WO2015078274A1 - Devices and methods for password storage - Google Patents

Devices and methods for password storage Download PDF

Info

Publication number
WO2015078274A1
WO2015078274A1 PCT/CN2014/090391 CN2014090391W WO2015078274A1 WO 2015078274 A1 WO2015078274 A1 WO 2015078274A1 CN 2014090391 W CN2014090391 W CN 2014090391W WO 2015078274 A1 WO2015078274 A1 WO 2015078274A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
segments
user
network servers
storage
Prior art date
Application number
PCT/CN2014/090391
Other languages
French (fr)
Inventor
Yansheng Jiang
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015078274A1 publication Critical patent/WO2015078274A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • H04L63/064Hierarchical key distribution, e.g. by multi-tier trusted parties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Definitions

  • Certain embodiments of the present invention are directed to computer technology. More particularly, some embodiments of the invention provide devices and methods for network technology. Merely by way of example, some embodiments of the invention have been applied to password storage. But it would be recognized that the invention has a much broader range of applicability.
  • a method for password storage For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.
  • a device for password storage includes: an establishment unit configured to establish communication interfaces with M network servers; wherein M is an integer greater than 1 and the M network servers are associated with M network service providers; a first detection unit configured to detect a password input by a user; a division unit configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and a transmission unit configured to transmit the N first password segments to the network servers via the communication interfaces for storage.
  • a non-transitory computer readable storage medium includes programming instructions for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.
  • the devices and methods disclosed herein are configured to store segments of a password into a plurality of network servers associated with network service providers, so as to reduce the risk that the password may be lost or stolen by a hacker, improve the reliability of password storage and enhance the security of private accounts of users.
  • Figure 1 is a simplified diagram showing a method for password storage according to one embodiment of the present invention.
  • Figure 2 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to one embodiment of the present invention.
  • Figure 3 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention.
  • Figure 4 is a simplified diagram showing part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention.
  • Figure 5 is a simplified diagram showing a device for password storage according to one embodiment of the present invention.
  • Figure 6 is a simplified diagram showing a terminal for password storage according to one embodiment of the present invention.
  • FIG. 1 is a simplified diagram showing a method for password storage according to one embodiment of the present invention.
  • the diagram is merely an example, which should not unduly limit the scope of the claims.
  • One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
  • the method 100 includes processes S101-S104.
  • passwords to be stored include passwords of private accounts for a user to log in various websites, passwords of various private accounts used in a user’s daily work, study and life, bank account passwords, access control passwords, etc.
  • the process S101 includes: establishing communication interfaces with M network servers (e.g., respectively) .
  • M is an integer greater than 1
  • the M network servers belong to M network service providers (e.g., respectively) .
  • the network service providers refer to companies which provide network services, such as e-mails, network storage, personal spaces, web-notes, etc.
  • the network service providers are mutually independent and have independent network servers respectively.
  • the network servers generally have strong computing power and concurrent processing power, and are specially configured to provide corresponding network services to the users over a network.
  • communication connections with the M network servers are established and can be realized via the pre-established communication interfaces between a local computer and the M network servers.
  • the local computer supports communication parameters related to a network communication protocol, a communication port, etc., which are consistent with the network server.
  • host addresses of the network servers are acquired.
  • account names and passwords required by the network servers are acquired.
  • SMTP Simple Mail Transfer Protocol
  • POP3 Post Office Protocol 3
  • the local computer needs to support the SMTP/POP3, set a corresponding mail reception server address (e.g., SMTP: smtp. abc.
  • a corresponding mail sending server address e.g., pop. abc. com
  • the local computer needs to set an account name (e.g., an e-mail address) and a password (e.g., an e-mail password) for logging in a mail server.
  • a corresponding port parameter is set based on whether mail reception and sending need to be encrypted using an SSL (Secure Sockets Layer) .
  • the process S102 includes: detecting a password input by a user.
  • the password input by the user is acquired by detecting an input device, e.g., a physical keyboard, a mouse, a touch screen, etc.
  • the process S103 includes: dividing the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M.
  • the password input by the user and detected in the process S102 is subject to segmentation processing and is divided into N segments, wherein the divided segments do not exceed the number of the communication interfaces established in the process S101.
  • the password input by the user is divided into N segments in sequence with a random method.
  • the password input by the user is "12345678" and N is equal to 2.
  • the password is automatically divided into two password segments "123" and “45678” with a random segmentation method.
  • the password is automatically divided to obtain two password segments "1234" and "5678. "
  • the number of characters in each password segment is randomly determined, the divided password segments follow the original sequence of the password segments in the password, so that the password segments can be stored into the corresponding network servers in sequence in subsequent processes, according to some embodiments.
  • the password is generated by correctly splicing the plurality of password segments in subsequent password retrieval.
  • the process S103 includes: dividing the password input by the user into N segments according to one or more preset rules.
  • the preset rules include evenly dividing the password input by the user into N segments.
  • an input form for setting each password segment is directly displayed in a trigger password segmentation interface (e.g., a password segmentation interface) .
  • the user inputs each password segment of the password to be stored according to his/her habits, and thus password segmentation is completed while the password input by the user is detected.
  • the password segmentation is performed by detecting the password segments input by the user, the password segmentation is not performed in sequence, but can be performed according to the memorization ability of the user.
  • the password “12345678" is evenly divided in sequence into one password segment “1234" , and another password segment "5678. " The two password segments are subsequently transmitted to the network servers (e.g., corresponding to sequence numbers) for storage.
  • the network servers e.g., corresponding to sequence numbers
  • the user sets the password segments of the password "12345678” one password segment can be "5678”
  • another password segment can be "1234.
  • the two password segments are subsequently transmitted to the network servers (e.g., corresponding to sequence numbers) for storage. As the sequence of the password segments is changed, the reliability of password storage is improved, according to some embodiments.
  • the process S104 includes: transmitting the N first password segments to the network servers via the communication interfaces for storage.
  • the N password segments are sent out respectively via the different communication interfaces established in the process S101, and are transmitted to the network servers corresponding to the communication interfaces for storage.
  • a password is divided sequentially to obtain three password segments P1, P2 and P3.
  • P1 is sent out via a first communication interface
  • P2 is sent out via a second communication interface
  • P3 is sent out via a third communication interface accordingly.
  • the correct password can be generated by splicing the retrieved three password segments based on a corresponding relationship between each password segment and each communication interface, according to some embodiments.
  • the password segments can be directly transmitted to the network servers for storage in a manner of a clear text, or can be transmitted to the network servers for storage in a manner of converting the clear text into a cipher text (e.g. , MD5 (Message Digest Algorithm 5) ) so as to further improve the security of password storage.
  • a cipher text e.g. , MD5 (Message Digest Algorithm 5)
  • the password segments obtained by dividing each password are transmitted to the corresponding communication interfaces in sequence.
  • a password P is divided into P1, P2 and P3.
  • a password Q is divided into Q1, Q2 and Q3. Both P1 and Q1 are transmitted via a first communication interface, both P2 and Q2 are transmitted via a second communication interface, and both P3 and Q3 are transmitted via a third communication interface.
  • FIG 2 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to one embodiment of the present invention.
  • the diagram is merely an example, which should not unduly limit the scope of the claims.
  • One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
  • the process S104 includes sub-processes S201 and S202.
  • the sub-process S201 includes: adding account identifications for the N first password segments, where an account identification is configured to uniquely identify an account corresponding to the password input by the user.
  • the account identifications can be input by the user and detected concurrently when the user inputs the password.
  • the account identifications are configured to uniquely identify the account corresponding to the password input by the user.
  • a user name of the user on a website www. A. com is B, and the account identification can be A or B.
  • the account identification is defined by the user, and can identify a character string of the account corresponding to the password.
