CN108696499A - Method, apparatus and computer storage media for administrator password - Google Patents

Method, apparatus and computer storage media for administrator password Download PDF

Info

Publication number
CN108696499A
CN108696499A CN201810239743.2A CN201810239743A CN108696499A CN 108696499 A CN108696499 A CN 108696499A CN 201810239743 A CN201810239743 A CN 201810239743A CN 108696499 A CN108696499 A CN 108696499A
Authority
CN
China
Prior art keywords
password
log
character
converter logic
digit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810239743.2A
Other languages
Chinese (zh)
Inventor
才华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201810239743.2A priority Critical patent/CN108696499A/en
Publication of CN108696499A publication Critical patent/CN108696499A/en
Priority to PCT/CN2019/077169 priority patent/WO2019179313A1/en
Priority to TW108108630A priority patent/TWI701930B/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to cryptographic techniques, more particularly to are used for the method for administrator password, implement the device of this method and include the computer readable storage medium for the computer program for implementing this method.It is comprised the steps of according to the method for administrator password of one aspect of the invention:It is arranged and stores the converter logic to log-in password, wherein the converter logic defines the mapping relations between the character of log-in password and the respective symbols after execution converter logic;The variation of log-in password is provided to remote server;Login password is received from input equipment;Based on the converter logic, map function is executed to login password;And the variation of login password is provided for being verified to user identity to remote server.

