application provides an information processing method, an information processing device, information processing equipment, an information processing storage medium and an information processing computer program product, which can be applied to various scenes such as cloud technology, artificial intelligence, intelligent traffic, auxiliary driving and the like; the method comprises the following steps: receiving a calling instruction of a security keyboard aiming at an applet in the applet operated based on a client; transmitting verification information of the applet in response to the call instruction, wherein the verification information is used for generating an encryption key of the secure keyboard after verification is passed; receiving an encryption key returned based on the verification information, and displaying a security keyboard; when target information input based on the safety keyboard is received, encrypting the target information by adopting an encryption key to obtain encryption information, wherein the encryption information is used for obtaining the target information input based on the safety keyboard when decrypting by a decryption key corresponding to the encryption key; according to the application, the safety keyboard can be realized at the applet end, and the safety of the applet end based on the information input by the keyboard is improved.

Description

Information processing method, apparatus, device, storage medium, and program product
Technical Field
The present application relates to the field of computer technology, and in particular, to an information processing method, apparatus, device, storage medium, and computer program product.
Background
In the related art, a security keyboard is generally implemented based on a digital certificate, and information input based on the security keyboard is encrypted based on the digital certificate, so that the security of the input information is ensured. However, installation of the digital certificate depends on support of the client, resulting in that the related art can implement a secure keypad only at the client. With the development of internet technology, the applet is used by more and more users, but the applet end does not support the installation of the digital certificate, and no solution exists in the related technology of how to realize the secure keyboard at the applet end, so that the use of the applet brings information potential safety hazard.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing device, information processing equipment, an information processing storage medium and a computer program product, which can realize a safe keyboard at an applet end and improve the safety of information input by the applet end based on the keyboard.
The technical scheme of the embodiment of the application is realized as follows:
the embodiment of the application provides an information processing method, which comprises the following steps:
Receiving a call instruction of a security keyboard aiming at an applet in the applet operated based on a client;
transmitting verification information of the small program in response to the call instruction, wherein the verification information is used for generating an encryption key of the safety keyboard after verification is passed, and the encryption key is used for encrypting information input based on the safety keyboard;
receiving the encryption key returned based on the verification information and displaying the security keyboard;
when target information input based on the safety keyboard is received, encrypting the target information by adopting the encryption key to obtain encrypted information;
and the encryption information is used for obtaining target information input based on the secure keyboard when decrypting through a decryption key corresponding to the encryption key.
In the above scheme, when receiving the target information input based on the secure keyboard, encrypting the target information by using the encryption key includes:
when target information input based on the secure keyboard is received, acquiring an effective time point and effective duration of the encryption key;
And encrypting the target information by adopting the encryption key when the encryption key is determined to be in a valid state based on the effective time point and the valid duration.
In the above scheme, the method further comprises:
when the encryption key is determined to be in a failure state based on the effective time point and the effective duration, sending target verification information of the small program, wherein the target verification information is used for generating a target encryption key of the security keyboard after verification is passed;
and receiving the target encryption key returned based on the target verification information, wherein the target encryption key is used for encrypting the information input based on the secure keyboard.
In the above solution, before the encrypting the target information by using the encryption key, the method further includes:
and intercepting event bubbling behaviors of the input event corresponding to the target information.
The embodiment of the application also provides an information processing device, which comprises:
the first receiving module is used for receiving a calling instruction of a security keyboard aiming at the small program in the small program operated based on the client;
the sending module is used for responding to the calling instruction and sending verification information of the small program, the verification information is used for generating an encryption key of the safety keyboard after verification is passed, and the encryption key is used for encrypting information input based on the safety keyboard;
The second receiving module is used for receiving the encryption key returned based on the verification information and displaying the security keyboard;
the encryption module is used for encrypting the target information by adopting the encryption key when receiving the target information input based on the safety keyboard, so as to obtain encrypted information;
and the encryption information is used for obtaining target information input based on the secure keyboard when decrypting through a decryption key corresponding to the encryption key.
In the above scheme, the safety keyboard comprises at least one input key, and each input key corresponds to one key value; the sending module is further configured to generate a mapping value corresponding to each key value of the secure keyboard; the sending module is further configured to establish an association relationship between the mapping value corresponding to each key value and the corresponding input key.
In the above solution, the second receiving module is further configured to determine, based on the association relationship, a target mapping value associated with a target input key in the at least one input key in response to a triggering operation for the target input key; and taking the key value corresponding to the target mapping value as the target information input based on the safety keyboard.
In the above scheme, the sending module is further configured to obtain, in response to the call instruction, a target public key of the applet and an object identifier of a target object logged in the applet; encrypting the object identifier by adopting the target public key to obtain verification information of the applet, and sending the verification information; the verification information is used for decrypting the verification information based on a target private key corresponding to the target public key to obtain the object identifier, and verifying the object identifier.
In the above scheme, the sending module is further configured to generate a target key of the applet; the sending module is further configured to encrypt the target key and the object identifier by using the target public key to obtain verification information of the applet, where the target key is used to encrypt the encryption key by using the target key after the encryption key is generated to obtain a target encryption key; the second receiving module is further configured to receive the target encryption key returned based on the verification information.
In the above scheme, the target information includes a plurality of characters arranged according to an input sequence, and the encryption module is further configured to encrypt each of the characters by using the encryption key, so as to obtain encrypted characters corresponding to each of the characters; and splicing the plurality of encrypted characters according to the input sequence to obtain the encrypted information.
In the above scheme, the target information includes a plurality of characters arranged according to an input sequence, and the encryption module is further configured to encrypt a first character with a first input sequence by using the encryption key to obtain an encrypted character corresponding to the first character; for each second character with the input sequence being the non-first one, the following operations are respectively executed according to the input sequence: encrypting the second character and the encrypted character corresponding to the character of which the input sequence is positioned in front of the second character by adopting the encryption key to obtain the encrypted character corresponding to the second character; and taking the encrypted character corresponding to the second character with the last input sequence as the encrypted information.
In the above scheme, the applet has a corresponding encryption mode, and the encryption module is further configured to obtain an encryption algorithm indicated by the encryption mode; and encrypting the target information by adopting the encryption key based on the encryption algorithm to obtain the encryption information.
In the above scheme, the safety keyboard comprises a plurality of input keys, and the second receiving module is further configured to obtain a switching state of an out-of-order display function switch corresponding to the safety keyboard; when the switch state represents that the disorder display function switch is in an on state, displaying the plurality of input keys arranged in a disorder arrangement mode so as to display the safety keyboard; when the switch state represents that the disorder display function switch is in a closed state, displaying the plurality of input keys arranged according to a standard arrangement mode so as to display the safety keyboard; the arrangement positions of the plurality of input keys in the out-of-order arrangement mode are different from the arrangement positions of the plurality of input keys in the standard arrangement mode.
In the above scheme, the encryption module is further configured to obtain an effective time point and an effective duration of the encryption key when receiving the target information input based on the secure keyboard; and encrypting the target information by adopting the encryption key when the encryption key is determined to be in a valid state based on the effective time point and the valid duration.
In the above scheme, the encryption module is further configured to send target verification information of the applet when the encryption key is determined to be in a disabled state based on the effective time point and the effective duration, where the target verification information is used to generate a target encryption key of the secure keyboard after verification is passed; and receiving the target encryption key returned based on the target verification information, wherein the target encryption key is used for encrypting the information input based on the secure keyboard.
In the above scheme, the encryption module is further configured to obtain the encrypted number of times of the encryption key when receiving the target information input based on the secure keyboard; and when the encrypted times do not reach the encryption times threshold of the encryption key, encrypting the target information by adopting the encryption key.
In the above scheme, the encryption module is further configured to intercept event bubbling behaviors of the input event corresponding to the target information.
The embodiment of the application also provides electronic equipment, which comprises:
a memory for storing executable instructions;
and the processor is used for realizing the information processing method provided by the embodiment of the application when executing the executable instructions stored in the memory.