  • the account identifications are added for the password segments obtained by division.
  • the account identifications added into the password segments can uniquely identify the account corresponding to the password to which the password segment belongs.
  • an addition process for account identifications can be realized via separators.
  • an account identification is A
  • a password segment is "1234" , so that a character string "A: 1234" is obtained after the account identification is added.
  • the character string prior to ": " is the account identification
  • the character string after ":” is the password segment.
  • the process S202 includes transmitting the N first password segments with the account identifications to the network servers via the communication interfaces for storage.
  • the password segments added with the account identifications are transmitted to the corresponding network servers respectively via the different communication interfaces for storage.
  • each password segment can be effectively distinguished, and subsequent password retrieval is facilitated.
  • Figure 3 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention.
  • the diagram is merely an example, which should not unduly limit the scope of the claims.
  • One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
  • stored password segments are backed up to avoid data loss or password loss resulting from an attack on the network servers (e.g., DDoS (Distributed Denial of Service) ) .
  • the process S104 includes: sub-processes S301 –S302.
  • the sub-process S301 includes: copying the N first password segments to form aN second password segments.
  • the sub-process S302 includes: transmitting the aN second password segments to the network servers via the communication interfaces for storage.
  • a password P is divided to obtain three password segments P1, P2 and P3, and the three password segments are duplicated firstly.
  • P1 is transmitted via a first communication interface and a second communication interface.
  • P2 is transmitted via a third communication interface and a fourth communication interface
  • P3 is transmitted via a fifth communication interface and a sixth communication interface.
  • the communication interfaces established in the process S101 have a requirement that the number M of the established communication interfaces is a times of the number N of the password segments.
  • the password storage risk is diversified to different network service providers.
  • the password is stored in a network server, which is convenient for the user to acquire corresponding data anytime and anywhere when needing to retrieve the password.
  • the same password is separately stored on different and mutually independent network servers.
  • the probability that one hacker simultaneously attacks the network servers of two mutually independent network service providers is very low. It is very difficult for the hacker to acquire the password completely, thus the reliability of password storage is greatly improved, and the security of a private account of the user is effectively enhanced, according to some embodiments.
  • the password segments stored on each network server are directly re-acquired via the communication interfaces established in the process S101 and are spliced, according to some embodiments.
  • Figure 4 is a simplified diagram showing part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention.
  • the diagram is merely an example, which should not unduly limit the scope of the claims.
  • One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
  • a plurality of password segments associated with different accounts are stored in a same network server.
  • the method 100 further includes: processes S401-S402.
  • the process S401 includes: detecting the account identifications input by the user.
  • the user can input the account identifications which are input during password storage, and the local computer detects the account identifications input by the user by detecting an input device such as a physical keyboard, a mouse, and a touch screen.
  • the process S402 includes: acquiring the first password segments with the account identifications stored on the network servers via the communication interfaces based on at least information associated with the account identifications; and restoring the password input by the user based on at least information associated with the acquired first password segments.
  • a mail box is logged in via a communication interface, and mails carrying account identifications in mail subjects or mail full texts are searched. For example, password segments in the mails are extracted. In another example, all password segments added with the account identifications are extracted from different network servers in the above manner and the password can be restored by splicing.
  • the network service providers can provide HTTPS (Secure Hypertext Transfer Protocol) services, while the locally established communication interfaces also need to support HTTPS access, and thus the password can be retrieved.
  • HTTPS Secure Hypertext Transfer Protocol
  • FIG. 5 is a simplified diagram showing a device for password storage according to one embodiment of the present invention.
  • the diagram is merely an example, which should not unduly limit the scope of the claims.
  • a device 500 is included in a terminal, such as a mobile phone, a tablet computer, and a laptop.
  • the device 500 is configured to run the password storage method 100 as shown in Figures 1-4.
  • the device 500 includes: an establishment unit 51 configured to establish communication interfaces with M network servers; wherein M is an integer greater than 1 and the M network servers are associated with M network service providers; a first detection unit 52 configured to detect a password input by a user; a division unit 53 configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and a transmission unit 54 configured to transmit the N first password segments to the network servers via the communication interfaces for storage.
  • the division unit 53 is further configured to randomly divide the password input by the user into N segments in sequence.
  • the division unit 53 is further configured to divide the password input by the user into N segments according to one or more preset rules.
  • the transmission unit 54 includes: an addition subunit configured to add account identifications for the N first password segments, wherein an account identification is configured to uniquely identify an account corresponding to the password input by the user; and a first transmission subunit configured to transmit the N first password segments with the account identifications to the network servers via the communication interfaces for storage.
  • M is a times of N, and a is an integer greater than 1.
  • the transmission unit 54 includes: a duplication subunit configured to copy the N first password segments to form aN second password segments; and a first transmission subunit configured to transmit the aN second password segments to the network servers via the communication interfaces for storage.
  • the device 500 further includes: a second detection unit configured to detect the account identifications input by the user; and an acquisition unit configured to acquire the first password segments with the account identifications stored on the network servers via the communication interfaces based on at least information associated with the account identifications and restore the password input by the user based on at least information associated with the acquired first password segments.
  • FIG. 6 is a simplified diagram showing a terminal for password storage according to one embodiment of the present invention.
  • the diagram is merely an example, which should not unduly limit the scope of the claims.
  • One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
  • the terminal 600 (e.g., a mobile phone) includes a RF (i.e., radio frequency) circuit 610, a memory 620 (e.g., including one or more computer-readable storage media) , an input unit 630, a display unit 640, a sensor 650, an audio circuit 660, a wireless communication module 670 (e.g., a WiFi module) , one or more processors 680 that includes one or more processing cores, and a power supply 690.
  • the RF circuit 610 is configured to send/receive messages or signals in communication.
  • the RF circuit 610 receives a base station’s downlink information, delivers to the processors 680 for processing, and sends uplink data to the base station.
  • the RF circuit 610 includes an antenna, at least one amplifier, a tuner, one or several oscillators, a SIM (Subscriber Identity Module) card, a transceiver, a coupler, an LNA (Low Noise Amplifier) , a duplexer, etc.
  • SIM Subscriber Identity Module
  • the RF circuit 610 includes an antenna, at least one amplifier, a tuner, one or several oscillators, a SIM (Subscriber Identity Module) card, a transceiver, a coupler, an LNA (Low Noise Amplifier) , a duplexer, etc.
  • LNA Low Noise Amplifier
  • the RF circuit 610 communicates with the network and other equipments via wireless communication based on any communication standard or protocols, such as GSM (Global System of Mobile communication) , GPRS (General Packet Radio Service) , CDMA (Code Division Multiple Access) , WCDMA (Wideband Code Division Multiple Access) , LTE (Long Term Evolution) , email, SMS (Short Messaging Service) , etc.
  • GSM Global System of Mobile communication
  • GPRS General Packet Radio Service
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • email Short Messaging Service
  • the memory 620 is configured to store software programs and modules.
  • the processors 680 are configured to execute various functional applications and data processing by running the software programs and modules stored in the memory 620.
  • the memory 620 includes a program storage area and a data storage area, where the program storage area may store the operating system, and the application (s) required by one or more functions (e.g., an audio player or a video player) , in some embodiments.
  • the data storage area stores the data created based on the use of the terminal 600 (e.g., audio data or a phone book) .
  • the memory 620 includes a high-speed random access storage, a non-volatile memory, one or more floppy disc storage devices, a flash storage device or other volatile solid storage devices.
  • the memory 620 further includes a memory controller to enable access to the memory 620 by the processors 680 and the input unit 630.
  • the input unit 630 is configured to receive an input number or character data and generate inputs for a keyboard, a mouse, and a joystick, optical or track signals relating to user setting and functional control.
  • the input unit 630 includes a touch-sensitive surface 631 and other input devices 632.
  • the touch-sensitive surface 631 e.g., a touch screen or a touch panel
