WO2016026382A1 - Password setting method, apparatus and system - Google Patents

Password setting method, apparatus and system Download PDF

Info

Publication number
WO2016026382A1
WO2016026382A1 PCT/CN2015/085914 CN2015085914W WO2016026382A1 WO 2016026382 A1 WO2016026382 A1 WO 2016026382A1 CN 2015085914 W CN2015085914 W CN 2015085914W WO 2016026382 A1 WO2016026382 A1 WO 2016026382A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
character string
server
ciphertext
verification
Prior art date
Application number
PCT/CN2015/085914
Other languages
French (fr)
Chinese (zh)
Inventor
温涛
Original Assignee
阿里巴巴集团控股有限公司
温涛
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 温涛 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2016026382A1 publication Critical patent/WO2016026382A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present application relates to the technical field of information security, and in particular, to a method for setting a password, a device for setting a password, and a system for setting a password.
  • the user usually registers the account on the platform and sets the corresponding password to ensure the security of the account.
  • the user can log in to the website or application of the platform by using the account and password, and enjoy the services provided by the platform. For example, a user can use an account number and password to log in to a platform that provides instant messaging tools for instant messaging with friends.
  • the technical problem to be solved by the embodiments of the present application is to provide a method for setting a password to improve the strength of the password and improve the security of the user's personal information.
  • the embodiment of the present application further provides a password setting device and a password setting system to ensure implementation and application of the foregoing method.
  • the embodiment of the present application discloses a method for setting a password, including:
  • the setting request includes a first user identifier and a first character string
  • the verification result is that the first character string and the first user identifier are verified in the first Whether the corresponding first password in the second server is the same;
  • the first character string is set as the second password of the first user identifier in the first server.
  • the step of generating a verification request according to the first user identifier and the first character string comprises:
  • the step of performing the first encryption process on the first user identifier and the first character string to obtain the first ciphertext comprises:
  • the step of performing a second encryption process on the first ciphertext to obtain a digital signature includes:
  • the first ciphertext is encrypted with a specified private key to obtain a digital signature.
  • the step of sending the verification request to one or more second servers comprises:
  • the verification request is sent to one or more second servers by a specified encrypted transmission.
  • the one or more second servers obtain the verification result by:
  • the validity check includes a time check and signature At least one of the checks
  • the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
  • the information that the first character string is different from the first password is set as a verification result.
  • the verification request includes a first timestamp; the second server has a second timestamp; and the step of verifying validity of the verification request includes:
  • the step of verifying validity of the verification request comprises:
  • the step of performing the third encryption process on the first ciphertext to obtain the second character string comprises:
  • the first ciphertext is encrypted by using a specified public key to obtain a second character string.
  • the step of verifying whether the first character string is the same as the first password corresponding to the first user identifier in the second server comprises:
  • the step of performing the second decryption process on the first ciphertext to obtain the first user identifier and the first character string comprises:
  • the step of verifying whether the first string is the same as the first password comprises:
  • the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key
  • the first character string meets at least one of the first condition and the second condition
  • the first condition is that the first character string satisfies a preset strength condition
  • the second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  • the method further includes:
  • the prompt information for resetting the password is generated.
  • the method further includes:
  • the fourth ciphertext is stored in a database.
  • the embodiment of the present application further discloses a method for setting a password, including:
  • the verification request is, when the first server receives the setting request of the password, according to the first user identifier and the first in the setting request a verification request generated by a string;
  • the verification result is a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same ;
  • the first server is configured to: when the verification result is that the first character string is different from the first password, the first string is And setting a second password that is the first user identifier in the first server.
  • the embodiment of the present application further discloses a password setting apparatus, including:
  • a request receiving module configured to receive a setting request of a password in the first server;
  • the setting request includes a first user identifier and a first character string;
  • a verification request generating module configured to generate a verification request according to the first user identifier and the first character string
  • a verification request sending module configured to send the verification request to one or more second servers
  • a verification result receiving module configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request; the verification result is to verify the first character string and the Determining, by the first user, a result obtained by whether the corresponding first password in the second server is the same;
  • a password setting module configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier on the first server The second password in .
  • the setting request receiving module includes:
  • a first ciphertext obtaining submodule configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext
  • a digital signature obtaining submodule configured to perform a second encryption process on the first ciphertext to obtain a digital signature
  • a packaging submodule configured to encapsulate the first ciphertext and the digital signature into a verification request.
  • the first ciphertext obtaining submodule comprises:
  • a symmetric ciphering module configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
  • the digital signature obtaining submodule comprises:
  • a first asymmetric cipher submodule configured to add the first ciphertext by using a specified private key Secret, get a digital signature.
  • the verification request sending module includes:
  • An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
  • the first character string meets at least one of the first condition and the second condition
  • the first condition is that the first character string satisfies a preset strength condition
  • the second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  • the device further includes:
  • the prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
  • the device further includes:
  • a fourth ciphertext obtaining module configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext
  • a storage module configured to store the fourth ciphertext in a database.
  • the embodiment of the present application further discloses a password setting apparatus, including:
  • a verification request receiving module configured to receive, in the second server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the setting request a first user identifier and a verification request generated by the first string;
  • a verification result obtaining module configured to obtain a verification result according to the verification request;
  • the verification result is a verification that the first character string and the first user identifier correspond to the second server The result of whether a password is the same;
  • a verification result returning module configured to return the verification result to the first server; and when the first server is configured to use the verification result that the first character string is different from the first password, Setting the first character string as the second password of the first user identifier in the first server.
  • the embodiment of the present application further discloses a password setting system, including:
  • the system includes a first server and one or more second servers;
  • the first server includes:
  • a request receiving module configured to receive a setting request of a password in the first server;
  • the setting request includes a first user identifier and a first character string;
  • a verification request generating module configured to generate a verification request according to the first user identifier and the first character string
  • a verification request sending module configured to send the verification request to one or more second servers
  • a verification result receiving module configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request
  • a password setting module configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier on the first server The second password in ;
  • the one or more second servers include:
  • a verification request receiving module configured to receive, in the second server, a verification request sent by the first server
  • a verification result obtaining module configured to obtain a verification result according to the verification request;
  • the verification result is a verification that the first character string and the first user identifier correspond to the second server The result of whether a password is the same;
  • the verification result returns a module for returning the verification result to the first server.
  • the embodiments of the present application include the following advantages:
  • the first server requests the one or more second servers to perform verification of the same password according to the first user identifier and the first password generation verification request in the password setting request, when the first server When receiving the verification result that the first character string is different from the first password corresponding to the first user identifier in the second server, setting the first character string as the second password of the first user identifier in the first server, In addition, it ensures that the same user does not set the same password in different servers, which increases the strength of the password and greatly reduces the user's account and password in a certain server. The impact of the time on the account and password in the current server, thereby improving the security of the user's personal information.
  • the second server does not need to know the second feature key of the first server, and the first server does not need the first feature key of the second server, the first server And the second server still maintains its own feature key, which ensures the privacy of the feature key.
  • the first server encrypts the first user identifier and the first character string by using a key to generate a first ciphertext, and after the first ciphertext is encapsulated into the verification request, sends the verification request to the second server by using an encrypted transmission manner. , ensuring the security of the first user identifier and the first character string during transmission.
  • the first server may perform a first encryption process on the first user identifier and the first character string to generate a corresponding first ciphertext, and improve user information (ie, the first user identifier and the first character string). Security.
  • the verification request may be sent by using an encrypted transmission manner, and the security of the user information is improved in one step.
  • the embodiment of the present application performs validity check on the verification request sent by the first server to ensure the security of the verification request, and at the same time, when determining that the verification request is invalid, the subsequent verification operation is not required, thereby reducing the system. s expenses.
  • Embodiment 1 is a flow chart showing the steps of Embodiment 1 of a method for setting a password of the present application
  • Embodiment 2 is a flow chart showing the steps of Embodiment 2 of a method for setting a password according to the present application;
  • Embodiment 3 is a structural block diagram of Embodiment 1 of a password setting apparatus of the present application.
  • Embodiment 4 is a structural block diagram of Embodiment 2 of a password setting apparatus of the present application.
  • FIG. 5 is a structural block diagram of an embodiment of a password setting system of the present application.
  • the user is on the platform through the client (for example, a browser).
  • the platform usually checks the password strength of the string set by the user as a password.
  • the string passes the strength check, the string can be set as the password, and the platform uses its own unique key pair to the user.
  • the set password is encrypted and stored in the database in cipher text to ensure the security of the password.
  • the traditional password setting method can only be applied on a single platform, and it is not able to detect whether the user uses the same account and password on different platforms, and cannot avoid the user using the same account and password on different platforms.
  • the problem, therefore, the above-mentioned platform-based password setting method has great hidden dangers and low security.
  • one of the core concepts of the embodiments of the present application is proposed to verify the password of the user in different servers to prevent the same user from setting the same password between different servers.
  • Embodiment 1 of a password setting method of the present application may specifically include the following steps:
  • Step 101 Receive a setting request of a password in the first server.
  • the server can control the computer that accesses the network or network resources (for example, a disk drive, a printer, etc.), and can provide resources for the computer on the network to operate like a workstation, and can usually be divided into Types such as file server, database server, and application server.
  • network resources for example, a disk drive, a printer, etc.
  • Types such as file server, database server, and application server.
  • the password setting request may refer to a string sent by the user.
  • An indication of a password The user can trigger a password setting request on the client by setting or modifying at least one of the account password and the independent password, or other means.
  • the account password can be the password of the login user account, which can be set when registering a new user account, or can be modified after setting; the independent password can be used to protect the password of certain business objects after logging in the user account, for example, an independent password.
  • the password can be viewed in the instant messaging tool, the password of the login email, or the password that can be confirmed for payment, or the password can be protected for the processing of the virtual item (such as transaction, destruction, etc.), etc. This example does not limit this.
  • the client sends a password setting request to the first server, and the setting request may include the first user identifier and the first character string.
  • the first user identifier may be information that can represent a user uniquely identified in the first server, and may include at least one of a user account and information bound to the user account; and the information bound to the user account may be Including at least one of the following:
  • the first string can be a string that is set to be a password, and can be any string of any kind.
  • triggering manner and content of the above-mentioned password setting request are only examples.
  • other triggering manners and contents may be set according to actual conditions, which is not limited by the embodiment of the present application.
  • other triggering methods and contents may be used by those skilled in the art according to actual needs, and the embodiment of the present application does not limit this.
  • Step 102 Generate a verification request according to the first user identifier and the first character string.
  • the verification request may refer to an indication sent by the first server whether there is a password equal to the first character string.
  • step 102 can include the following sub-steps:
  • Sub-step S11 performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext
  • the first user identifier and the first string received by the first server are plaintext.
  • the first server may perform a first encryption process on the first user identifier and the first character string to generate a corresponding first ciphertext, and improve user information (ie, the first user identifier and the first String) security.
  • the sub-step S11 may include the following sub-steps:
  • Sub-step S111 encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
  • the first encryption process can be performed in a symmetric encryption manner.
  • symmetric encryption can be an encryption method using a single-key cryptosystem, and the same key can be used as both information encryption and decryption.
  • the first server and the second server may pre-approve a key (ie, a target key) for encrypting and decrypting the first user identifier and the first character string, and each second server may have a corresponding target. Key.
  • the first server and the second server may also stipulate encryption and decryption algorithms, and specify how to perform encryption and decryption, such as DES (Data Encryption Standard) algorithm, IDEA (International Data Encryption Algorithm) algorithm, The AES (Advanced Encryption Standard) algorithm, and the like, the symmetry of the embodiment of the present application is not limited.
  • DES Data Encryption Standard
  • IDEA International Data Encryption Algorithm
  • AES Advanced Encryption Standard
  • the embodiment of the present application may also perform the first encryption process by using other methods, such as asymmetric encryption, which is not limited in this embodiment of the present application.
  • Sub-step S12 performing a second encryption process on the first ciphertext to obtain a digital signature
  • the second encryption process can be performed in an asymmetric encryption manner.
  • asymmetric encryption can use encryption methods for cryptosystems with two different keys for encryption and decryption.
  • the recipient eg, the second server
  • the recipient can verify that the data or file (eg, the first ciphertext) is complete and accurate by verifying the digital signature, determining the data or
  • the file eg, the first ciphertext
  • the generating digital signing party eg, the first server
  • the data or file eg, the first ciphertext
  • a set of digital signatures can usually include two complementary algorithms, one of which can be used for In digital signatures, another algorithm can be used to verify digital signatures.
  • the sub-step S12 may include the following sub-steps:
  • Sub-step S121 encrypting the first ciphertext by using a specified private key to obtain a digital signature.
  • Asymmetric encryption uses not the same key for encryption and decryption. It usually requires two keys: a public key and a private key.
  • the public key and the private key are a pair, the private key can be saved by the encrypting party (for example, the first server), and the public key can be disclosed to the decrypting party (for example, the second server).
  • the second server can decrypt with the corresponding public key.
  • the decrypting party for example, the first server
  • the decrypting party for example, the second server
  • the decrypting party decrypts the data with the public key, since the private key is the encryption party (for example, the first server) all, if the decrypting party (for example, the second server) can decrypt normally, it can indicate that the data comes from the encrypting party (for example, the first server), ensuring that the data is not faked and not modified during the transmission. .
  • the first server and the second server may agree in advance to generate a digitally signed private key and a public key to decrypt the digital signature.
  • the first server and the second server can also agree on encryption and decryption algorithms, specifying how to encrypt and decrypt, for example, RSA algorithm (an asymmetric encryption algorithm, RSA is Ronald Ron Rivest, Adi Sa, respectively) Moore Adi Shamir, Leonard Adleman's initial letter), ElGamal algorithm (an encryption algorithm), knapsack algorithm, Rabin algorithm (special case of RSA algorithm), Diffie-Hellman key exchange
  • RSA algorithm an asymmetric encryption algorithm
  • ElGamal algorithm an encryption algorithm
  • knapsack algorithm knapsack algorithm
  • Rabin algorithm special case of RSA algorithm
  • ECC Elliptic Curve Cryptography
  • Sub-step S13 the first ciphertext and the digital signature are encapsulated into a verification request.
  • the first server and the second server agree on the protocol to be transmitted in advance, and the first server may encapsulate the first ciphertext and the digital signature into the verification request according to the transmitted protocol, and send the result to the second server.
  • the first encryption process and the second encryption process may not be performed, that is, the first user identifier and the first character string may be directly encapsulated without generating the first ciphertext and the digital signature.
  • the verification request needs to be private, for example, the second server only receives the verification request of the first server in the whitelist, which is not limited by the embodiment of the present application.
  • Step 103 Send the verification request to one or more second servers;
  • first server and the second server may belong to different platforms, respectively, but may face the same user, and the user may register the account in the first server and the second server.
  • the second server may open a specified API (Application Programming Interface) interface, and the first server may invoke the specified API interface, and according to the parameter specification of the specified API interface, the URL corresponding to the API (Uniform)
  • the Resource Locator sends a verification request to the second server, requesting the second server to verify whether the user has the same password as the first character string that needs to be set as the password.
  • step 103 may include the following sub-steps:
  • Sub-step S21 the verification request is sent to the second server by the specified encrypted transmission mode.
  • the verification request may be sent by using an encrypted transmission manner, and the security of the user information is improved in one step.
  • the first server may send a verification request by using a Hyper-Transfer Protocol over Secure Socket Layer (HTTPS), and may also send a verification request by using another encryption transmission manner, which is not limited in this embodiment of the present application.
  • HTTPS Hyper-Transfer Protocol over Secure Socket Layer
  • the verification request may not be sent by means of encrypted transmission, but the transmission method needs to be secure.
  • Step 104 Receive, by the one or more second servers, a verification result obtained according to the verification request.
  • the verification result may be a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same;
  • the second server may verify the first string and the first according to the verification request. Is the password the same?
  • the second server can obtain the verification result by:
  • Sub-step S31 performing a validity check on the verification request;
  • the validity check may include at least one of a time check and a signature check;
  • the first character string may be verified. If the second server determines that the verification request is invalid, the first character string may not be verified.
  • the embodiment of the present application performs validity check on the verification request sent by the first server to ensure the security of the verification request, and at the same time, when determining that the verification request is invalid, the subsequent verification operation is not required, thereby reducing the system. s expenses.
  • the verification request may include a first timestamp; the second server may have a second timestamp; and the sub-step S31 may include the following sub-steps:
  • Sub-step S311 calculating a difference between the first timestamp and the second timestamp
  • Sub-step S312 when the difference is within a preset time threshold, it is determined that the verification request passes the time check.
  • the second server may perform time verification on the verification request to ensure the consistency of the time between the first server and the second server.
  • a timestamp usually a sequence of characters, that uniquely represents a moment in time.
  • the first timestamp may represent the system time of the first server, and the second timestamp may represent the system time of the second server.
  • the first server may add the first timestamp to the URL and send it to the second server along with the verification request.
  • the first timestamp and the second timestamp may be used to verify the consistency of time between the first server and the second server, and the difference between the first timestamp and the second timestamp may allow the existence of a small error.
  • the first timestamp may be different from the second timestamp by a few minutes (ie, the time threshold), which is acceptable and may be considered to pass the time check.
  • the embodiment of the present application passes the first time stamp of the first server and the second time of the second server.
  • the consistency of the time stamp improves the security of the second server API and improves the security of the password verification.
  • sub-step S31 may comprise the following sub-steps:
  • Sub-step S313, performing a third encryption process on the first ciphertext to obtain a second character string
  • the second server may perform signature verification on the verification request to ensure the authenticity of the verification request.
  • the second server may perform the third encryption process by using asymmetric encryption corresponding to the sub-step S12.
  • the second server verifies that the first ciphertext is complete and accurate by verifying the digital signature, it may be determined that the first ciphertext is sent by the generated first server instead of being forged by a third party, and the first ciphertext has not been tampered with.
  • the sub-step S313 may include the following sub-steps:
  • Sub-step S3131 encrypting the first ciphertext by using the specified public key to obtain a second character string.
  • the second server may verify the digital signature using a public key agreed in advance.
  • the second server may encrypt the first ciphertext with the agreed public key to generate a second string.
  • the embodiment of the present application may perform time verification on the verification request without performing signature verification on the verification request.
  • the verification request passes the time verification, it is determined that the verification request is passed. Validity check.
  • the embodiment of the present application may perform signature verification on the verification request, but does not perform time verification on the verification request.
  • the verification request passes the signature verification, it determines that the verification request passes the validity check. .
  • the embodiment of the present application may perform time check and signature verification on the verification request.
  • the verification request passes the time check and the signature check, it is determined that the verification request passes the validity check.
  • the embodiment of the present application may perform time verification on the verification request and then perform signature verification on the verification request. If the time verification fails, and the verification request fails to pass the validity check, the verification is not required.
  • Request to perform signature verification you can also perform signature verification on the verification request before verifying the request. The time check is performed. If the verification request does not pass the signature check and it is determined that the verification request has not passed the validity check, the time verification of the verification request is not required.
  • Sub-step S32 when the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
  • the validity check of the verification request When the validity check of the verification request is passed, it may be indicated that the verification request is sent by the first server and has not been tampered with, and the second server may check whether the first character string is identical to the first password.
  • sub-step S32 may include the following sub-steps:
  • Sub-step S321 performing decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
  • the second server may perform a decryption process on the first ciphertext to obtain the first user identifier and the first character string in a plaintext form, corresponding to the sub-step S11.
  • the sub-step S321 may include the following sub-steps:
  • Sub-step S3211 decrypting the first ciphertext by using the target key to obtain the first user identifier and the first character string.
  • the second server may perform the second decryption process in a symmetric encryption manner.
  • the second server may decrypt using the previously agreed target key and the decrypted algorithm.
  • the embodiment of the present application may also perform decryption processing by using other methods, such as asymmetric encryption, which is not limited in this embodiment of the present application.
  • Sub-step S322 searching for a second user identifier associated with the first user identifier
  • the second user identifier may be information capable of representing a user uniquely determined in the second server, and may include at least one of a user account and information bound to the user account;
  • the information bound to the user account may include at least one of the following:
  • the first user identifier and the second user identifier when the first user identifier and the second user identifier are the same, similar, or mutually bound, the first user identifier and the second user identifier may be the same user.
  • the first user identifier and the second user identifier may be considered to be associated.
  • the first user identifier and the second user identifier may be considered as being associated.
  • the first user identifier and the second user identifier may be considered as being associated.
  • a user identifier, two user identifiers, or even more user identifiers may be used for association determination to improve the accuracy of the first user identifier and the second user identifier association judgment.
  • the second user identifier has an associated first password, and the first password may include at least one of an account password and an independent password.
  • the account password corresponding to the second user identifier may be extracted for verification.
  • the independent password corresponding to the second user identifier may be extracted for verification. No restrictions;
  • the independent password corresponding to the second user identifier may be extracted for verification.
  • the account password corresponding to the second user identifier may be extracted for verification. No restrictions.
  • Sub-step S323 verifying whether the first character string is the same as the first password.
  • the first password is saved in plain text, it can be directly verified whether the first string is the same as the first password.
  • the first password can be converted into a plaintext form. Check whether the first character string is the same as the first password in the plain text format.
  • the first character string may be converted into the cipher text form, and the first character string in the cipher text format is the same as the first password. This example does not limit this.
  • the sub-step S323 may include the following sub-steps:
  • Sub-step S3231 encrypting the first character string by using a first feature key to obtain a second ciphertext
  • Sub-step S3232 verifying whether the second ciphertext is the same as the third ciphertext; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
  • Sub-step S3233 when the second ciphertext is the same as the third ciphertext, determining that the first character string is the same as the first password;
  • Sub-step S3234 when the second ciphertext is different from the third ciphertext, determining that the first character string is different from the first password.
  • the second server may have a dedicated encryption key (ie, a first feature key) for encrypting the password in the second website, storing the password in the form of ciphertext to ensure the second server Password security.