The embodiment of the application also provides a computer readable storage medium which stores executable instructions, and when the executable instructions are executed by a processor, the information processing method provided by the embodiment of the application is realized.
The embodiment of the application also provides a computer program product, which comprises a computer program or instructions, and the computer program or instructions realize the information processing method provided by the embodiment of the application when being executed by a processor.
The embodiment of the application has the following beneficial effects:
in the small program operated based on the client, when receiving a call instruction of a security keyboard for the small program, the small program sends verification information to generate an encryption key of the security keyboard after the verification information passes, and after receiving an encryption key returned based on the verification information, the security keyboard is displayed, and the encryption key is used for encrypting information input based on the security keyboard. Here, when the target information input based on the secure keyboard is received, the target information may be encrypted by using an encryption key to obtain encrypted information, where the encrypted information may be decrypted only by using a decryption key corresponding to the encryption key to obtain the target information input based on the secure keyboard. Therefore, the safety keyboard can be realized at the small program end, and the safety of the information input by the small program end based on the keyboard is improved.
Drawings
FIG. 1 is a schematic diagram of an information processing system 100 according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an electronic device 500 for implementing an information processing method according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of an information processing method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a security keyboard according to an embodiment of the present application;
FIG. 5 is a schematic diagram showing a setup interface of a security keyboard according to an embodiment of the present application;
FIG. 6 is a flow chart of an information processing method according to an embodiment of the present application;
FIG. 7 is a schematic flow chart of an information processing method according to an embodiment of the present application;
fig. 8 is a schematic diagram of time-consuming data of a secure keyboard implementing encryption and decryption processes according to an embodiment of the present application.
Detailed Description
The present application will be further described in detail with reference to the accompanying drawings, for the purpose of making the objects, technical solutions and advantages of the present application more apparent, and the described embodiments should not be construed as limiting the present application, and all other embodiments obtained by those skilled in the art without making any inventive effort are within the scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, the terms "first", "second", "third" and the like are merely used to distinguish similar objects and do not represent a specific ordering of the objects, it being understood that the "first", "second", "third" may be interchanged with a specific order or sequence, as permitted, to enable embodiments of the application described herein to be practiced otherwise than as illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.
Before describing embodiments of the present application in further detail, the terms and terminology involved in the embodiments of the present application will be described, and the terms and terminology involved in the embodiments of the present application will be used in the following explanation.
1) And the client is used for providing various service application programs such as an instant messaging client and a payment client which are operated in the terminal.
2) In response to a condition or state that is used to represent the condition or state upon which the performed operation depends, the performed operation or operations may be in real-time or with a set delay when the condition or state upon which it depends is satisfied; without being specifically described, there is no limitation in the execution sequence of the plurality of operations performed.
3) The applet is a program developed based on a front-end oriented language (e.g. JavaScript) and implementing services in hypertext markup language (HTML, hyper Text Markup Language) pages, which can be interpreted and executed in the client immediately after being downloaded by the client, saving steps installed in the client.
The embodiment of the application provides an information processing method, an information processing device, information processing equipment, an information processing storage medium and a computer program product, which can realize a safe keyboard at an applet end and improve the safety of information input by the applet end based on the keyboard.
The following describes an implementation scenario of the information processing method provided by the embodiment of the present application. Referring to fig. 1, fig. 1 is a schematic diagram of an architecture of an information processing system 100 according to an embodiment of the present application, in order to support an exemplary application, a terminal 400 is connected to a server 200 through a network 300, where the network 300 may be a wide area network or a local area network, or a combination of both, and a wireless or wired link is used to implement data transmission.
The terminal 400 is used for receiving a call instruction of a security keyboard aiming at the small program in the small program operated based on the client; in response to the call instruction, transmitting authentication information of the applet to the server 200;
The server 200 is configured to receive the verification information, and verify the verification information to obtain a verification result; when the verification result characterization passes the verification of the verification information, generating an encryption key of the safety keyboard, wherein the encryption key is used for encrypting the information input based on the safety keyboard; returning the encryption key to the terminal 400;
the terminal 400 is further configured to receive an encryption key returned by the server 200 based on the authentication information, and display a security keyboard; in response to inputting the target information based on the secure keyboard, encrypting the target information by using the encryption key to obtain encrypted information, and transmitting the encrypted information to the server 200;
the server 200 is further configured to decrypt the encrypted information by using a decryption key corresponding to the encryption key, to obtain the target information.
In some embodiments, the information processing method provided by the embodiments of the present application may be implemented by various electronic devices, for example, may be implemented by a terminal alone, may be implemented by a server alone, or may be implemented by a terminal and a server in cooperation. The embodiment of the application can be applied to various scenes, including but not limited to cloud technology, artificial intelligence, intelligent transportation, auxiliary driving and the like.
In some embodiments, the electronic device implementing information processing provided by the embodiments of the present application may be various types of terminal devices or servers. The server (e.g., server 200) may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers. The terminal (e.g., terminal 400) may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart voice interaction device (e.g., a smart speaker), a smart home appliance (e.g., a smart television), a smart watch, a vehicle-mounted terminal, etc. The terminal and the server may be directly or indirectly connected through wired or wireless communication, which is not limited in the embodiment of the present application.
In some embodiments, the terminal or the server may implement the information processing method provided by the embodiments of the present application by running a computer program, for example, the computer program may be a native program or a software module in an operating system; a Native Application (APP), i.e. a program that needs to be installed in an operating system to run; the method can also be an applet, namely a program which can be run only by being downloaded into a browser environment; but also an applet that can be embedded in any APP. In general, the computer programs described above may be any form of application, module or plug-in.
In some embodiments, multiple servers may be organized into a blockchain, and the servers may be nodes on the blockchain, where there may be an information connection between each node in the blockchain, and where information may be transferred between the nodes via the information connection. The data (e.g., the encryption key, the decryption key, the target public key, the corresponding target private key, etc.) related to the information processing method provided by the embodiment of the application may be stored in the blockchain.
In some embodiments, the information processing method provided by the embodiments of the present application may be implemented by means of Cloud Technology (Cloud Technology), which refers to a hosting Technology that unifies serial resources such as hardware, software, networks, etc. in a wide area network or a local area network, so as to implement calculation, storage, processing and sharing of data. The cloud technology is a generic term of network technology, information technology, integration technology, management platform technology, application technology and the like based on cloud computing business model application, can form a resource pool, and is flexible and convenient as required. Cloud computing technology will become an important support. Background services of technical network systems require a large amount of computing and storage resources. As an example, a server (e.g., server 200) may also be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, web services, cloud communications, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms.
The electronic device for implementing the information processing method provided by the embodiment of the application is described below. Referring to fig. 2, fig. 2 is a schematic structural diagram of an electronic device 500 for implementing an information processing method according to an embodiment of the present application. Taking the electronic device 500 as an example of the terminal shown in fig. 1, the electronic device 500 for implementing the information processing method according to the embodiment of the present application includes: at least one processor 510, a memory 550, at least one network interface 520, and a user interface 530. The various components in electronic device 500 are coupled together by bus system 540. It is appreciated that the bus system 540 is used to enable connected communications between these components. The bus system 540 includes a power bus, a control bus, and a status signal bus in addition to the data bus. The various buses are labeled as bus system 540 in fig. 2 for clarity of illustration.
The processor 510 may be an integrated circuit chip with signal processing capabilities such as a general purpose processor, such as a microprocessor or any conventional processor, or the like, a digital signal processor (DSP, digital Signal Processor), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
The memory 550 may be removable, non-removable, or a combination thereof. Memory 550 may optionally include one or more storage devices physically located remote from processor 510. Memory 550 includes volatile memory or nonvolatile memory, and may also include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read Only Memory (ROM), and the volatile Memory may be a random access Memory (RAM, random Access Memory). The memory 550 described in embodiments of the present application is intended to comprise any suitable type of memory.
In some embodiments, memory 550 is capable of storing data to support various operations, examples of which include programs, modules and data structures, or subsets or supersets thereof, as exemplified below.
