WO2015101332A1 - Password classification management method and system - Google Patents

Password classification management method and system Download PDF

Info

Publication number
WO2015101332A1
WO2015101332A1 PCT/CN2014/095930 CN2014095930W WO2015101332A1 WO 2015101332 A1 WO2015101332 A1 WO 2015101332A1 CN 2014095930 W CN2014095930 W CN 2014095930W WO 2015101332 A1 WO2015101332 A1 WO 2015101332A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
permission
account
secondary password
correspondence
Prior art date
Application number
PCT/CN2014/095930
Other languages
French (fr)
Chinese (zh)
Inventor
玄立永
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2015101332A1 publication Critical patent/WO2015101332A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Definitions

  • the present application relates to the field of Internet and computer technologies, and in particular, to a password hierarchical management method and system, and to a computer storage medium including instructions for performing a password hierarchical management method.
  • an account name in the existing service platform corresponds to a password.
  • the service platform After the user logs in using a valid account name and password, the service platform provides the user with all service functions of the service platform.
  • a password leak has a very large risk, such as leaking all users' information, and allowing the password thief to tamper with the password arbitrarily, or stealing the password to complete any user behavior.
  • a password hierarchical management method includes:
  • the master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
  • a password hierarchical management system comprising:
  • a receiving module configured to receive a secondary password setting request of the currently logged in account
  • An authentication module configured to verify whether the current login account is used to log in or not
  • the receiving module is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password;
  • Corresponding relationship storage module configured to store a correspondence between the current login account, the secondary password, and the corresponding authority
  • the master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
  • a computer readable storage medium is also provided.
  • One or more computer readable storage media containing computer executable instructions for performing the cryptographic hierarchical management method described above.
  • the password classification management method and system and the executable instruction for executing the password hierarchical management method in the computer readable storage medium after receiving the secondary password setting request of the current login account, verifying whether the current login account is used to log in or not. After the verification is passed, the input secondary password and the corresponding password of the secondary password are received, and the correspondence between the current login account secondary password and the corresponding authority is stored.
  • the sub password of the account when an account is logged in using the master password, the sub password of the account can be set and the permission corresponding to the sub password can be set. It can improve information security. For example, it can prevent the account from leaking user information or tampering with the account password when logging in with the secondary password, thereby improving information security.
  • FIG. 1 is a schematic flowchart of a password hierarchical management method in a specific embodiment
  • FIG. 2 is a schematic flowchart of a process of providing a corresponding function according to a password according to a password hierarchical management method in a specific embodiment
  • FIG. 3 is a schematic diagram of interaction between a secondary password and a permission setting process of the password hierarchical management method in the specific embodiment
  • FIG. 4 is a schematic diagram of interaction of a process for providing a corresponding function according to a password according to a password hierarchical management method in a specific embodiment
  • FIG. 5 is a schematic structural diagram of a password hierarchical management system in a specific embodiment
  • FIG. 6 is a schematic structural diagram of a password hierarchical management system in a specific embodiment
  • FIG. 7 is a schematic structural diagram of a password hierarchical management system in a specific embodiment
  • FIG. 8 is a schematic diagram of an exemplary computer system environment in which embodiments of the present application can be implemented.
  • the components and components in the present application may be present in a single form or in multiple forms, and the present application is not limited thereto.
  • the steps in the present application are arranged by reference numerals, but are not intended to limit the order of the steps. The relative order of the steps may be adjusted unless the order of the steps is explicitly stated or the execution of the steps requires other steps as a basis. It will be understood that the term "and/or" as used herein relates to and encompasses any and all possible combinations of one or more of the associated listed items.
  • the master password and the secondary password are the master-slave relationship, that is, if there is no master password, there will be no secondary password in the system, and one master password corresponds to one or more secondary passwords.
  • the master password may be the login password of the account
  • the secondary password may be other passwords manually set after the account is registered by using the master password.
  • the login password of the account can be the password entered when registering an account.
  • the above descriptions of the primary password and the secondary password are only examples.
  • the primary password, the type of the secondary password, and the setting manner are not limited.
  • the primary password may also be other types of passwords, such as an account authentication password, such as a secondary password. It can also be the password generated by the system at the same time as the login password of the master password.
  • a password hierarchical management method includes:
  • the secondary password setting request is a request to set a secondary password.
  • the master password and the secondary password are the two password types of the account, and one master password corresponds to one or more secondary passwords.
  • the password entered when the account is logged in is the primary password, it means that the current login account uses the master password.
  • S104 may prompt to input the master password and verify whether the entered password is a legitimate master password, and if so, determine that the current login account is used to log in using the master password. Because if the currently entered password is a legal master password, it means that the master password can also be entered when the account is logged in. Therefore, it can be verified whether the current login password is a valid master password to verify whether the current login account is used for login. password.
  • the password classification management method before S104, further includes the step of: when the account is logged in with a valid master password, marking the current login account to use the master password when logging in.
  • S104 may check whether the current login account is useful to indicate that the primary password is used when logging in, and if so, determine that the current login account is used to log in using the master password. In one embodiment, if the current login account is logged in without using a master password, the process may end.
  • the secondary password may be prompted and prompted to set the permissions corresponding to the secondary password.
  • Different permissions correspond to different functions.
  • the function corresponding to the permission can be set and stored in advance.
  • S108 Store a correspondence between a current login account, a secondary password, and a corresponding permission.
  • the correspondence between the current login account and the secondary password may be stored, and the correspondence between the secondary password and the authority may be stored.
  • the password classification management method further includes a process of modifying a secondary password corresponding authority, the process comprising the steps of: receiving a request for modifying a permission corresponding to the secondary password; and verifying whether the current login account is used to log in or not. After the verification is passed, the modified authority of the input is received, and the correspondence between the secondary password and the modified authority is stored.
  • the request for modifying the permission corresponding to the secondary password includes the information of the secondary password and the modified authority.
  • the original authority corresponding to the secondary password included in the request may be queried in the correspondence table of the secondary password and the authority, and the original authority is modified to the modified authority included in the request; or the record corresponding to the secondary password included in the request is deleted. And add a record containing the secondary password and the modified permissions.
  • the password classification management method further includes a process of modifying a secondary password, and the process includes the following steps:
  • the original password to be modified and the corresponding new secondary password are received, and the correspondence between the current login account, the original secondary password, and the corresponding authority is changed to the current login account.
  • the new secondary password and the corresponding authority corresponds to the current login account.
  • the new secondary password entered is received, and the correspondence between the original secondary password and the new secondary password used in the login is saved, and the current login account is re-registered with the primary password;
  • the approval request includes the original secondary password and the new secondary password; receive the approval result sent by the login client; modify the original secondary password or abort the modification according to the approval result.
  • Original secondary password is a modification sub-password approval request
  • the correspondence between the current login account, the original secondary password, and the corresponding permission is changed to a correspondence between the current login account, the new secondary password, and the corresponding authority. And the correspondence between the original secondary password and the new secondary password used in the saved login is deleted; if the approval result indicates that the modification is not allowed, the correspondence between the original secondary password and the new secondary password used in the saved login is deleted.
  • the secondary password can be modified according to requirements, for example, the secondary password is modified into a better memory sequence, and the rights corresponding to the original secondary password are retained, thereby providing operational convenience.
  • the foregoing password classification management method further includes the steps of:
  • S202 Receive a login request, where the login request includes an account and a password.
  • the correspondence between the account and the master password and the correspondence between the account and the secondary password are respectively stored in two different data tables, and S204 can be searched in the data table of the correspondence between the account and the master password.
  • the password corresponding to the account included in the login request if the search is successful, matches the found password with the password included in the login request. If the matching is consistent, it is determined that the password included in the login request is legal and the password type is dominant. If the password is inconsistent, it is determined that the password included in the login request is not a valid password; if the search fails, the password corresponding to the account included in the login request is searched in the data table corresponding to the storage account and the secondary password.
  • the search succeeds, the password that is found is matched with the password included in the login request. If the matching is consistent, the password included in the login request is legal and the password type is a secondary password. If the search fails, the login request is included. The password is not a valid password.
  • the correspondence between the account number and the password can be stored in a data table, and a field marking the password type is added to the data table.
  • the field of the tag password type may be a Boolean type, which is used to indicate whether it is a master password (or to indicate whether it is a secondary password); if the field is yes, it is a master password (or a secondary password).
  • the field of the tag password type may also be a string type, which is used to represent the password parameter of the password, and the permission parameter may be understood as the name of the password; when the primary password and the secondary password are stored, the primary password and the secondary password may be set.
  • the prefix characters of the permission parameters are different.
  • the permission parameter corresponding to the primary password starts with “main”, and the permission parameter corresponding to the secondary password starts with “sub”; or, since there is only one primary password, the permission parameter may not be set when the primary password is stored.
  • the permission parameter is set when the secondary password is stored.
  • the foregoing S204 may search for an account included in the login request in a data table that stores the correspondence between the account and the password, and obtain a corresponding password, and match the obtained password with the password included in the login request, and if the matching is inconsistent, determine the login.
  • the password included in the request is not a valid password; if the matching is consistent, it is determined according to the corresponding field of the marked primary password and the secondary password that the password included in the login request is a primary password or a secondary password.
  • Obtaining the corresponding permission according to the type of the password includes the following steps: if the password included in the login request is a secondary password, querying the permission corresponding to the password included in the login request; if the password included in the login request is the primary password, obtaining the default primary The password corresponding to the password.
  • the default master password corresponds to all permissions, as there is no need to restrict permissions for the master password.
  • the password input error may be prompted.
  • the password grading management method further includes the steps of: generating a privilege parameter corresponding to the secondary password; S108, comprising: storing a correspondence between the current login account, the secondary password, and the corresponding privilege parameter, and storing The correspondence between the permission parameters and the corresponding permissions.
  • the permission parameter is a symbol name or a numeric serial number for identifying the secondary password
  • the permission parameter of the secondary password can be understood as the name of the secondary password, and the permission parameters corresponding to the different secondary passwords are different.
  • the correspondence between the current login account, the secondary password and the corresponding permission parameter, and the correspondence between the permission parameter and the authority may be stored in two different data tables, respectively.
  • the step of querying the password corresponding to the password included in the login request includes: obtaining a permission parameter corresponding to the password included in the login request, and querying the permission corresponding to the permission parameter.
  • the step of storing the correspondence between the secondary password and the modified authority is: obtaining the permission parameter corresponding to the secondary password, and storing the correspondence between the obtained permission parameter and the modified authority relationship.
  • the original authority corresponding to the obtained permission parameter may be queried in the correspondence table between the permission parameter and the permission, and the original authority is modified to the modified permission included in the request; or the record corresponding to the obtained permission parameter is deleted, and the inclusion and acquisition are added.
  • the permission parameters are recorded with the modified permissions.
  • the step of modifying the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding permission is performed.
  • the relationship between the current login account, the original secondary password, and the corresponding permission parameter is changed to the correspondence between the current login account, the new secondary password, and the corresponding permission parameter.
  • the password involves the security of the user information
  • the password needs a higher storage security level.
  • the password and the authority are separately stored and managed, and the secondary password and the authority are corresponding through the intermediate permission parameter, so that the password is safely implemented separately.
  • Storage management can not only ensure the security of user passwords, but also reduce storage management costs.
  • the user can restrict the use of all service functions by other users who log in to the service platform through the setting of the secondary password and the permission. That is, other users who log in to the service platform can only use certain service functions of the service platform, rather than all service functions, by virtue of the account name and the secondary password.
  • a password hierarchical management method runs on a client, an application server, a password storage server, and a rights storage server.
  • the password hierarchical management method includes a secondary password and a permission setting process, and FIG. 3 is the password classification.
  • the interaction code of the secondary password and the permission setting process of the management method, the secondary password and permission setting process includes the following steps:
  • the application server receives a secondary password setting request of the current login account sent by the client.
  • the application server sends an instruction to the client to input the master password.
  • the client prompts for the master password and sends the entered master password to the application server.
  • the application server sends the current login account and the entered master password to the password storage server.
  • the password storage server verifies whether the input master password is the legal master password of the current login account according to the correspondence between the pre-stored account and the master password. If yes, the verification succeeds, and if not, the verification fails; the verification result is sent to the application server. .
  • the client is sent an instruction to input the sub password and the authority corresponding to the sub password.
  • the client can prompt for the secondary password and prompt for the permission corresponding to the secondary password.
  • the further application server receives the input secondary password and the permission corresponding to the secondary password from the client.
  • the application server generates a permission parameter corresponding to the secondary password; sends the current login account, the secondary password, and the corresponding permission parameter to the password storage server, and sends the permission parameter and the corresponding permission to the permission storage server.
  • the password storage server stores the correspondence between the current login account, the secondary password, and the corresponding permission parameter, and returns a result of the storage success or failure to the application server; the correspondence between the permission storage server storage permission parameter and the corresponding permission, and The application server returns the result of the storage success or not.
  • the password involves the security of the user information
  • the password needs a higher storage security level.
  • the password and the authority are respectively stored in the password storage server and the rights storage server, and the secondary password and the authority are corresponding through the intermediate permission parameter. It is convenient to implement a high-security storage management for the password separately, that is, the security of the user password can be ensured, and the storage management cost can be reduced.
  • the password classification management method further includes a process of providing a corresponding service according to the password
  • FIG. 4 is an interaction diagram of the process of providing the corresponding service according to the password according to the password classification management method, and the process of providing the corresponding service according to the password includes the following steps. :
  • the application server receives a login request sent by the client, and the login request includes an account number and a password. Further, the application server sends the account and password included in the login request to the password storage server.
  • the password storage server queries the master password corresponding to the account included in the login request, and checks whether the password included in the login request matches the master password, and if so, the verification result that matches the password included in the login request with the master password. Return to the application server, if not, query the secondary password corresponding to the account included in the login request, and check whether the password included in the login request matches the secondary password. If the password included in the login request matches the secondary password, the corresponding permission parameter is obtained, and the permission parameter is sent to the permission storage server; the permission storage server queries the permission corresponding to the permission parameter, and returns the queried authority to the application server. If the password included in the login request does not match the secondary password, the password storage server returns the verification result that the password included in the login request is not a valid password to the application server.