  • a dedicated encryption key ie, a first feature key
  • the second server may use the first feature key to encrypt the first string in the same encryption manner as the third ciphertext, and verify the first string in the cipher text form and the first in the cipher text form. Is the password the same?
  • Sub-step S33 when the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
  • Sub-step S34 when the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
  • the generated verification result when the first character string is the same as the first password, the generated verification result may include the same information of the first character string and the first password; when the first character string is different from the first password, the generated The verification result may include information that the first character string is different from the first password.
  • the second server verifies whether the first character string is the same as the first password, obtains a verification result, and returns the verification result to the first server.
  • Step 105 When the verification result is that the first character string is different from the first password, Setting the first character string as the second password of the first user identifier in the first server.
  • the verification result is the information that the first character string is different from the first password
  • it may indicate that the first user identifier does not have the same password as the first character string in the second server, and the first server may use the first string.
  • the first server may use the first string. Set to the first password of the first user in the first server.
  • the first character string may meet at least one of the first condition and the second condition
  • the first condition may be that the first character string satisfies a preset strength condition
  • the first server may preset the strength condition of the password, enhance the security of the password, reduce the probability of “brute force cracking”, and allow the first string to be set when the first character string input by the user satisfies the strength condition. For the password.
  • the first server may set the length of the first string, for example, the length of the first string may be set to be 8 bits or more, if the number of bits of the first string does not meet the length requirement (such as the first The string is 7 digits.
  • the first server can prompt the user to input the first string that does not meet the strong requirements and needs to be re-entered.
  • the first server may also set the first character string input by the user to be combined by at least one of a number, a character, and an English letter (including capitalization), assuming that the first character string needs to be combined by a number and an English character, if the first The string consists of pure numbers or pure English letters.
  • the first server can prompt the user to enter the first string that does not meet the strength requirements and needs to be re-entered.
  • the second condition may be that the first character string is different from the first second password of the first user identifier in the first server.
  • the first user identifier may have at least one password in the first server.
  • the leakage of the previous password is prevented from causing a security risk to the current password.
  • the server can set the first character string that is input by the user when the password is set to be the same as the password that exists in the previous one, and can include the previous password or the password in a certain period of time.
  • the first server may prompt the user that the first character string already exists and needs to be re-entered.
  • whether the first character string meets the first condition and the second condition may be determined at any time before the first character string is set as the password.
  • the determination of whether the first character string meets the first condition and the second condition may be performed after the verification result is obtained, and the like, which is not limited by the embodiment of the present application.
  • the first server requests the one or more second servers to perform verification of the same password according to the first user identifier and the first password generation verification request in the password setting request, when the first server When receiving the verification result that the first character string is different from the first password corresponding to the first user identifier in the second server, setting the first character string as the second password of the first user identifier in the first server, In addition, it ensures that the same user does not set the same password in different servers, which increases the strength of the password, greatly reduces the impact of the account and password leaked by the user on the current server and the password on the current server. The security of the user's personal information.
  • the second server does not need to know the second feature key of the first server, and the first server does not need the first feature key of the second server, the first server and The second server still maintains its own feature key, which ensures the privacy of the feature key.
  • the method may further include the following steps:
  • Step 106 When the verification result is that the first character string is the same as the first password, generate prompt information for resetting the password.
  • the password when the verification result received by the first server is that the first character string is the same as the first password, the password may be the same as the first character string in the second server, and the first server may generate Prompt the user to reset the password information, prompting the user to reset the password code.
  • the method may further include the following steps:
  • Step 107 Encrypt the second password by using the second feature key to obtain a fourth ciphertext
  • Step 108 Store the fourth ciphertext in a database.
  • the first server may have a specific encryption key (ie, a second feature key), and the first server may encrypt the second password by using the second feature key to generate a fourth ciphertext.
  • the second password is stored in the database in the form of ciphertext, which ensures the security of the password.
  • Embodiment 2 of the method for setting a password of the present application is shown. Specifically, the method may include the following steps:
  • Step 201 Receive a verification request sent by the first server in the second server.
  • the verification request is a first user identifier in the setting request when the first server receives the setting request of the password. And a verification request generated by the first string;
  • the setting request may include a first user identifier and a first character string; then the first server may generate a verification request by the following steps:
  • Sub-step S41 performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext
  • sub-step S41 may comprise the following sub-steps:
  • Sub-step S411 encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
  • Sub-step S42 performing a second encryption process on the first ciphertext to obtain a digital signature
  • sub-step S42 may include the following sub-steps:
  • Sub-step S421 encrypting the first ciphertext with a specified private key to obtain a digital signature.
  • Sub-step S43 the first ciphertext and the digital signature are encapsulated into a verification request.
  • the verification request is sent by the first server by a specified encrypted transmission mode.
  • Step 202 Obtain a verification result according to the verification request.
  • the verification result may be a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same;
  • step 202 can include the following sub-steps:
  • Sub-step S51 performing a validity check on the verification request;
  • the validity check may include at least one of a time check and a signature check;
  • the verification request may include a first timestamp; the second server may have a second timestamp; and the sub-step S51 may include the following sub-steps:
  • Sub-step S511 calculating a difference between the first timestamp and the second timestamp
  • Sub-step S512 when the difference is within a preset time threshold, determining that the verification request passes the time check.
  • sub-step S51 may comprise the following sub-steps:
  • Sub-step S513, performing a third encryption process on the first ciphertext to obtain a second character string
  • sub-step S513 may include the following sub-steps:
  • Sub-step S5131 encrypting the first ciphertext by using a specified public key to obtain a second character string.
  • Sub-step S52 when the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
  • sub-step S52 may include the following sub-steps:
  • Sub-step S521 performing decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
  • sub-step S521 may include the following sub-steps:
  • Sub-step S5211 decrypting the first ciphertext by using the target key to obtain the first user identifier and the first character string.
  • Sub-step S522 searching for a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
  • sub-step S53 may comprise the following sub-steps:
  • Sub-step S531 encrypting the first character string by using a first feature key to obtain a second ciphertext
  • Sub-step S532 verifying whether the second ciphertext and the third ciphertext are the same; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
  • Sub-step S534 when the second ciphertext is different from the third ciphertext, determining that the first character string is different from the first password.
  • Sub-step S53 when the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
  • Sub-step S54 when the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
  • Step 203 Return the verification result to the first server.
  • the first server may be configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user Identifying a second password in the first server.
  • the first character string may meet at least one of the first condition and the second condition
  • the first condition may be that the first character string satisfies a preset strength condition
  • the second condition may be that the first character string is different from the first second password of the first user identifier in the first server.
  • the first server is further configured to generate prompt information for resetting the password when the verification result is that the first character string is the same as the first password.
  • the first server is further configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext; storing the fourth ciphertext In the database.
  • the application is substantially similar to the application of the method embodiment 1, and the description is relatively simple. For the related part, refer to the description of the method embodiment 1. The embodiment of the present application is not described in detail herein.
  • the user name of the user in the first server is SkyWen (first user ID), the original password is cba321, and now requests to set abc123 (the first string) to the corresponding password, the first server can request the second server to perform Password verification.
  • the first server receives the SkyWen and abc123 input by the user, and the first server may encrypt the SkyWen and the abc123 by using the key UJHUSHUY (target key) agreed with the second server in advance, and the encrypted user name SkyWen is AAB76115CB4379D0 (first Ciphertext), the encrypted string abc123 is D559B76EEE41C613 (first ciphertext).
  • UJHUSHUY target key
  • the first server may pre-arrange with the second server to produce a digitally signed private key RSA private key (specified private key) and a digitally verified public key RSA public key (designated public key).
  • the agreed RSA private key is as follows:
  • the agreed RSA public key is as follows:
  • the first server can use the RSA private key to re-encrypt the AAB76115CB4379D0 and D559B76EEE41C613 to generate a digital signature.
  • the generated digital signature is as follows:
  • the first server may encapsulate the encrypted username, the encrypted first string, and the digital signature to generate a verification request.
  • the time stamp 1407394800082 when the verification request is sent may be added to the URL to be encapsulated into the verification request.
  • the first server may send the verification request to the second server through the HTTPS protocol, where the generated URL is as follows:
  • the timestamp A of the local system may be obtained by using the System.currentTimeMillis() method, and the timestamp A indicates the time when the second server receives the verification request.
  • the second server may preset a time threshold, such as a set time threshold of 30 s.
  • the AAB76115CB4379D0 and D559B76EEE41C613 are encrypted with the RSA public key, and the generated string is as follows:
  • the second server compares the digital signature generated by using the RSA private key with the character string generated by using the RSA public key, and can indicate that the verification request is actually sent by the first server and has not been tampered with.
  • the second server can decrypt the AAB76115CB4379D0 and D559B76EEE41C613 by using the key UJHUSHUY to obtain the username SkyWen and the string abc1213.
  • the second server detects whether there is a user name consistent with SkyWen in the database, and if not, returns a result that the first server server does not have the user name SkyWen, and the first server server can set abc123 to the password corresponding to the user name SkyWen, and The abc123 is encrypted by using the unique key of the first server to generate a ciphertext, and the ciphertext is stored in the database.
  • the abc123 can be encrypted by using the second server unique key LJHJGUUG, and the encrypted abc123 and the number According to the password of SkyWen in the library, if the passwords of the encrypted abc123 and SkyWen are the same, and the first server has returned the same password on the second server, the first server prompts the user to reset the password.
  • the first server sets the length of the character string set to the password to be 6 bits or more, and includes at least one English letter and one number, abc123 meets the strength requirement.
  • the first server may set abc123 as the password corresponding to the user name SkyWen, and encrypt the abc123 by using the unique key of the first server to generate the ciphertext, and store the ciphertext in the database.
  • Embodiment 1 of a device for setting a password of the present application which may specifically include the following modules:
  • a setting request receiving module 301 configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
  • the verification request generating module 302 is configured to generate a verification request according to the first user identifier and the first character string;
  • a verification request sending module 303 configured to send the verification request to one or more second servers
  • a verification result receiving module 304 configured to receive, returned by the one or more second servers, a verification result obtained according to the verification request; the verification result is obtained by verifying whether the first character string is the same as the first password corresponding to the first user identifier in the second server result;
  • the password setting module 305 is configured to: when the verification result is that the first character string is different from the first password, set the first character string to be the first user identifier at the first The second password in the server.
  • the verification request generating module 302 may include the following sub-modules:
  • a first ciphertext obtaining submodule configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext
  • a digital signature obtaining submodule configured to perform a second encryption process on the first ciphertext to obtain a digital signature
  • a packaging submodule configured to encapsulate the first ciphertext and the digital signature into a verification request.
  • the first ciphertext obtaining module may include the following submodules:
  • a symmetric ciphering module configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
  • the digital signature obtaining module may include the following submodules:
  • the first asymmetric cipher module is configured to encrypt the first ciphertext by using a specified private key to obtain a digital signature.
  • the verification request sending module may include the following submodules:
  • An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
  • the one or more second servers may obtain the verification result by:
  • the validity check may include at least one of a time check and a signature check
  • the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
  • the information that the first character string is different from the first password is set as a verification result.
  • the verification request may include a first timestamp; the second server may have a second timestamp; the one or more second servers may Check the verification request for validity check:
  • the one or more second servers may perform validity verification on the verification request in the following manner:
  • the one or more second servers may obtain the second string by:
  • the first ciphertext is encrypted by using a specified public key to obtain a second character string.
  • the one or more second servers may verify that the first character string and the first user identifier correspond to a first one in the second server by: Is the password the same:
  • the one or more second servers may perform decryption processing on the first ciphertext to obtain the first user identifier and the first word.
  • the one or more second servers may verify whether the first string is the same as the first password by:
  • the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key
  • the first character string may meet at least one of the first condition and the second condition
  • the first condition is that the first character string satisfies a preset strength condition
  • the second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  • the device may further include:
  • the prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
  • the device may further include:
  • a fourth ciphertext obtaining module configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext
  • a storage module configured to store the fourth ciphertext in a database.
  • Embodiment 2 of a device for setting a password of the present application is shown, which may specifically include the following modules:
  • a verification request receiving module 401 a verification request receiving module, configured to receive in the second server a verification request sent by the first server; the verification request is a check generated by the first server according to the first user identifier and the first character string in the setting request when the first server receives the setting request of the password request;
  • a verification result obtaining module 402 configured to obtain a verification result according to the verification request; the verification result is to verify that the first character string and the first user identifier are in the Whether the corresponding first password in the second server is the same;
  • a verification result returning module 403, configured to return the verification result to the first server
  • the first server may be configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier. a second password in the first server.
  • the setting request may include a first user identifier and a first character string; then the first server may generate a verification request by:
  • the verification request can be sent by:
  • the verification request is sent to one or more second servers by a specified encrypted transmission.
  • the first server may obtain the first ciphertext by:
  • the first server can obtain a digital signature by:
  • the first ciphertext is encrypted with a specified private key to obtain a digital signature.
  • the first server may send a verification request in the following manner:
  • the verification request is sent to one or more second servers by a specified encrypted transmission.
  • the verification result obtaining module 402 may include the following sub-modules:
  • a validity check submodule configured to perform a validity check on the check request;
  • the validity check includes at least one of a time check and a signature check;
  • a first verification submodule configured to: when the verification request passes the validity check, verify that the first character string and the first user identifier correspond to a first one in the second server Whether the passwords are the same;
  • a first verification result setting submodule configured to set, when the first character string is the same as the first password, information that is the same as the first password as a verification result;
  • a second verification result setting submodule configured to set, when the first character string is different from the first password, information that is different from the first password as a verification result .
  • the verification request may include a first timestamp; the second server may have a second timestamp; the validity verification sub-module may include the following sub-modules:
  • a timestamp difference calculation submodule configured to calculate a difference between the first timestamp and the second timestamp
  • the first determining submodule is configured to determine that the verification request passes the time check when the difference is within a preset time threshold.
  • the validity check submodule may include the following submodules:
  • a second string obtaining submodule configured to perform a third encryption process on the first ciphertext to obtain a second character string
  • the second determining submodule is configured to determine that the verification request passes the signature verification when the second character string is the same as the digital signature.
  • the second string obtaining submodule may include the following submodules:
  • a second asymmetric cipher submodule configured to add the first ciphertext by using a specified public key Secret, get the second string.
  • the first verification module may include the following submodules:
  • a first ciphertext encryption submodule configured to perform decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
  • a searching submodule configured to search for a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
  • the second parity module is configured to check whether the first string is the same as the first password.
  • the first ciphertext encryption submodule may include the following submodules:
  • a symmetric decryption sub-module configured to decrypt the first ciphertext by using the target key, to obtain the first user identifier and the first character string.
  • the second verification module may include the following submodules:
  • a second ciphertext obtaining submodule configured to encrypt the first character string by using a first feature key to obtain a second ciphertext
  • a third parity module configured to check whether the second ciphertext and the third ciphertext are the same; the third ciphertext is obtained by encrypting the first password by using the first feature key Cipher text
  • a third determining sub-module configured to determine that the first character string is the same as the first password when the second ciphertext is the same as the third ciphertext
  • the fourth determining sub-module is configured to determine that the first character string is different from the first password when the second ciphertext is different from the third ciphertext.
  • the first character string meets at least one of the first condition and the second condition
  • the first condition is that the first character string satisfies a preset strength condition
  • the second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  • the first server may be generated by the following manner Tips for resetting the password:
  • the prompt information for resetting the password is generated.
  • the first server may store the fourth ciphertext in a database by:
  • the fourth ciphertext is stored in a database.
  • FIG. 5 a block diagram of a system embodiment of a password setting according to the present application is shown, which includes a first server 510 and a second server 520;
  • the first server 510 may include:
  • a setting request receiving module 511 configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
  • a verification request generating module 512 configured to generate a verification request according to the first user identifier and the first character string
  • a verification request sending module 513 configured to send the verification request to one or more second servers;
  • the verification result receiving module 514 is configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request;
  • the password setting module 515 is configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier in the first The second password in the server;
  • the one or more second servers 520 can include:
  • a verification request receiving module 521 configured to receive, in the second server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the setting request a first user identifier and a verification request generated by the first string;
  • a verification result obtaining module 522 configured to obtain a verification result according to the verification request; the verification result is to verify that the first character string and the first user identifier correspond to the second server Whether the first password is the same as obtained; the verification result includes the first string and The first passwords are different;
  • a verification result returning module 523 configured to return the verification result to the first server; the first server is configured to set the first character string as the first user identifier on the first server The second password in .
  • the verification request generating module 512 may include the following sub-modules:
  • a first ciphertext obtaining submodule configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext
  • a digital signature obtaining submodule configured to perform a second encryption process on the first ciphertext to obtain a digital signature
  • a packaging submodule configured to encapsulate the first ciphertext and the digital signature into a verification request.
  • the first ciphertext obtaining submodule may include the following submodules:
  • a symmetric ciphering module configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
  • the digital signature obtaining submodule may include the following submodules:
  • the first asymmetric cipher module is configured to encrypt the first ciphertext by using a specified private key to obtain a digital signature.
  • the verification request sending module 513 may include the following sub-modules:
  • An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
  • the first character string meets at least one of the first condition and the second condition
  • the first condition is that the first character string satisfies a preset strength condition
  • the second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  • the first server 510 may further include:
  • the prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
  • the first server 510 may further include:
  • a fourth ciphertext obtaining module configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext
  • a storage module configured to store the fourth ciphertext in a database.
  • the verification result obtaining module 522 may include the following sub-modules:
  • a validity check submodule configured to perform a validity check on the check request;
  • the validity check includes at least one of a time check and a signature check;
  • a first verification submodule configured to: when the verification request passes the validity check, verify that the first character string and the first user identifier correspond to a first one in the second server Whether the passwords are the same;
  • a first verification result setting submodule configured to set, when the first character string is the same as the first password, information that is the same as the first password as a verification result;
  • a second verification result setting submodule configured to set, when the first character string is different from the first password, information that is different from the first password as a verification result .
  • the verification request may include a first timestamp; the second server may have a second timestamp; the validity verification sub-module may include the following sub-modules:
  • a timestamp difference calculation submodule configured to calculate a difference between the first timestamp and the second timestamp
  • the first determining submodule is configured to determine that the verification request passes the time check when the difference is within a preset time threshold.
  • the validity check submodule may include the following submodules:
  • a second string obtaining submodule configured to perform a third encryption process on the first ciphertext to obtain a second character string
  • a second determining submodule configured to determine when the second string is the same as the digital signature
  • the verification request is verified by signature.
  • the second string obtaining submodule may include the following submodules:
  • the second asymmetric cipher module is configured to encrypt the first ciphertext by using a specified public key to obtain a second string.
  • the first verification module may include the following submodules:
  • a first ciphertext encryption submodule configured to perform decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
  • a searching submodule configured to search for a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
  • the second parity module is configured to check whether the first string is the same as the first password.
  • the first ciphertext encryption submodule may include the following submodules:
  • a symmetric decryption sub-module configured to decrypt the first ciphertext by using the target key, to obtain the first user identifier and the first character string.
  • the second verification module may include the following submodules:
  • a second ciphertext obtaining submodule configured to encrypt the first character string by using a first feature key to obtain a second ciphertext
  • a third parity module configured to check whether the second ciphertext and the third ciphertext are the same; the third ciphertext is obtained by encrypting the first password by using the first feature key Cipher text
  • a third determining sub-module configured to determine that the first character string is the same as the first password when the second ciphertext is the same as the third ciphertext
  • the fourth determining sub-module is configured to determine that the first character string is different from the first password when the second ciphertext is different from the third ciphertext.
  • embodiments of the embodiments of the present application can be provided as a method, apparatus, or computer program product. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media.
  • Information storage can be implemented by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device.
  • computer readable media does not include non-persistent computer readable media, such as modulated data signals and carrier waves.
  • Embodiments of the present application are described with reference to flowcharts and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the present application. It will be understood that each of the flows and/or blocks, and the flowcharts and/or A combination of processes and/or blocks in the figures.
  • These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing terminal device to produce a machine such that instructions are executed by a processor of a computer or other programmable data processing terminal device Means are provided for implementing the functions specified in one or more of the flow or in one or more blocks of the flow chart.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing terminal device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the instruction device implements the functions specified in one or more blocks of the flowchart or in a flow or block of the flowchart.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Embodiments of the present application provide a password setting method, apparatus and system. The method comprises: receiving a password setting request in a first server, the setting request comprising a first user identifier and a first character string; generating a check request according to the first user identifier and the first character string; sending the check request to one or more second servers; receiving a check result obtained according to the check request and returned by the one or more second servers, the check result being a result obtained by checking whether the first character string is the same as a first password that corresponds to the first user identifier in the second server; and when the check result is that the first character string is different from the first password, setting the first character string as a second password of the first user identifier in the first server. The present application can enhance strength of passwords and improve security of personal information of users