Description

Method, apparatus and computer storage media for administrator password
Technical field
The present invention relates to cryptographic techniques, more particularly to are used for the method for administrator password, implement the device and packet of this method Computer readable storage medium containing the computer program for implementing this method.
Background technology
Under information age, the scene that people work and live daily needs to frequently enter password progress authentication with complete At system login, authorization and confirm the tasks such as payment.In face of multiple in application, require to remember various passwords will be to user It causes greatly to bear.In addition, the considerations of for safety etc., different applications often has respectively specific password rule Then (such as the capital and small letter of the digit of password, the value of code characters and letter distinguish etc.), the diversity of this password rule into One step has aggravated the burden of user.
Industry develops more money Password Management softwares, such as KeePass and 1Password thus.These Password Managements are soft The operation principle of part is to encrypt the password storage of user in file at one, which can only be visited by a main password It asks, therefore user only needs to remember a main password.These Password Management softwares are disadvantageous in that, are added to improve The encryption intensity of ciphertext part, the requirement to the length and complexity of main password is all very high, this causes the inconvenience that user uses.This Outside, no matter which kind of Encryption Algorithm is used, encrypts on document or exist the risk hidden danger being broken.
Therefore there is an urgent need to a kind of method and apparatus of administrator password can simultaneously safety and the aspect of convenience two all Satisfactory performance is provided.
Invention content
It is an object of the present invention to provide a kind of method and apparatus for administrator password, with safe and make With it is convenient the advantages that.
It is comprised the steps of according to the method for administrator password of one aspect of the invention:
Be arranged and store the converter logic to log-in password, wherein the converter logic define the character of log-in password with Execute the mapping relations between the respective symbols after converter logic;
The variation of log-in password is provided to remote server;
Login password is received from input equipment;
Based on the converter logic, map function is executed to login password;And
The variation of login password is provided to remote server for being verified to user identity.
Preferably, in the above-mentioned methods, the converter logic includes:
If the digit of log-in password is less than the digit rule of remote server setting, cover behaviour is executed to log-in password Make so that the digit of the password after transformation meets digit rule;
If the digit of log-in password is more than the digit rule of remote server setting, position behaviour is deleted to log-in password execution Make so that the digit of the password after transformation meets digit rule;And
If log-in password has the character for the value rule for not meeting remote server setting, to not meeting value rule Character then executes replacement operation.
Preferably, in the above-mentioned methods, further comprise the following steps:
Delete login password and its variation.
Preferably, in the above-mentioned methods, the converter logic includes:
Replacement operation is executed for the character of one or more specific bits of log-in password.
Preferably, in the above-mentioned methods, the replacement operation includes at least one of following:Any character is converted to Any character is converted to random capitalization, any character is converted to random lowercase and will be any by random digit Character is converted to random mark.
Preferably, in the above-mentioned methods, the character of log-in password and execute converter logic after respective symbols between reflect Relationship is penetrated to be stored in mapping table with random sequence.Preferably, the mapping table also include obscure character with it is corresponding Transformation character between additional mappings relationship, which, which is mixed with random sequence with the mapping relations, is stored in It is described to obscure character and log-in password non-correlation in the mapping table.
Preferably, in the above-mentioned methods, log-in password is classified as one in multiple cipher code sets, the multiple cipher code set With different safe class and password rule.
Including according to the device for administrator password of another aspect of the invention:
First module, for the converter logic to log-in password to be arranged, wherein the converter logic defines log-in password The mapping relations between respective symbols after character and execution converter logic;
Second module, the variation for providing log-in password to remote server;
Third module, for receiving login password from input equipment;
4th module executes map function for being based on the converter logic to login password;And
5th module, for providing the variation of login password to remote server for testing user identity Card.
Including memory, processor according to the device for administrator password of another aspect of the invention and is being stored in On the memory and the computer program that can run on the processor is to execute method as described above.
It is also an object of the present invention to provide a kind of computer readable storage mediums, store computer program thereon, The program realizes method as described above when being executed by processor.
Compared with prior art, the present invention has many advantages, such as.For example, due to storage be converter logic and it is non-registered close Code book body, therefore the risk illegally stolen without password.Furthermore in some converter logics, code characters in a random basis by It being mapped as other character, therefore for different applications, identical password has different transformation passwords after logical conversion, To will not be impacted to safety while facilitating usersmanaging passwords again.In addition, when the mapping of each code characters When relationship is stored with random sequence, even if knowing mapping relations, transformation password still can not be copied.Finally, by that will obscure It, can be into one when additional mappings relationship between character and corresponding transformation character mixes storage with random sequence with mapping relations Step improves safety.
Description of the drawings
The above-mentioned and/or other aspects and advantage of the present invention will be become by the description of the various aspects below in conjunction with attached drawing It is more clear and is easier to understand, same or analogous unit, which is adopted, in attached drawing is indicated by the same numeral.Attached drawing includes:
Fig. 1 is a kind of configuration diagram of distributed system.
Fig. 2 is the flow chart according to the method for administrator password of one embodiment of the invention.
Fig. 3 is the flow chart according to the method for administrator password of another embodiment of the present invention.
Fig. 4 is the block diagram according to the device for administrator password of another embodiment of the present invention.
Fig. 5 is the block diagram according to the device for administrator password of another embodiment of the present invention.
Specific implementation mode
Referring to which illustrates the attached drawings of illustrative examples of the present invention to more fully illustrate the present invention.But this hair It is bright to be realized by different form, and be not construed as being only limitted to each embodiment given herein.The above-mentioned each implementation provided Example is intended to make the disclosure of this paper comprehensively complete, and protection scope of the present invention is more fully communicated to people in the art Member.
In the present specification, the term expression of such as "comprising" and " comprising " etc is wanted in addition to having in specification and right Asking has in book directly and other than the unit clearly stated and step, technical scheme of the present invention be also not excluded for having not by directly or The situation of the other units and step clearly stated.
Fig. 1 is a kind of configuration diagram of distributed system.Illustratively, distributed system 10 shown in FIG. 1 includes visitor Family end 110 and remote server or website 120.In the distributed system shown in, client 110 can be with remote server 120 realize directly communication connection, or realize and communicate to connect through network 20.
According to one aspect of the present invention, for the log-in password of user, it is right that the device for administrator password passes through The log-in password, which executes converter logic, can obtain corresponding transformation password (the also referred to as variation of log-in password), the transformation Password is stored at remote server with the authentication for user.In particular, being deposited in the device for administrator password Storage is converter logic rather than log-in password itself or transformation password, when user is through client or for the device of administrator password Input equipment input login password when, the device for administrator password generates the change of login password by executing converter logic Change form, the login password of the variation be sent to remote server and will not be permanently stored in client or For (such as being deleted after sending) in the device of administrator password.
Converter logic described here is broadly understood as log-in password to be converted to the various algorithms of other passwords, can Define the mapping relations between the character of log-in password and the respective symbols after execution converter logic.Preferably, converter logic can To include following map function:Padding operation is executed to log-in password so that the digit of the password after transformation increases;It is close to registering Code, which executes, deletes bit manipulation so that the digit of the password after transformation is reduced;And replacement operation is executed to the character in log-in password.
Preferably, above-mentioned replacement operation includes at least one of following:Any character is converted into random digit, will be appointed One character is converted to random capitalization, any character is converted to random lowercase and is converted to any character at random Symbol.
Device for administrator password described here can be independently of client and remote server and can be with The physical equipment of client and remote server communication can also be used as component units and be integrated in client (such as client Hold the form of application program).Client described here can be one kind in following equipment:Smart mobile phone, PC, pen Remember this computer, tablet computer and personal digital assistant.
Other side according to the invention, reflecting between the character of log-in password and the character after execution converter logic It penetrates relationship to store in the form of mapping table, wherein the mapping relations of each character of log-in password are stored with random sequence In mapping table.Preferably, mapping table also includes the additional mappings obscured between character and corresponding transformation character Relationship, which, which is mixed with random sequence with the mapping relations of the character of log-in password, is stored in mapping table In, described here obscures character and log-in password non-correlation.
According to the invention there are one aspects, can be based on safe class and password rule predefines multiple cipher code sets, And one be referred to each log-in password in this multiple cipher code set.
Fig. 2 is the flow chart according to the method for administrator password of one embodiment of the invention.Illustratively, here with The method that the present embodiment is described for distributed system shown in FIG. 1, and assume application scenarios be user through client 110 The process of the registration of business A is carried out to remote server or website 120.It should be noted however that the method for the present embodiment is not It is confined to the distributed system of certain architectures.
Referring to Fig. 2, in step 201, the device for administrator password obtains the address of website 120 and about registered business The password rule of A.In the present embodiment, password rule for example include but not limited to the digit of password, the value of code characters and Capital and small letter differentiation of letter etc..In addition, the device for administrator password can also further obtain the current time of the offer of website 120 With the information such as the unique ID of user.Preferably, the device for being used for administrator password includes scanning device to pass through scans web sites interface Shown Quick Response Code obtains above- mentioned information.
Step 203 is subsequently entered, (such as financial payment, electric business are purchased according to the type of business A for the device of administrator password One of object and common browsing etc.) log-in password of business A is referred in multiple cipher code sets.Specifically, if industry Be engaged in A be to the higher financial payment business of security requirement, then can be with automatic clustering to high safety cipher code set, if business A is It, then can be with automatic clustering to middle security password group, if business A is to safety to the general electric business shopping service of security requirement Property require lower website browsing business, then can be with automatic clustering to lower security cipher code set.Optionally, in this step, also may be used Voluntarily to select corresponding cipher code set as the log-in password of business A by user.