  • the client If the application server receives the verification result that the password included in the login request returned by the password storage server matches the master password, the client provides the service corresponding to all the rights. If the application server receives the queried permission returned by the privilege storage server, the corresponding function is provided to the client according to the privilege. If the application server receives the verification result that the password included in the login request returned by the password storage server is not a valid password, the application server sends a password error message to the client; the client may prompt the password input error.
  • a password hierarchical management system includes a receiving module 502, an identity verification module 504, and a corresponding relationship storage module 506, where:
  • the receiving module 502 is configured to receive a secondary password setting request of the currently logged in account.
  • the password entered when registering an account can be referred to as the master password of the account.
  • the other password set after logging in using the account can be referred to as the secondary password of the account.
  • the secondary password setting request is a request to set a secondary password.
  • the authentication module 504 is configured to verify whether the current login account is used as a master password; the master password and the secondary password are two password types of the account, and one master password corresponds to one or more secondary passwords.
  • the password entered when the account is logged in is the primary password, it means that the current login account uses the master password.
  • the password classification management system further includes a prompting module (not shown) for prompting to input a master password, and the identity verification module 504 can verify whether the entered password is a legal master password, and if so, determining Verification passed. Because if the currently entered password is a legal master password, it means that the master password can also be entered when the account is logged in. Therefore, it can be verified whether the current login password is a valid master password to verify whether the current login account is used for login. password.
  • the password classification management system further includes a marking module, configured to mark the current login account to use the master password when the account is logged in with a valid master password.
  • the identity verification module 504 can check whether the current login account is useful to indicate that the login uses the master password.
  • the receiving module 502 is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password. If it is verified that the current login account is using the master password identity, the verification is passed.
  • the prompting module may prompt to input a secondary password and prompt to set a permission corresponding to the secondary password. Different permissions correspond to different functions.
  • the password classification management system further includes a function setting module, configured to preset and save a function corresponding to the permission.
  • the correspondence relationship storage module 506 stores the correspondence between the current login account, the secondary password, and the corresponding authority.
  • the correspondence storage module 506 can store the correspondence between the current login account and the secondary password, and store the correspondence between the secondary password and the permission.
  • the receiving module 502 is further configured to receive a request for modifying the permission corresponding to the secondary password; the identity verification module 504 is further configured to verify whether the current login account is used to log in, and the receiving module 502 is further configured to verify After the pass, the input modified permission is received; the corresponding relationship storage module 506 is further configured to store the correspondence between the secondary password and the modified authority.
  • the request for modifying the permission corresponding to the secondary password includes the information of the secondary password and the modified authority.
  • the correspondence relationship storage module 506 can query the original authority corresponding to the secondary password included in the request in the correspondence table of the secondary password and the authority, and modify the original authority to the modified authority included in the request; or, the correspondence relationship storage module 506 can Delete the record corresponding to the secondary password included in the request, and add a record containing the secondary password and the modified authority.
  • the receiving module 502 is further configured to receive a request for modifying a secondary password;
  • the identity verification module 504 is further configured to verify a type of a password used when the current login account is logged in;
  • the receiving module 502 is further configured to: if the type of the used password is a primary password, receive the input original secondary password to be modified and the corresponding new secondary password, and the corresponding relationship storage module 506 is further configured to use the current login account and the original secondary password. And the corresponding relationship between the corresponding rights is modified to be a correspondence between the current login account, the new secondary password, and the corresponding permission;
  • the receiving module 502 is further configured to: if the type of the used password is a secondary password, receive the input new secondary password, and the corresponding relationship storage module 506 is further configured to save the correspondence between the original secondary password and the new secondary password used in the login;
  • the password classification management apparatus further includes a monitoring module and a sending module (not shown), the monitoring module waits for the current login account to re-log in with the master password; and the sending module is configured to log in again with the master password when the current login account is re-registered.
  • the receiving module 502 is further configured to receive the approval result sent by the login client;
  • the correspondence storage module 506 is further configured to The result of the approval is to modify the original secondary password or to abort the original secondary password. If the result of the approval indicates that the modification is allowed, the correspondence storage module 506 modifies the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding authority, and The correspondence between the original secondary password and the new secondary password used in the saved login is deleted; the correspondence storage module 506 is further configured to delete the original secondary password and the new secondary used when the saved login is not allowed to be modified. The correspondence of passwords.
  • the secondary password can be modified according to requirements, for example, the secondary password is modified into a better memory sequence, and the rights corresponding to the original secondary password are retained, thereby providing operational convenience.
  • the receiving module 502 is further configured to receive a login request, where the login request includes an account number and a password.
  • the authentication module 504 is also used to verify the legitimacy and type of the password included in the login request.
  • the correspondence storage module 506 can store the correspondence between the account and the master password and the correspondence between the account and the secondary password in two different data tables
  • the identity verification module 504 can store the account and the master password.
  • the password corresponding to the account included in the login request is searched. If the search is successful, the found password is matched with the password included in the login request. If the matching is consistent, the password included in the login request is determined. It is legal and the password type is the primary password. If the matching is inconsistent, it is determined that the password included in the login request is not a valid password; if the search fails, the login request is included in the data table corresponding to the storage account and the secondary password.
  • the password is matched with the password included in the login request. If the matching is consistent, it is determined that the password included in the login request is legal and the password type is a secondary password. If it fails, it is determined that the password included in the login request is not a valid password.
  • the correspondence storage module 506 can store the correspondence between the account and the password (including the primary password and the secondary password) into a data table, and add a field marking the password type to the data table;
  • the password type field can be a Boolean type, which is used to indicate whether it is a master password (or to indicate whether it is a secondary password); if the field is yes, it is a master password (or a secondary password).
  • the field of the tag password type may also be a string type, which is used to represent the password parameter of the password, and the permission parameter may be understood as the name of the password; when the primary password and the secondary password are stored, the primary password and the secondary password may be set.
  • the prefix characters of the permission parameters are different.
  • the permission parameter corresponding to the primary password starts with “main”, and the permission parameter corresponding to the secondary password starts with “sub”; or, since there is only one primary password, the permission parameter may not be set when the primary password is stored.
  • the permission parameter is set when the secondary password is stored.
  • the identity verification module 504 can search the account included in the login request in the data table that stores the correspondence between the account and the password, and obtain the corresponding password, and match the obtained password with the password included in the login request. It is determined that the password included in the login request is not a valid password; if the matching is consistent, it is determined according to the corresponding field of the marked primary password and the secondary password that the password included in the login request is a primary password or a secondary password.
  • the password grading management system further includes a function providing module 602, configured to: if the password included in the login request is legal, obtain the corresponding privilege according to the type of the password, and provide corresponding according to the corresponding privilege The function.
  • the process of the function providing module 602 obtaining the corresponding permission according to the type of the password includes: if the password included in the login request is a secondary password, querying the permission corresponding to the password included in the login request; if the password included in the login request is the primary password, Get the permissions corresponding to the default master password.
  • the default master password corresponds to all permissions, as there is no need to restrict permissions for the master password.
  • the prompting module may prompt the password input error.
  • the password classification management system further includes a permission parameter generation module 702, configured to generate a permission parameter corresponding to the secondary password after receiving the input secondary password and the permission corresponding to the secondary password;
  • the module 506 is configured to store a correspondence between the current login account, the secondary password, and the corresponding permission parameter, and store a correspondence between the permission parameter and the corresponding permission.
  • the permission parameter is a symbol name or a numeric serial number for identifying the secondary password
  • the permission parameter of the secondary password can be understood as the name of the secondary password, and the permission parameters corresponding to the different secondary passwords are different.
  • the correspondence relationship storage module 506 can store the correspondence between the current login account, the secondary password and the corresponding permission parameter, and the correspondence between the permission parameter and the authority in two different data tables.
  • the process of querying the privilege corresponding to the password included in the login request by the function providing module 602 includes: obtaining a privilege parameter corresponding to the password included in the login request, and querying the privilege corresponding to the privilege parameter.
  • the process of the corresponding relationship storage module 506 storing the correspondence between the secondary password and the modified authority includes: obtaining the permission parameter corresponding to the secondary password, and storing the correspondence between the obtained permission parameter and the modified authority.
  • the correspondence relationship storage module 506 can query the original authority corresponding to the obtained permission parameter in the correspondence table between the permission parameter and the authority, and modify the original authority to the modified authority included in the request; or delete the record corresponding to the obtained permission parameter. And add a record that contains the obtained permission parameters with the modified permissions.
  • the process in which the correspondence relationship storage module 506 modifies the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding permission includes: The correspondence between the current login account, the original secondary password, and the corresponding permission parameters is changed to the correspondence between the current login account, the new secondary password, and the corresponding permission parameters.
  • the password involves the security of the user information
  • the password needs a higher storage security level.
  • the password and the authority are separately stored and managed, and the secondary password and the authority are corresponding through the intermediate permission parameter, so that the password is safely implemented separately.
  • Storage management can not only ensure the security of user passwords, but also reduce storage management costs.
  • the password classification management method and system after receiving the secondary password setting request of the current login account, verify whether the current login account is used as a master password, and after the verification is passed, the input secondary password and the password corresponding to the secondary password are received. Stores the correspondence between the current login account secondary password and the corresponding permissions.
  • the sub password of the account when an account is logged in using the master password, the sub password of the account can be set and the permission corresponding to the sub password can be set, thereby preventing the account from leaking the user information or tampering with the account password when using the secondary password.
  • the above method and system can improve information security when multiple users share the same account.
  • FIG. 8 is a block diagram of a computer system 1000 in which embodiments of the present application can be implemented.
  • the computer system 1000 is merely an example of a computer environment suitable for use in the present application and is not to be considered as limiting the scope of use of the application.
  • Computer system 1000 is also not to be construed as requiring a combination of one or more components in an exemplary computer system 1000 that is dependent on or illustrated.
  • Computer system 1000 shown in Figure 8 is an example of a computer system suitable for use in the present application.
  • Other architectures with different subsystem configurations can also be used.
  • desktops, notebooks, and the like that are well known to the public can be applied to some embodiments of the present application. However, it is not limited to the devices listed above.
  • computer system 1000 includes a processor 1010, a memory 1020, and a system bus 1022.
  • processor 1010 is a hardware for executing computer program instructions through basic arithmetic and logic operations in a computer system.
  • Memory 1020 is a physical device for temporarily or permanently storing computing programs or data (eg, program state information).
  • System bus 1020 can be any of the following types of bus structures, including a memory bus or memory controller, a peripheral bus, and a local bus.
  • the processor 1010 and the memory 1020 can communicate via the system bus 1022.
  • the memory 1020 includes a read only memory (ROM) or a flash memory (neither shown), and a random access memory (RAM), which generally refers to a main memory loaded with an operating system and an application.
  • ROM read only memory
  • flash memory non-volatile memory
  • RAM random access memory
  • Computer system 1000 also includes a display interface 1030 (eg, a graphics processing unit), a display device 1040 (eg, a liquid crystal display), an audio interface 1050 (eg, a sound card), and an audio device 1060 (eg, a speaker).
  • Display device 1040 and audio device 1060 are media devices for experiencing multimedia content.
  • Computer system 1000 generally includes a storage device 1070.
  • Storage device 1070 can be selected from a variety of computer readable storage media, which are any available media that can be accessed by computer system 1000, including both mobile and fixed media.
  • a computer readable storage medium includes, but is not limited to, a flash memory (micro SD card), a CD-ROM, a digital versatile disc (DVD) or other optical disc storage, a magnetic tape cartridge, a magnetic tape, a magnetic disk storage, or other magnetic storage device, or Any other medium that can be used to store the required information and be accessible by computer system 1000.
  • Computer system 1000 also includes an input device 1080 and an input interface 1090 (eg, an IO controller).
  • input device 1080 such as a keyboard, mouse, touch panel device on display device 1040.
  • Input device 1080 is typically coupled to system bus 1022 via input interface 1090, but may be coupled via other interfaces or bus structures, such as a universal serial bus (USB).
  • USB universal serial bus
  • Computer system 1000 can be logically coupled to one or more network devices in a network environment.
  • the network device can be a personal computer, server, router, smart phone, tablet or other public network node.
  • the computer system 1000 is connected to the network device via a local area network (LAN) interface 1100 or a mobile communication unit 1110.
  • LAN local area network
  • a local area network (LAN) is a network of computers that are interconnected in a limited area, such as a home, school, computer lab, or office building that uses network media.
  • WiFi and twisted pair cabling Ethernet are the two most commonly used technologies for building LANs.
  • WiFi is a technology that enables computer systems 1000 to exchange data or connect to a wireless network via radio waves.
  • the mobile communication unit 1110 can answer and make calls over a radio communication line while moving within a wide geographical area. In addition to the call, the mobile communication unit 1110 also supports Internet access in a 2G, 3G or 4G cellular communication system providing mobile data services.
  • computer system 1000 can include a Bluetooth unit that can exchange data over short distances, an image sensor for photography, and an accelerometer for measuring acceleration.
  • computer system 1000 suitable for use in the present application is capable of performing the operations specified by the password hierarchy management method.
  • Computer system 1000 performs these operations in the form of software instructions that processor 1010 runs in a computer readable storage medium.
  • These software instructions can be read into memory 1020 from storage device 1070 or from another device via local area network interface 1100.
  • the software instructions stored in the memory 1020 cause the processor 1010 to perform the password hierarchy management method described above.
  • the present application can also be implemented by a hardware circuit or a hardware circuit in combination with a software instruction. Thus, implementation of the application is not limited to any specific combination of hardware circuitry and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A password classification management method, comprising the following steps: receiving a secondary password setting request of a current login account; verifying whether a password used during login of the current login account is a primary password; and after the verification has passed, receiving an input secondary password and permission corresponding to the secondary password, and storing correlations among the current login account, the secondary password and the corresponding permission, wherein the primary password and the secondary password are two types of passwords of the account, and one primary password corresponds to one or more secondary passwords. In the method, when a certain account is logged in using a primary password, a secondary password of the account and permission corresponding to the secondary password can be set, so that the user information can be prevented from being divulged or the account password can be prevented from being tampered with when the account is logged in using the secondary password. Therefore, the method and system can improve the information security when multiple users share the same account. In addition, also provided is a password classification management system.