An operating system 551 including system programs for handling various basic system services and performing hardware-related tasks, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and handling hardware-based tasks;
network communication module 552 is used to reach other computing devices via one or more (wired or wireless) network interfaces 520, exemplary network interfaces 520 include: bluetooth, wireless compatibility authentication (WiFi), and universal serial bus (USB, universal Serial Bus), etc.;
In some embodiments, the information processing apparatus provided in the embodiments of the present application may be implemented in software, and fig. 2 shows an information processing apparatus 553 stored in a memory 550, which may be software in the form of a program, a plug-in, or the like, including the following software modules: the first receiving module 5531, the transmitting module 5532, the second receiving module 5533 and the encrypting module 5534 are logical, so that any combination or further splitting can be performed according to the implemented functions, and the functions of the respective modules will be described below.
The information processing method provided by the embodiment of the application is described below. In some embodiments, the information processing method provided by the embodiments of the present application may be implemented by various electronic devices, for example, may be implemented by a terminal alone, may be implemented by a server alone, or may be implemented by a terminal and a server in cooperation. With reference to fig. 3, fig. 3 is a schematic flow chart of an information processing method according to an embodiment of the present application, where the information processing method according to the embodiment of the present application includes:
step 101: and the terminal receives a call instruction of a security keyboard aiming at the small program in the small program operated by the client.
In practical applications, the terminal is provided with a client, such as an instant messaging client, a financial payment client, and the like. When the terminal receives an operation instruction for the client, and the terminal operates the client based on the operation instruction, the terminal can also operate the applet based on the client. In actual practice, the client may be referred to as a parent application and the applet may be referred to as a child application running in the parent application. The terminal responds to the operation of the applet triggered by the client, an acquisition request of an installation package of the applet can be sent to the server, the server responds to the acquisition request, the installation package of the applet is returned to the terminal, and after the terminal loads the installation package successfully, the applet is installed and operated by the client based on the installation package.
The applet may be used in conjunction with keyboard-based input of information such as payment passwords, login passwords, cell phone numbers, user information (e.g., identity information), address information, etc. For some private information input, the security of the information needs to be ensured, so in the embodiment of the application, the security keyboard can be called in the applet, and the information is input through the security keyboard. In the embodiment of the application, the encryption key of the safety keyboard is adopted to encrypt the information input based on the safety keyboard to obtain the corresponding encrypted information, so that the safety of the information input based on the safety keyboard is ensured, and the information input based on the safety keyboard is prevented from being tampered.
In practical application, a user can call a security keyboard by triggering operation on an information input control in an applet operated on a client, wherein the information input control can be a target type information input control, the target type is used for indicating that the privacy degree of information input by the corresponding information input control reaches a degree threshold, or the information to be protected, for example, the target type information input control can be a password input control, an address input control, an identity information input control and the like. In this way, the terminal receives a call instruction for the security keyboard of the applet in the applet operated based on the client.
Step 102: responding to the calling instruction, and sending verification information of the applet;
the authentication information is used for generating an encryption key of the security keyboard after the authentication is passed, and the encryption key is used for encrypting information input based on the security keyboard.
In practical application, after receiving a call instruction for the security keyboard of the applet, the terminal may initialize the security keyboard in response to the call instruction, so as to display the security keyboard for use by a user after the security keyboard is initialized. Here, the terminal may transmit authentication information of the applet to the server in response to the call instruction; after receiving the verification information, the server verifies the verification information, generates an encryption key of the security keyboard after the verification is passed, and returns the encryption key to the terminal. The encryption key is used for encrypting information input based on the security keyboard.
In practical implementation, the verification information of the applet may be an object identifier (such as identity information, login information, etc.) of a target object (such as a user) logged in the applet. When the verification information is verified, whether the registered object identifiers consistent with the object identifiers exist in the registered object identifiers of the registered objects registered on the applet side or not can be verified, if so, the token verification is passed, and if not, the token verification is not passed.
And after passing the authentication with respect to the authentication information, the server generates an encryption key of the secure keyboard. In actual implementation, the key generation algorithm may be generated, for example, an RSA encryption algorithm, an SM2 encryption algorithm, an SM4 encryption algorithm, and the like. In practical application, the generated key may be a symmetric encryption key, that is, the encryption key and the decryption key are the same key; the encryption key and the decryption key are different keys, wherein the encryption key is a public key (short for public key), the decryption key is a private key (short for private key), and the public key and the private key form an asymmetric encryption key pair. After generating the encryption key, the server may return the encryption key and the corresponding key identification to the terminal. The encryption key may be associated with the logged-on user of the applet, i.e. one encryption key may be associated with each user. On the server side, if the encryption key and the decryption key are different keys (i.e., asymmetric encryption), the encryption key and the decryption key correspond to the same key identifier, so that the decryption key corresponding to the encryption key can be found based on the key identifier of the encryption key, so as to decrypt by the decryption key.
In other embodiments, the server may also request a further dedicated encryption device to generate a key, such as an encryptor, thereby improving the security of the key. After the encryption device generates the key, it may then return to the server for use by the server.
In some embodiments, the terminal, in response to the call instruction, may send the authentication information of the applet by: responding to the calling instruction, and acquiring a target public key of the applet and an object identification of a target object of the login applet; encrypting the object identifier by adopting the target public key to obtain verification information of the applet, and sending the verification information; the verification information is used for decrypting the verification information based on a target private key corresponding to the target public key to obtain an object identifier, and verifying the object identifier.
In practical application, the terminal responds to the call instruction, and can acquire the target public key of the applet, wherein the target public key can be preconfigured and acquire the object identification of the target object of the login applet; and then encrypting the object identifier by adopting the target public key, and particularly encrypting the code value (namely the code value) of the object identifier to obtain the verification information of the applet, thereby transmitting the verification information to the server. After receiving the verification information, the server acquires a target private key corresponding to the target public key, wherein the target private key can be preconfigured; and then decrypting the verification information by adopting the target private key to obtain the object identification of the target object, thereby verifying the object identification. Specifically, it may be verified whether a registered object identifier consistent with the registered object identifier exists among the registered object identifiers of the plurality of registered objects that have been registered on the applet side, if so, the token verification is passed, and if not, the token verification is not passed.
By applying the embodiment, the object identifier is encrypted by adopting the target public key in an asymmetric encryption mode to obtain the verification information, so that the security of the information (such as the object identifier) carried in the verification information can be ensured, and illegal tampering is avoided.
In some embodiments, the terminal may further carry a target key when sending the verification information, so that when the server returns the encryption key, the encryption key is encrypted and retransmitted through the target key, and the security of the encryption key is ensured. In practical application, the terminal can generate a target key of the applet;
correspondingly, the terminal can encrypt the object identifier by adopting the target public key in the following manner to obtain the verification information of the applet: and encrypting the target key and the object identifier by using the target public key to obtain verification information of the applet, wherein the target key is used for encrypting the encryption key by using the target key after generating the encryption key to obtain the target encryption key. Accordingly, the terminal may receive the encryption key returned based on the authentication information as follows: and receiving a target encryption key returned based on the verification information.
In practical application, the object key of the applet can be generated on the applet side, and the object key can be a symmetric encryption key, namely the encryption key and the decryption key are the same key; or may be asymmetrically encrypted keys, i.e. the encryption key and the decryption key are different keys. At this time, when the terminal sends the verification information, the terminal may also carry the target key in the verification information, that is, the terminal encrypts the target key and the object identifier by using the target public key, to obtain the verification information of the applet. After receiving the verification information, the server decrypts the verification information by adopting a target private key corresponding to the target public key to obtain a target key and an object identifier; then verifying the verification information based on the object identifier, and generating an encryption key of the security keyboard after the verification is passed; and after the encryption key is generated, encrypting the encryption key by adopting the target key to obtain the target encryption key, so that the target encryption key obtained by encryption is returned to the terminal. And the terminal receives the target encryption key returned based on the verification information.
