TWI729812B - Computer program product and apparatus for encrypting and verifying sensitive parameters - Google Patents
Computer program product and apparatus for encrypting and verifying sensitive parameters Download PDFInfo
- Publication number
- TWI729812B TWI729812B TW109116331A TW109116331A TWI729812B TW I729812 B TWI729812 B TW I729812B TW 109116331 A TW109116331 A TW 109116331A TW 109116331 A TW109116331 A TW 109116331A TW I729812 B TWI729812 B TW I729812B
- Authority
- TW
- Taiwan
- Prior art keywords
- string
- verification
- sensitive
- encrypted
- prompt index
- Prior art date
Links
Images
Abstract
Description
本發明關連於一種通訊安全技術,特別是一種加密和驗證敏感參數的的電腦程式產品和裝置。 The invention relates to a communication security technology, especially a computer program product and device for encrypting and verifying sensitive parameters.
為了侵入應用程式伺服器並喬裝成合法用戶來完成惡意行為,例如竊取機密資料、竄改儲存的資料、發佈不實訊息等,駭客通常會攔截從客戶端發送給應用程式伺服器的請求,並觀察請求中的參數變化,據以猜測應用程式伺服器為反應不同請求參數會執行的功能。因此,需要一種電腦程式產品和裝置,用於加密和驗證敏感參數,避免駭客能夠成功解讀出參數意義後所做出的惡意行為。 In order to invade the application server and pretend to be a legitimate user to perform malicious actions, such as stealing confidential data, tampering with stored data, publishing false information, etc., hackers usually intercept requests sent from the client to the application server, and Observe the parameter changes in the request, and guess the function that the application server will perform in response to different request parameters. Therefore, there is a need for a computer program product and device for encrypting and verifying sensitive parameters, so as to avoid malicious behaviors made by hackers after successfully interpreting the meaning of the parameters.
有鑑於此,如何減輕或消除上述相關領域的缺失,實為有待解決的問題。 In view of this, how to reduce or eliminate the deficiencies in the above-mentioned related fields is indeed a problem to be solved.
本說明書涉及一種電腦程式產品,用於加密敏感參數,包含能夠被客戶端的處理單元載入並執行的程式碼:使用BCrypt演算法對敏感參數加密以產生加密字串;獲得對應於敏感參數的提示索引;依據提示索引和敏感參數產生驗證字串;以及經由網路傳送包含驗證字串的請求給應用程式伺服器,使得應用程式伺服器能通過檢查驗證字串的內容來判斷來源端是否為合法的用戶。 This manual relates to a computer program product used to encrypt sensitive parameters, including code that can be loaded and executed by the client's processing unit: use the BCrypt algorithm to encrypt sensitive parameters to generate encrypted strings; obtain prompts corresponding to the sensitive parameters Index; generate a verification string based on the prompt index and sensitive parameters; and send a request containing the verification string to the application server via the network, so that the application server can determine whether the source is legal by checking the content of the verification string User.
本說明書另涉及一種加密敏感參數的裝置,包含通訊介面和處理單元。處理單元使用BCrypt演算法對敏感參數加密以產生加密字串;獲得對應於敏感參數的提示索引;依據提示索引和敏感參數產生驗證字串;以及通過通訊介面經由網路傳送包含驗證字串的請求給應用程式伺服器,使得應用程式伺服器能通過檢查驗證字串的內容來判斷來源端是否為合法的用戶。 This specification also relates to a device for encrypting sensitive parameters, including a communication interface and a processing unit. The processing unit uses the BCrypt algorithm to encrypt sensitive parameters to generate an encrypted string; obtains the prompt index corresponding to the sensitive parameter; generates a verification string based on the prompt index and the sensitive parameter; and transmits a request containing the verification string via the communication interface via the network For the application server, the application server can determine whether the source is a legitimate user by checking the content of the verification string.