Description

一种密码的设置方法、装置和系统Method, device and system for setting password 技术领域Technical field
本申请涉及信息安全的技术领域,特别是涉及一种密码的设置方法、一种密码的设置装置和一种密码的设置系统。The present application relates to the technical field of information security, and in particular, to a method for setting a password, a device for setting a password, and a system for setting a password.
背景技术Background technique
随着互联网的发展,具有不同服务功能的平台越来越多,例如提供了门户网站的平台、提供了即时通讯工具(一种应用程序)的平台等等,这些平台为人们的生活和工作带来了方便。With the development of the Internet, there are more and more platforms with different service functions, such as a platform for providing portals, a platform for providing instant messaging tools (an application), etc. These platforms are for people's lives and work. It's convenient.
用户通常会在平台上注册账号,并设置相应的密码以保证该账号的安全,用户利用账号和密码可以登录该平台的网站或者应用程序,享用该平台提供的服务。例如,用户利用账号和密码可以登陆提供了即时通讯工具的平台,与好友进行即时通讯。The user usually registers the account on the platform and sets the corresponding password to ensure the security of the account. The user can log in to the website or application of the platform by using the account and password, and enjoy the services provided by the platform. For example, a user can use an account number and password to log in to a platform that provides instant messaging tools for instant messaging with friends.
很多时候,为了便于记忆,用户往往习惯于在不同的平台上使用相同的账号和密码。这就导致一旦用户在某个平台上的账号和密码被不法分子获取时,不法分子可以利用账号和密码登录其他平台,盗取用户的个人信息或用户的虚拟财产、真实财产,甚至利用用户的个人信息进行诈骗等违法行为。由此可见,用户在不同的平台上使用相同的账号和密码是存在极大的隐患的,导致用户的账号的安全性很低。Many times, in order to facilitate memory, users are often accustomed to using the same account and password on different platforms. This leads to the fact that once the user's account and password on a certain platform are obtained by criminals, the criminals can use the account number and password to log in to other platforms, stealing the user's personal information or the user's virtual property, real property, and even using the user's Personal information for illegal activities such as fraud. It can be seen that the use of the same account and password on different platforms is very dangerous, and the security of the user's account is very low.
因此,目前需要本领域技术人员迫切解决的一个技术问题就是:提出一种密码设置机制,以提高密码的强度,提高用户个人信息的安全性。Therefore, a technical problem that needs to be solved urgently by those skilled in the art is to propose a password setting mechanism to improve the strength of the password and improve the security of the user's personal information.
发明内容Summary of the invention
本申请实施例所要解决的技术问题是提供一种密码的设置方法,以提高密码的强度,提高用户个人信息的安全性。The technical problem to be solved by the embodiments of the present application is to provide a method for setting a password to improve the strength of the password and improve the security of the user's personal information.
相应的,本申请实施例还提供了一种密码的设置装置和一种密码的设置系统,用以保证上述方法的实现及应用。Correspondingly, the embodiment of the present application further provides a password setting device and a password setting system to ensure implementation and application of the foregoing method.
为了解决上述问题,本申请实施例公开了一种密码的设置方法,包括: In order to solve the above problem, the embodiment of the present application discloses a method for setting a password, including:
在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;Receiving a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
根据所述第一用户标识和所述第一字符串生成校验请求;Generating a verification request according to the first user identifier and the first character string;
将所述校验请求发送至一个或多个第二服务器;Sending the verification request to one or more second servers;
接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;Receiving, by the one or more second servers, a verification result obtained according to the verification request; the verification result is that the first character string and the first user identifier are verified in the first Whether the corresponding first password in the second server is the same;
当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。When the verification result is that the first character string is different from the first password, the first character string is set as the second password of the first user identifier in the first server.
优选的,所述根据所述第一用户标识和所述第一字符串生成校验请求的步骤包括:Preferably, the step of generating a verification request according to the first user identifier and the first character string comprises:
对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;Performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
对所述第一密文进行第二加密处理,获得数字签名;Performing a second encryption process on the first ciphertext to obtain a digital signature;
将所述第一密文和所述数字签名封装进校验请求中。Encapsulating the first ciphertext and the digital signature into a verification request.
优选的,所述对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文的步骤包括:Preferably, the step of performing the first encryption process on the first user identifier and the first character string to obtain the first ciphertext comprises:
采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers to obtain a first ciphertext.
优选的,所述对所述第一密文进行第二加密处理,获得数字签名的步骤包括:Preferably, the step of performing a second encryption process on the first ciphertext to obtain a digital signature includes:
采用指定的私钥对所述第一密文进行加密,获得数字签名。The first ciphertext is encrypted with a specified private key to obtain a digital signature.
优选的,所述将所述校验请求发送至一个或多个第二服务器的步骤包括:Preferably, the step of sending the verification request to one or more second servers comprises:
通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。The verification request is sent to one or more second servers by a specified encrypted transmission.
优选的,所述一个或多个第二服务器通过以下方式获得校验结果:Preferably, the one or more second servers obtain the verification result by:
对所述校验请求进行有效性校验;所述有效性校验包括时间校验和签名 校验中的至少一种;Performing a validity check on the verification request; the validity check includes a time check and signature At least one of the checks;
当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;When the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
当所述第一字符串与所述第一密码相同时,将所述第一字符串与所述第一密码相同的信息设置为校验结果;When the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
当所述第一字符串与所述第一密码相异时,将所述第一字符串与所述第一密码相异的信息设置为校验结果。When the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
优选的,所述校验请求包括第一时间戳;所述第二服务器具有第二时间戳;所述对所述校验请求进行有效性校验的步骤包括:Preferably, the verification request includes a first timestamp; the second server has a second timestamp; and the step of verifying validity of the verification request includes:
计算所述第一时间戳与所述第二时间戳的差值;Calculating a difference between the first timestamp and the second timestamp;
当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。When the difference is within a preset time threshold, it is determined that the verification request passes the time check.
优选的,所述对所述校验请求进行有效性校验的步骤包括:Preferably, the step of verifying validity of the verification request comprises:
对所述第一密文进行第三加密处理,获得第二字符串;Performing a third encryption process on the first ciphertext to obtain a second character string;
当所述第二字符串与所述数字签名相同时,判断所述校验请求通过签名校验。When the second character string is the same as the digital signature, it is determined that the verification request is verified by a signature.
优选的,所述对所述第一密文进行第三加密处理,获得第二字符串的步骤包括:Preferably, the step of performing the third encryption process on the first ciphertext to obtain the second character string comprises:
采用指定的公钥对所述第一密文进行加密,获得第二字符串。The first ciphertext is encrypted by using a specified public key to obtain a second character string.
优选的,所述校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同的步骤包括:Preferably, the step of verifying whether the first character string is the same as the first password corresponding to the first user identifier in the second server comprises:
对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符串;Decrypting the first ciphertext to obtain the first user identifier and the first character string;
查找与所述第一用户标识关联的第二用户标识;所述第二用户标识具有关联的第一密码;Finding a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
校验所述第一字符串与所述第一密码是否相同。Verifying whether the first string is the same as the first password.
优选的,所述对所述第一密文进行第二解密处理,获得所述第一用户标识和所述第一字符串的步骤包括:Preferably, the step of performing the second decryption process on the first ciphertext to obtain the first user identifier and the first character string comprises:
采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和 所述第一字符串。Decrypting the first ciphertext by using the target key to obtain the first user identifier and The first character string.
优选的,所述校验所述第一字符串与所述第一密码是否相同的步骤包括:Preferably, the step of verifying whether the first string is the same as the first password comprises:
采用第一特征密钥对所述第一字符串进行加密,获得第二密文;Encrypting the first character string by using a first feature key to obtain a second ciphertext;
校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;Verifying whether the second ciphertext is the same as the third ciphertext; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;When the second ciphertext is the same as the third ciphertext, determining that the first character string is the same as the first password;
当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。When the second ciphertext is different from the third ciphertext, it is determined that the first character string is different from the first ciphertext.
优选的,所述第一字符串符合第一条件和第二条件中的至少一个条件;Preferably, the first character string meets at least one of the first condition and the second condition;
其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
优选的,所述方法,还包括:Preferably, the method further includes:
当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。When the verification result is that the first character string is the same as the first password, the prompt information for resetting the password is generated.
优选的,所述方法,还包括:Preferably, the method further includes:
采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;Encrypting the second password by using the second feature key to obtain a fourth ciphertext;
将所述第四密文存储在数据库中。The fourth ciphertext is stored in a database.
本申请实施例还公开了一种密码的设置方法,包括:The embodiment of the present application further discloses a method for setting a password, including:
在第二服务器中接收由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;Receiving, by the first server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the first user identifier and the first in the setting request a verification request generated by a string;
根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果; Obtaining a verification result according to the verification request; the verification result is a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same ;
将所述校验结果返回所述第一服务器;所述第一服务器用于在所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。Returning the verification result to the first server; the first server is configured to: when the verification result is that the first character string is different from the first password, the first string is And setting a second password that is the first user identifier in the first server.
本申请实施例还公开了一种密码的设置装置,包括:The embodiment of the present application further discloses a password setting apparatus, including:
设置请求接收模块,用于在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;a request receiving module, configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
校验请求生成模块,用于根据所述第一用户标识和所述第一字符串生成校验请求;a verification request generating module, configured to generate a verification request according to the first user identifier and the first character string;
校验请求生发送模块,用于将所述校验请求发送至一个或多个第二服务器;a verification request sending module, configured to send the verification request to one or more second servers;
校验结果接收模块,用于接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result receiving module, configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request; the verification result is to verify the first character string and the Determining, by the first user, a result obtained by whether the corresponding first password in the second server is the same;
密码设置模块,用于当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。a password setting module, configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier on the first server The second password in .
优选的,所述设置请求接收模块包括:Preferably, the setting request receiving module includes:
第一密文获得子模块,用于对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;a first ciphertext obtaining submodule, configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
数字签名获得子模块,用于对所述第一密文进行第二加密处理,获得数字签名;a digital signature obtaining submodule, configured to perform a second encryption process on the first ciphertext to obtain a digital signature;
封装子模块,用于将所述第一密文和所述数字签名封装进校验请求中。And a packaging submodule, configured to encapsulate the first ciphertext and the digital signature into a verification request.
优选的,所述第一密文获得子模块包括:Preferably, the first ciphertext obtaining submodule comprises:
对称加密子模块,用于采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And a symmetric ciphering module, configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
优选的,所述数字签名获得子模块包括:Preferably, the digital signature obtaining submodule comprises:
第一非对称加密子模块,用于采用指定的私钥对所述第一密文进行加 密,获得数字签名。a first asymmetric cipher submodule, configured to add the first ciphertext by using a specified private key Secret, get a digital signature.
优选的,所述校验请求生发送模块包括:Preferably, the verification request sending module includes:
加密传输子模块,用于通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
优选的,所述第一字符串符合第一条件和第二条件中的至少一个条件;Preferably, the first character string meets at least one of the first condition and the second condition;
其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
优选的,所述装置,还包括:Preferably, the device further includes:
提示信息生成模块,当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。The prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
优选的,所述装置,还包括:Preferably, the device further includes:
第四密文获得模块,用于采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;a fourth ciphertext obtaining module, configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext;
存储模块,用于将所述第四密文存储在数据库中。a storage module, configured to store the fourth ciphertext in a database.
本申请实施例还公开了一种密码的设置装置,包括:The embodiment of the present application further discloses a password setting apparatus, including:
校验请求接收模块,用于在第二服务器中接收由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;a verification request receiving module, configured to receive, in the second server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the setting request a first user identifier and a verification request generated by the first string;
校验结果获得模块,用于根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result obtaining module, configured to obtain a verification result according to the verification request; the verification result is a verification that the first character string and the first user identifier correspond to the second server The result of whether a password is the same;
校验结果返回模块,用于将所述校验结果返回所述第一服务器;所述第一服务器用于所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。a verification result returning module, configured to return the verification result to the first server; and when the first server is configured to use the verification result that the first character string is different from the first password, Setting the first character string as the second password of the first user identifier in the first server.
本申请实施例还公开了一种密码的设置系统,包括: The embodiment of the present application further discloses a password setting system, including:
所述系统包括第一服务器和一个或多个第二服务器;The system includes a first server and one or more second servers;
其中,所述第一服务器包括:The first server includes:
设置请求接收模块,用于在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;a request receiving module, configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
校验请求生成模块,用于根据所述第一用户标识和所述第一字符串生成校验请求;a verification request generating module, configured to generate a verification request according to the first user identifier and the first character string;
校验请求生发送模块,用于将所述校验请求发送至一个或多个第二服务器;a verification request sending module, configured to send the verification request to one or more second servers;
校验结果接收模块,用于接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;a verification result receiving module, configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request;
密码设置模块,用于当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码;a password setting module, configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier on the first server The second password in ;
所述一个或多个第二服务器包括:The one or more second servers include:
校验请求接收模块,用于在第二服务器中接收由第一服务器发送的校验请求;a verification request receiving module, configured to receive, in the second server, a verification request sent by the first server;
校验结果获得模块,用于根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result obtaining module, configured to obtain a verification result according to the verification request; the verification result is a verification that the first character string and the first user identifier correspond to the second server The result of whether a password is the same;
校验结果返回模块,用于将所述校验结果返回所述第一服务器。The verification result returns a module for returning the verification result to the first server.
与背景技术相比,本申请实施例包括以下优点:Compared with the background art, the embodiments of the present application include the following advantages:
本申请实施例中,第一服务器根据密码的设置请求中的第一用户标识和第一密码生成校验请求,请求一个或多个第二服务器进行是否存在相同密码的校验,当第一服务器接收到第一字符串与第一用户标识在第二服务器中对应的第一密码相异的校验结果时,把第一字符串设置为第一用户标识在第一服务器中的第二密码,进而确保同一用户不会在不同的服务器中设置相同的密码,提高了密码的强度,大大降低了用户在某个服务器中的账号和密码泄 露时对当前服务器中的账号和密码的影响,进而提高了用户个人信息的安全性。In the embodiment of the present application, the first server requests the one or more second servers to perform verification of the same password according to the first user identifier and the first password generation verification request in the password setting request, when the first server When receiving the verification result that the first character string is different from the first password corresponding to the first user identifier in the second server, setting the first character string as the second password of the first user identifier in the first server, In addition, it ensures that the same user does not set the same password in different servers, which increases the strength of the password and greatly reduces the user's account and password in a certain server. The impact of the time on the account and password in the current server, thereby improving the security of the user's personal information.
在第一服务器和第二服务器的交互过程中,第二服务器并不需要知道第一服务器的第二特征密钥,第一服务器也并不需要第二服务器的第一特征密钥,第一服务器和第二服务器依然各自维护自己的特征密钥,保证了特征密钥的隐私性。During the interaction between the first server and the second server, the second server does not need to know the second feature key of the first server, and the first server does not need the first feature key of the second server, the first server And the second server still maintains its own feature key, which ensures the privacy of the feature key.
第一服务器利用密钥对第一用户标识和第一字符串进行加密生成第一密文,将第一密文封装进校验请求后,通过加密的传输方式将校验请求发送至第二服务器,保证了第一用户标识和第一字符串在传输过程中的安全。The first server encrypts the first user identifier and the first character string by using a key to generate a first ciphertext, and after the first ciphertext is encapsulated into the verification request, sends the verification request to the second server by using an encrypted transmission manner. , ensuring the security of the first user identifier and the first character string during transmission.
本申请实施例中,第一服务器可以对第一用户标识和第一字符串进行第一加密处理,生成对应的第一密文,提高了用户信息(即第一用户标识和第一字符串)的安全性。In the embodiment of the present application, the first server may perform a first encryption process on the first user identifier and the first character string to generate a corresponding first ciphertext, and improve user information (ie, the first user identifier and the first character string). Security.
本申请实施例中,可以通过加密传输方式发送校验请求,进行一步提高了用户信息的安全性。In the embodiment of the present application, the verification request may be sent by using an encrypted transmission manner, and the security of the user information is improved in one step.
本申请实施例对第一服务器发送校验请求进行有效性校验,以保证校验请求的安全性,同时,在判断校验请求无效时,无需再进行后续的校验操作,进而能够减少系统的开销。The embodiment of the present application performs validity check on the verification request sent by the first server to ensure the security of the verification request, and at the same time, when determining that the verification request is invalid, the subsequent verification operation is not required, thereby reducing the system. s expenses.
附图说明DRAWINGS
图1是本申请的一种密码的设置方法实施例1的步骤流程图;1 is a flow chart showing the steps of Embodiment 1 of a method for setting a password of the present application;
图2是本申请的一种密码的设置方法实施例2的步骤流程图;2 is a flow chart showing the steps of Embodiment 2 of a method for setting a password according to the present application;
图3是本申请的一种密码的设置装置实施例1的结构框图;3 is a structural block diagram of Embodiment 1 of a password setting apparatus of the present application;
图4是本申请的一种密码的设置装置实施例2的结构框图;4 is a structural block diagram of Embodiment 2 of a password setting apparatus of the present application;
图5是本申请的一种密码的设置系统实施例的结构框图。FIG. 5 is a structural block diagram of an embodiment of a password setting system of the present application.
具体实施方式detailed description
为使本申请的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本申请作进一步详细的说明。The above described objects, features and advantages of the present application will become more apparent and understood.
在传统的密码设置方法中,用户通过客户端(例如,浏览器)在平台上 设置密码时,平台通常会对用户设置为密码的字符串进行密码强度校核,当字符串通过强度校核后,该字符串可以设置为密码,而平台会采用自身所特有的密钥对用户设置的密码进行加密,以密文的方式存储在数据库中,以确保密码的安全性。In the traditional password setting method, the user is on the platform through the client (for example, a browser). When setting a password, the platform usually checks the password strength of the string set by the user as a password. When the string passes the strength check, the string can be set as the password, and the platform uses its own unique key pair to the user. The set password is encrypted and stored in the database in cipher text to ensure the security of the password.
虽然进行强度校验,可以增大“暴力破解”(即利用字典穷举)密码的难度,但是这些要求同样也会增加用户记忆密码的难度,而且还会增加用户在多个平台上使用同一密码的可能性。Although the strength check can increase the difficulty of “brute force cracking” (that is, using dictionary exhaustive) passwords, these requirements also increase the difficulty for users to remember passwords, and also increase users' use of the same password on multiple platforms. The possibility.
亦即,为便于记忆与管理,很多用户都习惯在不同的平台上设置相同的账号和密码。而随着计算机的发展,破解密文获得明文的方法已经越来越多,这就导致一旦用户在某个平台上的账号和密码被不法分子获取时,不法分子可以在几分钟或几小时之内破解密文,获得明文形式的密码。进而可以利用该用户的账号和密码登录其他平台,盗取用户的个人信息或用户的虚拟财产、真实财产,甚至利用用户的个人信息进行诈骗等违法行为。That is, in order to facilitate memory and management, many users are accustomed to setting the same account and password on different platforms. With the development of computers, there are more and more methods for cracking ciphertext to obtain plaintext. This leads to the fact that once a user's account and password on a certain platform are acquired by criminals, the criminals can be in a few minutes or hours. Crack the ciphertext and obtain the password in plain text. In turn, the user's account and password can be used to log in to other platforms, stealing the user's personal information or the user's virtual property, real property, or even using the user's personal information for fraud and other illegal activities.
传统的密码设置方法是只能够在单独一个平台上应用的,并不能够检测到用户是否在不同的平台上使用了相同的账号和密码,无法避免用户在不同的平台上使用相同的账号和密码的问题,因而,上述的这种基于平台的密码设置方法存在极大的隐患,安全性很低。The traditional password setting method can only be applied on a single platform, and it is not able to detect whether the user uses the same account and password on different platforms, and cannot avoid the user using the same account and password on different platforms. The problem, therefore, the above-mentioned platform-based password setting method has great hidden dangers and low security.
因此,提出本申请实施例的核心构思之一,在不同的服务器中对用户的密码进行校验,防止同一个用户在不同的服务器之间设置相同的密码。Therefore, one of the core concepts of the embodiments of the present application is proposed to verify the password of the user in different servers to prevent the same user from setting the same password between different servers.
参照图1,示出了本申请的一种密码的设置方法实施例1的步骤流程图,具体可以包括如下步骤:Referring to FIG. 1 , a flow chart of the steps of Embodiment 1 of a password setting method of the present application is shown, which may specifically include the following steps:
步骤101,在第一服务器中接收密码的设置请求;Step 101: Receive a setting request of a password in the first server.
需要说明的是,服务器可以控制对网络或网络资源(例如,磁盘驱动器、打印机等)进行访问的计算机,并能够为在网络上的计算机提供资源使其犹如工作站那样地进行操作,通常可分为文件服务器、数据库服务器和应用程序服务器等类型。It should be noted that the server can control the computer that accesses the network or network resources (for example, a disk drive, a printer, etc.), and can provide resources for the computer on the network to operate like a workstation, and can usually be divided into Types such as file server, database server, and application server.
在具体实现中,密码的设置请求可以是指用户发出的将某个字符串设 置为密码的指示。用户可以在客户端通过账号密码和独立密码中至少一个的设置或修改,或者其他方式,触发密码的设置请求。In a specific implementation, the password setting request may refer to a string sent by the user. An indication of a password. The user can trigger a password setting request on the client by setting or modifying at least one of the account password and the independent password, or other means.
其中,账号密码可以为登录用户账号的密码,可以在注册新的用户账号时设置,也可以在设置后进行修改;独立密码可以为登录用户账号后保护某些业务对象的密码,例如,独立密码可以为在即时通讯工具中查看聊天记录、登录关联邮箱的密码,或者,可以为确认支付的密码,或者,可以为虚拟物品的处理(如交易、销毁等)保护密码,等等,本申请实施例对此不加以限制。The account password can be the password of the login user account, which can be set when registering a new user account, or can be modified after setting; the independent password can be used to protect the password of certain business objects after logging in the user account, for example, an independent password. The password can be viewed in the instant messaging tool, the password of the login email, or the password that can be confirmed for payment, or the password can be protected for the processing of the virtual item (such as transaction, destruction, etc.), etc. This example does not limit this.
客户端将密码的设置请求发送至第一服务器,设置请求可以包括第一用户标识和第一字符串。The client sends a password setting request to the first server, and the setting request may include the first user identifier and the first character string.
其中,第一用户标识可以为能够代表一个在第一服务器中唯一确定的用户的信息,可以包括用户账号、与用户账号绑定的信息中的至少一种;而与用户账号绑定的信息可以包括如下至少一种:The first user identifier may be information that can represent a user uniquely identified in the first server, and may include at least one of a user account and information bound to the user account; and the information bound to the user account may be Including at least one of the following:
其他用户账号、邮箱、电话号码、名称。Other user accounts, email addresses, phone numbers, names.
第一字符串可以为请求设置为密码的字符串,具体可以是任意形式的字符串。The first string can be a string that is set to be a password, and can be any string of any kind.
当然,上述密码的设置请求的触发方式和内容只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他触发方式和内容,本申请实施例对此不加以限制。另外,除了上述触发方式和内容外,本领域技术人员还可以根据实际需要采用其它触发方式和内容,本申请实施例对此也不加以限制。Of course, the triggering manner and content of the above-mentioned password setting request are only examples. When the embodiment of the present application is implemented, other triggering manners and contents may be set according to actual conditions, which is not limited by the embodiment of the present application. In addition, in addition to the foregoing triggering manners and contents, other triggering methods and contents may be used by those skilled in the art according to actual needs, and the embodiment of the present application does not limit this.
步骤102,根据所述第一用户标识和所述第一字符串生成校验请求;Step 102: Generate a verification request according to the first user identifier and the first character string.
在本申请实施例中,校验请求可以是指第一服务器发出的校验是否存在与第一字符串相同的密码的指示。In the embodiment of the present application, the verification request may refer to an indication sent by the first server whether there is a password equal to the first character string.
在本申请的一种优选实施例中,步骤102可以包括以下子步骤:In a preferred embodiment of the present application, step 102 can include the following sub-steps:
子步骤S11,对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;Sub-step S11, performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
在具体实现中,第一服务器所接收的第一用户标识和第一字符串是明文 的形式,本申请实施例中,第一服务器可以对第一用户标识和第一字符串进行第一加密处理,生成对应的第一密文,提高了用户信息(即第一用户标识和第一字符串)的安全性。In a specific implementation, the first user identifier and the first string received by the first server are plaintext. In the embodiment of the present application, the first server may perform a first encryption process on the first user identifier and the first character string to generate a corresponding first ciphertext, and improve user information (ie, the first user identifier and the first String) security.