By applying the embodiment, when the encryption key is returned to the terminal based on the verification information, the target encryption key obtained by encrypting the target key can be transmitted, so that the security of the encryption key is ensured, and the security of the input information based on the security keyboard is further improved.
Step 103: and receiving an encryption key returned based on the verification information, and displaying a security keyboard.
In practical applications, the terminal may receive an encryption key returned based on the authentication information. At this time, the terminal completes initializing the secure keyboard at the applet side, and may display the secure keyboard. Referring to fig. 4, fig. 4 is a schematic display diagram of a security keyboard according to an embodiment of the present application, where the security keyboard includes a plurality of input keys, each input key corresponding to a corresponding key value, for a user to input information indicated by the key value.
In some embodiments, the terminal may display the security keypad by: acquiring the switching state of an out-of-order display function switch corresponding to the safety keyboard; when the switch state represents that the disorder display function switch is in an on state, displaying a plurality of input keys arranged in a disorder arrangement mode so as to display a safety keyboard; when the switch state represents that the disorder display function switch is in a closed state, displaying a plurality of input keys arranged according to a standard arrangement mode so as to display a safety keyboard; the arrangement positions of the plurality of input keys in the out-of-order arrangement mode are different from the arrangement positions of the plurality of input keys in the standard arrangement mode.
In practical application, a corresponding disorder display function switch can be arranged for the safety keyboard, the disorder display function switch can be positioned at a user side, and a user can adjust the switch state of the disorder display function switch according to the needs; the disorder display function switch can also be positioned on the developer side of the small program, and the developer uniformly adjusts the switch state of the disorder display function switch.
Based on the above, when the terminal displays the safety keyboard, firstly, acquiring the switch state of the disordered display function switch corresponding to the safety keyboard; when the switch state represents that the disorder display function switch is in an on state, displaying a plurality of input keys arranged according to a disorder arrangement mode so as to display a safety keyboard; when the switch state represents that the disorder display function switch is in a closed state, displaying a plurality of input keys arranged according to a standard arrangement mode so as to display a safety keyboard; the arrangement positions of the plurality of input keys in the out-of-order arrangement mode are different from the arrangement positions of the plurality of input keys in the standard arrangement mode.
As an example, with continued reference to fig. 4, here, as shown in (1) of fig. 4, the out-of-order display function switch "out-of-order keyboard" is in an off state, and a plurality of input keys in the security keyboard are arranged in a standard arrangement; as shown in fig. 4 (2), the disorder display function switch "disorder keyboard" is in an on state, and a plurality of input keys in the security keyboard are arranged in a disorder arrangement. The arrangement position of the plurality of input keys in the disordered arrangement mode is different from the arrangement position of the plurality of input keys in the standard arrangement mode, and in actual implementation, the arrangement position of each input key in the disordered arrangement mode is different from the arrangement position in the standard arrangement mode; it is also possible that the arrangement positions of part of the input keys in the out-of-order arrangement are different from the arrangement positions in the standard arrangement.
As an example, referring to fig. 5, fig. 5 is a schematic display diagram of a setting interface of a security keyboard according to an embodiment of the present application. Here, the setting interface of the security keyboard may be an applet developer interface for the applet developer to set the security keyboard. The setup interface of the security keypad may include: an out-of-order display function switch "out-of-order keyboard" (whether the input keys for setting the security keyboard are arranged in a standard arrangement or in an out-of-order arrangement), an encryption mode setting control "encryption mode" (including sm2/sm4 encryption mode, and rsa/ae encryption mode), and a night mode function switch "night mode" (for setting whether the security keyboard is in night mode).
In practical application, the safety keyboard can support the input of characters such as numbers, letters, punctuation marks, mathematical symbols, network symbols and the like, and can also support triggering character deleting instructions, confirmation instructions and the like.
Step 104: and when receiving the target information input based on the safety keyboard, encrypting the target information by adopting an encryption key to obtain encrypted information.
The encryption information is used for obtaining target information input based on the security keyboard when decryption is carried out through a decryption key corresponding to the encryption key.
In practical application, when the terminal receives the target information input based on the security keyboard, the target information is encrypted by adopting an encryption key to obtain the encryption information, so that the security of the data on the applet side is ensured. Thus, if the encryption information is sent to the server, the security of the data in the transmission process can be ensured; for the server, after receiving the encrypted information, the encrypted information can be decrypted only by acquiring a decryption key corresponding to the encryption key, so that the target information is obtained, and the security of the data at the server side is ensured.
In practical application, after the target information is sent to the server, the server may process, such as store, verify, etc., the target information is taken as a login password, and the server may verify the target information to determine whether the login password can be successfully logged in.
In some embodiments, the secure keyboard includes at least one input key, each input key corresponding to a key value; before the terminal responds to the calling instruction and sends the verification information of the applet, the terminal can also generate a mapping value corresponding to each key value of the security keyboard; correspondingly, before the secure keyboard is displayed in the information input interface, the terminal can establish a mapping value corresponding to each key value and an association relation between the mapping value and the corresponding input key. Accordingly, the terminal may receive the target information input based on the security keypad as follows: in response to a triggering operation for a target input key in the at least one input key, determining a target mapping value associated with the target input key based on the association relationship; and taking the key value corresponding to the target mapping value as target information input based on the safety keyboard.
In practice, the security keyboard comprises at least one input key, each input key corresponding to a key value, such as the numbers "1, 2, 3 … …", the letters "a, b, c … …". After receiving the call instruction, the terminal can firstly generate a mapping value corresponding to each key value of the security keyboard in the process of calling the security keyboard, wherein the mapping value can be randomly generated based on the corresponding key value; then establishing a mapping value corresponding to each key value and an association relation between the mapping value and the corresponding input key; thus, a mapping relationship between "key value-mapping value-input key" is obtained. Based on this, when the user inputs information based on the secure keyboard, the terminal determines a target mapping value associated with a target input key based on the above-described association relationship in response to a trigger operation for the target input key of the at least one input key, and then uses a key value corresponding to the target mapping value as the target information input based on the secure keyboard.
In some embodiments, before the terminal encrypts the target information by using the encryption key, the terminal may also intercept event bubbling actions of the input event corresponding to the target information, so as to avoid being identified and acquired by an outer event, and further improve the security of inputting the information by using the security keyboard.
In some embodiments, the applet has a corresponding encryption mode, and the terminal may encrypt the target information with the encryption key to obtain the encrypted information by: acquiring an encryption algorithm indicated by an encryption mode; and encrypting the target information by adopting an encryption key based on an encryption algorithm to obtain encrypted information.
In practical applications, the applet may be provided with a corresponding encryption mode, which may be preset by the applet developer at the time of applet development (as shown in fig. 5, may be set by an encryption mode control), and the encryption modes may include an SM2 encryption mode (indicating an SM2 encryption algorithm), an SM4 encryption mode (indicating an SM4 encryption algorithm), an RSA encryption mode (indicating an RSA encryption algorithm), an AES encryption mode (indicating an AES encryption algorithm), and the like. Based on the above, when the terminal encrypts the target information, the terminal can acquire the encryption algorithm indicated by the encryption mode, and then encrypt the target information by using the encryption key based on the encryption algorithm to obtain the encrypted information.
In some embodiments, the target information includes a plurality of characters arranged in the input order, and the terminal may encrypt the target information with the encryption key to obtain the encrypted information by: encrypting each character by adopting an encryption key to obtain an encrypted character corresponding to each character; and splicing the plurality of encrypted characters according to the input sequence to obtain the encrypted information.
In practical applications, the target information may include a plurality of characters arranged in the input order. Thus, each character can be encrypted by adopting an encryption key to obtain an encrypted character corresponding to each character; and then splicing the obtained plurality of encrypted characters according to the input sequence to obtain the encrypted information.
Of course, in other embodiments, the encrypted characters obtained by encryption may be directly used as the encryption information without stitching the encrypted characters. In other embodiments, the encryption key object may be used to encrypt the plurality of encrypted characters to obtain encrypted information, so as to improve the encryption complexity of the target information, improve the difficulty of cracking the encrypted information, and further improve the information security.