本說明書更涉及一種電腦程式產品,用於驗證敏感參數,包含能夠被應用程式伺服器的處理單元載入並執行的程式碼:經由網路從客戶端接收包含驗證字串的請求;從驗證字串獲得加密字串和提示索引;根據提示索引取得敏感參數;使用相應於BCrpyt演算法的驗證演算法來判斷加密字串是否相符於敏感參數;以及當加密字串不相符於敏感參數時,經由網路回覆參數錯誤的訊息給客戶端。 This manual also relates to a computer program product used to verify sensitive parameters, including code that can be loaded and executed by the processing unit of the application server: receiving a request containing a verification string from the client via the network; from the verification word String to obtain the encrypted string and prompt index; obtain sensitive parameters according to the prompt index; use the verification algorithm corresponding to the BCrpyt algorithm to determine whether the encrypted string matches the sensitive parameter; and when the encrypted string does not match the sensitive parameter, pass The network responds to the client with a parameter error message.
本說明書更另涉及一種加密敏感參數的裝置,包含通訊介面和處理單元。處理單元通過通訊介面經由網路從客戶端接收包含驗證字串的請求;從驗證字串獲得加密字串和提示索引;根據提示索引取得敏感參數;使用相應於BCrpyt演算法的驗證演算法來判斷加密字串是否相符於敏感參數;以及當加密字串不相符於敏感參數時,通過通訊介面經由網路回覆參數錯誤的訊息給客戶端。 This specification also relates to a device for encrypting sensitive parameters, including a communication interface and a processing unit. The processing unit receives the request containing the verification string from the client via the communication interface via the network; obtains the encrypted string and prompt index from the verification string; obtains sensitive parameters according to the prompt index; uses the verification algorithm corresponding to the BCrpyt algorithm to determine Whether the encrypted string matches the sensitive parameter; and when the encrypted string does not match the sensitive parameter, reply the parameter error message to the client via the communication interface via the network.
本發明的其他優點將搭配以下的說明和圖式進行更詳細的解說。 Other advantages of the present invention will be explained in more detail with the following description and drawings.
100:網路 100: Internet
110:應用程式伺服器 110: Application server
151:桌上型電腦 151: Desktop Computer
153:平板電腦 153: Tablet
155:手機 155: Mobile
210:處理單元 210: Processing Unit
220:顯示單元 220: display unit
230:輸入裝置 230: input device
240:儲存裝置 240: storage device
250:記憶體 250: memory
260:通訊介面 260: Communication interface
S310~S360:方法步驟 S310~S360: method steps
S410~S490:方法步驟 S410~S490: method steps
圖1係依據本發明實施例的網路系統架構圖。 FIG. 1 is a diagram of the network system architecture according to an embodiment of the present invention.
圖2係依據本發明實施例的運算裝置的系統架構圖。 FIG. 2 is a system architecture diagram of a computing device according to an embodiment of the present invention.
圖3係依據本發明實施例的請求執行服務的方法流程圖。 Fig. 3 is a flowchart of a method for requesting execution of a service according to an embodiment of the present invention.
圖4係依據本發明實施例的執行客戶端所請求服務的方法流程圖。 Fig. 4 is a flowchart of a method for executing a service requested by a client according to an embodiment of the present invention.
以下說明為完成發明的較佳實現方式,其目的在於描述本發明的基本精神,但並不用以限定本發明。實際的發明內容必須參考之後的權利要求範圍。 The following descriptions are preferred implementations for completing the invention, and their purpose is to describe the basic spirit of the invention, but not to limit the invention. The actual content of the invention must refer to the scope of the claims that follow.
必須了解的是,使用於本說明書中的“包含”、“包括”等詞,用以表示存在特定的技術特徵、數值、方法步驟、作業處理、元件以及/或組件,但並不排除可加上更多的技術特徵、數值、方法步驟、作業處理、元件、組件,或以上的任意組合。 It must be understood that the words "including" and "including" used in this specification are used to indicate the existence of specific technical features, values, method steps, operations, elements, and/or components, but they do not exclude the possibility of adding More technical features, values, method steps, job processing, components, components, or any combination of the above.