Description

密码分级管理方法和系统Password hierarchical management method and system
本申请要求于2013年12月31日提交中国专利局、申请号为201310754703.9、发明名称为“密码分级控制方法和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 20131075470, filed on Dec. 31, 2013, the entire disclosure of which is incorporated herein by reference.
【技术领域】[Technical Field]
本申请涉及互联网及计算机技术领域,特别是涉及密码分级管理方法和系统,以及涉及一种包含用于执行密码分级管理方法的指令的计算机存储介质。The present application relates to the field of Internet and computer technologies, and in particular, to a password hierarchical management method and system, and to a computer storage medium including instructions for performing a password hierarchical management method.
【背景技术】【Background technique】
随着互联网技术以及计算机技术的发展,各种网络应用服务空前繁荣,人们使用各种服务平台提供的网络应用服务进行社交、娱乐、工作以及学习等活动。用户初次使用某一服务平台提供的网络应用服务之前,需在该服务平台注册用户账号,注册用户账号的过程中输入账号名称和密码。用户每次使用服务平台提供的网络应用服务前,需输入注册的账号名称和密码,以登录服务平台,进入到应用服务页面。With the development of Internet technology and computer technology, various web application services have prospered unprecedentedly, and people use various web application services provided by various service platforms for social, entertainment, work and learning activities. Before the user first uses the web application service provided by a certain service platform, the user account needs to be registered on the service platform, and the account name and password are input in the process of registering the user account. Each time the user uses the web application service provided by the service platform, the user must enter the registered account name and password to log in to the service platform and enter the application service page.
一般地,现有的服务平台中一个账号名称对应一个密码,用户使用某一合法的账号名称和密码登录后,服务平台即向用户提供该服务平台的所有服务功能。然而,一次密码泄露存在非常过大的风险,比如将会泄露所有用户的信息,也会使窃取密码者任意篡改密码,或窃取密码者可完成任意用户行为。Generally, an account name in the existing service platform corresponds to a password. After the user logs in using a valid account name and password, the service platform provides the user with all service functions of the service platform. However, a password leak has a very large risk, such as leaking all users' information, and allowing the password thief to tamper with the password arbitrarily, or stealing the password to complete any user behavior.
【发明内容】[Summary of the Invention]
基于此,有必要提供一种可提高信息安全的密码分级管理方法。Based on this, it is necessary to provide a password hierarchical management method that can improve information security.
一种密码分级管理方法,包括:A password hierarchical management method includes:
接收当前登录账号的副密码设置请求;Receiving a secondary password setting request of the current login account;
验证当前登录账号登录时所使用的是否是主密码;Verify whether the current login account is used to log in to the master password;
验证通过后,接收输入的副密码以及副密码对应的权限,存储所述当前登录账号、所述副密码以及所述对应的权限之间的对应关系;After the verification is passed, receiving the input secondary password and the permission corresponding to the secondary password, and storing the correspondence between the current login account, the secondary password, and the corresponding authority;
所述主密码和所述副密码为账号的两种密码类型,一个主密码对应一个或多个副密码。The master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
此外,还有必要提供一种可提高信息安全的密码分级管理系统。In addition, it is necessary to provide a password hierarchical management system that can improve information security.
一种密码分级管理系统,包括:A password hierarchical management system comprising:
接收模块,用于接收当前登录账号的副密码设置请求;a receiving module, configured to receive a secondary password setting request of the currently logged in account;
身份验证模块,用于验证当前登录账号登录时所使用的是否是主密码;An authentication module, configured to verify whether the current login account is used to log in or not;
所述接收模块还用于验证通过后,接收输入的副密码以及副密码对应的权限;The receiving module is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password;
对应关系存储模块,用于存储所述当前登录账号、所述副密码以及所述对应的权限之间的对应关系;Corresponding relationship storage module, configured to store a correspondence between the current login account, the secondary password, and the corresponding authority;
所述主密码和所述副密码为账号的两种密码类型,一个主密码对应一个或多个副密码。The master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
此外,还提供一种计算机可读存储介质。Further, a computer readable storage medium is also provided.
一个或多个包含计算机可执行指令的计算机可读存储介质,所述计算机可执行指令用于执行上述的密码分级管理方法。One or more computer readable storage media containing computer executable instructions for performing the cryptographic hierarchical management method described above.
上述密码分级管理方法和系统以及计算机可读存储介质中用于执行密码分级管理方法的可执行指令,接收当前登录账号的副密码设置请求后,验证当前登录账号登录时所使用的是否是主密码,验证通过后,即接收输入的副密码以及副密码对应的权限,存储当前登录账号副密码以及对应的权限之间的对应关系。上述方法和系统中,某一账号使用主密码身份登录时,可设置账号的副密码且设置副密码对应的权限。其能达到提高信息安全,比如:可防止该账号使用副密码登录时泄漏用户信息或篡改账号密码,从而提高信息安全。The password classification management method and system and the executable instruction for executing the password hierarchical management method in the computer readable storage medium, after receiving the secondary password setting request of the current login account, verifying whether the current login account is used to log in or not. After the verification is passed, the input secondary password and the corresponding password of the secondary password are received, and the correspondence between the current login account secondary password and the corresponding authority is stored. In the above method and system, when an account is logged in using the master password, the sub password of the account can be set and the permission corresponding to the sub password can be set. It can improve information security. For example, it can prevent the account from leaking user information or tampering with the account password when logging in with the secondary password, thereby improving information security.
【附图说明】[Description of the Drawings]
图1为具体实施例中的密码分级管理方法的流程示意图;1 is a schematic flowchart of a password hierarchical management method in a specific embodiment;
图2为具体实施例中密码分级管理方法的根据密码提供相应功能的过程的流程示意图;2 is a schematic flowchart of a process of providing a corresponding function according to a password according to a password hierarchical management method in a specific embodiment;
图3为具体实施例中的密码分级管理方法的副密码及权限设置过程的交互示意图;3 is a schematic diagram of interaction between a secondary password and a permission setting process of the password hierarchical management method in the specific embodiment;
图4为具体实施例中的密码分级管理方法的根据密码提供相应功能的过程的交互示意图;4 is a schematic diagram of interaction of a process for providing a corresponding function according to a password according to a password hierarchical management method in a specific embodiment;
图5为具体实施例中的密码分级管理系统的结构示意图;FIG. 5 is a schematic structural diagram of a password hierarchical management system in a specific embodiment; FIG.
图6为具体实施例中的密码分级管理系统的结构示意图;6 is a schematic structural diagram of a password hierarchical management system in a specific embodiment;
图7为具体实施例中的密码分级管理系统的结构示意图;7 is a schematic structural diagram of a password hierarchical management system in a specific embodiment;
图8为能实现本申请实施例的示例性的计算机系统环境示意图。FIG. 8 is a schematic diagram of an exemplary computer system environment in which embodiments of the present application can be implemented.
【具体实施方式】 【detailed description】
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the objects, technical solutions, and advantages of the present application more comprehensible, the present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
除非上下文另有特定清楚的描述,本申请中的元件和组件,数量既可以单个的形式存在,也可以多个的形式存在,本申请并不对此进行限定。本申请中的步骤虽然用标号进行了排列,但并不用于限定步骤的先后次序,除非明确说明了步骤的次序或者某步骤的执行需要其他步骤作为基础,否则步骤的相对次序是可以调整的。可以理解,本文中所使用的术语“和/或”涉及且涵盖相关联的所列项目中的一者或一者以上的任何和所有可能的组合。The components and components in the present application may be present in a single form or in multiple forms, and the present application is not limited thereto. The steps in the present application are arranged by reference numerals, but are not intended to limit the order of the steps. The relative order of the steps may be adjusted unless the order of the steps is explicitly stated or the execution of the steps requires other steps as a basis. It will be understood that the term "and/or" as used herein relates to and encompasses any and all possible combinations of one or more of the associated listed items.
本申请密码分级管理方法及系统中,涉及到对主密码及副密码的分级管理。主密码及副密码为主从的关系,即如果没有主密码的存在,将系统中将不会存在副密码,一个主密码对应一个或多个副密码。In the password classification management method and system of the present application, hierarchical management of the primary password and the secondary password is involved. The master password and the secondary password are the master-slave relationship, that is, if there is no master password, there will be no secondary password in the system, and one master password corresponds to one or more secondary passwords.
比如:密码分级管理方法及系统应用到账号密码系统中时,主密码可以是账号的登陆密码,副密码可以是使用主密码登陆账号后,人为设置的其他密码。账号的登陆密码可以是注册某一账号时输入的密码。上述对于主密码及副密码的表述只是举例,主密码、副密码的类型及设置方式等不受限制,比如:主密码还可以是其他类型的密码,比如账号的邀请验证密码,比如:副密码也可以是主密码登陆账号的同时,系统随机生成的密码等。For example, when the password hierarchical management method and the system are applied to the account password system, the master password may be the login password of the account, and the secondary password may be other passwords manually set after the account is registered by using the master password. The login password of the account can be the password entered when registering an account. The above descriptions of the primary password and the secondary password are only examples. The primary password, the type of the secondary password, and the setting manner are not limited. For example, the primary password may also be other types of passwords, such as an account authentication password, such as a secondary password. It can also be the password generated by the system at the same time as the login password of the master password.
如图1所示的实施例中,一种密码分级管理方法,包括:In the embodiment shown in FIG. 1, a password hierarchical management method includes:
S102,接收当前登录账号的副密码设置请求。S102. Receive a secondary password setting request of the current login account.
副密码设置请求即为设置副密码的请求。The secondary password setting request is a request to set a secondary password.
S104,验证当前登录账号登录时所使用的是否是主密码。S104. Verify whether the current login account is used to log in or not.
主密码和副密码为账号的两种密码类型,一个主密码对应一个或多个副密码。The master password and the secondary password are the two password types of the account, and one master password corresponds to one or more secondary passwords.
若账号登录时输入的密码为主密码,则表示当前登录账号所使用的是主密码。If the password entered when the account is logged in is the primary password, it means that the current login account uses the master password.
在一个实施例中,S104可提示输入主密码,并验证输入的密码是否为合法的主密码,若是,则判定当前登录账号登录时所使用的是主密码。因为若当前输入的密码为合法的主密码,则说明账号登录时也可以输入主密码,因此可通过验证当前输入的密码是否为合法的主密码来验证当前登录账号登录时所使用的是否是主密码。In one embodiment, S104 may prompt to input the master password and verify whether the entered password is a legitimate master password, and if so, determine that the current login account is used to log in using the master password. Because if the currently entered password is a legal master password, it means that the master password can also be entered when the account is logged in. Therefore, it can be verified whether the current login password is a valid master password to verify whether the current login account is used for login. password.
在另一个实施例中,在S104之前,上述密码分级管理方法还包括步骤:当账号使用合法的主密码登录时,标记当前登录账号登录时使用主密码。本实施例中,S104可检查当前登录账号是否有用以表示其登录时使用主密码的标记,若是,则判定当前登录账号登录时所使用的是主密码。在一个实施例中,若当当前登录账号登录时所使用的不是主密码,可结束流程。In another embodiment, before S104, the password classification management method further includes the step of: when the account is logged in with a valid master password, marking the current login account to use the master password when logging in. In this embodiment, S104 may check whether the current login account is useful to indicate that the primary password is used when logging in, and if so, determine that the current login account is used to log in using the master password. In one embodiment, if the current login account is logged in without using a master password, the process may end.
S106,当当前登录账号登录时所使用的是主密码,接收输入的副密码以及副密码对应的权限。S106. When the current login account is logged in, the master password is used, and the input secondary password and the password corresponding to the secondary password are received.
在一个实施例中,可提示输入副密码,并提示设置副密码对应的权限。不同权限对应不同的功能。可预先设置并存储权限对应的功能。In one embodiment, the secondary password may be prompted and prompted to set the permissions corresponding to the secondary password. Different permissions correspond to different functions. The function corresponding to the permission can be set and stored in advance.
S108,存储当前登录账号、副密码以及对应的权限之间的对应关系。S108. Store a correspondence between a current login account, a secondary password, and a corresponding permission.
在一个实施例中,可存储当前登录账号与副密码之间的对应关系,并存储副密码与权限之间的对应关系。In an embodiment, the correspondence between the current login account and the secondary password may be stored, and the correspondence between the secondary password and the authority may be stored.
在一个实施例中,上述密码分级管理方法还包括修改副密码对应权限的过程,该过程包括以下步骤:接收修改副密码对应的权限的请求;验证当前登录账号登录时所使用的是否是主密码;验证通过后,接收输入的修改后的权限,存储副密码与修改后的权限的对应关系。In an embodiment, the password classification management method further includes a process of modifying a secondary password corresponding authority, the process comprising the steps of: receiving a request for modifying a permission corresponding to the secondary password; and verifying whether the current login account is used to log in or not. After the verification is passed, the modified authority of the input is received, and the correspondence between the secondary password and the modified authority is stored.
修改副密码对应的权限的请求中包含副密码和修改后的权限的信息。可在副密码与权限的对应关系表中查询请求中包含的副密码对应的原权限,将原权限修改为请求中包含的修改后的权限;或者,删除请求中包含的副密码对应的记录,并添加包含该副密码与该修改后的权限的记录。The request for modifying the permission corresponding to the secondary password includes the information of the secondary password and the modified authority. The original authority corresponding to the secondary password included in the request may be queried in the correspondence table of the secondary password and the authority, and the original authority is modified to the modified authority included in the request; or the record corresponding to the secondary password included in the request is deleted. And add a record containing the secondary password and the modified permissions.
在一个实施例中,上述密码分级管理方法还包括修改副密码的过程,该过程包括以下步骤:In an embodiment, the password classification management method further includes a process of modifying a secondary password, and the process includes the following steps:
接收修改副密码的请求;Receiving a request to modify the secondary password;
验证当前登录账号登录时所使用的密码的类型;Verify the type of password used to log in to the current login account;
若所使用的密码的类型为主密码,则接收输入的待修改的原副密码以及对应的新副密码,将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系;If the type of the password used is the primary password, the original password to be modified and the corresponding new secondary password are received, and the correspondence between the current login account, the original secondary password, and the corresponding authority is changed to the current login account. Correspondence between the new secondary password and the corresponding authority;