In some embodiments, the target information includes a plurality of characters arranged in the input order, and the terminal may encrypt the target information with the encryption key to obtain the encrypted information by: encrypting the first character by adopting an encryption key aiming at the first character with the input sequence as the first bit to obtain an encrypted character corresponding to the first character; for each second character with the input sequence being the non-first one, the following operations are respectively executed according to the input sequence: encrypting the second character and the encrypted character corresponding to the character of which the input sequence is positioned in front of the second character by adopting an encryption key to obtain the encrypted character corresponding to the second character; and taking the encrypted character corresponding to the second character with the last input sequence as encryption information.
As an example, the target information includes a plurality of characters "A, B, C, D", and is encrypted using the encryption scheme described above: encrypting the A by adopting an encryption key to obtain an encrypted character '1' corresponding to the A; encrypting the B and the encrypted character '1' by adopting an encryption key to obtain an encrypted character '2' corresponding to the B; encrypting the C and the encrypted character '2' by adopting an encryption key to obtain an encrypted character '3' corresponding to the C; and encrypting the D and the encrypted character '3' by adopting an encryption key to obtain an encrypted character '4' corresponding to the B. By applying the embodiment, the encryption complexity of the target information can be improved, the difficulty of cracking the encrypted information is improved, and the information security is further improved.
In some embodiments, the terminal may encrypt the target information with the encryption key by: when target information input based on a secure keyboard is received, acquiring an effective time point and effective duration of an encryption key; and when the encryption key is determined to be in a valid state based on the effective time point and the valid time length, encrypting the target information by adopting the encryption key.
Correspondingly, when the encryption key is determined to be in a failure state based on the effective time point and the effective time length, the target verification information of the small program is sent and is used for generating the target encryption key of the security keyboard after verification is passed; and receiving a target encryption key returned based on the target verification information, wherein the target encryption key is used for encrypting the information input based on the security keyboard.
In practical application, the encryption key has a corresponding validity duration and a validation time point. When the terminal receives target information input based on the security keyboard, acquiring an effective time point and effective duration of the encryption key; then, based on the effective time point and the effective time period, it is determined whether the encryption key is in an effective state or in a disabled state. And when the encryption key is determined to be in a valid state, encrypting the target information by adopting the encryption key.
When the encryption key is determined to be in the invalid state, the calling process of the security keyboard can be executed again, namely, the target verification information of the small program is sent to the server; after receiving the target verification information, the server verifies the target verification information, generates a target encryption key of the security keyboard after the verification is passed, and returns the target encryption key to the terminal; and the terminal receives a target encryption key returned based on the target verification information, so that the information input based on the security keyboard is encrypted by adopting the target encryption key within the time period when the target encryption key is in a valid state. In practical implementation, the verification process of the target verification information may adopt the verification manner of the verification information, and the generation process of the target encryption key may adopt the generation manner of the encryption key.
In some embodiments, the terminal may encrypt the target information with the encryption key by: when receiving target information input based on a secure keyboard, acquiring the encrypted times of an encryption key; and when the encrypted times do not reach the threshold value of the encrypted times of the encryption key, encrypting the target information by adopting the encryption key.
Correspondingly, when the encrypted times reach the encryption times threshold of the encryption key, sending target verification information of the applet, wherein the target verification information is used for generating a target encryption key of the security keyboard after verification is passed; and receiving a target encryption key returned based on the target verification information, wherein the target encryption key is used for encrypting the information input based on the security keyboard.
In practical applications, the encryption key has a corresponding threshold of the number of times of encryption, such as 1 time, 5 times, etc. When the terminal receives the target information input based on the secure keyboard, the encrypted times of the encryption key are acquired, and whether the encrypted times reach the threshold value of the encrypted times of the encryption key is determined. And when the encrypted times do not reach the threshold value of the encrypted times of the encryption key, encrypting the target information by adopting the encryption key.
When the encrypted times reach the threshold value of the encrypted times of the encryption key, the calling process of the security keyboard can be executed again, namely, the target verification information of the applet is sent to the server; after receiving the target verification information, the server verifies the target verification information, generates a target encryption key of the security keyboard after the verification is passed, and returns the target encryption key to the terminal; and the terminal receives a target encryption key returned based on the target verification information, so that the information input based on the security keyboard is encrypted by adopting the target encryption key within the time period when the target encryption key is in a valid state. In practical implementation, the verification process of the target verification information may adopt the verification manner of the verification information, and the generation process of the target encryption key may adopt the generation manner of the encryption key.
By applying the embodiment of the application, in the small program operated based on the client, when the calling instruction of the safety keyboard aiming at the small program is received, the verification information of the small program is sent, so that after the verification information is verified, the encryption key of the safety keyboard is generated, and when the encryption key returned based on the verification information is received, the safety keyboard is displayed, and the encryption key is used for encrypting the information input based on the safety keyboard. Here, when the target information input based on the secure keyboard is received, the target information may be encrypted by using an encryption key to obtain encrypted information, where the encrypted information may be decrypted only by using a decryption key corresponding to the encryption key to obtain the target information input based on the secure keyboard. Therefore, the safety keyboard can be realized at the small program end, and the safety of the information input by the small program end based on the keyboard is improved.
The information processing method provided by the embodiment of the present application is described below by taking a terminal and a server cooperatively implementing the information processing method provided by the embodiment of the present application as an example, referring to fig. 6, fig. 6 is a schematic flow chart of the information processing method provided by the embodiment of the present application, where the information processing method provided by the embodiment of the present application includes:
step 201: and the terminal receives a call instruction of a security keyboard aiming at the small program in the small program operated by the client.
Step 202: and responding to the call instruction, generating a target key of the applet, and acquiring a target public key of the applet and an object identification of a target object of the login applet.
Step 203: and encrypting the target key, the object identifier and the time stamp by using the target public key to obtain verification information of the applet.
Step 204: and sending the verification information to the server.
Step 205: and the server receives the verification information and acquires a target private key corresponding to the target public key.
Step 206: and decrypting the verification information by using the target private key to obtain the target key, the object identifier and the time stamp.
Step 207: it is determined whether the object identification is verified, if so, step 208 is executed, and if not, step 212 is executed.
Step 208: the server generates an asymmetric public-private key pair (including a public key and a private key) of the secure keyboard and returns the public key to the terminal.
At this point, the server saves the private key for subsequent decryption of the encrypted information. And the server only stores the private key and decrypts the encrypted information, so that the security problem caused by the fact that the private key is stolen is avoided.
Step 209: and the terminal receives the public key returned by the server and displays a security keyboard.
Step 210: the terminal responds to the input of the target information based on the safety keyboard, encrypts the target information by adopting an encryption key to obtain encrypted information, and sends the encrypted information to the server.
Step 211: the server receives the encrypted information, acquires a private key corresponding to the public key, and decrypts the encrypted information through the private key to obtain the target information.
Step 212: the server returns a notification message prompting the secure keyboard call failure.
By applying the embodiment of the application, in the small program operated based on the client, when the calling instruction of the safety keyboard aiming at the small program is received, the verification information of the small program is sent, so that after the verification information is verified, the encryption key of the safety keyboard is generated, and when the encryption key returned based on the verification information is received, the safety keyboard is displayed, and the encryption key is used for encrypting the information input based on the safety keyboard. Here, when the target information input based on the secure keyboard is received, the target information may be encrypted by using an encryption key to obtain encrypted information, where the encrypted information may be decrypted only by using a decryption key corresponding to the encryption key to obtain the target information input based on the secure keyboard. Therefore, the safety keyboard can be realized at the small program end, and the safety of the information input by the small program end based on the keyboard is improved.
An exemplary application of the embodiments of the present application in a practical application scenario will be described below. The following first explains nouns related to the embodiment of the present application, including:
1) Symmetric encryption: the same key can be used for both encryption and decryption of information using an encryption method of a single key cryptosystem, which is called symmetric encryption, also called single key encryption.