於權利要求中使用如“第一”、“第二”、“第三”等詞是用來修飾權利要求中的元件,並非用來表示之間具有優先順序,前置關係,或者是一個元件先於另一個元件,或者是執行方法步驟時的時間先後順序,僅用來區別具有相同名字的元件。 Words such as "first", "second", and "third" in the claims are used to modify the elements in the claims, not to indicate that there is a priority, prerequisite relationship, or an element Prior to another element, or the chronological order of execution of method steps, is only used to distinguish elements with the same name.
必須了解的是,當元件描述為“連接”或“耦接”至另一元件時,可以是直接連結、或耦接至其他元件,可能出現中間元件。相反地,當元件描述為“直接連接”或“直接耦接”至另一元件時,其中不存在任何中間元件。使用來描述元件之間關係的其他語詞也可類似方式解讀,例如“介於”相對於“直接介於”,或者是“鄰接”相對於“直接鄰接”等等。 It must be understood that when an element is described as being “connected” or “coupled” to another element, it can be directly connected or coupled to other elements, and intervening elements may appear. Conversely, when an element is described as being "directly connected" or "directly coupled" to another element, there are no intervening elements. Other terms used to describe the relationship between elements can also be interpreted in a similar manner, such as "between" versus "directly between", or "adjacent" versus "directly adjacent" and so on.
本發明實施例提出一種網路系統架構,包含伺服器(servers)與多部客戶端(clients)。圖1係依據本發明實施例的網路系統架構圖。應用程式伺服器110、桌上型電腦151、平板電腦153以及手機155之間可透過網路100彼此通訊,網路100可為網際網路(Internet)、有線區域網路(wired Local Area Network,LAN)、無線區域網路,或以上的任意組合。桌上型電腦151、平板電腦153以及手機155可稱為客戶端,通過網路100將應用程式部署到應用程式伺服器110上,或者是通過網路100執行應用程式伺服器110上運行的服務。應用程式通常由服務提供者(Service Provider)開發並部署到應用程式伺服器110,包含各式各樣的業務邏輯,可涵蓋但不限於數位銀行管理、網路銀行、行動客
服、企業內部流程管理、大數據存儲、大數據資料整合、大數據資料檢索等領域。
The embodiment of the present invention provides a network system architecture including servers and multiple clients. FIG. 1 is a diagram of the network system architecture according to an embodiment of the present invention. The
圖2係依據本發明實施例的運算裝置的系統架構圖。此系統架構可實施於應用程式伺服器110、桌上型電腦151、平板電腦153以及手機155中之任一者,至少包含處理單元210。處理單元210可使用多種方式實施,例如以專用硬體電路或通用硬體(例如,單一處理器、具平行處理能力的多處理器、圖形處理器或其他具運算能力的處理器),並且在執行程式碼或軟體時,提供之後所描述的功能。系統架構另包含記憶體250及儲存單元240,記憶體250儲存程式碼執行過程中需要的資料,例如,變數、資料表(Data Tables)等,儲存單元240儲存各式各樣的電子檔案,例如,網頁、文件、音訊檔、視訊檔等。系統架構另包含通訊介面260,讓處理單元210可藉以跟其他電子裝置進行溝通。通訊介面260可以是無線電信通訊模組(Wireless Telecommunications Module)、區域網路(Local Area Network,LAN)通訊模組或無線區域網路通訊模組(WLAN)。無線電信通訊模組(Wireless Telecommunications Module)可包含支援2G、3G、4G或以上技術世代的任意組合的調變解調器(Modem)。輸入裝置230可包含鍵盤、滑鼠、觸控面板等。使用者可按壓鍵盤上的硬鍵來輸入字元,藉由操作滑鼠來控制鼠標,或者是在觸控面板製造手勢來控制執行中的應用程式。手勢可包含單擊、雙擊、單指拖曳、多指拖曳等,但不限定於此。顯示單元220可包含顯示面板(例如,薄膜液晶顯示面板、有機發光二極體面板或其他具顯示能力的面板),用以顯示輸入的字元、數字、符號、拖曳鼠標的移動軌跡、繪製的圖案或應用程式所提供的畫面,提供給使用者觀看。
FIG. 2 is a system architecture diagram of a computing device according to an embodiment of the present invention. This system architecture can be implemented in any one of the