若所使用的密码的类型为副密码,则接收输入的新副密码,保存登录时所使用的原副密码与新副密码的对应关系,等待当前登录账号重新以主密码登录;当当前登录账号重新以主密码登录时,向登录客户端发送修改副密码审批请求,该审批请求中包含原副密码和新副密码;接收登录客户端发送的审批结果;根据审批结果修改原副密码或中止修改原副密码。If the type of the password used is a secondary password, the new secondary password entered is received, and the correspondence between the original secondary password and the new secondary password used in the login is saved, and the current login account is re-registered with the primary password; When re-login with the master password, send a modification sub-password approval request to the login client. The approval request includes the original secondary password and the new secondary password; receive the approval result sent by the login client; modify the original secondary password or abort the modification according to the approval result. Original secondary password.
在一个实施例中,若审批结果表示允许修改,则将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系,并删除保存的登录时所使用的原副密码与新副密码的对应关系;若审批结果表示不允许修改,则删除保存的登录时所使用的原副密码与新副密码的对应关系。In an embodiment, if the approval result indicates that the modification is allowed, the correspondence between the current login account, the original secondary password, and the corresponding permission is changed to a correspondence between the current login account, the new secondary password, and the corresponding authority. And the correspondence between the original secondary password and the new secondary password used in the saved login is deleted; if the approval result indicates that the modification is not allowed, the correspondence between the original secondary password and the new secondary password used in the saved login is deleted.
上述实施例中,可根据需求修改副密码,例如将副密码修改为更好记忆的序列等,而保留原副密码对应的权限,从而提供操作便利性。In the above embodiment, the secondary password can be modified according to requirements, for example, the secondary password is modified into a better memory sequence, and the rights corresponding to the original secondary password are retained, thereby providing operational convenience.
如图2所示的实施例中,上述密码分级管理方法还包括步骤:In the embodiment shown in FIG. 2, the foregoing password classification management method further includes the steps of:
S202,接收登录请求,该登录请求包括账号和密码。S202. Receive a login request, where the login request includes an account and a password.
S204,验证登录请求包括的密码的合法性和类型。S204. Verify the legality and type of the password included in the login request.
在一个实施例中,可将账号与主密码的对应关系以及账号与副密码的对应关系分别存储在两张不同的数据表中,S204可在存储账号与主密码的对应关系的数据表中查找登录请求中包括的账号对应的密码,若查找成功,则将查找到的密码与登录请求中包括的密码进行匹配,若匹配一致,则判定登录请求中包括的密码是合法的且密码类型为主密码,若匹配不一致,则判定登录请求中包括的密码不是合法的密码;若查找失败,则在存储账号与副密码的对应关系的数据表中查找登录请求中包括的账号对应的密码,若查找成功,则将查找到的密码与登录请求中包括的密码进行匹配,若匹配一致,则判定登录请求中包括的密码是合法的且密码类型为副密码,若查找失败,则判断登录请求中包括的密码不是合法的密码。In an embodiment, the correspondence between the account and the master password and the correspondence between the account and the secondary password are respectively stored in two different data tables, and S204 can be searched in the data table of the correspondence between the account and the master password. The password corresponding to the account included in the login request, if the search is successful, matches the found password with the password included in the login request. If the matching is consistent, it is determined that the password included in the login request is legal and the password type is dominant. If the password is inconsistent, it is determined that the password included in the login request is not a valid password; if the search fails, the password corresponding to the account included in the login request is searched in the data table corresponding to the storage account and the secondary password. If the search succeeds, the password that is found is matched with the password included in the login request. If the matching is consistent, the password included in the login request is legal and the password type is a secondary password. If the search fails, the login request is included. The password is not a valid password.
在另一个实施例中,可将账号与密码(包括主密码和副密码)的对应关系存储到一张数据表中,并在数据表中增加标记密码类型的字段。该标记密码类型的字段可为布尔类型,用于表示是否是主密码(或用于表示是否是副密码);若该字段为是,则说明是主密码(或副密码)。该标记密码类型的字段也可为字符串类型,用于表示密码的权限参数,可以将该权限参数理解为密码的名称;在存储主密码与副密码时,可设置主密码与副密码对应的权限参数的前缀字符不同,例如,主密码对应的权限参数以“main”开头,副密码对应的权限参数以“sub”开头;或者,由于主密码只有一个,存储主密码时可不设置权限参数,而存储副密码时才设置权限参数。上述S204可在存储账号与密码的对应关系的数据表中查找登录请求中包括的账号,并获取对应的密码,将获取的密码与登录请求中包括的密码进行匹配,若匹配不一致,则判定登录请求中包括的密码不是合法的密码;若匹配一致,则根据对应的标记主密码与副密码的字段判断登录请求中包括的密码是主密码还是副密码。In another embodiment, the correspondence between the account number and the password (including the primary password and the secondary password) can be stored in a data table, and a field marking the password type is added to the data table. The field of the tag password type may be a Boolean type, which is used to indicate whether it is a master password (or to indicate whether it is a secondary password); if the field is yes, it is a master password (or a secondary password). The field of the tag password type may also be a string type, which is used to represent the password parameter of the password, and the permission parameter may be understood as the name of the password; when the primary password and the secondary password are stored, the primary password and the secondary password may be set. The prefix characters of the permission parameters are different. For example, the permission parameter corresponding to the primary password starts with “main”, and the permission parameter corresponding to the secondary password starts with “sub”; or, since there is only one primary password, the permission parameter may not be set when the primary password is stored. The permission parameter is set when the secondary password is stored. The foregoing S204 may search for an account included in the login request in a data table that stores the correspondence between the account and the password, and obtain a corresponding password, and match the obtained password with the password included in the login request, and if the matching is inconsistent, determine the login. The password included in the request is not a valid password; if the matching is consistent, it is determined according to the corresponding field of the marked primary password and the secondary password that the password included in the login request is a primary password or a secondary password.
S206,若登录请求中包括的密码合法,则根据密码的类型获取对应的权限,根据对应的权限提供相应的功能。S206. If the password included in the login request is legal, obtain the corresponding permission according to the type of the password, and provide a corresponding function according to the corresponding permission.
根据密码的类型获取对应的权限包括以下步骤:若登录请求中包括的密码为副密码,则查询登录请求包括的密码对应的权限;若登录请求中包括的密码为主密码,则获取默认的主密码对应的权限。在一个实施例中,默认的主密码对应的权限包括所有权限,因为针对主密码不需要限制权限。Obtaining the corresponding permission according to the type of the password includes the following steps: if the password included in the login request is a secondary password, querying the permission corresponding to the password included in the login request; if the password included in the login request is the primary password, obtaining the default primary The password corresponding to the password. In one embodiment, the default master password corresponds to all permissions, as there is no need to restrict permissions for the master password.
若登录请求包括的密码既不是登录请求包括的账号的合法的主密码也不是其合法的副密码,可提示密码输入错误。If the password included in the login request is neither the legal master password nor the legal secondary password of the account included in the login request, the password input error may be prompted.
在一个实施例中,在S106之后,上述密码分级管理方法还包括步骤:生成副密码对应的权限参数;S108包括:存储当前登录账号、副密码和对应的权限参数之间的对应关系,并存储权限参数与对应的权限之间的对应关系。In an embodiment, after the step S106, the password grading management method further includes the steps of: generating a privilege parameter corresponding to the secondary password; S108, comprising: storing a correspondence between the current login account, the secondary password, and the corresponding privilege parameter, and storing The correspondence between the permission parameters and the corresponding permissions.
权限参数为用于标识副密码的符号名称或数字序列号等,可将副密码的权限参数理解为副密码的名称,不同副密码对应的权限参数不同。可将当前登录账号、副密码和对应的权限参数之间的对应关系以及权限参数与权限之间的对应关系分别存储在两张不同的数据表中。The permission parameter is a symbol name or a numeric serial number for identifying the secondary password, and the permission parameter of the secondary password can be understood as the name of the secondary password, and the permission parameters corresponding to the different secondary passwords are different. The correspondence between the current login account, the secondary password and the corresponding permission parameter, and the correspondence between the permission parameter and the authority may be stored in two different data tables, respectively.
本实施例中,上述查询登录请求包括的密码对应的权限的步骤包括:获取登录请求包括的密码对应的权限参数,查询该权限参数对应的权限。In this embodiment, the step of querying the password corresponding to the password included in the login request includes: obtaining a permission parameter corresponding to the password included in the login request, and querying the permission corresponding to the permission parameter.
本实施例中,上述修改副密码对应权限的过程中,存储副密码与修改后的权限的对应关系的步骤为:获取副密码对应的权限参数,存储获取的权限参数与修改后的权限的对应关系。可在权限参数与权限的对应关系表中查询获取的权限参数对应的原权限,将原权限修改为请求中包含的修改后的权限;或者,删除获取的权限参数对应的记录,并添加包含获取的权限参数与该修改后的权限的记录。In this embodiment, in the process of modifying the corresponding password of the secondary password, the step of storing the correspondence between the secondary password and the modified authority is: obtaining the permission parameter corresponding to the secondary password, and storing the correspondence between the obtained permission parameter and the modified authority relationship. The original authority corresponding to the obtained permission parameter may be queried in the correspondence table between the permission parameter and the permission, and the original authority is modified to the modified permission included in the request; or the record corresponding to the obtained permission parameter is deleted, and the inclusion and acquisition are added. The permission parameters are recorded with the modified permissions.
本实施例中,上述修改副密码的过程中,将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系的步骤为:将当前登录账号、原副密码以及对应的权限参数之间的对应关系修改为当前登录账号、新副密码以及对应的权限参数之间的对应关系。In the embodiment, in the process of modifying the secondary password, the step of modifying the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding permission is performed. The relationship between the current login account, the original secondary password, and the corresponding permission parameter is changed to the correspondence between the current login account, the new secondary password, and the corresponding permission parameter.
由于密码涉及到用户信息安全,密码需要较高的存储安全级别,本实施例将密码与权限分别存储管理,副密码与权限之间通过中间的权限参数来对应,便于单独对密码实行安全级别高的存储管理,既可以保证用户密码的安全,又可降低存储管理成本。Because the password involves the security of the user information, the password needs a higher storage security level. In this embodiment, the password and the authority are separately stored and managed, and the secondary password and the authority are corresponding through the intermediate permission parameter, so that the password is safely implemented separately. Storage management can not only ensure the security of user passwords, but also reduce storage management costs.
当某一用户可能需要与其他用户分工合作在服务平台上完成任务,则该用户可以通过副密码与权限的设置,来限制登录该服务平台的其他用户使用全部服务功能。即,登录该服务平台的其他用户只能凭借该账号名称和副密码,使用服务平台的某些特定的服务功能,而非全部服务功能。When a user may need to work with other users to complete the task on the service platform, the user can restrict the use of all service functions by other users who log in to the service platform through the setting of the secondary password and the permission. That is, other users who log in to the service platform can only use certain service functions of the service platform, rather than all service functions, by virtue of the account name and the secondary password.
在一个实施例中,一种密码分级管理方法,运行于客户端、应用服务器、密码存储服务器和权限存储服务器之上,该密码分级管理方法包括副密码及权限设置过程,图3为该密码分级管理方法的副密码及权限设置过程的交互示意图,该副密码及权限设置过程包括以下步骤:In one embodiment, a password hierarchical management method runs on a client, an application server, a password storage server, and a rights storage server. The password hierarchical management method includes a secondary password and a permission setting process, and FIG. 3 is the password classification. The interaction code of the secondary password and the permission setting process of the management method, the secondary password and permission setting process includes the following steps:
(1)应用服务器接收客户端发送的当前登录账号的副密码设置请求。(1) The application server receives a secondary password setting request of the current login account sent by the client.
(2)应用服务器向客户端发送输入主密码的指令。客户端提示输入主密码,并将输入的主密码发送给应用服务器。应用服务器将当前登录账号以及输入的主密码发送给密码存储服务器。密码存储服务器根据预先存储的账号与主密码的对应关系验证输入的主密码是否为当前登录账号的合法的主密码,若是,则验证通过,若否,则验证失败;将验证结果发送给应用服务器。(2) The application server sends an instruction to the client to input the master password. The client prompts for the master password and sends the entered master password to the application server. The application server sends the current login account and the entered master password to the password storage server. The password storage server verifies whether the input master password is the legal master password of the current login account according to the correspondence between the pre-stored account and the master password. If yes, the verification succeeds, and if not, the verification fails; the verification result is sent to the application server. .
(3)若应用服务器接收到验证通过结果,则向客户端发送输入副密码以及副密码对应的权限的指令。客户端可提示输入副密码,并提示设置副密码对应的权限。进一步的应用服务器从客户端接收输入的副密码以及副密码对应的权限。(3) If the application server receives the verification pass result, the client is sent an instruction to input the sub password and the authority corresponding to the sub password. The client can prompt for the secondary password and prompt for the permission corresponding to the secondary password. The further application server receives the input secondary password and the permission corresponding to the secondary password from the client.
(4)应用服务器生成副密码对应的权限参数;将当前登录账号、副密码和对应的权限参数发送给密码存储服务器,并将权限参数与对应的权限发送给权限存储服务器。密码存储服务器存储当前登录账号、副密码和对应的权限参数之间的对应关系,并向应用服务器返回存储成功与否结果;权限存储服务器存储权限参数与对应的权限之间的对应关系,并向应用服务器返回存储成功与否结果。(4) The application server generates a permission parameter corresponding to the secondary password; sends the current login account, the secondary password, and the corresponding permission parameter to the password storage server, and sends the permission parameter and the corresponding permission to the permission storage server. The password storage server stores the correspondence between the current login account, the secondary password, and the corresponding permission parameter, and returns a result of the storage success or failure to the application server; the correspondence between the permission storage server storage permission parameter and the corresponding permission, and The application server returns the result of the storage success or not.
由于密码涉及到用户信息安全,密码需要较高的存储安全级别,本实施例将密码与权限分别存储在密码存储服务器和权限存储服务器中,副密码与权限之间通过中间的权限参数来对应,便于单独对密码实行安全级别高的存储管理,即可以保证用户密码的安全,又可降低存储管理成本。Because the password involves the security of the user information, the password needs a higher storage security level. In this embodiment, the password and the authority are respectively stored in the password storage server and the rights storage server, and the secondary password and the authority are corresponding through the intermediate permission parameter. It is convenient to implement a high-security storage management for the password separately, that is, the security of the user password can be ensured, and the storage management cost can be reduced.