  • the touch-sensitive surface 631 is configured to receive the user’s touch operations thereon or nearby (e.g., the user's operations on or near the touch-sensitive surface with a finger, a touch pen or any other appropriate object or attachment) and drive the corresponding connected devices according to the predetermined program.
  • the touch-sensitive surface 631 includes two parts, namely a touch detector and a touch controller.
  • the touch detector detects the position of user touch and the signals arising from such touches and sends the signals to the touch controller.
  • the touch controller receives touch data from the touch detector, converts the touch data into the coordinates of the touch point, sends the coordinates to the processors 680 and receives and executes the commands received from the processors 680.
  • the touch-sensitive surface 631 is of a resistance type, a capacitance type, an infrared type and a surface acoustic wave type.
  • the input unit 630 includes the other input devices 632.
  • the other input devices 632 include one or more physical keyboards, one or more functional keys (e.g., volume control keys or switch keys) , a track ball, a mouse and/or a joystick.
  • the display unit 640 is configured to display data input from a user or provided to the user, and includes various graphical user interfaces of the terminal 600.
  • these graphical user interfaces include menus, graphs, texts, icons, videos, a combination thereof, etc.
  • the display unit 640 includes a display panel 641 which contains a LCD (liquid crystal display) , an OLED (organic light-emitting diode) .
  • the touch-sensitive surface can cover the display panel 641.
  • the touch-sensitive surface upon detecting any touch operations thereon or nearby, the touch-sensitive surface sends signals to the processors 680 to determine the type of the touch events and then the processors 680 provides corresponding visual outputs on the display panel 641 according to the type of the touch events.
  • the touch-sensitive surface 631 and the display panel 641 are two independent parts for input and output respectively, the touch-sensitive surface 631 and the display panel 641 can be integrated for input and output, in some embodiments.
  • the terminal 600 includes a sensor 650 (e.g., an optical sensor, a motion sensor) .
  • the sensor 650 includes an environment optical sensor and adjusts the brightness of the display panel 641 according to the environmental luminance.
  • the sensor 650 includes a proximity sensor and turns off or backlights the display panel when the terminal 600 moves close to an ear of a user.
  • the sensor 650 includes a motion sensor (e.g., a gravity acceleration sensor) and detects a magnitude of acceleration in all directions (e.g., three axes) . Particularly, the sensor 650 detects a magnitude and a direction of gravity when staying still.
  • the senor 650 is used for identifying movements of a cell phone (e.g., a switch of screen direction between horizontal and vertical, related games, and a calibration related to a magnetometer) and features related to vibration identification (e.g., a pedometer or a strike) .
  • the sensor 650 includes a gyroscope, a barometer, a hygroscope, a thermometer and/or an infrared sensor.
  • the audio circuit 660, a speaker 661, and a microphone 662 are configured to provide an audio interface between a user and the terminal 600.
  • the audio circuit 660 is configured to transmit electrical signals converted from certain audio data to the speaker that converts such electrical signals into some output audio signals.
  • the microphone 662 is configured to convert audio signals into electrical signals which are converted into audio data by the audio circuit 660.
  • the audio data are processed in the processors 680 and received by the RF circuit 610 before being sent to another terminal, in some embodiments.
  • the audio data are output to the memory 620 for further processing.
  • the audio circuit 660 includes an earphone jack for communication between a peripheral earphone and the terminal 600.
  • the wireless communication module 670 includes a WiFi (e.g., wireless fidelity, a short-distance wireless transmission technology) module, a Bluetooth module, an infrared communication module, etc.
  • the terminal 600 enables the user to receive and send emails, browse webpages, and/or access stream media.
  • the terminal 600 is configured to provide the user with a wireless broadband Internet access.
  • the wireless communication module 670 is omitted in the terminal 600.
  • the processors 680 are the control center of the terminal 600.
  • the processors 680 is connected to various parts of the terminal 600 (e.g., a cell phone) via various interfaces and circuits, and executes various features of the terminal 600 and processes various data through operating or executing the software programs and/or modules stored in the memory 620 and calling the data stored in the memory 620, so as to monitor and control the terminal 600 (e.g., a cell phone) .
  • the processors 680 include one or more processing cores.
  • the processors 680 is integrated with an application processor and a modem processor, where the application processor mainly handles the operating system, the user interface and the applications and the modem processor mainly handles wireless communications. In some embodiments, the modem processor is not integrated into the processors 680.
  • the terminal 600 includes the power supply 690 (e.g., a battery) that powers up various parts.
  • the power supply 690 is logically connected to the processors 680 via a power source management system so that the charging, discharging and power consumption can be managed via the power source management system.
  • the power supply 690 includes one or more DC or AC power sources, a recharging system, a power-failure-detection circuit, a power converter, an inverter, a power source state indicator, or other components.
  • the terminal 600 includes a camcorder, a Bluetooth module, a near field communication module, etc.
  • the processors 680 of the terminal 600 load executable files/codes associated with one or more applications to the memory 620 and run the applications stored in the memory 620 according to the method 100 as shown in Figure 1, the method 200 as shown in Figure 2, the method 300 as shown in Figure 3, and/or the method 400 as shown in Figure 4.
  • a computer readable storage medium is configured to store executable files/codes associated with one or more applications which can be executed using one or more data processors to perform the method 100 as shown in Figure 1, the method 200 as shown in Figure 2, the method 300 as shown in Figure 3, and/or the method 400 as shown in Figure 4.
  • the storage medium is included in the memory 620. In another example, the storage medium is not included in the terminal 600.
  • a graphic user interface is implemented on a terminal (e.g., the terminal 600) for performing the method 100 as shown in Figure 1, the method 200 as shown in Figure 2, the method 300 as shown in Figure 3, and/or the method 400 as shown in Figure 4.
  • a method for password storage For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.
  • the method is implemented according to at least Figure 1.
  • a device for password storage includes: an establishment unit configured to establish communication interfaces with M network servers; wherein M is an integer greater than 1 and the M network servers are associated with M networkservice providers; a first detection unit configured to detect a password input by a user; a division unit configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and a transmission unit configured to transmit the N first password segments to the network servers via the communication interfaces for storage.
  • the device is implemented according to at least Figure 5.
  • a non-transitory computer readable storage medium includes programming instructions for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.
  • the storage medium is implemented according to at least Figure 1.
  • some or all components of various embodiments of the present invention each are, individually and/or in combination with at least another component, implemented using one or more software components, one or more hardware components, and/or one or more combinations of software and hardware components.
  • some or all components of various embodiments of the present invention each are, individually and/or in combination with at least another component, implemented in one or more circuits, such as one or more analog circuits and/or one or more digital circuits.
  • various embodiments and/or examples of the present invention can be combined.
  • the methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by the device processing subsystem.
  • the software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform the methods and operations described herein.
  • Other implementations may also be used, however, such as firmware or even appropriately designed hardware configured to perform the methods and systems described herein.
  • the systems’a nd methods’ data may be stored and implemented in one or more different types of computer-implemented data stores, such as different types of storage devices and programming constructs (e.g., RAM, ROM, EEPROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, application programming interface, etc. ) .
  • storage devices and programming constructs e.g., RAM, ROM, EEPROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, application programming interface, etc.
  • data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
  • the systems and methods may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer’s hard drive, DVD, etc. ) that contain instructions (e.g., software) for use in execution by a processor to perform the methods’ operations and implement the systems described herein.
  • computer storage mechanisms e.g., CD-ROM, diskette, RAM, flash memory, computer’s hard drive, DVD, etc.
  • instructions e.g., software
  • the computer components, software modules, functions, data stores and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations.
  • a module or processor includes a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm) , or as an applet, or in a computer script language, or as another type of computer code.
  • the software components and/or functionality may be located on a single computer or distributed across multiple computers depending upon the situation at hand.
  • the computing system can include client devices and servers.
  • a client device and server are generally remote from each other and typically interact through a communication network.
  • the relationship of client device and server arises by virtue of computer programs running on the respective computers and having a client device-server relationship to each other.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