在本申请实施例的一种优选示例中,子步骤S11可以包括以下子步骤:In a preferred example of the embodiment of the present application, the sub-step S11 may include the following sub-steps:
子步骤S111,采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。Sub-step S111, encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
在本示例中,可以采用对称加密的方式进行第一加密处理。其中,对称加密可以为采用单钥密码系统的加密方法,同一个密钥可以同时用作信息的加密和解密。In this example, the first encryption process can be performed in a symmetric encryption manner. Among them, symmetric encryption can be an encryption method using a single-key cryptosystem, and the same key can be used as both information encryption and decryption.
在实际应用中,第一服务器和第二服务器可以预先约定对第一用户标识和第一字符串进行加密和解密的密钥(即目标密钥),每个第二服务器可以具有各自对应的目标密钥。In an actual application, the first server and the second server may pre-approve a key (ie, a target key) for encrypting and decrypting the first user identifier and the first character string, and each second server may have a corresponding target. Key.
第一服务器和第二服务器也可以约定加密和解密的算法,规定如何进行加密和解密,例如DES(Data Encryption Standard,数据加密算法)算法、IDEA(International Data Encryption Algorithm,国际数据加密算法)算法、AES(Advanced Encryption Standard,高级加密标准)算法,等等,本申请实施例对称不加以限制。The first server and the second server may also stipulate encryption and decryption algorithms, and specify how to perform encryption and decryption, such as DES (Data Encryption Standard) algorithm, IDEA (International Data Encryption Algorithm) algorithm, The AES (Advanced Encryption Standard) algorithm, and the like, the symmetry of the embodiment of the present application is not limited.
当然,本申请实施例还可以采用其他方式,例如非对称加密,进行第一加密处理,本申请实施例对此也不加以限制。Of course, the embodiment of the present application may also perform the first encryption process by using other methods, such as asymmetric encryption, which is not limited in this embodiment of the present application.
子步骤S12,对所述第一密文进行第二加密处理,获得数字签名;Sub-step S12, performing a second encryption process on the first ciphertext to obtain a digital signature;
在本示例中,可以采用非对称加密的方式进行第二加密处理。其中,非对称加密可以为加密和解密使用的是两个不同密钥的密码系统的加密方法。In this example, the second encryption process can be performed in an asymmetric encryption manner. Among them, asymmetric encryption can use encryption methods for cryptosystems with two different keys for encryption and decryption.
对数据或文件(例如,第一密文)生成数字签名,接收者(例如,第二服务器)可以通过验证数字签名来验证数据或文件(例如,第一密文)是否完整准确,确定数据或文件(例如,第一密文)是由生成数字签名方(例如,第一服务器)发送而不是第三方伪造的,且该数据或文件(例如,第一密文)未被篡改过。Generating a digital signature to the data or file (eg, the first ciphertext), the recipient (eg, the second server) can verify that the data or file (eg, the first ciphertext) is complete and accurate by verifying the digital signature, determining the data or The file (eg, the first ciphertext) is sent by the generating digital signing party (eg, the first server) instead of being forged by a third party, and the data or file (eg, the first ciphertext) has not been tampered with.
一套数字签名通常可以包括两种互补的算法,其中一种算法可以用于生 成数字签名,另一种算法可以用于验证数字签名。A set of digital signatures can usually include two complementary algorithms, one of which can be used for In digital signatures, another algorithm can be used to verify digital signatures.
在本申请实施例的一种优选示例中,子步骤S12可以包括以下子步骤:In a preferred example of the embodiment of the present application, the sub-step S12 may include the following sub-steps:
子步骤S121,采用指定的私钥对所述第一密文进行加密,获得数字签名。Sub-step S121, encrypting the first ciphertext by using a specified private key to obtain a digital signature.
非对称式加密的加密和解密所使用的不是同一个密钥,通常需要两个密钥:公钥(public key)和私钥(private key)。公钥与私钥是一对的,私钥可以由加密方(例如,第一服务器)保存,公钥可以向解密方(例如,第二服务器)公开。Asymmetric encryption uses not the same key for encryption and decryption. It usually requires two keys: a public key and a private key. The public key and the private key are a pair, the private key can be saved by the encrypting party (for example, the first server), and the public key can be disclosed to the decrypting party (for example, the second server).
本示例中,若第一服务器用私钥对数据进行加密,则第二服务器可以用对应的公钥进行解密。In this example, if the first server encrypts the data with the private key, the second server can decrypt with the corresponding public key.
当加密方(例如,第一服务器)使用自己的私钥进行数据加密,相当于在数据上做数字签名,解密方(例如,第二服务器)用公钥解密数据,由于私钥为加密方(例如,第一服务器)所有,如果解密方(例如,第二服务器)能够正常解密,则可以表明数据来自加密方(例如,第一服务器),保证了数据并非假冒和没有在传输过程中被修改。When the encrypting party (for example, the first server) encrypts the data using its own private key, it is equivalent to digitally signing the data, and the decrypting party (for example, the second server) decrypts the data with the public key, since the private key is the encryption party ( For example, the first server) all, if the decrypting party (for example, the second server) can decrypt normally, it can indicate that the data comes from the encrypting party (for example, the first server), ensuring that the data is not faked and not modified during the transmission. .
在实际应用中,第一服务器和第二服务器可以事先约定相匹配的,生成数字签名的私钥和解密数字签名的公钥。In an actual application, the first server and the second server may agree in advance to generate a digitally signed private key and a public key to decrypt the digital signature.
第一服务器和第二服务器也可以约定加密和解密的算法,规定如何进行加密和解密,例如,RSA算法(一种非对称加密算法,RSA分别为罗纳德·李维斯特Ron Rivest、阿迪·萨莫尔Adi Shamir、伦纳德·阿德曼Leonard Adleman的形式开头字母)、ElGamal算法(一种加密算法)、背包算法、Rabin算法(RSA算法的特例)、迪菲-赫尔曼密钥交换协议中的公钥加密算法、椭圆曲线加密算法(Elliptic Curve Cryptography,ECC)等等,本申请实施例对此不加以限制。The first server and the second server can also agree on encryption and decryption algorithms, specifying how to encrypt and decrypt, for example, RSA algorithm (an asymmetric encryption algorithm, RSA is Ronald Ron Rivest, Adi Sa, respectively) Moore Adi Shamir, Leonard Adleman's initial letter), ElGamal algorithm (an encryption algorithm), knapsack algorithm, Rabin algorithm (special case of RSA algorithm), Diffie-Hellman key exchange The public key encryption algorithm, the Elliptic Curve Cryptography (ECC), and the like in the protocol are not limited in this embodiment of the present application.
子步骤S13,将所述第一密文和所述数字签名封装进校验请求中。Sub-step S13, the first ciphertext and the digital signature are encapsulated into a verification request.
在本申请实施例中,第一服务器和第二服务器事先约定传输的协议,第一服务器可以按照该传输的协议将第一密文和数字签名封装进校验请求中,发送至第二服务器。 In the embodiment of the present application, the first server and the second server agree on the protocol to be transmitted in advance, and the first server may encapsulate the first ciphertext and the digital signature into the verification request according to the transmitted protocol, and send the result to the second server.
需要说明的是,在某些特定的场景中可以不进行第一加密处理和第二加密处理,即可以不生成第一密文和数字签名,直接将第一用户标识和第一字符串封装进校验请求中,但是校验请求需要具备私密性,例如,第二服务器只接收白名单中的第一服务器的校验请求,本申请实施例对此不加以限制。It should be noted that, in some specific scenarios, the first encryption process and the second encryption process may not be performed, that is, the first user identifier and the first character string may be directly encapsulated without generating the first ciphertext and the digital signature. In the verification request, but the verification request needs to be private, for example, the second server only receives the verification request of the first server in the whitelist, which is not limited by the embodiment of the present application.
步骤103,将所述校验请求发送至一个或多个第二服务器;Step 103: Send the verification request to one or more second servers;
需要说明的是,第一服务器与第二服务器可以分别属于不同的平台,但是可以面对相同的用户,该用户可以在第一服务器和第二服务器中注册账号。It should be noted that the first server and the second server may belong to different platforms, respectively, but may face the same user, and the user may register the account in the first server and the second server.
第二服务器可以开放一个指定的API(Application Programming Interface,应用程序编程接口)接口,第一服务器可以调用该指定的API接口,按照该指定的API接口的参数规范,通过该API对应的URL(Uniform Resource Locator,统一资源定位符)向第二服务器发送校验请求,请求第二服务器校验该用户是否存在与需要设置为密码的第一字符串相同的密码。The second server may open a specified API (Application Programming Interface) interface, and the first server may invoke the specified API interface, and according to the parameter specification of the specified API interface, the URL corresponding to the API (Uniform) The Resource Locator sends a verification request to the second server, requesting the second server to verify whether the user has the same password as the first character string that needs to be set as the password.
在本申请的一种优选实施例中,步骤103可以包括以下子步骤:In a preferred embodiment of the present application, step 103 may include the following sub-steps:
子步骤S21,通过指定的加密传输方式将所述校验请求发送至第二服务器。Sub-step S21, the verification request is sent to the second server by the specified encrypted transmission mode.
本申请实施例中,可以通过加密传输方式发送校验请求,进行一步提高了用户信息的安全性。In the embodiment of the present application, the verification request may be sent by using an encrypted transmission manner, and the security of the user information is improved in one step.
例如,第一服务器可以通过超文本传输安全协议(Hyper Transfer Protocol over Secure Socket Layer,HTTPS)发送校验请求,也可以通过其他加密传输方式发送校验请求,本申请实施例对此不加以限制。For example, the first server may send a verification request by using a Hyper-Transfer Protocol over Secure Socket Layer (HTTPS), and may also send a verification request by using another encryption transmission manner, which is not limited in this embodiment of the present application.
当然,在某些特定的场景中可以不通过加密传输方式发送校验请求,但是传输方式需要具备安全性。Of course, in some specific scenarios, the verification request may not be sent by means of encrypted transmission, but the transmission method needs to be secure.
步骤104,接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;Step 104: Receive, by the one or more second servers, a verification result obtained according to the verification request.
其中,所述校验结果可以为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;The verification result may be a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same;
在具体实现中,第二服务器可以根据校验请求,校验第一字符串与第一 密码是否相同。In a specific implementation, the second server may verify the first string and the first according to the verification request. Is the password the same?
在本申请的一种优选实施例中,第二服务器可以通过以下方式获得校验结果:In a preferred embodiment of the present application, the second server can obtain the verification result by:
子步骤S31,对所述校验请求进行有效性校验;所述有效性校验可以包括时间校验和签名校验中的至少一种;Sub-step S31, performing a validity check on the verification request; the validity check may include at least one of a time check and a signature check;
在本申请实施例中,若第二服务器判断校验请求有效,则可以对第一字符串进行校验,若第二服务器判断校验请求无效,则可以不对第一字符串进行校验。In the embodiment of the present application, if the second server determines that the verification request is valid, the first character string may be verified. If the second server determines that the verification request is invalid, the first character string may not be verified.
本申请实施例对第一服务器发送校验请求进行有效性校验,以保证校验请求的安全性,同时,在判断校验请求无效时,无需再进行后续的校验操作,进而能够减少系统的开销。The embodiment of the present application performs validity check on the verification request sent by the first server to ensure the security of the verification request, and at the same time, when determining that the verification request is invalid, the subsequent verification operation is not required, thereby reducing the system. s expenses.
在本申请的一种优选实施例中,所述校验请求可以包括第一时间戳;所述第二服务器可以具有第二时间戳;子步骤S31可以包括以下子步骤:In a preferred embodiment of the present application, the verification request may include a first timestamp; the second server may have a second timestamp; and the sub-step S31 may include the following sub-steps:
子步骤S311,计算所述第一时间戳与所述第二时间戳的差值;Sub-step S311, calculating a difference between the first timestamp and the second timestamp;
子步骤S312,当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。Sub-step S312, when the difference is within a preset time threshold, it is determined that the verification request passes the time check.
在本申请实施例中,第二服务器可以对校验请求进行时间校验,以保证第一服务器和第二服务器时间的一致性。In the embodiment of the present application, the second server may perform time verification on the verification request to ensure the consistency of the time between the first server and the second server.
时间戳(timestamp),通常是一个字符序列,可以唯一的表示某一刻的时间。而第一时间戳可以表示第一服务器的系统时间,第二时间戳可以表示第二服务器的系统时间。A timestamp, usually a sequence of characters, that uniquely represents a moment in time. The first timestamp may represent the system time of the first server, and the second timestamp may represent the system time of the second server.
在具体实现时,第一服务器可以将第一时间戳添加到URL中,随校验请求一起发送给第二服务器。In a specific implementation, the first server may add the first timestamp to the URL and send it to the second server along with the verification request.
该第一时间戳与第二时间戳可以用于校验第一服务器和第二服务器在时间上的一致性,该第一时间戳与该第二时间戳的差值可以允许比较小误差的存在,例如,第一时间戳可以与第二时间戳相差几分钟(即时间阈值),是可以接受的,可以认为通过时间校验。The first timestamp and the second timestamp may be used to verify the consistency of time between the first server and the second server, and the difference between the first timestamp and the second timestamp may allow the existence of a small error. For example, the first timestamp may be different from the second timestamp by a few minutes (ie, the time threshold), which is acceptable and may be considered to pass the time check.
本申请实施例通过校验第一服务器的第一时间戳和第二服务器的第二 时间戳的一致性,提升了第二服务器API安全,提高了密码校验的安全性。The embodiment of the present application passes the first time stamp of the first server and the second time of the second server. The consistency of the time stamp improves the security of the second server API and improves the security of the password verification.
在本申请的一种优选实施例中,子步骤S31可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S31 may comprise the following sub-steps:
子步骤S313,对所述第一密文进行第三加密处理,获得第二字符串;Sub-step S313, performing a third encryption process on the first ciphertext to obtain a second character string;
子步骤S314,当所述第二字符串与所述数字签名相同时,判断所述校验请求通过签名校验。Sub-step S314, when the second character string is the same as the digital signature, it is determined that the verification request passes the signature verification.
在本申请实施例中,第二服务器可以对校验请求进行签名校验,以保证校验请求的真实性。In the embodiment of the present application, the second server may perform signature verification on the verification request to ensure the authenticity of the verification request.
在具体实现中,第二服务器可以采用与子步骤S12相对应的非对称加密的方式进行第三加密处理。In a specific implementation, the second server may perform the third encryption process by using asymmetric encryption corresponding to the sub-step S12.
若第二服务器通过验证数字签名来验证第一密文完整准确,则可以确定第一密文是由生成第一服务器发送而不是第三方伪造的,且该第一密文未被篡改过。If the second server verifies that the first ciphertext is complete and accurate by verifying the digital signature, it may be determined that the first ciphertext is sent by the generated first server instead of being forged by a third party, and the first ciphertext has not been tampered with.
在本申请实施例的一种优选示例中,子步骤S313可以包括以下子步骤:In a preferred example of the embodiment of the present application, the sub-step S313 may include the following sub-steps:
子步骤S3131,采用指定的公钥对第一密文进行加密,获得第二字符串。Sub-step S3131, encrypting the first ciphertext by using the specified public key to obtain a second character string.
在具体实现中,与子步骤S121相对应地,第二服务器可以采用事先约定的公钥验证数字签名。In a specific implementation, corresponding to sub-step S121, the second server may verify the digital signature using a public key agreed in advance.
第二服务器可以采用约定的公钥加密第一密文,生成第二字符串。The second server may encrypt the first ciphertext with the agreed public key to generate a second string.
需要说明的是,在一种情形中,本申请实施例可以对校验请求进行时间校验,而不对校验请求进行签名校验,当校验请求通过时间校验时,判断校验请求通过有效性校验。It should be noted that, in one case, the embodiment of the present application may perform time verification on the verification request without performing signature verification on the verification request. When the verification request passes the time verification, it is determined that the verification request is passed. Validity check.
在另一种情形中,本申请实施例可以对校验请求进行签名校验,而不对校验请求进行时间校验,当校验请求通过签名校验时,判断校验请求通过有效性校验。In another case, the embodiment of the present application may perform signature verification on the verification request, but does not perform time verification on the verification request. When the verification request passes the signature verification, it determines that the verification request passes the validity check. .
在另一种情形中,本申请实施例可以对校验请求进行时间校验和签名校验,当校验请求通过时间校验和签名校验时,判断校验请求通过有效性校验。In another scenario, the embodiment of the present application may perform time check and signature verification on the verification request. When the verification request passes the time check and the signature check, it is determined that the verification request passes the validity check.
当然,本申请实施例可以先对校验请求进行时间校验再对校验请求进行签名校验,若时间校验不通过,判断校验请求未通过有效性校验,则不需要对校验请求进行签名校验;也可以先对校验请求进行签名校验再对校验请求 进行时间校验,若校验请求未通过签名校验,判断校验请求未通过有效性校验,则不需要对校验请求进行时间校验。Certainly, the embodiment of the present application may perform time verification on the verification request and then perform signature verification on the verification request. If the time verification fails, and the verification request fails to pass the validity check, the verification is not required. Request to perform signature verification; you can also perform signature verification on the verification request before verifying the request. The time check is performed. If the verification request does not pass the signature check and it is determined that the verification request has not passed the validity check, the time verification of the verification request is not required.
当然,上述有效性校验只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他有效性校验,本申请实施例对此不加以限制。另外,除了上述有效性校验外,本领域技术人员还可以根据实际需要采用其它有效性校验,本申请实施例对此也不加以限制。Of course, the foregoing validity check is only an example. When the embodiment of the present application is implemented, other validity check may be set according to the actual situation, which is not limited by the embodiment of the present application. In addition, in addition to the above-mentioned validity check, other validity check can be used by those skilled in the art according to actual needs, and the embodiment of the present application does not limit this.
子步骤S32,当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;Sub-step S32, when the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
当通过校验请求的有效性校验时,可以表示该校验请求是由第一服务器发送的且不经过篡改的,第二服务器可以校验第一字符串与第一密码是否相同。When the validity check of the verification request is passed, it may be indicated that the verification request is sent by the first server and has not been tampered with, and the second server may check whether the first character string is identical to the first password.
在本申请的一种优选实施例中,子步骤S32可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S32 may include the following sub-steps:
子步骤S321,对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符串;Sub-step S321, performing decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
在具体实现中,与子步骤S11相对应地,第二服务器可以对第一密文进行解密处理,获取明文形式的第一用户标识和第一字符串。In a specific implementation, the second server may perform a decryption process on the first ciphertext to obtain the first user identifier and the first character string in a plaintext form, corresponding to the sub-step S11.
在本申请实施例的一种优选示例中,子步骤S321可以包括以下子步骤:In a preferred example of the embodiment of the present application, the sub-step S321 may include the following sub-steps:
子步骤S3211,采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和所述第一字符串。Sub-step S3211: decrypting the first ciphertext by using the target key to obtain the first user identifier and the first character string.
在本示例中,与子步骤S111相对应地,第二服务器可以采用对称加密的方式进行第二解密处理。In this example, corresponding to sub-step S111, the second server may perform the second decryption process in a symmetric encryption manner.
在具体实现中,第二服务器可以采用在先约定的目标密钥和解密的算法进行解密。In a specific implementation, the second server may decrypt using the previously agreed target key and the decrypted algorithm.
当然,本申请实施例还可以采用其他方式,例如非对称加密,进行解密处理,本申请实施例对此也不加以限制。Of course, the embodiment of the present application may also perform decryption processing by using other methods, such as asymmetric encryption, which is not limited in this embodiment of the present application.
子步骤S322,查找与所述第一用户标识关联的第二用户标识;Sub-step S322, searching for a second user identifier associated with the first user identifier;
第二用户标识可以为能够代表一个在第二服务器中唯一确定的用户的信息,可以包括用户账号、与用户账号绑定的信息中的至少一种;而 与用户账号绑定的信息可以包括如下至少一种:The second user identifier may be information capable of representing a user uniquely determined in the second server, and may include at least one of a user account and information bound to the user account; The information bound to the user account may include at least one of the following:
其他用户账号、邮箱、电话号码、名称。Other user accounts, email addresses, phone numbers, names.
在具体实现中,第一用户标识和第二用户标识在相同、相似或相互绑定时,可以认为存在关联关系,可以表明该第一用户标识和该第二用户标识标识同一个用户。In a specific implementation, when the first user identifier and the second user identifier are the same, similar, or mutually bound, the first user identifier and the second user identifier may be the same user.
例如,若作为第一用户标识的用户账号为abc,作为第二用户标识的用户账号为abc或者abc_001等,则可以认为第一用户标识和第二用户标识存在关联。For example, if the user account that is the first user identifier is abc, and the user account that is the second user identifier is abc or abc_001, the first user identifier and the second user identifier may be considered to be associated.
又例如,若作为第一用户标识的用户账号与第二用户标识的用户账号为相互绑定的账号,则可以认为第一用户标识和第二用户标识存在关联。For example, if the user account that is the first user identifier and the user account that is the second user identifier are mutually bound accounts, the first user identifier and the second user identifier may be considered as being associated.
又例如,若作为第一用户标识的邮箱为abc@abc.com,作为第二用户标识的邮箱为abc@abc.com,则可以认为第一用户标识和第二用户标识存在关联。For example, if the mailbox as the first user identifier is abc@abc.com and the mailbox as the second user identifier is abc@abc.com, the first user identifier and the second user identifier may be considered as being associated.
需要说明的是,本申请实施例可以采用一个用户标识、两个用户标识甚至更多的用户标识进行关联性判断,以提高第一用户标识和第二用户标识关联判断的准确性。It should be noted that, in this embodiment, a user identifier, two user identifiers, or even more user identifiers may be used for association determination to improve the accuracy of the first user identifier and the second user identifier association judgment.
其中,所述第二用户标识具有关联的第一密码,该第一密码可以包括账号密码和独立密码中的至少一个。The second user identifier has an associated first password, and the first password may include at least one of an account password and an independent password.
当第一字符串请求设置为账户密码时,则可以提取第二用户标识对应的账户密码进行校验,当然,也可以提取第二用户标识对应的独立密码进行校验,本申请实施例对此不加以限制;When the first string request is set to the account password, the account password corresponding to the second user identifier may be extracted for verification. Of course, the independent password corresponding to the second user identifier may be extracted for verification. No restrictions;
当第一字符串请求设置为独立密码时,则可以提取第二用户标识对应的独立密码进行校验,当然,也可以提取第二用户标识对应的账号密码进行校验,本申请实施例对此不加以限制。When the first string request is set to an independent password, the independent password corresponding to the second user identifier may be extracted for verification. Of course, the account password corresponding to the second user identifier may be extracted for verification. No restrictions.
子步骤S323,校验所述第一字符串与所述第一密码是否相同。Sub-step S323, verifying whether the first character string is the same as the first password.
在实际应用中,若第一密码以明文的形式保存,则可以直接校验第一字符串与第一密码是否相同。In an actual application, if the first password is saved in plain text, it can be directly verified whether the first string is the same as the first password.
若第一密码以密文的形式保存,则可以将第一密码转换成明文的形式, 校验第一字符串与明文形式的第一密码是否相同;也可以将第一字符串转换成密文的形式,校验密文形式的第一字符串与第一密码是否相同,本申请实施例对此不加以限制。If the first password is stored in cipher text, the first password can be converted into a plaintext form. Check whether the first character string is the same as the first password in the plain text format. The first character string may be converted into the cipher text form, and the first character string in the cipher text format is the same as the first password. This example does not limit this.
在本申请实施例的一种优选示例中,子步骤S323可以包括以下子步骤:In a preferred example of the embodiment of the present application, the sub-step S323 may include the following sub-steps:
子步骤S3231,采用第一特征密钥对所述第一字符串进行加密,获得第二密文;Sub-step S3231: encrypting the first character string by using a first feature key to obtain a second ciphertext;
子步骤S3232,校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;Sub-step S3232, verifying whether the second ciphertext is the same as the third ciphertext; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
子步骤S3233,当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;Sub-step S3233, when the second ciphertext is the same as the third ciphertext, determining that the first character string is the same as the first password;
子步骤S3234,当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。Sub-step S3234, when the second ciphertext is different from the third ciphertext, determining that the first character string is different from the first password.
在本示例中,第二服务器可以具有专属的加密密钥(即第一特征密钥),用以对第二网站中的密码进行加密,以密文的形式存储密码,以确保第二服务器中密码的安全性。In this example, the second server may have a dedicated encryption key (ie, a first feature key) for encrypting the password in the second website, storing the password in the form of ciphertext to ensure the second server Password security.
在具体实现中,第二服务器可以采用第一特征密钥,以与第三密文相同的加密方式对第一字符串加密,校验密文形式的第一字符串与密文形式的第一密码是否相同。In a specific implementation, the second server may use the first feature key to encrypt the first string in the same encryption manner as the third ciphertext, and verify the first string in the cipher text form and the first in the cipher text form. Is the password the same?
子步骤S33,当所述第一字符串与所述第一密码相同时,则将所述第一字符串与所述第一密码相同的信息设置为校验结果;Sub-step S33, when the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
子步骤S34,当所述第一字符串与所述第一密码相异时,则将所述第一字符串与所述第一密码相异的信息设置为校验结果。Sub-step S34, when the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
在具体实现中,当第一字符串与第一密码相同时,生成的校验结果可以包括第一字符串与第一密码相同的信息;当第一字符串与第一密码相异时,生成的校验结果可以包括第一字符串与第一密码相异的信息。In a specific implementation, when the first character string is the same as the first password, the generated verification result may include the same information of the first character string and the first password; when the first character string is different from the first password, the generated The verification result may include information that the first character string is different from the first password.
第二服务器校验第一字符串与第一密码是否相同,获得校验结果,把校验结果返回给第一服务器。The second server verifies whether the first character string is the same as the first password, obtains a verification result, and returns the verification result to the first server.
步骤105,当所述校验结果为所述第一字符串与所述第一密码相异时, 将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。Step 105: When the verification result is that the first character string is different from the first password, Setting the first character string as the second password of the first user identifier in the first server.
当校验结果为第一字符串与第一密码相异的信息时,可以表示第一用户标识在第二服务器中没有存在与第一字符串相同的密码,第一服务器可以把第一字符串设置为第一用户标识在第一服务器中的第二密码。When the verification result is the information that the first character string is different from the first password, it may indicate that the first user identifier does not have the same password as the first character string in the second server, and the first server may use the first string. Set to the first password of the first user in the first server.
在本申请的一种优选实施例中,所述第一字符串可以符合第一条件和第二条件中的至少一个条件;In a preferred embodiment of the present application, the first character string may meet at least one of the first condition and the second condition;
其中,所述第一条件可以为所述第一字符串满足预设的强度条件;The first condition may be that the first character string satisfies a preset strength condition;
在具体实现中,第一服务器可以预设密码的强度条件,增强密码的安全性,降低“暴力破解”的几率,在用户输入的第一字符串满足强度条件时,允许将第一字符串设置为密码。In a specific implementation, the first server may preset the strength condition of the password, enhance the security of the password, reduce the probability of “brute force cracking”, and allow the first string to be set when the first character string input by the user satisfies the strength condition. For the password.
例如,第一服务器可以设定第一字符串的长度,如可以设定第一字符串的长度需要为8位或8位以上,如果第一字符串的位数没有满足长度要求(如第一字符串为7位),第一服务器可以提示用户输入的第一字符串不满足强渡要求,需要重新输入。For example, the first server may set the length of the first string, for example, the length of the first string may be set to be 8 bits or more, if the number of bits of the first string does not meet the length requirement (such as the first The string is 7 digits. The first server can prompt the user to input the first string that does not meet the strong requirements and needs to be re-entered.