應用程式伺服器110提供一個應用程式執行的環境,為每個應用程式提供多樣的服務,例如,請求分派與負載平衡、數位認證中心、應用程式介面(Application Programming Interface,API)授權管理、用戶
授權/流量/網際網路通訊協定(Internet Protocol,IP)控制、組織階層管理、資安連線(SSL/TLS)管理、數位簽章驗證、機敏資料加密、單一登入主動目錄(Single Sign-On Active Directory,SSO AD)整合、跨站指令(Cross-Site Scripting,XSS)防駭攻擊、API熱部署、區段故障切換(Session Fail-over)、預防重複交易機制、貴賓API優先、異質部署/多版本運行、API偵錯、API軌跡紀錄、伺服器監控/告警、逐API/用戶報表、(Java)DC主機綁定管理、.NET站台綁定管理、註冊主機管理、API服務註冊、API模組佈署發佈、API組合與設計等。從另一面來說,這些功能也可以被多種不同的應用程式使用,因此,如上所述應用程式執行的環境又稱為共用服務平台(Shared Service Platform)。
The
為了不讓駭客猜出請求中敏感參數的意義,桌上型電腦151、平板電腦153或手機155可使用BCrypt演算法對一個或多個敏感參數加密以產生加密字串,獲得分別對應於一個或多個敏感參數的提示索引,依據提示索引和加密字串產生驗證字串。接著,桌上型電腦151、平板電腦153或手機155經由網路100傳送包含驗證字串的請求給應用程式伺服器110,使得應用程式伺服器110能通過檢查驗證字串的內容來判斷來源端是否為合法的用戶。接著,應用程式伺服器110可從請求中的驗證字串獲得加密字串和提示索引,依據提示索引取得敏感參數,使用相應於BCrypt演算法的驗證演算法來判斷加密字串是否相符於取得的敏感參數。如果相符,則代表通過驗證,應用程式伺服器110依據參數執行請求的功能並通過網路100回覆執行結果給桌上型電腦151、平板電腦153或手機155。
In order to prevent hackers from guessing the meaning of the sensitive parameters in the request, the
如果一個非法裝置攔截從桌上型電腦151、平板電腦153或手機155傳給應用程式伺服器110的請求,依據請求的內容假造出驗證字串,並且通過網路100傳送包含驗證字串的請求給應用程式伺服器110。由於敏感參數是使用BCrypt演算法加密,非法裝置假造出的驗證字串所返
回的加密字串和敏感參數通常是對不起來的,無法通過驗證。在應用程式伺服器110發現驗證不通過時,通過網路100回覆參數錯誤的訊息給非法裝置。
If an illegal device intercepts a request from a
圖3係依據本發明實施例的請求執行服務的方法流程圖,由桌上型電腦151、平板電腦153或手機155的處理單元210(以下簡稱處理單元210以求簡明)於載入並執行特定軟體模組時實施,用於請求應用程式伺服器110完成特定功能。詳細說明如下:
3 is a flowchart of a method for requesting execution of services according to an embodiment of the present invention. The processing unit 210 (hereinafter referred to as the
步驟S310:獲得相應於提示索引的參數,又稱為敏感參數。例如,表1顯示範例的資料表“TSMP_DP_ITEMS”:
步驟S320:使用BCrypt演算法對敏感參數加密以產生加密字串。詳細來說,BCrypt演算法先根據目前時間隨機產生鹽值(Salt),然後將鹽值和敏感參數進行雜湊計算(Hashing),用於產生加密字串。由於BCrypt演算法會在不同的時間點產生不同鹽值,因此,在不同時間點加密同一個敏感參數,都會產生不同的加密字串。就算駭客攔截從桌上型電腦151、平板電腦153或手機155傳給應用程式伺服器110的多個請求,依然難以歸納出這些加密字串在請求中的意義、規則和邏輯性。
Step S320: Use the BCrypt algorithm to encrypt the sensitive parameters to generate an encrypted string. In detail, the BCrypt algorithm first randomly generates a salt value (Salt) according to the current time, and then hashes the salt value and sensitive parameters to generate an encrypted string. Since the BCrypt algorithm will generate different salt values at different time points, encrypting the same sensitive parameter at different time points will generate different encrypted strings. Even if a hacker intercepts multiple requests from the