2) Asymmetric encryption: the symmetric encryption algorithm uses the same key in encryption and decryption, and the asymmetric encryption algorithm requires two keys for encryption and decryption, namely a public key (public key) and a private key (private key).
3) JavaScript (abbreviated as "JS"): is a lightweight, interpreted, or just-in-time compiled programming language with functional prioritization. Although it is a scripting language that is famous for developing Web pages, it is also used in many non-browser environments, javaScript is based on a prototype-programmed, multi-paradigm dynamic scripting language, and supports object-oriented, command-style, declarative, functional programming paradigms.
4) WebAssembly (wasm): is a brand new word decoding format which is portable, small in size, fast in loading and compatible with Web. WebAssembly has a complete set of semantics, and in fact wasm is a binary format that is small and fast to load, with the goal of fully exploiting the hardware capabilities to achieve native execution efficiency. WebAssembly runs in a sandboxed execution environment and can even be implemented in existing JavaScript virtual machines. In a web environment, webAssembly will strictly adhere to homology policies as well as browser security policies. WebAsssembly can be called by JavaScript, enter a JavaScript context, and also call the functions of a browser like a Web API.
5) Applet (Mini Program): the application can be used without downloading and installing, the dream of 'tentacle' of the application is realized, and a user can open the application by sweeping or searching.
In the related art, the secure keypad can be implemented only by means of the digital certificate at the client, so that the implementation of the secure keypad must depend on the support of the digital certificate by the client. The applet end does not support the installation of the digital certificate, and a solution is not available in the related technology of realizing the safety keyboard at the applet end, so that the use of the applet brings information safety hidden trouble.
Based on this, an embodiment of the present application provides an information processing method to solve at least the above-mentioned problems. In the embodiment of the application, the security keyboard is realized at the applet end by means of data encryption transmission through symmetric encryption and asymmetric encryption, so that the problems of server fake information and client fake information are effectively solved, and meanwhile, the encryption and decryption of the data are carried out at the applet end through WebAssemble, so that the security and the execution efficiency are effectively improved.
The safety keyboard provided by the embodiment of the application is shown in fig. 4. In practical application, the security keyboard may be an out-of-order keyboard, and may support a night mode, and the encryption modes corresponding to the security keyboard may include sm2/sm4 mode, rsa/aes mode, and the like. In actual implementation, referring to fig. 5, the developer of the applet may set the encryption mode of the secure keyboard, whether to turn on the out-of-order keyboard, whether to support the night mode, etc., as a UI interface of the developer of the applet.
Referring to fig. 7, fig. 7 is a flowchart of an information processing method according to an embodiment of the present application. The information processing method provided by the embodiment of the application comprises the following steps:
step 1: and (5) a user operation interface, namely pulling up the safety keyboard.
Step 2: the applet view layer receives the user trigger operation and passes the triggered event message to the applet logic layer.
Step 3: the applet logic layer generates a random mapping table corresponding to the key value of the secure keyboard.
Here, the random mapping table is used to store the key values and the association relations between the corresponding mapping values, and the mapping values associated with each key value are randomly generated.
Step 4: the applet logic layer invokes an applet API (e.g., wx. Logic) to generate a code value for the user identification information.
Here, the user identification information may be unique identification information, such as identity information, of the login user corresponding to the client running the applet.
Step 5: the applet logic layer calls the API locally and passes the generated code value to the applet WebAsssembly.
Step 6: the applet WebAssembly calls a local WebAssembly library, and a symmetric encryption key sKey is generated in WebAssembly.
Step 7: the applet WebAssembly encrypts (sKey, code, timestamp) by using a preset asymmetric encryption public key (i.e., the target public key), obtains an encrypted ciphertext result cipherA, and returns to the applet logic layer.
Step 8: the applet logic layer initiates an https network request, and sends the obtained ciphertext A to the verification server through the https network request.
Step 9: the verification server decrypts the cipherer a using a preset asymmetric encryption private key (i.e., the target private key), to obtain (sKey, code, timestamp).
Step 10: and the verification server side sends the decrypted code value, the applet app ID and the applet app secret to the service server side.
Here, the service server is a background server corresponding to a client running the applet. The verification server also decrypts to obtain a symmetric encryption key sKey.
Step 11: the service server verifies whether the code value is correct and valid, and returns a unique user identifier openid when the code value is verified to be valid.
Step 12: when the authentication server receives the openid, the token value is valid, and a request is sent to the encryptor to request generation of an asymmetric public-private key pair (i.e., the encryption key (public key) and the decryption key (private key)).
Step 13: the encryptor generates an asymmetric public-private key pair (i.e., an encryption key and a corresponding decryption key) corresponding to the user identification information, and sends the encryption key (pubKey) and the corresponding key id to the authentication server.
Step 14: and the verification server receives the returned encryption key (pubKey) and the corresponding keyID, encrypts the (keyID and pubKey) by adopting the symmetric encryption key sKey to obtain a ciphertext cipherer B, and returns the cipherer B to the applet logic layer.
Step 15: the applet logic layer receives the ciphertext b and the local call API passes the ciphertext b to the WebAssembly layer.
Step 16: the WebAssembly layer decrypts the cipherB using the symmetric encryption key sKey to obtain (keyID, pubKey), and returns the keyID to the applet logic layer.
Step 17: the applet logic layer triggers the applet view layer by an event.
Step 18: the applet view layer receives event triggers of the applet logic layer and associates the mapping values in the random mapping table with the input keys of the secure keyboard of the applet view layer.
Thus, the initialization flow of the security keyboard of the applet end is completed.
Step 19: the applet side presents the secure keyboard to the user.
Step 20: when a user clicks an input key of the security keyboard to input information, the applet view layer acquires a target mapping value corresponding to the input key clicked by the user, intercepts default bubbling behaviors of clicking events (so as to avoid being identified and acquired by outer events), and transmits the target mapping value to the applet logic layer through triggering of the information input event.
Step 21: the applet logic layer obtains a target key value corresponding to the target mapping value (namely, based on information input by a secure keyboard, such as a password character in a password) through the mapping table query, and locally calls an API to transfer the target key value to the applet WebAssemble.
Step 22: the applet WebAssembly encrypts the target key value by using an encryption key pubKey to obtain a ciphertext charCipher, and returns the ciphertext charCipher to the applet logic layer.
Step 23: and the applet logic layer receives the ciphertext charCipher, confirms that encryption processing is finished, and triggers the applet view layer through an event.
Step 24: the applet view layer exposes placeholders "×" to represent password characters entered based on the secure keyboard by the placeholders.
Step 25: the applet view layer triggers the applet logic layer by an event in response to a user completing entry of all of the password characters.
Step 26: and the applet logic layer sends the corresponding charCipher list and the keyID of all the input password characters to the verification server.
Step 27: the verification server initiates https network request and passes (the charCipher list and the keyID) to the encryptor.
Step 28: the encryptor searches a decryption key corresponding to the target public key based on the keyID, verifies the charCipher list based on the decryption key, obtains a verification result and returns to the verification server.
Specifically, each charCipher in the charCipher list is decrypted through a decryption key to obtain a plurality of input plaintext cipher characters, a cipher formed by the plurality of plaintext cipher characters is compared with the true cipher of the user, if the comparison is consistent, a verification result of passing verification is obtained, and if the comparison is inconsistent, a verification result of failing verification is obtained.
Step 29: and the verification server returns the verification result to the applet end.
Step 30: the applet end displays the password verification result to the user.
In practical application, the implementation mode of the security keyboard of the applet can be applied to various clients; the encryption and decryption processing of the secure keyboard can be directly performed on the JavaScript layer without using WebAssembly.