第一服务器也可以设定用户输入的第一字符串需要由数字、字符和英文字母(包括大小写)中的至少一个组合,假设该第一字符串需要由数字和英文字符组合,若第一字符串由纯数字或纯英文字母组成,则第一服务器可以提示用户输入的第一字符串不符合强度要求,需要重新输入。The first server may also set the first character string input by the user to be combined by at least one of a number, a character, and an English letter (including capitalization), assuming that the first character string needs to be combined by a number and an English character, if the first The string consists of pure numbers or pure English letters. The first server can prompt the user to enter the first string that does not meet the strength requirements and needs to be re-entered.
当然,上述强度条件只是作为示例,在实施本申请实施例时,本领域技术人员根据实际需要设置其他的强度条件,本申请实施例对此不加以限制。Of course, the above-mentioned strength conditions are only examples. In the implementation of the embodiments of the present application, other strength conditions are set by the person skilled in the art according to actual needs, which is not limited by the embodiment of the present application.
所述第二条件可以为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition may be that the first character string is different from the first second password of the first user identifier in the first server.
在非首次设置密码的情况中,第一用户标识可能在第一服务器中在先存在至少一个密码,为了进一步增强密码的安全性,避免在先密码的泄露对当前的密码造成安全隐患,第一服务器可以设定用户在设置密码时,输入的第一字符串不能够与在先存在的密码相同,具体可以包括前一个密码或者某一段时间内的密码,本申请实施例对此不加以限制。 In the case that the password is not set for the first time, the first user identifier may have at least one password in the first server. In order to further enhance the security of the password, the leakage of the previous password is prevented from causing a security risk to the current password. The server can set the first character string that is input by the user when the password is set to be the same as the password that exists in the previous one, and can include the previous password or the password in a certain period of time.
若用户输入的第一字符串与在先存在的密码相同,第一服务器可以提示用户该第一字符串已经存在,需要重新输入。If the first character string input by the user is the same as the pre-existing password, the first server may prompt the user that the first character string already exists and needs to be re-entered.
需要说明的是,本申请实施例中可以在第一字符串设置为密码之前的任意时刻进行第一字符串是否符合第一条件和第二条件的判断。It should be noted that, in the embodiment of the present application, whether the first character string meets the first condition and the second condition may be determined at any time before the first character string is set as the password.
例如,可以在发送校验请求之前进行第一字符串是否符合第一条件的判断,在获得校验结果之后进行第一字符串是否符合第二条件的判断。For example, it may be determined whether the first character string meets the first condition before the verification request is sent, and whether the first character string meets the second condition is determined after the verification result is obtained.
又例如,可以在发送校验请求之前进行第一字符串是否符合第一条件和第二条件的判断。For another example, it may be determined whether the first character string meets the first condition and the second condition before transmitting the verification request.
又例如,可以在获得校验结果之后进行第一字符串是否符合第一条件和第二条件的判断,等等,本申请实施例对此不加以限制。For example, the determination of whether the first character string meets the first condition and the second condition may be performed after the verification result is obtained, and the like, which is not limited by the embodiment of the present application.
本申请实施例中,第一服务器根据密码的设置请求中的第一用户标识和第一密码生成校验请求,请求一个或多个第二服务器进行是否存在相同密码的校验,当第一服务器接收到第一字符串与第一用户标识在第二服务器中对应的第一密码相异的校验结果时,把第一字符串设置为第一用户标识在第一服务器中的第二密码,进而确保同一用户不会在不同的服务器中设置相同的密码,提高了密码的强度,大大降低了用户在某个服务器中的账号和密码泄露时对当前服务器中的账号和密码的影响,进而提高了用户个人信息的安全性。In the embodiment of the present application, the first server requests the one or more second servers to perform verification of the same password according to the first user identifier and the first password generation verification request in the password setting request, when the first server When receiving the verification result that the first character string is different from the first password corresponding to the first user identifier in the second server, setting the first character string as the second password of the first user identifier in the first server, In addition, it ensures that the same user does not set the same password in different servers, which increases the strength of the password, greatly reduces the impact of the account and password leaked by the user on the current server and the password on the current server. The security of the user's personal information.
在第一服务器和第二服务器的交互过程中,第二服务器并不需要知道第一服务器的第二特征密钥,第一服务器也无不需要第二服务器的第一特征密钥,第一服务器和第二服务器依然各自维护自己的特征密钥,保证了特征密钥的隐私性。During the interaction between the first server and the second server, the second server does not need to know the second feature key of the first server, and the first server does not need the first feature key of the second server, the first server and The second server still maintains its own feature key, which ensures the privacy of the feature key.
在本申请的一种优选实施例中,所述的方法还可以包括以下步骤:In a preferred embodiment of the present application, the method may further include the following steps:
步骤106,当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。Step 106: When the verification result is that the first character string is the same as the first password, generate prompt information for resetting the password.
在本申请实施例中,当第一服务器接收到的校验结果是第一字符串与第一密码相同时,可以表示第二服务器中存在与第一字符串相同的密码,第一服务器可以生成提示用户重新设置密码的信息,提示用户需要重新设置密 码。In the embodiment of the present application, when the verification result received by the first server is that the first character string is the same as the first password, the password may be the same as the first character string in the second server, and the first server may generate Prompt the user to reset the password information, prompting the user to reset the password code.
在本申请的一种优选实施例中,所述的方法还可以包括以下步骤:In a preferred embodiment of the present application, the method may further include the following steps:
步骤107,采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;Step 107: Encrypt the second password by using the second feature key to obtain a fourth ciphertext;
步骤108,将所述第四密文存储在数据库中。Step 108: Store the fourth ciphertext in a database.
在本申请实施例中,第一服务器可以具有专属于的加密密钥(即第二特征密钥),第一服务器可以采用第二特征密钥对第二密码进行加密,生成第四密文,把第二密码以密文的形式存储在数据库中,保证了密码的安全性。In the embodiment of the present application, the first server may have a specific encryption key (ie, a second feature key), and the first server may encrypt the second password by using the second feature key to generate a fourth ciphertext. The second password is stored in the database in the form of ciphertext, which ensures the security of the password.
参照图2,示出了本申请的一种密码的设置方法实施例2的步骤流程图,具体可以包括如下步骤:Referring to FIG. 2, a flow chart of the steps of Embodiment 2 of the method for setting a password of the present application is shown. Specifically, the method may include the following steps:
步骤201,在第二服务器中接收由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;Step 201: Receive a verification request sent by the first server in the second server. The verification request is a first user identifier in the setting request when the first server receives the setting request of the password. And a verification request generated by the first string;
在本申请的一种优选实施例中,所述设置请求可以包括第一用户标识和第一字符串;则第一服务器可以通过以下步骤生成校验请求:In a preferred embodiment of the present application, the setting request may include a first user identifier and a first character string; then the first server may generate a verification request by the following steps:
子步骤S41,对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;Sub-step S41, performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
在本申请的一种优选实施例中,子步骤S41可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S41 may comprise the following sub-steps:
子步骤S411,采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。Sub-step S411, encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
子步骤S42,对所述第一密文进行第二加密处理,获得数字签名;Sub-step S42, performing a second encryption process on the first ciphertext to obtain a digital signature;
在本申请的一种优选实施例中,子步骤S42可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S42 may include the following sub-steps:
子步骤S421,采用指定的私钥对所述第一密文进行加密,获得数字签名。Sub-step S421, encrypting the first ciphertext with a specified private key to obtain a digital signature.
子步骤S43,将所述第一密文和所述数字签名封装进校验请求中。Sub-step S43, the first ciphertext and the digital signature are encapsulated into a verification request.
在本申请的一种优选实施例中,所述校验请求由所述第一服务器通过指定的加密传输方式发送。 In a preferred embodiment of the present application, the verification request is sent by the first server by a specified encrypted transmission mode.
步骤202,根据所述校验请求获得校验结果;Step 202: Obtain a verification result according to the verification request.
所述校验结果可以为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;The verification result may be a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same;
在本申请的一种优选实施例中,步骤202可以包括以下子步骤:In a preferred embodiment of the present application, step 202 can include the following sub-steps:
子步骤S51,对所述校验请求进行有效性校验;所述有效性校验可以包括时间校验和签名校验中的至少一种;Sub-step S51, performing a validity check on the verification request; the validity check may include at least one of a time check and a signature check;
在本申请的一种优选实施例中,所述校验请求可以包括第一时间戳;所述第二服务器可以具有第二时间戳;子步骤S51可以包括以下子步骤:In a preferred embodiment of the present application, the verification request may include a first timestamp; the second server may have a second timestamp; and the sub-step S51 may include the following sub-steps:
子步骤S511,计算所述第一时间戳与所述第二时间戳的差值;Sub-step S511, calculating a difference between the first timestamp and the second timestamp;
子步骤S512,当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。Sub-step S512, when the difference is within a preset time threshold, determining that the verification request passes the time check.
在本申请的一种优选实施例中,子步骤S51可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S51 may comprise the following sub-steps:
子步骤S513,对所述第一密文进行第三加密处理,获得第二字符串;Sub-step S513, performing a third encryption process on the first ciphertext to obtain a second character string;
子步骤S514,当所述第二字符串与所述数字签名相同时,判断所述校验请求通过签名校验。Sub-step S514, when the second character string is the same as the digital signature, it is determined that the verification request passes the signature verification.
在本申请的一种优选实施例中,子步骤S513可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S513 may include the following sub-steps:
子步骤S5131,采用指定的公钥对所述第一密文进行加密,获得第二字符串。Sub-step S5131, encrypting the first ciphertext by using a specified public key to obtain a second character string.
子步骤S52,当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;Sub-step S52, when the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
在本申请的一种优选实施例中,子步骤S52可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S52 may include the following sub-steps:
子步骤S521,对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符串;Sub-step S521, performing decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
在本申请的一种优选实施例中,子步骤S521可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S521 may include the following sub-steps:
子步骤S5211,采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和所述第一字符串。Sub-step S5211, decrypting the first ciphertext by using the target key to obtain the first user identifier and the first character string.
子步骤S522,查找与所述第一用户标识关联的第二用户标识;所述第二用户标识具有关联的第一密码; Sub-step S522, searching for a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
子步骤S523,校验所述第一字符串与所述第一密码是否相同。Sub-step S523, verifying whether the first character string is the same as the first password.
在本申请的一种优选实施例中,子步骤S53可以包括以下子步骤:In a preferred embodiment of the present application, sub-step S53 may comprise the following sub-steps:
子步骤S531,采用第一特征密钥对所述第一字符串进行加密,获得第二密文;Sub-step S531, encrypting the first character string by using a first feature key to obtain a second ciphertext;
子步骤S532,校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;Sub-step S532, verifying whether the second ciphertext and the third ciphertext are the same; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
子步骤S533,当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;Sub-step S533, when the second ciphertext is the same as the third ciphertext, determining that the first character string is the same as the first password;
子步骤S534,当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。Sub-step S534, when the second ciphertext is different from the third ciphertext, determining that the first character string is different from the first password.
子步骤S53,当所述第一字符串与所述第一密码相同时,将所述第一字符串与所述第一密码相同的信息设置为校验结果;Sub-step S53, when the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
子步骤S54,当所述第一字符串与所述第一密码相异时,将所述第一字符串与所述第一密码相异的信息设置为校验结果。Sub-step S54, when the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
步骤203,将所述校验结果返回所述第一服务器;Step 203: Return the verification result to the first server.
在具体实现中,所述第一服务器可以用于在所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。In a specific implementation, the first server may be configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user Identifying a second password in the first server.
在本申请的一种优选实施例中,所述第一字符串可以符合第一条件和第二条件中的至少一个条件;In a preferred embodiment of the present application, the first character string may meet at least one of the first condition and the second condition;
其中,所述第一条件可以为所述第一字符串满足预设的强度条件;The first condition may be that the first character string satisfies a preset strength condition;
所述第二条件可以为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition may be that the first character string is different from the first second password of the first user identifier in the first server.
在本申请的一种优选实施例中,所述第一服务器还用于在所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。In a preferred embodiment of the present application, the first server is further configured to generate prompt information for resetting the password when the verification result is that the first character string is the same as the first password.
在本申请的一种优选实施例中,所述第一服务器还用于采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;将所述第四密文存储在数据库中。 In a preferred embodiment of the present application, the first server is further configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext; storing the fourth ciphertext In the database.
在本申请实施例中,由于与方法实施例1的应用基本相似,所以描述的比较简单,相关之处参见方法实施例1的部分说明即可,本申请实施例在此不加以详述。In the embodiment of the present application, the application is substantially similar to the application of the method embodiment 1, and the description is relatively simple. For the related part, refer to the description of the method embodiment 1. The embodiment of the present application is not described in detail herein.
为使本领域技术人员更好地理解本申请实施例,以下通过具体示例进行说明。In order to enable those skilled in the art to better understand the embodiments of the present application, the following description is by way of specific examples.
某用户在第一服务器中的用户名为SkyWen(第一用户标识),原密码为cba321,现请求把abc123(第一字符串)设置为对应的密码,则第一服务器可以请求第二服务器进行密码校验。The user name of the user in the first server is SkyWen (first user ID), the original password is cba321, and now requests to set abc123 (the first string) to the corresponding password, the first server can request the second server to perform Password verification.
第一服务器接收到用户输入的SkyWen和abc123,第一服务器可以采用预先与第二服务器约定的密钥UJHUSHUY(目标密钥)对SkyWen和abc123进行加密,加密后的用户名SkyWen为AAB76115CB4379D0(第一密文),加密后的字符串abc123为D559B76EEE41C613(第一密文)。The first server receives the SkyWen and abc123 input by the user, and the first server may encrypt the SkyWen and the abc123 by using the key UJHUSHUY (target key) agreed with the second server in advance, and the encrypted user name SkyWen is AAB76115CB4379D0 (first Ciphertext), the encrypted string abc123 is D559B76EEE41C613 (first ciphertext).
第一服务器可以与第二服务器预先约定好生产数字签名的私钥RSA私钥(指定私钥)和验证数字签名的公钥RSA公钥(指定公钥)。The first server may pre-arrange with the second server to produce a digitally signed private key RSA private key (specified private key) and a digitally verified public key RSA public key (designated public key).
约定的RSA私钥如下:The agreed RSA private key is as follows:
<RSAKeyValue><Modulus>14WXrrULUY/x1CilapBr1l5CQIjG8IxFAP7upJPIPsObgeO8YhzGApYh+7U6qXvYbkvu6C901NSOwRMWpjKcpMx4/ZwdX4jDlgaV6uD6JtNUNzpHtYcrZ60SJgnKtD9vIoQKo75P1C8/OBm1FA/Ei6mTWfuydHwNYDoPh0aW1E0=</Modulus><Exponent>AQAB</Exponent><P>9tHYz/hssi0jFuNUQQdqCytp8JBiJsT2nnmWaiQh5fKpIxRP2h6YNuuWqnVQR53NLrJhv6vwE45SaCL8J7CC/w==</P><Q>34m8ROF4PtXkpkpazxYIpOLPixWuMm+rWVW6XzOb/wA5McFnsUNNqY091uaxs5gd/bnJQXr4rkzT1Kw1/iDEsw==</Q><DP>ZuuaPR6aNLIdr62btIIi9gVkZ6vNQd1f+TU6Q4hNmlVVsgsGQS4AyuXyLaI9l591r8Myf3py4bS3KDVucB5qgQ==</DP><DQ>BFsNtRXjnu3SB795J4HZZ0UYIDCq9Uahwxrdh89cocpiUure12BlWgFrjA1wtvwm0XPWTRVVVSggFIvKfYor6w==</DQ><InverseQ>FhUOB x2YvqX18lsF4t8ox6QX7nMfd4cV4Fd7p1BLheyVbABaTbHllhwRVpArM5qeZmRqsN3iX15DS1FEEpDamw==</InverseQ><D>bbj4qRxIv+RttJpg5KjUDdX9GsfHqG1xL/mZ2zXVi4agY/diT/zgHi767B+u1txTKowD/Dc03qm8Z7VlIYXA0wJDpJTAmOgrQwVCSLmjsx4GIxHrT6Hf8XW/qbvfC2azvSWLZvjiwyFdxRSpvBe1KSWuTi+F3cQUkAtLtksx580=</D></RSAKeyValue><RSAKeyValue> <Modulus> 14WXrrULUY / x1CilapBr1l5CQIjG8IxFAP7upJPIPsObgeO8YhzGApYh + 7U6qXvYbkvu6C901NSOwRMWpjKcpMx4 / ZwdX4jDlgaV6uD6JtNUNzpHtYcrZ60SJgnKtD9vIoQKo75P1C8 / OBm1FA / Ei6mTWfuydHwNYDoPh0aW1E0 = </ Modulus> <Exponent> AQAB </ Exponent> <P> 9tHYz / hssi0jFuNUQQdqCytp8JBiJsT2nnmWaiQh5fKpIxRP2h6YNuuWqnVQR53NLrJhv6vwE45SaCL8J7CC / w == </ P> <Q> 34m8ROF4PtXkpkpazxYIpOLPixWuMm + rWVW6XzOb / wA5McFnsUNNqY091uaxs5gd / bnJQXr4rkzT1Kw1 / iDEsw == </ Q> <DP> ZuuaPR6aNLIdr62btIIi9gVkZ6vNQd1f + TU6Q4hNmlVVsgsGQS4AyuXyLaI9l591r8Myf3py4bS3KDVucB5qgQ == </ DP> <DQ> BFsNtRXjnu3SB795J4HZZ0UYIDCq9Uahwxrdh89cocpiUure12BlWgFrjA1wtvwm0XPWTRVVVSggFIvKfYor6w == </ DQ> <InverseQ> FhUOB x2YvqX18lsF4t8ox6QX7nMfd4cV4Fd7p1BLheyVbABaTbHllhwRVpArM5qeZmRqsN3iX15DS1FEEpDamw == </ InverseQ> <D> bbj4qRxIv + RttJpg5KjUDdX9GsfHqG1xL / mZ2zXVi4agY / diT / zgHi767B + u1txTKowD / Dc03qm8Z7VlIYXA0wJDpJTAmOgrQwVCSLmjsx4GIxHrT6Hf8XW / qbvfC2azvSWLZvjiwyFdxRSpvBe1KSWuTi + F3cQUkAtLtksx580 = </ D> </ RSAKeyValue>
约定的RSA公钥如下:The agreed RSA public key is as follows:
<RSAKeyValue><Modulus>14WXrrULUY/x1CilapBr1l5CQIjG8IxFAP7upJPIPsObgeO8YhzGApYh+7U6qXvYbkvu6C901NSOwRMWpjKcpMx4/ZwdX4jDlgaV6uD6JtNUNzpHtYcrZ60SJgnKtD9vIoQKo75P1C8/OBm1FA/Ei6mTWfuydHwNYDoPh0aW1E0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue><RSAKeyValue> <Modulus> 14WXrrULUY / x1CilapBr1l5CQIjG8IxFAP7upJPIPsObgeO8YhzGApYh + 7U6qXvYbkvu6C901NSOwRMWpjKcpMx4 / ZwdX4jDlgaV6uD6JtNUNzpHtYcrZ60SJgnKtD9vIoQKo75P1C8 / OBm1FA / Ei6mTWfuydHwNYDoPh0aW1E0 = </ Modulus> <Exponent> AQAB </ Exponent> </ RSAKeyValue>
第一服务器可以利用RSA私钥对AAB76115CB4379D0和D559B76EEE41C613进而再次加密,生成数字签名,生成的数字签名如下:The first server can use the RSA private key to re-encrypt the AAB76115CB4379D0 and D559B76EEE41C613 to generate a digital signature. The generated digital signature is as follows:
B866CC139585766D95E0BD75B53EF3E4A81CF4509D7066A2D62FDD03F8BA21AF6062C0B734C4FBBA5787496B3F4A63FBAD08C640F919DA71F30CC53C93B859C32D4DB81AE714717DDF9564E4D5DD25868B48ACC0748E15F2BB562411B419C6032D11050C1C47669606A65413885CB0A1C41422B9B045A29CF22B02CDB10A4C98B866CC139585766D95E0BD75B53EF3E4A81CF4509D7066A2D62FDD03F8BA21AF6062C0B734C4FBBA5787496B3F4A63FBAD08C640F919DA71F30CC53C93B859C32D4DB81AE714717DDF9564E4D5DD25868B48ACC0748E15F2BB562411B419C6032D11050C1C47669606A65413885CB0A1C41422B9B045A29CF22B02CDB10A4C98
第一服务器可以将加密后的用户名、加密后的第一字符串和数字签名封装,生成校验请求。The first server may encapsulate the encrypted username, the encrypted first string, and the digital signature to generate a verification request.
第一服务器向第二服务器发送校验请求时,可以将发送校验请求时的时间戳1407394800082添加到URL中,封装进校验请求。When the first server sends a verification request to the second server, the time stamp 1407394800082 when the verification request is sent may be added to the URL to be encapsulated into the verification request.
第一服务器可以通过HTTPS协议将校验请求发送给第二服务器,其中,生成的URL如下:The first server may send the verification request to the second server through the HTTPS protocol, where the generated URL is as follows:
https://xxxx.com/xxx.do?sign=B866CC139585766D95E0BD75B53EF3E4A81CF4509D7066A2D62FDD03F8BA21AF6062C0B734C4FBBA5787496B3F4A63FBAD08C640F919DA71F30CC53C93B859C32D4DB81AE7147 17DDF9564E4D5DD25868B48ACC0748E15F2BB562411B419C6032D11050C1C47669606A65413885CB0A1C41422B9B045A29CF22B02CDB10A4C98&user_name=AAB76115CB4379D0&user_pass=D559B76EEE41C613&request_time=1407394800082Https://xxxx.com/xxx.do? Sign=B866CC139585766D95E0BD75B53EF3E4A81CF4509D7066A2D62FDD03F8BA21AF6062C0B734C4FBBA5787496B3F4A63FBAD08C640F919DA71F30CC53C93B859C32D4DB81AE7147 17DDF9564E4D5DD25868B48ACC0748E15F2BB562411B419C6032D11050C1C47669606A65413885CB0A1C41422B9B045A29CF22B02CDB10A4C98&user_name=AAB76115CB4379D0&user_pass=D559B76EEE41C613&request_time=1407394800082
第二服务器接收到第一服务器发送的校验请求时,可以利用System.currentTimeMillis()方法获得本地系统的时间戳A,时间戳A表示第二服务器接收到校验请求的时间。When the second server receives the verification request sent by the first server, the timestamp A of the local system may be obtained by using the System.currentTimeMillis() method, and the timestamp A indicates the time when the second server receives the verification request.
第二服务器可以预先设置一个时间阈值,如设置的时间阈值为30s。The second server may preset a time threshold, such as a set time threshold of 30 s.
那么,当A-1407394800082<30,则表明校验请求通过时间校验。Then, when A-1407394800082<30, it indicates that the verification request passes the time check.
时间校验通过后,利用RSA公钥加密AAB76115CB4379D0和D559B76EEE41C613,生成的字符串如下:After the time check is passed, the AAB76115CB4379D0 and D559B76EEE41C613 are encrypted with the RSA public key, and the generated string is as follows:
B866CC139585766D95E0BD75B53EF3E4A81CF4509D7066A2D62FDD03F8BA21AF6062C0B734C4FBBA5787496B3F4A63FBAD08C640F919DA71F30CC53C93B859C32D4DB81AE714717DDF9564E4D5DD25868B48ACC0748E15F2BB562411B419C6032D11050C1C47669606A65413885CB0A1C41422B9B045A29CF22B02CDB10A4C98B866CC139585766D95E0BD75B53EF3E4A81CF4509D7066A2D62FDD03F8BA21AF6062C0B734C4FBBA5787496B3F4A63FBAD08C640F919DA71F30CC53C93B859C32D4DB81AE714717DDF9564E4D5DD25868B48ACC0748E15F2BB562411B419C6032D11050C1C47669606A65413885CB0A1C41422B9B045A29CF22B02CDB10A4C98
第二服务器通过比较利用RSA私钥生成的数字签名与利用RSA公钥生成的字符串相同,则可以表示校验请求确实由第一服务器发送过来的且不经过篡改的。The second server compares the digital signature generated by using the RSA private key with the character string generated by using the RSA public key, and can indicate that the verification request is actually sent by the first server and has not been tampered with.
第二服务器可以利用密钥UJHUSHUY对AAB76115CB4379D0和D559B76EEE41C613进行解密,得到用户名SkyWen和字符串abc1213。The second server can decrypt the AAB76115CB4379D0 and D559B76EEE41C613 by using the key UJHUSHUY to obtain the username SkyWen and the string abc1213.
第二服务器检测数据库中是否存在与SkyWen一致的用户名,如果不存在,则返回第一服务器服务器不存在用户名SkyWen的结果,第一服务器服务器可以将abc123设置为用户名SkyWen对应的密码,并利用第一服务器自己独有的密钥对abc123加密,生成密文,把密文存储在数据库中。The second server detects whether there is a user name consistent with SkyWen in the database, and if not, returns a result that the first server server does not have the user name SkyWen, and the first server server can set abc123 to the password corresponding to the user name SkyWen, and The abc123 is encrypted by using the unique key of the first server to generate a ciphertext, and the ciphertext is stored in the database.
如果第二服务器检测到数据库中存在用户名SkyWen,可以利用第二服务器独有的密钥LJHJGUUG加密abc123,并将加密后的abc123与数 据库中SkyWen的密码进行对比,若加密后的abc123和SkyWen的密码相同,返回第一服务器已经在第二服务器存在相同的密码的结果,第一服务器提示用户重新设置密码。If the second server detects that the user name SkyWen exists in the database, the abc123 can be encrypted by using the second server unique key LJHJGUUG, and the encrypted abc123 and the number According to the password of SkyWen in the library, if the passwords of the encrypted abc123 and SkyWen are the same, and the first server has returned the same password on the second server, the first server prompts the user to reset the password.
若加密后的abc123和SkyWen的密码不相同,返回第一服务器在第二服务器不存在相同的密码的结果。If the encrypted abc123 and SkyWen passwords are different, the result that the first server does not have the same password on the second server is returned.
若第一服务器设定设置为密码的字符串的长度需要6位或6位以上,且,包括至少一个英文字母和一个数字,则abc123符合该强度要求。If the first server sets the length of the character string set to the password to be 6 bits or more, and includes at least one English letter and one number, abc123 meets the strength requirement.
若第一服务器设定设置为密码的字符串与在先的密码不相同,而abc123与cba321不相同,符合该要求。If the first server sets the string set to the password to be different from the previous password, and abc123 is not the same as cba321, the requirement is met.
第一服务器可以将abc123设置为用户名SkyWen对应的密码,并利用第一服务器自己独有的密钥对abc123加密,生成密文,把密文存储在数据库中。The first server may set abc123 as the password corresponding to the user name SkyWen, and encrypt the abc123 by using the unique key of the first server to generate the ciphertext, and store the ciphertext in the database.
需要说明的是,对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请实施例并不受所描述的动作顺序的限制,因为依据本申请实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本申请实施例所必须的。It should be noted that, for the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the embodiments of the present application are not limited by the described action sequence, because In accordance with embodiments of the present application, certain steps may be performed in other sequences or concurrently. In the following, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required in the embodiments of the present application.
参照图3,示出了本申请一种密码的设置装置实施例1的结构框图,具体可以包括如下模块:Referring to FIG. 3, it is a structural block diagram of Embodiment 1 of a device for setting a password of the present application, which may specifically include the following modules:
设置请求接收模块301,用于在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;a setting request receiving module 301, configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
校验请求生成模块302,用于根据所述第一用户标识和所述第一字符串生成校验请求;The verification request generating module 302 is configured to generate a verification request according to the first user identifier and the first character string;
校验请求生发送模块303,用于将所述校验请求发送至一个或多个第二服务器;a verification request sending module 303, configured to send the verification request to one or more second servers;
校验结果接收模块304,用于接收所述一个或多个第二服务器返回的, 根据所述校验请求获得的校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result receiving module 304, configured to receive, returned by the one or more second servers, a verification result obtained according to the verification request; the verification result is obtained by verifying whether the first character string is the same as the first password corresponding to the first user identifier in the second server result;
密码设置模块305,用于当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。The password setting module 305 is configured to: when the verification result is that the first character string is different from the first password, set the first character string to be the first user identifier at the first The second password in the server.
在本申请的一种优选实施例中,所述校验请求生成模块302可以包括如下子模块:In a preferred embodiment of the present application, the verification request generating module 302 may include the following sub-modules:
第一密文获得子模块,用于对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;a first ciphertext obtaining submodule, configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
数字签名获得子模块,用于对所述第一密文进行第二加密处理,获得数字签名;a digital signature obtaining submodule, configured to perform a second encryption process on the first ciphertext to obtain a digital signature;
封装子模块,用于将所述第一密文和所述数字签名封装进校验请求中。And a packaging submodule, configured to encapsulate the first ciphertext and the digital signature into a verification request.
在本申请的一种优选实施例中,所述第一密文获得模块可以包括以下子模块:In a preferred embodiment of the present application, the first ciphertext obtaining module may include the following submodules:
对称加密子模块,用于采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And a symmetric ciphering module, configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
在本申请的一种优选实施例中,所述数字签名获得模块可以包括以下子模块:In a preferred embodiment of the present application, the digital signature obtaining module may include the following submodules:
第一非对称加密子模块,用于采用指定的私钥对所述第一密文进行加密,获得数字签名。The first asymmetric cipher module is configured to encrypt the first ciphertext by using a specified private key to obtain a digital signature.
在本申请的一种优选实施例中,所述校验请求生发送模块可以包括以下子模块:In a preferred embodiment of the present application, the verification request sending module may include the following submodules:
加密传输子模块,用于通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
在本申请的一种优选实施例中,所述一个或多个第二服务器可以通过以下方式获得校验结果:In a preferred embodiment of the present application, the one or more second servers may obtain the verification result by:
对所述校验请求进行有效性校验;所述有效性校验可以包括时间校验和签名校验中的至少一种; Performing a validity check on the verification request; the validity check may include at least one of a time check and a signature check;
当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;When the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
当所述第一字符串与所述第一密码相同时,将所述第一字符串与所述第一密码相同的信息设置为校验结果;When the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