Devices and methods are provided for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.

Description

DEVICES AND METHODS FOR PASSWORD STORAGE
CROSS-REFERENCES TO RELATED APPLICATIONS
The application claims priority to Chinese Patent Application No. 201310627867.5, filed November 28, 2013, incorporated by reference herein for all purposes.
BACKGROUND OF THE INVENTION
Certain embodiments of the present invention are directed to computer technology. More particularly, some embodiments of the invention provide devices and methods for network technology. Merely by way of example, some embodiments of the invention have been applied to password storage. But it would be recognized that the invention has a much broader range of applicability.
Usually, people enjoy various customer-oriented services by logging in a private account. With the promotion and popularization of network services, many websites often request a user to log in a private account when the user visits the websites, and thus the user may need to remember more and more private accounts.
Users often tend to record passwords of all accounts on a paper document or input the passwords of all accounts into an electronic document to be stored on the computer. However, the above-noted conventional password storage may not be reliable. Once the paper document is lost or a local computer disk is destroyed, the stored passwords of all accounts may not be retrieved. Once the paper document is stolen or a local computer is attacked, the stored passwords of all accounts are likely to be divulged, which may cause greater potential safety hazards.
Hence it is highly desirable to improve the techniques for password storage.
BRIEF SUMMARY OF THE INVENTION
According to one embodiment, a method is provided for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.
According to another embodiment, a device for password storage includes: an establishment unit configured to establish communication interfaces with M network servers;  wherein M is an integer greater than 1 and the M network servers are associated with M network service providers; a first detection unit configured to detect a password input by a user; a division unit configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and a transmission unit configured to transmit the N first password segments to the network servers via the communication interfaces for storage.
According to yet another embodiment, a non-transitory computer readable storage medium includes programming instructions for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage.
For example, the devices and methods disclosed herein are configured to store segments of a password into a plurality of network servers associated with network service providers, so as to reduce the risk that the password may be lost or stolen by a hacker, improve the reliability of password storage and enhance the security of private accounts of users.
Depending upon embodiment, one or more benefits may be achieved. These benefits and various additional objects, features and advantages of the present invention can be fully appreciated with reference to the detailed description and accompanying drawings that follow.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a simplified diagram showing a method for password storage according to one embodiment of the present invention.
Figure 2 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to one embodiment of the present invention.
Figure 3 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention.
Figure 4 is a simplified diagram showing part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention.
Figure 5 is a simplified diagram showing a device for password storage according to one embodiment of the present invention.
Figure 6 is a simplified diagram showing a terminal for password storage according to one embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
Figure 1 is a simplified diagram showing a method for password storage according to one embodiment of the present invention. The diagram is merely an example, which should not unduly limit the scope of the claims. One of ordinary skill in the art would recognize many variations, alternatives, and modifications. The method 100 includes processes S101-S104.
According to one embodiment, passwords to be stored include passwords of private accounts for a user to log in various websites, passwords of various private accounts used in a user’s daily work, study and life, bank account passwords, access control passwords, etc. For example, the process S101 includes: establishing communication interfaces with M network servers (e.g., respectively) . As an example, M is an integer greater than 1, and the M network servers belong to M network service providers (e.g., respectively) . As another example, the network service providers refer to companies which provide network services, such as e-mails, network storage, personal spaces, web-notes, etc. As yet another example, the network service providers are mutually independent and have independent network servers respectively. As yet another example, the network servers generally have strong computing power and concurrent processing power, and are specially configured to provide corresponding network services to the users over a network.
According to another embodiment, communication connections with the M network servers are established and can be realized via the pre-established communication interfaces between a local computer and the M network servers. For example, the local computer supports communication parameters related to a network communication protocol, a communication port, etc., which are consistent with the network server. As an example, host addresses of the network servers are acquired. As another example, account names and passwords required by the network servers are acquired. As yet another example, if an e-mail service provided by a network service provider supports SMTP (Simple Mail Transfer Protocol) /POP3 (Post Office Protocol 3) , the local computer needs to support the SMTP/POP3, set a corresponding mail reception server address (e.g., SMTP: smtp. abc. com) , and set a corresponding mail sending server address (e.g., pop. abc. com) . As yet another example, the local computer needs to set an account name (e.g., an e-mail address) and a password (e.g., an e-mail password) for logging in a mail server. As yet another example, a  corresponding port parameter is set based on whether mail reception and sending need to be encrypted using an SSL (Secure Sockets Layer) .
According to yet another embodiment, the process S102 includes: detecting a password input by a user. For example, the password input by the user is acquired by detecting an input device, e.g., a physical keyboard, a mouse, a touch screen, etc. As an example, the process S103 includes: dividing the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M. As another example, the password input by the user and detected in the process S102 is subject to segmentation processing and is divided into N segments, wherein the divided segments do not exceed the number of the communication interfaces established in the process S101.
In one embodiment, for a password segmentation method, the password input by the user is divided into N segments in sequence with a random method. For example, the password input by the user is "12345678" and N is equal to 2. The password is automatically divided into two password segments "123" and "45678" with a random segmentation method. Or the password is automatically divided to obtain two password segments "1234" and "5678. " Although the number of characters in each password segment is randomly determined, the divided password segments follow the original sequence of the password segments in the password, so that the password segments can be stored into the corresponding network servers in sequence in subsequent processes, according to some embodiments. For example, the password is generated by correctly splicing the plurality of password segments in subsequent password retrieval.
In another embodiment, the process S103 includes: dividing the password input by the user into N segments according to one or more preset rules. For example, the preset rules include evenly dividing the password input by the user into N segments. In another example, an input form for setting each password segment is directly displayed in a trigger password segmentation interface (e.g., a password segmentation interface) . As an example, the user inputs each password segment of the password to be stored according to his/her habits, and thus password segmentation is completed while the password input by the user is detected. As another example, when the password segmentation is performed by detecting the password segments input by the user, the password segmentation is not performed in sequence, but can be performed according to the memorization ability of the user. For instance, if the password "12345678" is evenly divided in sequence into one password segment "1234" , and another password segment "5678. " The two password segments are subsequently transmitted to the network servers (e.g., corresponding to sequence numbers) for storage. In another example, if the user sets the password segments of the password "12345678" , one password segment can be "5678" , and another password segment can be "1234. " The two  password segments are subsequently transmitted to the network servers (e.g., corresponding to sequence numbers) for storage. As the sequence of the password segments is changed, the reliability of password storage is improved, according to some embodiments.
In yet another embodiment, the process S104 includes: transmitting the N first password segments to the network servers via the communication interfaces for storage. For example, after acquiring the N password segments in the process S103, the N password segments are sent out respectively via the different communication interfaces established in the process S101, and are transmitted to the network servers corresponding to the communication interfaces for storage. For instance, a password is divided sequentially to obtain three password segments P1, P2 and P3. P1 is sent out via a first communication interface, P2 is sent out via a second communication interface and P3 is sent out via a third communication interface accordingly. In password retrieval, the correct password can be generated by splicing the retrieved three password segments based on a corresponding relationship between each password segment and each communication interface, according to some embodiments.
According to one embodiment, the password segments can be directly transmitted to the network servers for storage in a manner of a clear text, or can be transmitted to the network servers for storage in a manner of converting the clear text into a cipher text (e.g. , MD5 (Message Digest Algorithm 5) ) so as to further improve the security of password storage. For example, in the case that a plurality of passwords need to be stored, the password segments obtained by dividing each password are transmitted to the corresponding communication interfaces in sequence. For instance, a password P is divided into P1, P2 and P3. As an example, a password Q is divided into Q1, Q2 and Q3. Both P1 and Q1 are transmitted via a first communication interface, both P2 and Q2 are transmitted via a second communication interface, and both P3 and Q3 are transmitted via a third communication interface.
Figure 2 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to one embodiment of the present invention. The diagram is merely an example, which should not unduly limit the scope of the claims. One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
According to one embodiment, to better distinguish private accounts to which both passwords belong in password retrieval, the process S104 includes sub-processes S201 and S202. For example, the sub-process S201 includes: adding account identifications for the N first password segments, where an account identification is configured to uniquely identify an account corresponding to the password input by the user. As an example, the account identifications can be  input by the user and detected concurrently when the user inputs the password. As another example, the account identifications are configured to uniquely identify the account corresponding to the password input by the user. As yet another example, a user name of the user on a website www. A. com is B, and the account identification can be A or B. As yet another example, the account identification is defined by the user, and can identify a character string of the account corresponding to the password. As yet another example, after the account identifications corresponding to the password input by the user are acquired, the account identifications are added for the password segments obtained by division. As yet another example, the account identifications added into the password segments can uniquely identify the account corresponding to the password to which the password segment belongs.