在一个实施例中,上述密码分级管理方法还包括根据密码提供相应服务的过程,图4为该密码分级管理方法根据密码提供相应服务的过程的交互示意图,根据密码提供相应服务的过程包括以下步骤:In an embodiment, the password classification management method further includes a process of providing a corresponding service according to the password, and FIG. 4 is an interaction diagram of the process of providing the corresponding service according to the password according to the password classification management method, and the process of providing the corresponding service according to the password includes the following steps. :
(1)应用服务器接收客户端发送的登录请求,该登录请求包括账号和密码。进一步的,应用服务器将登录请求中包含的账号和密码发送给密码存储服务器。(1) The application server receives a login request sent by the client, and the login request includes an account number and a password. Further, the application server sends the account and password included in the login request to the password storage server.
(2)密码存储服务器查询该登录请求中包括的账号对应的主密码,检验登录请求中包括的密码是否与该主密码匹配,若是,则将登录请求中包括的密码与主密码匹配的验证结果返回给应用服务器,若否,则查询该登录请求中包括的账号对应的副密码,检验登录请求中包括的密码是否与副密码匹配。若登录请求中包括的密码与副密码匹配,则获取对应的权限参数,将权限参数发送给权限存储服务器;权限存储服务器查询该权限参数对应的权限,将查询到的权限返回给应用服务器。若登录请求中包括的密码与副密码也不匹配,则密码存储服务器将登录请求中包括的密码不是合法的密码的验证结果返回给应用服务器(2) The password storage server queries the master password corresponding to the account included in the login request, and checks whether the password included in the login request matches the master password, and if so, the verification result that matches the password included in the login request with the master password. Return to the application server, if not, query the secondary password corresponding to the account included in the login request, and check whether the password included in the login request matches the secondary password. If the password included in the login request matches the secondary password, the corresponding permission parameter is obtained, and the permission parameter is sent to the permission storage server; the permission storage server queries the permission corresponding to the permission parameter, and returns the queried authority to the application server. If the password included in the login request does not match the secondary password, the password storage server returns the verification result that the password included in the login request is not a valid password to the application server.
(3)若应用服务器接收到密码存储服务器返回的登录请求中包括的密码与主密码匹配的验证结果,则向客户端提供所有权限对应的服务。若应用服务器接收到权限存储服务器返回的查询到的权限,则根据该权限向客户端提供相应的功能。若应用服务器接收到密码存储服务器返回的登录请求中包括的密码不是合法的密码的验证结果,则应用服务器向客户端发送密码错误信息;客户端可提示密码输入错误。(3) If the application server receives the verification result that the password included in the login request returned by the password storage server matches the master password, the client provides the service corresponding to all the rights. If the application server receives the queried permission returned by the privilege storage server, the corresponding function is provided to the client according to the privilege. If the application server receives the verification result that the password included in the login request returned by the password storage server is not a valid password, the application server sends a password error message to the client; the client may prompt the password input error.
如图5所示的实施例中,一种密码分级管理系统,包括接收模块502、身份验证模块504和对应关系存储模块506,其中:In the embodiment shown in FIG. 5, a password hierarchical management system includes a receiving module 502, an identity verification module 504, and a corresponding relationship storage module 506, where:
接收模块502用于接收当前登录账号的副密码设置请求。The receiving module 502 is configured to receive a secondary password setting request of the currently logged in account.
注册某一账号时输入的密码可称为该账号的主密码,注册成功后,使用该账号登录后设置的其它密码可称为该账号的副密码。副密码设置请求即为设置副密码的请求。The password entered when registering an account can be referred to as the master password of the account. After the registration is successful, the other password set after logging in using the account can be referred to as the secondary password of the account. The secondary password setting request is a request to set a secondary password.
身份验证模块504用于验证当前登录账号登录时所使用的是否是主密码;主密码和副密码为账号的两种密码类型,一个主密码对应一个或多个副密码。The authentication module 504 is configured to verify whether the current login account is used as a master password; the master password and the secondary password are two password types of the account, and one master password corresponds to one or more secondary passwords.
若账号登录时输入的密码为主密码,则表示当前登录账号所使用的是主密码。If the password entered when the account is logged in is the primary password, it means that the current login account uses the master password.
在一个实施例中,上述密码分级管理系统还包括提示模块(图中未示出),用于提示输入主密码,身份验证模块504可验证输入的密码是否为合法的主密码,若是,则判定验证通过。因为若当前输入的密码为合法的主密码,则说明账号登录时也可以输入主密码,因此可通过验证当前输入的密码是否为合法的主密码来验证当前登录账号登录时所使用的是否是主密码。In an embodiment, the password classification management system further includes a prompting module (not shown) for prompting to input a master password, and the identity verification module 504 can verify whether the entered password is a legal master password, and if so, determining Verification passed. Because if the currently entered password is a legal master password, it means that the master password can also be entered when the account is logged in. Therefore, it can be verified whether the current login password is a valid master password to verify whether the current login account is used for login. password.
在另一个实施例中,上述密码分级管理系统还包括标记模块,用于当账号使用合法的主密码登录时,标记当前登录账号登录时使用主密码。本实施例中,身份验证模块504可检查当前登录账号是否有用以表示其登录时使用主密码的标记。In another embodiment, the password classification management system further includes a marking module, configured to mark the current login account to use the master password when the account is logged in with a valid master password. In this embodiment, the identity verification module 504 can check whether the current login account is useful to indicate that the login uses the master password.
接收模块502还用于验证通过后,接收输入的副密码以及副密码对应的权限。若验证当前登录账号登录时所使用的是主密码身份,则表示验证通过。The receiving module 502 is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password. If it is verified that the current login account is using the master password identity, the verification is passed.
在一个实施例中,上述提示模块可提示输入副密码,并提示设置副密码对应的权限。不同权限对应不同的功能。在一个实施例中,上述密码分级管理系统还包括功能设置模块,用于预先设置并保存权限对应的功能。In an embodiment, the prompting module may prompt to input a secondary password and prompt to set a permission corresponding to the secondary password. Different permissions correspond to different functions. In an embodiment, the password classification management system further includes a function setting module, configured to preset and save a function corresponding to the permission.
对应关系存储模块506存储当前登录账号、副密码以及对应的权限之间的对应关系。The correspondence relationship storage module 506 stores the correspondence between the current login account, the secondary password, and the corresponding authority.
在一个实施例中,对应关系存储模块506可存储当前登录账号与副密码之间的对应关系,并存储副密码与权限之间的对应关系。In an embodiment, the correspondence storage module 506 can store the correspondence between the current login account and the secondary password, and store the correspondence between the secondary password and the permission.
在一个实施例中,接收模块502还用于接收修改副密码对应的权限的请求;身份验证模块504还用于验证当前登录账号登录时所使用的是否是主密码;接收模块502还用于验证通过后,接收输入的修改后的权限;对应关系存储模块506还用于存储副密码与修改后的权限的对应关系。In an embodiment, the receiving module 502 is further configured to receive a request for modifying the permission corresponding to the secondary password; the identity verification module 504 is further configured to verify whether the current login account is used to log in, and the receiving module 502 is further configured to verify After the pass, the input modified permission is received; the corresponding relationship storage module 506 is further configured to store the correspondence between the secondary password and the modified authority.
修改副密码对应的权限的请求中包含副密码和修改后的权限的信息。对应关系存储模块506可在副密码与权限的对应关系表中查询请求中包含的副密码对应的原权限,将原权限修改为请求中包含的修改后的权限;或者,对应关系存储模块506可删除请求中包含的副密码对应的记录,并添加包含该副密码与该修改后的权限的记录。The request for modifying the permission corresponding to the secondary password includes the information of the secondary password and the modified authority. The correspondence relationship storage module 506 can query the original authority corresponding to the secondary password included in the request in the correspondence table of the secondary password and the authority, and modify the original authority to the modified authority included in the request; or, the correspondence relationship storage module 506 can Delete the record corresponding to the secondary password included in the request, and add a record containing the secondary password and the modified authority.
在一个实施例中,接收模块502还用于接收修改副密码的请求;身份验证模块504还用于验证当前登录账号登录时所使用的密码的类型;In an embodiment, the receiving module 502 is further configured to receive a request for modifying a secondary password; the identity verification module 504 is further configured to verify a type of a password used when the current login account is logged in;
接收模块502还用于若所使用的密码的类型为主密码,则接收输入的待修改的原副密码以及对应的新副密码,对应关系存储模块506还用于将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系;The receiving module 502 is further configured to: if the type of the used password is a primary password, receive the input original secondary password to be modified and the corresponding new secondary password, and the corresponding relationship storage module 506 is further configured to use the current login account and the original secondary password. And the corresponding relationship between the corresponding rights is modified to be a correspondence between the current login account, the new secondary password, and the corresponding permission;
接收模块502还用于若所使用的密码的类型为副密码,则接收输入的新副密码,对应关系存储模块506还用于保存登录时所使用的原副密码与新副密码的对应关系;本实施例中,上述密码分级管理装置还包括监测模块和发送模块(图中未示出),监测模块等待当前登录账号重新以主密码登录;发送模块用于当当前登录账号重新以主密码登录时,向登录客户端发送修改副密码审批请求,该审批请求中包含原副密码和新副密码;接收模块502还用于接收登录客户端发送的审批结果;对应关系存储模块506还用于根据审批结果修改原副密码或中止修改原副密码。若审批结果表示允许修改,则对应关系存储模块506将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系,并删除保存的登录时所使用的原副密码与新副密码的对应关系;对应关系存储模块506还用于若审批结果表示不允许修改,则删除保存的登录时所使用的原副密码与新副密码的对应关系。The receiving module 502 is further configured to: if the type of the used password is a secondary password, receive the input new secondary password, and the corresponding relationship storage module 506 is further configured to save the correspondence between the original secondary password and the new secondary password used in the login; In this embodiment, the password classification management apparatus further includes a monitoring module and a sending module (not shown), the monitoring module waits for the current login account to re-log in with the master password; and the sending module is configured to log in again with the master password when the current login account is re-registered. And sending a modified secondary password approval request to the login client, where the approval request includes the original secondary password and the new secondary password; the receiving module 502 is further configured to receive the approval result sent by the login client; the correspondence storage module 506 is further configured to The result of the approval is to modify the original secondary password or to abort the original secondary password. If the result of the approval indicates that the modification is allowed, the correspondence storage module 506 modifies the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding authority, and The correspondence between the original secondary password and the new secondary password used in the saved login is deleted; the correspondence storage module 506 is further configured to delete the original secondary password and the new secondary used when the saved login is not allowed to be modified. The correspondence of passwords.
上述实施例中,可根据需求修改副密码,例如将副密码修改为更好记忆的序列等,而保留原副密码对应的权限,从而提供操作便利性。In the above embodiment, the secondary password can be modified according to requirements, for example, the secondary password is modified into a better memory sequence, and the rights corresponding to the original secondary password are retained, thereby providing operational convenience.
在一个实施例中,接收模块502还用于接收登录请求,该登录请求包括账号和密码。In an embodiment, the receiving module 502 is further configured to receive a login request, where the login request includes an account number and a password.
身份验证模块504还用于验证登录请求包括的密码的合法性和类型。The authentication module 504 is also used to verify the legitimacy and type of the password included in the login request.
在一个实施例中,对应关系存储模块506可将账号与主密码的对应关系以及账号与副密码的对应关系分别存储在两张不同的数据表中,身份验证模块504可在存储账号与主密码的对应关系的数据表中查找登录请求中包括的账号对应的密码,若查找成功,则将查找到的密码与登录请求中包括的密码进行匹配,若匹配一致,则判定登录请求中包括的密码是合法的且密码类型为主密码,若匹配不一致,则判定登录请求中包括的密码不是合法的密码;若查找失败,则在存储账号与副密码的对应关系的数据表中查找登录请求中包括的账号对应的密码,若查找成功,则将查找到的密码与登录请求中包括的密码进行匹配,若匹配一致,则判定登录请求中包括的密码是合法的且密码类型为副密码,若查找失败,则判断登录请求中包括的密码不是合法的密码。In an embodiment, the correspondence storage module 506 can store the correspondence between the account and the master password and the correspondence between the account and the secondary password in two different data tables, and the identity verification module 504 can store the account and the master password. In the data table of the corresponding relationship, the password corresponding to the account included in the login request is searched. If the search is successful, the found password is matched with the password included in the login request. If the matching is consistent, the password included in the login request is determined. It is legal and the password type is the primary password. If the matching is inconsistent, it is determined that the password included in the login request is not a valid password; if the search fails, the login request is included in the data table corresponding to the storage account and the secondary password. If the password is correct, the password is matched with the password included in the login request. If the matching is consistent, it is determined that the password included in the login request is legal and the password type is a secondary password. If it fails, it is determined that the password included in the login request is not a valid password.
在另一个实施例中,对应关系存储模块506可将账号与密码(包括主密码和副密码)的对应关系存储到一张数据表中,并在数据表中增加标记密码类型的字段;该标记密码类型的字段可为布尔类型,用于表示是否是主密码(或用于表示是否是副密码);若该字段为是,则说明是主密码(或副密码)。该标记密码类型的字段也可为字符串类型,用于表示密码的权限参数,可以将该权限参数理解为密码的名称;在存储主密码与副密码时,可设置主密码与副密码对应的权限参数的前缀字符不同,例如,主密码对应的权限参数以“main”开头,副密码对应的权限参数以“sub”开头;或者,由于主密码只有一个,存储主密码时可不设置权限参数,而存储副密码时才设置权限参数。身份验证模块504可在存储账号与密码的对应关系的数据表中查找登录请求中包括的账号,并获取对应的密码,将获取的密码与登录请求中包括的密码进行匹配,若匹配不一致,则判定登录请求中包括的密码不是合法的密码;若匹配一致,则根据对应的标记主密码与副密码的字段判断登录请求中包括的密码是主密码还是副密码。In another embodiment, the correspondence storage module 506 can store the correspondence between the account and the password (including the primary password and the secondary password) into a data table, and add a field marking the password type to the data table; The password type field can be a Boolean type, which is used to indicate whether it is a master password (or to indicate whether it is a secondary password); if the field is yes, it is a master password (or a secondary password). The field of the tag password type may also be a string type, which is used to represent the password parameter of the password, and the permission parameter may be understood as the name of the password; when the primary password and the secondary password are stored, the primary password and the secondary password may be set. The prefix characters of the permission parameters are different. For example, the permission parameter corresponding to the primary password starts with “main”, and the permission parameter corresponding to the secondary password starts with “sub”; or, since there is only one primary password, the permission parameter may not be set when the primary password is stored. The permission parameter is set when the secondary password is stored. The identity verification module 504 can search the account included in the login request in the data table that stores the correspondence between the account and the password, and obtain the corresponding password, and match the obtained password with the password included in the login request. It is determined that the password included in the login request is not a valid password; if the matching is consistent, it is determined according to the corresponding field of the marked primary password and the secondary password that the password included in the login request is a primary password or a secondary password.