步驟S330:使用Base64演算法對加密字串編碼,用於產生編碼字串。使用Base64演算法的優點在於其編碼後的字串只會包含大寫英文字母“A”至“Z”、小寫英文字母“a”至“z”和數字“0”至“9”的任意組合,而不會包含其他的字元、特殊符號等。需要注意的是,經過Base64演算法的編碼後的字串會讓駭客更難歸納出這些加密字串在請求中的意義、規則和邏輯性。 Step S330: Use the Base64 algorithm to encode the encrypted string for generating the encoded string. The advantage of using the Base64 algorithm is that the encoded string will only contain any combination of uppercase English letters "A" to "Z", lowercase English letters "a" to "z" and numbers "0" to "9". It will not contain other characters, special symbols, etc. It should be noted that the strings encoded by the Base64 algorithm will make it more difficult for hackers to generalize the meaning, rules, and logic of these encrypted strings in the request.
步驟S340:組合編碼字串和提示索引以產生驗證字串。例如可以將驗證字串組織成以下格式:編碼字串+“,”+提示索引其中,“,”當作編碼字串和提示索引之間的分隔符號。在一些實施例中,分隔符號可以使用大寫英文字母“A”至“Z”、小寫英文字母“a”至“z”和數字“0”至“9”以外的任意字元。在另一些實施例中,編碼字串和提示索引的順序可以顛倒。 Step S340: Combine the code string and the prompt index to generate a verification string. For example, the verification string can be organized into the following format: code string + "," + prompt index, where "," is used as a separator between the code string and the prompt index. In some embodiments, the separator may use any characters other than uppercase English letters "A" to "Z", lowercase English letters "a" to "z", and numbers "0" to "9". In other embodiments, the order of the code string and the prompt index can be reversed.
在一些實施例中,步驟S330可以省略,而讓驗證字串組織成以下格式: 加密字串+“|”+提示索引其中,“|”當作加密字串和提示索引之間的分隔符號。在這裡需要注意的是,因為不使用Base64演算法做進一步的編碼,如果要使用其他符號來代替分隔符號“|”時,需要特別選用不會出現在加密字串的符號。 In some embodiments, step S330 can be omitted, and the verification string is organized into the following format: Encrypted string + "|" + prompt index Among them, "|" is used as the separator between the encrypted string and the prompt index. It should be noted here that because the Base64 algorithm is not used for further encoding, if you want to use other symbols to replace the delimiter "|", you need to specially select symbols that will not appear in the encrypted string.
步驟S350:將驗證字串加入請求。請求可以使用詢問字串(Query String)、格式物件(Form Object)或其他等同的格式包裝。 Step S350: Add the verification string to the request. The request can use query string (Query String), format object (Form Object) or other equivalent format packaging.
步驟S360:通過相應通訊介面260經由網路100傳送請求給應用程式伺服器110,用於請求應用程式伺服器110執行特定服務。處理單元210可使用超文本傳輸協定請求(Hypertext Transfer Protocol,HTTP Request)、超文本傳輸安全協定請求(Hypertext Transfer Protocol Secure,HTTPS Request)或其他通訊協定來傳送請求給應用程式伺服器110。
Step S360: Send a request to the
在這裡需要注意的是,請求中的所有參數並不一定都需要進行加密和編碼,可以有部分的參數維持明碼傳送,本發明並不因此侷限。 It should be noted here that all parameters in the request do not necessarily need to be encrypted and encoded, and some parameters may be transmitted in clear code, and the present invention is not limited thereby.