Step 205 is subsequently entered, the device for administrator password is from the defeated of its included input equipment or client 110 Enter log-in password of the equipment reception about business A.Illustratively, it is assumed that log-in password is " 1Ab_p ".
Step 207 is subsequently entered, the device for administrator password determines that log-in password is according to the password rule of business A Whether " 1Ab_p " meets length specification.If do not met, 209 are entered step, if met, enters step 211.
In branching step 209, it is assumed for example that the Password Length of length code requirement is 6, then is used for the dress of administrator password Padding operation will be carried out to log-in password " 1Ab_p " by setting, that is, in some positions (such as stem, tail portion or the centre of log-in password Some position) place character and (such as met by adding fixed character (such as " O ") in the tail portion of log-in password The parking identification number register password of length specification is " 1AB_pO ").Also, if the Password Length of length code requirement is 4, use Log-in password " 1AB_p " will be carried out to delete bit manipulation in the device of administrator password, that is, in one of log-in password character (such as character of some position of stem, tail portion or centre).Step 209, which executes, to be completed to enter step 211 later.
In step 211, the device for administrator password determines that log-in password is " 1AB_pO " according to the password rule of business A Whether value specification is met.If do not met, 213 are entered step, if met, enters step 215.Described here takes The example of value specification includes but not limited to:The first character of log-in password is necessarily letter, in log-in password there is not allowed that " _ ", A capitalization and a lowercase etc. and registration must be included at least in the character of " * " and " " etc, log-in password There is not allowed that consecutive identical character string etc. in password.
In branching step 213, the device for administrator password by step 209 to handling or without step 209 place The character for not meeting value specification in the log-in password of reason is replaced operation.
Preferably, replacement operation includes at least one of following:Any character is converted into random digit, by any word Symbol is converted to random capitalization, any character is converted to random lowercase and any character is converted to random symbol Number.Corresponding transfer function FS (x), FD (x), FX (x), FF (x) can be write with above-mentioned various types of replacement operations thus, In, function FS (x) is used to any character x being converted to random digit, and any character x is converted to random capitalization by FD (x), Any character is converted to random lowercase by FX (x), and any character is converted into random mark by FF (x).
By taking log-in password " 1AB_pO " as an example and assume example using above-mentioned value specification, then can implement following Replacement operation:First character " 1 " is replaced by letter due to being needed for non-alphabetic characters, using function FX (x) into Row conversion;4th character " _ " needs to be replaced because non-value range is belonged to, therefore is turned using function FS (x) It changes.It might as well assume that the log-in password after replacement operation is " sAB9pO ".Log-in password " 1AB_p " input by user is passed through as a result, It is transformed to " sAB9pO " after processing based on converter logic, wherein the character of log-in password and the phase after execution converter logic Answering has following mapping relations between character:" 1 "-" s ", " A "-" A ", " B "-" B ", " _ "-" 9 " and " p "-" p ".By In the character that " O " is padding operation addition, therefore without corresponding character in log-in password input by user.
In another branching step 215, the device for administrator password by step 209 to handling or without step Character is replaced operation some or all of in the log-in password of 209 processing.
Still it is assumed that it meets value specification by taking log-in password " 1AB_pO " as an example, then can apply in step 215 The following replacement operation of row:Character " 1 " is converted using function FS (x);It can profit for character " A ", " B " and " O " It is converted, character " _ " is converted using FF (x), for character " p ", using function FX with function FD (x) (x) it is converted.It might as well assume that the log-in password after replacement operation is " 7ZK^qO ".Log-in password input by user as a result, " 1AB_p " is by being transformed to " 7ZK^qO " after the processing based on converter logic, wherein the character of log-in password and executes transformation There are following mapping relations between respective symbols after logic:" 1 "-" 7 ", " A "-" Z ", " B "-" K ", " _ "-" ^ " and "p"—"q".Similarly, due to the character that " O " is padding operation addition, without correspondence in log-in password input by user Character.
217 are entered step after executing step 213 and 215, the device for administrator password enters step 217, sentences It is disconnected whether to need to obscure position by increase to improve the safety of log-in password.If you do not need to improving safety, then enter step Rapid 219, otherwise, then enter step 221.In step 217, above-mentioned judgement can be based on the type of registration business A, can also base In the selection of user.
In branching step 219, the device storage log-in password for administrator password is transformed to " sAB9pO " by " 1AB_p " Converter logic or log-in password " 1AB_p " be transformed to the converter logic of " 7ZK^qO ".In the present embodiment, converter logic also may be used To be considered as a series of set of map function steps with chronological order.Preferably, the character of log-in password with hold The mapping relations between respective symbols after row converter logic are stored in random sequence in mapping table.
Illustratively, can according to the following character input sequence different from log-in password sequential storage " 1AB_p " with Mapping relations between " 7ZK^qO ":" A "-" Z ", " B "-" K ", " p "-" q ", " _ "-" ^ " and " 1 "-" 7 ".