当所述第一字符串与所述第一密码相异时,将所述第一字符串与所述第一密码相异的信息设置为校验结果。When the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
在本申请的一种优选实施例中,所述校验请求可以包括第一时间戳;所述第二服务器可以具有第二时间戳;所述一个或多个第二服务器可以通过以下方式对所述校验请求进行有效性校验:In a preferred embodiment of the present application, the verification request may include a first timestamp; the second server may have a second timestamp; the one or more second servers may Check the verification request for validity check:
计算所述第一时间戳与所述第二时间戳的差值;Calculating a difference between the first timestamp and the second timestamp;
当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。When the difference is within a preset time threshold, it is determined that the verification request passes the time check.
在本申请的一种优选实施例中,所述一个或多个第二服务器可以通过以下方式对所述校验请求进行有效性校验:In a preferred embodiment of the present application, the one or more second servers may perform validity verification on the verification request in the following manner:
对所述第一密文进行第三加密处理,获得第二字符串;Performing a third encryption process on the first ciphertext to obtain a second character string;
当所述第二字符串与所述数字签名相同时,判断所述校验请求通过签名校验。When the second character string is the same as the digital signature, it is determined that the verification request is verified by a signature.
在本申请的一种优选实施例中,所述一个或多个第二服务器可以通过以下方式获得第二字符串:In a preferred embodiment of the present application, the one or more second servers may obtain the second string by:
采用指定的公钥对所述第一密文进行加密,获得第二字符串。The first ciphertext is encrypted by using a specified public key to obtain a second character string.
在本申请的一种优选实施例中,所述一个或多个第二服务器可以通过以下方式校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同:In a preferred embodiment of the present application, the one or more second servers may verify that the first character string and the first user identifier correspond to a first one in the second server by: Is the password the same:
对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符串;Decrypting the first ciphertext to obtain the first user identifier and the first character string;
查找与所述第一用户标识关联的第二用户标识;所述第二用户标识具有关联的第一密码;Finding a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
校验所述第一字符串与所述第一密码是否相同。Verifying whether the first string is the same as the first password.
在本申请的一种优选实施例中,所述一个或多个第二服务器可以通过以下方式对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字 符串:In a preferred embodiment of the present application, the one or more second servers may perform decryption processing on the first ciphertext to obtain the first user identifier and the first word. String:
采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和所述第一字符串。Decrypting the first ciphertext by using the target key to obtain the first user identifier and the first character string.
在本申请的一种优选实施例中,所述一个或多个第二服务器可以通过以下方式校验所述第一字符串与所述第一密码是否相同:In a preferred embodiment of the present application, the one or more second servers may verify whether the first string is the same as the first password by:
采用第一特征密钥对所述第一字符串进行加密,获得第二密文;Encrypting the first character string by using a first feature key to obtain a second ciphertext;
校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;Verifying whether the second ciphertext is the same as the third ciphertext; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;When the second ciphertext is the same as the third ciphertext, determining that the first character string is the same as the first password;
当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。When the second ciphertext is different from the third ciphertext, it is determined that the first character string is different from the first ciphertext.
在本申请的一种优选实施例中,所述第一字符串可以符合第一条件和第二条件中的至少一个条件;In a preferred embodiment of the present application, the first character string may meet at least one of the first condition and the second condition;
其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
在本申请的一种优选实施例中,所述装置还可以包括:In a preferred embodiment of the present application, the device may further include:
提示信息生成模块,当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。The prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
在本申请的一种优选实施例中,所述装置还可以包括:In a preferred embodiment of the present application, the device may further include:
第四密文获得模块,用于采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;a fourth ciphertext obtaining module, configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext;
存储模块,用于将所述第四密文存储在数据库中。a storage module, configured to store the fourth ciphertext in a database.
参照图4,示出了本申请一种密码的设置装置实施例2的结构框图,具体可以包括如下模块:Referring to FIG. 4, a structural block diagram of Embodiment 2 of a device for setting a password of the present application is shown, which may specifically include the following modules:
校验请求接收模块401,校验请求接收模块,用于在第二服务器中接收 由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;a verification request receiving module 401, a verification request receiving module, configured to receive in the second server a verification request sent by the first server; the verification request is a check generated by the first server according to the first user identifier and the first character string in the setting request when the first server receives the setting request of the password request;
校验结果获得模块402,校验结果获得模块,用于根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result obtaining module 402, the verification result obtaining module, configured to obtain a verification result according to the verification request; the verification result is to verify that the first character string and the first user identifier are in the Whether the corresponding first password in the second server is the same;
校验结果返回模块403,用于将所述校验结果返回所述第一服务器;a verification result returning module 403, configured to return the verification result to the first server;
在具体实现中,所述第一服务器可以用于所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。In a specific implementation, the first server may be configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier. a second password in the first server.
在本申请的一种优选实施例中,所述设置请求可以包括第一用户标识和第一字符串;则第一服务器可以通过以下方式生成校验请求:In a preferred embodiment of the present application, the setting request may include a first user identifier and a first character string; then the first server may generate a verification request by:
对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;Performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
对所述第一密文进行第二加密处理,获得数字签名;Performing a second encryption process on the first ciphertext to obtain a digital signature;
将所述第一密文和所述数字签名封装进校验请求中。Encapsulating the first ciphertext and the digital signature into a verification request.
在本申请的一种优选实施例中,所述校验请求可以通过以下方式发送:In a preferred embodiment of the present application, the verification request can be sent by:
通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。The verification request is sent to one or more second servers by a specified encrypted transmission.
在本申请的一种优选实施例中,第一服务器可以通过以下方式获得第一密文:In a preferred embodiment of the present application, the first server may obtain the first ciphertext by:
采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers to obtain a first ciphertext.
在本申请的一种优选实施例中,第一服务器可以通过以下方式获得数字签名:In a preferred embodiment of the present application, the first server can obtain a digital signature by:
采用指定的私钥对所述第一密文进行加密,获得数字签名。The first ciphertext is encrypted with a specified private key to obtain a digital signature.
在本申请的一种优选实施例中,第一服务器可以通过以下方式发送校验请求: In a preferred embodiment of the present application, the first server may send a verification request in the following manner:
通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。The verification request is sent to one or more second servers by a specified encrypted transmission.
在本申请的一种优选实施例中,所述校验结果获得模块402可以包括以下子模块:In a preferred embodiment of the present application, the verification result obtaining module 402 may include the following sub-modules:
有效性校验子模块,用于对所述校验请求进行有效性校验;所述有效性校验包括时间校验和签名校验中的至少一种;a validity check submodule, configured to perform a validity check on the check request; the validity check includes at least one of a time check and a signature check;
第一校验子模块,用于当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;a first verification submodule, configured to: when the verification request passes the validity check, verify that the first character string and the first user identifier correspond to a first one in the second server Whether the passwords are the same;
第一校验结果设置子模块,用于当所述第一字符串与所述第一密码相同时,将所述第一字符串与所述第一密码相同的信息设置为校验结果;a first verification result setting submodule, configured to set, when the first character string is the same as the first password, information that is the same as the first password as a verification result;
第二校验结果设置子模块,用于当所述第一字符串与所述第一密码相异时,将所述第一字符串与所述第一密码相异的信息设置为校验结果。a second verification result setting submodule, configured to set, when the first character string is different from the first password, information that is different from the first password as a verification result .
在本申请的一种优选实施例中,所述校验请求可以包括第一时间戳;所述第二服务器可以具有第二时间戳;所述有效性校验子模块可以包括以下子模块:In a preferred embodiment of the present application, the verification request may include a first timestamp; the second server may have a second timestamp; the validity verification sub-module may include the following sub-modules:
时间戳差值计算子模块,用于计算所述第一时间戳与所述第二时间戳的差值;a timestamp difference calculation submodule, configured to calculate a difference between the first timestamp and the second timestamp;
第一判断子模块,用于当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。The first determining submodule is configured to determine that the verification request passes the time check when the difference is within a preset time threshold.
在本申请的一种优选实施例中,所述有效性校验子模块可以包括以下子模块:In a preferred embodiment of the present application, the validity check submodule may include the following submodules:
第二字符串获得子模块,用于对所述第一密文进行第三加密处理,获得第二字符串;a second string obtaining submodule, configured to perform a third encryption process on the first ciphertext to obtain a second character string;
第二判断子模块,用于当所述第二字符串与所述数字签名相同时,判断所述校验请求通过签名校验。The second determining submodule is configured to determine that the verification request passes the signature verification when the second character string is the same as the digital signature.
在本申请的一种优选实施例中,所述第二字符串获得子模块可以包括以下子模块:In a preferred embodiment of the present application, the second string obtaining submodule may include the following submodules:
第二非对称加密子模块,用于采用指定的公钥对所述第一密文进行加 密,获得第二字符串。a second asymmetric cipher submodule, configured to add the first ciphertext by using a specified public key Secret, get the second string.
在本申请的一种优选实施例中,所述第一校验模块可以包括以下子模块:In a preferred embodiment of the present application, the first verification module may include the following submodules:
第一密文加密子模块,用于对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符串;a first ciphertext encryption submodule, configured to perform decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
查找子模块,用于查找与所述第一用户标识关联的第二用户标识;所述第二用户标识具有关联的第一密码;a searching submodule, configured to search for a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
第二校验子模块,用于校验所述第一字符串与所述第一密码是否相同。The second parity module is configured to check whether the first string is the same as the first password.
在本申请的一种优选实施例中,所述第一密文加密子模块可以包括以下子模块:In a preferred embodiment of the present application, the first ciphertext encryption submodule may include the following submodules:
对称解密子模块,用于采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和所述第一字符串。And a symmetric decryption sub-module, configured to decrypt the first ciphertext by using the target key, to obtain the first user identifier and the first character string.
在本申请的一种优选实施例中,所述第二校验模块可以包括以下子模块:In a preferred embodiment of the present application, the second verification module may include the following submodules:
第二密文获得子模块,用于采用第一特征密钥对所述第一字符串进行加密,获得第二密文;a second ciphertext obtaining submodule, configured to encrypt the first character string by using a first feature key to obtain a second ciphertext;
第三校验子模块,用于校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;a third parity module, configured to check whether the second ciphertext and the third ciphertext are the same; the third ciphertext is obtained by encrypting the first password by using the first feature key Cipher text
第三判断子模块,用于当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;a third determining sub-module, configured to determine that the first character string is the same as the first password when the second ciphertext is the same as the third ciphertext;
第四判断子模块,用于当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。The fourth determining sub-module is configured to determine that the first character string is different from the first password when the second ciphertext is different from the third ciphertext.
在本申请的一种优选实施例中,所述第一字符串符合第一条件和第二条件中的至少一个条件;In a preferred embodiment of the present application, the first character string meets at least one of the first condition and the second condition;
其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
在本申请的一种优选实施例中,所述第一服务器可以通过以下方式生成 重新设置密码的提示信息:In a preferred embodiment of the present application, the first server may be generated by the following manner Tips for resetting the password:
当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。When the verification result is that the first character string is the same as the first password, the prompt information for resetting the password is generated.
在本申请的一种优选实施例中,所述第一服务器可以通过以下方式将所述第四密文存储在数据库中:In a preferred embodiment of the present application, the first server may store the fourth ciphertext in a database by:
采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;Encrypting the second password by using the second feature key to obtain a fourth ciphertext;
将所述第四密文存储在数据库中。The fourth ciphertext is stored in a database.
参照图5,示出了本申请一种密码设置的系统实施例的结构框图,所述包括第一服务器510和第二服务器520;Referring to FIG. 5, a block diagram of a system embodiment of a password setting according to the present application is shown, which includes a first server 510 and a second server 520;
其中,所述第一服务器510可以包括:The first server 510 may include:
设置请求接收模块511,用于在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;a setting request receiving module 511, configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
校验请求生成模块512,用于根据所述第一用户标识和所述第一字符串生成校验请求;a verification request generating module 512, configured to generate a verification request according to the first user identifier and the first character string;
校验请求生发送模块513,用于将所述校验请求发送至一个或多个第二服务器;a verification request sending module 513, configured to send the verification request to one or more second servers;
校验结果接收模块514,用于接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;The verification result receiving module 514 is configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request;
密码设置模块515,用于当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码;The password setting module 515 is configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier in the first The second password in the server;
所述一个或多个第二服务器520可以包括:The one or more second servers 520 can include:
校验请求接收模块521,用于在第二服务器中接收由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;a verification request receiving module 521, configured to receive, in the second server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the setting request a first user identifier and a verification request generated by the first string;
校验结果获得模块522,用于根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;所述校验结果包括所述第一字符串与 所述第一密码相异;a verification result obtaining module 522, configured to obtain a verification result according to the verification request; the verification result is to verify that the first character string and the first user identifier correspond to the second server Whether the first password is the same as obtained; the verification result includes the first string and The first passwords are different;
校验结果返回模块523,用于将所述校验结果返回所述第一服务器;所述第一服务器用于将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。a verification result returning module 523, configured to return the verification result to the first server; the first server is configured to set the first character string as the first user identifier on the first server The second password in .
在本申请的一种优选实施例中,所述校验请求生成模块512可以包括以下子模块:In a preferred embodiment of the present application, the verification request generating module 512 may include the following sub-modules:
第一密文获得子模块,用于对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;a first ciphertext obtaining submodule, configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
数字签名获得子模块,用于对所述第一密文进行第二加密处理,获得数字签名;a digital signature obtaining submodule, configured to perform a second encryption process on the first ciphertext to obtain a digital signature;
封装子模块,用于将所述第一密文和所述数字签名封装进校验请求中。And a packaging submodule, configured to encapsulate the first ciphertext and the digital signature into a verification request.
在本申请的一种优选实施例中,所述第一密文获得子模块可以包括以下子模块:In a preferred embodiment of the present application, the first ciphertext obtaining submodule may include the following submodules:
对称加密子模块,用于采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And a symmetric ciphering module, configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
在本申请的一种优选实施例中,所述数字签名获得子模块可以包括以下子模块:In a preferred embodiment of the present application, the digital signature obtaining submodule may include the following submodules:
第一非对称加密子模块,用于采用指定的私钥对所述第一密文进行加密,获得数字签名。The first asymmetric cipher module is configured to encrypt the first ciphertext by using a specified private key to obtain a digital signature.
在本申请的一种优选实施例中,所述校验请求生发送模块513可以包括以下子模块:In a preferred embodiment of the present application, the verification request sending module 513 may include the following sub-modules:
加密传输子模块,用于通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
在本申请的一种优选实施例中,所述第一字符串符合第一条件和第二条件中的至少一个条件;In a preferred embodiment of the present application, the first character string meets at least one of the first condition and the second condition;
其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
在本申请的一种优选实施例中,所述第一服务器510还可以包括: In a preferred embodiment of the present application, the first server 510 may further include:
提示信息生成模块,当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。The prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
在本申请的一种优选实施例中,所述第一服务器510还可以包括:In a preferred embodiment of the present application, the first server 510 may further include:
第四密文获得模块,用于采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;a fourth ciphertext obtaining module, configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext;
存储模块,用于将所述第四密文存储在数据库中。a storage module, configured to store the fourth ciphertext in a database.
在本申请的一种优选实施例中,所述校验结果获得模块522可以包括以下子模块:In a preferred embodiment of the present application, the verification result obtaining module 522 may include the following sub-modules:
有效性校验子模块,用于对所述校验请求进行有效性校验;所述有效性校验包括时间校验和签名校验中的至少一种;a validity check submodule, configured to perform a validity check on the check request; the validity check includes at least one of a time check and a signature check;
第一校验子模块,用于当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;a first verification submodule, configured to: when the verification request passes the validity check, verify that the first character string and the first user identifier correspond to a first one in the second server Whether the passwords are the same;
第一校验结果设置子模块,用于当所述第一字符串与所述第一密码相同时,将所述第一字符串与所述第一密码相同的信息设置为校验结果;a first verification result setting submodule, configured to set, when the first character string is the same as the first password, information that is the same as the first password as a verification result;
第二校验结果设置子模块,用于当所述第一字符串与所述第一密码相异时,将所述第一字符串与所述第一密码相异的信息设置为校验结果。a second verification result setting submodule, configured to set, when the first character string is different from the first password, information that is different from the first password as a verification result .
在本申请的一种优选实施例中,所述校验请求可以包括第一时间戳;所述第二服务器可以具有第二时间戳;所述有效性校验子模块可以包括以下子模块:In a preferred embodiment of the present application, the verification request may include a first timestamp; the second server may have a second timestamp; the validity verification sub-module may include the following sub-modules:
时间戳差值计算子模块,用于计算所述第一时间戳与所述第二时间戳的差值;a timestamp difference calculation submodule, configured to calculate a difference between the first timestamp and the second timestamp;
第一判断子模块,用于当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。The first determining submodule is configured to determine that the verification request passes the time check when the difference is within a preset time threshold.
在本申请的一种优选实施例中,所述有效性校验子模块可以包括以下子模块:In a preferred embodiment of the present application, the validity check submodule may include the following submodules:
第二字符串获得子模块,用于对所述第一密文进行第三加密处理,获得第二字符串;a second string obtaining submodule, configured to perform a third encryption process on the first ciphertext to obtain a second character string;
第二判断子模块,用于当所述第二字符串与所述数字签名相同时,判断 所述校验请求通过签名校验。a second determining submodule, configured to determine when the second string is the same as the digital signature The verification request is verified by signature.
在本申请的一种优选实施例中,所述第二字符串获得子模块可以包括以下子模块:In a preferred embodiment of the present application, the second string obtaining submodule may include the following submodules:
第二非对称加密子模块,用于采用指定的公钥对所述第一密文进行加密,获得第二字符串。The second asymmetric cipher module is configured to encrypt the first ciphertext by using a specified public key to obtain a second string.
在本申请的一种优选实施例中,所述第一校验模块可以包括以下子模块:In a preferred embodiment of the present application, the first verification module may include the following submodules:
第一密文加密子模块,用于对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符串;a first ciphertext encryption submodule, configured to perform decryption processing on the first ciphertext to obtain the first user identifier and the first character string;
查找子模块,用于查找与所述第一用户标识关联的第二用户标识;所述第二用户标识具有关联的第一密码;a searching submodule, configured to search for a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
第二校验子模块,用于校验所述第一字符串与所述第一密码是否相同。The second parity module is configured to check whether the first string is the same as the first password.
在本申请的一种优选实施例中,所述第一密文加密子模块可以包括以下子模块:In a preferred embodiment of the present application, the first ciphertext encryption submodule may include the following submodules:
对称解密子模块,用于采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和所述第一字符串。And a symmetric decryption sub-module, configured to decrypt the first ciphertext by using the target key, to obtain the first user identifier and the first character string.
在本申请的一种优选实施例中,所述第二校验模块可以包括以下子模块:In a preferred embodiment of the present application, the second verification module may include the following submodules:
第二密文获得子模块,用于采用第一特征密钥对所述第一字符串进行加密,获得第二密文;a second ciphertext obtaining submodule, configured to encrypt the first character string by using a first feature key to obtain a second ciphertext;
第三校验子模块,用于校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;a third parity module, configured to check whether the second ciphertext and the third ciphertext are the same; the third ciphertext is obtained by encrypting the first password by using the first feature key Cipher text
第三判断子模块,用于当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;a third determining sub-module, configured to determine that the first character string is the same as the first password when the second ciphertext is the same as the third ciphertext;
第四判断子模块,用于当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。The fourth determining sub-module is configured to determine that the first character string is different from the first password when the second ciphertext is different from the third ciphertext.
对于装置、系统实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。 For the device and the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。The various embodiments in the present specification are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same similar parts between the various embodiments can be referred to each other.
本领域内的技术人员应明白,本申请实施例的实施例可提供为方法、装置、或计算机程序产品。因此,本申请实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the embodiments of the present application can be provided as a method, apparatus, or computer program product. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
在一个典型的配置中,所述计算机设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括非持续性的电脑可读媒体(transitory media),如调制的数据信号和载波。In a typical configuration, the computer device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. The memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory. Memory is an example of a computer readable medium. Computer readable media includes both permanent and non-persistent, removable and non-removable media. Information storage can be implemented by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-persistent computer readable media, such as modulated data signals and carrier waves.
本申请实施例是参照根据本申请实施例的方法、终端设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框 图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理终端设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理终端设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。Embodiments of the present application are described with reference to flowcharts and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the present application. It will be understood that each of the flows and/or blocks, and the flowcharts and/or A combination of processes and/or blocks in the figures. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing terminal device to produce a machine such that instructions are executed by a processor of a computer or other programmable data processing terminal device Means are provided for implementing the functions specified in one or more of the flow or in one or more blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理终端设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing terminal device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The instruction device implements the functions specified in one or more blocks of the flowchart or in a flow or block of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理终端设备上,使得在计算机或其他可编程终端设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程终端设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing terminal device such that a series of operational steps are performed on the computer or other programmable terminal device to produce computer-implemented processing, such that the computer or other programmable terminal device The instructions executed above provide steps for implementing the functions specified in one or more blocks of the flowchart or in a block or blocks of the flowchart.
尽管已描述了本申请实施例的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请实施例范围的所有变更和修改。While a preferred embodiment of the embodiments of the present application has been described, those skilled in the art can make further changes and modifications to the embodiments once they are aware of the basic inventive concept. Therefore, the appended claims are intended to be interpreted as including all the modifications and the modifications
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者终端设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者终端设备中还存在另外的相同要素。 Finally, it should also be noted that in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities. There is any such actual relationship or order between operations. Furthermore, the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, or terminal device that includes a plurality of elements includes not only those elements but also Other elements that are included, or include elements inherent to such a process, method, article, or terminal device. An element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article, or terminal device that comprises the element, without further limitation.
以上对本申请所提供的一种密码的设置方法、一种密码的设置装置和一种密码的设置系统,进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。 The above describes a method for setting a password, a device for setting a password, and a system for setting a password. The principle and implementation of the present application are described in the following. The description of the above embodiments is only for helping to understand the method of the present application and its core ideas; at the same time, for those of ordinary skill in the art, according to the idea of the present application, there will be changes in specific embodiments and application scopes. In summary, the content of this specification should not be construed as limiting the application.