圖4係依據本發明實施例的執行客戶端所請求服務的方法流程圖,由應用程式伺服器110的處理單元210(以下簡稱處理單元210以求簡明)於載入並執行特定軟體模組時實施,用於驗證客戶端傳送的請求,並且依據驗證結果執行相應的操作。客戶端可以是合法客戶端,例如桌上型電腦151、平板電腦153以及手機155中之任一者,或者是非法裝置。
4 is a flowchart of a method for executing a service requested by a client according to an embodiment of the present invention. The
步驟S410:通過應用程式伺服器110的通訊介面260(以下簡稱通訊介面260以求簡明)經由網路100從客戶端接收請求。請求可包裝於詢問字串、格式物件或其他等同的格式中。處理單元210可使用超文本傳輸協定請求、超文本傳輸安全協定請求或其他通訊協定來從客戶端接收請求。
Step S410: Receive a request from the client via the
步驟S420:從請求取出驗證字串。處理單元210可依據如步驟S340中
提到的格式解析出驗證字串。
Step S420: Take out the verification string from the request. The
步驟S430:依據預設的分隔符號分割驗證字串,用於獲得編碼字串和提示索引。 Step S430: Divide the verification string according to the preset separation symbol to obtain the code string and the prompt index.
步驟S440:使用Base64演算法對編碼字串解碼以產生解碼字串(也可稱為加密字串)。 Step S440: Use the Base64 algorithm to decode the encoded string to generate a decoded string (also called an encrypted string).
步驟S450:獲得相應於提示索引的敏感參數。應用程數伺服器110的儲存裝置240(以下簡稱儲存裝置240以求簡明)可儲存資料庫,包含如上所述的範例資料表“TSMP_DP_ITEMS”。處理單元210可發出SQL命令給資料庫管理系統,用於取得相應於提示索引的敏感參數。
Step S450: Obtain sensitive parameters corresponding to the prompt index. The
步驟S460:使用相應於BCrypt演算法的驗證演算法對解碼字串和參數進行驗證。處理單元210可從解碼字串取出鹽值,然後使用鹽值、解碼字串和敏感參數進行運算,用於驗證解碼字串是否相符於敏感參數。
Step S460: Use a verification algorithm corresponding to the BCrypt algorithm to verify the decoded string and parameters. The
於另一些實施例中,如果應用程式伺服器110和客戶端間已經約定不進行Base64演算法的編/解碼時,處理單元210可省略步驟S450的處理,而在步驟S440中依據預設的分隔符號分割出加密字串和提示索引,並且在步驟S460中使用BCrypt演算法直接對加密字串和敏感參數進行驗證。
In other embodiments, if the
步驟S470:判斷是否通過驗證。如果通過驗證,則繼續進行步驟S480的處理。如果無法通過驗證,則繼續進行步驟S490的處理。 Step S470: Determine whether the verification is passed. If the verification is passed, the process of step S480 is continued. If the verification fails, the process of step S490 is continued.
步驟S480:根據請求中的參數執行服務並回覆執行結果給客戶端。在另一些實施例中,其根據的參數可以不包含如上所述隱藏關聯到驗證字串的敏感參數,本發明並不因此侷限。 Step S480: Execute the service according to the parameters in the request and reply the execution result to the client. In other embodiments, the parameters based on it may not include the sensitive parameters that are hidden and associated with the verification string as described above, and the present invention is not limited thereby.
步驟S490:回覆參數錯誤訊息給客戶端。 Step S490: Reply the parameter error message to the client.