In another branching step 221, the device storage log-in password for administrator password is transformed to by " 1AB_p " The converter logic or log-in password " 1AB_p " of " sAB9pO " are transformed to the converter logic of " 7ZK^qO ".In particular, in addition to storage is noted The character of volume password and execute other than mapping relations between the respective symbols after converter logic, also storage obscure character with it is corresponding Transformation character between additional mappings relationship.Preferably, which, which is mixed with random sequence with mapping relations, deposits Storage is in mapping table.Illustratively, it is assumed that increase by 2 and obscure position, additional mappings relationship is as follows:" G "-" T ", "+"- "!", then for " 1AB_p " and " 7ZK^qO ", the storage of mapping relations and additional mappings relationship for example can be:" A "-" Z ", " G "-" T ", " B "-" K ", "+"-"!", " p "-" q ", " _ "-" ^ " and " 1 "-" 7 ".
223 are entered step after executing step 219 and 221, the device for administrator password will pass through logical conversion Log-in password (such as the transformation password " sAB9pO " generated in step 213 or 215 or " 7ZK^qO ") afterwards is together with user's registration User name be sent to remote server 120 and then delete for administrator password device in login password and its transformation shape Formula.Optionally, the information such as current time and the unique ID of user are also may include in the message for being sent to website 120.
It should be pointed out that in the present embodiment, step 215 is optional step.When determining registration is close in step 211 After code symbol conjunction value specification, shown method flow can directly go to step 223, and log-in password is sent to website 120.In addition, step Rapid 217 and 221 be also optional step, at this point, can be directly entered step 219 after executing step 213 or 215.
Fig. 3 is the flow chart according to the method for administrator password of another embodiment of the present invention.Illustratively, here The method that the present embodiment is described by taking distributed system shown in FIG. 1 as an example, and assume application scenarios be user through client 110 access remote server or the process of the business A on website 120.It should be noted however that the method for the present embodiment not office It is limited to the distributed system of certain architectures.
The address of website 120 is obtained for the device of administrator password in step 301 referring to Fig. 3.In the present embodiment, excellent Selection of land, the device for administrator password include that scanning device is above-mentioned to be obtained by Quick Response Code shown on scans web sites interface Information.
Step 303 is subsequently entered, the device for administrator password determines industry according to the type of station address and/or business A The cipher code set being engaged in belonging to A, so that it is determined that the storage location of the converter logic of log-in password about business A.
Step 305 is subsequently entered, the device for administrator password is from the defeated of its included input equipment or client 110 Enter login password of the equipment reception about business A.Illustratively, here it is still assumed that login password is " 1Ab_p ".
Step 307 is subsequently entered, the device for administrator password is according to the converter logic of the log-in password of business A to logging in Password " 1Ab_p " is converted.Specifically, it is assumed that log-in password " 1Ab_p " experienced step 209 and 213 conversion process, Then map function may include the following steps:
It is primarily based on length specification, login password " 1Ab_p " is transformed to " 1Ab_pO ";Then based in mapping table The mapping relations of storage, by the character " 1 ", " A ", " b ", " _ " and " p " in " 1Ab_pO " be mapped as " s ", " A ", " B ", " 9 " and " p " thus obtains the variation " sAB9pO " of login password.
Step 309 is subsequently entered, the device for administrator password is by the variation of login password (such as in step 307 The transformation password " sAB9pO " of generation) together with user name remote server 120 is sent to so that remote server is to user identity It is verified.Optionally, the information such as current time and the unique ID of user are also may include in the message for being sent to website 120.
Fig. 4 is the block diagram according to the device for administrator password of another embodiment of the present invention.
As shown in figure 4, the device 40 for administrator password of the present embodiment include the first module 410, the second module 420, Third module 430, the 4th module 440 and the 5th module 450.First module 410 is used to that the converter logic to log-in password to be arranged, Wherein, the converter logic defines the mapping relations between the character of log-in password and the respective symbols after execution converter logic; Second module is used to provide the variation of log-in password to remote server;Third module 430 is used to receive from input equipment Login password;4th module 440 is used to be based on the converter logic, and map function is executed to login password;And the 4th module 450 are used to provide the variation of login password to remote server for verifying user identity.
Fig. 5 is the block diagram according to the device for administrator password of another embodiment of the present invention.
Device 50 shown in fig. 5 includes memory 510, processor 520 and is stored on memory 510 and can handle The computer program 530 run on device 520, wherein computer program 530 on processor 520 by running can perform such as On by embodiment described in Fig. 1-3 method.
In the present embodiment, device 50 shown in fig. 5 can be the physical equipment being physically independent from or be integrated In client (such as form of client application).In the presence of as independent community's equipment, device 50 can be further Including operation keyboard, display screen, scanning device and the I/O communication components for being communicated with client 110 and remote server. Preferably, memory 510, processor 520 are safety chip to provide believable performing environment to computer program 530.
According to one aspect of the present invention, a kind of computer readable storage medium is provided, stores computer program thereon, it should The method by embodiment described in Fig. 1-3 is realized when program is executed by processor.
Embodiments and examples set forth herein is provided, to be best described by the reality according to this technology and its specific application Example is applied, and thus enables those skilled in the art to implement and using the present invention.But those skilled in the art will Know, above description and example are provided only for the purposes of illustrating and illustrating.The description proposed is not intended to cover the present invention Various aspects or limit the invention to disclosed precise forms.
In view of the above, the scope of the present disclosure is determined by following claims.