Claims (26)

  1. 一种密码的设置方法,其特征在于,包括:A method for setting a password, comprising:
    在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;Receiving a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
    根据所述第一用户标识和所述第一字符串生成校验请求;Generating a verification request according to the first user identifier and the first character string;
    将所述校验请求发送至一个或多个第二服务器;Sending the verification request to one or more second servers;
    接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;Receiving, by the one or more second servers, a verification result obtained according to the verification request; the verification result is that the first character string and the first user identifier are verified in the first Whether the corresponding first password in the second server is the same;
    当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。When the verification result is that the first character string is different from the first password, the first character string is set as the second password of the first user identifier in the first server.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述第一用户标识和所述第一字符串生成校验请求的步骤包括:The method according to claim 1, wherein the step of generating a verification request according to the first user identifier and the first character string comprises:
    对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;Performing a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
    对所述第一密文进行第二加密处理,获得数字签名;Performing a second encryption process on the first ciphertext to obtain a digital signature;
    将所述第一密文和所述数字签名封装进校验请求中。Encapsulating the first ciphertext and the digital signature into a verification request.
  3. 根据权利要求2所述的方法,其特征在于,所述对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文的步骤包括:The method according to claim 2, wherein the step of performing the first encryption process on the first user identifier and the first character string to obtain the first ciphertext comprises:
    采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And encrypting the first user identifier and the first character string by using a target key corresponding to the one or more second servers to obtain a first ciphertext.
  4. 根据权利要求3所述的方法,其特征在于,所述对所述第一密文进行第二加密处理,获得数字签名的步骤包括:The method according to claim 3, wherein the step of performing a second encryption process on the first ciphertext to obtain a digital signature comprises:
    采用指定的私钥对所述第一密文进行加密,获得数字签名。The first ciphertext is encrypted with a specified private key to obtain a digital signature.
  5. 根据权利要求1所述的方法,其特征在于,所述将所述校验请求发送至一个或多个第二服务器的步骤包括:The method of claim 1, wherein the step of transmitting the verification request to one or more second servers comprises:
    通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务 器。Sending the verification request to one or more second services by a specified encrypted transmission method Device.
  6. 根据权利要求1或2或3或4或5所述的方法,其特征在于,所述一个或多个第二服务器通过以下方式获得校验结果:The method according to claim 1 or 2 or 3 or 4 or 5, wherein the one or more second servers obtain the verification result by:
    对所述校验请求进行有效性校验;所述有效性校验包括时间校验和签名校验中的至少一种;Performing a validity check on the verification request; the validity check includes at least one of a time check and a signature check;
    当所述校验请求通过所述有效性校验时,校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同;When the verification request passes the validity check, verify whether the first character string is the same as the first password corresponding to the first user identifier in the second server;
    当所述第一字符串与所述第一密码相同时,将所述第一字符串与所述第一密码相同的信息设置为校验结果;When the first character string is the same as the first password, setting the same information of the first character string and the first password as a verification result;
    当所述第一字符串与所述第一密码相异时,将所述第一字符串与所述第一密码相异的信息设置为校验结果。When the first character string is different from the first password, the information that the first character string is different from the first password is set as a verification result.
  7. 根据权利要求6所述的方法,其特征在于,所述校验请求包括第一时间戳;所述第二服务器具有第二时间戳;所述对所述校验请求进行有效性校验的步骤包括:The method according to claim 6, wherein the verification request comprises a first timestamp; the second server has a second timestamp; and the step of verifying validity of the verification request include:
    计算所述第一时间戳与所述第二时间戳的差值;Calculating a difference between the first timestamp and the second timestamp;
    当所述差值在预设的时间阈值内时,判断所述校验请求通过时间校验。When the difference is within a preset time threshold, it is determined that the verification request passes the time check.
  8. 根据权利要求6所述的方法,其特征在于,所述对所述校验请求进行有效性校验的步骤包括:The method according to claim 6, wherein the step of verifying the validity of the verification request comprises:
    对所述第一密文进行第三加密处理,获得第二字符串;Performing a third encryption process on the first ciphertext to obtain a second character string;
    当所述第二字符串与所述数字签名相同时,判断所述校验请求通过签名校验。When the second character string is the same as the digital signature, it is determined that the verification request is verified by a signature.
  9. 根据权利要求8所述的方法,其特征在于,所述对所述第一密文进行第三加密处理,获得第二字符串的步骤包括:The method according to claim 8, wherein the step of performing the third encryption process on the first ciphertext to obtain the second character string comprises:
    采用指定的公钥对所述第一密文进行加密,获得第二字符串。The first ciphertext is encrypted by using a specified public key to obtain a second character string.
  10. 根据权利要求6所述的方法,其特征在于,所述校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同的步骤包括:The method according to claim 6, wherein the step of verifying whether the first character string is identical to the first password corresponding to the first user identifier in the second server comprises:
    对所述第一密文进行解密处理,获得所述第一用户标识和所述第一字符 串;Decrypting the first ciphertext to obtain the first user identifier and the first character string;
    查找与所述第一用户标识关联的第二用户标识;所述第二用户标识具有关联的第一密码;Finding a second user identifier associated with the first user identifier; the second user identifier has an associated first password;
    校验所述第一字符串与所述第一密码是否相同。Verifying whether the first string is the same as the first password.
  11. 根据权利要求10所述的方法,其特征在于,所述对所述第一密文进行第二解密处理,获得所述第一用户标识和所述第一字符串的步骤包括:The method according to claim 10, wherein the step of performing the second decryption process on the first ciphertext to obtain the first user identifier and the first character string comprises:
    采用所述目标密钥对所述第一密文进行解密,获得所述第一用户标识和所述第一字符串。Decrypting the first ciphertext by using the target key to obtain the first user identifier and the first character string.
  12. 根据权利要求10所述的方法,其特征在于,所述校验所述第一字符串与所述第一密码是否相同的步骤包括:The method according to claim 10, wherein the step of verifying whether the first character string is identical to the first password comprises:
    采用第一特征密钥对所述第一字符串进行加密,获得第二密文;Encrypting the first character string by using a first feature key to obtain a second ciphertext;
    校验所述第二密文与第三密文是否相同;所述第三密文为采用所述第一特征密钥对所述第一密码加密所获得的密文;Verifying whether the second ciphertext is the same as the third ciphertext; the third ciphertext is a ciphertext obtained by encrypting the first password by using the first feature key;
    当所述第二密文与所述第三密文相同时,判断所述第一字符串与所述第一密码相同;When the second ciphertext is the same as the third ciphertext, determining that the first character string is the same as the first password;
    当所述第二密文与所述第三密文相异时,判断所述第一字符串与所述第一密码相异。When the second ciphertext is different from the third ciphertext, it is determined that the first character string is different from the first ciphertext.
  13. 根据权利要求1或2或3或4或5或7或8或9或10或11或12所述的方法,其特征在于,所述第一字符串符合第一条件和第二条件中的至少一个条件;The method according to claim 1 or 2 or 3 or 4 or 5 or 7 or 8 or 9 or 10 or 11 or 12, wherein said first character string conforms to at least one of a first condition and a second condition a condition
    其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
    所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  14. 根据权利要求1或2或3或4或5或7或8或9或10或11或12所述的方法,其特征在于,还包括:The method of claim 1 or 2 or 3 or 4 or 5 or 7 or 8 or 9 or 10 or 11 or 12, further comprising:
    当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。When the verification result is that the first character string is the same as the first password, the prompt information for resetting the password is generated.
  15. 根据权利要求1或2或3或4或5或7或8或9或10或11或12 所述的方法,其特征在于,还包括:According to claim 1 or 2 or 3 or 4 or 5 or 7 or 8 or 9 or 10 or 11 or 12 The method is characterized in that the method further includes:
    采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;Encrypting the second password by using the second feature key to obtain a fourth ciphertext;
    将所述第四密文存储在数据库中。The fourth ciphertext is stored in a database.
  16. 一种密码的设置方法,其特征在于,包括:A method for setting a password, comprising:
    在第二服务器中接收由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;Receiving, by the first server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the first user identifier and the first in the setting request a verification request generated by a string;
    根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;Obtaining a verification result according to the verification request; the verification result is a result obtained by verifying whether the first character string and the first password corresponding to the first user identifier in the second server are the same ;
    将所述校验结果返回所述第一服务器;所述第一服务器用于在所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。Returning the verification result to the first server; the first server is configured to: when the verification result is that the first character string is different from the first password, the first string is And setting a second password that is the first user identifier in the first server.
  17. 一种密码的设置装置,其特征在于,包括:A device for setting a password, comprising:
    设置请求接收模块,用于在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;a request receiving module, configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
    校验请求生成模块,用于根据所述第一用户标识和所述第一字符串生成校验请求;a verification request generating module, configured to generate a verification request according to the first user identifier and the first character string;
    校验请求生发送模块,用于将所述校验请求发送至一个或多个第二服务器;a verification request sending module, configured to send the verification request to one or more second servers;
    校验结果接收模块,用于接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result receiving module, configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request; the verification result is to verify the first character string and the Determining, by the first user, a result obtained by whether the corresponding first password in the second server is the same;
    密码设置模块,用于当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。 a password setting module, configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier on the first server The second password in .
  18. 根据权利要求17所述的装置,其特征在于,所述设置请求接收模块包括:The device according to claim 17, wherein the setting request receiving module comprises:
    第一密文获得子模块,用于对所述第一用户标识和所述第一字符串进行第一加密处理,获得第一密文;a first ciphertext obtaining submodule, configured to perform a first encryption process on the first user identifier and the first character string to obtain a first ciphertext;
    数字签名获得子模块,用于对所述第一密文进行第二加密处理,获得数字签名;a digital signature obtaining submodule, configured to perform a second encryption process on the first ciphertext to obtain a digital signature;
    封装子模块,用于将所述第一密文和所述数字签名封装进校验请求中。And a packaging submodule, configured to encapsulate the first ciphertext and the digital signature into a verification request.
  19. 根据权利要求18所述的装置,其特征在于,所述第一密文获得子模块包括:The apparatus according to claim 18, wherein the first ciphertext obtaining submodule comprises:
    对称加密子模块,用于采用与所述一个或多个第二服务器对应的目标密钥对所述第一用户标识和所述第一字符串进行加密,获得第一密文。And a symmetric ciphering module, configured to encrypt the first user identifier and the first character string by using a target key corresponding to the one or more second servers, to obtain a first ciphertext.
  20. 根据权利要求18所述的装置,其特征在于,所述数字签名获得子模块包括:The apparatus according to claim 18, wherein the digital signature obtaining submodule comprises:
    第一非对称加密子模块,用于采用指定的私钥对所述第一密文进行加密,获得数字签名。The first asymmetric cipher module is configured to encrypt the first ciphertext by using a specified private key to obtain a digital signature.
  21. 根据权利要求17所述的装置,其特征在于,所述校验请求生发送模块包括:The apparatus according to claim 17, wherein the verification request generation module comprises:
    加密传输子模块,用于通过指定的加密传输方式将所述校验请求发送至一个或多个第二服务器。An encrypted transmission sub-module for transmitting the verification request to one or more second servers by a specified encrypted transmission mode.
  22. 根据权利要求17或18或19或20或21所述的装置,其特征在于,所述第一字符串符合第一条件和第二条件中的至少一个条件;The apparatus according to claim 17 or 18 or 19 or 20 or 21, wherein said first character string conforms to at least one of a first condition and a second condition;
    其中,所述第一条件为所述第一字符串满足预设的强度条件;The first condition is that the first character string satisfies a preset strength condition;
    所述第二条件为所述第一字符串与所述第一用户标识在所述第一服务器中在先的第二密码相异。The second condition is that the first character string is different from the first second password of the first user identifier in the first server.
  23. 根据权利要求17或18或19或20或21所述的装置,其特征在于,还包括:The device according to claim 17 or 18 or 19 or 20 or 21, further comprising:
    提示信息生成模块,当所述校验结果为所述第一字符串与所述第一密码相同时,生成重新设置密码的提示信息。The prompt information generating module generates, when the verification result is that the first character string is the same as the first password, generating prompt information for resetting the password.
  24. 根据权利要求17或18或19或20或21所述的装置,其特征在于, 还包括:Device according to claim 17 or 18 or 19 or 20 or 21, characterized in that Also includes:
    第四密文获得模块,用于采用所述第二特征密钥对所述第二密码进行加密,获得第四密文;a fourth ciphertext obtaining module, configured to encrypt the second password by using the second feature key to obtain a fourth ciphertext;
    存储模块,用于将所述第四密文存储在数据库中。a storage module, configured to store the fourth ciphertext in a database.
  25. 一种密码的设置装置,其特征在于,包括:A device for setting a password, comprising:
    校验请求接收模块,用于在第二服务器中接收由第一服务器发送的校验请求;所述校验请求为所述第一服务器在接收到密码的设置请求时,根据所述设置请求中的第一用户标识和第一字符串生成的校验请求;a verification request receiving module, configured to receive, in the second server, a verification request sent by the first server; the verification request is, when the first server receives the setting request of the password, according to the setting request a first user identifier and a verification request generated by the first string;
    校验结果获得模块,用于根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result obtaining module, configured to obtain a verification result according to the verification request; the verification result is a verification that the first character string and the first user identifier correspond to the second server The result of whether a password is the same;
    校验结果返回模块,用于将所述校验结果返回所述第一服务器;所述第一服务器用于所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的第二密码。a verification result returning module, configured to return the verification result to the first server; and when the first server is configured to use the verification result that the first character string is different from the first password, Setting the first character string as the second password of the first user identifier in the first server.
  26. 一种密码的设置系统,其特征在于,所述系统包括第一服务器和一个或多个第二服务器;A password setting system, characterized in that the system comprises a first server and one or more second servers;
    其中,所述第一服务器包括:The first server includes:
    设置请求接收模块,用于在第一服务器中接收密码的设置请求;所述设置请求包括第一用户标识和第一字符串;a request receiving module, configured to receive a setting request of a password in the first server; the setting request includes a first user identifier and a first character string;
    校验请求生成模块,用于根据所述第一用户标识和所述第一字符串生成校验请求;a verification request generating module, configured to generate a verification request according to the first user identifier and the first character string;
    校验请求生发送模块,用于将所述校验请求发送至一个或多个第二服务器;a verification request sending module, configured to send the verification request to one or more second servers;
    校验结果接收模块,用于接收所述一个或多个第二服务器返回的,根据所述校验请求获得的校验结果;a verification result receiving module, configured to receive a verification result obtained by the one or more second servers and obtained according to the verification request;
    密码设置模块,用于当所述校验结果为所述第一字符串与所述第一密码相异时,将所述第一字符串设置为所述第一用户标识在所述第一服务器中的 第二密码;a password setting module, configured to: when the verification result is that the first character string is different from the first password, set the first character string as the first user identifier on the first server middle Second password;
    所述一个或多个第二服务器包括:The one or more second servers include:
    校验请求接收模块,用于在第二服务器中接收由第一服务器发送的校验请求;a verification request receiving module, configured to receive, in the second server, a verification request sent by the first server;
    校验结果获得模块,用于根据所述校验请求获得校验结果;所述校验结果为校验所述第一字符串与所述第一用户标识在所述第二服务器中对应的第一密码是否相同所获得的结果;a verification result obtaining module, configured to obtain a verification result according to the verification request; the verification result is a verification that the first character string and the first user identifier correspond to the second server The result of whether a password is the same;
    校验结果返回模块,用于将所述校验结果返回所述第一服务器。 The verification result returns a module for returning the verification result to the first server.
PCT/CN2015/085914 2014-08-19 2015-08-03 Password setting method, apparatus and system WO2016026382A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410410250.2A CN105450413B (en) 2014-08-19 2014-08-19 A kind of setting method of password, device and system
CN201410410250.2 2014-08-19