本發明所述的方法中的全部或部分步驟可以電腦程式實現,例如電腦的作業系統、電腦中特定硬體的驅動程式、或軟體應用程式。此外,也可實現於如上所示的其他類型程式。所屬技術領域具有通常知識者 可將本發明實施例的方法撰寫成電腦程式,為求簡潔不再加以描述。依據本發明實施例方法實施的電腦程式,可儲存於適當的電腦可讀取資料載具,例如DVD、CD-ROM、USB碟、硬碟,亦可置於可通過網路(例如,網際網路,或其他適當載具)存取的網路伺服器。 All or part of the steps in the method of the present invention can be implemented by a computer program, such as a computer operating system, a specific hardware driver in the computer, or a software application program. In addition, it can also be implemented in other types of programs as shown above. Those with general knowledge in the technical field The method of the embodiment of the present invention can be written into a computer program, and will not be described for brevity. The computer program implemented according to the method of the embodiment of the present invention can be stored in a suitable computer readable data carrier, such as DVD, CD-ROM, USB disk, hard disk, and can also be placed on the Internet (for example, the Internet). Road, or other appropriate vehicle) to access the network server.
雖然圖2中包含了以上描述的元件,但不排除在不違反發明的精神下,使用更多其他的附加元件,已達成更佳的技術效果。此外,雖然圖3和圖4的步驟採用指定的順序來執行,但是在不違反發明精神的情況下,熟習此技藝人士可以在達到相同效果的前提下,修改這些步驟間的順序,所以,本發明並不侷限於僅使用如上所述的順序。此外,熟習此技藝人士亦可以將若干步驟整合為一個步驟,或者是除了這些步驟外,循序或平行地執行更多步驟,本發明亦不因此而侷限。 Although FIG. 2 includes the above-described elements, it is not excluded that, without violating the spirit of the invention, more other additional elements can be used to achieve better technical effects. In addition, although the steps in Figures 3 and 4 are executed in a specified order, those skilled in the art can modify the order of these steps on the premise of achieving the same effect without violating the spirit of the invention. Therefore, this The invention is not limited to using only the sequence described above. In addition, those skilled in the art can also integrate several steps into one step, or in addition to these steps, perform more steps sequentially or in parallel, and the present invention is not limited thereby.
雖然本發明使用以上實施例進行說明,但需要注意的是,這些描述並非用以限縮本發明。相反地,此發明涵蓋了熟習此技藝人士顯而易見的修改與相似設置。所以,申請權利要求範圍須以最寬廣的方式解釋來包含所有顯而易見的修改與相似設置。 Although the present invention is described using the above embodiments, it should be noted that these descriptions are not intended to limit the present invention. On the contrary, this invention covers modifications and similar arrangements that are obvious to those skilled in the art. Therefore, the scope of applied claims must be interpreted in the broadest way to include all obvious modifications and similar settings.
S310~S360:方法步驟 S310~S360: method steps
Claims (11)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109116331A TWI729812B (en) | 2020-05-15 | 2020-05-15 | Computer program product and apparatus for encrypting and verifying sensitive parameters |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109116331A TWI729812B (en) | 2020-05-15 | 2020-05-15 | Computer program product and apparatus for encrypting and verifying sensitive parameters |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI729812B true TWI729812B (en) | 2021-06-01 |
TW202145033A TW202145033A (en) | 2021-12-01 |
Family
ID=77517570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109116331A TWI729812B (en) | 2020-05-15 | 2020-05-15 | Computer program product and apparatus for encrypting and verifying sensitive parameters |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI729812B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
CN104704493A (en) * | 2012-08-15 | 2015-06-10 | 维萨国际服务协会 | Searchable encrypted data |
CN105409186A (en) * | 2013-06-06 | 2016-03-16 | 耐瑞唯信有限公司 | System and method for user authentication |
CN106664209A (en) * | 2014-08-26 | 2017-05-10 | 国际商业机器公司 | Password-based generation and management of secret cryptographic keys |