本实施例中,如图6所示,上述密码分级管理系统还包括功能提供模块602,用于若登录请求中包括的密码合法,则根据密码的类型获取对应的权限,根据对应的权限提供相应的功能。In this embodiment, as shown in FIG. 6, the password grading management system further includes a function providing module 602, configured to: if the password included in the login request is legal, obtain the corresponding privilege according to the type of the password, and provide corresponding according to the corresponding privilege The function.
功能提供模块602根据密码的类型获取对应的权限的过程包括:若登录请求中包括的密码为副密码,则查询登录请求包括的密码对应的权限;若登录请求中包括的密码为主密码,则获取默认的主密码对应的权限。在一个实施例中默认的主密码对应的权限包括所有权限,因为针对主密码不需要限制权限。The process of the function providing module 602 obtaining the corresponding permission according to the type of the password includes: if the password included in the login request is a secondary password, querying the permission corresponding to the password included in the login request; if the password included in the login request is the primary password, Get the permissions corresponding to the default master password. In one embodiment, the default master password corresponds to all permissions, as there is no need to restrict permissions for the master password.
若登录请求包括的密码既不是登录请求包括的账号的合法的主密码也不是其合法的副密码,上述提示模块可提示密码输入错误。If the password included in the login request is neither the legal master password nor the legal secondary password of the account included in the login request, the prompting module may prompt the password input error.
如图7所示的实施例中,上述密码分级管理系统还包括权限参数生成模块702,用于在接收输入的副密码以及副密码对应的权限之后,生成副密码对应的权限参数;对应关系存储模块506用于存储当前登录账号、副密码和对应的权限参数之间的对应关系,并存储权限参数与对应的权限之间的对应关系。In the embodiment shown in FIG. 7, the password classification management system further includes a permission parameter generation module 702, configured to generate a permission parameter corresponding to the secondary password after receiving the input secondary password and the permission corresponding to the secondary password; The module 506 is configured to store a correspondence between the current login account, the secondary password, and the corresponding permission parameter, and store a correspondence between the permission parameter and the corresponding permission.
权限参数为用于标识副密码的符号名称或数字序列号等,可将副密码的权限参数理解为副密码的名称,不同副密码对应的权限参数不同。对应关系存储模块506可将当前登录账号、副密码和对应的权限参数之间的对应关系以及权限参数与权限之间的对应关系分别存储在两张不同的数据表中。The permission parameter is a symbol name or a numeric serial number for identifying the secondary password, and the permission parameter of the secondary password can be understood as the name of the secondary password, and the permission parameters corresponding to the different secondary passwords are different. The correspondence relationship storage module 506 can store the correspondence between the current login account, the secondary password and the corresponding permission parameter, and the correspondence between the permission parameter and the authority in two different data tables.
本实施例中,功能提供模块602查询登录请求包括的密码对应的权限的过程包括:获取登录请求包括的密码对应的权限参数,查询该权限参数对应的权限。In this embodiment, the process of querying the privilege corresponding to the password included in the login request by the function providing module 602 includes: obtaining a privilege parameter corresponding to the password included in the login request, and querying the privilege corresponding to the privilege parameter.
本实施例中,对应关系存储模块506存储副密码与修改后的权限的对应关系的过程包括:获取副密码对应的权限参数,存储获取的权限参数与修改后的权限的对应关系。对应关系存储模块506可在权限参数与权限的对应关系表中查询获取的权限参数对应的原权限,将原权限修改为请求中包含的修改后的权限;或者,删除获取的权限参数对应的记录,并添加包含获取的权限参数与该修改后的权限的记录。In this embodiment, the process of the corresponding relationship storage module 506 storing the correspondence between the secondary password and the modified authority includes: obtaining the permission parameter corresponding to the secondary password, and storing the correspondence between the obtained permission parameter and the modified authority. The correspondence relationship storage module 506 can query the original authority corresponding to the obtained permission parameter in the correspondence table between the permission parameter and the authority, and modify the original authority to the modified authority included in the request; or delete the record corresponding to the obtained permission parameter. And add a record that contains the obtained permission parameters with the modified permissions.
本实施例中,对应关系存储模块506将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系的过程包括:将当前登录账号、原副密码以及对应的权限参数之间的对应关系修改为当前登录账号、新副密码以及对应的权限参数之间的对应关系。In this embodiment, the process in which the correspondence relationship storage module 506 modifies the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding permission includes: The correspondence between the current login account, the original secondary password, and the corresponding permission parameters is changed to the correspondence between the current login account, the new secondary password, and the corresponding permission parameters.
由于密码涉及到用户信息安全,密码需要较高的存储安全级别,本实施例将密码与权限分别存储管理,副密码与权限之间通过中间的权限参数来对应,便于单独对密码实行安全级别高的存储管理,既可以保证用户密码的安全,又可降低存储管理成本。Because the password involves the security of the user information, the password needs a higher storage security level. In this embodiment, the password and the authority are separately stored and managed, and the secondary password and the authority are corresponding through the intermediate permission parameter, so that the password is safely implemented separately. Storage management can not only ensure the security of user passwords, but also reduce storage management costs.
上述密码分级管理方法和系统,接收当前登录账号的副密码设置请求后,验证当前登录账号登录时所使用的是否是主密码,验证通过后,即接收输入的副密码以及副密码对应的权限,存储当前登录账号副密码以及对应的权限之间的对应关系。上述方法和系统中,某一账号使用主密码身份登录时,可设置账号的副密码且设置副密码对应的权限,从而可防止该账号使用副密码登录时泄漏用户信息或篡改账号密码,因此,上述方法和系统在多用户共用相同账号时可提高信息安全。The password classification management method and system, after receiving the secondary password setting request of the current login account, verify whether the current login account is used as a master password, and after the verification is passed, the input secondary password and the password corresponding to the secondary password are received. Stores the correspondence between the current login account secondary password and the corresponding permissions. In the above method and system, when an account is logged in using the master password, the sub password of the account can be set and the permission corresponding to the sub password can be set, thereby preventing the account from leaking the user information or tampering with the account password when using the secondary password. The above method and system can improve information security when multiple users share the same account.
图8为能实现本申请实施例的一个计算机系统1000的模块图。该计算机系统1000只是一个适用于本申请的计算机环境的示例,不能认为是提出了对本申请的使用范围的任何限制。计算机系统1000也不能解释为需要依赖于或具有图示的示例性的计算机系统1000中的一个或多个部件的组合。FIG. 8 is a block diagram of a computer system 1000 in which embodiments of the present application can be implemented. The computer system 1000 is merely an example of a computer environment suitable for use in the present application and is not to be considered as limiting the scope of use of the application. Computer system 1000 is also not to be construed as requiring a combination of one or more components in an exemplary computer system 1000 that is dependent on or illustrated.
图8中示出的计算机系统1000是一个适合用于本申请的计算机系统的例子。具有不同子系统配置的其它架构也可以使用。例如有大众所熟知的台式机、笔记本等类似设备可以适用于本申请的一些实施例。但不限于以上所列举的设备。Computer system 1000 shown in Figure 8 is an example of a computer system suitable for use in the present application. Other architectures with different subsystem configurations can also be used. For example, desktops, notebooks, and the like that are well known to the public can be applied to some embodiments of the present application. However, it is not limited to the devices listed above.
如图8所示,计算机系统1000包括处理器1010、存储器1020和系统总线1022。包括存储器1020和处理器1010在内的各种系统组件连接到系统总线1022上。处理器1010是一个用来通过计算机系统中基本的算术和逻辑运算来执行计算机程序指令的硬件。存储器1020是一个用于临时或永久性存储计算程序或数据(例如,程序状态信息)的物理设备。系统总线1020可以为以下几种类型的总线结构中的任意一种,包括存储器总线或存储控制器、外设总线和局部总线。处理器1010和存储器1020可以通过系统总线1022进行数据通信。其中存储器1020包括只读存储器(ROM)或闪存(图中都未示出),以及随机存取存储器(RAM),RAM通常是指加载了操作系统和应用程序的主存储器。As shown in FIG. 8, computer system 1000 includes a processor 1010, a memory 1020, and a system bus 1022. Various system components, including memory 1020 and processor 1010, are coupled to system bus 1022. Processor 1010 is a hardware for executing computer program instructions through basic arithmetic and logic operations in a computer system. Memory 1020 is a physical device for temporarily or permanently storing computing programs or data (eg, program state information). System bus 1020 can be any of the following types of bus structures, including a memory bus or memory controller, a peripheral bus, and a local bus. The processor 1010 and the memory 1020 can communicate via the system bus 1022. The memory 1020 includes a read only memory (ROM) or a flash memory (neither shown), and a random access memory (RAM), which generally refers to a main memory loaded with an operating system and an application.
计算机系统1000还包括显示接口1030(例如,图形处理单元)、显示设备1040(例如,液晶显示器)、音频接口1050(例如,声卡)以及音频设备1060(例如,扬声器)。显示设备1040和音频设备1060是用于体验多媒体内容的媒体设备。Computer system 1000 also includes a display interface 1030 (eg, a graphics processing unit), a display device 1040 (eg, a liquid crystal display), an audio interface 1050 (eg, a sound card), and an audio device 1060 (eg, a speaker). Display device 1040 and audio device 1060 are media devices for experiencing multimedia content.
计算机系统1000一般包括一个存储设备1070。存储设备1070可以从多种计算机可读存储介质中选择,计算机可读存储介质是指可以通过计算机系统1000访问的任何可利用的介质,包括移动的和固定的两种介质。例如,计算机可读存储介质包括但不限于,闪速存储器(微型SD卡),CD-ROM,数字通用光盘(DVD)或其它光盘存储、磁带盒、磁带、磁盘存储或其它磁存储设备,或者可用于存储所需信息并可由计算机系统1000访问的任何其它介质。Computer system 1000 generally includes a storage device 1070. Storage device 1070 can be selected from a variety of computer readable storage media, which are any available media that can be accessed by computer system 1000, including both mobile and fixed media. For example, a computer readable storage medium includes, but is not limited to, a flash memory (micro SD card), a CD-ROM, a digital versatile disc (DVD) or other optical disc storage, a magnetic tape cartridge, a magnetic tape, a magnetic disk storage, or other magnetic storage device, or Any other medium that can be used to store the required information and be accessible by computer system 1000.
计算机系统1000还包括输入装置1080和输入接口1090(例如,IO控制器)。用户可以通过输入装置1080,如键盘、鼠标、显示装置1040上的触摸面板设备,输入指令和信息到计算机系统1000中。输入装置1080通常是通过输入接口1090连接到系统总线1022上的,但也可以通过其它接口或总线结构相连接,如通用串行总线(USB)。Computer system 1000 also includes an input device 1080 and an input interface 1090 (eg, an IO controller). The user can enter commands and information into computer system 1000 via input device 1080, such as a keyboard, mouse, touch panel device on display device 1040. Input device 1080 is typically coupled to system bus 1022 via input interface 1090, but may be coupled via other interfaces or bus structures, such as a universal serial bus (USB).
计算机系统1000可在网络环境中与一个或者多个网络设备进行逻辑连接。网络设备可以是个人电脑、服务器、路由器、智能电话、平板电脑或者其它公共网络节点。计算机系统1000通过局域网(LAN)接口1100或者移动通信单元1110与网络设备相连接。局域网(LAN)是指在有限区域内,例如家庭、学校、计算机实验室、或者使用网络媒体的办公楼,互联组成的计算机网络。WiFi和双绞线布线以太网是最常用的构建局域网的两种技术。WiFi是一种能使计算机系统1000间交换数据或通过无线电波连接到无线网络的技术。移动通信单元1110能在一个广阔的地理区域内移动的同时通过无线电通信线路接听和拨打电话。除了通话以外,移动通信单元1110也支持在提供移动数据服务的2G,3G或4G蜂窝通信系统中进行互联网访问。Computer system 1000 can be logically coupled to one or more network devices in a network environment. The network device can be a personal computer, server, router, smart phone, tablet or other public network node. The computer system 1000 is connected to the network device via a local area network (LAN) interface 1100 or a mobile communication unit 1110. A local area network (LAN) is a network of computers that are interconnected in a limited area, such as a home, school, computer lab, or office building that uses network media. WiFi and twisted pair cabling Ethernet are the two most commonly used technologies for building LANs. WiFi is a technology that enables computer systems 1000 to exchange data or connect to a wireless network via radio waves. The mobile communication unit 1110 can answer and make calls over a radio communication line while moving within a wide geographical area. In addition to the call, the mobile communication unit 1110 also supports Internet access in a 2G, 3G or 4G cellular communication system providing mobile data services.
应当指出的是,其它包括比计算机系统1000更多或更少的子系统的计算机系统也能适用于发明。例如,计算机系统1000可以包括能在短距离内交换数据的蓝牙单元,用于照相的图像传感器,以及用于测量加速度的加速计。It should be noted that other computer systems including more or less subsystems than computer system 1000 are also suitable for use in the invention. For example, computer system 1000 can include a Bluetooth unit that can exchange data over short distances, an image sensor for photography, and an accelerometer for measuring acceleration.
如上面详细描述的,适用于本申请的计算机系统1000能执行密码分级管理方法指定的操作。计算机系统1000通过处理器1010运行在计算机可读存储介质中的软件指令的形式来执行这些操作。这些软件指令可以从存储设备1070或者通过局域网接口1100从另一设备读入到存储器1020中。存储在存储器1020中的软件指令使得处理器1010执行上述的密码分级管理方法。此外,通过硬件电路或者硬件电路结合软件指令也能同样实现本申请。因此,实现本申请并不限于任何特定硬件电路和软件的组合。As described in detail above, computer system 1000 suitable for use in the present application is capable of performing the operations specified by the password hierarchy management method. Computer system 1000 performs these operations in the form of software instructions that processor 1010 runs in a computer readable storage medium. These software instructions can be read into memory 1020 from storage device 1070 or from another device via local area network interface 1100. The software instructions stored in the memory 1020 cause the processor 1010 to perform the password hierarchy management method described above. Furthermore, the present application can also be implemented by a hardware circuit or a hardware circuit in combination with a software instruction. Thus, implementation of the application is not limited to any specific combination of hardware circuitry and software.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本申请专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments are merely illustrative of several embodiments of the present application, and the description thereof is more specific and detailed, but is not to be construed as limiting the scope of the claims. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the present application. Therefore, the scope of the invention should be determined by the appended claims.