By applying the embodiment of the application, 1) the security of the authentication of the small program safety keyboard account number is effectively improved by combining the security of the account security system of the small program running client; 2) WebAsssemly is a safer and more efficient format than JavaScript, and by means of code precompilation, javaScript codes are prevented from being directly exposed at a client, and execution efficiency is improved. Referring to fig. 8, fig. 8 is a schematic diagram of time-consuming data of the encryption and decryption process implemented by the secure keyboard according to the embodiment of the present application, it can be seen that the time-consuming time of the encryption and decryption process implemented by the secure keyboard through WebAssembly is shorter than the time-consuming time of the encryption and decryption process implemented by the secure keyboard through JavaScript, that is, the code execution efficiency of WebAssembly is higher than that of JavaScript.
It will be appreciated that in the embodiments of the present application, related data such as user information (e.g., login information of an applet, identification information of a target object, target information input based on a secure keyboard, etc.) is involved, and when the embodiments of the present application are applied to specific products or technologies, user permission or consent is required, and collection, use and processing of related data are required to comply with related laws and regulations and standards of related countries and regions.
Continuing with the description below of an exemplary structure of the information processing apparatus 553 implemented as a software module provided by an embodiment of the present application, in some embodiments, as shown in fig. 2, the software module stored in the information processing apparatus 553 of the memory 550 may include: the first receiving module 5531 is used for receiving a call instruction of a security keyboard aiming at an applet operated by a client; a sending module 5532, configured to send, in response to the call instruction, verification information of the applet, where the verification information is used to generate an encryption key of the secure keyboard after verification is passed, where the encryption key is used to encrypt information input based on the secure keyboard; a second receiving module 5533, configured to receive the encryption key returned based on the verification information, and display the secure keyboard; the encryption module 5534 is used for encrypting the target information by adopting the encryption key when receiving the target information input based on the secure keyboard, so as to obtain encrypted information; and the encryption information is used for obtaining target information input based on the secure keyboard when decrypting through a decryption key corresponding to the encryption key.
In some embodiments, the secure keyboard comprises at least one input key, each corresponding to a key value; the sending module 5532 is further configured to generate a mapping value corresponding to each key value of the secure keyboard; the sending module 5532 is further configured to establish an association relationship between the mapping value corresponding to each key value and the corresponding input key.
In some embodiments, the second receiving module 5533 is further configured to determine, based on the association, a target mapping value associated with a target input key of the at least one input key in response to a triggering operation for the target input key; and taking the key value corresponding to the target mapping value as the target information input based on the safety keyboard.
In some embodiments, the sending module 5532 is further configured to obtain, in response to the call instruction, a target public key of the applet and an object identification of a target object of the login applet; encrypting the object identifier by adopting the target public key to obtain verification information of the applet, and sending the verification information; the verification information is used for decrypting the verification information based on a target private key corresponding to the target public key to obtain the object identifier, and verifying the object identifier.
In some embodiments, the sending module 5532 is further configured to generate a target key for the applet; the sending module 5532 is further configured to encrypt the target key and the object identifier by using the target public key to obtain verification information of the applet, where the target key is used to encrypt the encryption key by using the target key after generating the encryption key to obtain a target encryption key; the second receiving module 5533 is further configured to receive the target encryption key returned based on the verification information.
In some embodiments, the target information includes a plurality of characters arranged according to an input sequence, and the encryption module 5534 is further configured to encrypt each of the characters with the encryption key to obtain an encrypted character corresponding to each of the characters; and splicing the plurality of encrypted characters according to the input sequence to obtain the encrypted information.
In some embodiments, the target information includes a plurality of characters arranged according to an input order, and the encryption module 5534 is further configured to encrypt, with respect to a first character whose input order is a first order, the first character with the encryption key, to obtain an encrypted character corresponding to the first character; for each second character with the input sequence being the non-first one, the following operations are respectively executed according to the input sequence: encrypting the second character and the encrypted character corresponding to the character of which the input sequence is positioned in front of the second character by adopting the encryption key to obtain the encrypted character corresponding to the second character; and taking the encrypted character corresponding to the second character with the last input sequence as the encrypted information.
In some embodiments, the applet has a corresponding encryption mode, and the encryption module 5534 is further configured to obtain an encryption algorithm indicated by the encryption mode; and encrypting the target information by adopting the encryption key based on the encryption algorithm to obtain the encryption information.
In some embodiments, the secure keyboard includes a plurality of input keys, and the second receiving module 5533 is further configured to obtain a switching state of an out-of-order display function switch corresponding to the secure keyboard; when the switch state represents that the disorder display function switch is in an on state, displaying the plurality of input keys arranged in a disorder arrangement mode so as to display the safety keyboard; when the switch state represents that the disorder display function switch is in a closed state, displaying the plurality of input keys arranged according to a standard arrangement mode so as to display the safety keyboard; the arrangement positions of the plurality of input keys in the out-of-order arrangement mode are different from the arrangement positions of the plurality of input keys in the standard arrangement mode.
In some embodiments, the encryption module 5534 is further configured to, when receiving target information input based on the secure keyboard, obtain a valid time point and a valid duration of the encryption key; and encrypting the target information by adopting the encryption key when the encryption key is determined to be in a valid state based on the effective time point and the valid duration.
In some embodiments, the encryption module 5534 is further configured to send target verification information of the applet when the encryption key is determined to be in a disabled state based on the validation time point and the validity duration, the target verification information being used for generating a target encryption key of the secure keyboard after verification is passed; and receiving the target encryption key returned based on the target verification information, wherein the target encryption key is used for encrypting the information input based on the secure keyboard.
In some embodiments, the encryption module 5534 is further configured to obtain an encrypted number of times of the encryption key when receiving the target information input based on the secure keyboard; and when the encrypted times do not reach the encryption times threshold of the encryption key, encrypting the target information by adopting the encryption key.
In some embodiments, the encryption module 5534 is further configured to intercept an event bubbling behavior of an input event corresponding to the target information.
By applying the embodiment of the application, in the small program operated based on the client, when the calling instruction of the safety keyboard aiming at the small program is received, the verification information of the small program is sent, so that after the verification information is verified, the encryption key of the safety keyboard is generated, and when the encryption key returned based on the verification information is received, the safety keyboard is displayed, and the encryption key is used for encrypting the information input based on the safety keyboard. Here, when the target information input based on the secure keyboard is received, the target information may be encrypted by using an encryption key to obtain encrypted information, where the encrypted information may be decrypted only by using a decryption key corresponding to the encryption key to obtain the target information input based on the secure keyboard. Therefore, the safety keyboard can be realized at the small program end, and the safety of the information input by the small program end based on the keyboard is improved.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the information processing method provided by the embodiment of the present application.
The embodiment of the present application also provides a computer-readable storage medium having stored therein executable instructions which, when executed by a processor, cause the processor to perform the information processing method provided by the embodiment of the present application.
In some embodiments, the computer readable storage medium may be FRAM, ROM, PROM, EPROM, EEPROM, flash memory, magnetic surface memory, optical disk, or CD-ROM; but may be a variety of devices including one or any combination of the above memories.
In some embodiments, the executable instructions may be in the form of programs, software modules, scripts, or code, written in any form of programming language (including compiled or interpreted languages, or declarative or procedural languages), and they may be deployed in any form, including as stand-alone programs or as modules, components, subroutines, or other units suitable for use in a computing environment.
As an example, the executable instructions may, but need not, correspond to files in a file system, may be stored as part of a file that holds other programs or data, for example, in one or more scripts in a hypertext markup language (HTML, hyper Text Markup Language) document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
As an example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices located at one site or, alternatively, distributed across multiple sites and interconnected by a communication network.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement, etc. made within the spirit and scope of the present application are included in the protection scope of the present application.

Claims (15)

1. An information processing method, characterized in that the method comprises:
receiving a call instruction of a security keyboard aiming at an applet in the applet operated based on a client;
Transmitting verification information of the small program in response to the call instruction, wherein the verification information is used for generating an encryption key of the safety keyboard after verification is passed, and the encryption key is used for encrypting information input based on the safety keyboard;
receiving the encryption key returned based on the verification information and displaying the security keyboard;
when target information input based on the safety keyboard is received, encrypting the target information by adopting the encryption key to obtain encrypted information;
and the encryption information is used for obtaining target information input based on the secure keyboard when decrypting through a decryption key corresponding to the encryption key.