Claims (14)

1. a kind of method for administrator password, which is characterized in that the method comprises the steps of:
It is arranged and stores the converter logic to log-in password, wherein the converter logic defines character and the execution of log-in password The mapping relations between respective symbols after converter logic;
The variation of log-in password is provided to remote server;
Login password is received from input equipment;
Based on the converter logic, map function is executed to login password;And
The variation of login password is provided to remote server for being verified to user identity.
2. the method for claim 1, wherein further comprising the following steps:
Delete login password and its variation.
3. the method for claim 1, wherein the converter logic includes:
If the digit of log-in password be less than remote server setting digit rule, to log-in password execute padding operation with The digit of the password after transformation is set to meet digit rule;
If the digit of log-in password be more than remote server setting digit rule, to log-in password execution delete bit manipulation with The digit of the password after transformation is set to meet digit rule;And
If log-in password has the character for the value rule for not meeting remote server setting, to not meeting value rule Character executes replacement operation.
4. the method for claim 1, wherein the converter logic includes:
Replacement operation is executed for the character of one or more specific bits of log-in password.
5. method as described in claim 3 or 4, wherein the replacement operation includes at least one of following:By any word Symbol be converted to random digit, any character be converted to random capitalization, any character is converted to random lowercase with And any character is converted into random mark.
6. the method for claim 1, wherein the character of log-in password and execute converter logic after respective symbols between Mapping relations be stored in mapping table with random sequence.
7. method as claimed in claim 6, wherein the mapping table also includes to obscure character and corresponding transformation character Between additional mappings relationship, which, which is mixed with random sequence with the mapping relations, is stored in the mapping and closes It is in table, it is described to obscure character and log-in password non-correlation.
8. the method for claim 1, wherein log-in password is classified as one in multiple cipher code sets, the multiple Cipher code set has different safe class and password rule.
9. a kind of device for administrator password, which is characterized in that include:
First module, for the converter logic to log-in password to be arranged, wherein the converter logic defines the character of log-in password With the mapping relations between the respective symbols after execution converter logic;
Second module, the variation for providing log-in password to remote server;
Third module, for receiving login password from input equipment;
4th module executes map function for being based on the converter logic to login password;And
5th module, for providing the variation of login password to remote server for being verified to user identity.
10. device as claimed in claim 9, wherein described device is integrated in the client.
11. a kind of device for administrator password, described device includes memory, processor and is stored on the memory And the computer program that can be run on the processor, which is characterized in that execute as described in any one of claim 1-8 Method.
12. device as claimed in claim 11, wherein described device is integrated in client, and the client is following One kind in equipment:Smart mobile phone, PC, laptop, tablet computer and personal digital assistant.
13. device as claimed in claim 12, wherein the computer program executes under trusted context.
14. a kind of computer readable storage medium, stores computer program thereon, which is characterized in that the program is held by processor The method as described in any one of claim 1-8 is realized when row.
CN201810239743.2A 2018-03-22 2018-03-22 Method, apparatus and computer storage media for administrator password Pending CN108696499A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201810239743.2A CN108696499A (en) 2018-03-22 2018-03-22 Method, apparatus and computer storage media for administrator password
PCT/CN2019/077169 WO2019179313A1 (en) 2018-03-22 2019-03-06 Method and apparatus for managing passwords, and computer storage medium
TW108108630A TWI701930B (en) 2018-03-22 2019-03-14 Method, device and computer storage medium for managing password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810239743.2A CN108696499A (en) 2018-03-22 2018-03-22 Method, apparatus and computer storage media for administrator password