According to another embodiment, an addition process for account identifications can be realized via separators. For instance, an account identification is A, and a password segment is "1234" , so that a character string "A: 1234" is obtained after the account identification is added. As an example, the character string prior to ": " is the account identification, and the character string after ":" is the password segment. As another example, the process S202 includes transmitting the N first password segments with the account identifications to the network servers via the communication interfaces for storage. As yet another example, as the plurality of password segments belonging to different accounts are stored in the same network server, the password segments added with the account identifications are transmitted to the corresponding network servers respectively via the different communication interfaces for storage. As yet another example, each password segment can be effectively distinguished, and subsequent password retrieval is facilitated.
Figure 3 is a simplified diagram showing a process for transmitting password segments for storage as part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention. The diagram is merely an example, which should not unduly limit the scope of the claims. One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
According to some embodiments, stored password segments are backed up to avoid data loss or password loss resulting from an attack on the network servers (e.g., DDoS (Distributed Denial of Service) ) . For example, the process S104 includes: sub-processes S301 –S302.  As an example, the sub-process S301 includes: copying the N first password segments to form aN second password segments. As another example, the sub-process S302 includes: transmitting the aN second password segments to the network servers via the communication interfaces for storage. For example, a password P is divided to obtain three password segments P1, P2 and P3, and the three password segments are duplicated firstly. In another example, P1 is transmitted via a first communication  interface and a second communication interface. In yet another example, P2 is transmitted via a third communication interface and a fourth communication interface, and P3 is transmitted via a fifth communication interface and a sixth communication interface. In yet another example, the communication interfaces established in the process S101 have a requirement that the number M of the established communication interfaces is a times of the number N of the password segments.
According to certain embodiments, the password storage risk is diversified to different network service providers. On one hand, the password is stored in a network server, which is convenient for the user to acquire corresponding data anytime and anywhere when needing to retrieve the password. On the other hand, the same password is separately stored on different and mutually independent network servers. Usually, the probability that one hacker simultaneously attacks the network servers of two mutually independent network service providers is very low. It is very difficult for the hacker to acquire the password completely, thus the reliability of password storage is greatly improved, and the security of a private account of the user is effectively enhanced, according to some embodiments.
When the password needs to be retrieved in the subsequent process, the password segments stored on each network server are directly re-acquired via the communication interfaces established in the process S101 and are spliced, according to some embodiments.
Figure 4 is a simplified diagram showing part of the method for password storage as shown in Figure 1 according to another embodiment of the present invention. The diagram is merely an example, which should not unduly limit the scope of the claims. One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
 According to some embodiments, a plurality of password segments associated with different accounts are stored in a same network server. For example, after the process S104, the method 100 further includes: processes S401-S402. As an example, the process S401 includes: detecting the account identifications input by the user. As another example, to retrieve the password, the user can input the account identifications which are input during password storage, and the local computer detects the account identifications input by the user by detecting an input device such as a physical keyboard, a mouse, and a touch screen. As another example, the process S402 includes: acquiring the first password segments with the account identifications stored on the network servers via the communication interfaces based on at least information associated with the account identifications; and restoring the password input by the user based on at least information associated with the acquired first password segments.
According to certain embodiments, a mail box is logged in via a communication interface, and mails carrying account identifications in mail subjects or mail full texts are searched. For example, password segments in the mails are extracted. In another example, all password segments added with the account identifications are extracted from different network servers in the above manner and the password can be restored by splicing. In yet another example, the network service providers can provide HTTPS (Secure Hypertext Transfer Protocol) services, while the locally established communication interfaces also need to support HTTPS access, and thus the password can be retrieved.
Figure 5 is a simplified diagram showing a device for password storage according to one embodiment of the present invention. The diagram is merely an example, which should not unduly limit the scope of the claims. One of ordinary skill in the art would recognize many variations, alternatives, and modifications. For example, a device 500 is included in a terminal, such as a mobile phone, a tablet computer, and a laptop. As an example, the device 500 is configured to run the password storage method 100 as shown in Figures 1-4.
According to one embodiment, the device 500 includes: an establishment unit 51 configured to establish communication interfaces with M network servers; wherein M is an integer greater than 1 and the M network servers are associated with M network service providers; a first detection unit 52 configured to detect a password input by a user; a division unit 53 configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and a transmission unit 54 configured to transmit the N first password segments to the network servers via the communication interfaces for storage.
According to another embodiment, the division unit 53 is further configured to randomly divide the password input by the user into N segments in sequence. For example, the division unit 53 is further configured to divide the password input by the user into N segments according to one or more preset rules. In another example, the transmission unit 54 includes: an addition subunit configured to add account identifications for the N first password segments, wherein an account identification is configured to uniquely identify an account corresponding to the password input by the user; and a first transmission subunit configured to transmit the N first password segments with the account identifications to the network servers via the communication interfaces for storage.
According to yet another embodiment, M is a times of N, and a is an integer greater than 1. For example, the transmission unit 54 includes: a duplication subunit configured to copy the N first password segments to form aN second password segments; and a first transmission subunit configured to transmit the aN second password segments to the network servers via the  communication interfaces for storage. As an example, the device 500 further includes: a second detection unit configured to detect the account identifications input by the user; and an acquisition unit configured to acquire the first password segments with the account identifications stored on the network servers via the communication interfaces based on at least information associated with the account identifications and restore the password input by the user based on at least information associated with the acquired first password segments.
Figure 6 is a simplified diagram showing a terminal for password storage according to one embodiment of the present invention. The diagram is merely an example, which should not unduly limit the scope of the claims. One of ordinary skill in the art would recognize many variations, alternatives, and modifications.
According to one embodiment, the terminal 600 (e.g., a mobile phone) includes a RF (i.e., radio frequency) circuit 610, a memory 620 (e.g., including one or more computer-readable storage media) , an input unit 630, a display unit 640, a sensor 650, an audio circuit 660, a wireless communication module 670 (e.g., a WiFi module) , one or more processors 680 that includes one or more processing cores, and a power supply 690. For example, the RF circuit 610 is configured to send/receive messages or signals in communication. As an example, the RF circuit 610 receives a base station’s downlink information, delivers to the processors 680 for processing, and sends uplink data to the base station. For example, the RF circuit 610 includes an antenna, at least one amplifier, a tuner, one or several oscillators, a SIM (Subscriber Identity Module) card, a transceiver, a coupler, an LNA (Low Noise Amplifier) , a duplexer, etc. In another example, the RF circuit 610 communicates with the network and other equipments via wireless communication based on any communication standard or protocols, such as GSM (Global System of Mobile communication) , GPRS (General Packet Radio Service) , CDMA (Code Division Multiple Access) , WCDMA (Wideband Code Division Multiple Access) , LTE (Long Term Evolution) , email, SMS (Short Messaging Service) , etc.
According to another embodiment, the memory 620 is configured to store software programs and modules. For example, the processors 680 are configured to execute various functional applications and data processing by running the software programs and modules stored in the memory 620. The memory 620 includes a program storage area and a data storage area, where the program storage area may store the operating system, and the application (s) required by one or more functions (e.g., an audio player or a video player) , in some embodiments. For example, the data storage area stores the data created based on the use of the terminal 600 (e.g., audio data or a phone book) . In another example, the memory 620 includes a high-speed random access storage, a non-volatile memory, one or more floppy disc storage devices, a flash storage device or other volatile  solid storage devices. As an example, the memory 620 further includes a memory controller to enable access to the memory 620 by the processors 680 and the input unit 630.
According to yet another embodiment, the input unit 630 is configured to receive an input number or character data and generate inputs for a keyboard, a mouse, and a joystick, optical or track signals relating to user setting and functional control. For example, the input unit 630 includes a touch-sensitive surface 631 and other input devices 632. The touch-sensitive surface 631 (e.g., a touch screen or a touch panel) is configured to receive the user’s touch operations thereon or nearby (e.g., the user's operations on or near the touch-sensitive surface with a finger, a touch pen or any other appropriate object or attachment) and drive the corresponding connected devices according to the predetermined program. For example, the touch-sensitive surface 631 includes two parts, namely a touch detector and a touch controller. The touch detector detects the position of user touch and the signals arising from such touches and sends the signals to the touch controller. The touch controller receives touch data from the touch detector, converts the touch data into the coordinates of the touch point, sends the coordinates to the processors 680 and receives and executes the commands received from the processors 680. For example, the touch-sensitive surface 631 is of a resistance type, a capacitance type, an infrared type and a surface acoustic wave type. In another example, other than the touch-sensitive surface, the input unit 630 includes the other input devices 632. For example, the other input devices 632 include one or more physical keyboards, one or more functional keys (e.g., volume control keys or switch keys) , a track ball, a mouse and/or a joystick.
According to yet another embodiment, the display unit 640 is configured to display data input from a user or provided to the user, and includes various graphical user interfaces of the terminal 600. For example, these graphical user interfaces include menus, graphs, texts, icons, videos, a combination thereof, etc. The display unit 640 includes a display panel 641 which contains a LCD (liquid crystal display) , an OLED (organic light-emitting diode) . As an example, the touch-sensitive surface can cover the display panel 641. For example, upon detecting any touch operations thereon or nearby, the touch-sensitive surface sends signals to the processors 680 to determine the type of the touch events and then the processors 680 provides corresponding visual outputs on the display panel 641 according to the type of the touch events. Although the touch-sensitive surface 631 and the display panel 641 are two independent parts for input and output respectively, the touch-sensitive surface 631 and the display panel 641 can be integrated for input and output, in some embodiments.
In one embodiment, the terminal 600 includes a sensor 650 (e.g., an optical sensor, a motion sensor) . For example, the sensor 650 includes an environment optical sensor and adjusts the brightness of the display panel 641 according to the environmental luminance. In another example,  the sensor 650 includes a proximity sensor and turns off or backlights the display panel when the terminal 600 moves close to an ear of a user. In yet another example, the sensor 650 includes a motion sensor (e.g., a gravity acceleration sensor) and detects a magnitude of acceleration in all directions (e.g., three axes) . Particularly, the sensor 650 detects a magnitude and a direction of gravity when staying still. In some embodiments, the sensor 650 is used for identifying movements of a cell phone (e.g., a switch of screen direction between horizontal and vertical, related games, and a calibration related to a magnetometer) and features related to vibration identification (e.g., a pedometer or a strike) . In certain embodiments, the sensor 650 includes a gyroscope, a barometer, a hygroscope, a thermometer and/or an infrared sensor.
In another embodiment, the audio circuit 660, a speaker 661, and a microphone 662 are configured to provide an audio interface between a user and the terminal 600. For example, the audio circuit 660 is configured to transmit electrical signals converted from certain audio data to the speaker that converts such electrical signals into some output audio signals. In another example, the microphone 662 is configured to convert audio signals into electrical signals which are converted into audio data by the audio circuit 660. The audio data are processed in the processors 680 and received by the RF circuit 610 before being sent to another terminal, in some embodiments. For example, the audio data are output to the memory 620 for further processing. As an example, the audio circuit 660 includes an earphone jack for communication between a peripheral earphone and the terminal 600.
According to some embodiments, the wireless communication module 670 includes a WiFi (e.g., wireless fidelity, a short-distance wireless transmission technology) module, a Bluetooth module, an infrared communication module, etc. In some embodiments, through the wireless communication module 670, the terminal 600 enables the user to receive and send emails, browse webpages, and/or access stream media. For example, the terminal 600 is configured to provide the user with a wireless broadband Internet access. In some embodiments, the wireless communication module 670 is omitted in the terminal 600.
According to one embodiment, the processors 680 are the control center of the terminal 600. For example, the processors 680 is connected to various parts of the terminal 600 (e.g., a cell phone) via various interfaces and circuits, and executes various features of the terminal 600 and processes various data through operating or executing the software programs and/or modules stored in the memory 620 and calling the data stored in the memory 620, so as to monitor and control the terminal 600 (e.g., a cell phone) . As an example, the processors 680 include one or more processing cores. In another example, the processors 680 is integrated with an application processor and a modem processor, where the application processor mainly handles the operating system, the user  interface and the applications and the modem processor mainly handles wireless communications. In some embodiments, the modem processor is not integrated into the processors 680.
According to another embodiment, the terminal 600 includes the power supply 690 (e.g., a battery) that powers up various parts. For example, the power supply 690 is logically connected to the processors 680 via a power source management system so that the charging, discharging and power consumption can be managed via the power source management system. In another example, the power supply 690 includes one or more DC or AC power sources, a recharging system, a power-failure-detection circuit, a power converter, an inverter, a power source state indicator, or other components. In yet another example, the terminal 600 includes a camcorder, a Bluetooth module, a near field communication module, etc.
According to some embodiments, the processors 680 of the terminal 600 load executable files/codes associated with one or more applications to the memory 620 and run the applications stored in the memory 620 according to the method 100 as shown in Figure 1, the method 200 as shown in Figure 2, the method 300 as shown in Figure 3, and/or the method 400 as shown in Figure 4. According to certain embodiments, a computer readable storage medium is configured to store executable files/codes associated with one or more applications which can be executed using one or more data processors to perform the method 100 as shown in Figure 1, the method 200 as shown in Figure 2, the method 300 as shown in Figure 3, and/or the method 400 as shown in Figure 4. For example, the storage medium is included in the memory 620. In another example, the storage medium is not included in the terminal 600. According to some embodiments, a graphic user interface is implemented on a terminal (e.g., the terminal 600) for performing the method 100 as shown in Figure 1, the method 200 as shown in Figure 2, the method 300 as shown in Figure 3, and/or the method 400 as shown in Figure 4.
According to one embodiment, a method is provided for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage. For example, the method is implemented according to at least Figure 1.
According to another embodiment, a device for password storage includes: an establishment unit configured to establish communication interfaces with M network servers; wherein M is an integer greater than 1 and the M network servers are associated with M networkservice providers; a first detection unit configured to detect a password input by a user; a division  unit configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and a transmission unit configured to transmit the N first password segments to the network servers via the communication interfaces for storage. For example, the device is implemented according to at least Figure 5.
According to yet another embodiment, a non-transitory computer readable storage medium includes programming instructions for password storage. For example, communication interfaces with M network servers are established; M is an integer greater than 1 and the M network servers are associated with M network service providers; a password input by a user is detected; the password input by the user is divided into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and the N first password segments are transmitted to the network servers via the communication interfaces for storage. For example, the storage medium is implemented according to at least Figure 1.
The above only describes several scenarios presented by this invention, and the description is relatively specific and detailed, yet it cannot therefore be understood as limiting the scope of this invention. It should be noted that ordinary technicians in the field may also, without deviating from the invention’s conceptual premises, make a number of variations and modifications, which are all within the scope of this invention. As a result, in terms of protection, the patent claims shall prevail.
For example, some or all components of various embodiments of the present invention each are, individually and/or in combination with at least another component, implemented using one or more software components, one or more hardware components, and/or one or more combinations of software and hardware components. In another example, some or all components of various embodiments of the present invention each are, individually and/or in combination with at least another component, implemented in one or more circuits, such as one or more analog circuits and/or one or more digital circuits. In yet another example, various embodiments and/or examples of the present invention can be combined.
Additionally, the methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by the device processing subsystem. The software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform the methods and operations described herein. Other implementations may also be used, however, such as firmware or even appropriately designed hardware configured to perform the methods and systems described herein.
The systems’a nd methods’ data (e.g., associations, mappings, data input, data output, intermediate data results, final data results, etc. ) may be stored and implemented in one or more different types of computer-implemented data stores, such as different types of storage devices and programming constructs (e.g., RAM, ROM, EEPROM, Flash memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, application programming interface, etc. ) . It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
The systems and methods may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer’s hard drive, DVD, etc. ) that contain instructions (e.g., software) for use in execution by a processor to perform the methods’ operations and implement the systems described herein. The computer components, software modules, functions, data stores and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that a module or processor includes a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm) , or as an applet, or in a computer script language, or as another type of computer code. The software components and/or functionality may be located on a single computer or distributed across multiple computers depending upon the situation at hand.
The computing system can include client devices and servers. A client device and server are generally remote from each other and typically interact through a communication network. The relationship of client device and server arises by virtue of computer programs running on the respective computers and having a client device-server relationship to each other.
This specification contains many specifics for particular embodiments. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations, one or more features from a combination can in some cases be removed from the combination, and a combination may, for example, be directed to a subcombination or variation of a subcombination.
Similarly, while operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in  sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of various system components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Although specific embodiments of the present invention have been described, it is understood by those of skill in the art that there are other embodiments that are equivalent to the described embodiments. Accordingly, it is to be understood that the invention is not to be limited by the specific illustrated embodiments, but only by the scope of the appended claims.

Claims (14)

  1. A method for password storage comprising:
    establishing communication interfaces with M network servers;
    wherein:
    M is an integer greater than 1; and
    the M network servers are associated with M network service providers;
    detecting a password input by a user;
    dividing the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and
    transmitting the N first password segments to the network servers via the communication interfaces for storage.
  2. The method of claim 1, wherein the dividing the password input by the user into N segments includes:
    randomly dividing the password input by the user into N segments in sequence.
  3. The method of claim 1, wherein the dividing the password input by the user into N segments includes:
    dividing the password input by the user into N segments according to one or more preset rules.
  4. The method of claim 1, wherein the transmitting the N first password segments to the network servers via the communication interfaces for storage includes:
    adding account identifications for the N first password segments;
    wherein an account identification is configured to uniquely identify an account corresponding to the password input by the user; and
    transmitting the N first password segments with the account identifications to the network servers via the communication interfaces for storage.
  5. The method of claim 1, wherein:
    M is a times of N;
    a is an integer greater than 1;
    the transmitting the N first password segments to the network servers via the communication interfaces for storage includes:
    copying the N first password segments to form aN second password segments; and
    transmitting the aN second password segments to the network servers via the communication interfaces for storage.
  6. The method of claim 4, further comprising:
    detecting the account identifications input by the user;
    acquiring the first password segments with the account identifications stored on the network servers via the communication interfaces based on at least information associated with the account identifications; and
    restoring the password input by the user based on at least information associated with the acquired first password segments.
  7. A device for password storage comprising:
    an establishment unit configured to establish communication interfaces with M network servers; wherein M is an integer greater than 1 and the M network servers are associated with M network service providers;
    a first detection unit configured to detect a password input by a user;
    a division unit configured to divide the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and
    a transmission unit configured to transmit the N first password segments to the network servers via the communication interfaces for storage.
  8. The device of claim 7, wherein the division unit is further configured to randomly divide the password input by the user into N segments in sequence.
  9. The device of claim 7, wherein the division unit is further configured to divide the password input by the user into N segments according to one or more preset rules.
  10. The device of claim 7, wherein the transmission unit includes:
    an addition subunit configured to add account identifications for the N first password segments, wherein an account identification is configured to uniquely identify an account corresponding to the password input by the user; and
    a first transmission subunit configured to transmit the N first password segments with the account identifications to the network servers via the communication interfaces for storage.
  11. The device of claim 7, wherein:
    M is a times of N;
    a is an integer greater than 1;
    the transmission unit includes:
    a duplication subunit configured to copy the N first password segments to form aN second password segments; and
    a first transmission subunit configured to transmit the aN second password segments to the network servers via the communication interfaces for storage.
  12. The device of claim 10, further comprising:
    a second detection unit configured to detect the account identifications input by the user; and
    an acquisition unit configured to acquire the first password segments with the account identifications stored on the network servers via the communication interfaces based on at least information associated with the account identifications and restore the password input by the user based on at least information associated with the acquired first password segments.
  13. The device of claim 7, further comprising:
    one or more data processors; and
    a computer-readable storage medium;
    wherein one or more of the establishment unit, the first detection unit, the division unit, and the transmission unit are stored in the storage medium and configured to be executed by the one or more data processors.
  14. A non-transitory computer readable storage medium comprising programming instructions for password storage, the programming instructions configured to cause one or more data processors to execute operations comprising:
    establishing communication interfaces with M network servers;
    wherein:
    M is an integer greater than 1; and
    the M network servers are associated with M network service providers;
    detecting a password input by a user;
    dividing the password input by the user into N segments to obtain N first password segments, wherein N is an integer greater than 1 and not greater than M; and
    transmitting the N first password segments to the network servers via the communication interfaces for storage.
PCT/CN2014/090391 2013-11-28 2014-11-05 Devices and methods for password storage WO2015078274A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310627867.5 2013-11-28
CN201310627867.5A CN104683301B (en) 2013-11-28 2013-11-28 Password storage method and device