2. The method of claim 1, wherein the secure keyboard comprises at least one input key, each of the input keys corresponding to a key value;
before the response to the call instruction and the verification information of the applet are sent, the method further comprises: generating a mapping value corresponding to each key value of the safety keyboard;
before the security keyboard is displayed, the method further comprises:
and establishing a mapping value corresponding to each key value and an association relation between the mapping value and the corresponding input key.
3. The method of claim 2, wherein the method further comprises:
in response to a triggering operation for a target input key in the at least one input key, determining a target mapping value associated with the target input key based on the association relationship;
and taking the key value corresponding to the target mapping value as the target information input based on the safety keyboard.
4. The method of claim 1, wherein the sending verification information for the applet in response to the call instruction comprises:
responding to the calling instruction, and acquiring a target public key of the applet and an object identification of a target object logging in the applet;
encrypting the object identifier by adopting the target public key to obtain verification information of the applet, and sending the verification information;
the verification information is used for decrypting the verification information based on a target private key corresponding to the target public key to obtain the object identifier, and verifying the object identifier.
5. The method of claim 4, wherein the method further comprises:
generating a target key of the applet;
Encrypting the object identifier by adopting the target public key to obtain verification information of the applet, wherein the method comprises the following steps:
encrypting the target key and the object identifier by adopting the target public key to obtain verification information of the applet, wherein the target key is used for encrypting the encryption key by adopting the target key after generating the encryption key to obtain a target encryption key;
the receiving the encryption key returned based on the authentication information includes:
and receiving the target encryption key returned based on the verification information.
6. The method of claim 1, wherein the target information includes a plurality of characters arranged in an input order, and the encrypting the target information using the encryption key to obtain the encrypted information includes:
encrypting each character by adopting the encryption key to obtain an encrypted character corresponding to each character;
and splicing the plurality of encrypted characters according to the input sequence to obtain the encrypted information.
7. The method of claim 1, wherein the target information includes a plurality of characters arranged in an input order, and the encrypting the target information using the encryption key to obtain the encrypted information includes:
Encrypting a first character with the input sequence being the first character by adopting the encryption key to obtain an encrypted character corresponding to the first character;
for each second character with the input sequence being the non-first one, the following operations are respectively executed according to the input sequence: encrypting the second character and the encrypted character corresponding to the character of which the input sequence is positioned in front of the second character by adopting the encryption key to obtain the encrypted character corresponding to the second character;
and taking the encrypted character corresponding to the second character with the last input sequence as the encrypted information.
8. The method of claim 1, wherein the applet has a corresponding encryption mode, and wherein encrypting the target information using the encryption key results in encrypted information, comprising:
acquiring an encryption algorithm indicated by the encryption mode;
and encrypting the target information by adopting the encryption key based on the encryption algorithm to obtain the encryption information.
9. The method of claim 1, wherein the secure keyboard comprises a plurality of input keys, the displaying the secure keyboard comprising:
Acquiring the switching state of an out-of-order display function switch corresponding to the safety keyboard;
when the switch state represents that the disorder display function switch is in an on state, displaying the plurality of input keys arranged in a disorder arrangement mode so as to display the safety keyboard;
when the switch state represents that the disorder display function switch is in a closed state, displaying the plurality of input keys arranged according to a standard arrangement mode so as to display the safety keyboard;
the arrangement positions of the plurality of input keys in the out-of-order arrangement mode are different from the arrangement positions of the plurality of input keys in the standard arrangement mode.
10. The method of claim 1, wherein encrypting the target information using the encryption key when the target information based on the secure keyboard input is received, comprises:
when target information input based on the secure keyboard is received, acquiring an effective time point and effective duration of the encryption key;
and encrypting the target information by adopting the encryption key when the encryption key is determined to be in a valid state based on the effective time point and the valid duration.
11. The method of claim 1, wherein encrypting the target information using the encryption key when the target information based on the secure keyboard input is received, comprises:
when receiving target information input based on the secure keyboard, acquiring the encrypted times of the encryption key;
and when the encrypted times do not reach the encryption times threshold of the encryption key, encrypting the target information by adopting the encryption key.
12. An information processing apparatus, characterized in that the apparatus comprises:
the first receiving module is used for receiving a calling instruction of a security keyboard aiming at the small program in the small program operated based on the client;
the sending module is used for responding to the calling instruction and sending verification information of the small program, the verification information is used for generating an encryption key of the safety keyboard after verification is passed, and the encryption key is used for encrypting information input based on the safety keyboard;
the second receiving module is used for receiving the encryption key returned based on the verification information and displaying the security keyboard;
The encryption module is used for encrypting the target information by adopting the encryption key when receiving the target information input based on the safety keyboard, so as to obtain encrypted information;
and the encryption information is used for obtaining target information input based on the secure keyboard when decrypting through a decryption key corresponding to the encryption key.
13. An electronic device, the electronic device comprising:
a memory for storing executable instructions;
a processor for implementing the information processing method according to any one of claims 1 to 11 when executing executable instructions stored in the memory.
14. A computer-readable storage medium storing executable instructions which, when executed by a processor, implement the information processing method of any one of claims 1 to 11.
15. A computer program product comprising a computer program or instructions which, when executed by a processor, implements the information processing method of any one of claims 1 to 11.
CN202210644865.6A 2022-06-08 2022-06-08 Information processing method, apparatus, device, storage medium, and program product Pending CN117240487A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210644865.6A CN117240487A (en) 2022-06-08 2022-06-08 Information processing method, apparatus, device, storage medium, and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210644865.6A CN117240487A (en) 2022-06-08 2022-06-08 Information processing method, apparatus, device, storage medium, and program product

Publications (1)

Publication Number Publication Date
CN117240487A true CN117240487A (en) 2023-12-15

Family

ID=89097248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210644865.6A Pending CN117240487A (en) 2022-06-08 2022-06-08 Information processing method, apparatus, device, storage medium, and program product

Country Status (1)

Country Link
CN (1) CN117240487A (en)

Similar Documents

Publication Publication Date Title
EP3850818B1 (en) Systems and methods for presenting additional content for a network application accessed via an embedded browser of a client application
AU2013101046A4 (en) A process for Encrypted Login to a Secure Computer Network, for the Creation of a Session of Encrypted Communications Between Computers and a Device Including a Mobile Phone Logged into a Network, for the Persistence of Encrypted Communications between Communication Devices, and for the Termination of Communications.
US20220209951A1 (en) Authentication method, apparatus and device, and computer-readable storage medium
AU2019347708B2 (en) Systems and methods for consistent enforcement policy across different saas applications via embedded browser
CN106899571B (en) Information interaction method and device
CN105027107A (en) Secure virtual machine migration
CN110366183B (en) Short message safety protection method and device
US11323528B2 (en) Systems and methods for push notification service for SAAS applications
US11281744B2 (en) Systems and methods for improved remote display protocol for HTML applications
US11592966B2 (en) Systems and methods for SaaS overlays using embedded browser
AU2019338302B2 (en) Application scripts for cross-domain applications
CN112738117A (en) Data transmission method, device and system, storage medium and electronic device
CN111741028A (en) Service processing method, device, equipment and system
CN109362074A (en) The method of h5 and server-side safety communication in a kind of mixed mode APP
CN111031037A (en) Authentication method and device for object storage service and electronic equipment
CN105975867A (en) Data processing method
CN111538977A (en) Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server
KR20100019165A (en) System and method for providing internet banking service
CN112836186A (en) Page control method and device
CN117240487A (en) Information processing method, apparatus, device, storage medium, and program product
KR20020083551A (en) Development and Operation Method of Multiagent Based Multipass User Authentication Systems
CN113645239B (en) Application login method and device, user terminal and storage medium
CN117978469A (en) Communication method, device, medium, and program product
CN117896153A (en) Data processing method, apparatus, device, medium, and program product
CN117955678A (en) Encryption transmission method, device, equipment and storage medium for data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination