Password resetting method and system for digital currency wallet
Technical Field
The application relates to the technical field of password resetting of a digital money wallet, in particular to a password resetting method and system of the digital money wallet.
Background
The wallet is a data structure for storing digital money, multiple transaction password settings, and issuing latest quotations and information. The wallet comprises a cold wallet and a hot wallet; the cold wallet generally refers to an unconnected device for storing a private key, such as an unconnected computer, a mobile phone, a U disk and the like, and the existing cold wallet generally refers to a professional hardware wallet for storing digital currency assets, has high security level, effectively prevents hackers from stealing, and sends an electronic signature to related transactions through the connected computer or the mobile phone; the hot wallet randomly generates the address and the private key of the currency on a networked computer or mobile phone terminal, is also networked in future use, sends an electronic signature of related transaction through a network, and belongs to an online wallet.
In order to meet the requirement of managing assets by user classification, a multi-wallet design is adopted, transaction passwords of multiple wallets can have two modes, the first mode is that each wallet has one transaction password, the transaction password needs to be input in each transaction, the second mode is that all wallets have the same global transaction password and are used as identity recognition to manage the transactions of all wallets, the transaction of all wallets in one stage only needs to be input once until the verification state of the global transaction password is invalid, for example, the service life of the global transaction password is up or the power is down, and the like, content related to user identity derivation in a decentralized wallet, such as mnemonic words, salt values and passwords, are stored locally, and cannot provide recovery or reset service through a third party, the mnemonic words are in a form of plaintext, and are used for helping a user to remember a complex private key, the mnemonic words are composed of words taken from a fixed lexicon, and the generation sequence of the mnemonic words is according to a certain algorithm. The salt value is a set of secure random numbers, which are composed of letters, and is added to the password at a specific time, so that the password is more complex and safer.
Digital money wallets employing a multiple wallet management method allow a user to create multiple wallets, and currently, if the user forgets the global transaction password, it is generally reset using the following method:
(1) if the user forgets the local transaction password for one of the wallets, the user resets the local transaction password by reintroducing the mnemonics and/or salt values backed up when the wallet was created. The method has the following defects: when one wallet is transacted each time, the local transaction password of the wallet needs to be input once to verify the identity of the user, the operation is troublesome, and secondly, if the user forgets the local transaction password of one wallet, mnemonics and/or salt values need to be input once, the operation is troublesome, and the requirement on people is high.
(2) If the user forgets the global transaction password, all wallet data is typically cleared, the global transaction password is reset, and then all wallets that have been previously created are re-imported with mnemonics or private keys. The method has the following defects: after the user forgets the global transaction password, all data related to the wallets are cleared, and then the user needs to re-import all wallets one by one, which is troublesome to operate and wastes time and energy.
Disclosure of Invention
The method can authorize the user to reset the global password without clearing all the wallet data by matching one of the multiple backup mnemonics to indicate that the user owns the mnemonics and confirm the identity of the user.
In order to achieve the above object, the present application provides a password resetting method for a digital money wallet, comprising the steps of: step S1, judging whether the wallet which has been created or imported exists, if yes, executing the next step, if not, directly erasing all data related to the wallet, and then executing step S4; step S2, acquiring mnemonics of at least one existing wallet; step S3, judging whether the acquired mnemonic words are matched with the mnemonic words of the existing wallet; if the global transaction password is matched, unlocking the global transaction password, then executing the step S4, and if not, prompting that the information is wrong; in step S4, the global transaction password is reset.
As above, wherein the resetting of the global transaction password in step S4 includes: acquiring a global transaction password; encrypting the obtained global transaction password; and storing the encrypted global transaction password.
As above, wherein, when the global transaction password is reset, the maximum number of attempts to acquire the global transaction password is set.
As above, wherein, in step S1, if the wallet is a hot wallet, it is determined whether there is a wallet from the list of the existing wallets acquired locally; if the wallet is a cold wallet, it is determined whether a wallet exists based on a list of wallets already existing in the cold wallet device.
As above, step S2 includes: acquiring mnemonics of at least one existing wallet and a salt value corresponding to the mnemonics; step S3 includes: judging whether the acquired mnemonics and the salt values are matched with the existing mnemonics and salt values in the wallet or not; if yes, go to step S4, otherwise, prompt an error message.
As above, step S3 further includes: if the acquired mnemonics or salt values are not matched with the mnemonics or salt values existing in the wallet, judging whether the unlocking attempt times are 0, if so, prompting the user that the unlocking of the global transaction password fails, directly erasing all data related to the wallet, and executing a step S4, otherwise, executing a step S2, and subtracting 1 from the unlocking attempt times.
The application also provides a password resetting system of the digital money wallet, which comprises a terminal device, a wallet application and a digital money wallet, wherein the wallet application is connected with a network and installed in the terminal device, the digital money wallet is created or led into the wallet application, the terminal device judges whether the digital money wallet is created or led into the wallet application, the wallet application comprises an acquisition module, a storage module and a verification module, and the acquisition module is used for acquiring mnemonic words of the digital money wallet; the storage module is used for storing the mnemonic words acquired by the acquisition module for the first time; the verification module is used for judging whether the mnemonics acquired by the acquisition module after the first time are matched with the mnemonics stored in the storage module to verify the identity of the user, if so, unlocking the global transaction password and resetting the global transaction password, otherwise, prompting that the information is wrong.
The application also provides a password resetting system of the digital money wallet, which comprises cold wallet equipment, terminal equipment, wallet application and the digital money wallet, wherein the wallet application is installed in the terminal equipment, and the cold wallet equipment is disconnected with a network and is in communication connection with the terminal equipment through USB or Bluetooth; the digital currency wallet creates or imports into the cold wallet device; the cold wallet device is used for judging whether a created or imported digital money wallet exists in the cold wallet device, and comprises an acquisition module, a storage module and a verification module, wherein the acquisition module is used for acquiring the mnemonic words of the digital money wallet; the storage module is used for storing the mnemonic words acquired by the acquisition module for the first time; the verification module is used for judging whether the mnemonics acquired by the acquisition module after the first time are matched with the mnemonics stored in the storage module to verify the identity of the user, if so, unlocking the global transaction password and resetting the global transaction password, otherwise, prompting that the information is wrong.
The above, wherein the obtaining module is further configured to obtain a global transaction password; the storage module is further configured to store the global transaction password acquired by the acquisition module for the first time; the verification module is further configured to verify a global transaction password, determine whether the global transaction password acquired by the acquisition module after the first time matches the global transaction password stored in the storage module, if so, pass the verification, otherwise, fail the verification.
The above, wherein the acquiring module is configured to acquire the digital money wallet mnemonics and salt values; the storage module is used for storing the mnemonics and the salt values acquired by the acquisition module for the first time; and the verification module is used for judging whether the mnemonics and the salt values acquired by the acquisition module after the first time are matched with the mnemonics and the salt values stored in the storage module to verify the identity of the user, and if the mnemonics and the salt values are matched, unlocking the global transaction password and resetting the global transaction password.
The beneficial effect that this application realized is as follows:
(1) after the wallet password is forgotten, the user identity can be confirmed by acquiring at least one set of mnemonic words existing in a certain wallet, after the user identity is confirmed, data of all wallets can not be cleared, the user is authorized to reset the global transaction password, when the global transaction password is reset, because data related to wallets are not cleared, the wallet does not need to be re-created and led in, the mnemonic words and/or salt values backed up when the wallet is created do not need to be re-led in to reset the local transaction password, the process of resetting the global transaction password is simplified, and the speed of resetting the global transaction password is improved.
(2) The method includes the steps that a set of mnemonic words are stored in each wallet when the wallet is created, when a password is retrieved, the mnemonic words are matched with existing mnemonic words to conduct user identity authentication, salt values corresponding to the mnemonic words are further created in the wallet, a user needs to simultaneously obtain the mnemonic words and the salt values to be matched with the existing mnemonic words and the salt values in the wallet, if the mnemonic words and the salt values are matched, the user identity is verified, if any one of the mnemonic words is not matched, the user identity authentication is not passed, and the confidentiality level of the wallet is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a flow chart of a password resetting method for a digital money wallet of the present invention.
Fig. 2 is a schematic diagram of a digital money wallet password resetting system according to the present invention.
FIG. 3 is a diagram of another digital money wallet password resetting system according to the present invention.
Reference numerals: 1-terminal equipment, 2-wallet application, 3-cold wallet equipment, 21-acquisition module, 22-storage module and 23-verification module.
Detailed Description
The technical solutions in the embodiments of the present application are clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example one
As shown in fig. 1, the present application provides a digital money wallet password resetting method, which is suitable for a case where a global transaction password is locked after a user inputs the global transaction password not to match with an already existing global transaction password, the method including the steps of:
step S1, determining whether there is a wallet created or imported, if yes, executing step S2, if no, directly erasing all data related to the wallet, and then executing step S4.
If the wallet is a hot wallet, judging whether the wallet exists according to a list of the existing wallets acquired locally; if the wallet is a cold wallet, it is judged whether or not a wallet exists based on a list of wallets already existing acquired in the cold wallet device 3.
Step S2, acquiring mnemonics of at least one existing wallet. Each wallet stores a set of corresponding mnemonic words, a plurality of wallets correspond to a plurality of sets of mnemonic words, and a user needs to input one set of mnemonic words, two sets of mnemonic words or more sets of mnemonic words to indicate that the user has the mnemonic words and confirm the identity of the user. The mnemonic words are composed of words and are input into the wallet according to a certain sequence, the length of the mnemonic words can be 12/15/18/21/24, and the mnemonic words are parameters for generating seeds by a PBKDF2 function. PBKDF2 applies a pseudo-random function to derive the key.
Step S3, judging whether the acquired mnemonic words are matched with the mnemonic words of the existing wallet; if the global transaction password is matched, the global transaction password is unlocked, and then the step S4 is executed, and if not, the prompt message is wrong.
If the acquired mnemonics do not match with the existing mnemonics in the wallet, judging whether the unlocking attempt times are 0, if so, prompting the user that the unlocking of the global transaction password fails, directly erasing all data related to the wallet, and executing step S4, otherwise, executing step S2, and subtracting 1 from the unlocking attempt times.
In step S4, the global transaction password is reset, that is, the old forgotten global transaction password is replaced with a new global transaction password. The global transaction password is used to control the operation of all wallets, including all transactions for which wallets have been created, without the need for additional password verification.
When the global transaction password is reset, the number of the global transaction passwords is set, for example: the number of the global transaction passwords is set to be 8, and the global transaction passwords consist of 8 numbers and/or letters. In addition, when the global transaction password is reset, the maximum number of attempts to acquire the global transaction password is input by the user or set by default by the system, for example: setting the maximum number of attempts to acquire the global transaction password to be 3, trying to acquire the global transaction password for 3 times at most if the acquired global transaction password is not matched with the global transaction password of the existing wallet, locking the global transaction password if the acquired global transaction password for 3 times is not matched with the global transaction password of the existing wallet, verifying the user identity by inputting mnemonics, re-unlocking the global transaction password, and resetting the forgotten old global transaction password after unlocking the global transaction password.
Resetting the global transaction password includes:
a1, acquiring the global transaction password. Specifically, a global transaction password input by a user is obtained, and the password may be a number and/or a letter. Wherein, if it is a hot wallet, the user is required to input a global transaction password when opening the wallet application 22 within the terminal device 1; in the case of a cold wallet, the user is required to enter a global transaction password when connecting the cold wallet device 3 to the terminal device 1.
a2, encrypting the acquired global transaction password to improve the security.
a3, storing the encrypted global transaction password.
Example two
The application provides a digital currency wallet password resetting method, which is suitable for the situation that a global transaction password is locked after a user inputs the global transaction password and the existing global transaction password is not matched, and the method comprises the following steps:
as shown in fig. 1, the present application provides a digital money wallet password resetting method, comprising the steps of:
step S1, determining whether there is a wallet created or imported, if yes, executing step S2, if no, directly erasing all data related to the wallet, and then executing step S4. If the wallet is a hot wallet, judging whether the wallet exists according to a list of the existing wallets acquired locally; if the wallet is a cold wallet, it is judged whether or not a wallet exists based on a list of wallets already existing acquired in the cold wallet device 3.
Step S2, at least one mnemonic of the existing wallet and the salt value corresponding to the mnemonic are obtained. The salt value is a parameter for seed generation by the PBKDF2 function. PBKDF2 applies a pseudo-random function to derive the key. The length of the derived key is essentially unlimited.
Step S3, judging whether the acquired mnemonic words and salt values are matched with the mnemonic words and salt values of the existing wallet; and if the two passwords are matched, unlocking the global transaction password, and then executing the step S4, otherwise, prompting that the information is wrong.
If the acquired mnemonics or salt values are not matched with the mnemonics or salt values existing in the wallet, judging whether the unlocking attempt times are 0, if so, prompting the user that the unlocking of the global transaction password fails, directly erasing all data related to the wallet, and executing a step S4, otherwise, executing a step S2, and subtracting 1 from the unlocking attempt times.
Step S4, resetting the global transaction password, where resetting the global transaction password includes:
acquiring a global transaction password; encrypting the obtained global transaction password; (ii) a Storing the encrypted global transaction password; and when the global transaction password is reset, setting the maximum number of attempts to acquire the global transaction password.
EXAMPLE III
As shown in fig. 2, the present application further provides a password resetting system for a digital money wallet, which includes a terminal device 1, a wallet application 2 and a digital money wallet, wherein the wallet application 2 is connected to a network and installed in the terminal device 1, the digital money wallet is created or imported into the wallet application 2, the terminal device 1 determines whether the digital money wallet is created or imported into the wallet application 2, the wallet application 2 includes an obtaining module 21, a storage module 22 and a verification module 23, and the obtaining module 21 is configured to obtain a global transaction password; the storage module 22 is configured to store the global transaction password obtained by the obtaining module 21 for the first time, and store the global transaction password by using an encryption rule; the checking module 23 is configured to check the global transaction password, determine whether the global transaction password acquired by the acquiring module 21 after the first time matches the global transaction password stored in the storage module 22, if so, the check is passed, otherwise, the check is not passed. After the global transaction password is stored, the global transaction password input by the user is acquired through the acquisition module 21, the global transaction password is matched with the global transaction password, if the matching is successful, the user identity authentication is passed, and the user can operate the digital currency wallet.
The obtaining module 21 is further configured to obtain mnemonics and salt values;
the storage module 22 is further configured to store the mnemonics and the salt values acquired by the acquisition module 21 for the first time;
if the global transaction password is not verified, the verifying module 23 is further configured to determine whether the mnemonics and the salt values acquired by the acquiring module 21 after the first time are matched with the mnemonics and the salt values already stored in the storage module 22 to verify the user identity, if so, the user identity is verified to be passed, the global transaction password is directly unlocked, the relevant data of the digital money wallet does not need to be deleted, and when the global transaction password is reset, the step of creating or importing the relevant data of the digital money wallet is omitted, so that the operation is more convenient, and the time is saved.
Example four
As shown in fig. 3, the present application further provides a wallet system including a cold wallet device 3, a terminal device 1, a wallet application 2 and a digital money wallet, wherein the wallet application 2 is installed in the terminal device 1, the terminal device 1 is networked, the cold wallet device 3 is disconnected from the network and is in communication connection with the terminal device 1 through a USB or bluetooth, and the wallet application 2 is configured to obtain wallet data of the cold wallet device 3; digital money wallets are created or imported into the cold wallet device 3; the cold wallet device 3 is used to determine whether there is a digital money wallet already created or imported within the cold wallet device 3.
The cold wallet device 3 is an isolated network, the global transaction password is stored in the cold wallet device 3 and cannot be accessed by the network, so that the security of the transaction is improved, the cold wallet device 3 comprises an acquisition module 21, a storage module 22 and a verification module 23, and the acquisition module 21 is used for acquiring the global transaction password; the storage module 22 is configured to store the global transaction password obtained by the obtaining module 21 for the first time, and store the global transaction password by using an encryption rule; the checking module 23 is configured to check the global transaction password, determine whether the global transaction password acquired by the acquiring module 21 after the first time matches the global transaction password stored in the storage module 22, if so, the check is passed, otherwise, the check is not passed. After the global transaction password is stored, the global transaction password input by the user is acquired through the acquisition module 21, the global transaction password is matched with the global transaction password, if the matching is successful, the user identity authentication is passed, and the user can operate the digital currency wallet.
The obtaining module 21 is further configured to obtain mnemonics and salt values;
the storage module 22 is further configured to store the mnemonics and the salt values acquired by the acquisition module 21 for the first time;
if the global transaction password is not verified, the verifying module 23 is further configured to determine whether the mnemonics and the salt values acquired by the acquiring module 21 after the first time are matched with the mnemonics and the salt values already stored in the storage module 22 to verify the user identity, if so, the user identity is verified to be passed, the global transaction password is directly unlocked, the relevant data of the digital money wallet does not need to be deleted, and when the global transaction password is reset, the step of creating or importing the relevant data of the digital money wallet is omitted, so that the operation is more convenient, and the time is saved.
The beneficial effect that this application realized is as follows:
(1) after the wallet password is forgotten, the user identity can be confirmed by inputting one or more sets of mnemonics existing in a certain wallet, after the user identity is confirmed, data of all wallets can not be cleared, the user is authorized to reset the global transaction password, when the global transaction password is reset, because the data related to the wallets are not cleared, the wallet does not need to be re-created and led in, the mnemonics and/or salt values backed up when the wallet is created do not need to be led in again to reset the local transaction password, the process of resetting the global transaction password is simplified, and the speed of resetting the global transaction password is improved.
(2) The method includes the steps that a set of mnemonic words are stored in each wallet when the wallet is created, when passwords are retrieved, the mnemonic words are input to be matched with existing mnemonic words, user identity authentication is conducted, salt values corresponding to the mnemonic words are further created in the wallet, a user needs to input the mnemonic words and the salt values to be matched with the existing mnemonic words and the salt values in the wallet, if the mnemonic words and the salt values are matched, the user identity is verified, if any one of the mnemonic words is not matched, the user identity authentication is not passed, and the confidentiality level of the wallet is further improved.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples described in this specification can be combined and combined by those skilled in the art.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.