Publications (1)

Publication Number Publication Date
CN108696499A true CN108696499A (en) 2018-10-23

Family

ID=63844257

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810239743.2A Pending CN108696499A (en) 2018-03-22 2018-03-22 Method, apparatus and computer storage media for administrator password

Country Status (3)

Country Link
CN (1) CN108696499A (en)
TW (1) TWI701930B (en)
WO (1) WO2019179313A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784072A (en) * 2018-12-28 2019-05-21 北京思源互联科技有限公司 Security file management method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633650A (en) * 2002-02-13 2005-06-29 小川秀治 User authentication method and user authentication system
CN104348609A (en) * 2014-09-18 2015-02-11 成都西山居互动娱乐科技有限公司 Non-stored password management algorithm
CN105357210A (en) * 2015-11-23 2016-02-24 贾如银 Dynamic password
CN106559412A (en) * 2016-10-11 2017-04-05 北京元心科技有限公司 Strengthen the method and system of authentication safety

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7900252B2 (en) * 2006-08-28 2011-03-01 Lenovo (Singapore) Pte. Ltd. Method and apparatus for managing shared passwords on a multi-user computer
US8935805B2 (en) * 2007-07-11 2015-01-13 International Business Machines Corporation Method and system for enforcing password policy in a distributed directory
US8230455B2 (en) * 2007-07-11 2012-07-24 International Business Machines Corporation Method and system for enforcing password policy for an external bind operation in a distributed directory
CN103580874B (en) * 2013-11-15 2017-01-04 清华大学 Identity identifying method, system and cipher protection apparatus
CN103580873B (en) * 2013-11-15 2017-06-06 清华大学 Identity identifying method, system and cipher protection apparatus
CN105100035A (en) * 2014-05-23 2015-11-25 国网山西省电力公司电力科学研究院 Method and system for setting password
EP3195521B1 (en) * 2014-08-29 2020-03-04 Visa International Service Association Methods for secure cryptogram generation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633650A (en) * 2002-02-13 2005-06-29 小川秀治 User authentication method and user authentication system
CN104348609A (en) * 2014-09-18 2015-02-11 成都西山居互动娱乐科技有限公司 Non-stored password management algorithm
CN105357210A (en) * 2015-11-23 2016-02-24 贾如银 Dynamic password
CN106559412A (en) * 2016-10-11 2017-04-05 北京元心科技有限公司 Strengthen the method and system of authentication safety

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784072A (en) * 2018-12-28 2019-05-21 北京思源互联科技有限公司 Security file management method and system
CN109784072B (en) * 2018-12-28 2021-04-30 北京思源理想控股集团有限公司 Security file management method and system

Also Published As

Publication number Publication date
WO2019179313A1 (en) 2019-09-26
TWI701930B (en) 2020-08-11
TW201941561A (en) 2019-10-16

Similar Documents

Publication Publication Date Title
CN100562902C (en) Be used for the method and system that safety management is stored in the data on the electronic tag
CN104731612B (en) Mobile equipment safety component software is tied to SIM
CN103607416B (en) A kind of method and application system of the certification of network terminal machine identity
KR100858144B1 (en) User authentication method in internet site using mobile and device thereof
US8832795B2 (en) Using a communications network to verify a user searching data
CN106227785A (en) The display packing of a kind of page object and device
US20030146931A1 (en) Method and apparatus for inputting secret information using multiple screen pointers
CN110287724A (en) Data storage and verification method and device
CN103685255A (en) File encryption method based on two-dimension code scanning
CN105208013A (en) Cross-device high-security non-password login method
CN109076054A (en) System and method for managing the encryption key of single-sign-on application program
CN108965324A (en) A kind of anti-brush method of short message verification code, terminal, server, equipment and medium
CN110071813A (en) A kind of account permission change method system, account platform and user terminal
AU2004203412B2 (en) Moving principals across security boundaries without service interruption
Mantoro et al. Smart card authentication for Internet applications using NFC enabled phone
CN103020505A (en) Information management system and information management method based on fingerprint identification
Ozdenizci et al. A tokenization-based communication architecture for HCE-enabled NFC services
JP3966070B2 (en) Device control system and portable terminal
CN103220455A (en) Apparatus and method for hiding secret information, and secret information restoring device and method
CN108696499A (en) Method, apparatus and computer storage media for administrator password
JP2007052489A (en) User authentication method and user authentication program
JP2009129312A (en) Public relations business support system and its method
JP3521717B2 (en) Authentication system
WO2011058629A1 (en) Information management system
CN106713214A (en) Method and system for carrying out identity authentication among multiple authorization systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1258679

Country of ref document: HK

RJ01 Rejection of invention patent application after publication

Application publication date: 20181023

RJ01 Rejection of invention patent application after publication