Claims (17)

  1. 一种密码分级管理方法,用于主密码和副密码的分级管理,所述主密码和所述副密码为分级管理的两种密码类型,一个主密码对应一个或多个副密码,所述方法包括:A password hierarchical management method is used for hierarchical management of a primary password and a secondary password, wherein the primary password and the secondary password are two password types managed hierarchically, and one master password corresponds to one or more secondary passwords, and the method include:
    由服务器执行:Executed by the server:
    接收当前登录账号的副密码设置请求;Receiving a secondary password setting request of the current login account;
    验证当前登录账号登录时所使用的是否是主密码;Verify whether the current login account is used to log in to the master password;
    当当前登录账号登录时所使用的是主密码,接收输入的副密码以及副密码对应的权限;When the current login account is logged in, the master password is used, and the input secondary password and the password corresponding to the secondary password are received;
    存储所述当前登录账号、所述副密码以及所述权限之间的对应关系。And storing a correspondence between the current login account, the secondary password, and the permission.
  2. 根据权利要求1所述的密码分级管理方法,其特征在于,所述方法还包括:The password grading management method according to claim 1, wherein the method further comprises:
    接收登录请求,所述登录请求包括账号和密码;Receiving a login request, the login request including an account number and a password;
    验证所述密码的合法性和类型;Verify the legality and type of the password;
    若所述密码合法,则根据所述密码的类型获取对应的权限,根据所述对应的权限提供相应的功能。If the password is legal, the corresponding permission is obtained according to the type of the password, and the corresponding function is provided according to the corresponding permission.
  3. 根据权利要求2所述的密码分级管理方法,其特征在于,所述根据所述密码的类型获取对应的权限的步骤包括:The password grading management method according to claim 2, wherein the step of obtaining the corresponding privilege according to the type of the password comprises:
    若所述密码为副密码,则查询所述密码对应的权限。If the password is a secondary password, query the permission corresponding to the password.
  4. 根据权利要求3所述的密码分级管理方法,其特征在于,在接收输入的副密码以及副密码对应的权限的步骤之后,所述方法还包括:The cryptographic hierarchical management method according to claim 3, wherein after the step of receiving the input secondary password and the authority corresponding to the secondary password, the method further comprises:
    生成所述副密码对应的权限参数;Generating a permission parameter corresponding to the secondary password;
    所述存储所述当前登录账号、所述副密码以及所述对应的权限之间的对应关系的步骤包括:存储所述当前登录账号、所述副密码和所述对应的权限参数的对应关系,并存储所述权限参数与所述对应的权限之间的对应关系;The step of storing the correspondence between the current login account, the secondary password, and the corresponding authority includes: storing a correspondence between the current login account, the secondary password, and the corresponding permission parameter, And storing a correspondence between the permission parameter and the corresponding authority;
    所述查询所述密码对应的权限的步骤包括:获取所述密码对应的权限参数,查询该权限参数对应的权限。The step of querying the rights corresponding to the password includes: obtaining a permission parameter corresponding to the password, and querying a permission corresponding to the permission parameter.
  5. 根据权利要求1所述的密码分级管理方法,其特征在于,所述方法还包括:The password grading management method according to claim 1, wherein the method further comprises:
    接收修改副密码对应的权限的请求;Receiving a request to modify the authority corresponding to the secondary password;
    验证当前登录账号登录时所使用的是否是主密码;Verify whether the current login account is used to log in to the master password;
    验证通过后,接收输入的修改后的权限,存储所述副密码与所述修改后的权限的对应关系。After the verification is passed, the input modified permission is received, and the correspondence between the secondary password and the modified authority is stored.
  6. 根据权利要求1所述的密码分级管理方法,其特征在于,所述方法还包括:The password grading management method according to claim 1, wherein the method further comprises:
    接收修改副密码的请求;Receiving a request to modify the secondary password;
    验证当前登录账号登录时所使用的密码的类型;Verify the type of password used to log in to the current login account;
    若所使用的密码的类型为主密码,则接收输入的待修改的原副密码以及对应的新副密码,将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系。If the type of the password used is the primary password, the original password to be modified and the corresponding new secondary password are received, and the correspondence between the current login account, the original secondary password, and the corresponding authority is changed to the current login account. Correspondence between the new secondary password and the corresponding permissions.
  7. 根据权利要求6所述的密码分级管理方法,其特征在于,在接收修改副密码的请求,验证当前登录账号登录时所使用的密码的类型之后,所述方法还包括:The password grading management method according to claim 6, wherein after receiving the request for modifying the secondary password and verifying the type of the password used when the current login account is logged in, the method further includes:
    若所使用的密码的类型为副密码,则接收输入的新副密码,保存登录时所使用的原副密码与新副密码的对应关系,等待当前登录账号重新以主密码登录;If the type of the password used is a secondary password, the input new secondary password is received, and the correspondence between the original secondary password and the new secondary password used in the login is saved, and the current login account is re-registered with the primary password;
    当当前登录账号重新以主密码登录时,向登录客户端发送修改副密码审批请求,该审批请求中包含所述原副密码和所述新副密码;When the current login account is re-registered with the master password, the modification sub-password approval request is sent to the login client, where the approval request includes the original secondary password and the new secondary password;
    接收登录客户端发送的审批结果;Receiving the approval result sent by the login client;
    根据审批结果修改所述原副密码或中止修改所述原副密码。Modifying the original secondary password according to the approval result or suspending the modification of the original secondary password.
  8. 根据权利要求1所述的密码分级管理方法,其特征在于,验证当前登录账号登录时所使用的是否是主密码的步骤包括:The password grading management method according to claim 1, wherein the step of verifying whether the current login account is used to log in is a master password comprises:
    提示输入主密码;Prompt for the master password;
    验证输入的密码是否为合法的主密码,若是,则判定验证通过。Verify that the entered password is a valid master password, and if so, the verification is passed.
  9. 一种密码分级管理系统,其特征在于,包括:A password hierarchical management system, comprising:
    包含由处理器执行的一个或多个包含计算机可执行指令的多个模块,所述模块包括:A plurality of modules comprising computer executable instructions executed by a processor, the modules comprising:
    接收模块,用于接收当前登录账号的副密码设置请求;a receiving module, configured to receive a secondary password setting request of the currently logged in account;
    身份验证模块,用于验证当前登录账号登录时所使用的是否是主密码;An authentication module, configured to verify whether the current login account is used to log in or not;
    所述接收模块还用于验证通过后,接收输入的副密码以及副密码对应的权限;The receiving module is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password;
    对应关系存储模块,用于存储所述当前登录账号、所述副密码以及所述对应的权限之间的对应关系;Corresponding relationship storage module, configured to store a correspondence between the current login account, the secondary password, and the corresponding authority;
    所述主密码和所述副密码为账号的两种密码类型,一个主密码对应一个或多个副密码。The master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
  10. 根据权利要求9所述的密码分级管理系统,其特征在于,所述接收模块还用于接收登录请求,所述登录请求包括账号和密码;The cryptographic hierarchical management system according to claim 9, wherein the receiving module is further configured to receive a login request, where the login request includes an account number and a password;
    所述身份验证模块还用于验证所述密码的合法性和类型;The identity verification module is further configured to verify the legality and type of the password;
    所述系统还包括功能提供模块,用于若所述密码合法,则根据所述密码的类型获取对应的权限,根据所述对应的权限提供相应的功能 。The system further includes a function providing module, configured to obtain a corresponding permission according to the type of the password, and provide a corresponding function according to the corresponding permission, if the password is legal .
  11. 根据权利要求10所述的密码分级管理系统,其特征在于,所述功能提供模块根据所述密码的类型获取对应的权限的过程包括:若所述密码为副密码,则查询所述密码对应的权限。The password grading management system according to claim 10, wherein the process of obtaining, by the function providing module, the corresponding privilege according to the type of the password comprises: if the password is a secondary password, querying the corresponding password Permissions.
  12. 根据权利要求11所述的密码分级管理系统,其特征在于,所述系统还包括权限参数生成模块,用于在接收输入的副密码以及副密码对应的权限之后,生成所述副密码对应的权限参数;The password grading management system according to claim 11, wherein the system further comprises a privilege parameter generating module, configured to generate a privilege corresponding to the sub cipher after receiving the input sub cipher and the cipher corresponding to the sub cipher parameter;
    所述对应关系存储模块用于存储所述当前登录账号、所述副密码和所述对应的权限参数的对应关系,并存储所述权限参数与所述对应的权限之间的对应关系;The corresponding relationship storage module is configured to store a correspondence between the current login account, the secondary password, and the corresponding permission parameter, and store a correspondence between the permission parameter and the corresponding permission;
    所述功能提供模块查询所述密码对应的权限的过程包括:获取所述密码对应的权限参数,查询该权限参数对应的权限。The process of the function providing module querying the permission corresponding to the password includes: obtaining a permission parameter corresponding to the password, and querying a permission corresponding to the permission parameter.
  13. 根据权利要求9所述的密码分级管理系统,其特征在于,所述接收模块还用于接收修改副密码对应的权限的请求;The cryptographic hierarchical management system according to claim 9, wherein the receiving module is further configured to receive a request for modifying a right corresponding to the secondary password;
    所述身份验证模块还用于在接收修改副密码对应的权限的请求之后,验证当前登录账号登录时所使用的是否是主密码;The identity verification module is further configured to verify, after receiving the request for modifying the permission corresponding to the secondary password, whether the current login account is used to log in or not;
    所述接收模块还用于验证通过后,接收输入的修改后的权限;The receiving module is further configured to: after the verification is passed, receive the modified permission of the input;
    所述对应关系存储模块还用于存储所述副密码与所述修改后的权限的对应关系。The corresponding relationship storage module is further configured to store a correspondence between the secondary password and the modified authority.
  14. 根据权利要求9所述的密码分级管理系统,其特征在于,所述接收模块还用于接收修改副密码的请求;The cryptographic hierarchical management system according to claim 9, wherein the receiving module is further configured to receive a request for modifying a secondary password;
    所述身份验证模块还用于在接收修改副密码的请求之后,验证当前登录账号登录时所使用的密码的类型;The identity verification module is further configured to verify, after receiving the request for modifying the secondary password, the type of the password used when the current login account is logged in;
    所述接收模块还用于若所使用的密码的类型为主密码,则接收输入的待修改的原副密码以及对应的新副密码;The receiving module is further configured to: if the type of the used password is a primary password, receive the input original secondary password to be modified and the corresponding new secondary password;
    所述对应关系存储模块还用于将当前登录账号、原副密码以及对应的权限之间的对应关系修改为当前登录账号、新副密码以及对应的权限之间的对应关系。The corresponding relationship storage module is further configured to modify the correspondence between the current login account, the original secondary password, and the corresponding authority as a correspondence between the current login account, the new secondary password, and the corresponding authority.
  15. 根据权利要求14所述的密码分级管理系统,其特征在于,所述接收模块还用于若所使用的密码的类型为副密码,则接收输入的新副密码;The cryptographic hierarchical management system according to claim 14, wherein the receiving module is further configured to: if the type of the used password is a secondary password, receive the input new secondary password;
    所述对应关系存储模块还用于保存登录时所使用的原副密码与新副密码的对应关系;The corresponding relationship storage module is further configured to save a correspondence between the original secondary password and the new secondary password used in the login;
    所述系统还包括监测模块和发送模块,所述监测模块用于等待当前登录账号重新以主密码登录;The system further includes a monitoring module and a sending module, wherein the monitoring module is configured to wait for the current login account to log in again with the master password;
    所述发送模块用于当当前登录账号重新以主密码登录时,向登录客户端发送修改副密码审批请求,该审批请求中包含所述原副密码和所述新副密码;The sending module is configured to send a modified secondary password approval request to the login client when the current login account is re-registered with the master password, where the approval request includes the original secondary password and the new secondary password;
    所述接收模块还用于接收登录客户端发送的审批结果;The receiving module is further configured to receive an approval result sent by the login client;
    所述对应关系模块还用于根据审批结果修改所述原副密码或中止修改所述原副密码。The corresponding relationship module is further configured to modify the original secondary password according to the approval result or suspend the modification of the original secondary password.
  16. 根据权利要求9所述的密码分级管理系统,其特征在于,所述身份验证模块用于提示输入主密码,验证输入的密码是否为合法的主密码,若是,则判定验证通过。The password grading management system according to claim 9, wherein the identity verification module is configured to prompt for a master password, and verify whether the input password is a legal master password, and if yes, determine that the verification is passed.
  17. 一个或多个包含计算机可执行指令的计算机可读存储介质,所述计算机可执行指令用于执行权利要求1至8任一所述的密码分级管理方法。One or more computer readable storage media containing computer executable instructions for performing the cryptographic hierarchical management method of any of claims 1-8.
PCT/CN2014/095930 2013-12-31 2014-12-31 Password classification management method and system WO2015101332A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310754703.9 2013-12-31
CN201310754703.9A CN104753677B (en) 2013-12-31 2013-12-31 Password hierarchical control method and system