Publications (1)

Publication Number Publication Date
WO2016026382A1 true WO2016026382A1 (en) 2016-02-25

Family

ID=55350184

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085914 WO2016026382A1 (en) 2014-08-19 2015-08-03 Password setting method, apparatus and system

Country Status (2)

Country Link
CN (1) CN105450413B (en)
WO (1) WO2016026382A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110673491A (en) * 2019-09-02 2020-01-10 北京安博智信教育科技有限公司 Office area equipment automatic management method, office area equipment automatic management device, office area equipment automatic management medium and electronic equipment
CN111382050A (en) * 2018-12-29 2020-07-07 航天信息股份有限公司 Method and device for testing network service interface

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108268761B (en) * 2016-12-31 2020-03-24 中国移动通信集团北京有限公司 Password verification method and device
CN112149069A (en) * 2019-06-27 2020-12-29 北京数安鑫云信息技术有限公司 Generation method, use method and device of authorization check character string
CN111046375A (en) * 2019-11-28 2020-04-21 福建吉诺车辆服务股份有限公司 System password auditing method and terminal
CN111339270B (en) * 2020-02-20 2023-04-25 中国农业银行股份有限公司 Password verification method and device
WO2020098842A2 (en) 2020-03-06 2020-05-22 Alipay (Hangzhou) Information Technology Co., Ltd. Methods and devices for generating and verifying passwords
CN111342964B (en) * 2020-05-15 2020-08-11 深圳竹云科技有限公司 Single sign-on method, device and system
CN112765592A (en) * 2021-01-15 2021-05-07 中国工商银行股份有限公司 Database access control method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070245149A1 (en) * 2006-04-17 2007-10-18 Ares International Corporation Method for obtaining meaningless password by inputting meaningful linguistic sentence
CN102984260A (en) * 2012-11-29 2013-03-20 胡浩 Internet account number and password information management method and system
CN103220152A (en) * 2013-04-22 2013-07-24 鸿富锦精密工业(深圳)有限公司 Server system and server login method
CN103491062A (en) * 2012-06-13 2014-01-01 北京新媒传信科技有限公司 Method and device for generating password

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100747793B1 (en) * 2005-11-28 2007-08-08 고려대학교 산학협력단 Recording medium storing program performing password converting certification, Method for password converting certification and System using by the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070245149A1 (en) * 2006-04-17 2007-10-18 Ares International Corporation Method for obtaining meaningless password by inputting meaningful linguistic sentence
CN103491062A (en) * 2012-06-13 2014-01-01 北京新媒传信科技有限公司 Method and device for generating password
CN102984260A (en) * 2012-11-29 2013-03-20 胡浩 Internet account number and password information management method and system
CN103220152A (en) * 2013-04-22 2013-07-24 鸿富锦精密工业(深圳)有限公司 Server system and server login method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111382050A (en) * 2018-12-29 2020-07-07 航天信息股份有限公司 Method and device for testing network service interface
CN111382050B (en) * 2018-12-29 2023-08-18 航天信息股份有限公司 Network service interface testing method and device
CN110673491A (en) * 2019-09-02 2020-01-10 北京安博智信教育科技有限公司 Office area equipment automatic management method, office area equipment automatic management device, office area equipment automatic management medium and electronic equipment
CN110673491B (en) * 2019-09-02 2022-07-05 北京安博智信教育科技有限公司 Office area equipment automatic management method, office area equipment automatic management device, office area equipment automatic management medium and electronic equipment

Also Published As

Publication number Publication date
CN105450413A (en) 2016-03-30
CN105450413B (en) 2019-04-19

Similar Documents

Publication Publication Date Title
WO2016026382A1 (en) Password setting method, apparatus and system
JP6528008B2 (en) Personal Device Security Using Elliptic Curve Cryptography for Secret Sharing
JP6515246B2 (en) Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys
KR101389100B1 (en) A method and apparatus to provide authentication and privacy with low complexity devices
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
US8756416B2 (en) Checking revocation status of a biometric reference template
Jangirala et al. A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards
JP2019502286A (en) Key exchange through partially trusted third parties
US9531540B2 (en) Secure token-based signature schemes using look-up tables
US20220006835A1 (en) Tls integration of post quantum cryptographic algorithms
Maitra et al. Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme
WO2022022009A1 (en) Message processing method and apparatus, device, and storage medium
TW200818838A (en) Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
KR102137122B1 (en) Security check method, device, terminal and server
JP2013509840A (en) User authentication method and system
WO2016054924A1 (en) Identity authentication method, third-party server, merchant server and user terminal
JP6740545B2 (en) Information processing device, verification device, information processing system, information processing method, and program
Nayak et al. An improved mutual authentication framework for cloud computing
US20220261798A1 (en) Computer-Implemented System and Method for Facilitating Transactions Associated with a Blockchain Using a Network Identifier for Participating Entities
KR102510868B1 (en) Method for authenticating client system, client device and authentication server
US20140237239A1 (en) Techniques for validating cryptographic applications
US8583921B1 (en) Method and system for identity authentication
Zhang A study on application of digital signature technology
ul Haq et al. An efficient authenticated key agreement scheme for consumer USB MSDs resilient to unauthorized file decryption
GB2395304A (en) A digital locking system for physical and digital items using a location based indication for unlocking

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15833132

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15833132

Country of ref document: EP

Kind code of ref document: A1