CN109347858A (en) * | 2018-11-16 | 2019-02-15 | 上海敬信软件技术有限公司 | Cipher code protection method, auth method, device, equipment and storage medium |
TW201928743A (en) * | 2017-12-15 | 2019-07-16 | 安地卡及巴布達商區塊鏈控股有限公司 | System and method for authenticating off-chain data based on proof verification |
TWM602231U (en) * | 2020-05-15 | 2020-10-01 | 昕力資訊股份有限公司 | Apparatus for encrypting and verifying sensitive parameters |
-
2020
- 2020-05-15 TW TW109116331A patent/TWI729812B/en active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
CN104704493A (en) * | 2012-08-15 | 2015-06-10 | 维萨国际服务协会 | Searchable encrypted data |
CN105409186A (en) * | 2013-06-06 | 2016-03-16 | 耐瑞唯信有限公司 | System and method for user authentication |
CN106664209A (en) * | 2014-08-26 | 2017-05-10 | 国际商业机器公司 | Password-based generation and management of secret cryptographic keys |
TW201928743A (en) * | 2017-12-15 | 2019-07-16 | 安地卡及巴布達商區塊鏈控股有限公司 | System and method for authenticating off-chain data based on proof verification |
CN109347858A (en) * | 2018-11-16 | 2019-02-15 | 上海敬信软件技术有限公司 | Cipher code protection method, auth method, device, equipment and storage medium |
TWM602231U (en) * | 2020-05-15 | 2020-10-01 | 昕力資訊股份有限公司 | Apparatus for encrypting and verifying sensitive parameters |
Non-Patent Citations (2)
Title |
---|
10程式中(andy6804tw),[Day-29](實作)bcrypt將使用者密碼加密,西元2018年1月8日,網址:https://ithelp.ithome.com.tw/articles/10196477 * |
10程式中(andy6804tw),[Day-29](實作)bcrypt將使用者密碼加密,西元2018年1月8日,網址:https://ithelp.ithome.com.tw/articles/10196477。 |
Also Published As
Publication number | Publication date |
---|---|
TW202145033A (en) | 2021-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11757641B2 (en) | Decentralized data authentication | |
JP6902037B2 (en) | Pattern matching based dataset extraction | |
EP2179532B1 (en) | System and method for authentication, data transfer, and protection against phishing | |
US7734600B1 (en) | Apparatus, method and system to implement an integrated data security layer | |
US8495358B2 (en) | Software based multi-channel polymorphic data obfuscation | |
US9003531B2 (en) | Comprehensive password management arrangment facilitating security | |
JP2008015733A (en) | Log management computer | |
Hajiali et al. | Preventing phishing attacks using text and image watermarking | |
TWM602231U (en) | Apparatus for encrypting and verifying sensitive parameters | |
TWI729812B (en) | Computer program product and apparatus for encrypting and verifying sensitive parameters | |
Sharif | Web Attacks Analysis and Mitigation Techniques | |
Lemmou et al. | Inside gandcrab ransomware | |
JP2016525750A (en) | Identifying misuse of legal objects | |
AU2014200698B2 (en) | A computer-implemented method for detecting domain injection or evasion | |
Msaad et al. | Honeysweeper: Towards stealthy honeytoken fingerprinting techniques | |
Islam et al. | Capable of Classifying the Tuples with Wireless Attacks Detection Using Machine Learning | |
Durai et al. | Decision tree classification-N tier solution for preventing SQL injection attack on websites | |
US11240267B1 (en) | Identifying and blocking fraudulent websites | |
US20230065787A1 (en) | Detection of phishing websites using machine learning | |
Duque Anton et al. | Creating It from SCRATCh: A Practical Approach for Enhancing the Security of IoT-Systems in a DevOps-Enabled Software Development Environment | |
Chughtai et al. | Deep learning trends and future perspectives of web security and vulnerabilities | |
JP2024009256A (en) | Authentication factor file, server, leakage detection method, and program | |
Tayal et al. | Implementing Security on E-Commerce Website | |
BR102013030941A2 (en) | automated method for banker detection |