Publications (1)

Publication Number Publication Date
WO2015101332A1 true WO2015101332A1 (en) 2015-07-09

Family

ID=53493271

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/095930 WO2015101332A1 (en) 2013-12-31 2014-12-31 Password classification management method and system

Country Status (2)

Country Link
CN (1) CN104753677B (en)
WO (1) WO2015101332A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222483A (en) * 2019-04-18 2019-09-10 深圳壹账通智能科技有限公司 Data processing method, data processing equipment, terminal and storage medium
CN112651002A (en) * 2020-12-31 2021-04-13 大为国际工程咨询有限公司 Intelligent pricing method and system for project cost list and storage medium
CN113225306A (en) * 2021-02-22 2021-08-06 北京神州慧安科技有限公司 Safety protection system for industrial Internet of things data acquisition layer terminal equipment
CN114172716A (en) * 2021-12-02 2022-03-11 北京金山云网络技术有限公司 Login method, login device, electronic equipment and storage medium

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105373745A (en) * 2015-11-12 2016-03-02 深圳市华德安科技有限公司 Data access control method and device for site enforcement recorder and site enforcement recorder
CN109361936A (en) * 2018-09-07 2019-02-19 深圳技威时代科技有限公司 The system and method that safety shares smart machine
CN110474910A (en) * 2019-08-19 2019-11-19 甘肃万华金慧科技股份有限公司 A kind of right management method
CN110519056B (en) * 2019-10-11 2023-02-07 广东虹勤通讯技术有限公司 Login method, password generation method and related devices thereof
CN111159771A (en) * 2019-12-30 2020-05-15 论客科技(广州)有限公司 Application program display method, server and terminal
CN112039851B (en) * 2020-08-07 2021-09-21 郑州阿帕斯数云信息科技有限公司 Server login method, system and device
CN114499992A (en) * 2021-12-30 2022-05-13 上海芯希信息技术有限公司 Login method, system, user equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1881228A (en) * 2005-06-14 2006-12-20 华为技术有限公司 Method for controlling system account right
CN101183468A (en) * 2006-11-13 2008-05-21 杨文烈 Terminal login system and method
CN102271332A (en) * 2011-07-18 2011-12-07 中兴通讯股份有限公司 Method and device for maintaining secrecy of terminal information

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103400067B (en) * 2013-03-29 2016-08-10 青岛海信电器股份有限公司 Right management method, system and server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1881228A (en) * 2005-06-14 2006-12-20 华为技术有限公司 Method for controlling system account right
CN101183468A (en) * 2006-11-13 2008-05-21 杨文烈 Terminal login system and method
CN102271332A (en) * 2011-07-18 2011-12-07 中兴通讯股份有限公司 Method and device for maintaining secrecy of terminal information

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222483A (en) * 2019-04-18 2019-09-10 深圳壹账通智能科技有限公司 Data processing method, data processing equipment, terminal and storage medium
CN112651002A (en) * 2020-12-31 2021-04-13 大为国际工程咨询有限公司 Intelligent pricing method and system for project cost list and storage medium
CN112651002B (en) * 2020-12-31 2023-04-18 大为国际工程咨询有限公司 Intelligent pricing method and system for project cost list and storage medium
CN113225306A (en) * 2021-02-22 2021-08-06 北京神州慧安科技有限公司 Safety protection system for industrial Internet of things data acquisition layer terminal equipment
CN114172716A (en) * 2021-12-02 2022-03-11 北京金山云网络技术有限公司 Login method, login device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN104753677B (en) 2019-02-01
CN104753677A (en) 2015-07-01

Similar Documents

Publication Publication Date Title
WO2015101332A1 (en) Password classification management method and system
WO2019127973A1 (en) Authority authentication method, system and device for mirror repository, and storage medium
CN108293045B (en) Single sign-on identity management between local and remote systems
CN107342992B (en) System authority management method and device and computer readable storage medium
CN110414268B (en) Access control method, device, equipment and storage medium
CN100568212C (en) Shielding system and partition method
CN111475841B (en) Access control method, related device, equipment, system and storage medium
WO2016169410A1 (en) Login method and device, server and login system
WO2013191325A1 (en) Method for authenticating trusted platform-based open id, and apparatus and system therefor
JP2006500657A (en) Server, computer memory, and method for supporting security policy maintenance and distribution
WO2017190561A1 (en) Method for realizing password inputting by means of virtual keyboard, terminal, server, system and storage medium
WO2021006616A1 (en) Method for providing relational decentralized identifier service and blockchain node using the same
WO2014185594A1 (en) Single sign-on system and method in vdi environment
WO2020246705A1 (en) Document information management apparatus enabling management of document information on basis of blockchain, and operation method thereof
WO2012099330A2 (en) System and method for issuing an authentication key for authenticating a user in a cpns environment
WO2014003516A1 (en) Method and apparatus for providing data sharing
WO2020246706A1 (en) Blockchain-based document information management device for assuring document reliability and method of operating same
WO2020253120A1 (en) Webpage registration method, system and device, and computer storage medium
WO2020062644A1 (en) Json hijack bug detection method, apparatus and device, and storage medium
WO2020042471A1 (en) Firewall policy verification method, system and device, and readable storage medium
WO2020190099A1 (en) Electronic device for managing personal information and operating method thereof
WO2015161644A1 (en) Resource address generation method, device, and system
US8132261B1 (en) Distributed dynamic security capabilities with access controls
WO2015099287A1 (en) Method for authenticating user by using one-time password, and device therefor
WO2020149555A1 (en) Electronic device for selecting key to be used for encryption on basis of amount of information of data to be encrypted, and operation method of electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14876573

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14876573

Country of ref document: EP

Kind code of ref document: A1