Publications (1)

Publication Number Publication Date
WO2015078274A1 true WO2015078274A1 (en) 2015-06-04

Family

ID=53198339

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090391 WO2015078274A1 (en) 2013-11-28 2014-11-05 Devices and methods for password storage

Country Status (2)

Country Link
CN (1) CN104683301B (en)
WO (1) WO2015078274A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017201896A1 (en) * 2016-05-26 2017-11-30 中兴通讯股份有限公司 Method and apparatus for secure storage of password of mobile terminal

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107455003B (en) * 2016-01-26 2020-09-18 华为技术有限公司 User identity authentication method and server
CN106570691A (en) * 2016-11-07 2017-04-19 努比亚技术有限公司 Electronic payment method, device and terminal
CN106874743B (en) * 2016-12-29 2020-07-10 上海雷塔智能科技有限公司 Method and system for storing and extracting smart card password
CN106845964A (en) * 2017-04-18 2017-06-13 北京中矿赛力贝特科技有限公司 A kind of bank client authentication system and verification method
CN107506653B (en) * 2017-07-17 2020-11-24 深圳前海微众银行股份有限公司 Password management method, device and computer readable storage medium
CN112165476B (en) * 2020-09-22 2021-06-01 广州锦行网络科技有限公司 Method for distributed storage of privileged account passwords based on host agent
CN115499121A (en) * 2022-09-15 2022-12-20 中国银行股份有限公司 Password storage method and device based on 5G
CN117879790A (en) * 2023-02-22 2024-04-12 上海金怪兽科技有限公司 Data encryption and decryption method based on block chain and mobile phone shell
CN116467754B (en) * 2023-06-20 2023-10-10 深圳奥联信息安全技术有限公司 Password secure storage system, password secure storage method, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889418A (en) * 2005-06-30 2007-01-03 西门子(中国)有限公司 Network storing method and network storing system
CN102271035A (en) * 2011-09-02 2011-12-07 华为技术有限公司 Password transmission method and device
CN102957688A (en) * 2012-08-16 2013-03-06 中国商用飞机有限责任公司 Password input and verification method and device
CN103384196A (en) * 2005-11-18 2013-11-06 安全第一公司 Secure data parser method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4292835B2 (en) * 2003-03-13 2009-07-08 沖電気工業株式会社 Secret reconstruction method, distributed secret reconstruction device, and secret reconstruction system
US8473756B2 (en) * 2008-01-07 2013-06-25 Security First Corp. Systems and methods for securing data using multi-factor or keyed dispersal
CN102170354B (en) * 2011-04-11 2016-07-06 桂林电子科技大学 Account number cipher certification is concentrated to generate system
CN102957696B (en) * 2012-10-25 2016-10-05 北京奇虎科技有限公司 A kind of data processing method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889418A (en) * 2005-06-30 2007-01-03 西门子(中国)有限公司 Network storing method and network storing system
CN103384196A (en) * 2005-11-18 2013-11-06 安全第一公司 Secure data parser method and system
CN102271035A (en) * 2011-09-02 2011-12-07 华为技术有限公司 Password transmission method and device
CN102957688A (en) * 2012-08-16 2013-03-06 中国商用飞机有限责任公司 Password input and verification method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017201896A1 (en) * 2016-05-26 2017-11-30 中兴通讯股份有限公司 Method and apparatus for secure storage of password of mobile terminal

Also Published As

Publication number Publication date
CN104683301B (en) 2020-01-10
CN104683301A (en) 2015-06-03

Similar Documents

Publication Publication Date Title
EP3200487B1 (en) Message processing method and apparatus
WO2015078274A1 (en) Devices and methods for password storage
US20210336780A1 (en) Key updating method, apparatus, and system
US10097547B2 (en) Security verification method, apparatus and terminal
US9703971B2 (en) Sensitive operation verification method, terminal device, server, and verification system
US10304461B2 (en) Remote electronic service requesting and processing method, server, and terminal
US20150319173A1 (en) Co-verification method, two dimensional code generation method, and device and system therefor
US9351165B2 (en) Identity verifying method, account acquiring method, and mobile terminal
CN110198301B (en) Service data acquisition method, device and equipment
CN104580167B (en) A kind of methods, devices and systems transmitting data
WO2015158300A1 (en) Methods and terminals for generating and reading 2d barcode and servers
CN106709347B (en) Using the method and device of operation
CN104125216A (en) Method, system and terminal capable of improving safety of trusted execution environment
CN108881103B (en) Network access method and device
US9659189B2 (en) Systems and methods of safeguarding user information while interacting with online service providers
CN105468952A (en) Authentication method and apparatus
CN104580177B (en) Resource provider method, device and system
CN104954126A (en) Sensitive operation verification method, device and system
US11582179B2 (en) Information search method, terminal, network device, and system
US11516654B2 (en) Method for automatically encrypting short message, storage device and mobile terminal
CN107577933B (en) Application login method and device, computer equipment and computer readable storage medium
CN108737341B (en) Service processing method, terminal and server
US9633227B2 (en) Method, apparatus, and system of detecting unauthorized data modification
WO2015014153A1 (en) Method,apparatus,and system of detectingdata security
CN115967723A (en) Safe keyboard input method, device, equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14866713

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21.10.16)

122 Ep: pct application non-entry in european phase

Ref document number: 14866713

Country of ref document: EP

Kind code of ref document: A1